Risk Management Report

Transcription

1 Management Report April 2015 What s new in this report: Limit / Appetite Statement Revised Register Nine new and emerging risks (see Section 3 of Register)

2 Contents Page Introduction 1 Mission and Principles 1 Management 1 a) Limit / Appetite Statement b) identification 2 3 Profile 5 Register Section 1: Major and significant risks Section 2: Other identified risks Section 3: New and emerging risks Appendix: management definitions 22

3 Introduction Each Spring the Board of Directors prepares a report on PACICC s risk management activities (this report). The annual Management Report is developed by the Audit and Committee and senior management. management is also a continuous process at PACICC, reviewed as a standing issue at meetings of the Board, the Audit and Committee, and senior management. The Advisory Committee of insurance industry Chief Officers provides independent advice on best practices, when requested. management is central to the successful management and governance of PACICC. PACICC Mission Statement and Principles The Mission of the Property and Casualty Insurance Compensation Corporation is to protect eligible policyholders from undue loss in the event that a member insurer becomes insolvent. We work to minimize the cost of insurer insolvencies and seek to maintain a high level of consumer and business confidence in Canada s P&C insurance industry through the financial protection we provide to policyholders. Principles: a) In the unlikely event that an insurer becomes insolvent, policyholders should be protected from undue financial loss through prompt payment of covered claims. b) Financial preparedness is fundamental to PACICC s successful management support of insurance company liquidations, requiring both adequate financial capacity and prudently managed compensation funds. c) Good corporate governance, well informed stakeholders and cost effective delivery of member services are foundations for success. d) Frequent and open discussions with members, regulators, liquidators and other stakeholders will strengthen PACICC s performance. e) In-depth P&C insurance industry knowledge based on applied research and analysis, is essential for effective monitoring of insolvency risk. Management management includes all actions used to control risks that could prevent PACICC from achieving its mission. PACICC s risk management framework sets out the policies and governance, key responsibilities, processes and activities necessary for effective risk management. (See the Appendix for a list of definitions generally associated with risk management and as used at PACICC.) Two elements of the risk management framework include: The risk limit / risk appetite statement establishing the amount of risk PACICC is willing accept or tolerate The process for identifying risks that will be subject to analysis, assessment and monitoring. 1

4 a) Limit / Appetite Statement (NEW) PACICC s risk limit / risk appetite is $1.54 billion. PACICC measures its risk limit / risk appetite in relation to its ability to generate revenue from member companies over a two-year period to pay for the eligible claims of an insolvent member. PACICC s annual maximum assessment capacity is 1.5 percent of the total covered premiums of member companies. Based on 2014 industry results, PACICC can generate up to $1.54 billion over a two-year period. PACICC also maintains a Compensation Fund to address liquidity issues in the days and weeks immediately following a member insurer insolvency. The Compensation Fund presently holds an additional $52 million. The annual assessment cap seeks to minimize the risk that funds required by PACICC could impose a solvency risk on healthy member insurers. It is possible, although very unlikely, that PACICC s requirement for funds may exceed its risk limit / risk appetite. PACICC is actively working to reduce the risk of an extraordinary insolvency event. PACICC is also working to establish alterative financing options. However, as the financial guarantee fund for the industry, PACICC does not have the authority to reject member insurer insolvencies. If PACICC needs to generate more than $1.54 billion through our current funding mechanisms, then the required funds would be collected over several years, and approved payment of consumer claims would be delayed until funds become available. Key reasons why PACICC s risk limit-risk appetite is set at two times the annual general assessment capacity include: This is the maximum industry assessment that could be levied on member firms without causing further solvency problems or possible contagion effects Two years is a reasonable time period to settle most eligible policyholder claims resulting from the insolvency of a member company based PACICC s experience paying the covered claims of failed members, and claims development in the industry Funds recovered from a liquidated estate are generally not available for a period of several years or longer so it is important that PACICC has the capacity to generate most of the required funds to wind-up an insolvent insurer Two years is the maximum time that PACICC should plan to commit all of its capacity to wind-up a member insurance company, because a longer time period would impair PACICC s preparedness to respond to the risk of subsequent insolvency events PACICC maintains a Compensation Fund that is available to meet initial payout requirements during the early stage of a member company insolvency. (The Compensation Fund had a market value of $52 million as of February 2015) To fulfill its Mission, it is essential for PACICC to refund unearned premiums promptly, and to settle claims within a reasonable period following a member insolvency. Protecting this ability to pay helps maintain consumer confidence in Canada s P&C insurance industry, and preserves PACICC s reputation as a reliable guarantee fund. Claims liabilities beyond PACICC s risk limit / risk appetite are extraordinary risks, and must be managed outside the normal general assessment mechanism. For example, revenues to pay for these additional claims liabilities could be generated through PACICC s proposed extraordinary funding mechanism. 2

