Session 28PD
Mr. Michel Rochette Enterprise Risk Advisory,LLC September 10th, 2012 Enterprise Risk Advisory, LLC
1
Topics
Context
Two proposed risk standards:
Risk Evaluation – covered in this presentation
Risk Treatment – see ASB web site
Reactions
Discussion
Questions
Enterprise Risk Advisory, LLC
2
Risk Evaluation in Enterprise Risk Management
Enterprise Risk Advisory, LLC
3
Context
Enterprise Risk Advisory, LLC
4
Context
Source: INGRAM, Dave(2009), “ERM and Actuaries”, Casualty Actuarial Society E-Forum, Winter Edition, p.386-395 Enterprise Risk Advisory, LLC 5
Risk Controlling:
Context
–
Creation of comprehensive risk models: establish and monitor risk tolerance and limits
–
Some existing ASOPs fall in this category but actuaries mostly absent
Risk Trading: –
Pricing and valuation of risks
–
Most ASOPs pertain to this goal, mostly insurance
Risk Steering: –
EC, Risk-adjusted performance, Value Enterprise Risk Advisory, LLC
6
Context
RISK EVALUATION
RISK TREATMENT
Copyright 2010 by the Society of Actuaries, Schaumburg, Illinois. .
Enterprise Risk Advisory, LLC
7
Context
Most ERM standards usually apply at the company level Most other ASB ASOPs are very specific, although they also reference risk issues: –
#7: Analysis of life, health, or property/casualty insurer cash flows
–
#12: Risk classification (All practice areas)
–
#19: Appraisal of insurers
–
#35: Selection of demographic and other non economic assumptions for measuring pension obligations Enterprise Risk Advisory, LLC
8
Context
Source: INGRAM, Dave(2011), “ERM Standards of Practice: A Socratic Dialogue”, SOA Annual Meeting, p.11-22 Enterprise Risk Advisory, LLC
9
Context
Other ERM ''Standards of practice” being considered: –
IAA: global standards initiative: Ex. Social Security
–
Asset management industry: some initiatives at the industry level
–
Auditors: some very specific individual risk standards: risk audit and SOX.
Enterprise Risk Advisory, LLC
10
Standards in general
Enterprise Risk Advisory, LLC
11
Standards in general
Enterprise Risk Advisory, LLC
12
Ex. Components of Standards
Individual Risk Standards
Enterprise Risk Advisory, LLC
13
Risk standards ď Ź
Let's listen to Dave Ingram's presentation of the context at the 2012 ERM Symposium
http://www.ermsymposium.org/2012/audio/C9.mp3 Source: ERM Symposium, 2012, session C9
Enterprise Risk Advisory, LLC
14
Risk standards
Source: ERM Symposium, 2012, session C9 Enterprise Risk Advisory, LLC
15
Risk standards
Source: ERM Symposium, 2012, session C9 Enterprise Risk Advisory, LLC
16
Risk standards
Source: ERM Symposium, 2012, session C9
Enterprise Risk Advisory, LLC
17
Risk standards
Source: ERM Symposium, 2012, session C9
Enterprise Risk Advisory, LLC
18
Risk standards
Source: ERM Symposium, 2012, session C9 Enterprise Risk Advisory, LLC
19
Risk Evaluation Standard
Purpose: Provide guidance – not guidelines – to actuaries – for the moment – as it pertains to risk evaluation – broader than measurement, quantification but smaller than analysis – systems: - not just a framework –
Design or Implement
–
Use or Review
Scope: apply to actuaries for any ERM phases: ERM control or compliance cycle, trading or steer objectives Enterprise Risk Advisory, LLC
20
Risk Evaluation Standard
Different categories of risk evaluations: –
Risk evaluation models: apply to 3 ERM phases
–
Economic Capital: mostly steer phase
–
Stress testing: trading & steer phases
–
Emerging risk: steer phase
–
Other risk evaluations: all 3 phases
Applies to an ERM type work, not pricing nor valuation as there are particular ASOPs. Q: What about MAD in principles-based reserving? Enterprise Risk Advisory, LLC 21
Risk Evaluation Standard: some definitions
Risk Evaluation System — A combination of practices, tools, and methodologies within a risk management system used to measure the potential impacts of risk events on the performance metrics of an organization. Risk—The potential of future losses or shortfalls from expectations due to deviation of actual results from expected results. Economic Capital—The amount of capital needed for an organization to survive or to meet a business objective over a specified period of time at a selected confidence level, given its risk profile. Enterprise Risk Advisory, LLC
22
Standard doesn't use “standard� definitions for some components Ex. Standard uses counterparty risk: risk that the party providing a risk offset or accepting a risk transfer does not fulfil its obligations. Missing some components. A counterparty is larger than credit risk.
