Friday 30 September 2011

NAIC - ORSA and ERM developments in North America

Spotted this over on the Casact website, and though it was worth sharing - emerging ORSA approach over with our North American chums at the NAIC, which seems to be spooking some insurers who are quaking at the thought of a 2012 ORSA imposition and lobbying for more time (same on this side of the Atlantic fellas!).

Seems to be a bit of draft ORSA guidance on the go (along the same lines as our Level 3 document in the EU), and the one stand out piece for me was the projection of capital requirements between 2-5 years out - seems instinctively light for insurers to project no further than 5 years, but maybe the long-term guarantee piece isn't such an issue Stateside.

There is also an enlightening piece from AM Best on the same document regarding their Supplementing Rating Questionnaire, how best to prepare for it and respond to it, and some benchmarking stats on positive responses to the questionnaire content. Sadly I don't get to dabble too much in this area, so if any of the Stateside readers have any experiences to share on ORSA progress or ERM SRQ completion I would be interested to hear.

Thursday 29 September 2011

GCAE Minutes - "effective co-operation between European institutions"

I had almost forgotten to post the link to the Groupe Consultatif's minutes for September - concise and clear as ever. Some interesting plans on a potential position paper on ORSA, and some IFRS/Solvency II convergence work.

Nice of them to plant a seed of uncertainty with the headline "Planned implementation of Solvency II on 1 January 2014 depends on effective co‐operation between European institutions and on action by member states". This has the air of fighting talk from EIOPA, who they met with in the month.

CROs and the Society of Actuaries in Ireland - from the President's mouth

A subject very dear to my heart (from a self preservation perspective more than anything!) was the subject of additional comment in the President of the Society of Actuaries in Ireland when giving the president's address for 2011.

Whilst he naturally states (p8) that the head of the actuarial function roles will be the preserve of the current holders of appointed/signing actuary roles, and that "any other outcome would be bizarre", he then goes on to talk of the "big Solvency II prize for us as a profession" of leadership of the risk management function, which anecdotal evidence suggests is a role favouring the actuarial profession ahead of other disciplines.

Of course while I would love to counter the argument with the Institute of Risk Management's suite of arguments in favour of the risk management profession (blogged on extensively already), I then found that the latest CRO hire was of course an actuary (making the score 3-0 to the actuaries since I started keeping it)!

Time to step up our game 'Riskies'...

Wednesday 28 September 2011

ABI Report on Board Effectiveness - board diversity

The ABI pushed out the findings from their research on board effectiveness, predominantly covering diversity, succession planning and board evaluation. The document itself will be available from tomorrow (the ABI press release link is the best I can do), but I had a look through an advance copy.

The purpose of the report is to focus on the three areas above that they believe "can help ensure an effective board and ultimately contribute to the success of the company", and they make a suite of best practice recommendations. Diversity is more on topic for me, as I suspect smaller insurers may struggle to meet any formal or informal quotas by 2015, while simultaneously meeting the Fit & Proper requirements of the management body under Solvency II, without padding out board with token non-exec female representation (and indeed the ABI allude heavily to tokenism in their advice).

The recommendations cover making the achievement of diversity a key objective when making appointments; stating steps taken to achieve it, and expanding on these in AR&A documents; widening the search for NEDs; developing more women throughout the corporate pipeline; and setting and reporting on objectives to promote gender and other diversity in companies.

I found that the advice is a little light and contradictory - while extolling the virtues of diverse boards, the ABI are against quotas for example, citing the likelihood of "two-tier" boards (two-tier, but better surely?). Norway is cited negatively, which is surprising, and the "marked increase" in 2011 female appointments does not appear to have been linked to two-tierism, despite the speed at which it has materialised pointing towards a "quantity not quality" scenario.

There are a couple of good bits covering attrition rates at FTSE 250 firms (smaller boards, lower attrition, and therefore should evidence their plans and objectives, rather than be obliged to artificially meet target level of gender diversity. They also show a good example of the problems on the hiring front, where one company was previously receiving almost exclusively male long lists for NEDs (now rectified by the recruitment firms voluntary code which requires 30% female representation on the lists).

