CRO Forum's Principles on Operational Risk Measurement - "Quant touch this"...

Hammer Time?
Current efforts in Op Risk quantification

Despite practitioners efforts over the last few years, Operational Risk continues to live on starvation rations when it comes to considered quantification. Never treated as an alpha-topic by executives inside insurance institutions, it has been treated with similar indifference by legislators, culminating in the  "totally inadequate" take-a-percentage methodology for calculating Operational Risk capital in the Standard Formula.

Internal Modellers on the whole are not likely to be shaming that technique with their efforts either (basic summary of their problems here, while InsuranceERM cover struggles as a whole with a roundtable here). A paucity of operational risk event (and near miss) data within firms may be good news for ORIC as a vendor, but from a parameter and data uncertainty perspective, it leaves internal model operators and validators in an invidious position, particularly due to the quantum of insurers' capital likely to be involved (10%, give or take?).

It's not that the actuarial world hasn't taken a stab at it before (here), aren't fully aware of the data holes (here), or haven't used the word "Bayesian" in a sentence (here). However an activity which was "in its infancy" in the UK as far back as 2005, is surely now old enough to be working in the mines...

I was therefore happy to see the unprolific-yet-important CRO Forum bring a white paper to the table, Principles of Operational Risk Management and Measurement. It is an update to a 2009 version which takes into account Solvency II demands, as well as developing practice within insurers over the period, the suggestion being that 2009's efforts were a little too Banking Industry-influenced.

While this document might feel at outset like an idiot's guide to "quanting" operational risk (and bearing in mind the number of prospective standard formula applicants - 9 out of 10 in UK - one may be needed soon!), the document touches on a number of noteworthy technical matters, in particular;

• The Definition section doesn't read well, but they have attempted to include outcomes other than monetary loss into the Op Risk definition, which from experience will improve discourse within firms. Are they attempting to squeeze strategic and reputational risks into this box though?
• Nice coverage of Boundary Events, and encouraging firms to consider them in their management of Op Risk.
• Very specific treatment of Risk Tolerance throughout, using it in preference to Risk Appetite. This is because it cannot be avoided, and so tolerance levels should be used to trigger "RAG"-type reporting up the chain. Nice work, and well justified, but I have certainly seen the expression "Zero Appetite" used for Op Risk, so no doubt this is not an industry standard perspective yet! (p5-6)
• No problems with their coverage of tried and tested techniques - "Top Down", RCSA's & Loss Event analysis (p9-10)
• Nice turn of phrase regarding emerging risks on p9 - "...assess the proximity of new risks to the organisation". It may need to include an attempt to quantify to be fully useful for ORSA purposes.
• Concept of residual risk arrives quite late in the day, but isn't omitted. Important, given how much qualitative, or spuriously quantitative, material is being promoted as aiding this measurement work (p10)
• Seem to accept at the bottom of p10 that Internal Modellers must do more than curve fit on internal Op Risk Event data - good news I guess.
• Internal Model validation pressures on current Op Risk quantification practices flagged directly (p16 in particular)
• Guidelines on embedding Op Risk monitoring processes highlight just how much work some practitioners are managing to cover (p11). Quite disheartening for those with smaller budgets.

Ther are a few points to make on section B around quantification:

• Pretty scathing on Standard Formula relevance. (p14)
• Scenario Analysis sold as something of a panacea to cure the ills of incomplete Op Risk Event data sets, but no mention of the biases which seem to permeate the creation of the scenarios, which is sadly a hostage to the invitee list. (p14)
• Expand more on scenario analysis, bringing the "severe but plausible" terminology to the table (p15)

As well as the following generic comments;

• Is risk measurement - "a tool for embedding risk culture in the organisation"? I would say so, particularly in the Op Risk arena, where decision makers will need to be involved at scenario-compilation time.
• That said, they then go on to reference "senior management sign-off" of scenario work, which is somewhat contradictory!
• Overweight in references to "culture" and "tone at the top", like most white papers these days (see the FRC's efforts from the other week). Playing with fire as a profession by shoehorning references to "culture" into everything.
• A couple of horror-show schematics used on pages 7 and 8 - the Forum must know how much time risk professionals lose walking non-experts through things like this. They serve no purpose, and detract from surrounding text.
• Attempt on p9 to solicit business for ORIC?

