Towers Watson's Global ERM Survey - Knowing ERM, Knowing You...

A couple of treats from two of the powerhouses of the 'writing things down' industry on the practical use of ERM to drive decision making, rather than simply accompany it.

Towers Watson are targeting the Solvency II audience (at least on this side of the Atlantic) with a timely release of the results of their 8th Biennial Global ERM Survey. I say the results, as there is no sign of the full survey itself - any closer to their chest, it would be an areola's backpack...

As ever, these kinds of publications oscillate between flannel and insight, so while I cover those below, feel free to read the infographic and call it quits!

General observations from the main press release include;

• Three-quarters of (the almost 400) respondents say they are viewed as "important strategic partners" by the Board and Executive - I'm less inclined to see that as a mark of superiority, given that risk functions in some firms won't have the ambition or aptitude to achieve that status
• Implication that some respondents do not have a risk appetite framework in place - very worrying, unless this is just bad wording.
• Some firms said to be only "...using ERM for regulatory compliance". It may depend on jurisdiction, but I'm not inclined to agree that is even possible.
• The "ultimate vision" for a firm's ERM capabilities is referred to, which is a brow furrer, even conceptually. TW seem to bundle up risk culture, risk monitoring and risk tolerance into the "Vision" bucket, in case that term takes your fancy.
• The expression "very strategic approach" appears in print for the first time!

Getting Value from ERM?
- "Kiss my Face"

From the more elaborate Q&A document, we find the main granular material which TW were prepared to publish. Fortunately for readers this side of the Atlantic, the EMEA Director Mike Wilkinson holds sway over much of that conversation, including his tale of the firm who recently had an ERM/Business Strategy-inspired "Aha" moment.

That session contains a fair bit of contention, such as;

• Asking the questions "What's the purpose of risk management" or indeed the "purpose of your ERM Program" in the Q&A - if these had been directed to the respondents themselves, it would have contextualised a number of the seemingly negative responses i.e. If the purpose of your ERM Program is "don't get shut down", you are probably less bothered about being a "strategic partner"!
• That the business should "...challenge the risk group to create reports that help them make decisions" - Excel Jockey is hardly the work of a strategic partner...
• In a similar vein, that insurers are "drowning in data, drowning in metrics" - hardly a new phenomenon, and doesn't give any credit to the critical faculties of employees to filter what they do have.
• "...many [internal capital] models have matured" - a sharp intake of breath can be heard down at Moorgate!
• That "...an ERM Program can't properly be assessed until it has been in place for a while" - pretty sure the S&P crowd wouldn't hold off assessing you while you "embed"

Mike in particular does manage to keep a good focus throughout the Q&A on maximising trade-offs between risk and return being the big differentiator between Risk functions who are capable of influencing strategic decision making, and those who are perhaps more likely to be tabling red-amber-green reports tracking the outcomes of decisions which have already been made.

Other strong points include;

• In the context of Risk Tolerance, how to cater for the discretion required by an insurer's asset managers in handling investment portfolios.
• Touches on a couple of pieces which stood out in the CRO Forum's Risk Appetite publication last month, namely around the increasing number of measures being used to run businesses other than capital, allowance of movement within risk tolerance levels, and whether firms have effectively articulated their organisation-wide Risk Appetite and Risk Tolerance limits down into its subsidiaries/departments.

One aspect which gnawed at me throughout this reading is the constant referrals to "ERM Programs" - I don't think I am bathing in semantics to suggest that Programs normally start and end, whilst ERM would surely constitute a Framework. You might choose to redecorate the Framework periodically with a Program (Solvency II a prime example), but you wouldn't expect a Program to "mature" or "evolve", you expect it to conclude!

Nitpicking?

Towers Watson - 'Risk Appetite revisited' (did we ever leave it?)

I have been doing a little work on Risk Appetite in the background recently, so was intrigued to have a read through this recent release by Towers Watson on the subject, seemingly targeted at North American and UK markets, but relevant to any practitioner in this space. Somehow I wasn't put off by p6 when, in response to the hypothetical question 'What is Risk Appetite', they responded with, "...we do not want to focus too much on the issue..."!

Appetite - second helpings?

I had blogged earlier this year on Risk Appetite, covering the expectations of EIOPA on the matter (which are few), as well as the more pokey/proddy stakeholders like the PRA/Central Bank of Ireland/S&P (which are several!), so the backdrop of risk appetite's practical significance to insurers doesn't need to be repeated here, more how consultants and practitioners are improving their game on the ground. Worth noting here that a few of the other consultancies have proffered their two cents on the matter over the last year or so (here, here, and here).

While interest in 'risk appetite' is currently piqued at governmental level thanks to the forensic examination of the banking industry's failings (multiple references in Parliamentary Commission evidence here and here for example), the driver of activity in the UK and Ireland is predominantly from the regulatory compliance perspective rather than expectations of bespoke, strategy-driving activity. In addition, we now see the emergence of Internal Audit as a party with a vested interest in the matter, which has the potential to draw the subject even more to a tidy, but ultimately superfluous documentation exercise.