Finally, a couple of amusing best practice examples - the Man Group and Mothercare are both cited for good work in this area. Coincidence, or does someone at the ABI have a sense of humour!

Clear Path Analysis - Van Hulle interview, legislative path, Omnibus II and more

Fantastic body of work released by the guys at Clear Path Analysis (need to sign up) - extensive interviews with Karel van Hulle, EIOPA representation and insurance industry senior figures (and as a sponsored piece, surprisingly unaffected by hard selling!). A few revealing pieces from the van Hulle commentary;

  • Sovereign debt - confirms the Solvency II approach on zero capital for EU national debt instruments copies the CRD4 approach in banking and that "we need the same approach", while going on to say cryptically that "when events change then the regulation will have to change as well"
  • Go Live date - "believes it is the final revision"
  • Omnibus II - end of the year for clarity, once parliament and council conclude discussions, with "early 2012" down for the parliament vote
  • US equivalence - notes that "all discussions with the US are difficult" (saucer of milk?), but has optimism as they "seem to be moving in the direction of Solvency II". Not quite the message being sent across the Atlantic, even if true!
  • EU regulator - "We have to see how [EIOPA and sisters] work first before we can go to the next stage"
  • Transitionals - national regulators should not be able to vary the transitional measures to create regulatory arbitrage
  • EU Parliament's advice on reintroducing regulatory technical standards - "The Commission does not believe that this is necessary"
The following was also useful for calendar planning/expectation setting on your project plans;

  • Trialogues between Council, Parliament and Commission commence in November to develop common view on Omnibus II (my last point from van Hulle's comments I suspect will be high on the agenda!)
  • EIOPA major consultations will commence in November this year (on ORSA and the Reporting Package/templates) and mid 2012 on standards they are expected to write.
  • EIOPA still focused on Jan 2013, regardless of phased approach in Omnibus II

Monday 26 September 2011

ABI, Lloyds & the FSA - behind closed doors...

Flagged elsewhere on Friday, I read through the FSA committee minutes which noted that “contingency” may be required (p3) if Solvency II is not implemented by 2013 – no mention of what that will consist of, though it sounds ominous and probably ends with the words “-million pounds”.

Also reported on Friday, the ABI and Lloyds are looking to lobby for a 2013 go-live date, regardless of the content of Omnibus II, so that Lloyds’ existing ICA process can be jettisoned and replaced by Internal Model SCR (thus restricting the dual ICA/SCR obligations to one year). I suspect they will have plenty of people who would ride on their coat-tails if they can squeeze this one through!

Omnibus II update - implementation plan shenanighans

The European Council pushed out the July version of the Omnibus II draft at the end of last week (a little late perhaps, but the Europeans do go on holiday for August I guess!).

Changes from the June version include;
  • Introductory paragraph added on ensuring that continuity and development of long-term guaranteed business is not impaired when developing this text.
  • EIOPA now obliged to produce technical information on the Equity Risk sub-module of standard formula
  • Supervisors will be applying laws and regs required to comply with implementation plan requirements from 1st April 2013 (this was from 30th June)
  • Guidance from EIOPA on what the “implementation plan” requirements are still expected on 31st March 2013 – must now also contain guidance in the context of proportionality.
  • The implementation plan must specify which, if any, transitional measures will be utilised.
Most significant one seems to be the third one – I can’t fathom why they have expressly said that regulators need to be able to police the implementation plans in April 2013, if they are not due to be submitted until June 2013.

It may be that the national regulators have lobbied to be able to check up on companies pre-submission to make sure the implementation plans are compiled to their liking first time round. With little room for latency, I suppose that would make sense.

Tuesday 20 September 2011

Business Innovation and Skills department – “Strategic Report” – anything to borrow for SFCR/ORSA/RSR?

This came out in the week from the Business Innovation and Skills department in the UK - the recommendations clearly impact on the presentation of materials for listed entities, with a "Strategic Report" replacing the various patches of random guff that normally turn up in statutory releases to the market (boiler-plate and pretty offensive in its lack of stakeholder appreciation).

