Thursday, 28 November 2013

Accenture Insurance Sector research - Global Risk Management survey

Flood Risk?
A nice generic risk management benchmarking piece from the guys and girls at Accenture came out this week, and after I spent last week at the Leicester rugby game, I was happy to see another 15 "tigers", albeit this time scattered throughout the survey paper itself, presumably as a subtle metaphor for "death by tiger" risk...

It is made up of 98 C-suite respondents (nicely spread across disciplines), is Insurance sector-specific, and Global in coverage (one-third Europe, half N.America), so should be useful to any reader for trend-spotting and Board briefing.

From the document itself, I've pulled out the following;

Risk Governance
  • 98% have their "risk management owner" reporting to the CEO
  • 96% have a senior executive (regardless of title) as "risk management owner"
  • 80% have their "risk management owner" report regularly to the Board
  • 55% had a titled CRO
  • A number of those stats (whilst improved since their last survey) are a poor reflection on the Global insurance industry, but perhaps reflect where corporate culture is outside of the EU/US axis
  • Of the governance bodies, I was surprised to see only 60% of Life companies have an operational risk committee
Solvency II/Non EU equivalent legislation-specific
  • Over 80% of Life and P&C respondents seem happy that they are preparing well for their regulatory initiatives (Solvency II or local equivalent).
  • Other than Internal Model development, the main outstanding issues for Life insurers to be prepared for Solvency II/equivalent is IT architecture and Data Management/Integration. For P&C, documenting risk processes and developing a meaningful Use Test are also worrying at least half of respondents.
  • Issues such as training and education, risk culture and risk governance documentation are relatively low on the priority list.
  • Conversely, when asked on a 1-5 scale about specific areas of risk governance, respondents were more positive about their Data preparations than their risk governance - go figure!
  • Use Test preparation remains a laggard throughout.

Generic

  • Top external pressure was Legal risk, and by a good distance. Regulatory risks relatively low on the list, perhaps reflecting Europe's low weighting in the quantum surveyed.
  • Risk Management seemingly well integrated with strategic deployment, but not with product development or reward.
  • Poor statistics around embedding risk management into core functions.
  • Two thirds of Life respondents noting that a lack of "early warning capabilities" impedes emerging risk management.
  • Over half of Life companies said investment benefits ("above and beyond" continued compliance with regulations) would come from better reporting and better integration of Risk and Finance.
There is some of the softer stuff on aspirational elements of risk management thinking at the back, but if you just want to check against your peers, you can save that for a rainy day.


Omnibus II text released - first casualties emerging?

It was left to COREPER to announce that the Council and Parliament have agreed on the compromise text for Omnibus II, leaving the formality (!) of the Plenary vote on February 25th as the final hurdle before, well, the next set of hurdles. But here she is - 156 pages of over-masticated Eurobelch that has held the authors hostage for years like a slaphead in Rapunzel's spare room...

Omnibus II draftsmen - you're free to go
Chris Finney has already picked a couple of bones out of it, which look good for any EU multinationals with non-equivalent subs on the face of it. I'm not inclined to peel it apart on screen (I'm sure someone will do that for us in the next couple of days), but since the Commission's original proposal we do get;

  • An enormous amount of preamble to factor in EIOPA's new role, which gets more elaborate with every paragraph,
  • References to IAIS developments for future considerations on the equivalence front (will that be enough to cover the States and Canada long-term?)
  • Some hard coding of references to "20% of market" for exemptions from reporting requirements,
  • Visibility of the drop dates being proposed for EIOPA to deliver implementing and regulatory technical standards to the Commission - a reasonable amount are due in less than a year, including on model approval and "major" model changes.

As EIOPA will be penning all technical standards for the Commission, and relations between the two seemingly cordial, we might assume that EIOPA's views (which were almost immovable during the consultation on their preparatory guidance) will inevitably come to the fore in the final set of implementing measures.

Whatever comes of it, it would appear that the trilogue negotiations haven't quite done the job for the German contingent, with Hr. Hufeld from BaFin suggesting there are "5 to 10" insurers under his watch in danger of failure, a week after the German Government referred to a "balanced package" of help for their (seemingly) beleaguered industry which will be introduced in early 2014.

"Das Gleichgewicht wird zum Verlust..."

Wednesday, 20 November 2013

Financial Stability Board - Principles for an Effective Risk Appetite

Christmas has come early everyone - the Financial Stability Board have released their Principles for an Effective Risk Appetite Framework today, and I'm greedily ripping in to it before JC's birthday like a spoilt, yet handsome child...

FSB's RAF Principles published
send the car back lads...
There has been a reasonable amount of traffic on Risk Appetite this year (here, here and here for a start), after the FSB but announced their consultation earlier in the year, I've been on tenterhooks. This was following of the back of a thematic review on Risk Governance as a whole by the FSB, which they published back in February.

