Session 7 Evolution of ERM Across Industries An ERM Practitioner s Perspective Danielle Harrison, Chief Risk Officer, The Co-operators Group
Banking and Insurance Supervision BCBS (Basel Committee on Banking Supervision), established 1930 Core Principles for Banking Supervision (issued 1997, updated 2012) 29 CPs form supervisory expectations of banks, emphasizing the importance of good corporate governance & risk management. IAIS (International Association of Insurance Supervisors), established 1994 IAIS Insurance Core Principles (ICPs initially adopted 2011) 26 ICPs are the globally accepted requirements for the supervision of the insurance sector.
Risk Management Is Why Insurers Exist Risk is inherent in all areas of human endeavor...risk is present in everyday commercial and personal activities risk results from the presence of more than one potential outcome from a course of action (IAAust 2003, 109).
Global Risk Management Influencers COSO (Committee of Sponsoring Organizations of Treadway Commission) COSO Enterprise Risk Management Integrated Framework (2004); Report defines the essential components of risk management, suggests a common language, and provides clear direction and guidance for ERM. IAA (International Actuarial Association) A Global Framework for Insurer Solvency Assessment (2004); Sets out principles & methods for a global risk-based solvency framework, starting from a coherent risk framework. ISAP 5 Insurer Enterprise Risk Models (2016), ISAP 6 ERM Programs & IAIS Insurance Core Principles (Expected Nov 2018) FSB (Financial Stability Board) Principles for Sound Compensation Practices (2009) Principles for an Effective Risk Appetite Framework (2013) Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, A Framework for Assessing Risk Culture (2014)
ISO (International Organization for Standardization) ISO 31000 Risk management Principles and guidelines (Nov 2009); Provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. ISO 31010 - Risk Assessment Techniques (Dec 2009) OECD (Organisation for Economic Co-operation and Development) Risk Management & Corporate Governance (2014) Risk Management by State-Owned Enterprises & their Ownership (2016)
From Solvency to Optimization James Lam (2003) Risk management is not only about reducing downside potential or the probability of pain, but also about increasing upside opportunity or the prospects for gain.
Path to ERM Program Maturity What do we already have? (inventory) What are we expected to need? (regulatory) What will create value? (strategic) What continues to drive value? (discipline) maintaining & growing refining
What do insurers already have? Non-client facing risk management activities that take an enterprise perspective & that benefit from independent assessment Business Continuity Planning Solvency and capital adequacy Disaster Recovery Planning Asset Liability Management Regulatory Compliance Reinsurance & Counterparty credit assessment Actuarial valuation of technical provisions Financial controls Etc. Have Expected Value Disciplined Refinement
What components of ERM are expected? OSFI requirements for federally regulated insurers E-18: Stress Testing (2009) Risk appetite & impact of stress events on risk profile OSFI Corporate Governance Guideline (2013) ORSA (2015) Designate CRO, Board Risk Cmte; Independent oversight (CRO, CCO, CIA), RAF ERM program, CIAR, Relating Risk to Capital, Setting Internal Capital Targets (A-4) OSFI Guideline E-21: Operational Risk Management (2017) Etc. Have Expected Value Disciplined Refinement
What else can create strategic value? The whole is greater than the sum of the parts Common understanding Integration: Embedded Value, Economic Capital Strategy Diversification Risk budgeting Risk-Return optimization Project and/or product risk assessment Operational risk: loss event data collection Emerging risk Risk-based compensation (remuneration to align with longterm interests) Amongst assurance functions & COE (e.g. IT, HR) Preventative KRIs Have Expected Value Disciplined Refinement
What continues to drive value? Disciplined refinement that challenges what we currently have to ensure that it continues to meet org needs Use test Independence Build & deploy Adapt Shed Decision support through unique & integrated perspective Promote & sustain a strong risk culture Ex Post analysis Have Expected Value Disciplined Refinement
How do you know if you missed the mark? Imbalance between oversight versus active management Increased resistance & questions of value Deterioration in risk culture A risk event happens and our ERM systems failed to anticipate it, mitigate it and/or detect it!
Path to ERM Practitioner Maturity Facilitator, Consolidator, Number Cruncher, Reviewer, etc. Understanding of the business and its strategic objectives. Butterfly Trusted knowledge partner & strategic asset. Industry context & connection to the broader global risk environment influencers on the risks & opportunities for the organization.
ERM Educators
The Impact of Risk Culture Mission, Vision & Values alignment Tone from the Top, Tone from the Middle Ownership & accountability Internal path of escalation clarity & access CRO, Management Risk Committee Learning environment Beyond the letter of the law to the spirit of ERM