Uncovering the ERM Enigma

Suggestions of a slide towards softening markets persist as surveys are showcasing the sixth consecutive quarterly report of a down market direction for commercial property & casualty (p&c) premiums. Not unexpectedly, again for the second sequential year the Commercial Property/Casualty Market Index (sponsored by the Council of Insurance Agents and Brokers) restates a decline in prices in all sizes of accounts with almost half of all medium and large insurers claiming price decreases of 10% to 20%.

However, the broken record bumps back as the market indicates that this softening is less than stable; the “cyclical ride of the insurance market” endures. Instability is suggested in the second quarter 2005 Risk & Insurance Management Society (RIMS) Advisen Benchmark Survey, which reports that while indicators of market direction signaled further declines, renewal prices were actually balanced between stabilization and a slight increase for some lines of business. General liability, for example, showed clear signs of firming, whereas property fell a further 4.3% in the latest quarter. Property & casualty lines overall are currently exhibiting strong financial returns, portending increased competition and falling rates, but some other factors such as effects of 2004’s rate reductions and a poor investment income, may precipitate a future upturn in pricing.

“There’s a softening of the markets but it’s not a general softening of the market,” Jean Mulaire, director of operational risk management, James Richardson International, says. “Property and casualty is softening somewhat, but there is a fair amount of rigidity on rates in other areas like the D&O market where you have to deal with financial instruments. But because events like Enron damaged that market the lines are still fairly stubborn.”

The question at hand is what does the current state of the market mean to risk managers who have been to the soft market and back again – back to the hard or the volatile somewhere in-between?

PICKING UP THE PIECES

Softening, hardening and a less than stable market is no longer the hot topic puzzling the purchasing decisions of risk managers. What is new and certainly news, is the rampant change and fluctuating insurance environment resulting from headlining scandals, regulatory initiatives and subsequent pressure for corporate transparency and alternative revenues. While price resulting from market conditions is an important piece of information for risk managers, their focus tends to lie more toward the entire spectrum of risks reflected in their corporation’s business profile – financial and non-financial risk alike.

“Price is important but with everything that’s been happening with the brokerage community and all of the issues that have come up this year,” Nancy Chambers, risk manager for Waterloo Region Municipalities Insurance Pool, says, “risk managers may soon be managing the process of a soft market through an enterprise risk management program.”

Not to diminish the insurance purchasing and claims management sides of risk management, enterprise risk management (ERM) encompasses all possible risks.

“Enterprise risk management encompasses all,” Niver Rubenyan, ORIMS president, says, “within it there are so many pieces of risk management; any and every risk that a company faces is addressed by enterprise risk management from HR to actuarial, audit, compliance and regulator.”

Rubenyan, director of operational risk for Sun Life Financial, says that insurers have been exposed to ERM for a while as all organizations must manage risk to some extent. However, she elaborates that the updated risk manager implemented form of ERM is “a little more centralized in the way that risks are managed so that there is more interaction between the different functional areas of the organization.”

Traditionally companies covered their risks using a siloed approach. Each risk is selectively and independently covered leading to disparity in resources allocated to risks and confusion at the corporate level.

DEMYSTIFYING ERM

Enterprise risk management is embarking on a whole new era where it is evolving to new levels of company-wide worth. “One of the main reasons for its (ERM) increasing importance,” Rubenyan says, “are the bid rigging and contingent commission scandals that affected the industry, ultimately leading to problems because of failed risk management and the downfall of a lot of organizations due to failures as well as scrutiny by regulators, which has resulted in an increased pressure for companies to better manage their risks.”

Enter enterprise risk management or, as Chambers would say, “true risk management.” This all-encompassing approach to corporate risk management has increasingly garnered interest among senior level executives who are dealing with financial repercussions and operational concerns related to the scandals seizing the market.

According to Nowell Seaman, manager of risk management and insurance services for the University of Saskatchewan, the Spitzer trials were a strong impetus for corporate boards and management to pay attention to their internal corporate and operational risks. Seaman adds that as a result this may ultimately necessitate the help of risk managers, who are now being approached as key resources for the implementation of a new strategic direction for their company’s risk profile.

“The senior team sees a need and is more interested in creating an integrated enterprise risk management framework across the company to enhance the strategic goals of the organization,” Seaman says. “If the risk manager can step up to the plate and fulfil the challenge of implementing an enterprise-wide risk profile, they have an opportunity to play a strategic role in the organization.”

The onus is on the risk managers, however, to “sell” the ERM initiative to their respective companies.

According to a survey conducted by the conference board and risk management consulting firm Mercer Oliver Wyman, enterprise risk management is increasingly important as a tool to analyze and confront risks with 91% of risk management executives inclined toward accepting ERM or actively preparing, developing or implementing the practice. While the practice has gained acceptance in theory, only 11% of the respondents have implemented ERM throughout their company. Only 14% of the risk mangers surveyed reported being able to adequately communicate risk expectations to senior managers.

