Making ERM Work for You

Enterprise Risk Management (ERM) has been receiving a lot of attention recently in the financial services sector. Our focus is to answer to some key questions about how ERM can apply to the property and casualty insurance industry.

Let’s first review a few basic principles. When properly implemented, ERM provides an integrated framework for managing all of the material risks identified by an organization. Material risks need to include all potential high-impact events, even when the likelihood of occurrence is considered low. The ERM process involves identifying, assessing, measuring, rating, monitoring, controlling and mitigating risks facing the enterprise as a whole. By comparison, more traditional approaches to risk management tend to be restricted to the “silos” of individual business units; for this reason. Traditional methods may fail to measure and comprehend the full impact of some risks, or miss opportunities to reduce risk across the entire enterprise.

Why is ERM of value to property and casualty insurers? The acceptance of risks transferred by policyholders is fundamental to the insurance business. In this respect, insurers must maintain the ability to respond effectively to unexpected and sometimes volatile events. And because effective response for property and casualty insurers involves both a high degree of financial and operational preparedness, the value of ERM “done right” may be even greater for the P&C industry than it is in other industries. What are some of the key benefits property and casualty insurance companies may realize by investing in ERM? Aside from a net reduction in enterprise risk, specific benefits could include more efficient deployment of capital, enhanced financial strength ratings and possible competitive advantages. If properly implemented, ERM should also strengthen an insurer’s corporate governance.

REGULATORY GUIDANCE

What guidance are insurance supervisors providing about ERM? A timely answer to this question can be found in a guidance paper issued in October 2007 by the International Association of Insurance Supervisors (IAIS) entitled “Enterprise Risk Management for Capital Adequacy and Solvency Purposes.” (The paper can be found on the IAIS website at www.iaisweb.org).Asthe title of the paper suggests, supervisors understand the desire of property and casualty insurers to use ERM as a means of deploying capital more efficiently. Accordingly, supervisors are beginning to clarify their expectations regarding what an effective ERM framework should contain. The IAIS has done this by way of “key features” addressing such factors as the need for quantification of risks related to (at minimum) underwriting, credit, market, operational and liquidity risks; direct involvement and leadership by an insurer’s senior management and board of directors; and clarification of risk tolerance and methods of monitoring risks. Because regulatory guidance is often a precursor to more specific policies, property and casualty insurance companies (including PACICC members) should reasonably expect insurance supervisors in Canada to develop their own ERM-related standards in the near future.

Rating agencies are also providing strong advocacy and guidance for ERM. In fact, all of the major rating agencies have developed methods of assessing the adequacy of risk management capabilities in the financial strength ratings they produce for individual property and casualty insurers. Underscoring the importance of ERM, A. M. Best stated in its 2007 Canadian Property/Casualty industry review: “companies that engage in sound risk management typically are less likely to fail.”

PACICC’S INTEREST IN ERM

PACICC is interested in ERM for two key reasons. First, the evidence is clear an effective ERM program can reduce the risk that a member insurance company will encounter solvency problems. For guarantee funds, any reasonable business practices that can lower the risk of member company failures and help promote public confidence in the industry are to be encouraged. Second, PACICC has recently implemented its own ERM plan. It is a good business practice, and we are committed to “leading by example” concerning broader advocacy of ERM within our membership. We also circulated an issue paper to members earlier this year discussing the current state of ERM and describing details of PACICC’s own risk assessment. (PACICC’s ERM issue paper is available on our website at www.pacicc.ca).

INSURERS IMPLEMENTING ERM

An insurance company seeking to develop and implement its own ERM plan can “build from within” using in-house expertise if this is available, or it can engage ERM consulting expertise.

PACICC used a combination of both approaches, using the skills of Keith Old, managing director of Bishop-Phillips Consulting while developing our own capacity. Either way, the objective should be to create a plan appropriate for the risk culture and profile of the particular company. As the IAIS guidance paper puts it: “… the appropriate ERM framework is heavily dependent on the nature, scale and complexity of the risks of the insurer. The approach should be proportionate and fit-for- purpose. A ‘one-size-fits-all’ approach should therefore be avoided.”

SUBPRIME HIGHLIGHTS CHALLENGES

The sub-prime credit crisis nicely illustrates some key challenges that still need to be overcome for ERM to realize its full potential. Most of the large financial institutions recently hit with big write-downs due to the reduced value of collateralized debt obligations (including a few property and casualty insurers with parent companies outside of Canada) could claim to have been using sophisticated risk management tools. Citigroup, for example, devoted nearly one-tenth of the content of its 2006 10-K filing to a detailed discussion on “Managing Global Risk.”

So why didn’t these tools prevent, or at least substantially mitigate, the sub-prime debt crisis? Some institutions appear to have been using traditional risk management tools but had not yet adopted an integrated ERM framework. Also, it appears corporate risk measurement is still too often disconnected from risk governance.

This is the view expressed by Michael Conover, partner in charge of financial risk management for KPMG’s Risk Advisory Services practice. In the November 2007 issue of the KPMG publication Audit Committee Insights, he says of the sub-prime crisis: “If the ERM processes tell you that you have a concentration in low-quality, highly-leveraged deals and you continue to trade and originate in that area, then it’s the governance process that is not working… Both governance and measurement of risk need to be done in real time.”

So a key challenge to be met by P&C insurance companies seeking to implement ERM is not just to develop a well-designed program that identifies, assesses, measures, rates, monitors, and controls risks across the entire enterprise, but to ensure that such practices are truly, in the words of the IAIS, “led and overseen by the insurer’s board and senior management.”