Risk Management Perspectives Conference 2014
-
Upload
alex-breeze -
Category
Business
-
view
287 -
download
4
Transcript of Risk Management Perspectives Conference 2014
“Doing
RISK MANAGEMENT is not the
WORST CASE SCENARIO”
Highlights from the RISK MANAGEMENT PERSPECTIVES CONFERENCE
Risk Management Perspectives ConferenceSociety of Actuaries in Ireland, 18 November 2014
As it happened ……………………………............ 4
Exploring common threads ………………...... 69
About ………………………………………............... 90
Important note: This presentation is entirely my own work (derived from my own notes of the day) and does not necessarily represent the views of the presenters or any other party. I have tried to make it as accurate as possible, but there may be errors (including the quotes). By its nature, this is a summary so cannot include all the details – you should have been there for that!
Risk Management Perspectives ConferenceSociety of Actuaries in Ireland, 18 November 2014
As it happened ……………………………............ 4
Exploring common threads ………………...... 69
About ………………………………………............... 90
All the action
Important note: This presentation is entirely my own work (derived from my own notes of the day) and does not necessarily represent the views of the presenters or any other party. I have tried to make it as accurate as possible, but there may be errors (including the quotes). By its nature, this is a summary so cannot include all the details – you should have been there for that!
Do not miss this!
Coming up…
SII
Banking
Cyber risk
Whistleblowing
Pharmaceutical industry
Culture and communication
Solvency II
A banker’s perspective
As it happened
What have we learnt from the crisis?
A banker’s perspective on risk managementPeter Rossiter, Chief Risk Officer, AIB
There are 4 PHASES…
As it happened
DIAGNOSIS
QUANTIFICATION
CORRECTION
PREVENTION
“Should be a FORMAL LINK: ‘I understand what went
wrong, here’s what I’m doing to avoid it’”
As it happened
DIAGNOSIS
QUANTIFICATION
CORRECTION
PREVENTION
“Should be a FORMAL LINK: ‘I understand what went
wrong, here’s what I’m doing to avoid it’”
As it happened
Ireland has got to this stage
Policy response from regulator
DIAGNOSIS
QUANTIFICATION
CORRECTION
PREVENTION
“Should be a FORMAL LINK: ‘I understand what went
wrong, here’s what I’m doing to avoid it’”
As it happened
Cyber risk
Ireland has got to this stage
Policy response from regulator
Look out for common “threads” in the presentations
Cyber riskPhilip Whittingham, Deputy, Enterprise Risk Management, XL Group
TRADITIONAL VIEW: Someone else dealt with cyber risk – it is not a business risk
WRONG! You can no longer ignore it…
As it happened
Types
“Cyber risk is NOT new oremerging… but its RISK
PROFILE is changing rapidly”
As it happened
Physical loss
Phishing
Data transmission
Cloud computing
Hacking
Types
“Cyber risk is NOT new oremerging… but its RISK
PROFILE is changing rapidly”
As it happened
Physical loss
Phishing
Data transmission
Cloud computing
Hacking
“You’re only as effective as the techniques you
know about”
To define risk appetite / tolerances…
…need to categorise types of attacks:
Known Unknown
Monitor and record breaches
Types
“Cyber risk is NOT new oremerging… but its RISK
PROFILE is changing rapidly”
As it happened
Whistleblowing
Physical loss
Phishing
Data transmission
Cloud computing
Hacking
“You’re only as effective as the techniques you
know about”
To define risk appetite / tolerances…
…need to categorise types of attacks:
Known Unknown
Monitor and record breaches
Innovative approach!
WhistleblowingJoe Gavin, General Counsel, Central Bank of Ireland
As it happened
Previously, there were NOwhistleblowing regulations
WhistleblowingJoe Gavin, General Counsel, Central Bank of Ireland
As it happened
Would the financial crisis have been mitigated if there had been a
‘protected disclosures’ regime?