5 b) Identification PACICC maintains a comprehensive risk profile of all the key significant risks that could prevent the organization from achieving its mission. The risk profile was prepared by PACICC s Audit and Committee and senior management. It is continuously reviewed and updated as necessary. The Board is ultimately responsible for assuring the risk profile is appropriate for the organization. PACICC has established criteria for identifying significant risks. Parameters are set for gradients of impact (severity) from low to high, and similarly for likelihood (probability). In some cases, consideration of the adverse impact on reputation is required and appropriate gradients are set. Register Considering PACICC s Mission and key functions, each aspect of an organization s operation, activities and functions is assessed as to vulnerabilities. In turn, each vulnerability is analyzed and reasonably likely causes or triggers are identified. Consequences are considered, including possible reputation impacts. Each risk is assessed as to potential impact, considering a reasonable probability of the risk occurring. If considered significant, the vulnerability is posted and tracked on the risk register with brief notes as to the basis for the risk being assessed as significant. Profile PACICC has established a threshold of acceptable risk, based on the organization s risk limit / risk appetite. Three zones are utilized, as follows: Red Yellow Green Unacceptable risks s to be monitored closely s to be managed For PACICC, the risks assessed as falling in the red and yellow zones are priority issues and these are posted on the risk profile, which is used for more extensive analysis, monitoring and reporting. Identifying risks (new and emerging) Once a risk profile is prepared, one challenge is identifying new and emerging risks. identification is a process that is used to find, recognize and describe the risks that could adversely affect PACICC s ability to achieve its mission. This includes the identification of possible triggers and potential consequences. Historical data, theoretical analysis, informed opinions, expert advice and stakeholder input are used to identify PACICC s risks. This is a dynamic process, assigned to senior management working with 3

6 the members of the Audit and Committee to coordinate and to lead the necessary review to keep the risk profile current as to the risks most likely to affect the organization. Senior management conduct an annual exercise dedicated to reviewing and updating the risk profile. This includes a brain-storming segment that is used to identify new risks and to validate existing risks. s are reviewed periodically to ensure that management and the Board of Directors have a comprehensive understanding of the risks and the various impacts on the organization. Assessment Part of identifying risks includes discussing the ranking and prioritizing of the identified risks. Senior management works with the Audit and Committee to review and solicit information as to risks, and to quantify the potential impact of a risk on the organization. Part of the review seeks to analyze co-related risks and to determine the combined impact. In addition, the federal regulator (OSFI) periodically requires the industry to prepare stress test scenarios considering co-related risks. Part of the assessment requires consideration of the potential impact of adverse publicity or reaction by stakeholders. Of particular importance are risks that could diminish PACICC s ability to maintain confidence in the financial viability of Canada s P&C insurance industry. In assessing risks, PACICC considers the probability of an event occurring. The potential impact is then assessed and used as the basis for the organization s risk management priorities and action plans. In PACICC s case, a key consideration is the likelihood of a risk causing member insurers to become insolvent. Periodically, a reality test as to the ranking and prioritizing of risks is a valuable step. While subjective, this exercise helps ensure that profiled risks are rated appropriately and are receiving adequate resources and attention. 4