I'm thinking along the lines of Pillar 2&3 in the context of this, particularly if there are some economies of scale which can be generated by sharing information between the Strategic Report and ORSA/RSR/SFCR for insurers - one for your project plans maybe?

North American ERM/Solvency developments

The guys over the pond are having a busy week (actually two ponds for me, coming from the Isle of Man!), so worth summarising here.

RIMS Conference is underway over in Canada, and while I will need to wait before I go hoovering up material, the Risk Management Monitor dropped this curious piece out on top ERM mistakes - a little hard to substantiate some of the examples, but relevant nonetheless, in particular #5 on the difference between risk appetite and risk tolerance (lack of definition somewhat addressed in the IRM's release last week).

The Canadians, US and Bermudans got together for a group hug in the inaugural North American CRO Council. A very handy looking agenda to start with, particularly "industry leading" emerging risk research and 'harmonizing regulatory capital requirements across jurisdictions' - is this the promised "equivalence on a true outcomes-basis" as alluded to by Mr. Leonardi from the NAIC last month?

Last thing was the NACD Directorship roundtable on the new realities of risk management summarised here. Of particular interest was the attitudes noted, such as; which elements of risk oversight need to be addressed by the full board; need for specialist risk committees (not required outside of financial services); directors saying the are receiving more information on risk than ever before (quality a likely casualty I suspect); Risk managers said to be "less than optimally familiar" to the directors, and then some very generic comment on CRO's, risk and strategy alignment, risk appetite, material risk and risk culture.

My concern with this is that it sounds very much like the output from a lot of these round tables, where the 'risk rabbit' on good practices fills a gap where a more substantial discussion on defining terminology and responsibilities would be more useful.

Guy Carpenter briefing - succeeding under Solvency II

Nice all round document from the guys at Guy Carpenter on Solvency II, which touches (naturally) on impacts on the reinsurance industry, but also covers broad trends across the insurance industry, particularly in the world of cost-effective/capital lite risk mitigants. The following aspects stand out;
  • Benefits of transparency and security felt to be outweighed by the challenges of Solvency II
  • Nicely merges the added cost of compliance for reinsurers with the additional business which will be generated by market demand for reinsurance as mitigant.
  • They feel Solvency II will help with consistent analysis of reinsurer strength
  • ILS market again cited as one which benefits from Solvency II pressures on capital bases
  • Stress the drawbacks of the current standard formula for cat risk, which pretty much forces carriers of non-EU cat risk to apply for internal model approval due to the capital charges as currently calibrated
  • Strange stats on UK multinational Solvency II costs (£100m quoted as being set aside) - I am assuming this is non-Lloyds reinsurers only, as that barely covers the last 6 months for the Tier 1 companies.
  • Section entitled "costs may be exacerbated by potential regulatory inefficiency" made me chuckle!
  • COver the main mitigants available (and of course where their expertise can help!) such as reinsurance, ILS, hedging, diversification techniques and M&A
  • Good material on the underwriting cycle and how the standard formula simplifications work contrary to it.

IRM principles on Risk Appetite and lessons from UBS

Pretty interesting finish to last week, with UBS getting spanked for a cool $2.3bn through the now-typical route of a back office know-it-all getting promoted to the trading desk and circumventing the plethora of internal controls designed to stop the very activity they and they alone know how to take to the n-th degree.

I thought of this when looking through the IRM's risk appetite and tolerance paper released at the end of last week (separate post to follow incidentally, only so many hours in the day!), specifically whether there was anything being promoted/supported by the institute which may have averted this rather grim result for the boys from Berne.

6 IRM principles to start with;
  1. Risk appetite can be complex - don't try to dumb it down if it isn't justifiable
  2. Risk appetite needs to be measurable
  3. Risk appetite is not a single fixed concept
  4. Risk appetite should be developed in the context of an organisation's risk management capability
  5. Risk appetite must take into account views at strategic, tactical and operational level
  6. Risk appetite must be integrated with the control culture of the company
Sadly for the profession, the risk governance set up at UBS is paper-perfect in this regard, so I dare say the CRO may feel obliged to hand in his cards. This despite the fact that, as with the Leeson and Kerviel cases beforehand, if you personally know the gaps (and the reward is great enough) the rogue trader is nigh on unstoppable by the second line of defence in these kinds of organisations. However, it looks more of a "should have done better" case for the second line, and should categorically be used as a counter argument to the dismissive tones of management when discussing risk limits and qualitative tolerances.

