THE CENTER FOR PROFESSIONAL EDUCATION Presentation Enterprise Risk Management (ERM) St. John’s University Thursday, November 12 1
THE CENTER FOR PROFESSIONAL EDUCATION Question Who said the following? "I cannot imagine any condition which would cause a ship to founder. I cannot conceive of any vital disaster happening to this vessel. Modern ship building has gone beyond that." 2
THE CENTER FOR PROFESSIONAL EDUCATION Answer Captain Edward Smith when he was Commander of the RMS Adriatic: Five years later he was the first and only commander of the RMS Titanic. 3
THE CENTER FOR PROFESSIONAL EDUCATION 4 Hurricane Andrew (U.S. 1992) It caused big losses to U.S. insurers. Florida insurance law did not handle flood and wind damage properly. Insurance companies lobbied for and received changes in the law. The changes were in place in 2004 and This was good risk management for insurance companies.
THE CENTER FOR PROFESSIONAL EDUCATION 5 Hurricane Andrew (U.S. 1992) It caused big losses to U.S. insurers. Florida insurance law did not handle flood and wind damage properly. Insurance companies lobbied for and received changes in the law. The changes were in place in 2004 and This was good risk management for insurance companies. Or was it?
THE CENTER FOR PROFESSIONAL EDUCATION 6 Answer Did the company have a risk management process for sharing underwriting and claims lessons learned? The companies did not seek changes in the laws in Georgia, Mississippi, Louisiana, or Texas. The companies experienced large financial losses and bad press in 2005.
THE CENTER FOR PROFESSIONAL EDUCATION 7 Risk Definitions Possibility of loss or injury. Potential for a negative impact to an asset or person. Likelihood of an undesirable event.
THE CENTER FOR PROFESSIONAL EDUCATION 8 Hazard Risk Physical Damage to Assets. Event that destroys buildings, machinery, or other assets used in an organization. Harm to People. Accidents, injuries, or disease to employees, customers, or others. Lawsuits. Contractual or liability claims.
THE CENTER FOR PROFESSIONAL EDUCATION 9 ERM Redefines the Sources of Risk Exposure. A condition that causes a downside loss. Uncertainty. A negative variance from expectations. Missed Opportunity. A failure to accept risk is itself a source of risk.
THE CENTER FOR PROFESSIONAL EDUCATION 10 Insurance Company Enterprise Risk Underwriting Risk. Poor decisions issuing insurance policies. Business Risk. Poor marketing, high cost of operations, weak claims processing. Financial Risk. Losses in investment portfolio. Regulatory Risk. Failure to meet solvency requirements.
THE CENTER FOR PROFESSIONAL EDUCATION 11 Underwriting Risk Lines of Business. Choosing insurance in areas where expertise is lacking. Pricing. Establishing the wrong level of premiums (too high, too low) Policy Limits. Exceeding capability to pay losses. Reinsurance. Failing to share large losses.
THE CENTER FOR PROFESSIONAL EDUCATION Business Risk Operations. Weaknesses managing issuing policies, managing claims, and administrative support. Weak Market. Policies cannot be issued at premiums sufficient to cover losses. High Costs. Excessive costs from inefficient or obsolete operations or use of technology. 12
THE CENTER FOR PROFESSIONAL EDUCATION 13 Financial Risk Inadequate Cash Flows. Premiums not sufficient to cover losses and costs. Inadequate Reserves. Failure to set aside assets to pay losses and adjusting expenses. Liquidity from Investment Portfolio. Short-term losses exceed ability to convert long-term investments. Inadequate Cash to Share Profits. Insufficient cash to pay dividends.
THE CENTER FOR PROFESSIONAL EDUCATION 14 Enterprise Risk Management Enterprise risk management (ERM) is an effort to coordinate risk: Underwriting. Business Risk. Financial Risk. Regulatory
THE CENTER FOR PROFESSIONAL EDUCATION 15 ERM Definitions Focus on: Strategies. Focuses on results and organizational objectives. Functions. Focuses on activities. that result in the management of risk. Processes. Focuses on linkages among organizational activities and actions to manage risk.
THE CENTER FOR PROFESSIONAL EDUCATION 16 ERM Defined Enterprise risk management is: Identifying major risks. Forecasting the significance of risks. Addressing risk in a systematic and coordinated plan. Implementing the plan. Holding key individuals responsible for managing critical risks.
