Rating criteria for ERM changed

Standard & Poor’s Ratings Services (S&P’s) has changed the criteria for its Enterprise Risk Management (ERM) assessment process.

In its report entitled “Insurance Criteria: Refining The Focus Of Insurer Enterprise Risk Management Criteria,” S&P’s shows how the new criteria will become part of its counterparty credit and financial strength ratings.

S&P’s says the new criteria evolved from the set of ERM criteria it implemented in October 2005. They are not intended as a roadmap for insurers to use to organize their ERM, the ratings agency says. Rather, the criteria describe how S&P’s will analyze ERM in its rating process.

The rating is not affected by the way ERM is performed, S&P’s says. Companies, for example, may choose to have a central, ERM-dedicated unit, a business risk management unit, functional units that cross businesses, programs headed by corporate or business unit staff, or by means of outsourcing the task. Most important to the rating is that an insurer is performing all of the important risk management functions in an effective manner, with working checks and balances.

S&P’s says it does not view its criteria as being an exhaustive set of risk management practices; rather, they are an extensive explication of sound practices.

“Not all of these practices are necessary for all insurers, nor are all of these practices sufficient to control adequately all of the risks of any insurer,” S&P’s says. “ERM should be a way for an insurer’s management team to determine whether its risk management practices are sufficient to manage its risks, given its situation and company structure.”