september 2011 yin lawn, taipei - airc.org.t · pdf fileseptember 2011 yin lawn, taipei pwc...
Post on 30-Jan-2018
219 Views
Preview:
TRANSCRIPT
ERMOverview
September 2011
Yin Lawn, Taipei
www.pwc.com
PwC
Agenda
• The definition of ERM.
• Important Information
• The classification of Risk
• The Risk Management Process
• The Technology of ERM
• The Organization Structure of ERM Implementation
• Some Experience Learned
• Recommendation for Actuaries in ERM
• Recommended Reading
2
PwC
The Definition of ERM
• What is ERM?- Difficult to say because there are so many different definitions :
� ���������� ������������approach to addressing risks from all sources thatthreaten strategic objectives or opportunities to exploit competitive advantage.
� ����� ���������������������������process, effected by the entity’s boardof directors, management, and other personnel, applied in strategy setting andacross the enterprise, designed to identify potential events that may affectthe entity, and manage risk to be within the risk appetite, to provide reasonableassurance regarding the achievement of objectives
� ��������� �����������approach that fully integrates risk management into howa company conducts its business and communicates with stakeholders.
� ����� ���disciplined approach aligning strategy, processes, people,technology, and knowledge to manage uncertainties as the enterprise createsvalue.
� ����� ���!����� ������""�������find an integrated, optimal way ofmanaging risk by balancing financial techniques with organizational practicesand processes.
3
PwC
The Definition of ERM (2)
� ���� �����assessment of collective risks that affect value and theimplementation of a company-wide strategy.
� ���� �#�������� ���������$%�&������������'���������%��� ���%�assesses,controls, exploits, finances, and monitors risks from all sources for thepurpose of increasing the organization's short- and long-term value to itsstakeholders.
� ���(��#�� ������������������������)�#�*������ process of coordinatedrisk management that places a greater emphasis on cooperation amongdepartments to manage the organization’s full range of risks as a whole. ERMoffers a framework for effectively managing uncertainty, responding to risk andharnessing opportunities as they arise.
� �&�� �#����a process, effected by an entity’s board of directors, managementand other personnel, applied in strategy setting and across the enterprise,designed to identify potential events that may affect the entity, and manage riskto be within its risk appetite, to provide reasonable assurance regarding theachievement of entity objectives.
4
PwC
The Definition of ERM (3)
• So, what is ERM ?
- Depends on who you ask and they are probably all correct.
- However, a scientific discovery without practical use of benefit to society is just atrivial fact.
- So, a better definition is perhaps the one includes “ultimate objective.”
- An enterprise’s ultimate objective is to increase its value to its shareholders; so apreferred summary of ERM is probably :
- Everything you do with risks that increase the value of the stakeholders.
5
PwC
Important Information
• COSO• Committee of Sponsoring Organizations of the Treadway Commission• Sponsored by• American Accounting Association• American Institute of Certified Public Accountants• Financial Executives International• The Association for Accountants and Financial Professionals inBusiness
• The Institute of Internal Auditors• Formed in 1985 to deal with issues on fraudulent financial reporting:• Over the years, it has developed its research and guidance to internalcontrol, ERM and fraud deterrence.
• First guidance on ERM is issued on 2004.• Its guidance has been adopted by companies all over the world.• Their guidance has became the international best practice.
6
PwC
Important Information
• Definition of a risk• Risk is not losses.• Uncertainty (of loss, of profit, of anything that have monetary impact)• Upside of risk• The uncertainty of achieving a goal, or make profit.
• Potential to a loss.• The uncertain of negative impact, loss, and injury
• Characteristic of risk• Uncertainty in amount• Uncertainty in time
• Risk Measures• Value at Risk• Values at different probability• Use model to measure value at different probability
• Tail value at Risk• Conditional expected value
• Standard deviation, CV• Risk and reward composite index (2006)• Capital level and liquidity risk composite index (2008)
7
PwC
Important Information
• Black Swan
• Theory developed from the book “The Black Swan” (Random House, 2007)by Nassim Taleb.
