Emerging Risks: Identification, Assessment and Mitigation

© 2014 Protiv iti Inc. CONFIDENTIAL 2

Agenda

Defining Emerging Risks 3

Regulatory Guidance 4

Incorporating emerging risk into ERM framework 5

© 2014 Protiv iti Inc. CONFIDENTIAL 3

What are emerging risks?

Emerging risks may not be fully understood or identified and hence comprehensive risk management options to assess,

quantify, monitor and control such risks are difficult for organizations to create and implement.

Emerging risks are linked to other risks giving them a systemic nature. The risks can cut across geographies, industries

and economic systems and are generally outside the scope of any organization. The impact of an emerging risk that

has not been identified and mitigated by an institution can sometimes be destructive.

Emerging risks are difficult to define, assess and quantify in monetary terms to the necessary level of accuracy

leading to ineffective standard approaches to likelihood and impact projections.

Emerging risks are newly developing or changing risks which are perceived to be potentially significant but which may not be fully understood or allowed for in business and strategic planning.

Detailed definition

Systemic Nature

Impact Quantification

Emerging risks are new or unique risks. They differ from evolving risks which have been previously identified and are

merely shifting or changing from original conditions.

Emerging vs. Evolving

© 2014 Protiv iti Inc. CONFIDENTIAL 4

Regulatory guidance on emerging risks is evolving and

always starts with a solid ERM framework

• Active consideration of emerging risks and a process for assessing their impact

• Set up emerging risk committees to discuss potential threats and how they might be

mitigated or managed

• Identify appropriate indicators that provide early warning of an increased risk of future

losses

• Indicators are usually forward-looking and reflect potential sources of risk

Financial Services Authority1

• Use a variety of channels and windows to gain perspectives on emerging risks

• Increase focus on potential risks before concerns become real problems

• Perform stress testing on the trends in outcomes to understand how risk is

changing

• Take action based on quantification of risk

• Review and analyze prior failures to mitigate emerging risks to determine ways to better

quantify the build-up of risks

OCC2

• Maintain a healthy skepticism of the ability of regulatory capital requirements to

prevent risk concentrations

• Examination and analysis are important in identifying emerging risk concentrations

• The entity’s risk management function should be assessed by senior management and

the board of directors including how emerging and/or prospective risks are

identified, tracked, assessed and managed

NAIC3

1 Enhancing Frameworks in the Standardized Approach to Operational Risk, Financial Services Authority, January 2011 2 Act Now to Address Emerging Risks , Darrin Benhart - OCC, October 25, 2012 3 Implications of the Financial Crisis for Insurance Regulation, Terri Vaughan - NAIC, April 15, 2010

© 2014 Protiv iti Inc. CONFIDENTIAL 5

Incorporating emerging risk into your existing ERM framework

Develop Risk Management Strategies

Avoid – Reduce – Retain – Exploit – Transfer

Design / Implement Risk Management Process

Measure / Monitor Risk Management Performance

Continuously Improve Risk Management

Capabilities

Establish Risk Management Goals,

Objectives and Infrastructure

Information

for Decision Making

Assess Risk

• Identify • Categorize

• Assess • Calculate

Example Activities:

• Identify emerging risks through a variety

of channels: cross-functional teams,

external resources, analysis, etc.

• Incorporate emerging risks into the risk

inventory

Example Activities:

• Determine the most appropriate risk

response and action plans

• Allocate capital to manage downside

risks

Example Activities:

• Identify and allocate responsibility for emerging risk

management

• Design and implement procedures for emerging risk

management

Example Activities:

• Systematically monitor emerging

risks and resource adequacy

• Update stress testing, reverse stress

testing and scenario analysis with

emerging risk scenarios

• Escalate emerging risks and status of

risk mitigation efforts as part of

standard risk reporting

Example Activities:

• Ensure that the risk assessments

are refreshed, new and emerging

risks are identified, captured and

communicated

Example Activities:

• Determine if emerging risks present a

barrier to strategic objectives

• Consider emerging risks as part of

strategic planning

• Allocate dedicated resources to emerging

risk

• Establish emerging risks repository

© 2014 Protiv iti Inc. CONFIDENTIAL 6