THE CENTER FOR PROFESSIONAL EDUCATION 17 Goals of ERM Better Reputation. ERM is viewed positively. Higher Profits. Help achieve higher revenues and lower losses and expenses. Higher Stock Value. Investors will pay a premium for insurers with strong risk management programs. Fewer Surprises. Insurers will be more reliable when issuing policies and paying losses.
THE CENTER FOR PROFESSIONAL EDUCATION 18 Significance of ERM Logic. Systematic and coordinated risk management. Regulatory. Responds to government requirements. Fiduciary. Helps boards, auditors, and senior managers meet moral and legal obligations. Legal Liability. A defensive strategy against lawsuits alleging negligence by officers or directors. Social Responsibility. A moral and ethical imperative.
THE CENTER FOR PROFESSIONAL EDUCATION 19 Contributions of ERM (1-3) ERM makes seven important contributions to the world of risk management: #1. Recognize Upside of Risk. Failure to take a risk is a risk itself. #2. Identify Risk Owners. Assign each risk to a single owner with hierarchical co-owners. #3. Align Risk Accountability. Match risks with existing functional and business units and key initiatives.
THE CENTER FOR PROFESSIONAL EDUCATION 20 Contributions of ERM (4-7) #4. Create a Central Risk Function. To identify internal and external exposures and share the findings. #5. Install a High-Tech Platform (HTEP). For risk identification and collaboration. #6. Involve the Board. Make it easy for the Board to view critical risks. #7. Standardize Risk Evaluation. Follow a consistent process.
THE CENTER FOR PROFESSIONAL EDUCATION 21 #1. Upside of Risk Risk Interaction. An exposure does not occur in isolation. One risk affects other risks. Nature of Business Risk. A missed opportunity is a risk.
THE CENTER FOR PROFESSIONAL EDUCATION 22 Hartford Steam Boiler Founded in 1866 in Connecticut. Boilers replaced waterpower. Boilers exploded. Goal to reduce explosions. Was it successful? Did it have an unexpected upside?
THE CENTER FOR PROFESSIONAL EDUCATION Answer Yes. Successful. An inspection company first. An insurance company second. Rigorous requirements for preventative maintenance and repair. Failure to comply would void insurance. Yes. Upside. More business. Higher profits. 23
THE CENTER FOR PROFESSIONAL EDUCATION 24 #2. Risk Owner For each risk or opportunity a single individual should be: Responsible. Accountable.
THE CENTER FOR PROFESSIONAL EDUCATION 25 Question Are there exceptions to the contribution that every risk or opportunity should have an owner?
THE CENTER FOR PROFESSIONAL EDUCATION 26 Answer No. Risks that cross organizational lines: Should be identified centrally. Underwriters should communicate with claims. Property, liability, and other lines of business should should share lessons learned.
THE CENTER FOR PROFESSIONAL EDUCATION Risk Ownership and Underwriting Should policyholders have an ERM process with risk owners? 27
THE CENTER FOR PROFESSIONAL EDUCATION Answer Yes. Customer risk ownership affects: Underwriting. Affects level of premiums and scope of coverage. Claims. Affects frequency and level of loss. Example. U.S. Airways incident. 28
THE CENTER FOR PROFESSIONAL EDUCATION 29 Question U.S. Airways flight 1549 landed on the Hudson River in 2009 with no loss of life. Landing by pilot Sullivan was called the “Miracle on the Hudson.” How did U.S. Airways prepare for a crisis?
THE CENTER FOR PROFESSIONAL EDUCATION 30 Answer Preparation: “Dry Runs.” 3 times a year at every airport it serves. “Care Team.” Gates agents, reservation clerks, and other employees dispatched on a “moment’s notice.” 800 Number. For families to call for information.
THE CENTER FOR PROFESSIONAL EDUCATION 31 Question How did it handle the passengers who were removed from the plane?
THE CENTER FOR PROFESSIONAL EDUCATION 32 Answer The airline took action: 150 employees from headquarters (Arizona) to New York. Employees credit cards to buy medicines, toiletries, and personal items. Bag of cash. Suitcases with prepaid cell phones and sweat suits (dry clothes). Escorted passengers to hotels with 24-hour buffets.
THE CENTER FOR PROFESSIONAL EDUCATION 33 Question What else did it do?
