standard & poor’s erm benchmark · pdf file•s&p’s assessment of erm...
TRANSCRIPT
Permission to reprint or distribute any content from this presentation
requires the prior written approval of Standard & Poor’s. Copyright © 2014
by Standard & Poor’s Financial Services LLC. All rights reserved.
Standard & Poor’s ERM Benchmark Review
Farooq Omer, Senior Director and Analytical Manager Sridhar Manyem, Director Standard & Poor’s Ratings Services September 29, 2014
Introduction
S&P’s ERM Framework
Survey Highlights
Conclusions and Questions
Agenda
2
Introduction
4
S&P’s ERM Framework
Risk Management Culture
Risk
Controls
Emerging
Risks
Mgmt.
Risk &
Economic
Capital
Models
Strategic Risk Management
• S&P’s assessment of ERM examines whether insurers execute risk management practices in a systematic,
consistent, and strategic manner across the enterprise that effectively limits future losses within the insurers'
optimal risk/reward framework
• All else being equal, an insurer with a stronger ERM score is less likely to experience losses outside its
predetermined risk tolerances under our criteria
ERM Acting As A Modifier
Business Risk Profile Financial Risk Profile
Indicative
SACP/GCP
Anchor Score ERM-M&G
Modifier
• ERM analysis is tailored to each insurer's risk profile and focuses on five main areas: risk management culture,
risk controls, emerging risk management, risk models, and strategic risk management
• An insurer's ERM is scored as "very strong", "strong", "adequate with strong risk control", "adequate", or "weak",
based on the assessments of the five sub-factors, which we classify as "positive", "neutral", or "negative"
• ERM-Management & Governance combination can modify the anchor score up or down to arrive at indicative
Stand Alone/Group Credit Profile
Survey Highlights
• Insurers with higher ERM scores are closest to meeting the deadline for submitting their
self-assessments to NAIC regulators.
• Many insurers consider regulatory and legal changes some of the biggest risks they face,
while threats to the integrity of their IT systems remain a concern.
• Although most insurers will benchmark business risks against capital, the definition of what
constitutes that capital can vary widely.
• Comparing risk tolerances among insurers in some categories--such as for catastrophe
coverage—is complicated by the use of disparate models that can yield different results.
Survey Highlights
8
Insurers With Better ERM Scores Are More Prepared For ORSA Submissions
12%
33%
24%
20%
11%
Percent of ORSA Report Completed
0-30% 30-60% 60-90% 90%-100% Not Applicable
95%
77%
51% 47% 45%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
VeryStrong
Strong Adequatewith strongrisk control
Adequate Weak
Av
g.
% o
f O
RS
A R
ep
ort
co
mp
lete
d
ERM Score of the Respondent
Average Percent of ORSA Report Completed Vs. S&P ERM Score
• 53% of our rated universe in North America and Bermuda responded to the survey
• Survey responses received: 35% Life, 22% Health & Property/Casualty (PC), 15% Multiline, 6% Reinsurers
Source: Standard & Poor’s Ratings Services
Risk Culture
10
Measuring Risk Tolerance
• Our survey finds that insurance companies pre-dominantly choose a one year time horizon to measure their risk
tolerances
• There is currently no widely accepted, or industry benchmark confidence level used in risk tolerance statements
• Consistent with our expectations, we found that a majority of companies used capital to benchmark risk- 96% use
capital measures for setting tolerances
• However, definition of capital varies widely. Insurers have at least six different ways of measuring capital, and
not more than 27% of the insurers use the same one
Source: Standard & Poor’s Ratings Services
24%
16%
10% 5%
18%
27%
Capital Measure For Risk Tolerance
Economic capital GAAP Equity
Other Rating Agency capital
Regulatory Capital Statutory Capital
11% 5%
2%
8%
1%
41%
31%
Confidence Level For Risk Tolerance
1 in 10 1 in 20 1 in 100 1 in 250
1 in 1000 Others None
11
Executive Compensation
• In our survey, organizationally we found that 10% of CROs reported to the board while 47% to the CEO
• Growth as an incentive metric appears to be balanced by other profitability metrics and longer vesting periods.
• Compensation as a risk governor is witnessed through mechanisms that include vesting periods, bonus banks,
restricted shares, and stock options that discourage management from excessive risk taking in one year
10% 8%
75%
51%
31%
12% 10%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Vestin
g P
erio
d o
f 1
year
Vestin
g P
erio
d o
f 2
years
Vestin
g P
erio
d o
f 3
years
Re
str
icte
d S
ha
res
Sto
ck O
ptio
ns
Bonu
s B
an
k
No
t A
pplic
able
Methods Used For Long-Term Incentives
47%
5%
27%
52%
24%
6%
0%
10%
20%
30%
40%
50%
60%
Re
turn
on E
quity
Re
turn
on A
ssets
Share
Price
Gro
wth
Co
mbin
ed
Ratio
No
t A
pplic
able
Metrics To Decide Top Executive Compensation
Source: Standard & Poor’s Ratings Services
Risk Controls
13
Risk Controls: Catastrophe Risk
• 56% of respondents used 1-in-250 level to manage cat risk consistent with our standards followed by 1-in-100
(31%)
• Catastrophe models differ and, therefore, can yield vastly disparate results. Even if all insurers used the same
model, results would likely differ because an insurer can customize its model. This makes benchmarking
tolerances difficult.