7 Rating PACICC s Profile, as at April 2015 Very High Financial 1-1 Insolvency cost exceeds two times annual assessment capacity s: 1-1 Failure of one of Canada s 10 largest P&C insurers; or multiple failures from a catastrophe 1-2 Failure of a larger member insurer; or multiple, smaller insurer insolvencies High Financial 1-2 Insolvency cost exceeds annual assessment capacity Regulatory s 1-6 New laws 1-7 Benefits unilaterally enhanced 1-3 Supervisory practices below minimum IAIS standards 1-4 Rate regulation may contribute to insurer insolvency 1-5 Insurance company winding-up practices in Canada are outdated Medium Operational s 1-8 Extraordinary resource demands 1-9 Insolvency costs greater than anticipated Operational s 1-10 Lack of Liquidator expertise Regulatory s 1-3 Inadequate solvency supervision 1-4 Regulation of rates 1-5 WURA Very Medium High 1-6 Adverse changes in new insurance legislation 1-7 PACICC could be forced to increase coverage & benefits 1-8 s 1-1 or 1-2 could place extraordinary demands on PACICC s human resources 1-9 Lack of member financial information could result in higher-thanexpected wind-up costs 1-10 Much of Canada s accumulated P&C liquidation expertise has retired (or will soon) 5

8 Rating Criteria A. (Severity) Criteria Ranking Medium High Very High a) Assessment < $ 5 million $5 to $500 million $.5 to $1.5 billion >$1.5 billion b) Operations <$100 thousand $.1 to $1.0 million $1.0 to $2.0 million >2.0 million c) Reputation Isolated complaints, industry focus only Local media and regulatory involvement Social media exposure, wide media coverage, regulatory involvement Constant national media attention, government intervention B. (Probability) Criteria Ranking Very Medium High All risks Occur < 1 / 100 years Occur within 10 yrs Occur within 5 yrs Occur within 1 yr 6

9 Section 1: Major s (red) and Significant s (yellow) Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 1-1 Financial Costs exceed two times PACICC s annual assessment capacity Failure of one of Canada s 10-largest P&C insurers (or failure of their parent companies) Concurrent, multi-member insurer insolvencies, resulting from a major natural or man-made catastrophic event. PACICC monitors the financial condition of the industry and individual insurers within the industry PACICC has prepared an extensive analysis as to the critical point for the industry s capacity to react to catastrophes (Natural Disasters and Catastrophes ) Very High Very An extensive major financial crisis leading to multiple insolvencies. Factors could include; stronger economic growth and employment could fuel higher inflation, adverse reaction to volatility of the market, Bank of Canada may increase interest rates. PACICC has initiated a review aimed at setting up an Extraordinary Funding Mechanism PACICC has established a Compensation Fund of approximately $52 million under PACICC control to meet immediate requirements. OSFI and other regulators monitor insurer exposure to Earthquake (Guideline B-9) IBC has a committee reviewing impact of the costs of extreme earthquakes PACICC is working with RMS Canada to develop more accurate estimates of the potential for a large earthquake to trigger insurer insolvencies Canadian Institute of Actuaries requires inflation risk to be taken into account as part of DCAT modelling OSFI s annual stress testing exercises recently examined higher inflation (in 2010) 7

10 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 1-2 Financial Annual payout exceeds industry annual assessment capacity Insolvency of a larger Member insurer could result in an assessment greater than the Annual Assessment Threshold in the first year of an insolvency. Assessments for concurrent, multiple insolvencies of smaller member insurers could also exceed the industry Annual Assessment Threshold Failure of a smaller or provincial insurer (concentration in a small market, e.g. province) which limits the assessment base) An unexpected event adversely affects the profitability of a number of Member companies e.g. a natural catastrophe, terrorism or adverse economic trends, with adverse impact on Member ability to meet increased expense for annual assessment PACICC monitors the financial condition of the industry and individual insurers within the industry PACICC has established a Compensation Fund of approximately $52 million under PACICC control to meet immediate requirements. PACICC has initiated a review aimed at setting up an Extraordinary Funding Mechanism PACICC has prepared an extensive analysis as to the critical point for the industry s capacity to react to catastrophes (Natural Disasters and Catastrophes ) Policyholders in B.C. and Alberta will soon be required to have coverage for fire following an earthquake High Very Insurers have not adequately controlled their underwriting exposure in the earthquake zones Insurers have not arranged sufficient reinsurance protection PACICC is aware of efforts by IBC to update estimates of insured and economic losses that could result from a major urban earthquake in Canada PACICC is currently working with RMS Canada to develop more accurate estimates of the potential for a large earthquake to trigger member insurer insolvencies 1-3 Regulatory Inadequate solvency supervision Some insurance legislation and/or regulations at the provincial level in Canada do not contain adequate standards for insurance solvency supervision. In particular, practices do not meet the minimum standards published by the International Association of Insurance Supervisors PACICC advocates that insurance solvency supervision be done by regulators that meet international standards. Presently, some provincial supervision falls below IAIS standards Dr. rma Neilson (U. of Calgary) has documented which provinces do not meet High 8

