Risk Management Perspectives Conference 2014

“Doing

RISK MANAGEMENT is not the

WORST CASE SCENARIO”

Highlights from the RISK MANAGEMENT PERSPECTIVES CONFERENCE

Risk Management Perspectives ConferenceSociety of Actuaries in Ireland, 18 November 2014

As it happened ……………………………............ 4

Exploring common threads ………………...... 69

About ………………………………………............... 90

Important note: This presentation is entirely my own work (derived from my own notes of the day) and does not necessarily represent the views of the presenters or any other party. I have tried to make it as accurate as possible, but there may be errors (including the quotes). By its nature, this is a summary so cannot include all the details – you should have been there for that!

Risk Management Perspectives ConferenceSociety of Actuaries in Ireland, 18 November 2014

As it happened ……………………………............ 4

Exploring common threads ………………...... 69

About ………………………………………............... 90

All the action

Important note: This presentation is entirely my own work (derived from my own notes of the day) and does not necessarily represent the views of the presenters or any other party. I have tried to make it as accurate as possible, but there may be errors (including the quotes). By its nature, this is a summary so cannot include all the details – you should have been there for that!

Do not miss this!

Coming up…

SII

Banking

Cyber risk

Whistleblowing

Pharmaceutical industry

Culture and communication

Solvency II

A banker’s perspective

As it happened

What have we learnt from the crisis?

A banker’s perspective on risk managementPeter Rossiter, Chief Risk Officer, AIB

There are 4 PHASES…

As it happened

DIAGNOSIS

QUANTIFICATION

CORRECTION

PREVENTION

“Should be a FORMAL LINK: ‘I understand what went

wrong, here’s what I’m doing to avoid it’”

As it happened

DIAGNOSIS

QUANTIFICATION

CORRECTION

PREVENTION



As it happened

Ireland has got to this stage

Policy response from regulator

DIAGNOSIS

QUANTIFICATION

CORRECTION

PREVENTION



As it happened

Cyber risk

Ireland has got to this stage

Policy response from regulator

Look out for common “threads” in the presentations

Cyber riskPhilip Whittingham, Deputy, Enterprise Risk Management, XL Group

TRADITIONAL VIEW: Someone else dealt with cyber risk – it is not a business risk

WRONG! You can no longer ignore it…

As it happened

Types

“Cyber risk is NOT new oremerging… but its RISK

PROFILE is changing rapidly”

As it happened

Physical loss

Phishing

Data transmission

Cloud computing

Hacking

Types



As it happened

Physical loss

Phishing

Data transmission

Cloud computing

Hacking

“You’re only as effective as the techniques you

know about”

To define risk appetite / tolerances…

…need to categorise types of attacks:

Known Unknown

Monitor and record breaches

Types



As it happened

Whistleblowing

Physical loss

Phishing

Data transmission

Cloud computing

Hacking

“You’re only as effective as the techniques you

know about”

To define risk appetite / tolerances…

…need to categorise types of attacks:

Known Unknown

Monitor and record breaches

Innovative approach!

WhistleblowingJoe Gavin, General Counsel, Central Bank of Ireland

As it happened

Previously, there were NOwhistleblowing regulations


As it happened

Would the financial crisis have been mitigated if there had been a

‘protected disclosures’ regime?



As it happened

A lot to be said for it

Would the financial crisis have been mitigated if there had been a

‘protected disclosures’ regime?


As it happened

Definition of protected disclosure:

1. To the CBI (Central Bank of Ireland)

2. In GOOD FAITH

3. Reasonable basis to believe a BREACH in financial

services law or DESTRUCTION of evidence

Risk management in pharmaceuticals

As it happened



2. In GOOD FAITH



Difficult to balance:


As it happened



2. In GOOD FAITH



Difficult to balance:

protection

of identity…

…effectiveness

of investigation


As it happened

Risk management as a competitive

advantage in the pharmaceutical industryDavid Staunton, Site Risk Lead, Amgen

Risk management is a DECISION MAKING PROCESS…

As it happened

…if not, then DON’T BOTHER!