With that in mind, Towers note that this paper is focused on "...enhancing risk appetite by improving its articulation, via clearer linkages to mission and strategy", and a rather derisive tone is therefore applied throughout regarding the familiar quantification methods preferred by regulators to monitor likelihood of insolvency in the next 12 months, giving equal billing to non-monetary capital and qualitative measurements. The paper also crosses some familiar ground, such as a lack of consistent terminology, which it tries to address (below).

Oddly, the document does not reference the FSB's thematic review of risk governance earlier this year, which will surely drive efforts in this space in the medium term, if only due to the paucity of certainty on the subject. That the FSB believe that regulators have "more work to do" is striking, and while they also bemoan the lack of common terminology, they don't let that prevent them from offering definitions of their own, as well as listing their "Key features" of a Risk Appetite Framework.

More obvious statements

• "..clearer linkages are needed to mission and strategy for risk appetite to be effective"
• "risk appetites must include boundary constraints"
• "We suggested that greater clarity around the definition of risk is needed..."

Definitions

• Risk - "In this context, risk should be defined in terms of those events and circumstances that may result in an insurer failing to deliver on its mission."
• Risk appetite - "...the manner in which a company expresses an identified set of risk-trading opportunities, and sets boundaries on its risk-trading among those opportunities, aligned with successfully delivering on its mission."
• Risk strategy - "The company’s risk strategy articulates how risk fits with the mission".
• Risk tolerance - "Risk tolerances are a quantitative extension of the risk strategy...risk tolerances must be measurable...[and] place quantitative boundaries on the company’s strategy"
• Risk limits - "Risk limits are more granular tolerance levels expressed for specific risk sources, business units, and/or products that are used to implement the risk tolerances."
• Risk appetite statement - "...risk appetite statements should be taken as the combination of risk strategy tolerances and preferences, bringing together qualitative and quantitative enterprise perspectives on risk as both opportunity and threat."
• Mission - "mission is the insurer’s unique multi-period and multi-stakeholder value creation proposition."

Technical suggestions

• They promote four facets of risk assessment: size, likelihood, impact and significance.
• For those working on statement content, they recommend "...since published mission statements can be fairly terse, the risk appetite may need to look beyond the explicit elements of the mission and consider elements that are implicit." Instinctively that feels unfair, but I guess the world of implicity is one for the second line to inhabit, while the first line concentrate on value-adding.
• Concept of adaptive buffers sits nicely with me - the most visceral ones being economic capital and reinsurance/hedging/liquidity facilities, but TW attempt to expand that over qualitative areas of the risk appetite statement
• Risk preference ranking of 0-4 depicted at the back is a handy schematic

Sore points

• "Some take the view that risk appetite can be expressed as a single metric, or perhaps a small set of metrics, that capture the organisation’s willingness and ability to bear risk." - that 'some' would include the FSB, COSO, the Central Bank of Ireland and the IRM, so I wouldn't be too sniffy at efforts to-date
• "Much of the work to-date on risk appetite statements has been driven by solvency supervision requirements, many statements tend to focus primarily on potential losses of capital"- a natural and by no means unwelcome by-product of having regulators in the box-seat, as opposed to stakeholders combining their efforts to establish compulsory risk appetite statement content?
• "While most insurers have, by now, developed risk appetite policy statements and discussed them with their boards, many have expressed dissatisfaction with the exercise" - that feels a rather loose statement, and if true says more about the personnel charged with performing the work.

I'll take a look at the diversity of definition in the risk appetite space across different bodies in a separate post - for now, just enjoy this tidy piece of work for what it is.

Towers Watson on US ORSA, Economic Capital and modelling trends

Towers have released a few decent bits of material of use to risk practitioners over the last couple of weeks which are worthy of comment. One on Economic Capital for Life Insurers is effectively a sales aid for their RiskAgility modelling software, but actually captures the drivers behind the UK's efforts to improve their ICA models to meet Solvency II requirements.

In particular the references to how firms ought to be making their model output 'useful' where they currently fall short (capital by business/risk/product, daily runs without running ALM models and ability to produce "what if" analysis) should be featuring highly on the agendas of both embedded use practitioners and AMSBs during 2013. Of course the sad part for any users of the software comes with the statement that RiskAgility is built "...specifically to deliver monte carlo simulation of 1 year VaR economic capital" - love to hear how the lack of multi-year is being dealt with in firm's ORSAs!

A second publication on ORSA preparedness in North America is also worth a read, even if only for us EU-based practitioners to have an opportunity to live vicariously through a country which will actually get it implemented! It is a relatively small quantum of respondents (mostly CFOs), and around half think they will be exempt on size grounds, but the perceptions which emerge are still valid, and one should be prepared to encounter this either side of the Atlantic;

• 21% see it as a compliance exercise, while 60% think it will improve ERM and capital/strategic planning
• Only 22% see their prevailing ERM frameworks tightly liked to strategic and capital planning
• Only 40% are ready to implement an ORSA in the next 6-12 months
• Concerns remain around resource requirements for educating "key personnel" and directors/C-suite - 45% and 66% respectively felt they have work to do in this area without necessarily having enough staff to do so.
• 13% of respondents didn't see their risk management departments contributing to the ORSA process (I'll get my coat then...)
• 3 year projection of capital requirements is the most common planning period envisaged

The same North American slant is then given to a financial modelling survey, which gives us another chance to peek over the fence. They found the following;

• Reasonable amount of dissatisfaction around run-times
• Around half planning to change their model governance processes in the near future

Looks like the NAIC/EIOPA covergence work should be a walk in the park then, at least on these topic...