• An outlier event outside our expectation with huge impact.
• It can not be predicted and can only be explained after it has happened.
• The concept refers to the problems we deal with risks. We only see what wecan predict and do analysis on things we feel comfortable with.
• The book exams our logic and the risk associated with the way we think.
• How often do we say “this will not happen” and then it happened?
• The moral of the theory : We can not just look at the past and predict thefuture. Need to think the unimaginable!
8
PwC
Important Information
• Key Risk Indicators
• Published by COSO on December 2010.
• Recommending companies set up Key Risk Indicators and monitor them
• COSO believes that just as KPI will allow senior management identifyunderperforming area of a company, KRI will allow senior managementand board to set up company strategies better.
• The idea is to identify risk-events that may prevent company to achieve itsobjectives and design quantitative measures for these risks:
• Objective -> Strategic Initiative -> Risks -> KRI
9
PwC
Important Information
• Risk Appetite
• Refer to amount of risks an enterprise is willing to accept given acorresponding amount of reward.
• For example: 15 % of ROE with volatility consistent to equity market
• Risk Tolerance
• A stated amount of risk a company is willing to take in executing itsbusiness strategy : risk capacity.
• For example : USD 1M maximum retention on any one risk.
10
PwC
The Classification of Risks
• Unlike definition of ERM, risk classification is more consistent.• CAS• Hazard Risks• Financial Risks• Operational Risks• Strategic Risks
• Marsh, Aon, CFO Magazine, and Economist Intelligence Unit• Hazard• Operational• Financial• Strategic
• KPMG• Strategic• Operational• Reputation• Regulatory/contractual• New risks
11
PwC
The Classification of Risks• SOA• Interest rate risk• Pricing risk• Credit risk• Equity market risk• Liquidity risk• Operational risk
• PwC• Credit Risk• Market Risk• Insurance Risk• Operational Risk
• So, how should risk classified?• Depend on who you ask, but following categories align business function of aninsurance company with above risks classification:• Production Risk• Technology Risk• Solvency Risk• Marketing Risk• Administration Risk
12
PwC
The Risk Management Process
• Establish Context• Identify Risks• Analyze/Quantify Risks• Integrate Risks• Treat/Exploit Risks• Monitor & Review
13
PwC
The Technology of ERM
• The technology used for ERM :• Spreadsheet and Database• Visual Cluster• Idea :
• Some companies develop application allow user easily recorddetails of each risk and link them together. User can expand,collapsing, filtering, and tagging these risks.
14
Declined profitability
Increase Expenses
Inefficient processMore competition
Declined revenue
PwC
The Organization Structure of ERM Implementation
• The following is a list of common characteristics in major insurancecompanies’ ERM practice :
• Centralized policy making and monitoring• Execution at local level.• Board is always involved as the final approval of risk managementpolicy.
• Each risk has a centralized committee to oversees and monitor it.• There are more than one committees, the committees areseparated by risks (market risk, insurance risk…etc).
• The committee make recommendation to the board and monitorhow company comply with the RM policy.
• Different company has different risk committees and professionals
15
PwC
Some Experience Learned
• The key of ERM is execution and implementation• Fancy models and process without any execution and implementation is just ascientific exercise
• Need “Use test” on models• Communication is the Key• This is not a job of a particular profession or department• The entire organization needs to communicate throughorly.
• Be practical• Not everyone has same view risk appetite and risk tolerance.• Objective is not to eliminate risk but to manage risk.• Do not try to change your company’s existing culture, work with what you have.• Need to implement ERM at a pace that does not disrupt company’s normaloperation.
• Need a process to resolve a dispute• Not everyone will agree to a same level of risk tolerance level when comes down toaccepting a business or investment
• An endless dispute can put organization in great uncertainty and drag on resource.• Thus, a process that can help company to make a decision and move on is veryimportant.