Risk management as a competitive

advantage in the pharmaceutical industryDavid Staunton, Site Risk Lead, Amgen

Risk management is a DECISION MAKING PROCESS…

As it happened

COMPETITIVE ADVANTAGE in pharma…

Takes

$3-5 bn to

develop a drug

Governments only tend to

buy drugs

once

Crucial to develop

fast

As it happened


Takes

$3-5 bn to

develop a drug


buy drugs

once

Crucial to develop

fast

As it happened

Want to

fail fast and

cheap

Focus on what

is difficult


Takes

$3-5 bn to

develop a drug


buy drugs

once

Crucial to develop

fast

As it happened

Want to

fail fast and

cheap

Focus on what

is difficult


Takes

$3-5 bn to

develop a drug


buy drugs

once

Risk management is ESSENTIAL -> LIVES ARE AT STAKE!

As it happened

At what “tipping point” does a risk actually become relevant?

…so you need to ASSESS RISKS to find those that REALLY MATTER…

As it happened

Example: Richter scale



As it happened

Example: Richter scale



Real damage

As it happened

…how can you decide which risks matter? “FORGET probability-

impact matrices!”

As it happened

Ask 7 QUESTIONS:

If the risk occurred…

…what is a surprisingly GOOD scenario?

…what is a surprisingly BAD scenario?

…what is the MOST LIKELY scenario?


impact matrices!”

As it happened

Ask 7 QUESTIONS:


…what is a surprisingly GOOD scenario? Considereffect on

SALES and

COSTS




impact matrices!”

As it happened

Ask 7 QUESTIONS:



SALES and

COSTS



What is the PROBABILITY of occurrence?


impact matrices!”

As it happened

Ask 7 QUESTIONS:



SALES and

COSTS



What is the PROBABILITY of occurrence?


impact matrices!”

Questions 1–3…

…4–6…

…7

As it happened

…and finally consider MITIGATION

OPTIONS

Value of mitigation = Effective risk before mitigation

- Effective risk after mitigation

Cost of mitigation

VS

As it happened

…and finally consider MITIGATION

OPTIONS

Risk culture and communication

Then… MAKE A DECISION!

Value of mitigation = Effective risk before mitigation

- Effective risk after mitigation

Cost of mitigation

VS

As it happened

Risk culture and communicationBrid Horan, INED, former Deputy Chief Executive, ESB

“CULTURE EATS STRATEGY FOR BREAKFAST”– Peter Drucker

…so where does that leave risk culture?

As it happened

Things that go wrong are often to do with culture… so you need to ANALYSE it

As it happened


- Where do you sit on the SPECTRUM?

Collegiate / risk-adverse

Aggressive

As it happened




Aggressive

- Crucial to LINK: risk culture strategy

As it happened



- How can you assess your culture?- Good culture = Being able to learn from your mistakes

- “Huge value in working for a variety of companies”


Aggressive


“You find out your CORE

VALUES in a CRISIS”

As it happened






Aggressive


- Communicating culture: Words are just a SMALL PART

- Actions from senior level / what people see from them

- Allocation of resources



As it happened






Aggressive


- Communicating culture: Words are just a SMALL PART

- Actions from senior level / what people see from them

- Allocation of resources



Solvency II

As it happened

SII Solvency II - presenters

Lukas ZiewerChief Risk Officer and Director, MetLife Europe

Roy KeenanExperienced INED, former CEO of Bank of Ireland in the UK

Ger BradleyPrincipal and Head of Non-Life Practice Milliman Ireland

Mark BurkeHead of Life Insurance & Groups Supervision, Central Bank of Ireland

As it happened

SII Solvency II - presenters

Lukas ZiewerChief Risk Officer and Director, MetLife Europe

Roy KeenanExperienced INED, former CEO of Bank of Ireland in the UK

Ger BradleyPrincipal and Head of Non-Life Practice Milliman Ireland

Mark BurkeHead of Life Insurance & Groups Supervision, Central Bank of Ireland

Highlights from these presentations coming right up…

As it happened

What would be your DREAM

FEATURES of a prudential regime for insurers?

As it happened

1. Capital as a single CURRENCY

FOR RISK to balance profit

2. Enterprise Risk Management

SOLIDLY EMBEDDED

3. AVOID information overload



SII

As it happened

1. Capital as a single CURRENCY

FOR RISK to balance profit

2. Enterprise Risk Management

SOLIDLY EMBEDDED

3. AVOID information overload

Can provide these?