ORSA Presentation to Society of Actuaries in Ireland by Towers Watson

Nice and swift - TW's finest laid on a presentation to the Society of Actuaries over on the Emerald Isle on engaging the business in Solvency II through the ORSA.

Not really anything to dispute in this, bearing in mind we have had all the guidance that the EU institutions are prepared to give on the matter, but some interesting reference points on

• ORSA-type activity in other jurisdictions,
• Operationalising (my made-up word, not theirs!) risk appetite,
• Creating a positive risk culture,
• Modelling considerations, plus a nice slide on the difference in scope between "current actuarial models" that just spew out TPs and internal models 
• An ORSA 'health check'

Obviously cheaper to administer these views/tools yourselves than call the lads in, but if your wallet can stand it, they clearly know their onions!

Capital Management in the new regulatory environment - Towers Watson

A cracking piece from TW on capital management in Solvency II context, highlighting a number of critical areas for consideration as we approach ORSA public consultation. I noted;

• Experience of the Swiss Solvency Test on capital, which TW suggest caused such an immediate shift in capital strategies to accomodate (i.e de-risking Asset/Liability mismatches and purchasing additional reinsurance), that one's current capital plans should be revisited for future-state appropriateness , and not just taken as read.
• A suite of 7 key questions on capital management - all of these worth asking at any juncture, but even more so now.
• The capital management toolbox depicted is worth considering in the context of potential management actions in the ORSA
• Big section of branching and redomiciling, in the context of (publicly commented on by the head of the Irish regulator) "hub and spoke" approaches to reducing capital requirements, in the absence of the Group Support elements of early Solvency II drafts. The Central Bank is having to think specifically about the practicalities of supervising such arrangements, I guess on the premise that, with 12.5% corporation tax, they might be the main landing area for such schemes!

All in all a very good, and very timely effort

Towers Watson paper on Extreme Risks - useful for Reverse Stress Testing

For anyone who has reverse stress testing on their agenda, this release from Towers Watson should help you on the "unlikely but extreme" events front.

They categorise these events into three types - Financial, Economic and "Other" (being environmental and political), and provide 15 solid risk events, some ideas on ranking, hedging and parameterising impact and likelihood., all of which are valid in the face of a lack of guidance from EIOPA on the subject at this juncture (remember ORSA requirements!).

Certainly worth using in your next FSA-driven reverse stress testing exercise if you are UK-based, and considering in the context of the forthcoming public consultation on ORSA for the rest of you Euro-landers.

The evolving role of the Actuary - Towers Watson insights

A little more on developments in the Actuarial function under Solvency II, this time from Towers Watson.Worth looking out for more material from the "European Actuarial Director's Forum", but they provide the gist in this doc, most notably (on the future of the function);

• "Growing need for company boards to receive and understand risk information and data" seen as a likely workload increaser
• "Up-skilling" may be required for some actuaries to provide the opinions on underwriting and reinsurance policies (was surprised at this, but these are EU-wide findings)
• Requirements for separating "operating" and "controlling" functions to ensure independence, as well as (potential) whistle-blowing requirements still to be decided
• Concern that supervisors may provide stronger challenge on undertakings with combined Actuarial & Risk functions
• Pretty even spread of "biggest challenges" to the function - only 19% had "contribution to the risk management system" as their number 1
• Spectacularly aggressive comment from Axa's Chief Risk Officer - "Risk management is too important to leave to the risk management function"
• Small fear that restrictions on who can head the function may be relaxed due to the legislative ambiguity
• Around 60% looking to reorganise their Actuarial function
• Three quarters of respondents have Risk and Actuarial function positioning as a "significant issue", with various states of preparation
• Towers Watson drop in their idea of industrialising actuarial process and output in order to aid with all of these concerns (i.e freeing up actuarial resource for the new Solvency II remit, including the land grab in the risk function already discussed on this blog)
• Both Solvency II and IFRS cited in the summary as reasons why the function may not only be considered "purely technical specialists", but also develop into a "wider business advisory role in relation to risk management".

Follow up on Towers Watson paper

Following up on yesterday's post, Towers Watson threw in a supplementary paper to help support the quantification of value from an ERM programme (although the flaws identified in the responses from some recipients should be borne in mind, namley that more thought they had a ERM programme than had defined their Risk Appetite!)

Whilst it is not cricket to use the recipient percentages to support TW's arguments when only 2% of those invited actually participated, they have some cogent points in this doc, namely;

• Desire to quantify starts with moving away from heat maps and annual risk assessments
• Defining risk as "exposure to an adverse deviation from an expected result" - simple but strong
• Risk Appetite Statements representing "integral governance steering mechanisms" - true under full ERM and Solvency II-specific approaches
• Key Risk Indicators should be reviewed more than annually