Some great quotes below from their website (highlights are for my benefit);


High Level – Risk Management and Internal Control
The [risk controls]framework is dynamic and continuously adapted as our businesses and the market environment evolve. It includes clearly defined processes to deal with new business initiatives as well as large and complex transactions.

Risk assessment and management oversight performed by the BOD considers evolving best practice and is intended to confirm to statutory requirements
 
Risk Appetite
Our risk appetite framework establishes risk appetite objectives in respect of earnings and capital levels that we seek to maintain, even after experiencing severe losses over a defined time horizon.
Our risk appetite is approved by the BoD. Risk appetite is based on our risk capacity, which is in turn based on our capital and forecasted earnings resources. Our overall risk appetite is set as an upper limit covering the aggregate risk exposure for each risk appetite objective, taking into account inherent limitations in the precision of risk exposure measures that focus on extreme market and economic events. Comparison of the firm's risk exposure with our risk capacity under prevailing operating conditions as well as prospective business plans serves as an input to the risk limit framework. This comparison is also a key tool to support management decisions on potential adjustments to the risk profile of our firm.
 
Operational Risk-specific
Management and risk committees are the governing bodies responsible for oversight and active discussion of risk management activities, including the question of whether or not the cost of mitigating actions is adequately balanced against the acceptable level of operational risk. Management, in all functions, is responsible for establishing an appropriate operational risk management environment, including the establishment and maintenance of robust internal controls and a strong risk culture.
 
Material operational risks and significant internal control deficiencies are identified and reported at least quarterly to stakeholders, including the BoD, GEB, divisional/regional/local management, Group Internal Audit, external auditors and regulators.
 
We have developed a model for the quantification of our operational risk, which meets the regulatory capital standard specified by the Basel II advanced measurement approach (AMA). Our model has two main components. The expected loss component is a statistical measure based on our own historical loss experiences (collected since 2002), and is used primarily to determine the expected loss portion of our capital requirement. The unexpected loss component is based on a set of generic scenarios representing categories of operational risks that are relevant to the firm. The scenarios are reviewed extensively on an annual basis by internal experts, using internal and external event information, information about the prevailing business environment and our own internal control environment. This component is used to determine the unexpected loss portion of our capital requirement.
 
Risk and Reward

Friday 16 September 2011

Active Risk - 'What makes a great Risk Manager' results...

I participated in a survey a little while back about "what makes a great risk manager" which involved looking at personality traits, and the guys at Active Risk posted the results today.

While I was hoping the results would look like my CV (!), there were some interesting findings from the 200-ish sample;
  •  Categorises risk managers into Traditionalists (from the 'department who likes to say no'!), Drivers (who are pragmatic and impatient) and Evangelists (who have the CRO style, without necessarily the substance. The split of respondents was 60/10/30 respectively. The obvious thought for me was that this was the perfect ratio of the three skillsets to arrive at a quality Chief Risk Officer, and the conclusions touch on this throughout.
  • Suggests traditionalists may be holding their companies back due to presentational shortcomings (probably fair), while Drivers should understand their impatience can come over as aggression and Evangelists should wind back on what I like to call 'risk rabbit' (where throwing terminology left and right leaves the consumer disinterested or confused.
Should certainly be of interest to my friends at Clarity Resourcing, as these kinds of considerations cross over most industries when fishing for risk talent - I hasten to add that I can't immediately recall what I was classed as!

Late post-script - found my personalised report, and I was down as a "reactive extrovert" - I'll settle for that!