SII

As it happened

Solvency II - OutlineThe three

pillars:Capital

adequacy

Risk management

Reporting to market

SII

As it happened


pillars:Capital

adequacy

Risk management

Reporting to market

OWN RISK and

SOLVENCY

ASSESSMENT (ORSA) cuts across all three

Requirement for European insurers from

1 January 2016

SII

As it happened


pillars:Capital

adequacy

Risk management

Reporting to market

OWN RISK and

SOLVENCY

ASSESSMENT (ORSA) cuts across all three

Description of MATERIAL RISKS and changesQualitative and quantitative

STRESS and SCENARIO tests Results shown in a report… …but also an ONGOING PROCESS

Requirement for European insurers from

1 January 2016

SII

As it happened

How to prepare an ORSA

Solid

foundations

Enough resources

Agree with stakeholders

Capital

Drivers of change

Scenario assumptions

Team work

Stakeholders: Risk, Actuarial, Finance

Execute planValidate with business

Re-run scenarios

Communicate

to Board

Key drivers of future capital

Potential to release capital

SII

As it happened

How to prepare an ORSA

Solid

foundations

Enough resources

Agree with stakeholders

Capital

Drivers of change

Scenario assumptions

Team work

Stakeholders: Risk, Actuarial, Finance

Execute planValidate with business

Re-run scenarios

Communicate

to Board

Key drivers of future capital

Potential to release capital

ORSA best

practice

Focus on key risks

Integrated into strategy

Relate risks to capital

SII

As it happened

P

R

O

D

U

C

T

BUSINESS PLANNING

CAPITAL MANAGEMENT

DEVELOPMENT

Uses of ORSAs

SII

As it happened

P

R

O

D

U

C

T

BUSINESS PLANNING

CAPITAL MANAGEMENT

DEVELOPMENT

ALIGN capital with GROWTH

of business and

RISKS

Uses of ORSAs

SII

As it happened

ACTUARIAL function

VS

RISK MANAGEMENT function

People involved with SII and ORSAs:

SII

As it happened

ACTUARIAL function

VS



2 of the 4 functions required under SII

Can be held by the same person…

…and/or by others in company (e.g.

Director)…

…but could some options

introduce

CONFLICTS OF

INTEREST?

SII

As it happened

ACTUARIAL function

VS





1. Technical provisions2. Pricing opinion3. Reinsurance opinion

3.5. Contribute to risk

management system

Responsibilities:


Director)…


introduce

CONFLICTS OF

INTEREST?

SII

As it happened

ACTUARIAL function

VS



Balance between: having the right skill set vs independent holders of the functions



1. Technical provisions2. Pricing opinion3. Reinsurance opinion

3.5. Contribute to risk

management system

Responsibilities:


Director)…


introduce

CONFLICTS OF

INTEREST?

SII

As it happened


BOARD OF DIRECTORS

SII

As it happened


BOARD OF DIRECTORS

In the past, Boards worried about…

SII

As it happened


BOARD OF DIRECTORS

In the past, Boards worried about…

PROFITABILITY

SII

As it happened


BOARD OF DIRECTORS

Now, they are concerned about…

SII

As it happened


BOARD OF DIRECTORS


CULTURE

STRATEGY

REPUTATION

BUSINESS MODEL

SOLVENCY II

SII

As it happened


BOARD OF DIRECTORS


CULTURE

STRATEGY

REPUTATION

BUSINESS MODEL

SOLVENCY II

Need resources: right people with

right skills

Link by ORSA

Need sufficient expertise on Board to understand models

SII

As it happened


BOARD OF DIRECTORS


CULTURE

STRATEGY

REPUTATION

BUSINESS MODEL

SOLVENCY II

Need resources: right people with

right skills

Link by ORSA

Need sufficient expertise on Board to understand models

End of presentations

…but what 3 COMMON THREADS linked the presentations?

So that was the ConferenceIN A NUTSHELL…

Common threads

1. RISK CULTURE

Common threads

Culture eats strategy for breakfast… and RISK CULTURE eats RISK MANAGEMENT

for lunch“

”SII

Common threads

SII

1. RISK CULTUREWhere does it come from?

Common threads

SII

Massive amount of REGULATIONis needed because culture was

NOT CORRECT before“

”


From regulators

Common threads

Building an effective ORSA culture is DIFFICULT… buy-in

starts from the BOARD“

”SII



”


SII

From regulators

Top-down…

Common threads

Building an effective ORSA culture is DIFFICULT… buy-in

starts from the BOARD“

”

Which PROFESSION has the most effective whistleblowing culture?