However hope is at hand as Chambers indicates that “whether executive levels are developing CRO positions or whether they are using the risk management at a higher level, a lot of different industries are looking to integrating enterprise risk management.” Chambers says although auditors are involved in the ERM process, risk managers facilitate the function of ERM co-ordination as they are looking above and beyond the financial side and thus are able to not only identify the issues, they are also able to identify risk solutions.

THE BIG ERM PICTURE

The strategic role of Enterprise Risk Management is to try to ensure that the company has a good understanding of the whole spectrum of its risks, whether financial, investment related or operational including legal and regulatory risks.

“What is really needed now is to look at the whole business and understand all of the risks including operational issues as well as external challenges from the legal and regulatory environment,” Doug Brooks, vice president and chief risk officer at Sun Life Financial, says. “These risks need to then be put into an enterprise-wide context so the company has a good picture of its risk profile and can recognize where its key risks are and therefore direct resources to those key risks instead of focusing all its resources on one area potentially ignoring other areas that may also be important.”

The most often quoted failures and areas that need attention are associated to the need for transparency in how risks are managed. Transparency is very important both externally and internally, stressing the potential value ERM posses. In order to communicate both internally and externally and give confidence on how a company manages its risks, a solid framework must be used and understood by every member of that respective corporation. This vertical and horizontal form of communication will further ensure, as many risks as possible are being captured and managed in an effective way.

“It’s very important to make sure that the information an ERM positions will flow across the organization as opposed to just up and down the organization,” Brooks says. “So, enterprise risk management builds information structures to ensure that there’s a consistent and enterprise-wide view of the various exposures.”

Building a risk management framework is essential to the ERM scheme as it identifies and defines the company’s risk tolerance and allows a risk manager to build the corresponding tools and processes that will take the specific level of tolerance into account.

The information structure, or the enterprise-wide risk framework is, unique to each organization as risk is embedded in a company’s culture, outlook and operations. Rubenyan explains that if a risk manager develops the right skill sets and strengths, a risk framework can be developed for any company. In order to create the appropriate risk profile for an organization a risk manager must first understand the company’s risk culture – the way a company views and manages risks and how much tolerance the company has for risk and a key piece of the ERM puzzle.

Concerning much more than mere insurable risks, a company’s risk culture includes every detail of each possible risk. An important point Rubenyan highlights is the need for risks to be defined in terms of every potential outcome, which necessitates a long-term, outside-the-box approach that views the risks with hindsight.

Another piece of the ERM puzzle, according to Rubenyan, is categorizing the types of risks a company faces. Categorizing a risk will allow all the potential, pre-empted risks to be captured. Risks can be categorized as business risks, operational risks and strategic risks.

In order for a risk framework to identify and manage all types of risks, the framework must take into account the company’s organizational structure – who is strategizing, as these are the individuals posing a strategic risk; who is implementing business decisions and subsequently posing a business risk; the company’s vertical and horizontal operational areas (i.e. audit, compliance, investments, etc.) as every area of operation will impact how a risk is viewed and managed.

One of the most important areas embedded within a good ERM framework, Brooks notes, is the area of operational risk. “Operational risk is one of the most underdeveloped areas yet it’s one of the most important,” Brooks continues. “If you look at why companies have failed, in most cases you’ll find that some process broke down within the organization.”

Brooks postulates that using ERM to understand a company’s operations – process and employee related – and its associated risks and subsequent failures, will ensure that the company will be able to properly assess and manage the potentially devastating risks a failure within operations may pose.

THE TEAM APPROACH

Implementing an ERM structure prior to a failure is obviously ideal however, in lieu of the recent scandals, an ERM framework is desirable to company’s that may require an alternate source to ramp up their revenue.

“Risk managers have to really work with their brokers and be part of the process and part of the solution,” Chambers says, “because brokerage firms and insurers are going to be looking for alternatives to increase their revenues. So it’s important for them to be aware of the financials of enterprise risk management.”

Joining in the process of recovery and stability and developing relationships is key to industry-wide success as Mulaire points out, “If the insurance industry doesn’t have a good profile investors will begin to allocate their money elsewhere,” this may lead to rate hikes and increased exclusions. Consequently, as Mulaire indicates, it is in the best interest of the industry as a whole to ensure that they are transparently performing to the best of their ability, as a positive reflection of insurance is the way in which the best capital will be captured.

As a result, Mulaire surmises that risk managers will receive good coverage by reliable carriers at the best rates possible. “So, we want to support a healthy industry with a good profile,” Mulaire says, “We also want a reasonable level of working trust to exist and persist within the insurance industry overall.”

Chambers concurs with Mulaire referencing the need for stable markets offering reasonable rates that are viable enough to maintain insurer solvency.

“There has to be enough funds available in order to pay the claims and be solvent so that our carriers will be there when we need them,” she explains. “It might be viewed that it is great to have a reduction on your premiums

but, on the other hand, what should be more important to risk manager’s is the willingness and the ability of their carriers to come to the table when they need them for an important claim.”