Setting the Financial Framework - Finity Consulting...Setting the Financial Framework Session 3...
Transcript of Setting the Financial Framework - Finity Consulting...Setting the Financial Framework Session 3...
Setting the Financial Framework
Session 3
Enterprise Risk Management Seminar
Auckland, New Zealand
26 May 2010
An Exploration of the Practical
The importance of setting a risk appetite
Managing volatility and capital against your risk appetite, tolerances, targets and limits
The role and use of Financial Condition Reports
A brief history of our experience
Some examples
The Importance of Risk Appetite
The Importance of Risk Appetite
Insurance is about pooling and managing risk
Without defining and documenting a risk appetite, risk management is done in a vacuum
Risk appetite, tolerances, targets and limits are important for sound management and an effective RM process
Not just a statement, but embedded in the business and used daily
Leads to the broader benefits of ERM
What is Risk Appetite?
The broad amount and type of risk an insurer has determined it is willing to accept
e.g. outlining which activities are unacceptable
Financial & non-financial dimensions
Output of RA setting process
Internal discussion & assessment
Document in RMS
Drafted by management, signed off by Board
Communicated firm wide
Risk Capacity, Appetite, Tolerances, Targets and Limits
→The maximum amount and type of risk an entity is able to accept
→The broad amount and type of risk an entity is willing to accept
→A specific risk maximum applicable to a category of risk
→Articulation of the optimal level of risk necessary to achieve corporate strategy
→Thresholds to control activities to ensure variations from accepted are understood
Risk Capacity
Risk Appetite
Risk Tolerance
Risk Targets
Risk Limits
Source: Presentation by Chris Karow to CAS/SOA ERM Symposium, Chicago, 28-30 March 2007
Risk Capacity, Appetite, Tolerances, Targets and Limits
Linkage of risk limits and risk appetite is critical
Limits should be viewed as tools of management to manage and control the business, not a substitute for risk appetite/tolerance
Limits should be designed to constrain the businesses in key areas of risk
Targets should be created for core risks to provide a framework for risk optimisation and consistent risk decision making across the firm
Typical Risk Limit Structure
0
10
20
30
40
50
60
70
80
90
100
110
120
1/0
1/2
00
9
1/0
2/2
00
9
1/0
3/2
00
9
1/0
4/2
00
9
1/0
5/2
00
9
1/0
6/2
00
9
1/0
7/2
00
9
1/0
8/2
00
9
1/0
9/2
00
9
1/1
0/2
00
9
1/1
1/2
00
9
1/1
2/2
00
9
1/0
1/2
01
0
1/0
2/2
01
0
Risk Limit
Actual RiskPosition
Is this an effective risk
limit structure?
Embedding Improved Risk Limits in the Business
Corporate RiskTolerance
0
10
20
30
40
50
60
70
80
90
100
110
120
1/0
1/2
00
9
1/0
2/2
00
9
1/0
3/2
00
9
1/0
4/2
00
9
1/0
5/2
00
9
1/0
6/2
00
9
1/0
7/2
00
9
1/0
8/2
00
9
1/0
9/2
00
9
1/1
0/2
00
9
1/1
1/2
00
9
1/1
2/2
00
9
1/0
1/2
01
0
1/0
2/2
01
0
Actual riskposition
BURisk Limit
BU Target (High)
BUTarget (Low)
Actual risk exceeds corporate risk
tolerance, must reduce net risk position
Actual risk exceeds maximum limit allocated to BU, report breach, manage down unless approved by
corporate
Actual is more than risk target limit, report breach, manage
down unless returns justify risk and excess approved by BU
risk management
Could use quantitative or qualitative risk measures
A
B
C
D
E
F
G
H
I
J
K
L
M
QuantitativeQualitative
Assessing Risk Appetite & Limits
Risk appetite and limits are a function of likelihood and severity
Following templates show five categories for each measure
Each category needs to be calibrated for each corporation
to be applied consistently across risk types and BU’s
Sample Likelihood Assessment
Risk Tolerances
Likelihood Ratings
Rating Description
Maximum Minimum Minimum Maximum
1 10,000 25 Unlikely - might occur one or two times in your career 0.0% 4.0%
2 25 5 Infrequent - occurs several times in your career 4.0% 20.0%
3 5 2 Once every couple/few years 20.0% 50.0%
4 2 1.333 Occurs more often than not, but not every year 50.0% 75.0%
5 1.333 1 Almost certain 75.0% 100.0%
Input Return Periods (1 in X yrs)
Corresponding probabilities over
next year
Sample Severity Assessment
Only Financial & Regulatory/Political Action impact types are shown above. Other impact types include:
Reputational DamageHuman Resources & staff well-being
Risk Tolerances
Severity Ratings
Impact Type Measure A B C D E
No material impact Moderate impact
Significant impact,
but no lasting effect
Significant lasting
effect - impaired
operations
Potential business
failure
Pre tax losses up to: 100,000 500,000 2,000,000 5,000,000 20,000,000
Example(s)
One moderate claim
with minimal impact on
annual earnings
One large claim with
some impairment of
annual earnings
One reinsured
catastrophe in a year
Several reinsured
catastrophes in a year
One or more
catastrophes in a year
with no reinsurance
Period and intensity of
regulatory or political action
or attention Operational Minor Medium High Business shut-down
Example(s)
1. "Normal" or slightly
more than normal
attention from regulator,
requiring some attention
and time from
management and
possibly BU staff.
Limited/no external
publicity
1. More than "normal"
attention from regulator,
requiring significant
attention and time from
management and BU
staff. Some poor
external publicity.
2. Query from senior
politician has some
impact on public
reputation, but no
lasting effect.
1. Significantly more
than "normal" attention
from regulator, requiring
significant management
and staff time. Poor
publicity, but otherwise
no lasting effect on
business.
2. Over-zealous
politician alleges poor
practice/behaviour by
insurer, justified or
1. Prolonged and strict
oversight from regulator.
Impaired operations, in
terms of business
volumes or segments of
business written. Poor
publicity impacts
volume of business.
1. Business put into run-
off. Licence cancelled.
Rating
Financial
Regulatory or Political
Action
General Description
Combining into Heat Maps
Combine results into two-way matrix for each risk impact type
The colours indicate:
The willingness to retain that type/level of risk
Level of internal reporting
Level of ownership
Risk Tolerances
Risk Assessment Matrix
Business/Corporate Unit: Personal Lines
Risk Impact Area: Regulatory/political action
Severity/Impact Description
E
Potential business
failure
D
Significant lasting effect
- impaired operations
C
Significant impact, but
no lasting effect
B Moderate impact
A No material impact
Likelihood Probability 0% 4% 20% 50% 75% 100%
1 in X years 25 5 2 1.33 1
Rating 1 2 3 4 5
Description
Unlikely - might occur
one or two times in your
career
Infrequent - occurs
several times in your
career
Once every couple/few
years
Occurs more often than
not, but not every year Almost certain
Risk Matrix
Risk profile and control ranking matrix
agreed likelihood ratings
agreed consequence ratings
agreed control ratings
HIGH
RISK
6
8
7 8 9
5
4
3
6
5
4
6
7 8
7
65
6 7 9 10
5
4
3
2
Lik
elih
ood
ConsequenceLOW
RISK
1 2 3 4 5
5
4
3
2
1
Effectiveness
INADEQUATE
CONTROL
App
lica
tion
6
8
7 8 9
5
4
3
6
5
4
6
7 8
7
65
6 7 9 10
5
4
3
2
ADEQUATE
CONTROL
Control Critical Active Management
No MajorConcern
Periodic Monitoring
Adequate Inadequate
0 10
10
0
Low
High
Moderate
Significant
Inherent risk assessment
Control assessment
Excellent Good Satisfactory Poor Unsatisfactory
J10 J7
J8
J1
J3J11
H1
H3
J5 D2
J6
A1
B2
J9
F1B3
J4
A2
A3
A4
E1
D3
B1
D1
G1 G2
C1
B4
A5
D4
G3
E2
I1
I2
C2
J2
Mapping Process
Risk Appetite Summary
Insurance is about pooling of risk
Define how much willing to accept!