11 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) (IAIS) international standards for solvency supervision Ontario announced its intention to withdraw from insurance solvency supervision CCIR established a solvency supervisory working group PACICC has developed an insolvency protocol; updated its Model Winding-Up Order; developed case-study materials that have been distributed to all insurance superintendents; and has conducted seminars with regulators in B.C., Alberta, Ontario and Newfoundland 1-4 Regulatory Regulation of insurance rates may contribute to insurer insolvency Political pressure exerted on the rate filing/approval process (e.g. Ontario to reduce rates) Incorrect assumptions regarding what constitutes an adequate rate of return for an insurance company Scrutiny of insurance company financial health by rating agencies, supplemented by PACICC s own financial analysis Growing use of risk-based supervision by regulators High Insurance companies are not permitted to challenge the decisions of rate regulators if insurers disagree with those decisions Relatively weak regulation of actuarial practices for pricing and loss reserving in some provinces PACICC research on the relationship between solvency and rate regulation PACICC encourages senior staff at OSFI to communicate concerns regarding the regulation of rates (for example, automobile insurance rate reduction) to provincial supervisors when they deem it appropriate Discussions by politicians to regulate property rates PACICC is seeking to strengthen provincial regulation of actuarial practices. PACICC is also seeking more information about the role of consulting actuaries in the regulation of insurance rates 9

12 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 1-5 Regulatory Insurance company winding-up and restructuring legislation and practices are outdated in Canada Canada's Winding-up and Restructuring Act (WURA) has not undergone a comprehensive review in nearly 100 years Few updates and changes have been made to the WURA PACICC made a detailed submission to Finance Canada in vember 2010 proposing specific changes to modernize the WURA. The submission was made as part of the scheduled five-year review of Federal financial-sector legislation High Insolvency management and corporate restructuring practices have evolved internationally at a much faster pace than has Canada's legislative framework PACICC has also initiated stakeholder discussions about the difficulties expected with a complex, conglomerate failure Progress toward mitigating this risk has been slow. We expect some international pressures coming from the Financial Stability Board and from the IAIS ultimately to assist in modernizing Canada s resolution regime for failed P&C insurance companies. But the timing remains difficult to predict. In the meantime, PACICC faces some reputation risk among its members when existing (or new) insolvencies take many years to be resolved 1-6 Regulatory Adverse changes in new insurance legislation Government could enact legislation affecting aspects of PACICC s operations (e.g. membership eligibility, industry funding, reporting procedures, Board composition, regulatory oversight, etc.) Review of PACICC coverage and benefits (scheduled as 2016 priority) PACICC maintains regular dialogue with industry regulators to ensure that possible risks and exposures are understood High PACICC could be compelled to add members in a line or lines of business inconsistent with its current mandate The risk is higher for legislation proposed or enacted by provincial governments Active monitoring of industry developments and financial performance Regular communication with stakeholders helps ensure that PACICC's mandate is clearly understood 10

