Presentation on theme: "Enterprise Risk Management For Insurers and Financial Institutions"— Presentation transcript:
1 Enterprise Risk Management For Insurers and Financial Institutions David IngramCERA, FRM, PRMFrom the International Actuarial Association
2 Course Outline 1. INTRODUCTION - Why ERM? 2. RISK MANAGEMENT FUNDAMENTALS – FIRST STAGE OF CREATING AN ERM PROGRAM3. RISK ASSESSMENT AND RISK TREATMENT - ACTUARIAL ROLES4. ADVANCED ERM TOPICS
3 INTRODUCTION 1. INTRODUCTION - Why ERM? 1.1 Enterprise risk management history1.2 What is enterprise risk management?1.3 ERM & the Financial Crisis1.4 ERM Adoption in the Insurance Industry
4 A Brief History of Risk Management 1952 – Markowitcz – Portfolio Theory – Risk = variance1973 – Black Scholes – Derivative Pricing – variance is key driver1987 – Black Monday – Portfolio Insurance implicated in record 1 day fall in stock market1992 – Cadbury (UK) Report urges centralized, comprehensive corporate RM1993 – First CRO named at GE
5 Current Trends in Risk Management Dedicated risk management functionRisk Management decision making remains largely decentralized2. Risk Aggregation / Economic Capitalin early stages of development3. Regulatory practices encourage ERM4. Regulatory Capital Economic CapitalBasel Survey (August 2003)
6 Risk Management Failures 1973: Equity Funding Fraud1983: Baldwin United Shell Game1986: The ZZZ Best Carpet Scandal.1988: Equitable (NY) GIC losses.1989: The US S&L Crisis.1991: Salomon Brothers Bond Scandal.1991: BCCI Scandal.1991: Executive Life / First Capital Life Failures1991: Mutual Benefit Life Failure1994: Orange County Default1994: Kidder Peabody Fiasco.1994: Confederation Life Failure1994: Monarch Life Seizure1995: The Barings Derivatives Scandal.1996: Sumitomo Copper Scandal.1997: The Natwest Hole.1997: The Bre-X Mining Scandal.1997: Smith Barney Investor Fraud.1997: Bank of Tokyo-Mitsubishi Derivatives Loss.1997: UBS Derivatives Model Problems.1997: Prudential Insurance US Market Conduct1998: Russian Bond Debacle.1998: The Long-Term Capital Management Model Failure.1999: General American Liquidity Failure1999: Unicover Fiasco2000: Equitable UK Pension guarantees2001: American Express CBO Losses2002: Enron & Worldcom2003: Parmalat2003: Allmerica VA reserving2003: Annuity & Life Re Overgrowth2004: Marsh Contingent Commissions2005: AIG Finite Re2006: Scottish Re Tax Asset2006: Hurricane Katrina2007: Countrywide Sub Primes2008: Bear Sterns/ Lehman/ AIG Sub Prime
7 Risk Management Failures Bank / FinancialBarings – Controls Missing, mgt didn’t understand risksLTCM – Models inadequate, overleveragingNorthern Rock – Excessive GrowthInsuranceNissan Mutual – ALM mismatch, underpricing interest creditsEquitable UK – underpriced annuities, poor relationship with regulatorsHIH – insurance mispricing, underreservingConfed Life – Over-concentration in illiquid investments, shell gameGeneral American – ALM mismatch, rating downgrade, downgrade trigger optionsAmerican International Group – Small Financial Group brings down Insurance giant
8 Barings (UK) Venerable UK Bank Trading losses in Singapore Problems Exceeded value of bankProblemsManagement didn’t understand what the trader was doingTrades were not the hedged transactions they were supposed to beTrader did all reporting of tradesNo separation of duties
9 Long Term Capital Management (US) Private Investment FundVery highly Leveraged portfolio of investmentsHighly sophisticated risk managementCapital was insufficient to withstand market movementProblems:Risk Model was inadequate to predict 1998 international financial problemsCounterparties did not know the extant of their full exposure
10 Northern Rock (UK) Problem: Mortgage lender grew rapidly to become one of the top 5 mortgage lenders in the UKHad used securitization to fund mortgage lending growthEncountered liquidity problems when mortgage securitization markets froze in Aug 2007Problem:Request for help with liquidity from Bank of England triggered first run on UK bank in over 100 years
11 Nissan Mutual (Japan) Savings product guaranteed high interest rates High sales growth of this productInvestment losses & inadequate yield¥200 billion net losses covered by Life Association of JapanProblem:Asset Liability MismatchUnderpricing (over crediting) of interest