Previously, there were NOwhistleblowing regulations
WhistleblowingJoe Gavin, General Counsel, Central Bank of Ireland
As it happened
A lot to be said for it
Would the financial crisis have been mitigated if there had been a
‘protected disclosures’ regime?
Previously, there were NOwhistleblowing regulations
As it happened
Definition of protected disclosure:
1. To the CBI (Central Bank of Ireland)
2. In GOOD FAITH
3. Reasonable basis to believe a BREACH in financial
services law or DESTRUCTION of evidence
Risk management in pharmaceuticals
As it happened
Definition of protected disclosure:
1. To the CBI (Central Bank of Ireland)
2. In GOOD FAITH
3. Reasonable basis to believe a BREACH in financial
services law or DESTRUCTION of evidence
Difficult to balance:
Risk management in pharmaceuticals
As it happened
Definition of protected disclosure:
1. To the CBI (Central Bank of Ireland)
2. In GOOD FAITH
3. Reasonable basis to believe a BREACH in financial
services law or DESTRUCTION of evidence
Difficult to balance:
protection
of identity…
…effectiveness
of investigation
Risk management in pharmaceuticals
As it happened
Risk management as a competitive
advantage in the pharmaceutical industryDavid Staunton, Site Risk Lead, Amgen
Risk management is a DECISION MAKING PROCESS…
As it happened
…if not, then DON’T BOTHER!
Risk management as a competitive
advantage in the pharmaceutical industryDavid Staunton, Site Risk Lead, Amgen
Risk management is a DECISION MAKING PROCESS…
As it happened
…if not, then DON’T BOTHER!
Risk management as a competitive
advantage in the pharmaceutical industryDavid Staunton, Site Risk Lead, Amgen
Risk management is a DECISION MAKING PROCESS…
As it happened
COMPETITIVE ADVANTAGE in pharma…
Takes
$3-5 bn to
develop a drug
Governments only tend to
buy drugs
once
Crucial to develop
fast
As it happened
COMPETITIVE ADVANTAGE in pharma…
Takes
$3-5 bn to
develop a drug
Governments only tend to
buy drugs
once
Crucial to develop
fast
As it happened
Want to
fail fast and
cheap
Focus on what
is difficult
COMPETITIVE ADVANTAGE in pharma…
Takes
$3-5 bn to
develop a drug
Governments only tend to
buy drugs
once
Crucial to develop
fast
As it happened
Want to
fail fast and
cheap
Focus on what
is difficult
COMPETITIVE ADVANTAGE in pharma…
Takes
$3-5 bn to
develop a drug
Governments only tend to
buy drugs
once
Risk management is ESSENTIAL -> LIVES ARE AT STAKE!
As it happened
At what “tipping point” does a risk actually become relevant?
…so you need to ASSESS RISKS to find those that REALLY MATTER…
As it happened
Example: Richter scale
At what “tipping point” does a risk actually become relevant?
…so you need to ASSESS RISKS to find those that REALLY MATTER…
As it happened
Example: Richter scale
At what “tipping point” does a risk actually become relevant?
…so you need to ASSESS RISKS to find those that REALLY MATTER…
Real damage
As it happened
…how can you decide which risks matter? “FORGET probability-
impact matrices!”
As it happened
Ask 7 QUESTIONS:
If the risk occurred…
…what is a surprisingly GOOD scenario?
…what is a surprisingly BAD scenario?
…what is the MOST LIKELY scenario?
…how can you decide which risks matter? “FORGET probability-
impact matrices!”
As it happened
Ask 7 QUESTIONS:
If the risk occurred…
…what is a surprisingly GOOD scenario? Considereffect on
SALES and
COSTS
…what is a surprisingly BAD scenario?
…what is the MOST LIKELY scenario?
…how can you decide which risks matter? “FORGET probability-
impact matrices!”
As it happened
Ask 7 QUESTIONS:
If the risk occurred…
…what is a surprisingly GOOD scenario? Considereffect on
SALES and
COSTS
…what is a surprisingly BAD scenario?