16
PwC
Summary
• There are 3 problems with ERM today:• Definition is not clear• Risk categories are not clear• Too much theory and talk, no actions• The key to ERM is execution and implementation
• There are many perspectives to look at ERM:• The organization structure needed to implement• The technology used to analyze• The risk measure used to quantify• The models used to calculate such risk measure
• The process taken to analyze and manage a risk
17
PwC
Recommendation for Actuaries in ERM
• Need to redefine your “norm”• Risk is no longer just pure risk• it includes upside of risk, speculative risk
• Risk analysis is no long building and running a model• Certainly more than running a dynamic model
• Need to measure more than just insurance or investment losses• Operational risk
• Need to innovate (able to imagine the impossible)• Can not just look at past the project the future• Can not just follow a set of rules to derive a result
• Need to work on soft skill• Need to be risk-aware• Need to be solution driven, not process driven• Need to expand knowledge beyond insurance industry• Expose yourself beyond traditional actuarial science.
• Need to expand expertise beyond insurance losses.
18
PwC
Recommended Reading
• This Presentation• “The Black Swan” (Random House, 2007) by Nassim Taleb.• COSO guidance, in particular :• “Developing Key Risk Indicators to Strengthen Enterprise RiskManagement”
• “Effective Enterprise Risk Oversight : The Role of the Board ofDirectors”
• “Strengthening Enterprise Risk Management for StrategicAdvantage”
• CAS , “Overview of Enterprise Risk Management”• SOA, “Enterprise Risk Management Specialty Guide”• “Fundamentals of Enterprise Risk Management : How TopCompanies Assess Risk, manage Exposure, and Seize Opportunity”(American Management Association 2009) by John J. Hampton
19
PwC 20
No institution can possibly survive if it needs geniuses or supermen tomanage it. It must be organized in such a way as to be able to get alongunder a leadership composed of average human beings
Peter Ferdinand Drucker
PwC 21
Yin Lawn Curriculum Vitae
Telephone: (02)2729 6666(22406)(+886 2) 2729 6666 Ext 22406
E-mail:yin.lawn@tw.pwc.comyin.lawn@tw.pwc.com
Yin Lawn is a senior manager of PwC’s actuarial service practice inAsia.
Yin is a Fellow of the Casualty Actuarial Society and SingaporeActuarial Society. He worked in the U.S. insurance industry for sixyears, where he held pricing and reserving roles for large U.S. mult-lineinsurers including Travelers, Aetna and CNA.
Over last 10 years, Yin has project managed the appraisal valuationsfor the set up of the four financial holding companies in Taiwan, anappraisal valuation for a general insurer in Taiwan and an appraisalvaluation of an general insurance company in China.
In addition, Yin has also been given risk management, solvency,reserving and pricing advices to more than 100 insurers in Asia overlast 10 years.
He graduated with a Bachelor of science degree in actuarial sciencefrom the University of Connecticut in 1993. Originally from Taiwan, heis also fluent in both mandarin and English.
�
Property Insurance RiskManagement : Based onERM Process
September 2011
www.pwc.com
PwC
Agenda
1. Limitation
2. Background
3. Risk Management Process
4. Actual Examples
5. Some Experience Learned From This Process
6. Success factors for this project
7. Before and After
8. Others
9. Recommended Actions for ERM
Appendix A : Actual Model Structure
Appendix B :PwC
2
PwC
1. Introduction
• The contents in this document are for discussion only
• The contents are based on actual projects we did in several companies.
• Contents have been modified for illustrative purposes only.
3
PwC
2. Background
• The fire in China central television building, flood in Singapore, andearthquake with tsunami in Japan have caused many insurance companiesto reconsider risks.
• Insurance risks are apparently higher than expected.
• Thus, it appears necessary to re-assess companies’ risk.
• Either reconfirm its expectation or reconsider risk mitigation if risks aremore than expected.
