The Components of a Sound Emerging Risk Management Framework

Similar documents
Overview of ERM Assessment Viewpoints (June 2016) Overview

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Solvency Assessment and Management: Stress Testing Task Group Discussion Document 96 (v 3) General Stress Testing Guidance for Insurance Companies

ERM Implementation and the Own Risk and Solvency Assessment (ORSA)

American Academy of Actuaries Webinar: The Practice of ERM in the Insurance Industry. Enterprise Risk Management Committee November 19, 2013

Risk Appetite for Life Offices IFoA working party

2012 Conference: Connecting Theory With Practice" 22 nd Annual CAA Conference Sheraton, Nassau, Bahamas November 14-16, 2012

AIA Group Limited. Terms of Reference for the Board Risk Committee

2014 Own Risk and Solvency Assessment (ORSA) Feedback Pilot Project Observations of the Group Solvency Issues (E) Working Group

Risk Management Policy and Framework

The Changing face of ERM: The Insurance Company s Perspective

ERM and Reserve Risk

Communicating the Value Enterprise Risk Management

IAIS: Enterprise Risk Management for Capital Adequacy & Solvency Purposes. George Brady. IAIS Deputy Secretary General

Preparing for an Own Risk & Solvency Assessment

Enterprise Risk Management How much risk do you want to take? Mark Lim Risk Consulting and Software Towers Watson

The ORSA opportunity:

Enterprise Risk Management

Enterprise Risk Management

D7 Risk Management Policy

INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS GUIDELINE. Nepal Rastra Bank Bank Supervision Department. August 2012 (updated July 2013)

Delivering Clarity to Credit Unions Through Expertise and Experience

Defining the Internal Model for Risk & Capital Management under the Solvency II Directive

Risk Management at ANZ

Own Risk Solvency Assessment (ORSA) Linking Risk Management, Capital Management and Strategic Planning

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Article from: Risks & Rewards. August 2014 Issue 64

APPENDIX 1. Transport for the North. Risk Management Strategy

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

The Role of Finance and Accounting as Critical Players in ERM and ORSA

Does the ORSA add value? Challenges and initial achievements. Lukas Ziewer Risk Management Perspectives, 18/11/2014

GUIDELINE ON ENTERPRISE RISK MANAGEMENT

Energize Your Enterprise Risk Management

Critical Reflection of Two State-of-the-Art Risk Management Frameworks (SRM004)

RISK MANAGEMENT POLICY October 2015

Introduction. The Assessment consists of: Evaluation questions that assess best practices. A rating system to rank your board s current practices.

Re: Comments on ORSA Guidance in the Financial Analysis and Financial Condition Examiners Handbooks

CAPITAL MANAGEMENT GUIDELINE

Guideline. Own Risk and Solvency Assessment. Category: Sound Business and Financial Practices. No: E-19 Date: November 2015

Emerging Trends in Quantitative ERM

A (personal) view. Philip Whittingham, European Chief Enterprise Risk Officer. 22 March 2010

Applying COSO s Enterprise Risk Management Integrated Framework

ERM, the New Regulatory Requirements and Quantitative Analyses

RESERVE BANK OF MALAWI

Journey of a Compliance Officer in ERM Implementation. SCCE Regional Conference September 8, Introduction

Sections of the ORSA Report

Basel II Pillar 3- Qualitative Disclosure

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Introduction. The Assessment consists of: A checklist of best, good and leading practices A rating system to rank your company s current practices.

Enterprise Risk Management (ERM) Module 3.0 (CERA/FSA)

Academy Presentation to NAIC ORSA Implementation (E) Subgroup

Risk Management Policy

Exploring the New Era of ORSA Enterprise Risk Management (ERM)/ Own Risk and Solvency Assessment (ORSA) Committee

ERM and ORSA Assuring a Necessary Level of Risk Control

ENTERPRISE RISK MANAGEMENT Framework

Optimizing and balancing corporate agility for insurers

AIA Group Limited. Terms of Reference for the Board Risk Committee

Pillar 3 Disclosure ICAP Europe Limited

Capturing Risk Appetite Through ERM - Implementation Challenges

ERM Benchmark Survey Report A report on PACICC's third ERM benchmarking survey

Preparing for the New ERM and Solvency Regulatory Requirements

ERM Benchmark Survey Report

Enterprise Risk Management Integrated Framework

Enterprise Risk Management Symposium. Embedding ERM in the DNA of an insurer

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

Solvency II Insights for North American Insurers. CAS Centennial Meeting Damon Paisley Bill VonSeggern November 10, 2014

Solvency & Financial Condition Report. Surestone Insurance dac March

Chapter 7: Risk. Incorporating risk management. What is risk and risk management?