…what is the MOST LIKELY scenario?
What is the PROBABILITY of occurrence?
…how can you decide which risks matter? “FORGET probability-
impact matrices!”
As it happened
Ask 7 QUESTIONS:
If the risk occurred…
…what is a surprisingly GOOD scenario? Considereffect on
SALES and
COSTS
…what is a surprisingly BAD scenario?
…what is the MOST LIKELY scenario?
What is the PROBABILITY of occurrence?
…how can you decide which risks matter? “FORGET probability-
impact matrices!”
Questions 1–3…
…4–6…
…7
As it happened
…and finally consider MITIGATION
OPTIONS
Value of mitigation = Effective risk before mitigation
- Effective risk after mitigation
Cost of mitigation
VS
As it happened
…and finally consider MITIGATION
OPTIONS
Risk culture and communication
Then… MAKE A DECISION!
Value of mitigation = Effective risk before mitigation
- Effective risk after mitigation
Cost of mitigation
VS
As it happened
Risk culture and communicationBrid Horan, INED, former Deputy Chief Executive, ESB
“CULTURE EATS STRATEGY FOR BREAKFAST”– Peter Drucker
…so where does that leave risk culture?
As it happened
Things that go wrong are often to do with culture… so you need to ANALYSE it
As it happened
Things that go wrong are often to do with culture… so you need to ANALYSE it
- Where do you sit on the SPECTRUM?
Collegiate / risk-adverse
Aggressive
As it happened
Things that go wrong are often to do with culture… so you need to ANALYSE it
- Where do you sit on the SPECTRUM?
Collegiate / risk-adverse
Aggressive
- Crucial to LINK: risk culture strategy
As it happened
Things that go wrong are often to do with culture… so you need to ANALYSE it
- Where do you sit on the SPECTRUM?
- How can you assess your culture?- Good culture = Being able to learn from your mistakes
- “Huge value in working for a variety of companies”
Collegiate / risk-adverse
Aggressive
- Crucial to LINK: risk culture strategy
“You find out your CORE
VALUES in a CRISIS”
As it happened
Things that go wrong are often to do with culture… so you need to ANALYSE it
- Where do you sit on the SPECTRUM?
- How can you assess your culture?- Good culture = Being able to learn from your mistakes
- “Huge value in working for a variety of companies”
Collegiate / risk-adverse
Aggressive
- Crucial to LINK: risk culture strategy
- Communicating culture: Words are just a SMALL PART
- Actions from senior level / what people see from them
- Allocation of resources
“You find out your CORE
VALUES in a CRISIS”
As it happened
Things that go wrong are often to do with culture… so you need to ANALYSE it
- Where do you sit on the SPECTRUM?
- How can you assess your culture?- Good culture = Being able to learn from your mistakes
- “Huge value in working for a variety of companies”
Collegiate / risk-adverse
Aggressive
- Crucial to LINK: risk culture strategy
- Communicating culture: Words are just a SMALL PART
- Actions from senior level / what people see from them
- Allocation of resources
“You find out your CORE
VALUES in a CRISIS”
As it happened
Things that go wrong are often to do with culture… so you need to ANALYSE it
- Where do you sit on the SPECTRUM?
- How can you assess your culture?- Good culture = Being able to learn from your mistakes
- “Huge value in working for a variety of companies”
Collegiate / risk-adverse
Aggressive
- Crucial to LINK: risk culture strategy
- Communicating culture: Words are just a SMALL PART
- Actions from senior level / what people see from them
- Allocation of resources
“You find out your CORE
VALUES in a CRISIS”
Solvency II
As it happened
SII Solvency II - presenters
Lukas ZiewerChief Risk Officer and Director, MetLife Europe
Roy KeenanExperienced INED, former CEO of Bank of Ireland in the UK
Ger BradleyPrincipal and Head of Non-Life Practice Milliman Ireland
Mark BurkeHead of Life Insurance & Groups Supervision, Central Bank of Ireland
As it happened
SII Solvency II - presenters
Lukas ZiewerChief Risk Officer and Director, MetLife Europe
Roy KeenanExperienced INED, former CEO of Bank of Ireland in the UK
Ger BradleyPrincipal and Head of Non-Life Practice Milliman Ireland
Mark BurkeHead of Life Insurance & Groups Supervision, Central Bank of Ireland
Highlights from these presentations coming right up…
As it happened
What would be your DREAM
FEATURES of a prudential regime for insurers?