13%
34%
3% 20%
10%
3% 17%
Basis For Catastrophe Risk Tolerance
Economic capital GAAP Equity
Not Applicable Other
Rating Agency Capital Regulatory Capital
Stat surplus
Source: Standard & Poor’s Ratings Services
8% 6% 6%
31%
3%
56%
14%
3% 6%
0%
10%
20%
30%
40%
50%
60%
1 in 1
0
1 in 2
0
1 in 5
0
1 in 1
00
1 in 2
00
1 in 2
50
1 in 5
00
1 in 1
00
0
No
t A
pplic
able
Confidence Level For Cat Risk Tolerance
14
Risk Controls: Equity and Credit Risk
• Of the survey respondents, 46% use a value-at-risk (VaR) measure to quantify their credit risk.
• Many insurers used multiple quantitative methods to manage equity risk- we found that scenario-based
evaluation, with an emphasis on stress-testing, appears popular. For insurers that take on equity risk through their
liabilities, such as variable annuities with guaranteed returns, using various "Greeks," or hedge parameters tied to
options, appears more common
39%
24%
19%
81%
49%
25%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Simulation VaR
Historical VaR
Full “Greeks”
Partial “Greeks”
Scenario-Based Evaluation
Others
Quantitative Techniques To Measure Equity Risk Exposure
Source: Standard & Poor’s Ratings Services
Risk Controls: Health Insurance Risk
56% 40% 92%
24%
4%
8%
16%
12%
4%
44%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
% of Revenue constituteby Govt. program
(medicare/Medicaid)
% of premium from singlestate
% of claim cost allignedwith Risk share
Health Insurance Risk Controls
0% - 25% 25% - 50% 50% - 75% 75% - 100%
• Health insurers can set risk limits in terms of revenues, claim costs, or premiums. Our survey respondents control
the amount of regulatory/legislative risk they are exposed to by setting a tolerance for the percent of revenues
derived from government programs
• 56% of insurers in our survey prefer to get 25% or less from Medicare and Medicaid, and 24% are satisfied with
getting between 25% and 50% of revenues from those programs.
Source: Standard & Poor’s Ratings Services
16
Risk Controls: Operational Risk
• Almost all of the insurers had a disaster recovery plan and business continuity process in place.
• The insurers we surveyed said IT is their major operational risk, followed by regulation and compliance.
• Insurers need IT systems that run seamlessly all the time to satisfy policyholders, suppliers, and investors. At the
same time, those systems must be secure against an increasing tide of cybercrime.
• Regulation is also a major concern, with insurers increasingly uncertain about the impact of more mandates from
both within and outside of their home nations
37% 28% 8% 7% 7%
35%
23%
13% 14% 3%
16%
16%
17% 14%
10%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Informationtechnology
Regulation Compliance Businesscontinuityprocesses
Humanresources
Top Five Operational Risks
Priority 1 Priority 2 Priority 3
Source: Standard & Poor’s Ratings Services
Emerging Risk Management
18
Emerging Risk Management Highlights
• 64% of insurers had formal committees to manage emerging risks. However, only 10% of insurers quantified their
emerging risks
• Insurers see political/economic issues and legal/regulatory issues as major emerging threats irrespective of their
industry sector
• P/C and reinsurers were concerned about cyber-risk, climate change, and increasing competition from deep-
pocketed, nontraditional rivals. Life insurers worried about the impact of low interest rates, and health insurers'
big concern was clearly the Affordable Care Act and other reform measures
Source: Standard & Poor’s Ratings Services
21% 20% 20% 19%
13%
7%
0%
5%
10%
15%
20%
25%
Polit
ica
l/E
cono
mic
Ch
alle
nges
Le
gal/R
egula
tory
Ch
alle
nges
Co
mpe
tito
r/In
dustr
yLa
ndscape
Cybe
r/T
ech
nolo
gy R
isk
Oth
ers
Clim
ate
Chan
ge/W
eath
er
Vola
tilit
y
Major Emerging Risks Faced By Insurers
Risk Models
20
Internal Models Will Be A Key Focus In The Future
• Almost 73% of the respondents had some form of internal economic or risk capital model
• Given that regulatory capital acts as a minimum, it is not surprising that 89% of companies have internal targets
greater than the regulatory capital.
• Internal models in our surveyed group are likely to range from a customized rating agency or regulatory model to
a sophisticated dynamic financial analysis (DFA) model
42%
47%
11%
Required Risk Capital Vs. Regulatory Capital
Greater than regulatory capital
Greater than twice the regulatory required capital
Lesser than regulatory capital
25%
22%
11%
28%
14%
Basis For Internal Capital Model
Cash flow model (Life/Health)
DFA (relationship based on ESG)
Factor Driven
Individual risk towers aggregated through correlations
Scenario based
Source: Standard & Poor’s Ratings Services
Strategic Risk Management
22
Capital Allocation and Strategic Risk Management
• Metrics such as capital (89%) and ROE (72%) are popular among P/C insurers whereas life and health companies
used capital (90%) and IRR (75%) to compare strategic risk options
• Companies used various types of capital to allocate to various risk but regulatory capital, Stat surplus, GAAP
equity and required economic capital were more common
• Life and health companies tend to use regulatory capital in their strategic management decisions more than P/C
companies.