Terms of Reference Risk Committee. Prepared by: Company Secretary Version Date: 16/03/2017

ERM and the new world of insurance regulation. Where insurers should focus now to find business value

RSMR Portfolio Services Limited RSMR-PS Pillar 3 Disclosure

Guidance paper on the use of internal models for risk and capital management purposes by insurers

The Country Risk Manager as Chief Risk Officer for the Government. Swiss Re, 3 June 2014

INTEGRATED RISK MANAGEMENT GUIDELINE

RISK MANAGEMENT STANDARDS FOR P5M

Public Disclosure Authorized. Public Disclosure Authorized. Public Disclosure Authorized. cover_test.indd 1-2 4/24/09 11:55:22

Global Enterprise Risk Management in Insurance

RISK MANAGEMENT POLICY

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Risk Management Policy

Overview of Results of ERM 1 Assessment based on ORSA 2 Reports and ERM Hearings

Nagement. Revenue Scotland. Risk Management Framework

ERM in the U.S. life and annuity industry

Fathom Wealth Management Advisors Ltd Risk Management Disclosures Year Ended 31 December 2017

Kidsafe NSW Risk Management Plan. August 2014

Risk Management. Credit Risk Management

MAS consults on Enterprise Risk Management ( ERM )

BERMUDA INSURANCE (GROUP SUPERVISION) RULES 2011 BR 76 / 2011

Draft Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: November 2017

ORSA An International Development

Risk Review Committee

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

DRAFT SAINT LUCIA NATIONAL STANDARD DNS/ISO 31000: 2009 RISK MANAGEMENT PRINCIPLES AND GUIDELINES (ISO 31000: 2009, IDT) Stage 40 Enquiry Stage

Credit risk management. Why it matters and how insurers can enhance their capabilities

Transcription:

North American CRO Council The Components of a Sound Emerging Risk Management Framework December 6, 2012 2012 North American CRO Council Incorporated chairperson@crocouncil.org North American CRO Council - Emerging Risk Sub-Committee: Aaron Ammar, XL Group Bev Barney, Prudential Financial, Inc. Glenn Campellone, The Hartford Financial Services Group Shari Breiten, Principal Financial Group Chris Trost, Northwestern Mutual Owen Stein, Towers Watson Joe Mattey, USAA

Overview: The CRO Council was formed to promote sound practices in risk management and the advancement of risk-based solvency and liquidity assessment throughout the insurance industry. To advance these causes, Council members have formed working groups on External Affairs and on Sound Practices, including a subgroup on practices related to Emerging Risks. Content generated by Sound Practices initiatives is made available to the groups working on External Affairs for potential use in the Council s dialogue with regulators who share the Council s interest in promoting sound risk management practices. This paper is the result of the work of the subgroup on practices related to Emerging Risks. What is an Emerging Risk Management Process? Sound risk management practice includes the development and implementation of a process to identify and complete timely initial assessments of emerging risks in terms of their potential likelihood of occurrence, potential magnitude of losses, and potential direction and speed of change in these dimensions. Based on a qualitative assessment, emerging risks with the potential for the highest ultimate impact to a firm may warrant more comprehensive and immediate evaluation and risk mitigation. Other emerging risks may simply warrant ongoing monitoring. What is an Emerging Risk? An emerging risk is a new or evolving risk where the extent and nature of any potential losses are particularly uncertain due to insufficiency of information or time to have fully analyzed the emerging situation. CRO Council ERM Framework Page 2