Thursday 15 September 2011

AON Report on Regulatory, Accounting and Rating Agency critera changes

A decent piece from AON covering influences of Solvency II (amongst other similarly flavoured risk-based capital regulatory influences), IFRS, and ratings agency criteria for ERM on capital allocation strategies.

Some (surely sympathetically sampled) stats are included on how ratings strength will be more important than Solvency ratios - remains to be seen which measures are preferred for economic capital measurement for those who don't necessarily want or need to chase ratings agency favour.

Also includes country specific details on ORSA in the US, Risk based capital in Asia and Latin America, and references the AM Best supplemental rating questionnaire for ERM, which sounds like there might be some merits in reading

IRM Risk Appetite Guidance released

Closely associated with the last post, the IRM have pushed out the results of their consultation on Risk Appetite. I'll pick through this next week, so help yourselves via the link in the meantime

Wednesday 14 September 2011

Society of Actuaries in Ireland - newsletter treats

As ever, the Society of Actuaries in Ireland produced a riveting read this month, with some hot topics covered very succinctly, and useful to multiple jurisdications for benchmarking.

Risk Appetite (specifically how best to communicate and document it) is particularly prominent with new obligations under the corporate governance code kicking in throughout this year, and the Society's ERM committee hauled in one of the CBIs top men to talk through options, with another couple of private sector big hitters. I spotted in particular;
  • Risk Appetite Statement cannot be vague, and should include some financials
  • Traffic Light system of monitoring was viewed favourably (amber being a warning sign to act)
  • Breach alerts best in real time
  • Solvency I and Solvency II measures matter - so don't rush for future state
  • Very sketchy response on how to quantify "material" breaches of appetite, with no response documented from the regulator in this letter
  • CBI want to know about "misses and near misses" - not quite sure about what the difference is frankly - are we now tiering 'misses' into categories? RAG's and traffic lights?
  • No firm guidance on quantifying appetite for Op Risk
  • Willingness (from the floor I imagine) for CBI to use standard definitions for risk appetite/tolerance/preference - amen to that brothers!
  • Risk Appetite Statements should not be purely downside based
I must highlight the spectacular comment that "The risk appetite statement ensures decisions are made by the business rather than just by actuaries" - there's an eyeopener for all you insurance CEO's that thought you were the boss!

Some other very cute stuff included on Internal Model progress (a massive 45 models in the IMAP process - good luck staffing that!). On a serious note, one suggestion from the CBI was for 'independent validation' engagement documents to be submitted to the regulator to ensure they pass muster, which suggests there is a hot market for this type of service.

Two other parts of this jumped out. A sharp piece on diversification, where the CBI acknowledge that heavy use of expert judgement is anticipated, and point towards senior management understanding and ensuring the statistical quality standards can be met as aspects to consider.

The second linked piece was whether, as Insurance is a "mathematical business", that it is "not too much to expect" that the board and senior management to understand copulas and variance-covariance matrices.

You can tell that to the ex-politician NEDs first buddy...

Wednesday 7 September 2011

Chief Risk Officer activity

LV+ got in on the CRO staffing activity in advance of Solvency II this week, pitching a finance-oriented executive into the role, with a remit of embedding an ERM Framework and managing Solvency II. In line with previous posts, I'm not sure who to score this one to (probably not the Risk team), but important to note the reporting line still going into the CEO.

On topic, but bank rather than insurer as the example, the Reputability Blog picked up on a slightly different organisational problem that I suspect will become more prevalent over the next couple of years - namely that with the maturity of the CRO role comes an ambition to be more than the CEO's "angel on the shoulder".

Larger financial services organisations may find their CROs develop something of a wanderlust if they don't expect a reasonable shot at the top job will be forthcoming (indeed an earlier blog post highlighted that a company Stateside is using the role as CEO training). I would have thought this is even more of a strategic issue for insurers, where existing CRO/de-facto CROs will be critical to Solvency II delivery plans, and will of course have extensive knowledge of their respective institutions' economic and regulatory capital weaknesses after 2+ years of project graft!

CEA releases - SIFIs and ComFrame

The CEA got busy this week with a double release, covering their feedback on the IAIS's ComFrame proposals for group supervision, and feedback on ongoing discussions on SIFIs.

