The Role of Finance and Accounting as Critical Players in ERM and ORSA Session Number 404 Jim Stangroom Baker Tilly John Romano Baker Tilly John Holdorf NYCM Insurance Amy Purdy Godleski Columbian Financial Group
Background and General Observations NYCM Insurance Columbian Financial Group Baker Tilly
Panel Discussion Topics/Questions (Just a Few) Who are the key players in ERM and ORSA? What are the roles of Finance and Accounting personnel as critical players in ERM and ORSA? In risk identification? In risk measurement and prioritization? In establishing and monitoring risk appetite, risk tolerances and risk limits? In scenario, stress testing and sensitivity analysis? In capital forecasting and monitoring capital adequacy? How do you go about identifying current and emerging risks? How does your strategic planning, forecasting, budgeting link to ERM? How do you balance quantitative and qualitative analysis when measuring and prioritizing risks? Why should exempt companies care about ERM and ORSA?
Enterprise Risk Management (ERM) ERM Framework Key Principles Risk Culture & Governance Risk Identification & Prioritization Risk Appetite, Tolerances & Limits Risk Management & Controls Risk Reporting & Communication
ERM Risk Identification ERM addresses all of the material and relevant risks insurers are confronted with, such as: Underwriting/Pricing Risk Investment Risk Market Risk Liquidity Risk Reputational Risk Operational Risk Credit Risk Regulatory Risk Strategic Risk
Risk Identification Self assessment processes Periodic ongoing, but at least annual, process Each business unit and major functional area participates in a joint effort with ERM to define and assess the risks inherent in the business Continuous monitoring and updating as risks intensify and new risks emerge Emerging risks identification Typically Committee driven CRO (or functional equivalent) lead effort Requires creative thought about events that have not occurred before Critical assessment of the balance sheet and company practices 7
COSO ERM Framework COSO framework is adaptable but can lead to over documentation if not careful
ERM The IAIS Framework ERM is the process of identifying, assessing, measuring, monitoring, controlling and mitigating risks. IAIS Insurance Core Principles No. 16
Own Risk and Solvency Assessment (ORSA) Risk management framework Assessment of risk exposure Assessment of capital adequacy Prospective solvency assessment
What is in an ORSA? NAIC Guidance Manual Section 1 Description of the Insurer s Enterprise Risk Management Framework Risk Culture and Governance Risk Identification and Prioritization Risk Appetite, Tolerances and Limits Risk Management and Controls Risk Reporting and Communication 11
What is in an ORSA? NAIC Guidance Manual Section 2 Insurer Assessment of Risk Exposures Quantitative and/or Qualitative Risk Exposures Future financial outcomes Test normal and stressed environments Impact on risk capital requirements Risk model implementation and testing 12
What is in an ORSA? NAIC Guidance Manual Section 3 Group Assessment of Risk Capital and Prospective Solvency Assessment Management and decision making culture Regarding identified risks and capital adequacy Use information gathered from model testing Financial situation in future business plans Feedback loop: Is the company adequately equipped to cope with risks? 13
Who are the Key Players in ERM and ORSA? Players Board Senior management team Underwriting IT Operations Finance and Accounting Actuarial Claims Legal Roles and Responsibilities Oversight Oversight, risk committee, strategic Risk selection, pricing, operations, reinsurance Security, disaster recovery, operations Investment (market/credit/interest rate), liquidity, internal controls over financial reporting, capital adequacy, reinsurance, operations, currency, derivatives, tax compliance, risk management reporting Pricing, reserving, modeling Claims settlement, operations Regulatory, compliance, litigation
Recent ERM/ORSA Regulatory Developments ORSA Guidance Manual updated March 2014 ORSA Feedback Pilot project NAIC Group Solvency Issues Working Group to report in 2015 Supervisory Colleges ORSA guidance added to NAIC Financial Examiners Handbook and Financial Analysis Handbook Corporate Governance Annual Disclosure Model Act and Model Regulation adopted by NAIC November 2014 U.S. Self-Assessment of Observance with Insurance Core Principles (including ICP 16 re ERM) Form F Enterprise Risk Report effective 1/1/16 and applicable to ALL insurers in a Holding Company System
ERM Maturity Scale What is the level of maturity of your organization s risk management oversight? Very Immature Developing Evolving Mature Robust Full Sample 19% 23% 35% 19% 4% Largest Organizations 8% 15% 41% 25% 11% Public Companies 8% 14% 39% 30% 9% Financial Services 6% 20% 40% 25% 9% Not-for-Profit Organizations 24% 25% 34% 15% 2% Source: AICPA sponsored 2015 Report on the Current State of Enterprise Risk Oversight
ERM Informal to Formal Comparison Informal ERM discussed infrequently No dedicated committee (internal or board) No ERM framework or policy Risk assessment identification and management performed in silos and limited in documentation Discussion of business objectives and status not necessarily risks to objectives Risk owners acknowledged or identified at department level Internal audit acts as ERM administrator Hybrid/Progressing Audit/Risk committee includes ERM as agenda item periodically Dedicated management ERM committee Loosely adopted framework, lack of policy Top risks identified and reported to board periodically Risk owners specifically identified, action items are broad Completed ORSA lite Internal audit progressing towards ERM champion and assisting management in culture improvement Formal ERM/Risk committee ERM Framework and risk management policy Formal risk assessment and identification process Top risks identified with status updates reported to senior management and board at each meeting Risk owners specifically identified, action items are specific and accountability measures are reported periodically Robust ORSA or ORSA lite ERM insight from all levels of organization Internal audit acts as ERM champion
A.M Best ERM Ratings A.M. Best Believes to remain competitive in today s dynamic environment, build sustainable earnings and capital accumulation, and ultimately, maintain high ratings, complex organizations must develop and constantly refine an ERM framework, including the development of internal economic capital modeling. Source: A.M. Best Risk Mngt April 2013. pg. 3 18
A.M Best ERM Ratings A.M. Best believes ERM encompasses three areas: Culture Set the tone at the top Establish and communicate risk management objectives Define roles and responsibilities Strategic decision making process Identification and Management Identify, monitor, manage risks within the 5 categories of risk Adjust risk profile and process to current and future trends Measurement Report showing risk/return measures that identify areas where tolerances and objectives are/are not being met Source: A.M. Best Risk Mngt April 2013. pg. 10-11 19
Contact Info For more information, contact: Jim Stangroom, Baker Tilly 410-824-6001 james.stangroom@bakertilly.com John Romano, Baker Tilly 215-972-2277 john.romano@bakertilly.com John Holdorf, NYCM Insurance 607-965-2578 JHoldorf@nycm.com Amy Purdy Godleski, Columbian Financial Group 607-724-2472 Amy.PurdyGodleski@cfglife.com
Please Complete the Session Evaluation Form on the Conference App