A holistic risk management framework

Risk in general is the likelihood or probability of a negative consequence, typically a loss or a missed profit opportunity. For a P&C insurance company like If, the largest risk is insurance risk. However, we are also exposed to other risks such as credit, market, operational and business risks. No one can predict the future with 100% certainty, but there are many ways of handling its uncertainties. Management of risks is important for both small and large corporations, either it is a manufacturing company or a financial institution. For an insurance company in particular, risks and management of risks are part of the daily operations, since insurance by definition is about transferring risk from the insured to the insurance company.

For us, the purpose of risk management is to identify, analyze, control and mitigate all risks that could prevent us from achieving our goals and targets as well as to determine, implement and improve risk management methods. There are risks connected to both pricing insurance products, cost management, investment strategies and claims handling. Therefore we aim to secure that the risk management work is continuously ongoing in all parts of our organization. The ultimate objective of our risk management process is to ensure adequacy of capital in relation to the risks we carry, as well as limit fluctuations in financial results.

During the last couple of years, there has been a development in risk management, from traditional risk management where risks were managed on a stand-alone basis into Enterprise Risk Management (ERM), which places emphasis on a holistic view of risk management at an enterprise level and the integration of risk management with other business processes. The drivers behind this development are:

• more complicated risks
• enhancing the deployment of capital
• internal requirements from owners and management
• external requirements from regulators and rating agencies
• more sophisticated methods to quantify risks

One of the drivers behind the change in the insurance industry is the current on-going EU-driven project (named “Solvency II”) aimed at establishing new risk-based capital requirements for the European insurance industry. The new regulation will to a greater extent encourage and give incentives for insurance companies to measure and manage all their risks properly and on an aggregated level. “Solvency II” is expected to come into force in 2010 and we are actively taking part in this project in our efforts to be “Best in Risk” and in having a leading risk management practice.

Enterprise Risk Management

For us, ERM is the assessment, exploitation, financing and monitoring of risks from all sources for the purpose of ensuring that the aggregated risk exposure is in relation to our capitalization (Based on CasualtyActuarial Society’s definition of ERM). Through our ERM process, risks across the whole group are managed holistically.


ERM encompasses for example:

• identifying and managing multiple and cross-enterprise risks
• aligning risk appetite and strategy
• improving deployment of capital

Identify and manage multiple and cross-enterprise risks

In order to properly assess exposures, companies must continuously measure all risks, both financial and operational, across the whole organization. When making this assessment, the correlation between risk classes and risks across all products, business areas, legal entities and geographies must be identified.

One of the main objectives of ERM is aggregating risks, explicitly capturing existing correlations. This will provide valuable insight into the interactions betweens risks and the diversification effects given certain business mixes, investments strategies etc.

In If, methods to assess the aggregation of exposures by risk type, within for example a business area, or country, as well as the ability to calculate total aggregated risk within the whole group has, been developed to help us understand our existing exposures and to define risk tolerances.

Aligning risk appetite and strategy

Effective ERM can help enhancing strategic decision-making and optimize return on capital by providing a better understanding of the trade-offs between risks and rewards. This will help decision making in issues like product design, product pricing, reinsurance program design, market and product expansion strategies etc.

Improving deployment of capital

ERM can improve the deployment of capital by aligning capital management with all risks and with diversification effects taken into account. By proper risk management and risk quantification, the need of solvency/risk capital can be more accurately quantified, thereby limiting the excess capital and consequently the cost of capital.

Implementation

In order to implement ERM, a new risk management governance framework was approved by If’s Board of Directors, in May 2005.

The following chart illustrates our current risk management governance framework.



The current risk management governance framework was established in order to:

• Create a centralized group risk management function responsible for monitoring all risks
• Identify, and as required quantify and aggregate, all risks in the organization
• Formalize and set-up of reporting routines to meet regulatory requirements as well as internal risk reporting

By this risk management governance framework, the If Risk Control Committee (IRCC) will appropriately assist the CEO and the Board of Directors in fulfilling their responsibilities relating to risk control. The IRCC is responsible for the review of systems and processes as well as for the coordination of efforts and actions related to internal control, risk management and compliance. The IRCC meets at least on a quarterly basis with an agenda that consists of aggregated risk and capital summary reports, in addition to specific risk reports for each risk area and legal entity.

Different sub-committees are responsible for measurement and follow-up of the various risks. For each risk area, the respective sub-committees are responsible for ensuring that the risk reports are produced and updated to the IRCC meetings.

The Chief Risk Officer (CRO) is responsible for coordinating the risk management work on behalf of the IRCC and for coordinating the risk reporting to IRCC. It is also within the responsibility of the CRO to secure a holistic view of the risks we are exposed to, including continuously monitoring our accumulated risk. In addition, the CRO is responsible for assessing and implementing processes related to risk management and for compliance with relevant legislation, policies and instructions.

Quantification of risk

In addition to the specific risks, which are individually associated with the insurance business or the investment assets, we are exposed to the aggregated effect of such risks. Some of the risks develop in different directions creating natural hedges. To analyze accumulation and diversification of risks, a Dynamic Financial Analysis (DFA)-model is used. The model is based on Monte Carlo-simulations, of both the investments and insurance operations. The purpose of our DFA-model is to be able to specifically quantify the risk profile of various risk types as well as the total risk, in terms of statistical measures. The model is used for instance to analyze the impact of different reinsurance strategies and investment allocations, in order to make decisions concerning for example the optimal retention level or share of equities in the investment portfolio. In addition, our DFA-model is used as basis for capital allocation to different insurance classes, depending on their respective risk contribution. By allocating capital in relation to risk, improvements are made in terms of a more correct pricing of different products.


The DFA-model is also used for calculating the economic capital. Economic capital is a measure of the aggregated risk, describing the amount of capital required in order to carry different kinds of risks given a certain confidence level and risk exposure. Insurance, market credit and operational risks determine the size of the economic capital.

Value creation

We believe a strong risk management framework adds value to both our customers and our owners.

First of all, by implementing ERM, we increase our knowledge of the aggregated and cross-enterprise risks we carry. Combined with an improved understanding of individual risks, it will enable us to utilize capital more efficiently. This will ultimately benefit our customers over time since an improved risk profile will result in pricing of our products which even more accurately reflects the transferred risks.

Furthermore, by being risk experts, we can share our improved knowledge with our customers, assisting them proactively in risk management issues – for instance, in terms of recommendation of risk-reducing actions and advice on need of insurance. We are also happy to share experiences on implementing a risk management framework, and on for example risk governance related issues.

ERM has also helped us to make decisions on issues like product design, product pricing, investment strategies and reinsurance program design. In general, through ERM we can ensure that we have a strong balance sheet and risk capital in relation to our risk exposure, which again gives our customers a strong and very solid insurance provider.

ERM should not be viewed as a “luxury”. We believe ERM is an essential tool for companies to engage in effective risk management, and to support strategic decision-making to protect stakeholders’ (owners as well as customers) interest. In other words, a strong risk management framework is a key success factor for small and large companies competing in increasingly complex environments.


Knut-Arne Alsaker

http://ifnews.if.fi/en/