As far as ComFrame goes, they express that they feel it is too prescriptive, and potentially onerous for some groups ahead of others. They do not agree with the introduction of "living wills" for insurance companies (in the same way that banks are being obliged to document 'orderly wind-down' strategy in the UK for example). They also highlight that it does not address minimum standards at national level, so could be viewed as an additional layer of compliance for groups.

The CEA go on to countersign a separate letter with a number of other insurance associations to highlight these viewpoints.

The response to the ongoing SIFI work of the Financial Stability Board reaffirms the position of the CEA (and indeed the Geneva Association who have been vociferous on the matter) that insurers, by nature of their long term and less portable liabilities, should not be subjected to the same categorisation and timeframes as the banking industry. Cognisance of the ladder of intervention afforded by Solvency II is also requested.

Friday 2 September 2011

Financial Reporting Council - new guidance on company stewardship and public reporting

Just in case you UK insurers don't have enough to factor in to your next annual report and accounts (least of all commencing the alignment piece between SFCR/ORSA content and the risk/strategy/capital aspects of your existing reporting releases) , the Financial Reporting Council (FRC) have dropped a couple of grenades into to mix with this release on Effective Company Stewardship, and perhaps more significantly for our kind, the expanded commentary regarding Boards and Risk which was gleaned through a range of interviews.

The stewardship document obviously has some "comply or explain" regulatory relevance for UK readers, whereas the second is a phenomenally useful benchmarking tool to match up against your own board/executive/committee considerations of risk regardless of your jurisdiction.

The stewardship document then focuses more on reporting obligations, in particular Audit, and the associated consultation was triggered in Jan 2011. I was drawn to their findings on reporting "Strategy, Risk and Going Concern" which touch on communication of risk appetite, namely;
  • "differing views as to whether it is either necessary or possible for a board to apply a single, aggregated definition of its appetite for risk as a whole"
  • "when developing [the] strategy however, it is important for boards to agree their appetite or tolerance for individual key risks"
  • "reporting on the company's risk appetite was felt to be difficult, even if it could be defined, as risk appetite is not constant but varies depending on market conditions
The FRC's proposals were therefore (on the basis that the legal obligation is to report on "principle risks and uncertainties);
  • Focus reporting primarily on strategic risks (as opposed to those which occur without company action) and 
  • Disclose such risks to business model and the strategy for implementing said model
  • Not to "scatter" descriptions of the risks faced by the company throughout the document
All of this is a little plus ca change for insurers, who are already pretty good at these aspects!

The second document carried additional interest for me, bearing in mind it collates genuine opinion of the decision making bodies on their existing risk management obligations (and therefore could provide insight into future issues with Use Test evidence, ORSA processes and SFCR/RSR sign-offs). They reiterate that this is not guidance!

Obvious headline from this work is that the Turnbull Guidance will get a brush up in 2012, but I also picked out the following aspects;
  • Risk Committee should not be obligatory for all industries
  • Boards need to focus on risks that undermine strategy or long-term viability (i.e Reverse Stress Testing)
  • The "velocity of risk" meant that reputational risk requires greater attention
  • Essential that boards should focus on "gross" as well as "net" risk (inherent and residual in our lexicon)
  • Challenge of determining whether a particular risk should be brought to the board's attention remains one of the greatest challenges
  • Risk and Internal Audit should have clear reporting lines to board committees
  • Investors are seeking "more meaningful reporting on risk", much like that prescribed earlier
  • Risk categorisation terminology used is relatively crude (operational and strategic risks being the main distinction made)
I suspect most insurers would rest pretty easy if they benchmark their ERM frameworks against the contents of this paper.

Thursday 1 September 2011

Article - Journey's end for Solvency II

Well researched article in Financial Risks Today (including a name check for yours truly!) is worth a look - it covers quite a lot of ground and references a suite of research and comment, so you might find it useful as a one-stop shop.

Leadership, psychos and moon faces

On the corporate governance front, please be on the look out for any psychopaths or wide faced execs who may be the causes of your strategic undoing...