Financial Reporting Council - new guidance on company stewardship and public reporting

Just in case you UK insurers don't have enough to factor in to your next annual report and accounts (least of all commencing the alignment piece between SFCR/ORSA content and the risk/strategy/capital aspects of your existing reporting releases) , the Financial Reporting Council (FRC) have dropped a couple of grenades into to mix with this release on Effective Company Stewardship, and perhaps more significantly for our kind, the expanded commentary regarding Boards and Risk which was gleaned through a range of interviews.

The stewardship document obviously has some "comply or explain" regulatory relevance for UK readers, whereas the second is a phenomenally useful benchmarking tool to match up against your own board/executive/committee considerations of risk regardless of your jurisdiction.

The stewardship document then focuses more on reporting obligations, in particular Audit, and the associated consultation was triggered in Jan 2011. I was drawn to their findings on reporting "Strategy, Risk and Going Concern" which touch on communication of risk appetite, namely;

• "differing views as to whether it is either necessary or possible for a board to apply a single, aggregated definition of its appetite for risk as a whole"
• "when developing [the] strategy however, it is important for boards to agree their appetite or tolerance for individual key risks"
• "reporting on the company's risk appetite was felt to be difficult, even if it could be defined, as risk appetite is not constant but varies depending on market conditions

The FRC's proposals were therefore (on the basis that the legal obligation is to report on "principle risks and uncertainties);

• Focus reporting primarily on strategic risks (as opposed to those which occur without company action) and 
• Disclose such risks to business model and the strategy for implementing said model
• Not to "scatter" descriptions of the risks faced by the company throughout the document

All of this is a little plus ca change for insurers, who are already pretty good at these aspects!

The second document carried additional interest for me, bearing in mind it collates genuine opinion of the decision making bodies on their existing risk management obligations (and therefore could provide insight into future issues with Use Test evidence, ORSA processes and SFCR/RSR sign-offs). They reiterate that this is not guidance!

Obvious headline from this work is that the Turnbull Guidance will get a brush up in 2012, but I also picked out the following aspects;

• Risk Committee should not be obligatory for all industries
• Boards need to focus on risks that undermine strategy or long-term viability (i.e Reverse Stress Testing)
• The "velocity of risk" meant that reputational risk requires greater attention
• Essential that boards should focus on "gross" as well as "net" risk (inherent and residual in our lexicon)
• Challenge of determining whether a particular risk should be brought to the board's attention remains one of the greatest challenges
• Risk and Internal Audit should have clear reporting lines to board committees
• Investors are seeking "more meaningful reporting on risk", much like that prescribed earlier
• Risk categorisation terminology used is relatively crude (operational and strategic risks being the main distinction made)

I suspect most insurers would rest pretty easy if they benchmark their ERM frameworks against the contents of this paper.