12 Equitable (UK) Guaranteed payout annuity product sold to pension plans Improvement in mortality & decline in interest ratesManagement tried to “force” solution on regulatorsProblem:Underpricing & poor Asset Liability matchingPoor relationship with regulators lead to company demise rather than workout
13 HIH (AUS)Second largest General Insurer “suddenly” found to be insolventProblem:Total control failure at all levelsCompany, Auditor, RegulatorUltimate problem was fundamental underpricing and overspendingHidden by systematic underreserving
14 Confederation Life (Can) Company invested over 70% of assets in Real EstateCompany failed following valuation and liquidity crunchConcentration hidden by accountingProblem:Lack of Diversification, LiquidityLimited oversight from regulators, rating agencies due to accounting “gimmicks”
15 General American Life (US) Funding agreement product sold to banks and mutual funds with 7- day put optionInvestments were made in 1 to 2 year maturity securitiesPartner handled large share of fundsDowngrade of partner =>triggered downgrade of company => triggered callsCompany unable to raise cash for multi billion $$ callsProblem:Asset Liability MismatchHigh dependency of business on ratingsHuge Counterparty exposure
16 American International Group In late 2006, AIG claimed to have $16B of excess capitalIn early 4th Quarter 2008, AIG needed over $100B of funds from US government to meet obligationsProblem:Small Financial Products unit has written Trillions of CDS, some on sub prime CDOsMTM losses lead to downgrade which leads to collateral call<<<Chihong – I cannot find the story of KLI anywhere – do we need to include this or are we better of leaving it out?>>>
17 Reasons for Current Interest in Risk Management World Markets InterdependentChaos Theory – Butterfly EffectWide Use of Derivatives“Financial WMD” Warren BuffettAccelerated Pace of BusinessRecent Experiences of Losses1998 International Currency Crisis2001/2002 Terrorism & Investment LossesTsumani and HurricanesFinancial Crisis
18 Reasons Tools for Risk Mgt are getting better and better Success of RM in banking over the past down cycle (view in 2004)No Major Bank FailuresInsurance Companies in Europe fared much worse with less Risk MgtExtreme over exposure to equitiesInsurance regulators are getting interestedIn many jurisdictions same regulators for banking & insurance
19 Does the Global Financial Crisis prove that ERM is Ineffective?
20 Frequently Asked Question. .. Question – How many here have had this question pass through your head or escape your lips?How many have heard someone ask this question?Well, let’s think about that for a minute..What is ERM? I think of ERM as having three components:1. The set of organized and deliberate management practices that work to keep risk exposures (and therefore losses) within predetermined limits. Management has always wanted to limit losses. The new part with ERM is the organized and deliberate part. So the alternative is to make sure that you are impulsive and chaotic in your approach to your risks?Exploiting risk knowledge to make profits through superior risk selection (micro)Exploiting risk knowledge to enhance long term value through superior selection of major business opportunities. (macro)The problems were caused by failing to really do 1 and meanwhile getting 2 & 3 wrong. And not everyone had the same problems.So I compare ERM to seatbelts.
21 Study of 11 major banks in 2007Found differences in ERM Practices
22 Better Risk Management Practices Four main differences in practices.Better-performing banks:Shared risk and exposure information both quickly and broadly among business unit staff, risk management staff and top management.Used rigorous internal practices and models, consistent across all business units, to evaluate their risk positions.Coordinated cash planning centrally, avoiding or limiting activities that created large contingent liquidity needs and setting incentives to make such activities unattractive to business unit management.Used multiple risk assessment tools and metrics and generally had very adaptive risk models.