4
PwC
3. Risk Management Process
5
• Our process for managing property insurance risk is as follow:
• Establish Context
• Identify risks
• Quantify Risks
• Prioritize Risks
• Setup Scenarios and Assess Losses
• Analyze Results
• Treat Risks
• Monitor and Reviews
• This is similar to a standard risk management process
PwC
4. Actual Example – Establish Context
6
• A company writes quite number of large commercial fire policies.
• Company has substantial commercial fire exposure.
• Management believe it should be well protected.
• Company has good reinsurance arrangement
• Underwriters are extremely careful in underwriting such risks. Thus,risks are well spread.
• Thus, does the reality meet company’s expectations?
PwC
4. Actual Example – Identify Risks
7
• We first plotted its commercial fire exposures geographically.
• According to above graph, company seems to have certain concentration ofrisk issue
PwC
4. Actual Example : Quantify Risks
8
• We then classify properties by zones. A zone is defined as a city blockseparated by a major street. This is to assume that a fire from one zonewill not cross a major street to damage another zone.
For example, one concentrated area will have at least three zones :
PwC
4. Actual Example : Prioritize Risks
9
• Base on the sum insured in each zone, we rank the zone based on amount ofexposure within each zone.
Zone SI (Property,USD millions)
SI (BI, USDmillions)
A 1000 250B 800 100C 500 250D 400 100E 100 90F 75 50G 60 40
PwC
4. Actual Example : Setup Scenarios and AssessLosses
10
For zones with significant exposures, we set up several types of loss scenarios.• For example, the following result is based on large fire loss in each zone.
• We calculated amount of losses and its impact to company’s financials.
Zone TotalLosses(US
millions)
Cededlosses(facultative)
CededLosses(Treaty)
Net Losses SolvencyRatio
A 750 650 50 50 150%B 600 500 50 50 150%C 500 400 50 50 150%D 280 180 50 50 150%E 300 200 50 50 150%F 250 150 50 50 150%G 200 100 50 50 150%
PwC
4. Actual Example : Analyze results
11
Based on the results from different types of scenarios, we have found thefollowing :• Company is well protected against large size of losses or exposure
• However, company is particular vulnerable against a particular size oflosses.
• This is because company’s reinsurance arrangement is extremelyconservative for large exposures and aggressive against medium sizeexposure.
• Company is not well protected against large number of losses.• This is because company is worry about large loss event, say once every150 years, but did not consider several (smaller) events happening atsame time.
PwC
4. Actual Example : Treat Risks
12
Based on the results and our industry information, we also research severaloptions company can choose to deal with the risk:� Reinsurance options:
� Underwriting options : certain zone where exposure is significant, companyneeds special approval process.
Company’s risk appetite and risk tolerance level will determinemanagement’s action.
PwC
5. Some experience learned from this process
13
• Too Optimistic• Companies are usually vulnerable in areas where they are most confident.• In these areas, things are usually worse than expected.• For example, smaller catastrophe.
• Too Pessimistic• Companies are usually well protected in areas they worried the most• In these areas, thing are usually better than expected.• For example, extremely large exposure and catastrophe
• Need to be very careful when using a ERM model to decide a managementaction• The best action is neither the one that minimize risk nor the one that
maximize profit.• Management need to consider the balance between profitability and risk.• When company is at an extremely vulnerable situation, it needs to consider
more on reducing risk rather than increasing profit.• Since most model is designed with high risk/high return assumptions, it may
not be able to suggest a right management action in a stressed situation.• This is often an ignored item in ERM model: the change in risk appetite.
PwC
6. Success factors for this project
14
• Expertises :• Model designing capability
• Design financial models (Balance Sheet, Profit & Loss, and Solvency)• Design Scenario Models
• Underwriting knowledge• Need to understand specific information behind key policy coverage and
insureds.• Reinsurance Expertise
• Need to know exactly how losses to be ceded, to whom, for every policies,under different sizes of losses.