Risk Management Terms Survey, SOA, 2007 SOA (2006): Enterprise Risk Management Specialty Guide May 2006, SOA CCRO (2002): Committee of Chief Risk Officers; Volume 6 of 6 Glossary, Nov 2002 Enterprise Risk Advisory, LLC
23
More “standard� risk definitions
Source: Risk Management Terms Survey, SOA, 2007 Enterprise Risk Advisory, LLC
24
Risk standard definitions
Source: Risk Management Terms Survey, SOA, 2007
Enterprise Risk Advisory, LLC
25
Risk standard definitions Standard risk definition: deviation from expectations only. What about the average losses?
Source: Risk Management Terms Survey, SOA, 2007
Enterprise Risk Advisory, LLC Source: Risk Management Terms Survey, SOA, 2007
26
Potential improvements
Adopt industry specific risk definitions: – Ex.http://ec.europa.eu/internal_market/insurance/docs/sol vency/impactassess/annex-c08d_en.pdf
ISO Guide 73: Risk management vocabulary
Rephrase the standard to propose that the evaluation be adapted to the context of how risk definitions are actually used by practitioners Create a risk taxonomy adapted to the context:
Ex. If risk is evaluated and treated as a system – systemic risk -, different from risk evaluation by source or cause – economic capital calculation-. Enterprise Risk Advisory, LLC
27
Risk Evaluation Standard considerations
Financial resources and risk profile: –
Financial strength of the organization – broader than just capital
–
Risk profile, nature, scale and complexity
–
Current and long-term risk environments: internal and external, own assessment or based on management's
–
Organization's strategic goals including risk tolerance – desired volatility – of value
–
Interests of various stakeholders Enterprise Risk Advisory, LLC
28
Risk Evaluation Standard considerations
Financial resources and risk profile: –
External risk evaluations: Ex., as done by rating agencies ERM evaluation
–
Extent of dependencies, correlations, interactions of risks
–
Fungibility of capital resources
Organization's own risk system: –
Risk appetite, tolerance & management involvement
–
Enterprise Risk Control Effectiveness: management actions toward unexpected events Enterprise Risk Advisory, LLC 29
Risk Evaluation Standard considerations
Interaction of financial resources, risk profile and risk system: –
“If in the actuary’s professional judgement, as appropriate to the assignment, a significant inconsistency exists, then that inconsistency should be reflected in the risk evaluation.”
–
Important element to consider but criteria could be expanded to include other specific considerations like: •
Looking at existing recent losses and how it was managed, other professionals' report like Audit, financial analysts instead of only professional judgement Enterprise Risk Advisory, LLC
30
Risk Evaluation Standard considerations
Risk Evaluation models: “Fit for the purpose:” –
Sophistication of models & materiality of risks
–
Models reproducible & adaptable to new risks
–
Practical considerations: usability, reliability, timeliness, process, cost effectiveness
–
Limitations: inherent & statistical. Ex. VAR
–
Model validation, calibration, sensitivity
–
Approaches to model correlations
Aspect missing: as in Solvency II, no “use test” Enterprise Risk Advisory, LLC
31
Risk Evaluation Standard considerations
Risk Evaluation models: Assumptions –
Assumptions supportable, documented & allow for deviations from the expected
–
Regularly revisited to assess effectiveness
–
If assumptions reflect anticipated management & actions are supportable by facts.
Standard should capitalize on other work in this area, particularly in the valuation area. Could also have assumptions as to the risk control effectiveness, not just gross risk. Enterprise Risk Advisory, LLC
32
Risk Evaluation Standard considerations
Risk Evaluation: Economic Capital models –
Components: timeframe, basis to measure risk – regulatory, reputation, earnings loss,.. -, confidence level
–
Reflection of significant risks in a consistent and comprehensive manner
–
Appropriateness of method to measure each risk
Standard could capitalize on the many economic capital requirements being developed for Solvency II, ICAP, Rating Agencies' EC requirementsEnterprise Risk Advisory, LLC 33
Risk Evaluation Standard considerations
Risk Evaluation: Economic Capital models –
Reliance on consistent accounting framework
–
Somewhat inconsistent as the idea of an “economic” capital model is to measure risks on an “economic”, not an accounting approach!