13 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 1-7 Regulatory Benefits unilaterally enhanced; insolvency costs are deemed unrecoverable Broader interpretation of insurance policy wording by courts and regulators Insurance supervisors could, for example, coerce the industry into funding higher levels of premium refunds than PACICC currently provides If PACICC was forced to cover certain specialty lines, the assessment base could be insufficient to fund the costs of failure (for example, this could be triggered by a change in a provincial statute) Maintain a good understanding of financial guarantee fund best practices in other countries Educate stakeholders on best practices Continue to advocate that moral hazard risk be minimized and that protection apply to personal lines and business policyholders, excluding large corporations High 1-8 Operational Extraordinary demands on PACICC s human resources due to the failure of a larger member company, or to multiple company failures Large or multiple insurer failures would likely result in a high volume of requests for claims settlement authority and/or resolution of related issues PACICC has developed a contingency plan to address this risk. The plan was approved by the Board in vember 2010 Regular dialogue takes place with regulators to discuss troubled companies PACICC staff conduct periodic solvency tests on member insurers Medium 1-9 Operational Insolvency costs greater than anticipated Insolvency of a Member company for which PACICC has no or limited financial data and is ill-equipped to assess insolvency costs in advance Our research shows that deficient loss reserves and/or inadequate pricing are key causes of insurer failure (deficient reserves are hard to detect in advance) We advocate that insurance supervisors make insurance company financial data publicly available (consistent with PACICC position paper). Some success was achieved with Alberta s decision in 2009 to make insurance company data public. (Discussions with other provinces continue) Through a combination of publicly available data and voluntary disclosure, PACICC now has financial data for all but 6 percent (or 12) of its member companies Medium 11

14 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) We encourage provincial insurance supervisors to adopt the IAIS standards of solvency supervision Maintain dialogue with regulators and member insurers to gain better understanding of marketplace (for example, through anecdotal evidence) 1-10 Operational Loss of accumulated liquidation expertise Ageing/pending retirement of the most experienced licensed trustees in bankruptcy who have hands-on experience liquidating P&C insurance companies This reduces the ability of firms to assemble, on short notice, a full team of qualified professionals A sustained period of good financial health in the P&C insurance industry, diminishing opportunities to train successors PACICC s concerns have been communicated to insurance supervisors and to the leading firms that provide insurance company liquidation services PACICC s ability to mitigate this risk is limited. Although the estimated financial impact in a single calendar year may be modest, we consider the likelihood of occurrence to be medium (meaning the risk could occur within five years especially in the event of a member insolvency) Medium Medium Post to Profile major risk Post to Profile significant risk Maintained on Register New risk 12

15 Section 2: Other Identified s (not considered major or significant) Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 2-1 Operational Failure of member to pay assessment obligations Poor internal administration processes by Members can lead to non- or late payment Members may experience cash flow problems Some Members may not understand their payment obligations Member assessments are mandatory once approved by the Board of Directors, and are due within 30 days of receipt PACICC can charge interest on overdue assessments (we have done so, but rarely) Very Deliberate non-payment due to disagreement or dissatisfaction To maintain licensing, member companies are required under provincial legislation to meet the requirements of PACICC PACICC notifies the responsible regulator of any assessments that are substantially overdue (by more than three months) The existing rules (as specified in the Memorandum of Operation) are working reasonably well, so no special or additional risk management actions are needed at this time 2-2 Financial Liquidity crisis adversely affects Canada s P&C insurance industry s related to new and largely unregulated financial products are poorly developed and can increase to the point where large unexpected or unintended losses are incurred Capital held by insurers in the form of invested assets declines in value Monitoring the financial health of PACICC member companies (where we have adequate data) Monitoring efforts by policymakers and solvency regulators to address the underlying causes of a credit crisis 13 Advising member company CEOs to proactively manage

16 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) Liquidity crisis reduces available credit, dampens economic activity and increases the risk of recession credit/liquidity/market risks and communicate concerns to solvency supervisors 2-3 Operational to PACICC s investment portfolio of higher rates of inflation Downturn in financial markets Poor investment choices Ratings downgrade(s) of held investments PACICC regularly (annually) reviews its investment policy PACICC uses a professional investment manager 2-4 Operational Significant property or liability loss in excess of insurance coverage Fire or explosion in our building/ work location Break-in involving theft or vandalism on premises Loss of laptops For alleged improper actions by PACICC s Directors or Officers, liability claims could be made for breach of duty or conflict of interest. PACICC insurance coverage includes D&O Annual review of insurance policies and limits PACICC s By-laws provide that member funding can be called upon in the unlikely event that financial liability exceeded the Corporation s D&O insurance policy limit (Section XVII, paragraph 52. (2)) 2-5 Operational Operating requirements exceed budget An unanticipated large capital or operating expenditure, such as IT or premises costs Structural accounting or funding changes in budget requirements can result in short-term adjustments (for example, the Board s decision to pay investment management fees from the annual operating budget rather than from the Compensation Fund) Operating Fund surplus (approx. $1.5 million) can, with Board approval, fund a short-term budget deficit without asking members to pay more 14

