The Cure - to tolerance breaches? |
This document should clarify whether that caution is justified, and with 48 responses from the top table, it should be a reliable benchmarking tool. Despite starting like a GCSE essay ("the topic of Risk Appetite has exploded"?), it contains some useful, if a little dry, benchmarks, such as;
- Principles for a RAF (p3-4) - hard to argue with
- Main goals - dominated by preserving capital, while only a third are looking to "improve shareholder value" or "optimise capital"
- Main stakeholder list (p5) seems good in breadth and priority
- Almost everyone is using regulatory capital in some way as a Risk Tolerance measure (p9)
- Stress and Scenario testing is being used by 80% to set Risk Tolerance levels, which feels at the right end of expectations
- 60% report quarterly, with most others slightly more or less frequent
- One of the main objectives cited (p4) seem to be centre around boiling down things into a single document. I appreciate that pressure, but surely we feel that a RAF has a more substantial objective that document consolidation?
- "Development of a Risk Appetite Statement is an evolution" (p6) - don't agree at all, it is a task, otherwise it would never get done.
- Coverage of Risk Appetite Statements as "regulatory requirements", in particular under Solvency II. Just because the industry is choosing to discharge its obligations in EIOPA's Guidelines (SoG 15 & 16) by producing a single statement document, it doesn't make a Risk Appetite Statement a requirement.
- Less than half are using a "1-in-x" loss that would breach regulatory capital in their Risk Tolerances - just feels like a very obvious one to use, so suprised by that number
- Difficulties for Groups when setting risk appetite. Does the parent/head-office set overall appetite, and the children sub-divide it by business unit/risk category/Both? Do the children set their own appetites and feed them up for aggregation?
- Listing Risk Concentration targets looks awkward across the board (p5). While firms seem to be able to quantify Liquidity and Capital targets in their Risk Appetite Statements, other categories are much less consistently quantified. Market, Credit and Insurance Risk appear to be quantified by less than a third of respondents, preferring to address these in separate policies/guidelines (a Solvency II by-product perhaps?).
- Setting Risk Tolerance levels is highlighted as a "minor" improvement required by over 60% of respondents.
- There is a veritable bombsite of Earnings at Risk metrics in use, which is healthy for the industry I guess (p10).
- What does one do when Risk Tolerance level is breached? Around a third are not OK with limit breaches and demand immediate rectification, while two thirds allow for a "Cure Period" to return the Risk Profile to its required form. A "Cure Period" seems the fairest breach rectification approach to me - after all, I don't care if Monday's blue...