So where do they take this deep dive into Risk Appetite? Other than awkwardly shoehorning in the soup de jour of "SIFIs", they stick to the hard areas which will get every risk practitioners' attention (namely, Risk Appetite Framework, Risk Appetite Statements, Risk Limits and Roles and Responsibilities), though "for clarity and simplicity", they jettison the use of Risk Tolerance. Definitions are supplied on p2-3, which you may find useful as anchor references.

They somehow make room for anodyne flannel in this very short document, for example;

Risk Appetite Frameworks
  • Should "facilitate embedding risk appetite into the financial institution’s risk culture
  • Development and establishment is an "...iterative and evolutionary process that requires ongoing dialogue throughout the financial institution to attain buy-in across the organisation" (groan)
Risk Appetite Statements
  • "Risk appetite may not necessarily be expressed in a single document; however, the way it is expressed and the manner in which multiple documents form a “coherent whole” need to be carefully reviewed to ensure that the board obtains a holistic, but compact and easy to absorb, view of the financial institution’s risk appetite"
Risk Limits
  • "Having risk limits that are measurable can prevent a financial institution from unknowingly exceeding its risk capacity as market conditions change and be an effective defence against excessive risk-taking" - tell that to Lehmans!
However, the salient points for me were as follows;

Risk Appetite Frameworks

  • RAF "...sets the financial institution’s risk profile" - not convinced on that one, but may be semantic issue
  • "explicitly defines the boundaries within which management is expected to operate when pursuing the institution’s business strategy"
  • Should "be adaptable to changing business and market conditions" to allow for limit increases where appropriate


Risk Appetite Statements

  • "[should] address the institution’s material risks under both normal and stressed market and macroeconomic conditions"
  • "...should establish quantitative measures of loss or negative outcomes that can be aggregated and disaggregated"
  • "...include key background information and assumptions"
  • "...include quantitative measures that can be translated into risk limits"
  • "...be forward looking and, where applicable, subject to scenario and stress testing"

Risk Limits

  • "[should] be set at a level to constrain risk-taking within risk appetite"
  • "...should not be strictly based on comparison to peers or default to regulatory limits"
  • "[should] not be overly complicated, ambiguous, or subjective"

Roles and Responsibilities

The Board

  • ...must establish the institution-wide RAF and approve the risk appetite statement, which is developed in collaboration with the chief executive officer (CEO), chief risk officer (CRO) and chief financial officer (CFO)
  • FSB specifically comment that Boards who "receive" or "note" Risk Appetite Statements have a lower understanding of risk appetite (so don't sponsor it!)
  • " [should] regularly review and monitor the actual risk profile and risk limits against the agreed levels (e.g. by business line, legal entity, product, risk category), "including qualitative measures of conduct risk"
  • " [should] ensure risk management is supported by adequate and robust IT and MIS to 
  • enable identification, measurement, assessment and reporting of risk in a timely 
  • and accurate manner."
CEO should
  • "...be accountable, together with the CRO, CFO, and business lines for the integrity of the RAF"
  • "...ensure that the institution-wide risk appetite statement is implemented by senior management"
  • "...provide leadership in communicating risk appetite to internal and external stakeholders" 
  • "...establish a policy for notifying the board and the supervisor of serious breaches of risk limits and unexpected material risk exposures"

While there are specific sections for the obligations of CRO, CFO, Internal Audit and Business Unit Management, they don't necessarily expand much further than what I consider to be normal functional expectations, so I haven't elaborated on them.

One should certainly therefore expect a much more aggressive approach from supervisors in future off the back of this - combing through strategy and board papers for evidence of Risk Appetite in application, and making sure that Risk Appetite Statements are not just 'rubber stamped', for example.

I certainly don't see much in this for stakeholders. Nothing particularly new is brought to the table here, and if this is the results of peer review and shared experiences, then clearly there is concurrence on how an RAF should be constructed, what a RAS looks like, and who should do what in regard to continuous monitoring.

The skill will be for risk practitioners to convince their CEOs/NEDs that, this is no longer a sidecar activity in the ERM best practice space, but a nascent global minimum standard which will invariably surface in national regulations in the forthcoming moths and years.

Fit and Proper Persons in financial services - judge not, lest ye be judged

A quick note on the high-profile leadership-related crises which have reared their heads over the last couple of weeks, and whether the risk management professionals of the world can learn from them.

Two stories related to the flip-side of the kind of driven, charismatic figures that can progress rapidly through their chosen careers while coping with some rather spectacular character flaws. One being the ex-Chair of the UK's Co-operative Bank (already in financial turmoil), caught in a drugs and prostitutes sting this week, which has followed on from the city mayor of Toronto, who has been drawn into a similar web of videotaped misbehaviours.

Sticking with the financial services example, we have a number of issues which should interest the risk pros;

Some elements of the story are dominating the headlines, such as the gender of the prostitutes, the type of drugs used, or the fact that the Co-operative movement, purporting to have a higher calling than the soul-hoovering plcs, should perhaps be impervious to such matters. 