17 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 2-6 Regulatory Greater use of unlicensed reinsurance in Canada PACICC s experience with insurance liquidations shows that unlicensed reinsurance is difficult to collect for an insolvent insurer. Two factors contribute to this risk: unlicensed reinsurers operate outside of Canada and are not subject to Canadian insurance regulation; and Monitoring market trends to track changes in the share of unlicensed reinsurance Maintaining a dialogue with OSFI regarding changes in the share of unlicensed reinsurance and the potential risks this could pose it is less likely that an unlicensed reinsurance contract would contain an insolvency clause OSFI Guideline B-3 has changed the rules respecting limits on unlicensed reinsurance in Canada, removing the 25 percent limit, potentially allowing insurers to utilize more unlicensed reinsurance provided they can justify a higher share in the Reinsurance Management Plans (RRMP s) they submit to OSFI Thus far, there appears to be no significant increase in the use of unlicensed reinsurance by P&C insurance companies in Canada 2-7 Regulatory Government decision to tax PACICC s investment income (Currently exempt from income tax as non-profit) Existing policies could be reinterpreted by the Canada Revenue Agency to question the taxfree status of PACICC s Compensation Fund CRA is conducting audits of non-profit corporations to ensure that those so designated are not engaging in activities intended to earn a profit Maintain a good understanding of the tax treatment of guarantee funds in other countries, and work with guarantee fund counterparts in Canada, should PACICC need to counter a taxrelated threat 15

18 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 2-8 Regulatory Requirement for all Board members to be public directors Potential for frustration if insurance regulators seek to exert greater control or influence over PACICC (for example, to expand our mandate to address restructuring and wind-up) Continuing discussions with interested parties stresses the importance of effective governance consistent with PACICC s mandate Governance at other financial guarantee funds (for example, Assuris) could encourage regulators to seek changes at PACICC P&C insurance guarantee funds in other countries are governed by a majority of industry directors because this is the best model for our mandate to address the wind-up of failed Member companies PACICC strives to demonstrate that its governance is effective and that its Board functions well. These messages are conveyed through regular corporate reporting to members and other stakeholders, as well as meetings with insurance supervisors Insurance supervisors receive copies of all PACICC Board submissions and are invited to participate in Board meetings PACICC has a written Board mandate covering a Code of Ethics and Business Practices 2-9 Operational Loss of key personnel Senior staff could leave PACICC to accept other employment, for health reasons, etc. Staff could be borrowed short-term from IBC, Assuris, CDIC, and/or member companies Lack of adequate succession planning by PACICC Documented procedures Losing depth is potentially a bigger exposure than losing a CEO A management succession plan is in place, overseen by PACICC s Governance and Human Resources Committee 2-10 Operational Significant IT failure Equipment failure Computer viruses Attack by computer hacker PACICC uses an externally-hosted, secure, internet-based server that provides full back up and recovery for all corporate records. All staff are equipped so they can continue their work offsite when required 16

19 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 2-11 Operational Major external event could interrupt business Issues affecting the availability of staff would have an immediate/direct impact on PACICC service delivery to stakeholders (policyholders, Members, regulators, media, etc.) Possible events include: flu pandemic, terrorist attack, large-scale natural disaster, power black-out, fire and severe weather (ice storm, flood) Human resources policies and procedures in place are efficient, fair and appropriate New website enhances PACICC s ability to communicate information to stakeholders via the Internet Disaster recovery plan is documented Medium Ability to work off-site is supported by IT services arrangement; insurance would cover PACICC for most losses; and we have a fire-proof safe for protecting original documents Citrix software limits data being stored on laptops 2-12 Operational Key operations at PACICC could fall below best practice PACICC could fail to gather and analyze information regarding practices utilized by P&C (and other) financial guarantee funds Funding constraints could create difficulty in maintaining operational effectiveness could become more difficult to obtain PACICC is undertaking research to gather up-to-date information on key operational practices utilized by P&C insurance guarantee funds in other developed countries Where possible, management should seek to identify emerging operational pressures or risks as information for PACICC s Board of Directors Recent research released by the OECD suggests that increasing co-insurance could be an effective practice for guarantee funds to follow. (Yet if PACICC was to adopt this practice for covered claims payments, it would be difficult to avoid reputation damage) 17

