This document provides an overview of risk management concepts including enterprise risk management (ERM), own risk and solvency assessment (ORSA), economic capital modeling, continuity analysis, and the role of supervision. It discusses key aspects of ERM frameworks, governance structures, developing risk functions, risk policies, risk profiling processes, and qualitative and quantitative risk evaluation methods. It also outlines the purposes and processes of economic capital models, continuity analysis, and supervisory oversight. Soft skills training is also briefly mentioned.
2. Part 1: qualitative
1. ERM
2. ORSA
3. Softskill training (pass)
4. Economic and supervisory capital, continuity
analysis + role of supervision
5. Softskill training (pass)
3. Part 2: quantitative
6. Risk measures
7. Dependencies + risk capital
8. Standard model Solvency II
9. Capital allocation +
performance measurement
10.Valuing insurance liabilities
11.Risk management game + case (grade)
10. Setting the scene: What is ERM?
No universally accepted definition
Broad
• all risks faced by the insurer
– ‘downside’ and ‘upside’ risks
– internal and external sources
– company-specific and systematic risks
– quantitative and qualitative risks
• interests of all stakeholders of the insurer
11. Setting the scene: What is ERM?
Process
• totality of systems, structures and processes
to identify, treat, monitor, report and
communicate all sources of risk
• systematic organisation of and coordination
between risk functions (integrated versus
‘silos’)
12. Setting the scene: What is ERM?
holistic consideration of risk information relating
to:
• past events (losses)
• current performances (risk indicators)
• future outcomes (risk profile or risk assessment)
14. ERM framework
ERM framework should be proportionate to
- Nature: product diversity
- Scale: small versus large insurer
- Complexity: local versus global
of risks to which the insurer is exposed to.
15. Governance and risk management
• Corporate governance
- processes by which organisations are directed,
controlled and held to account
- relationship between board, managers and
owners
• Risk management
- enables and facilitates the exercise of direction,
control and accountability
- manifests as a board committee and/or board
charter responsibility
16. Board
Ultimate responsible for ERM framework
• Demonstrable support
• Approving the overall risk management
strategy/policy
• Setting the risk appetite
• Overseeing the process of ensuring the ‘responsible
persons’ are fit and proper
• Monitoring key risk by ensuring the implementation
of a suitable risk management and internal controls
framework
17. Risk committee
Assisting the board in their responsibility
Responsibilities:
• Effectiveness of the risk management framework
• Compliance with supervisory requirements
• Establishment a suitable independent risk function,
with authority, standing and resources to
effectively execute its mandate
• Monitoring the adequacy of corporate insurance
covers
18. Risk committee
Enablers
• Establish direct reporting line between
committee and most senior risk executive
• Schedule regular one-on-one meetings between
the chair of the committee and most senior risk
executive outside formal meetings
• Arrange time for meetings without executive
management
• Consult external experts
• Report transparantly without ‘filtering’
20. How is the CRO positioned?
• CFRO
• Member of the board
• Independent position
21. Developing a risk function
In practice: fragmented risk structures
• Actuarial/research function
• Internal audit function
• Business continuity team
• Reinsurance department
• Treasury and credit risk function
• Capital management function
• Market risk assessment function
• Health and safety experts
• Fraud and investigations experts
• Compliance teams
22. Developing a risk function
Risk function act and is seen acting in a
coordinated fashion (a common lens)
• shared understanding of risk tolerance
• quality and transparancy of risk information
• alignment of incentives with management of risk
• connection of risk with capital management
• governance structures
• clear accountabilities between line and risk
management
• strong direct links with strategy and operations
23. Developing a risk function
• Risk tolerance
- Does a board-approved risk tolerance exist?
- If so, is it understood by people making day-to-
day underwriting, investment and reinsurance
decisions?
- Is it appropriate having regard to the insurer’s
strategic objectives?
24. Developing a risk function
Projectmanagement required (no ‘quick fix’)
• Money: manage costs/benefits
• Organisation: executive-level ownership
• Time: detailed planning with milestones
• Information: objective reporting (‘bad news’)
• Capacity: experienced and skilled resources
• Quality: clear objectives of outcomes
25. Common risk language
Plethora of ‘competing’ risk language can
undermine the effectiveness of ERM:
• confuse people not directly involved in ERM
• reinforce a ‘silo’ approach
• focus on ‘form’ over ‘substance’
• proliferation of process inefficiencies and
duplications
• make aggregation of risks difficult
26. Common risk language
Attibutes and practices:
• common risk categories
• ‘top-down’ risk rating system
• standard templates
27. ‘Upside’ risk management
Practices that support integration of the
management of upside and downside risks:
• Ensuring risk function is involved in strategic planning
• Including both risks and opportunities in risk reports
• Reward systems that encourage calculated risk taking
• Reporting on emerging, industry-wide, cross-border
and longer term risks
28. Risk culture
Behaviours:
1. feel confident to speak up (encouraging
environment)
2. have skills, capability and empowerment to manage
risk situations (training, role clarity and
accountability)
3. improve prevention, detection and recovery of risks
continuously
34. Risk tolerance
• 3 – 5 years
• earnings volatility
• regulatory capital (supervisor)
• capital ‘strength’ for desired rating level
(rating agency)
• economic capital for ‘risk of ruin’
(policyholders)
• dividend paying capacity (shareholders)
35. Risk tolerance
• maximum exposure to aggregation of risk
• maximum acceptable net catastrophic loss
• minimum acceptable pricing principles
• descriptions of unacceptable operational risk
scenarios
• ‘go/no-go’ criteria for strategic projects
40. Influences on risk profile
• Unexpected losses and significant control
failures or incidents (looking back)
• Movements in key risk indicators (present)
• Outputs from periodic risk assessments at the
enterprise and business unit levels that have
regard to business as usual activities, new
initiatives/strategies and external events
(looking forward)
41. Feedback loop
• Establishment of thresholds for reporting
significant issues
• Reporting of risk aggregations to identify
where limits (and potentially risk tolerance)
may have been exceeded
• Protocols for escalation of issues to various
levels and management and, if necessary,
supervisors
42. Emerging risks
Emerging risks are developing or already known
risks which are subject to uncertainty and
ambiguity and are therefore difficult to quantify
using traditional risk assessment techniques
53. Advantages of risk profiling process
• Awareness of the (relative) nature of risks
• Consistency and understanding by collating and presenting a
shared view of the most significant risks from time to time.
• Transparency to the board and an opportunity for the board
to review management’s formal assessment of significant risks
• Efficiency by ensuring that management effort/risk mitigation
is prioritised to the areas of greatest assessed risk
• Learning and continuous improvement through taking action
to alter and ideally reduce the risk profile
• Culture of proactive risk management that supports
innovation and sustainability
54. Risk profile
Inherent risk Residual risk Controls
High Low Effective
High High Ineffective
Low Low Over-controlled
56. Results of risk profiling process
• Descriptions of risks
• Categories of risk for aggregation
• Causes or conditions giving rise to a given risk occurring
• Consequences of risks (financial and non-financial terms)
• Rating criteria for risk assessment (financial and/or non-
financial proxies for ‘high’, ‘medium’, or ‘low’ risks)
• Inherent risk assessment (likelihood and impact of risk).
• Effectiveness of controls and/or risk mitigation strategies.
• Residual risk assessment
• Action(s) to bring unacceptable residual risk within limits
57.
58. Exercise
How are the contents of ORSA addressed in the
report of your organisation?
60. Riskmanagement
Master in Actuarial Analytics
Lesson 4: Economic and supervisory capital,
continuity analysis and role of supervision
(IAA: Chapter 7 to 9)
63. Economic Capital Model
• Holistic assessment of key risk drivers
• Asset and liability projections
• Future balance sheets
• Profit and loss statements
• Cash flow statements
• Projected distributions of profit
• Capital and Return on Capital
65. Economic Capital Model Process
3. Simulation approach
– Deterministic versus stochastic
4. Risk metrics
– VaR versus TailVaR
– Time horizon
– Confidence level
5. Modelling criteria
6. Implementation
– fully integrated versus univariate model
66. Purposes of Economic Capital Model
• Economic capital requirements
• Disaster Planning
• Investment strategy
• Mergers, acquisitions and divestments
• Capital allocation
• Reinsurance programmes
• Optimal business mix
• Reserving volatility
• Capital outflow / inflow policies
69. Continuity Analysis
• Ongoing versus run-off basis
• Time period of modelling:
multi-year approach (medium term)
• Reliability and sufficiency of longer term
forecasts
71. Business Continuity Management
• An essential part of operational risk management.
• Business continuity planning enables to anticipate,
identify and assess business interruption risks.
• A properly documented and tested Business
Continuity Plan (BCP) reduces the impact of
interruptions on key business processes and, most
importantly, protects reputation.
• A robust BCP also allows to explain to stakeholders
and industry supervisors that risks associated with
potential business interruptions can be managed.
72. Crisis Management Planning
• A Crisis Management Plan minimises business impact
and loss in the event of a significant incident by
providing a clear and organised response strategy
supported by predefined response procedures
• At the core of critical incident management is
Business Continuity Management (BCM), which
provides an organisation with a disciplined capability
to continue to operate sustainably in the face of
potential significant business disruption.
73. Role of supervisor
• Prudential supervision is accepted worldwide as an
integral component of the regulation of financial
institutions
• The fundamental premise underpinning the
supervisory role is that the primary responsibility for
financial soundness and prudent risk management
within a supervised institution rests with the Board
and senior management
• In this context the primary emphasis of supervision is
on avoidance of problems rather than penalizing
those who may be found to have caused problems
74. Role of supervisor
• Financial oversight
• Mandatory licensing
• Ongoing operational requirements e.g. prudential
standards
• Procedures and processes for monitoring compliance
with license conditions and ongoing operational
requirements
• Where necessary, undertaking action either to force
a non-compliant insurer into compliance or remove it
from the industry
75. Risk-based supervision
• Consideration of:
– the nature of insurer’s business
– strategic/business plans
– governance arrangements
– financial condition reports
– strategies and processes to manage risk
• Licensing and ongoing supervisory activities
typically involve review of documents relating
to these areas.
76. Supervisor Relationship Management
Insurers should consider adopting a set of high-level
principles to guide engagement with supervisors. In
developing a set of appropriate principles, insurers
should have regard to:
• Alignment with supervisory objectives
• Preservation and enhancement of corporate
reputation
• Proactive and early engagement
• Communication transparency
• Relationship management accountability and
coordination
77. Supervisor Relationship Management
• Nature of interaction with supervisors
– Operational / procedural
– Non-standard / unusual
– Strategic
• Supervisory policy development
• Supervisory visits
78. Exercise
What are the model risks (limits, assumptions)
of the economic capital model of your
organisation?
96. Question 2: diversification
Correlation matrix
Question 2: Calculate 𝑉𝑎𝑅0,99(𝑋1 + 𝑋2 + 𝑋3) by
making use of the square-root formula. What is the
diversification effect? What are the assumptions?
1 0,5 0,7
0,5 1 0
0,7 0 1
100. Available capital
• Assets that cover liabilities
• Risk capital that serves as defence against risks
• Excess capital that has no business function
𝐴𝑣𝑎𝑖𝑙𝑎𝑏𝑙𝑒 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 = 𝑀𝑉𝐴 − 𝑀𝑉𝐿
• Insolvent: 𝑀𝑉𝐴 − 𝑀𝑉𝐿 < 0
• Solvent: 𝑀𝑉𝐴 − 𝑀𝑉𝐿 > 𝑟𝑖𝑠𝑘 𝑐𝑎𝑝𝑖𝑡𝑎𝑙
101. Risk Capital
• Economic risk capital
– Run-off basis
– Going-concern basis
– Reference company basis
• Rating capital
• Solvency capital
124. Market consistent valuation
The market consistent value of a company is a price
at which the company could be sold to an
independent rational investor who knows the
company well.
• Hedgeable risks: replication with liquid financial
instruments
• Non-hedgeable risks: no replication possible e.g.
operational risk -> standardized procedures
126. Exercise: Scenario analysis
1. Shares crash: 40%
2. Euro-crisis:
50% BB EU-bonds and 30% EU-corporate
bonds
3. Economic environment developes as planned
positively. The insurance business remains
constant.
127. Questions
1. Which of the three scenarios are appropriate
for ORSA?
2. Calculate the stand-alone risk capitals for
each scenario. Is the minimum regulatory
capital requirement coverage met?
3. Place the three scenarios in a risk matrix
4. What measures could the insurer take for
every scenario?
128. Answers
1. Scenario 1 and 2: risk profile
Scenario 3: base
2. Minimum regulatory capital requirement =
€ 120/150% x 120% = € 96
– Scenario 1: € 120 - € 28 x 40% = € 108,8
– Scenario 2: € 120 - € 63 x 50% - € 56 x 30% = €
71,7
– Scenario 3: € 120
3. Risk matrix: likelihood and impact
129. Answers
4. Risk control measures
• Scenario 1: set control limits
• Scenario 2:
– convert non-investment grade bonds to investment
grade bonds and/or hedge with CDS
– convert EU-corporate bonds to corporate bonds with
higher ratings and/or lower concentration risk of EU-
corporate bonds
• Scenario 3: risk management (reinsurance,
product development, capital investments)