ERM assessment process gets revamped, S & P’s

Standard & Poor’s Ratings Services recently made some major additions and revisions to its Enterprise Risk Management (ERM) assessment process and has clarified in a report titled “Insurance Criteria: Refining The Focus Of Insurer Enterprise Risk Management Criteria,” what these criteria are meant to be and what they are not. S & P’s incorporated the results of the new criteria set into its counterparty credit and financial strength ratings.The criteria, which S & P’s explains stem from the set of ERM criteria it implemented in Oct. 2005 as a way to rate insurers ERM programs, are not intended as a roadmap for insurers to use to organize their ERM. Rather, the criteria describe how S & P’s will analyze ERM in its rating process. The rating is not affected by the way that ERM is performed, whether it be by a central ERM-dedicated unit, a business risk management unit, in functional units that cross businesses, by other corporate or business unit staff, or through outsourcing. What is important to the rating, according to S & P’s, is that an insurer is performing all of the important risk management functions in an effective manner, with working checks and balances. S & P’s says it does not view these criteria as being a complete set of risk management practices but rather an extensive explication of sound practices. “Not all of these practices are necessary for all insurers, nor are all of these practices sufficient to control adequately all of the risks of any insurer,’ S & P’s says. “ERM should be a way for an insurer’s management team to determine whether its risk management practices are sufficient to manage its risks, given its situation and company structure.