An Emerging Risk Management Framework: Emerging risks are more important than ever, given the constantly changing risk landscape, the rapid growth of new technologies, and the changing business environment across the globe. Many insurance companies base their approach to risk management on historical loss experience and prior knowledge. In today s increasingly complex and interconnected world, a proactive approach that includes emerging risk identification and management is often not only helpful, but necessary. Embedding an emerging risk framework within an organization can reduce uncertainty about emerging risks. Also, an emerging risk framework can attempt to diminish the volatility of business earnings while increasing stakeholder confidence. The components of an emerging risk framework are very similar to the core elements of an overall enterprise risk management (ERM) framework. The following sections describe suggested leading practices that can assist a company in successfully embedding an emerging risk framework in their organization s ERM framework. Risk Culture and Governance: Whatever the drivers are for your organization, achieving effective risk management requires a sound foundation of risk governance the structures, culture, and processes that support good decision making. - PwC: Risk Governance a Foundation for Effective Risk Management A well defined governance framework for emerging risks is an essential part of a company s overall risk management strategy. A formal emerging risk committee can provide the foundation of the governance framework, or oversight can be provided through adding this process to the scope of other governance bodies (i.e. ensuring evaluation of emerging risks is routinely part of risk identification discussions). If a distinct emerging risk committee is used, it could be comprised of cross functional leadership (e.g., CROs, Actuaries, General Counsel, Business Leaders, etc.) reporting to senior leadership of the company. The committee should ensure emerging risks are effectively identified, prioritized, analyzed, estimated (if possible), monitored and managed. More specific responsibilities and authorities of the committee might include: (1) Proactively identify potential emerging risks. (2) Assign accountability for reacting to and responding to an identified risk. (3) Review analysis and quantifications of the exposures to emerging risks. (4) Report significant emerging risks to senior management and/or the executive team. The emerging risk committee should consider adopting a formal charter to document roles and responsibilities. The committee should meet periodically during the year, and those meetings should be supported with formal agendas and the publication of minutes. It will be increasingly important to document governance processes and outcomes for use in Own Risk and Solvency Assessments (ORSAs), as well as for sharing with interested parties that evaluate a firm s risk management (e.g., rating agencies). Since many emerging risks may be best identified within the business, it is also critical that awareness of all types of risk becomes embedded into the dayto-day operation of the business and that open lines Page 3

of communication exist between the business and ERM. A company can strengthen its own risk culture by increasing awareness of emerging risks across the enterprise and integrating emerging risk into the fabric of day-to-day operations. Enterprise-wide risk focused training and the distribution of risk reports to areas such as underwriting, sales, service, and claims are just some ways to help raise the overall awareness of potential risks faced by the company and to improve the chances of identifying emerging risks on a timely basis. Risk Appetite, Tolerances and Limits: Risk is part and parcel to all aspects of business. The overarching question all companies must ask themselves is whether the risk is worth the reward. To effectively outline a company s vision and strategic goals, a company s risk appetite must be clearly defined and clearly communicated to the organization via executive and senior management to ensure key levels of the organization are aware of the company s risk appetite. Risk appetite is often defined as the amount and type of risk a company is willing to accept for a desired return on capital. Setting a risk appetite should be done in tandem with reviewing a company s overall capacity, capital structure and risk mitigating policies. It should encompass risks the company is currently aware of, but also be cognizant that new and emerging risks could surface at any time and the company s risk framework must be flexible enough to react. Once a risk appetite for particular risks and scenarios has been established, a logical next step is to set a risk tolerance for those specific scenarios. A risk tolerance is the maximum amount of exposure an organization is willing to accept. While risk appetite can contain both quantitative and qualitative factors including definitions, accepted practices, etc., risk tolerances are generally expressed as a numerical figure to allow the company to adequately measure both current and emerging risks. Ideally, management should review the emerging scenarios and risks being measured to understand the potential implications they could have on the company. They should then assess the company s tangible shareholders equity or capital structure and deploy available capacity to the organization in line with the overall risk appetite to which the company will manage. Risk limits may be used to keep risk exposures in a desired range. They can prompt a discussion with management to consider how the risk should be managed going forward in the event the limit is exceeded, or they could allow for additional risk in the event actual exposure is below a desired level. Identify and Assess Risks: The active identification and prioritization of emerging risks is vital to successfully implementing and enhancing the proper risk management techniques to: (1) Mitigate an organization s exposure to various emerging risks, and (2) Strategically explore potential opportunities for innovative new products and risk management solutions. The identification of emerging risks can come from a variety of sources both internal and external in either a centralized (e.g., an enterprise level emerging risk committee with a unified view) or decentralized (e.g., multiple business units with potentially differing viewpoints) fashion. Page 4