23 Insurers should be concerned if: Business Units are empowered to add significantly to risk concentrations without frequent disclosures to Top ManagementBusiness Units apply different risk modelsRisk sign-off sometimes relies totally on the presumption that someone else is doing good analysisContingent risks are not usually identifiedRisk models are inflexible, requiring changes to be planned out a year in advance“Nobody believes those stress tests anyway, so we don’t put much time into them”
24 Insurers should be encouraged if: Open communications among Business Units, Risk Management staff and Top ManagementEnterprise level decision-making about major risk accumulationsSystematic internal evaluation of risksLow reliance on third party risk evaluationsIdentification of and plans for contingent risksIncentives for business units to minimize contingent risksMultiple risk management tools and metricsFlexible and adaptive risk modelsAggregation of net and gross exposures in addition to expected lossesStress testing that is credible to Top Management
25 ERM & Seatbelts They only work if you use them! More items if there is timeModels are not good at recognizing inflectionsGrowth & Risk – growth does not always mean big risk, but large losses almost always follow high growthDiversification vs. Correlation - diversification only occurs when risks are truly totally unconnected. Correlations are not predictive.Recognition of Uncertainty – risk models tend to add together numbers with totally different degrees of certainty. The models would never get the required answer otherwise,Risk limit for new risks – Sub Prime is not 1/1000, it is 1/1. Should set a limit on risk from new activities.
26 Risk Management isSetting & enforcing limits for all firm risks that are appropriate for the capital of the firm.Increasing & rewarding activities with superior risk adjusted return and fixing or limiting activities with inferior risk adjusted return.Identifying & preparing for special events that could significantly impair the earnings &\or the solvency of the firm.
27 Benefits of Risk Management (James Lam) Market Value ImprovementDue to decreased volatility2. Early Warning of RisksRisk management replacesCrisis Management3. Reduction of Losses4. Rating Agency Capital Relief5. Risk Transfer RationalizationReinsurance cost/benefit6. Corporate Insurance Savings
28 ERM Framework Change Risk Management Risk Controlling Risk Steering Value optimizationStrategicStrategic integrationERM has been developing for about 20 years.This graphic shows one path that ERM has followed. Or call it an ERM Conceptual Framework.The ERM processes start out in the bottom left with a program that is compliance based. The objective is to control risks. At this stage, there is usually very little connection between ERM and firm strategy.The next stage in development is ADD loss minimization focus. This means that There is identification of the largest risks and a more priortized approach based on the size of potential losses.Often in this stage, the main focus is to make sure that the risks taken by the firm are only the risks that the firm wants. A fully developed system will set aggregate loss limits and control risks to stay within those aggregate limits. The objective of a loss minimization system moves into Balance sheet protection with the focus on the larger risks that could impair the balance sheet. As managers focus on the largest risks, there is a natural growth of awareness of the relation between the size of the larger risks and the strategic importance of the activity that leads to that risk.The next two steps bring in the idea that risks can be actively managed. By managing, it means that the firm might take on risks that it ultimately might not want but has developed methods to actively manage their exposures to keep what they want to retain. Risk measurement is when the firm moves from separate measurements for each risk to broadly consistent measurements across all risks. Usually, these risk management and measurement systems have some significant costs for development and ongoing operations. These costs will at first be focused on the most strategically important risks. Ultimately the full risk measurement development is motivated by a a drive to consistency in approach to risk. A major focus in these stages is the pricing of risk. Active risk management is only possible if risks are priced within the firm at a level that is consistent with the markets where they will want to resell (or offset) their risks. Pricing ultimately means developing a position on the appropriate risk reward trade-offs. This is applied in this stage to the micro transaction level decision making.The Strategic Integration stage is when the information gathered in the prior stages now becomes usable and used in the strategic decision making process. Top mangement and the board now start to look at the risk reward information on a line of business and/or regional and/or legal entity basis. Firms at this stage of ERM development will often use RAROC style internal financial statements. They will