As it happened
1. Capital as a single CURRENCY
FOR RISK to balance profit
2. Enterprise Risk Management
SOLIDLY EMBEDDED
3. AVOID information overload
What would be your DREAM
FEATURES of a prudential regime for insurers?
SII
As it happened
1. Capital as a single CURRENCY
FOR RISK to balance profit
2. Enterprise Risk Management
SOLIDLY EMBEDDED
3. AVOID information overload
Can provide these?
What would be your DREAM
FEATURES of a prudential regime for insurers?
SII
As it happened
Solvency II - OutlineThe three
pillars:Capital
adequacy
Risk management
Reporting to market
SII
As it happened
Solvency II - OutlineThe three
pillars:Capital
adequacy
Risk management
Reporting to market
OWN RISK and
SOLVENCY
ASSESSMENT (ORSA) cuts across all three
Requirement for European insurers from
1 January 2016
SII
As it happened
Solvency II - OutlineThe three
pillars:Capital
adequacy
Risk management
Reporting to market
OWN RISK and
SOLVENCY
ASSESSMENT (ORSA) cuts across all three
Description of MATERIAL RISKS and changesQualitative and quantitative
STRESS and SCENARIO tests Results shown in a report… …but also an ONGOING PROCESS
Requirement for European insurers from
1 January 2016
SII
As it happened
How to prepare an ORSA
Solid
foundations
Enough resources
Agree with stakeholders
Capital
Drivers of change
Scenario assumptions
Team work
Stakeholders: Risk, Actuarial, Finance
Execute planValidate with business
Re-run scenarios
Communicate
to Board
Key drivers of future capital
Potential to release capital
SII
As it happened
How to prepare an ORSA
Solid
foundations
Enough resources
Agree with stakeholders
Capital
Drivers of change
Scenario assumptions
Team work
Stakeholders: Risk, Actuarial, Finance
Execute planValidate with business
Re-run scenarios
Communicate
to Board
Key drivers of future capital
Potential to release capital
ORSA best
practice
Focus on key risks
Integrated into strategy
Relate risks to capital
SII
As it happened
How to prepare an ORSA
Solid
foundations
Enough resources
Agree with stakeholders
Capital
Drivers of change
Scenario assumptions
Team work
Stakeholders: Risk, Actuarial, Finance
Execute planValidate with business
Re-run scenarios
Communicate
to Board
Key drivers of future capital
Potential to release capital
ORSA best
practice
Focus on key risks
Integrated into strategy
Relate risks to capital
SII
As it happened
P
R
O
D
U
C
T
BUSINESS PLANNING
CAPITAL MANAGEMENT
DEVELOPMENT
Uses of ORSAs
SII
As it happened
P
R
O
D
U
C
T
BUSINESS PLANNING
CAPITAL MANAGEMENT
DEVELOPMENT
ALIGN capital with GROWTH
of business and
RISKS
Uses of ORSAs
SII
As it happened
ACTUARIAL function
VS
RISK MANAGEMENT function
People involved with SII and ORSAs:
SII
As it happened
ACTUARIAL function
VS
RISK MANAGEMENT function
People involved with SII and ORSAs:
2 of the 4 functions required under SII
Can be held by the same person…
…and/or by others in company (e.g.
Director)…
…but could some options
introduce
CONFLICTS OF
INTEREST?