It was Professor Jagger who accurately prophesised "You can't always get what you Quant" - I'd say the Risk profession concurs, based on these very welcome principles.

FRC on Risk Management and Internal Control disclosure - insurers way ahead?

Muddy Waters
- public disclosure on Risk

The UK's Financial Reporting Council have released guidance on Risk Management, Internal Control and related reporting, just in time to help muddy the waters for UK insurers, who have no doubt finally got their risk, actuarial and compliance functions writing non-conflicting words with Solvency II preparation in mind!

Anyone who has written, peer-reviewed or socially read these sections of public reports (i.e. me, and any other geeks), will know they are normally;

• Boiler-plate, and completely transferrable between industries, regardless of their disparate risk profiles
• Aligned to the Strategy sections with a few anchor words, but otherwise divorced
• Frequently unaligned with the ERM frameworks used internally - i.e. "this is what the City wants to read", not material on our actual risk profile!

Given that this is only guidance, and is further only directly relevant to LSE listed entities, readers may be inclined to take the content with a fistful of salt. There are a number of noteworthy aspects to this publication however which maybe show where the mindset of supervisory-types has got to in the eight or so years since the financial crisis commenced.

 I took the following general points from it;

• Very little for listed insurers to be concerned about, if they have prepared adequately for ORSA and supervisory reporting (SFCR, RSR) - indeed, their reporting teams will be delighted with the amount of content crossover! Check out the (still not finalised) Delegated Acts of Solvency II in order to see why listed Insurers won't need to stretch to meet these.
• Frequent references to "culture", as opposed to "risk culture". Checking the FSB's take on Risk Culture from April of this year, one can appreciate the FRC's desire to gemmy culture into these guidelines, if perhaps not the execution - one fears the "culture" words are likely to become a little weasely.
• Multiple crossovers into ORSA language, in particular re-emphasising the importance of the alignment of risk management with business strategy.
• Good work in section 4, bringing in the "IMMMR" concept from Solvency II, as well as assessment of current and emerging risks, and assessing exogenous and endogenous risks when doing so.
• Recommend that risk assessments are performed at inherent and residual level, and that control effectiveness is also considered when arriving at one's final assessment

On the technical front, the following elements caught my eye

• "Emerging principal risks" used as an expression - not sure if that stands up to scrutiny i.e. if something is emerging, can it be a "principal" anything? How would you measure it to gauge "principality"?
• Reference to "high profile failures in risk management" in recent years, which feels a little finger-pointy - we could deconstruct every corporate failure to one of risk management failure
• "Risk Appetite" put into inverted commas within the guidance, but not in the appendices - can't quite work out the aversion to definition given the FSB's work to date at the very least, but certainly EIOPA have similarly dodged it (p59), and looking at Appendix 1 of the Irish regulator's thought paper on Risk Appetite, one can see why!
• "It is the role of management to implement and take day-to-day responsibility for board policies on risk management and internal control" - really? responsibility for their implementation, sure, but policy content?

The PRA and Insurer Business Model Analysis - emerging risks into capital add-ons?

A rather revealing "topical article" was pushed out by our pals at the PRA this week, mouthwateringly titled "The role of business model analysis in the supervision of insurers".

I obviously threw my Woman's Weekly professional reading materials to one side in order to see how much juice there was in this particular fruit, and it is certainly worth a glance for anyone in the risk management game, if only for the idiot's guide to Life and General insurer business models it provides!

Ironically, in the Life Insurer case (where they have chosen 'non-standard annuities' as a paradigm-changing product offering), they weren't able to forecast yesterday's scuppering of the UK annuities market in its entirety in their business model analysis!