Many ways to define
Keep it practical and embed into business
Cyclical process � Aim for continuous improvement
Managing Volatility and Capital
Managing Volatility & Capital
Cyclical process
annual review, quarterly monitoring is good practice
Management responsibility
Capital management sub-committee
Reviewing & reporting actual experience against targets
Setting processes for measuring, responding
Setting Target Capital
Consider the practical issues & individual circumstances
Minimum Solvency Capital (MSC)
• Required target multiples
Rating agency requirements
Parental requirements and support
Starting choice should be some blend of these taking into account relative importance
Asset / Liability Modelling
DFA assessment vs harder to quantify (non-financial) risks
Risk v Capital
+ Scenario analysis
Budgeting v DFA Modelling
DFA modelling assesses the risk inherent within organisation
Traditional Approach
(% of Premium)
Premium + 100%
Loss Ratio - 80%
Expense Ratio -21%
Investment Contribution + 7%
Gross Profit + 6%
Return on Capital 18% p.a.
Loss Ratio
ExpenseRatio
InvestmentReturn
Return on Capital70% 120%
-10% 30%
5% 12%
15% 30%
DFA
Impairment
Capital needs can be defined by reference to a chosen level of Risk
Sensitivity of Risk level vs Capital can be observed
0
200
400
600
800
1,000
1,200
0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10%
Risk Measure
(as defined)
Sta
rtin
g C
ap
ita
l ($
m)
Capital
corresponding to
chosen risk level
Chosen risk level
Example – Value of RI Program
Starting point is current Group Capital needs net of reinsurance
0
200
400
600
800
1,000
1,200
0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10%
Risk Measure
Sta
rtin
g C
apital ($
m)
Group
Example – Value of RI Program
Removing the impact of reinsurance treaties indicates the capital saving
0
200
400
600
800
1,000
1,200
0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10%
Risk Measure
Sta
rtin
g C
apital ($
m)
Group
Group without reinsurance
Example – Value of RI Program
Removing the impact of reinsurance treaties indicates the capital saving
0
200
400
600
800
1,000
1,200
0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10%
Risk Measure
Sta
rtin
g C
apital ($
m)
Group
Group without reinsurance
impact of reinsurance on capital needs
Using Financial Condition Reports
A Brief History of FCRs
First required in Australia for year ending 30 June 2006
Some areas of industry were completing FCRsearlier
Responsibility of the Appointed Actuary
Form a part of an overall risk management framework
FCR is NOT –
The RMP, CMP, RR or any other policy documents
But FCR includes review and commentary on these
FCR is a document that can influence management approach & policies
FCRs in New Zealand
Requirements for NZ FCRs not yet specified
Likely to be similar to Australian requirements
Many NZ insurers with Australian operations likely to already be involved in FCR type reviews
Will be a significant change for others
Use it as a business improvement tool
The Finity Experience
Identify key risks in each section of report
Summarise in Exec Summary
Include suggestions as well as recommendations
Part of an ongoing process
Board members really like them (particularly independent directors)
Strategic / commercially sensitive documents
Some Recent Examples
Pricing overhaul suggested in competitive market
Likely to have been selected against in market if not addressed
Expense levels
Benchmarking of expense levels in FCR (relative to competitors) highlighted disturbing trend
Growth v. Defensive asset mix for company with limited access to additional capital
Summary
Risk Management is a Cyclical process � Aim for continuous improvement
Value is added by having an embedded Risk Appetite
Firm-wide understanding of Risk Appetite and regular monitoring against Risk Targets
Value is added by taking a portfolio view of risk
• Connecting Tolerances to Appetite
• Linking Risk Appetite to Capital
FCRs are part of the overall RM process
Can help with information flows and business improvement, not just compliance
This presentation has been prepared for the Finity Enterprise Risk Management Seminar held on 26 May 2010 at the University of Auckland in New Zealand. Finity Consulting Pty Limited (ABN 89 111 470 270) wishes it to be understood that opinions put forward herein are not necessarily those of Finity and Finity is not responsible for those opinions. The information presented at the conference was of a general nature and a reader of this presentation must seek their own independent advice before using it for any purpose.