look to optimize the joint risk reward position of the entire firm. This process becomes a major concern of the strategic decisionmaking process.Finally, in the ultimate stage of development, management moves to looking at the total franchise value. This look adjusts from a ratio approach of RAROC to an absolute value approach. This also can take into account multi year decisions and resultant revenues. Where the RAROC approach takes in only a single point in the risk curve, the value approach recognizes multiple points on the loss distribution that may affect value. A shift to value requires a clearer look at volume related issues also.Now, these six stages can be grouped into three major groups, Risk Controlling, Risk Trading and Risk Steering. And the developmental idea can be dropped to just think of these activities as three different parts of ERM, with different objectives.Risk ControllingRisk measurementRisk managementRisk SteeringLoss minimizationRisk TradingComplianceTacticalBalance sheet protectionRisk/return optimizationValue creationRisk control
29 Scope of ERM Risk Controlling Limit exposures and therefore losses ERM adds Aggregate approach to risk toleranceRisk TradingGetting paid for risks takenERM adds consistent approach to risk marginsRisk SteeringStrategic choices to improve valueERM adds risk vs. reward point of viewChange Risk ManagementManaging the risks from new projects, products, territories,ERM adds fitting into the risk profile & ERM programRisk Controlling is basic to all firms in all industries. ERM also adds an attempt at consistency in approach to risks based on business financial considerations rather than history and prejudices. In Insurance companies this includes insurance underwriting and claims controls plus investment limits and controls. In Non-financial firms this includes treasury activities around cashflow management, loss control activities, corporate insurance, business continuity, IT security. In all firms operations risks would be includes here.Risk Trading includes all hedging Activities. In insurance, it includes the pricing of risk.Not all firms in all industries will have any activities in Risk Trading. Many firms hedge FX. Energy and Ag firms often hedge raw materials risk.Risk Steering also applies to all industries. What ERM adds to the strategic discussion is to provide some rigor to the discussion around risk at the strategic level, rather than the mystically invoked idea that “you have to take a risk to get a reward” to a discussion of how much risk for how much reward.
30 Potential Benefits Potential Benefits of Effective Risk Management Better able to take advantage of new business opportunities.Reduction in management time spent “fire-fighting”Higher share pricePotential Benefits(ICA)Increased likelihood of change initiatives being achieved.Fewer sudden shocks and unwelcome surprises.More focus internally on doing the right things properly.Lower cost of capital.Competitive advantage.Better basis for strategy setting.
31 Moody’s View of Risk Management Environment More RiskyMore complex productsHigher regulatory scrutinyReinsurers leaving marketsInsurers ResponseStress TestingRisk Management Committee/CRO
32 What is the difference between Risk Management and ERM? An ERM Program comprehensively applies Risk Management…across ALL of the significant risks of the EnterpriseConsistently across the risksConsistently with the fundamental objectives of the enterpriseStandard & Poor's4/21/2005
33 Full Benefits of an ERM Program Once a firm’s enterprise wide risks are identified and objectives are set, an ERM Program should…Develop and maintain systems to periodically measure the capital needed to support the retained risks of the companyReflect the risk capital in:strategic decision making,product design and pricing,strategic and tactical investment selectionfinancial performance evaluationThe product of a fully-realized ERM Program is the optimization of enterprise risk adjusted returnStandard & Poor's4/21/2005
34 Benefits of Integrated Risk Management Strategy Avoid “land mines” and other surprisesImprove Stability & Quality of EarningsEnhance growth and shareholder returnBy more knowledgeably exploiting risk opportunitiesIdentify specific opportunities such as natural synergies & risk arbitrageReassure stakeholders that the business is well managedLife Office Management Association (USA)
39 ERM Benefits & Uses Insurance = Risk Taking Risk Management = Managementfor Insurance CompaniesRisk Management => systematic risk selectionas more insurance companies adopt risk management they will select the better riskscompanies without RM will not know
40 ERM Benefits & Uses Communicating with Rating Agencies Risk Management can provide language for dialogue with RACommunicating with BoardMarkets become more volatileas more financial institutions use Risk Management
45 Key Points from Intro Risk Management has evolved over many years. Learning from Failures.Interest in Risk Mgt is increasing.Risk Management is preventing losses and improving risk adjusted return.Risk Management replaces Crisis Management.