THE CENTER FOR PROFESSIONAL EDUCATION 34 Answer (1) More action: Arranged train tickets and rental cars for individuals who did not want to get back on a plane.
THE CENTER FOR PROFESSIONAL EDUCATION 35 Answer (2) More action: Arranged train tickets and rental cars for individuals who did not want to get back on a plane. Reached out to high-level executives at Hertz and Amtrak so no hassle getting the tickets.
THE CENTER FOR PROFESSIONAL EDUCATION 36 Answer (3) More action: Arranged train tickets and rental cars for individuals who did not want to get back on a plane. Reached out to high-level executives at Hertz and Amtrak so no hassle getting the tickets. Retained locksmiths to help passengers who had lost keys for cars and home.
THE CENTER FOR PROFESSIONAL EDUCATION 37 Question Anything else?
THE CENTER FOR PROFESSIONAL EDUCATION 38 Answer (1) Follow-up action: Sent letters updating passengers after they arrived home.
THE CENTER FOR PROFESSIONAL EDUCATION 39 Answer (2) Follow-up action: Sent letters updating passengers after they arrived home. Refunded the airplane ticket and gave each passenger $5,000 to replace lost possessions.
THE CENTER FOR PROFESSIONAL EDUCATION 40 Answer (3) Follow-up action: Sent letters updating passengers after they arrived home. Refunded the airplane ticket and gave each passenger $5,000 to replace lost possessions. Paid additional monies to passengers where $5,000 did not cover losses.
THE CENTER FOR PROFESSIONAL EDUCATION Question Do underwriters and risk managers share stories before and after crises and losses? 41
THE CENTER FOR PROFESSIONAL EDUCATION Answer That is their job. 42
THE CENTER FOR PROFESSIONAL EDUCATION 43 #3. Align Risk Accountability The business model is the strategy of firm to be successful. Value to be Created. For customers or clients. Architecture of the Firm. Hierarchy to deliver value. Relationships. Network of partners for creating, marketing, and delivering value. Resources. Capital, assets, and other resources to generate sustainable profits.
THE CENTER FOR PROFESSIONAL EDUCATION 44 Align with Risk Owners Functional Staff. C-level production, marketing, finance, administration, technology, Business Units. Regions, autonomous operations, and subsidiaries. Key Initiatives. Major activities reflecting highly visible goals.
THE CENTER FOR PROFESSIONAL EDUCATION 45 Risk Alignment CEO Property EuropeAsiaCOOCFO General Liability Specialty Lines Rein- surance Legal Counsel
THE CENTER FOR PROFESSIONAL EDUCATION Crop Insurance (1) U.S Midwest drought of 2002 produced crop insurance for 2004 Based on inches of rain. Covers 14 states. Rain measured by county. 93. Nebraska counties. 99. Iowa counties. 102. Illinois counties. 46
THE CENTER FOR PROFESSIONAL EDUCATION Crop Insurance (2) $150 million. Target Premiums Written. $120 million. 10-year Combined Ratio.* Did the company reach its target premiums written? *(incurred losses + expenses) earned premium 47
THE CENTER FOR PROFESSIONAL EDUCATION 48 Alignment with Buyers In the 1990s, Ford Motor Corp. recognized an exposure to price fluctuations in the rare metal palladium needed for catalytic converters. The purchasing department signed long-term contracts to purchase Palladium at stable prices. Was this commodities risk mitigation strategy effective?
THE CENTER FOR PROFESSIONAL EDUCATION 49 Answer No. Ford’s Research and Development department redesigned catalytic converters requiring minimal palladium. In 2001, the price per ounce of palladium dropped from $1,500 to $400. Ford suffered a loss of $1 billion.
THE CENTER FOR PROFESSIONAL EDUCATION 50 #4. Create a Central Risk Function An individual or unit responsible for coordination of risk discussions across the entity.
THE CENTER FOR PROFESSIONAL EDUCATION 51 Central Risk Function (1) Risk Identification. Risks that might otherwise be missed by key executives. Risk Sharing. Open channels for collaboration. Influencing Risk Discussions. Opening silos.
THE CENTER FOR PROFESSIONAL EDUCATION 52 Central Risk Function (2) Should identify risks in a constant scanning process. Should occupy a high position in an organizational hierarchy. Should share unaligned risks and opportunities.
THE CENTER FOR PROFESSIONAL EDUCATION 53 Question What task should not be performed by a central risk function?