Other key identification processes can include, but are not limited to, the following: (1) Involvement with external organization s emerging risks groups. (2) Monitoring key publications and websites. (3) Brainstorming sessions. Upon accurately identifying potential emerging risks that could affect the organization, companies should seek to assess the potential impact these risks could have. Insurance companies should seek to both identify and understand potential emerging risks by designating specific individuals (emerging risk owners) or teams to assess the need to: (1) Actively manage the identified risks, and/or (2) Determine the frequency of how often those risks should be monitored and reviewed. Furthermore, it is suggested that organizations actively assess emerging risks by developing an emerging risk watch list and review the list at least annually to ensure all relevant risks are captured and assessed. Risk Measurement: The consistent measurement of emerging risks allows companies to: (1) Compare and prioritize risks, and (2) Recognize an increase or decrease in the overall perception of an emerging risk. For actively managed risks, the emerging risk owner or team should establish a method to value or measure risks and in many cases, such a valuation process should assess a risk s likelihood, impact and velocity within broad parameters. (1) By measuring the likelihood of an emerging risk, one can convey the probability of the event occurring (as distinct from its impact on the company). (2) By measuring the impact of an emerging risk, one can capture the potential dollar amount of a loss if the identified risk ultimately emerges. (3) By measuring the velocity, one can convey how quickly the emerging risk could impact the company once the risk is realized. In addition to the measurements above, emerging risks can be quantified in a variety of ways. For example, they might be estimated by scenario analyses that estimate a measure of a company s potential maximum exposure. The ability to measure emerging risks is imperative and allows a company to truly understand the potential implications and whether or not action should be taken. Monitoring, Mitigating and Reporting: Emerging risk owners should regularly perform industry-wide scans and analysis for potential risks that may surface, even if the likelihood is low. Once identified, the emerging risk should be assessed for significance and potential impact relative to the company s overall business strategy and objectives. For those emerging risks that have been identified as having a potential impact, the appropriate resources should be assigned to monitor and potentially manage the risk. Monitoring of risks may involve the creation of leading indicators, both quantitative and qualitative (e.g., tracking the infection rate and spread of new influenza strain). The leading indicators may evolve over time as more information develops on the emerging risk. Page 5

Other tools used to monitor and assess emerging risks include risk dashboards, on-going experience reporting, scenario analysis, and stress testing. Companies should also develop and disseminate reports on a regular basis (e.g., quarterly) to internal audiences. The reports should capture the most current and relevant information and convey how risks might impact the organization. Companies can also take a more comprehensive approach by choosing a key emerging risk and conducting an in-depth analysis to determine the impact it could have on operations and/or product offerings. Emerging risks can be managed in various ways, depending on the nature of the risk (e.g., lobbying proposed laws or regulations or otherwise influencing public opinion, preparing for possible changes to business strategy or tactics, etc.). If the risk is only passively monitored, it should be evaluated for discussion at predetermined intervals until any threat has passed, or the threat has escalated and is more actively managed. definition. From there, it is necessary to work with the businesses to identify the potential exposure to the scenario and ultimately quantify the potential impact. Capital Management: Emerging risks are defined as such because there is a great deal of uncertainty and unpredictability associated with them. High level information regarding the risk may be known, but much about the potential likelihood, magnitude, and complexity is unknown. The data required to create reasonable estimates is likely unavailable or incomplete. Therefore, the ability to underwrite, establish reserves, allocate capital or implement specific capital charges for these risks is very challenging. An insurer should assess the adequacy of current reserve levels and/or capital at the point when an emerging risk makes the transition from unknown to known and becomes more quantifiable. Stress and Scenario Testing: As the likelihood of an actively managed emerging risk becomes clearer, it may be useful to complete various stress testing or scenario testing to get a better measure of the potential impact of the risk. Stress testing is a part of a set of risk management quantification/measurement approaches that attempt to simulate what a potential tail scenario could be. Stress tests should incorporate real world events, as well as all product lines in order to accurately depict a potential loss scenario in an extreme event. For risks that are not completely understood, often the first step is to pull together expertise from various disciplines to agree to a high level stress test The Link to Business Strategy: While much of the focus on emerging issues has centered on identifying the next "asbestos" before it occurs, emerging risk teams should approach their job with a broader perspective, looking not only for risk but also reward. - Verisk Analytics: Integrating Emerging Risk Evaluation into Corporate Strategy An embedded emerging risk framework and well defined risk appetite allows companies to adequately assess the potential impacts an emerging risk could have on its overall business strategy and goals. Page 6

An embedded framework and/or emerging risk committee could produce and disseminate periodic reports to senior management, and should highlight potential implications of those risks. Recommendations to either mitigate or strategically explore an emerging risk should also be conveyed to senior and executive management. An emerging risk framework allows companies to take a proactive approach to identifying emerging risks and mitigate harmful effects. It also has the ability to strategically notify the rest of the organization about a potential risk and get everyone thinking about potential new opportunities. Ultimately, companies may choose to manage emerging risks in a multitude of ways, depending on the potential impact to the company s business strategy. Nonetheless, a structured emerging risk management framework can allow management to quickly and effectively assess a company s exposure and take appropriate mitigation or management action. References to External Literature: As the prevalence for identifying and understanding emerging risks continues to grow, there are a number of different resources companies can monitor including, but not limited to, the following. (1) World Economic Forum (2) ISO Emerging Risks Panel (3) Lloyd s Emerging Risks Special Interest Group (4) Swiss Re Emerging Risks (5) Munich Re Emerging Exposures Page 7

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback