The document discusses embedding an organization's Own Risk and Solvency Assessment (ORSA) and linking it to business strategy and risk appetite. It covers defining risk limits, articulating risk appetite statements, embedding risk appetite throughout the organization, and linking risk appetite to the ORSA process. The ORSA helps ensure risk appetite remains aligned with business plans and strategies and is a key component of an effective risk management system.
BCI Symposium Establishing a BCM Awareness Programmel 031008
The Role of Risk Appetite in embedding the ORSA and linking with Business Strategy November 2015
1. STRATEGY I INNOVATION I EXPERTISEPRIVATE & CONFIDENTIAL
| WWW.RQIH.COM |
EMBEDDING THE ORSA AND LINKING IT WITH BUSINESS STRATEGY
THE ROLE OF RISK APPETITE
23RD NOVEMBER 2015
1
Susan Young
Chief Risk Officer
Randall & Quilter Investment Holdings Ltd.
2. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 2
DISCLAIMER
The thoughts and opinions expressed in this presentation are my own and do
not necessarily represent those of my organisation.
3. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 3
SESSION OUTLINE
• Defining your Risk Limits
• Effectively articulating your Risk Appetite
• Embedding Risk Appetite throughout the Organisation
• Linking Risk Appetite and the ORSA
The whole process is a journey which never ends –nor should it……..
4. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM |
Back to basis – Terminology
• Risk Appetite is defined as the level of risk acceptable to an organisation.
• There are two elements to this;-
- Capacity/Tolerance – to what extent is the organisation able to bear risk?
- Appetite – to what extent is the organisation prepared to bear risk?
• Risk Appetite applies to Risk categories where taking risk will potentially yield a return,
namely Insurance Risk , Financial Market Risk and Strategic Risk.
• Risk Tolerance applies to the other Risk categories, i.e. where taking risk will yield no
return, namely Operational Risk, Credit Risk, Liquidity Risk, Regulatory Risk)
4
DEFINING RISK LIMITS (1)
It is important to make the distinction – the terms are often used interchangeably
5. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 5
DEFINING RISK LIMITS (2)
Benefits of formally defining an organisation’s Risk Appetite
• Balanced approach to risk taking- avoidance of both uncontrolled innovation and excessive
caution.
• Framework, when properly designed and implemented, can guide the business on the
level of risk permitted and encourage consistency of approach across an organisation.
• Resource allocation - a defined acceptable levels of risk also means that resources are not
spent on further reducing risks that are already at an acceptable level.
• Proper MI (in the form of Key Risk Indicators) provides management with a framework for
decision making.
A Risk Appetite Framework is an important element of a mature Risk Management System
6. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 6
DEFINING RISK LIMITS (3)
Some General Comments and Observations
• Risk Appetite of capital providers is relevant and management of expectations is
key.
• The Board will in practice normally approve the overall Risk Appetite Framework
on behalf of key stakeholders and the monitoring of adherence thereof.
• The Risk Appetite Framework should be adaptable and flexible commensurate with
the complexity of the business, recognising that “one size won’t necessarily fit all”.
• Individual subsidiary level appetites and tolerances may well be agreed at a
different level from the overall Group appetites/tolerances subject to the
aggregate risk profile remaining within overall Group Appetite/Tolerance.
• The framework and supporting metrics should be intuitive and easy to
comprehend.
Key is to start simple and add complexity as you go – if you can.
7. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 7
EFFECTIVELY ARTICULATING YOUR RISK APPETITE (1)
• Risk Appetite is linked to the strategic and business objectives of the organisation as
those are the parameters within which we manage risk.
• Overall Risk Appetite is often represented by a high level strategic statement, and each
material Risk Category is also represented by one or more risk category-related
statements.
• Adherence to each statement is measured and monitored by Key Risk Indicators (KRIs).
Continued….
So how is it done?
8. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 8
EFFECTIVELY ARTICULATING YOUR RISK APPETITE (2)
Risk Appetite Framework Suggested Components
• Context –Significance of the risk category/potential impact on earnings/capital/
profitability etc., for example, underwriting risk would, in a risk bearing entity, attract
significant scope and depth in terms of the risk monitoring framework.
• Risk Appetite/Tolerance Statement – A qualitative statement of the organisation’s
overall appetite for a given category of risk.
• Approach: A description of the overall approach to managing the specific area of
risk together with, where appropriate, consideration of any relevant factors when
setting local appetite and tolerances (e.g. local capital or regulatory considerations).
• Key Risk Indicator metric – Red/Amber/Green criteria.
• KRI Owner and Frequency –Board/Executive/Frequency as appropriate.
• Escalation Route – to the Board or a subcommittee?
Continued….
9. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 9
EFFECTIVELY ARTICULATING YOUR RISK APPETITE (3)
Risk Appetite Monitoring “Dashboard” - Example
• “Reds” and Ambers will drive
action
• Greys are N/A
• Reporting cuts may be taken at
different times
• Some metrics may take longer
to evolve and develop
Group
Mean Return
1
Variability
2
Capital Sufficiency
Return on Capital
3
Growth
4
Reserve Adequacy
Exposure Management
5
Cycle Return
Diversification
6 7 8
Currency Risk
9
Reinsurer Credit
Broker Credit
Liquidity
Free Funds
People
Reputation
Systems &
Premises
Regulatory
Infringement 10
Entity Specifics
Subsidiaries/Key Divisions
CreditOperationalRegulatoryInsuranceRiskMarketStrategicObjectives
10. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM |FOOTER PRESENTATION TITLE 10
EMBEDDING RISK APPETITE THROUGHOUT THE ORGANISATION (1)
• In practice – it will already in place for some elements – for example, underwriting
authorities and line sizes are pre-set as part the planning process.
• Data for indicators can usually be sourced from existing MI.
• Reporting structure will depending on the size and complexity of the organisation - as
it matures, exception reporting can evolve.
• A “hierarchy” of reporting and monitoring facilitates ownership throughout the
business.
• If properly embedded, the framework will evolve with the business.
• Keep educating!
Structure and demonstrable reporting to what we are/should be doing anyway
Practical Considerations
11. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM |FOOTER PRESENTATION TITLE 11
Prototype Risk Governance Structure
Board of Directors
All Risk Categories
Underwriting and Claims
Committee
(Insurance Risk –
Underwriting/Claims)
Reserving Committee
(Insurance Risk –
Reserving)
Investment/Finance
Committee
(Market/Liquidity/Credit
Risk)
Reinsurance /Security
Committee
(Credit Risks)
Compliance Committee
(Legal/Regulatory
Risks)
Operations Committee
(Operational Risk)
Risk Committee
(Oversight)
This is illustrative only and may be more/less complex in practice. The key is that
detailed management and monitoring of Risk Appetite and Tolerance can be “pushed
down” and reporting by exception encouraged as the process matures.
EMBEDDING RISK APPETITE THROUGHOUT THE ORGANISATION (2)
12. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 12
EMBEDDING RISK APPETITE THROUGHOUT THE ORGANISATION (3)
In summary - an ongoing
process which should
move and evolve with
the business – which
won’t be static! More
later….
Understand/Define current status
– what do we already have?
Strategic Objectives – what are
they?
Stakeholder Expectations -
alignment with strategy
Risk Appetite and Tolerance
Statements
Key Risk Indicators
Governance and Escalation
Feedback
loop:
-Ongoing
Monitoring
-Escalation to
Committee
/Board
Review of
overall
Framework
13. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 13
LINKING RISK APPETITE AND THE ORSA (1)
Encapsulated in Article 44 of the Solvency II Framework Directive – requirement for an
effective Risk Management System – comprising;-
A clear, defined and documented risk management strategy that is consistent with the
agent’s business strategy and includes: risk management objectives, key principles, risk
appetite and assignment of risk management responsibilities across all the organisation’s
activities.
Written policies that implement the risk strategy and facilitate control mechanisms. They
must include a definition and categorisation of the material risks faced by the agent, by
type and the levels of acceptable risk limits for each risk type. These policies must reflect
the nature, scope and time horizon of the business and the risks associated with it.
Processes and procedures to enable identification, assessment, management, monitoring
and reporting of risks the agent is, or may be, exposed to.
Recognising Solvency II
Continued…..
14. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM |FOOTER PRESENTATION TITLE 14
LINKING RISK APPETITE AND THE ORSA (2)
•Reporting procedures and feedback loops to ensure that information on the risk
management system is coordinated and challenged by the Risk Management Function
and actively monitored and managed by all relevant staff and the organisation’s board.
•Reports by the Risk Management Function submitted to the board, covering the material
risks faced by the business and the effectiveness of its risk management system.
•A suitable ORSA (Own Risk and Solvency Assessment ) process - defined as:-
The entirety of the processes and procedures employed to identify, assess, monitor,
manage, and report the short and long term risks a firm faces or may face and to
determine the own funds necessary to ensure that overall solvency needs are met at all
times.
AKA – The “Shop Window” of an aligned Risk and Capital Management Framework
15. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM |FOOTER PRESENTATION TITLE 15
LINKING RISK APPETITE AND THE ORSA (3)
• The ORSA is a process that has a number of potential triggers.
• Practically, the annual Business Plan is the primary trigger although there are others.
• A change in the Business Plan may trigger a rethink of the organisation’s Risk
Appetite –or vice versa.
• The ORSA (annual or otherwise) is a good opportunity to review the Business
Plan/Risk Appetite and whether they are appropriately aligned.
The ORSA capital assessment process entails an assessment of the Risk Appetite
and Tolerance statements and whether they continue to be appropriate and/or
aligned with the organisational strategy – the next slide illustrates this.
16. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM |FOOTER PRESENTATION TITLE 16
LINKING RISK APPETITE AND THE ORSA (4)
ORSA Inputs and Outputs
Own Risk
and Solvency
Assessment
Outputs
Capital and
Liquidity
Contingency
Plan
ORSA Report
Risk
Management
Risk Appetite
and Tolerance
Changes
Capital/
Liquidity
Solvency
Position
Assessment of
Capital and
Liquidity Needs
- Baseline
Assessment of
Capital and
Liquidity Needs
– Stressed
Conditions
Actions and
Decisions
(ORSA Inputs)
Changes to
Strategy and
Business Plan
Key Risk
Indicators
Economic
Capital
Assessment
Data Quality
Requirements
Own Risk and
Solvency
Assessment
Inputs
Risk Universe
Risk Appetite
Governance
Structure and
Processes
Stress and
Scenario
Testing
Strategy and
Planning
Action and
Decisions (ORSA
Outputs)
Internal Control
Framework
Internal Model
Risk
Management
Framework
Data Quality
Risk Appetite is both an input to and output from the ORSA process
17. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 17
CONCLUDING THOUGHTS
• Defining Limits – Formally setting Risk Appetite is a key component of monitoring
adherence to business strategy.
• Articulation - It needs proper communication throughout the organisation with all
components defined so that it it is understood by all stakeholders.
• Embedding - Proper embedding entails appropriate ownership and proportionate
reporting as visibility and proper metrics are key – what gets measured gets
monitored.
• Link to ORSA - the ORSA process provides a formal mechanism for raising the profile
of the Risk Appetite Framework as a key Risk Management tool and for keeping it
current.
Develop, Implement Live – it is a cycle of activity
18. STRATEGY I INNOVATION I EXPERTISE
| WWW.RQIH.COM | 18
Thank you for listening!
Any Questions?
AND FINALLY……..
Susan.young@rqih.com
DD +44 (0) 20 7780 5882
www.rqih.com