20 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 2-13 Operational Unauthorized access, ineffective governance Fraud Security breach Loss of data Under Review OSFI has indicated concern and has surveyed the industry (Preliminary) (Preliminary) 2-14 Financial Rating, underwriting, claims Unexpected coverage Losses greater than expected Under Review Medium (Preliminary) (Preliminary) Inadequate coverage Wildfires 2-15 Financial Failure of a financial conglomerate could lead to unintended consequences for insurance consumers International failure, with Canadian operation, branch or subsidiary Domestic conglomerate with Life and or Banking affiliates CDIC (for example) has more extensive powers and administrative options than PACICC (the ability to create a bridge bank in the event of a failure) Under Review Medium (Preliminary) (Preliminary) 2-16 Operational Key Suppliers Unanticipated failure could impair PACICC operations in the short-term while alternate arrangements are made (new supplier contracted or new equipment sourced) PACICC retains established, reputable suppliers with proven experience Service level agreements are in place (for example, IT) Key service areas include: IT supplier, Financial accounting, Investment management, Banking and Legal While the loss of service being provided by a supplier could be disruptive in the short term, management believes that PACICC s current outsourced service arrangements could be replaced quickly (in most cases within one month) 18

21 Section 3: New and Emerging s (te: highlighted risks are those considered most relevant to PACICC) Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 3-1 Financial of correlation to covered policies Nuclear risks are covered by Nuclear Pool, which includes PACICC members Destruction of a nuclear facility in Canada Member participates in a series of nuclear losses Under Review (added to Register ) 3-2 Financial Extreme weather and climate change Catastrophic insurance damage claims from wildfire, flood, tornadoes, etc. Under Review (added to Register ) 3-3 Operational Critical infrastructure failure Roads inaccessible to handle claims Staff unavailable to handle claims Under Review (added to Register ) Prolonged power outage Communications system breakdown 3-4 Financial PACICC coverage limits may prove inadequate Price of homes increasing Under Review (added to Register ) 19

22 Inherent and Triggers for adverse Controls/ Mitigation Rating (Net ) 3-5 Financial New insurance product(s) not covered by PACICC Driverless cars Drones (for commercial use) Cyber crime coverage Under Review (added to Register ) Flood insurance 3-6 (1-1) Financial Insolvency caused by financial market instability Oil price shock Deflation Under Review (added to Register ) te: new Triggers for (2-9) (2-11) Operational Pandemic te: new Triggers for s 2-9 and 2-11 Pandemic Under Review (added to Register ) 3-8 (1-4) Regulatory Property rates could be subject to regulatory approval Property rates regulated Under Review (added to Register ) te: new Trigger for Regulatory Increased requirements for consumer education and awareness Consumers not aware of coverage Financial Literacy initiatives Increasing international regulatory initiatives Under Review (added to Register ) 20