SII
As it happened
ACTUARIAL function
VS
RISK MANAGEMENT function
People involved with SII and ORSAs:
2 of the 4 functions required under SII
Can be held by the same person…
1. Technical provisions2. Pricing opinion3. Reinsurance opinion
3.5. Contribute to risk
management system
Responsibilities:
…and/or by others in company (e.g.
Director)…
…but could some options
introduce
CONFLICTS OF
INTEREST?
SII
As it happened
ACTUARIAL function
VS
RISK MANAGEMENT function
People involved with SII and ORSAs:
Balance between: having the right skill set vs independent holders of the functions
2 of the 4 functions required under SII
Can be held by the same person…
1. Technical provisions2. Pricing opinion3. Reinsurance opinion
3.5. Contribute to risk
management system
Responsibilities:
…and/or by others in company (e.g.
Director)…
…but could some options
introduce
CONFLICTS OF
INTEREST?
SII
As it happened
People involved with SII and ORSAs:
BOARD OF DIRECTORS
SII
As it happened
People involved with SII and ORSAs:
BOARD OF DIRECTORS
In the past, Boards worried about…
SII
As it happened
People involved with SII and ORSAs:
BOARD OF DIRECTORS
In the past, Boards worried about…
PROFITABILITY
SII
As it happened
People involved with SII and ORSAs:
BOARD OF DIRECTORS
Now, they are concerned about…
SII
As it happened
People involved with SII and ORSAs:
BOARD OF DIRECTORS
Now, they are concerned about…
CULTURE
STRATEGY
REPUTATION
BUSINESS MODEL
SOLVENCY II
SII
As it happened
People involved with SII and ORSAs:
BOARD OF DIRECTORS
Now, they are concerned about…
CULTURE
STRATEGY
REPUTATION
BUSINESS MODEL
SOLVENCY II
Need resources: right people with
right skills
Link by ORSA
Need sufficient expertise on Board to understand models
SII
As it happened
People involved with SII and ORSAs:
BOARD OF DIRECTORS
Now, they are concerned about…
CULTURE
STRATEGY
REPUTATION
BUSINESS MODEL
SOLVENCY II
Need resources: right people with
right skills
Link by ORSA
Need sufficient expertise on Board to understand models
End of presentations
…but what 3 COMMON THREADS linked the presentations?
So that was the ConferenceIN A NUTSHELL…
Common threads
1. RISK CULTURE
Common threads
Culture eats strategy for breakfast… and RISK CULTURE eats RISK MANAGEMENT
for lunch“
”SII
Common threads
SII
1. RISK CULTUREWhere does it come from?
Common threads
SII
Massive amount of REGULATIONis needed because culture was
NOT CORRECT before“
”
1. RISK CULTUREWhere does it come from?
From regulators
Common threads
Building an effective ORSA culture is DIFFICULT… buy-in
starts from the BOARD“
”SII
Massive amount of REGULATIONis needed because culture was
NOT CORRECT before“
”
1. RISK CULTUREWhere does it come from?
SII
From regulators
Top-down…
Common threads
Building an effective ORSA culture is DIFFICULT… buy-in
starts from the BOARD“
”
Which PROFESSION has the most effective whistleblowing culture?
PILOTS
“”
SII
Massive amount of REGULATIONis needed because culture was
NOT CORRECT before“
”
1. RISK CULTUREWhere does it come from?
From regulators
Top-down…
…bottom-up
Common threads
SII
1. RISK CULTUREHow can you assess it from the inside?
Common threads
SII
“
1. RISK CULTUREHow can you assess it from the inside?
Look at NEAR MISSES
If people are not raising issues, it is DANGEROUS
Surveys / measurement What are the KEY PERFORMANCE INDICATORS?
LEVEL OF ENGAGEMENT at formal events
Uptake of TRAINING sessions / exit interviews
”
Common threads
SII
“
1. RISK CULTUREHow can you assess it from the inside?
Look at NEAR MISSES
If people are not raising issues, it is DANGEROUS
Surveys / measurement What are the KEY PERFORMANCE INDICATORS?
