Category Archives: Risk management

Recovery and Resolution Plans: More to it than meets the eye

Have you ever wondered what options would be available to your company should it get into financial difficulty? Does your company have a ‘plan B’ and how practical and realistic is it? These are questions (re)insurance companies may soon need to answer. Recovery and Resolution Plans (RRPs) have already been introduced in the banking industry. In this blog I outline a few insights the insurance industry can learn from the recovery and resolution planning process which the banking industry has already commenced. (Re)insurance companies may find this useful particularly in light of the European Insurance and Occupational Pensions Authority (EIOPA) opinion issued last month recommending a harmonised recovery and resolution framework for all insurers across the EU.

Based on the feedback from the banking industry, it would appear that there is more to recovery and resolution planning than meets the eye. In the banking industry, recovery plans, for example, are intended to be living documents which demonstrate that the recovery strategies presented can be implemented in reality—and that is not an easy task.

The following diagram illustrates the embeddedness of recovery plans within banks as well as some of the key considerations which I will expand upon in this blog.

Recovery plans can span hundreds of pages as the practicalities of recovery strategies are explored in great detail in order to have a plan of action in place that is realistic, achievable and capable of being put into action straight away. Regulators expect a short timeframe for implementation of a recovery plan, with the recovery strategies presented typically required to be fully executable within a 12-month period. In addition, it is expected that the recovery strategies take account of the particular scenarios the company may find itself in. For example, the recovery strategies may vary depending on whether an idiosyncratic or a systemic risk has materialised, given that the options a company could take when it alone is in financial difficulty compared to when many companies are in the same boat may well be different.

Continue reading

Evolving FRM strategies still valuable to life insurers

In this A.M. Best interview, Milliman consultant Kamilla Svajgl offers perspective on financial risk management (FRM) strategies currently used by the life insurance sector. She also discusses how companies with sophisticated FRM strategies in place prior to the global financial crises withstood its effects.

SFCR: Where are the risks?

This blog is part of the Pillar 3 Reporting series. For more blogs in this series click here.

Following the first annual reporting deadline under Solvency II, here’s a look at the breakdown of risk components within the Solvency Capital Requirement (SCR) across the Irish market. This provides a useful insight into the largest drivers of regulatory capital, while also indicating some of the sources of risk for companies.

All companies
This analysis is based on 40 published Solvency and Financial Condition Reports (SFCRs) as only standard formula companies have been included. The graph in Figure 1 shows the breakdown of the various SCR components, where 100% represents the calculated SCR.

As can be seen, underwriting risk represents the largest driver of SCR, followed by market risk. In this case, underwriting risk represents a combination of life, health, and non-life underwriting risks.

The benefits of diversification and loss-absorbing capacity represent an average reduction of 43% of the SCR. Please note that diversification here is at the SCR module level and doesn’t include the impact of diversification across sub-modules.

Figure 1

Continue reading

Capitalizing on your actuarial report

In this article, Milliman’s Richard Frese and Andy Hoffman offer organizations perspective concerning critical topics they should discuss with an actuary to enhance their insurance program, better manage liabilities, and maintain appropriate actuarial analysis for the needs of their program. The authors also discuss best practices when working with an actuary.

This article was published in The Risk Management Quarterly.

Spotlight on operational and reputational risk

macdonnell-bridgetOperational and reputational risks have become areas of greater focus in recent times. There have been so many high-profile operational risk events that it is clear how important operational risk management is for all companies—Anthem, Volkswagen, and UBS are just a few examples of companies that have suffered significant losses because of operational risk events. In addition, for every publicly reported incident there are sure to be a host of smaller cases, which have not been large enough to hit the headlines, and which, of course, can have a cumulative detrimental effect over time. There is also a somewhat invisible aspect to operational risk, given that the damage does not always affect physical assets. Information can be stolen through a cyber breach, agents can act in their own interests, fraudulent activity can happen, and all of these events can go undetected.

Operational risk can also contribute to other risks that undertakings face, particularly reputational risk—a risk we don’t always fully appreciate until the damage is done. There are many strategies and marketing campaigns aimed at ‘one brand’ and ‘one vision’ which show the value organisations place on their reputations. Yet reputational risk management is not always given the attention it deserves. It’s worth pausing for a moment to take a closer look at operational and reputational risk management.

Operational risk
The challenges of quantifying operational risk are numerous—they include the lack of data to properly calibrate models and there are also challenges in relation to the models themselves. For example, the major shortcomings of the Solvency II standard formula calculation of operational risk capital are highly topical at the moment. Under Solvency II, operational risk capital must be held as part of the company’s Pillar 1 capital requirements. Criticism of this factor-based calculation includes its failure to capture many relevant elements of a company’s risk profile, such as the operating model and the specific processes within the company.

Interestingly, the solvency regime in Switzerland (known as the ‘Swiss Solvency Test’) does not require operational risk capital to be held. Rather, operational risk is considered as part of the company’s risk management, therefore treating it as a Pillar 2, as opposed to a Pillar 1, issue. Earlier this year, the Basel Committee on Banking Supervision imposed an outright ban on operational risk internal models for banks, acknowledging the widely differing approaches and complex modelling of this risk within the industry. Whether or not such developments will flow over to the EU (re)insurance solvency regime remains to be seen, but regardless of where operational risk sits from a regulatory perspective it is nonetheless an area where there are increasingly sophisticated methods being used in companies’ own risk assessments, such as, for example, Bayesian Network modelling.

For those who may be unfamiliar with Bayesian Network modelling, it is a technique that is gaining more and more traction as companies continue to develop their understanding of their operational risk exposures. This technique aids the understanding of operational risk exposures through workshops with various experts within the business, in order to establish the key underlying drivers of operational exposure and the relationships between these drivers. They are often not obvious at first glance and tend to involve quite nonlinear relationships. Once these exposures are well understood, the company can focus its attention on managing and mitigating the risks.

Continue reading

Chief risk officers identify threats and opportunities

Modern organizations are complex and having a chief risk officer (CRO) to look across the organization and its environment is hugely valuable. The CRO is uniquely positioned to scan across unfolding trends, both within the organization and outside it, and work with colleagues to determine whether there are opportunities or threats. In this video, Milliman’s Neil Cantle explains the management of risk and the role of a chief risk officer.