Managing Risk and Capital in the Lloyd’s and London Market

Ensuring your Board leads from the top in implementing strategic riskmanagement across the organisation

Infoline Conference22nd November 2012

Susan YoungHead of Risk ManagementR&Q Managing Agency Limited

Key questions to consider

• What is the role of the Board in managing risk across the organisation under Solvency II?

• Changing attitudes towards the Risk Management Function – where should it sit in thehierarchy? Does it matter?

• How does the Board move from “owning” Solvency II to widespread investment in RiskManagement beyond regulatory demands? How can Risk Management help?

• How do we use the Internal Model and Own Risk and Solvency Assessment to drive BoardLevel involvement?

The views expressed are my own – please share yours

Session outline

• Key questions to consider – previous slide

• The role of the Board under Solvency II – what has changed?

• The role of the Board – transition to Business as Usual

• Risk Management - how can we “lead the charge”?

• The role of Risk Management in supporting the Board and the business

• How should Risk Managers help/inform their Boards?

• So what are the benefits?

• The Risk Management Function in the organisational hierarchy – does it matter?/ The “virtual team”

• The Internal Model and the ORSA – using these to drive Board decisions

• Summary and Conclusion

The role of the Board under Solvency II -what has changed?

• The SII Directives are clear - the Board has ultimate responsibility for Solvency II

• This includes ensuring robust Systems of Governance including, critically, Risk Management

• We’ve heard it all before, but the tone must continue to come from the top

• We have developed and implemented it, we now need to live it

• We should not and must not lose the impetus during the transition of our efforts intoBusiness as Usual

Nothing really – we are simply further on in the journey

The role of the Board -transition to Business As Usual

• Lets play Devil’s Advocate here…..

• Solvency II should not be a separate agenda item at Board Meetings

• The aspiration should be not to mention Solvency II at all!

• Why?

• Because Solvency II is/was a regulatory initiative to align Risk and Capital Management

• Aligned Risk and Capital Management is how we should be doing things as a matter of course

Solvency II?

Risk Management - how can we lead the charge?

Question - which is more likely to harness engagement?Same as it ever was……

“A regulatoryrequirement – wedo it because we

have to”

OR “A trigger for harnessingthe advantages ofintegrated risk and

capital management toadd value”

The role of Risk Management in supporting theBoard and the business• Risk Management should be embedded – so what does this mean?

• Risk Management is not the Risk Management team alone

• The Risk Management team is an enabler for Risk Management activity

• Accordingly, effective Risk Management activity cannot be abdicated to the RiskManagement team, or merely “bolted on” to existing business activity

• SII recognises that the Risk Management Function, however defined, has responsibilityfor many elements of Internal Model Governance – Scope, Change, Validation – aterrific mandate for facilitating the alignment of the two disciplines

• “Function” is the operative word. Risk Management should function, not just be. It is aprocess.

• Risk Management should be defined, positioned and structured appropriately to be ableto fulfil its obligations and actively support the Board fulfil theirs.

Risk Management is well placed to underpin the Board – provided it is well embedded

How should Risk Managers help their Boards?

• Ensure you have properly defined Terms of Reference

• Risk Management has a key role to play in the following, as well as day to day activity;-

– Business Planning – Risk Management informs the process and monitors business performance– Strategic initiatives – they can have major capital implications

• Ensure your reporting line affords you an appropriate profile and feedback loop, either on the Board orreporting to it

• If not, ensure Risk Management is covered during the Board meetings - not at the end

• Get the structure and balance of your team right – remember your “virtual” team as well!

• Educate, educate, educate – this never ends – from top table to grass roots

Maintain visibility – it is key in fulfilling these responsibilities

How should Risk Managers inform theirBoards?• Engage up front in defining what the Board wants, why and when

• Ensure there is a common and consistent language– Keep jargon to a minimum– Once established, stick to it

• Present concise Management Information – not Data– Less is more– Provide detail by all means, but keep key information to a few pages – or even only one– Ensure your Key Risk Indicators do address your Key Risks– Ensure any “Reds” are sufficiently material to warrant discussion and corrective action– Test the impact – did the MI drive action?

• Internal Model Outputs – for example– Sensitivity tests – can show the impact of decisions on Risk Indicators/Capital Usage– Risk Ranking and allocation of capital to individual risks or risk categories is a lever to prioritise risks

Taking risks has capital implications – we need to know how much – by managing risks in thisway, we can take more of them!

So what are the benefits?

• Policyholder protection

• Wise and efficient use of existing capital

• Develop profitability

• Reward shareholders

• A more disciplined, joined up approach

• Appreciation of the capital impact of strategic and operational decisions

• Good business practice

Compelling drivers

The Risk Management Function in theorganisational hierarchy – does it matter?

• Yes, for the reasons already outlined – but that’s not all

• The Risk Management Function is second line of defence – if properlyembedded it should support, challenge, embed – not do it all

• It should maintain its independence in order to be objective

• There is no hard and fast rule as to how this is done – it will depend onthe organisation and it may need to change/adapt over time

• However, the days of Risk Management as a siloed, discreet bunch of“bolt on” people are gone – as a Risk Manager you should have a“virtual team” – being your whole organisation

Thoughts?

The Risk Management Function in theorganisational hierarchy – the “virtual team”

RiskManagement

Board ofDirectors

SECOND LINEDirect Assurance

Compliance,Actuarial, Legal

etc

THIRD LINEIndependent

Assurance(Internal

/External Audit,IndependentReview etc)

FIRST LINEThe Business

(Risk andControl Owners)

An holistic function

The Internal Model and the ORSA – using theseto drive Board decisions

• Internal Model Uses must be defined by the Board as thedecision making authority

• Internal Model scope, coverage, and outputs shouldtherefore be driven by proposed Board uses (includingmandatory requirements) – and not the other way around

• Ensure your governance structure can accommodate this

• The ORSA process (and it IS a process – a forward lookingone at that) should be integrated into and inform theplanning process and not be driven by it

• The Board must own these processes, but the RiskManagement Function can support, advise and inform – andhelp harness opportunity

The organisation’s strategic and business objectives drive the effort, not the other wayaround

Summary and Conclusion

• The Board’s responsibilities have not changed – they have evolved, to harness and bring to hear the valuethat effective risk and capital management can offer

• We have developed and implemented Solvency II we now need to live it so it embeds further

• Risk Management is well placed to support and inform the Board in executing its responsibilities –because this is how we should be doing things now

• That entails visibility, a proper mandate from the top, involvement in key decisions and to earn areputation as an agent for constructive development and change at all levels

• While maintaining a degree of independence and objectivity – that is key

Take control of your destiny!

And finally…….

Thank you for listeningAny questions?

DDI +44 (0) 20 7780 5882Susan.young@rqih.com

www.rqih.com