• Model Testing• Calibration Test : to ensure the impact of the assumptions are consistent with past
experience.• Use Test : To ensure model user can use it appropriately and run it appropriately.• Structure Test : To ensure relationship for items in Balance Sheet and P&L are
consistent with past experience.• Consistency test : To ensure a smooth transition between actual to projected
future.• Technical Test : to ensure the formulas in the model are correct• Reasonableness Test : to ensure results are reasonable.
PwC
7. Before and After
15
• The following table shows the difference this exercise makes :
• * One of the client’s rating was actually upgraded. Although rating increase isattributed to many factors, it appears that the rating bureau approves company’simprovement in risk management.
Item Before After
Risk Control Did not have good control ofits risk concentration
Have a much better controlof its risk concentration
Transparency of Risk Did not fully understand its riskexposure
Have much betterunderstand its risk exposure
ReinsuranceArrangement
Vulnerable to high claimfrequency
Will adjust reinsurance so itwill provide better protectionagainst high claim frequency.
Value of Company* Did not realize it can increaseits value.
Able to reduced riskswithout changing expectedreturn : increase company’svalue.
PwC
8. Others
16
• This is just a small part of ERM.• Company should know its risk tolerance and risk appetite.
• If not, suggest not to be too extreme• Same process can be applied to other risks
• Market Risk• Operational risk• IT Risks• Risks in other line of business
• ERM is very broad, there are a lot of work involved• We suggest started from something small such as what we haveshowed you in this presentation.
PwC
9. Recommended actions for ERM
17
• Identify and manage risk in the following area :• Underwriting process,• Claim handling process• Fraud prevention process• Claim recovery process• Product development process
• Identify and propose measurements of concentration risk.• Identify and measure the counter-party risk
• Reinsurance receivables and recovery• Premium receivables
• Review risk management function’s structure• Review reserving process• Produce a monthly, risk monitor report or business report formanagement to control the risk of the company.
PwC
Appendix A : Actual Model Structure (Before andafter management actions)
18
Company Assumptions Projection Output
- Premium - Accounts Projection - Balance sheet
- Reinsurance - Cashflow - Profit & loss
- Expenses - Underwriting
- Loss ratios - Solvency
- Investment return
- Investment return
Investment RiskModel
Property Risk Modules• Commercial• Residential
Equity Market Risk Modules• Developing Market• Emerging market
Debt Market Risk Modules• Government• Corporate
Currency Risk Modules• USD• RMB
Large Loss Model
Property Risk Module
Motor Risk Module
Credit Insurance Module
WC Insurance Module
Multiple Events Module
Stress-to-FailureModel
PwC
Appendix B :
PwC
19
PwC 20
Appendix B :PwC
ERM.
/�
�
�
/ / /�
�
�
�
�
�
�
PwC
PwC (ERM)
21
Appendix B :PwC
1
2
3
4
6
7
8 9 10
(RAROC
1 2
3 4
6
7 8
9 10
55
PwC 22
Appendix :PwC
/
IT
PwC 23
ERM
��
��
�
�
�
���
Appendix B:PwC
PwC 24
Yin Lawn Curriculum Vitae
Telephone: (02)2729 6666(22406)(+886 2) 2729 6666 Ext 22406
E-mail:yin.lawn@tw.pwc.comyin.lawn@tw.pwc.com
Yin Lawn is a senior manager of PwC’s actuarial service practice inAsia.
Yin is a Fellow of the Casualty Actuarial Society and SingaporeActuarial Society. He worked in the U.S. insurance industry for sixyears, where he held pricing and reserving roles for large U.S. mult-lineinsurers including Travelers, Aetna and CNA.
Over last 10 years, Yin has project managed the appraisal valuationsfor the set up of the four financial holding companies in Taiwan, anappraisal valuation for a general insurer in Taiwan and an appraisalvaluation of an general insurance company in China.
In addition, Yin has also been given risk management, solvency,reserving and pricing advices to more than 100 insurers in Asia overlast 10 years.
He graduated with a Bachelor of science degree in actuarial sciencefrom the University of Connecticut in 1993. Originally from Taiwan, heis also fluent in both mandarin and English.
top related