THE CENTER FOR PROFESSIONAL EDUCATION 54 Answer The central risk function should not manage risk itself.
THE CENTER FOR PROFESSIONAL EDUCATION Question Some people think Warren Buffett is a stand-alone Central Risk Function. Could this help the Chief Underwriter at an insurance company? 55
THE CENTER FOR PROFESSIONAL EDUCATION Answer Could be. In 2003 Warren Buffett foresaw signs of the 2008 financial crisis and sounded an alarm: “... derivatives are financial weapons of mass destruction, carrying dangers that, while now latent, are potentially lethal.” 56
THE CENTER FOR PROFESSIONAL EDUCATION 57 #5. Install an HTEP A high-tech electronic platform allows: Sharing. Identified risks and scope of each exposure. Storage. An evaluation of each risk and relationships among exposures. Strategies. Alternatives, recommendations, and actions to mitigate risks. Communications. Managers can support or oppose risk management efforts.
THE CENTER FOR PROFESSIONAL EDUCATION 58 Question Lightning struck a Phillips N.V. semiconductor fabrication plant in New Mexico. It started a small fire that was quickly extinguished. Nobody was hurt and damage was minor. Was this a critical risk for anyone?
THE CENTER FOR PROFESSIONAL EDUCATION 59 Answer The plant was the only source of microscopic circuits for cell phones. 40% of production went to Nokia and I.M. Ericsson.
THE CENTER FOR PROFESSIONAL EDUCATION 60 After the Fire Phillips alerted 30 customers that a fire stopped production. Phillips estimated the time delay prior to restarting production. It was one week.
THE CENTER FOR PROFESSIONAL EDUCATION 61 Nokia Nokia had a system to share such information. It put the search for microchips into a critical risk category. The result was almost no disruption of deliveries to customers.
THE CENTER FOR PROFESSIONAL EDUCATION 62 Ericsson Ericsson had no sharing system. Purchasing did not tell production about the delay for several weeks. Ericsson requested help from Phillips and other suppliers of microchips.
THE CENTER FOR PROFESSIONAL EDUCATION 63 Question What was the total cost of the small fire?
THE CENTER FOR PROFESSIONAL EDUCATION 64 Answer Phillips. $1-3 million. $40 million in lost sales offset by business interruption insurance. Nokia. Some additional costs offset by a 3% rise in market share. Ericsson. $2.3 billion loss. Withdrew from cell phone market. Acquired by Sony.
THE CENTER FOR PROFESSIONAL EDUCATION 65 #6. Involve the Board Board of Directors ERM Committee of the Board CEO Central Risk Function One possibility.
THE CENTER FOR PROFESSIONAL EDUCATION 66 Another Possibility. Board of Directors Central Risk Function CEOAudit Compensation Committee COO Internal Audit ERM Board Member
THE CENTER FOR PROFESSIONAL EDUCATION 67 #7. Employ a Standard Process One such process: Identify the risk. Assign an owner. Assess the impact. Evaluate options. Implement, monitor, and revise.
THE CENTER FOR PROFESSIONAL EDUCATION Presentation Own Risk and Solvency Assessment (ORSA) AIG St. John’s University Thursday, November 12 68
THE CENTER FOR PROFESSIONAL EDUCATION Own Risk and Solvency Assessment An internal process by an insurer. Assess the adequacy of risk management. Assess level of solvency under normal and stress scenarios. Regulators applying ERM to an insurance company. 69
THE CENTER FOR PROFESSIONAL EDUCATION ORSA Analysis Analyze relevant material risks including: Underwriting. Credit. Market. Operations. Liquidity. 70
THE CENTER FOR PROFESSIONAL EDUCATION Format of ORSA Report “O” in ORSA represents insurer’s “own” assessment of risk. Insurer determines the framework. Continuous process. 71
THE CENTER FOR PROFESSIONAL EDUCATION U.S. Status of ORSA Approved by National Association of Insurance Commissioners (NAIC). Applies to large and medium size U.S. insurers starting in ($500 million in premiums) States must implement with legislation. States can require smaller insurers to implement. 72
THE CENTER FOR PROFESSIONAL EDUCATION ORSA Goals Foster an effective level of Enterprise Risk Management (ERM) to support risk and capital decisions. Provide a group-level perspective on risk and capital beyond the boundaries of the individual insurance entity. 73