36% 37% 39%
16%
42%
22%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
GAAPEquity
StatSurplus
RequiredEconomic
Capital
AvailableEconomic
Capital
RegulatoryCapital
RatingAgencyCapital
Type Of Capital Allocated
Source: Standard & Poor’s Ratings Services
88%
67%
34%
65%
37% 31%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Capital IRR Earningat Risk(EaR)
ROE RAROC Others
Metrics Used To Compare Strategic Options
IRR – Internal Rate of Return , ROE– Return on Equity, RAROC-Risk Adjusted Return on Capital
23
For more information about Standard & Poor’s ERM Benchmark Review, visit
www.SPRatings.com/ERM
Contact: Steven Cooke Senior Director Client Business Management T: 212.438.7240 [email protected]
Permission to reprint or distribute any content from this presentation requires the prior written approval of
Standard & Poor’s. Copyright © 2014 by Standard & Poor’s Financial Services LLC. All rights reserved.
Thank You
Farooq Omer Senior Director and Analytical Manager T: 212.438.1129 [email protected] Sridhar Manyem Director T: 212.438.7128 [email protected]
Copyright © 2014 by Standard & Poor’s Financial Services LLC. All rights reserved.
No content (including ratings, credit-related analyses and data, valuations, model, software or other application or output therefrom) or any part thereof (Content) may be modified,
reverse engineered, reproduced or distributed in any form by any means, or stored in a database or retrieval system, without the prior written permission of Standard & Poor’s
Financial Services LLC or its affiliates (collectively, S&P). The Content shall not be used for any unlawful or unauthorized purposes. S&P and any third-party providers, as well as their
directors, officers, shareholders, employees or agents (collectively S&P Parties) do not guarantee the accuracy, completeness, timeliness or availability of the Content. S&P Parties
are not responsible for any errors or omissions (negligent or otherwise), regardless of the cause, for the results obtained from the use of the Content, or for the security or
maintenance of any data input by the user. The Content is provided on an “as is” basis. S&P PARTIES DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, FREEDOM FROM BUGS,
SOFTWARE ERRORS OR DEFECTS, THAT THE CONTENT’S FUNCTIONING WILL BE UNINTERRUPTED OR THAT THE CONTENT WILL OPERATE WITH ANY SOFTWARE
OR HARDWARE CONFIGURATION. In no event shall S&P Parties be liable to any party for any direct, indirect, incidental, exemplary, compensatory, punitive, special or
consequential damages, costs, expenses, legal fees, or losses (including, without limitation, lost income or lost profits and opportunity costs or losses caused by negligence) in
connection with any use of the Content even if advised of the possibility of such damages.
Credit-related and other analyses, including ratings, and statements in the Content are statements of opinion as of the date they are expressed and not statements of fact. S&P’s
opinions, analyses and rating acknowledgment decisions (described below) are not recommendations to purchase, hold, or sell any securities or to make any investment decisions,
and do not address the suitability of any security. S&P assumes no obligation to update the Content following publication in any form or format. The Content should not be relied on
and is not a substitute for the skill, judgment and experience of the user, its management, employees, advisors and/or clients when making investment and other business decisions.
S&P does not act as a fiduciary or an investment advisor except where registered as such. While S&P has obtained information from sources it believes to be reliable, S&P does not
perform an audit and undertakes no duty of due diligence or independent verification of any information it receives.
To the extent that regulatory authorities allow a rating agency to acknowledge in one jurisdiction a rating issued in another jurisdiction for certain regulatory purposes, S&P reserves
the right to assign, withdraw or suspend such acknowledgement at any time and in its sole discretion. S&P Parties disclaim any duty whatsoever arising out of the assignment,
withdrawal or suspension of an acknowledgment as well as any liability for any damage alleged to have been suffered on account thereof.
S&P keeps certain activities of its business units separate from each other in order to preserve the independence and objectivity of their respective activities. As a result, certain
business units of S&P may have information that is not available to other S&P business units. S&P has established policies and procedures to maintain the confidentiality of certain
non-public information received in connection with each analytical process.
S&P may receive compensation for its ratings and certain analyses, normally from issuers or underwriters of securities or from obligors. S&P reserves the right to disseminate its
opinions and analyses. S&P's public ratings and analyses are made available on its Web sites, www.standardandpoors.com (free of charge), and www.ratingsdirect.com and
www.globalcreditportal.com (subscription), and may be distributed through other means, including via S&P publications and third-party redistributors. Additional information about our
ratings fees is available at www.standardandpoors.com/usratingsfees.
STANDARD & POOR’S, S&P, GLOBAL CREDIT PORTAL and RATINGSDIRECT are registered trademarks of Standard & Poor’s Financial Services LLC.