LEVEL OF ENGAGEMENT at formal events
Uptake of TRAINING sessions / exit interviews
”Think of risk management as an HR issue
Took a HUGE EFFORT [at ESB] to encourage people to report failures
2. MEASURING SUCCESS OF RISK
MANAGEMENT
Common threads
SII
2. MEASURING SUCCESS OF RISK
MANAGEMENT
Common threads
SII
[For the regulator] MEASURING risk culture is a CHALLENGE, e.g. if it is NOT part of the
[risk management] PROCESS
“”
2. MEASURING SUCCESS OF RISK
MANAGEMENT
Common threads
SII
[For the regulator] MEASURING risk culture is a CHALLENGE, e.g. if it is NOT part of the
[risk management] PROCESS
“”
SII
The BENEFITS of risk management
come from the JOURNEY…
“”
…from risk management as a
COMPLIANCE EXERCISE to ERM
2. MEASURING SUCCESS OF RISK
MANAGEMENT
Common threads
SII
[For the regulator] MEASURING risk culture is a CHALLENGE, e.g. if it is NOT part of the
[risk management] PROCESS
“”
SII
The BENEFITS of risk management
come from the JOURNEY…
“”
…from risk management as a
COMPLIANCE EXERCISE to ERM
You know it is WORKING WELL when FRONTLINE managers are talking about
ORSAs / suggestions for MANAGING CAPITAL“”
3. HOW TO USE RISK MANAGEMENT
Common threads
SII
3. HOW TO USE RISK MANAGEMENT
Common threads
SII
Risk management is a DECISION MAKING PROCESS… if not, don’t bother!“
”Recall the 7 QUESTIONS for assessing risks that REALLY MATTER
3. HOW TO USE RISK MANAGEMENT
Common threads
SII
Risk management is a DECISION MAKING PROCESS… if not, don’t bother!“
”Recall the 7 QUESTIONS for assessing risks that REALLY MATTER
“ Its like rally driving: The business is theDRIVER, but it needs a co-driver
[i.e. risk management] to
WARN OF WHAT’S
COMING
”
3. HOW TO USE RISK MANAGEMENT
Common threads
SII
Should avoid ‘TICK THE BOX’ risk management“
”
3. HOW TO USE RISK MANAGEMENT
Common threads
SII
Should avoid ‘TICK THE BOX’ risk management“
”
SII
Use CAPITAL as the
CURRENCY OF RISK
as a BALANCE to profit
“”
3. HOW TO USE RISK MANAGEMENT
Common threads
SII
Doing RISK MANAGEMENT
is not the WORST CASE SCENARIO
“
”
Summary
RECAP: Risk Management Perspectives Conference
SII
Banking
Cyber risk
Whistleblowing
Pharmaceutical industry
Culture and communication
Solvency II
PRESENTATIONS:
CONCLUSIONS:1. Risk culture2. Measuring success of risk management3. How to use risk management
About
Hi,
Thanks for viewing my presentation!
For more details of RISK MANAGEMENT
EVENTS run by the Society of Actuaries in Ireland, please contact me.
Yours riskily,
December 2014
Alex Breeze FSAI FIA CERAConsultant Actuary
Towers Watson, Ireland
Connect with me on
Important information
The Risk Management Perspectives Conference on 18 November 2014 was run by the Society of Actuaries in Ireland (SAI). It was a public event open to all industry professionals.
I am a Fellow of the SAI and I sit on the SAI’s Enterprise Risk Management Committee. I have not been commissioned to write this presentation either by my employer or the SAI – it is purely for interest! However, as it could reasonably be considered to reflect on the Actuarial Profession, this presentation has been prepared in line with the Actuaries’ Code.
This presentation is entirely my own work and does not necessarily represent the views of the presenters or any other party. I have tried to make it as accurate as possible, but there may be errors (including the quotes). By its nature, this is a summary so cannot include all the details – you should have been there for that!
If you have any comments, please contact me on