For me, we have a straigthtforward case of significant internal control failings across departments, a failure to hold senior management to account when breaching internal policies, and a very strong working example of a reverse stress test, combining a number of risk factors which in concert deliver a failed business model. On that basis, I would think that the business-as-usual risk teams across the country will be analysing this one until the cows come home.

How much of a bum-paddling the FSA/PRA deserve on this is another matter. Whether light-touch or prescriptive, I think regulators in many countries will wince at the details of the approval of Rev. Flowers' appointment once this one plays out at Treasury Select Committee over the coming weeks (I have no insider information, but let's face it, we'll be watching through our fingers!). 

For context however, in 2009 the FSA (as it was then) made a formal submission to the TSC addressing many of the failings uncovered by the retreating tide post-Lehmans/Bear Stearns/Northern Rock, and what Hector Sants & Co had planned to make up the shortfall. 

The TSC made a number of comments (sandwiched within the FSA's submission) which are worth highlighting today - I have emphasised the parts which should now echo in eternity;

The FSA's assessment of whether senior bankers were fit and proper for their posts appears to have been little more than a tick-box formality, unless the applicant had a criminal record or gave some other evidence of a shady past. That bar was demonstrably set too low. We welcome the acknowledgement from the FSA that a candidate's competence, as well as their probity, will now be thoroughly reviewed before taking up a senior post in a bank. We recognise that there may be some dangers in the FSA assessing competence, not least because the FSA will become exposed to accusations of incompetence itself, if it makes a wrong judgement

We recommend that the FSA assess whether bank executives should possess relevant qualifications. We would like to see banking qualifications become one of the core indicators against which the FSA can assess a candidate's competence. If a candidate has no relevant qualifications, the onus should be on them to prove to the FSA that they have relevant compensatory experience
And from the PRA themselves...
We strongly agree that it is important for bank executives to have the right level of skills and experience. As noted above, we have recently written to all CEOs of relationship-managed firms reminding them that it remains the firm's responsibility to ensure that the candidates they put forward are fit and proper to perform the role in question, and that firms should, therefore, have robust recruitment, referencing and due diligence processes in place
It was only three years ago - at what point do we (grim pun intended) practice what we preach on corporate governance in financial services?

Thursday, 14 November 2013

Omnibus II a done deal - Greens left feeling, errr, green?

So, having become bored with collapsing into their own tedium like a room-temperature flan, the Omnibus II negotiations reached an inevitably grim climax yesterday, with a deal bashed out to everyone's mutual distaste at the last possible minute - the basic details are here from the European Commission.  

Bearing in mind the volume of noise on the subject over the last 24 hours in particular, I figured I'd better pull a consolidation post together for my own benefit if nothing else!

The highlights are (apparently - no text released as yet);
  1. Transitional measures extended for 16 years
  2. Massive equivalence carve out (10 year "temporary" renewable facility)
  3. Transposition date moved to end-March 2015
  4. Matching adjustments and volatility adjustments more generous to the industry than recommended
  5. The generosity of those adjustments countered by some qualitative measures around planning and disclosure.
Winners?
  • Industry - Allianz's CFO rather boldly speaks on behalf of the entire European Insurance Industry, stating the deal is "...ambitious but acceptable". Prudential's CEO thinks it is "great progress" and "a good package", while Talanx "welcome the decision very much".
  • Heavily indebted governments and companies - Burkhard Balz is happy to trumpet that "...we have also ensured that insurance companies will be able to continue to fulfil their role as long-term investors" through the lengthened transitionals and juicy adjustments. This will hopefully encourage insurers to splash some cash on long-term debt instruments and infrastructure projects where they may otherwise have stayed shorter-term.
  • EIOPA - While they were happy to simply "welcome" the agreement, Sharon Bowles emphasises that "This marks the point at which Eiopa becomes fully fledged".
  • Sharon Bowles - has surely enhanced her reputation by finally landing the most fraught European negotiation since the Abba reunion.
  • Consultancies - will surely use the "tight timescale" routine to press gang the nation's NEDs and Execs into writing one more cheque.
Ambivalent?
  • Insurance Europe didn't have much to say, other than acknowledging that the deal is not ideal, though provides a "workable base". They remain concerned about the "ambitious timetable".
  • Groupe Consultatif also reinforce their continued support.
  • The European Council apparently couldn't be bothered to send a big hitter to trumpet the big news, leaving it to one of the COREPER lads (well, an ambassador)!
Losers?

The Left - while it is no surprise that Sven and the Greens were left sulking (and doesn't the boy blog well!), the extent of his rancour, whether Party line or personal, doesn't augur well for when he and the ECON crew take it through Plenary, for example noting that the deal;
  • "...[is a] flagrant violation of common market principles"
  • "...[is a] grab bag of goodies"
  • "...ignores the advice of the European Systemic Risk Board"
  • "...resulted in the EP adopting a far more industry-friendly package in self-denial of the original mandate voted by ECON "
Perhaps most bitterly, he then promises to "...personally make sure that all companies making use of the agreed privileges will be named and shamed on a website including their brands and the billions of missing capital". 

You don't want to make the Greens angry now, do you...