PILOTS

“”

SII



”


From regulators

Top-down…

…bottom-up

Common threads

SII

1. RISK CULTUREHow can you assess it from the inside?

Common threads

SII

“


Look at NEAR MISSES

If people are not raising issues, it is DANGEROUS

Surveys / measurement What are the KEY PERFORMANCE INDICATORS?

LEVEL OF ENGAGEMENT at formal events

Uptake of TRAINING sessions / exit interviews

”

Common threads

SII

“


Look at NEAR MISSES

If people are not raising issues, it is DANGEROUS

Surveys / measurement What are the KEY PERFORMANCE INDICATORS?

LEVEL OF ENGAGEMENT at formal events

Uptake of TRAINING sessions / exit interviews

”Think of risk management as an HR issue

Took a HUGE EFFORT [at ESB] to encourage people to report failures

2. MEASURING SUCCESS OF RISK

MANAGEMENT

Common threads

SII


MANAGEMENT

Common threads

SII

[For the regulator] MEASURING risk culture is a CHALLENGE, e.g. if it is NOT part of the

[risk management] PROCESS

“”


MANAGEMENT

Common threads

SII



“”

SII

The BENEFITS of risk management

come from the JOURNEY…

“”

…from risk management as a

COMPLIANCE EXERCISE to ERM


MANAGEMENT

Common threads

SII



“”

SII

The BENEFITS of risk management

come from the JOURNEY…

“”

…from risk management as a

COMPLIANCE EXERCISE to ERM

You know it is WORKING WELL when FRONTLINE managers are talking about

ORSAs / suggestions for MANAGING CAPITAL“”

3. HOW TO USE RISK MANAGEMENT

Common threads

SII


Common threads

SII

Risk management is a DECISION MAKING PROCESS… if not, don’t bother!“

”Recall the 7 QUESTIONS for assessing risks that REALLY MATTER


Common threads

SII

Risk management is a DECISION MAKING PROCESS… if not, don’t bother!“

”Recall the 7 QUESTIONS for assessing risks that REALLY MATTER

“ Its like rally driving: The business is theDRIVER, but it needs a co-driver

[i.e. risk management] to

WARN OF WHAT’S

COMING

”


Common threads

SII

Should avoid ‘TICK THE BOX’ risk management“

”


Common threads

SII

Should avoid ‘TICK THE BOX’ risk management“

”

SII

Use CAPITAL as the

CURRENCY OF RISK

as a BALANCE to profit

“”


Common threads

SII

Doing RISK MANAGEMENT

is not the WORST CASE SCENARIO

“

”

Summary

RECAP: Risk Management Perspectives Conference

SII

Banking

Cyber risk

Whistleblowing

Pharmaceutical industry

Culture and communication

Solvency II

PRESENTATIONS:

CONCLUSIONS:1. Risk culture2. Measuring success of risk management3. How to use risk management

About

Hi,

Thanks for viewing my presentation!

For more details of RISK MANAGEMENT

EVENTS run by the Society of Actuaries in Ireland, please contact me.

Yours riskily,

December 2014

Alex Breeze FSAI FIA CERAConsultant Actuary

Towers Watson, Ireland

Connect with me on

ie.linkedin.com/in/alexbreeze/



Important information

The Risk Management Perspectives Conference on 18 November 2014 was run by the Society of Actuaries in Ireland (SAI). It was a public event open to all industry professionals.

I am a Fellow of the SAI and I sit on the SAI’s Enterprise Risk Management Committee. I have not been commissioned to write this presentation either by my employer or the SAI – it is purely for interest! However, as it could reasonably be considered to reflect on the Actuarial Profession, this presentation has been prepared in line with the Actuaries’ Code.

This presentation is entirely my own work and does not necessarily represent the views of the presenters or any other party. I have tried to make it as accurate as possible, but there may be errors (including the quotes). By its nature, this is a summary so cannot include all the details – you should have been there for that!

If you have any comments, please contact me on



Risk Management Perspectives Conference 2014

Business

Transcript of Risk Management Perspectives Conference 2014