–
Choice of appropriate methods: •
Stochastic, stress tests, scenarios, standard measures like “add-ons”
–
Validation of the models
–
Assumptions: remote & unlikely: historical, market prices, experts, internal consistency, documented Enterprise Risk Advisory, LLC 34
Risk Evaluation Standard considerations
Risk Evaluation: Stress & Scenario testing –
Extent to which stress tests reflect similar degree of adversity. Ex. 1 in 200 year event
–
How an organization will function during a catastrophic event – I think it is the link to business continuity planning, if any -
–
Extreme event may be part of many extreme events – all correlations go to one -. In other words, when things go bad, they all go bad at the same time and reactions by all stakeholders
–
How to quantify non readily quantifiable risks and their potential total impact. Op risk + Enterprise Risk Advisory, LLC 35 reputation
Risk Evaluation Standard considerations
Risk Evaluation: Stress and Scenario testing –
Methods and models to actually assess impact on all organizations must be ascertained
–
Integrate disparate systems or build one integrated model
–
Assumptions: Tests themselves. • • • •
–
Effect on other assumptions Management responses Regulatory and market reactions Risk mitigation and time horizon
Scenarios: limited considerations Enterprise Risk Advisory, LLC
36
Risk Evaluation Standard considerations
Risk Evaluation: Emerging risks –
Impact of emerging risks over time
–
Limited considerations in the standard
Risk Evaluation: other risk evaluations –
Used in risk monitoring, mitigation: compliance and control ERM
–
Apply same considerations as in general risk evaluation and risk evaluation models
Data quality: ASOP 23
Documentation: ASOP 41 Enterprise Risk Advisory, LLC
37
Risk Evaluation Standard considerations
Risk Evaluation: Document and disclosure –
Economic capital: models, results, limitations, timeframe, measurement basis, confidence
–
Stress & scenarios: results, intended use & limitations
–
Emerging risks: methods and sources
–
Major assumptions: as before
–
Risks included: risks excluded?
–
Model validation results
–
If major deviations from this standard: ASOP 41
–
What about other Enterprise Risk disclosure Advisory, LLC standards 38
Risk Evaluation Standard Potential applications
IAIS Core Principles:16 and 20
NAIC ORSA
NAIC Form F: Enterprise risk reports
Solvency II, Pillar II, Pillar III and ORSA
Rating agencies' ERM and EC assessments
ComFrame
IAA Care report Enterprise Risk Advisory, LLC
39
Reactions ď Ź
Questions asked by the task force:
Enterprise Risk Advisory, LLC
40
Reactions
Questions raised: – Sufficient guidance for risk evaluation? – Flexible enough? – Explicit enough about the reliance on the work of others? – ERM scope clear enough so that it doesn't extend to other actuarial work?
25 comments, mostly by individuals, companies and two organizations Review comments and get your input Enterprise Risk Advisory, LLC
41
Reactions
Comments so far: – Pierson: guidance question. Should consider joining the two proposed standards as the risk evaluation and risk treatment are related. What is relevant is the net risk to the organization – Bakos: scope questions. • Doesn't see difference between evaluation of risks net of expectations covered by this standard and other “common actuarial tasks” like reserving and pricing, which also involve risk classification & evaluation. • Only applies to CERA doing ERM work or any actuary? Enterprise Risk Advisory, LLC
42
Reactions
Blanchard III: guidance questions – Comments on definitions and ERM cycle – Replace emerging by environmental scan – Risk modelling should be done only after understanding materiality of risks, data sources and mitigation initiatives
Koller: guidance question – Align definitions with other more standard definitions
Zher: good start for guidance, flexible enough, area of concern on the reliance on others Enterprise Risk Advisory, LLC 43
Reactions
Bradley: – Make link with ORSA as risk evaluation will contribute to this process – Should standard be rephrased ERM evaluation and not just “risk” evaluation as ERM considers risks and gains? – Align “stress-test” definition with external definitions
Pfluger: – More emphasis on correlation, required capital, not flexible enough to handle new standards, inevitable to integrate others Enterprise Risk Advisory, LLC 44
Reactions
Rochette: – Is the purpose more “risk assessment” within ERM than an evaluation, which is a broader term? – View proposed standard as a good start if goal is to review, not complete enough is goal is to design, implement, use – To make it more flexible, should be moreprinciples based – Inevitable to work with others. EC section should refer to that explicitly, otherwise, silo EC – Should standard be ERM-context dependent? Enterprise Risk Advisory, LLC
45
Reactions
Hay: not enough guidance, flexible enough, reliance inevitable as ERM is team-work, division of standard arbitrary – why exclude pricing, reserving, claims – not realistic to separate ERM from other “actuarial” activities Financial Reporting Council: UK regulator for governance and reporting – Board responsible to assess risks – Risk evaluation is part of that role of Boards
Enterprise Risk Advisory, LLC
46
Reactions
Enterprise Risk Advisory, LLC
47
Reactions
North American CRO Council: – “We strongly believe that ERM is not an actuarial process and goes beyond an actuarial function.” – “We believe it may be premature to develop a standard related to ERM and that expressing the ERM principles in the form of guidance document may be more appropriate at this time.” – “This standard would be adding to existing and growing compliance requirements in the ERM landscape.”
Enterprise Risk Advisory, LLC
48
Your reactions? Outstanding issues related to any new ERM standards:
Source: ERM Symposium, 2012, session C9 Enterprise Risk Advisory, LLC
49
Your reactions?
Should we have such a standard? Do you agree with the ERM standard task force's earlier conclusions or do you agree with NACRO's conclusions? Your reactions to the standard itself: guidance, scope, flexible enough, interactions with non actuaries? Other issues? Do you think that the actuarial profession should develop its own theoretical ERM Framework to position itself in the ERM space? Should standards reflect “existing”50practice or Enterprise Risk Advisory, LLC “best” practice?