|Appetite - second helpings?|
I had blogged earlier this year on Risk Appetite, covering the expectations of EIOPA on the matter (which are few), as well as the more pokey/proddy stakeholders like the PRA/Central Bank of Ireland/S&P (which are several!), so the backdrop of risk appetite's practical significance to insurers doesn't need to be repeated here, more how consultants and practitioners are improving their game on the ground. Worth noting here that a few of the other consultancies have proffered their two cents on the matter over the last year or so (here, here, and here).
While interest in 'risk appetite' is currently piqued at governmental level thanks to the forensic examination of the banking industry's failings (multiple references in Parliamentary Commission evidence here and here for example), the driver of activity in the UK and Ireland is predominantly from the regulatory compliance perspective rather than expectations of bespoke, strategy-driving activity. In addition, we now see the emergence of Internal Audit as a party with a vested interest in the matter, which has the potential to draw the subject even more to a tidy, but ultimately superfluous documentation exercise.
With that in mind, Towers note that this paper is focused on "...enhancing risk appetite by improving its articulation, via clearer linkages to mission and strategy", and a rather derisive tone is therefore applied throughout regarding the familiar quantification methods preferred by regulators to monitor likelihood of insolvency in the next 12 months, giving equal billing to non-monetary capital and qualitative measurements. The paper also crosses some familiar ground, such as a lack of consistent terminology, which it tries to address (below).
Oddly, the document does not reference the FSB's thematic review of risk governance earlier this year, which will surely drive efforts in this space in the medium term, if only due to the paucity of certainty on the subject. That the FSB believe that regulators have "more work to do" is striking, and while they also bemoan the lack of common terminology, they don't let that prevent them from offering definitions of their own, as well as listing their "Key features" of a Risk Appetite Framework.
More obvious statements
- "..clearer linkages are needed to mission and strategy for risk appetite to be effective"
- "risk appetites must include boundary constraints"
- "We suggested that greater clarity around the definition of risk is needed..."
- Risk - "In this context, risk should be defined in terms of those events and circumstances that may result in an insurer failing to deliver on its mission."
- Risk appetite - "...the manner in which a company expresses an identified set of risk-trading opportunities, and sets boundaries on its risk-trading among those opportunities, aligned with successfully delivering on its mission."
- Risk strategy - "The company’s risk strategy articulates how risk fits with the mission".
- Risk tolerance - "Risk tolerances are a quantitative extension of the risk strategy...risk tolerances must be measurable...[and] place quantitative boundaries on the company’s strategy"
- Risk limits - "Risk limits are more granular tolerance levels expressed for specific risk sources, business units, and/or products that are used to implement the risk tolerances."
- Risk appetite statement - "...risk appetite statements should be taken as the combination of risk strategy tolerances and preferences, bringing together qualitative and quantitative enterprise perspectives on risk as both opportunity and threat."
- Mission - "mission is the insurer’s unique multi-period and multi-stakeholder value creation proposition."
- They promote four facets of risk assessment: size, likelihood, impact and significance.
- For those working on statement content, they recommend "...since published mission statements can be fairly terse, the risk appetite may need to look beyond the explicit elements of the mission and consider elements that are implicit." Instinctively that feels unfair, but I guess the world of implicity is one for the second line to inhabit, while the first line concentrate on value-adding.
- Concept of adaptive buffers sits nicely with me - the most visceral ones being economic capital and reinsurance/hedging/liquidity facilities, but TW attempt to expand that over qualitative areas of the risk appetite statement
- Risk preference ranking of 0-4 depicted at the back is a handy schematic
- "Some take the view that risk appetite can be expressed as a single metric, or perhaps a small set of metrics, that capture the organisation’s willingness and ability to bear risk." - that 'some' would include the FSB, COSO, the Central Bank of Ireland and the IRM, so I wouldn't be too sniffy at efforts to-date
- "Much of the work to-date on risk appetite statements has been driven by solvency supervision requirements, many statements tend to focus primarily on potential losses of capital"- a natural and by no means unwelcome by-product of having regulators in the box-seat, as opposed to stakeholders combining their efforts to establish compulsory risk appetite statement content?
- "While most insurers have, by now, developed risk appetite policy statements and discussed them with their boards, many have expressed dissatisfaction with the exercise" - that feels a rather loose statement, and if true says more about the personnel charged with performing the work.
I'll take a look at the diversity of definition in the risk appetite space across different bodies in a separate post - for now, just enjoy this tidy piece of work for what it is.