|
ERM for Insurance
Highlights from the IASA National Conference
By: Mary Peter
Enterprise Risk Management (ERM) was a hot topic at the Accounting, Risk and Finance (ARF) super session and an entire track of break-out sessions at this year's IASA National Conference.
Along with Eide Bailly, two insurance companies, Zurich Insurance and Highmark Insurance, presented during the super session "ERM - Are We Looking Through the Rearview Mirror or the Windshield?" They shared their experiences, challenges and best practices with their ERM programs as highlighted below. We want to share this information with you as you consider your own ERM needs and programs.
Best Practice: Establish a Mission Statement and Objectives for ERM
Linda Conrad, Director of Business Risk Management from Zurich Insurance Company, spoke about how Zurich had established a mission statement and objectives for their ERM program:
- Mission. The mission of risk management at Zurich is to promptly identify, measure, manage, report and monitor risks that affect the achievement of strategic, operational and financial objectives. This includes adjusting the risk profile in line with the Group's stated risk tolerance to respond to new threats and opportunities in order to optimize returns.
- Objectives. Protect the capital base by monitoring that risks are not taken beyond the Group's risk tolerance. Enhance value creation and contribute to an optimal risk-return profile by providing the basis for an efficient capital deployment. Support the Group's decision-making processes by providing consistent, reliable and timely risk information. Protect Zurich's reputation and brand by promoting a sound culture of risk awareness and disciplined and informed risk taking.
Linda illustrated Zurich's ERM and control framework with three lines of defense across the organization, which include risk taking, risk control and independent assurance. Their integrated view of risk includes risk governance through a risk policy; quantitative views including risk tolerance (earnings at risk and capital at risk), risk-based capital, risk reporting; and qualitative views including Total Risk Profiling (a trademark process to evaluate risk over a three to five year period) and operational risk and control. This foundation is the backbone of their ERM process to look at risk from a strategic point of view.
Linda shared the results of an ERM report* Zurich prepared that may challenge your view of ERM:
|
Risk assessment and risk aggregation are indispensable |
Understanding individual risks is not enough; we must also account for inter-linkages and remote possibilities. | |
Extremes must be factored in |
The world does not follow a normal distribution and unpredictable risks can appear at any time. | |
Quantitative tools are important, but informed qualitative judgments are indispensable |
The arsenal of quantitative risk assessment tools is impressive, but models have their limits. | |
We must ascertain our risk appetite |
Enterprise risk management has a strategic function, to determine the organization's choice of the trade-offs between risk and reward. | |
The risk culture must be entrenched in the organization |
There must be a strong, top-down risk assessment, and risk management capability must be applied across the organization. |
*Source: "Dealing with the Unexpected: Lessons for risk managers from the credit crisis"; A Zurich Report in Applied Risk Management, Zurich 2008.
Among other key statements, Linda shared how Zurich's ERM is being utilized for strategic purposes:
- Business segment CEOs communicate to their staff about the importance of following a simple identify-assess-mitigate approach to address potential corporate responsibility issues.
- Annual training, while fulfilling a compliance need, is treated as an opportunity to ensure employees understand the risks within their roles and act in accordance with the company's risk tolerance.
- Zurich Risk Policy is available to all employees via the corporate intranet; select portions are highlighted by management as needed.
- Overall, Zurich's ability to take on customers' risks is fully based on each employee's understanding of the effect these risks have on the business, so it is treated seriously and messaged clearly.
Throughout the presentation, reference was made to the concept that you must look both in the rear view mirror and the windshield to learn from where you have been and adjust your route based upon the many new and emerging risks coming toward you as you navigate the business of risk.
Best Practice: Brand Your ERM Program for Success
Highmark is a smaller, yet complex health insurance company that has diverse holdings to consider in their ERM program.
Justin Schell, Director of Enterprise Risk Management spoke in one of the breakout sessions on how Highmark has branded their ERM program using the concept of a swan. The black swan has been widely used as a description of an event that is very unlikely to occur, but if it did, would cause high impact to the enterprise. Highmark's ERM Team put together a description of a white swan, a grey swan, a black swan and aligned corporate goals and objectives for each of the three swan categories.
White Swans are the obvious risks we are already prepared for with controls and mitigation plans.
- Look for opportunities to scale back on mitigation and control strategies and in doing so, gain efficiencies.
Grey Swans are risks we can see, but have not properly prepared for with controls and mitigation plans.
- Build and evolve risk competency to better understand these risks.
- Improve the ability to identify and execute on strategies to capitalize on opportunities or avoid loss.
Black Swans are risks we have never seen or cannot predict. However, we need to have a system to see them as soon as they appear and develop a mitigation plan to deal with them.
- Build a competency that scans the horizon, measures, assesses and looks for future threats and opportunities.
This approach led to curiosity and buy-in from the various business units to become involved with ERM and consequently a cultural change in the organization. Justin shared the following changes that occurred and his recommendations:
- Build a competency in the business to recognize and evaluate risk, develop and implement strategies to mitigate and capitalize on risk, and monitor and report on risk strategies.
- Add value through a risk-based approach to decision-making across the enterprise.
- Avoid unnecessary administration by utilizing existing people, infrastructure and processes where possible.
- Integrate risk management for the entire enterprise, including subsidiaries.
Discussion: ORSA - A Blessing in Disguise?
Justin also discussed ORSA (Our Risk Solvency Assessment), the new regulation of ERM, describing it as a blessing in disguise. ORSA drives a foundational ERM program and allows insurance companies to implement ERM in a manner that works for them, rather than follow a prescriptive approach from a regulator. Based on Highmark's experience of ERM and those of other insurance companies, it appears that ORSA will bring more benefits.
Justin ended with a humorous view of how executive management is the key to driving ERM throughout the organization, but that it takes the cooperation and work of three key areas within the organization:
- Strategy. Leads the planning process for the enterprise. Projects aspirations and vision for long-term success, and plans how to capitalize on opportunity.
- ERM. The co-pilot of business decision. Responsible for risk management methodology. There in the moment with business leaders helping them to identify and measure downside risk. ERM is also constantly scanning the horizon for new risks and threats to strategy.
- Finance. Delivers the key forecasting insight that allows strategy to project their vision and plan, and allows ERM to measure stresses on the enterprise. They offer the strong, consistent, supportive models that move the organization from qualitative assumption to quantitative science.
Zurich and Highmark are just two of many insurance companies developing and implementing ERM models and strategies that fit their businesses.
If you would like to learn more about ERM for Insurance or have any additional questions regarding ERM or ORSA processes, please contact Mary Peter. |