23 Appendix: PACICC Management Definitions te: The following definitions have been based on the ISO Plain English Management Dictionary, with minor edits as appropriate for PACICC s risk management environment. is the effect of uncertainty on objectives and an effect is a positive or negative deviation from what is expected. Organizations strive to reduce uncertainty as much as possible. Uncertainty is a state or condition that involves a deficiency of information and leads to inadequate or incomplete knowledge or understanding. In the context of risk management, uncertainty exists whenever the knowledge or understanding of an event, consequence, or likelihood is inadequate or incomplete. management (Enterprise Management ERM) management refers to a coordinated set of activities and methods that is used to direct an organization and to control the many risks that can affect its ability to achieve objectives. The term risk management also refers to the architecture that is used to manage risk. This architecture includes risk management principles, the risk management framework and risk management processes. management framework ( Management Statement) A risk management framework is a set of components that support and sustain risk management throughout an organization. There are two types of components: foundations and organizational arrangements. Foundations include the risk management policy, goals and objectives, mandate, and commitment (Mission and Principles). Organizational arrangements include the plans, relationships, accountabilities, resources, processes and activities used to manage the organization s risks. management policy A risk management policy documents an organization s commitment to risk management and clarifies its general direction and intention. Components include procedures, practices, controls, responsibilities and activities (including their sequence and timing). management process A risk management process is one that systematically applies management policies, procedures, controls and practices to a set of activities intended to establish the context of risks, communicate with stakeholders and identify, analyze, evaluate, treat, monitor and review risks. To establish the context means to define the external and internal parameters that organizations must consider when they manage risk. External context includes external stakeholders, local, national, and international environment, as well as any external factors 21

24 that influence its objectives. Key drivers and trends include stakeholder values, perceptions and relationships, as well as social, cultural, political, legal, regulatory, financial, technological, economic, natural, and the competitive environment factors. Internal context includes its internal stakeholders, the approach to governance, contractual relationships, capabilities, culture and standards. Governance includes the organization s structure, policies, objectives, roles, accountabilities and decision making process. Capabilities include knowledge and resources; human, technological and capital. assessment assessment is a process that is in turn made up of three processes: risk identification, risk analysis and risk evaluation. identification is a process that is used to find, recognize and describe the risks that could affect the achievement of objectives. It also includes the identification of possible causes and potential consequences. Historical data, theoretical analysis, informed opinions, expert advice and/or stakeholder input could be used to identify an organization s risks. analysis is a process that is used to understand the nature, sources and causes of the risks that are identified and used to estimate the level of risk. Analysis is also used to study impacts and consequences and to examine the controls that currently exist. evaluation is a process that is used to compare risk analysis results with risk appetite in order to determine whether or not a specified level of risk is acceptable or tolerable. Register (PACICC-defined) PACICC has compiled a Register of more likely risks applicable to PACICC not meeting its goals and objectives, with a cursory assessment of each. More significant risks are then selected for in-depth review and, if deemed appropriate, escalated to PACICC s Profile. Profile (PACICC-defined) The PACICC Profile is a graphic presentation and written description of the major risks which could significantly and adversely impact PACICC s ability to meet its goals and objectives. The description includes a comprehensive risk assessment (see definition), ranking of the severity and likelihood (probability) of the risk, a description of consequences, and a description of the treatment (action plan) showing owners and timelines. The Profile includes any risks that the organization must monitor and manage, regardless of type of risk, for example, financial, operational, or reputational. A consequence is the outcome of an event and has an effect on objectives. A single event can generate a range of consequences which can have both positive and negative effects on goals and objectives. Initial consequences can also escalate through ripple effects. 22

25 (probability) is the chance that something might happen. can be defined, determined, or measured objectively or subjectively and can be expressed either qualitatively or quantitatively. The severity of a risk is its magnitude. It is estimated by considering and combining consequences and likelihoods. The severity of risk can be assigned to a single risk or to a combination of risks. Severity is described as Level of risk per ISO treatment is a risk modification process. It involves selecting and implementing one or more treatment options, e.g. avoiding the risk, reducing the risk, removing the source of the risk, modifying the consequences, changing the probabilities, sharing the risk with others, or simply retaining the risk. appetite (PACICC defined, with adaption / modification of ISO definitions of Attitude and Criteria) appetite is a point of reference used to assess and evaluate the significance or importance of an organization s risks. It is used to determine whether a specified level of risk is acceptable or tolerable. An organization s risk appetite also defines its general approach to risk, for example, whether risks should be retained, shared, reduced or avoided, and whether or not risk treatments are implemented or postponed. Residual risk Residual risk is the risk left over by determining the inherent risk of an activity, then reducing the risk based on the organization s governance and control processes, and specific risk-mitigation measures. The key objective in monitoring risks on the Profile is to ensure implementation treatments (action plans) serve to reduce residual risk. Mitigation strategies include removing the source of the risk, modifying the consequences, changing the probabilities, transferring the risk or retaining the risk. 23