It actually reads as quite a good case study in how we should be conducting emerging risk assessment against one's prevailing strategy, walking through specific changes in the operating environments of Life and General Insurers driven by both exogenous and endogenous factors.

With the price comparison website example, it is a good example of how a strategic risk filters down into second order risks which require reconsideration. The annuity example shows how the impact of competitors can impact both existing new business streams and the risk profile of one's existing book.

There is evidently an enormous emphasis being paid in the regulator's BMA activity to those grim business school concepts no doubt already permeating your emerging risk assessment processes such as SWOT and PESTLE analysis, as well as what (in future) will be supplied under Solvency II, most notably Profit and Loss Attributions and ORSA supervisory reports. I'm sure we will see over the next couple of years how the PRA's demand for these very sensitive in-house outputs materialises into supervisory action!

What perhaps Risk and Capital Management functions should be particularly cautious of is the leitmotif of the PRA "responding pre-emptively" where they feel that profits are not aligned with the risks insurance firms are taking. The following quote is of particular concern, as I can't see how this and the ORSA supervisory report aren't sharing the same womb (my emphasis)!;

"...the results of a BMA exercise help to inform the PRA's expectations of a firm's financial and non-financial resources. For example, the PRA might raise capital requirements, or require a firm to improve its governance process, to address weaknesses identified by BMA"

Bearing in mind we are months away from the first glut of ORSA material being delivered to Moorgate's finest, is the industry about to fertilise an expensive new world of capital add-ons via supplementary business model disclosure?

I appreciate that it has been emphasised by the PRA (p8) that ORSAs, and their supervisory reports, simply cannot be used to set regulatory capital, but in the context of what is being stated by the BMA team here, would they really be ignored?

PwC and CSFI's 2013 Insurance Banana Skins survey - "Conduct Risk" firmly a la mode

Following on from the 2011 version, PwC and the Centre for the Study of Financial Innovation have pumped out another version of their Insurance Banana Skins survey, identifying how well the insurance industry feels it is prepared to handle a list of pre-identified risks. The average response on a scale of 1 to 5 was 2.97, which rather unrevealingly suggests the industry is averagely prepared to manage its collective risk profile.

EU Legislative process - not for vegans

This survey was conducted during March/April 2013, and elicited 662 responses from 54 countries, with two-thirds of respondents coming the insurance industry (the rest consultants/brokers etc). Almost half were European, so no surprises that the risks emerging from the regulatory environment were top of the pops for the second survey in a row. Solvency II gets a particularly flavoursome mention, with reference to its struggles to get through the "Brussels Sausage Machine"...

Bearing in mind the exquisite pressures being applied by the EU machinery to quantify risk, this publication is a welcome return to horizon scanning, qualitative assessment and emerging risk, all of which is handy for the ORSA posse, who according to recent surveys, should be all over this during 2013.

Some very interesting snippets emerge from the report, in particular;

• "Conduct Risk" - if ORSA was the new boy in 2012, then its 2013 counterpart is surely Conduct Risk, which I suspect didn't warrant a category of its own in many risk managers thinking until the return of twin peaks regulation in the UK. Conduct Risk has shot up the charts in its significance for insurers, now sitting 4th (from 18th last year)! Specifically, the suggestion that insurers are now "...looking beyond conduct risk as simply a compliance exercise" makes you wonder what some firms through were acceptable products in the last 10 years!
• "Guaranteed Products" - was not listed last time around, now jumps to number 6
• Actuarial Assumptions (which can easily mask the emergence of a number of the risks listed) unchanged at 12th
• Capital availability down from 2nd last time to 16th this year - interim period been spent squirrelling capital away, or happy that the onerous elements of Solvency II are (thanks to Germany) in the distant future?
• Reputational risk still in mid-table, at 14th

And sectoral/country specific;

• Surprisingly, the Life sector doesn't have actuarial assumptions in its top ten concerns
• Equally surprisingly, the non-life sector doesn't have regulation in its top ten concerns - clearly happy with their proposed Solvency II lot!
• That reputation doesn't feature in reinsurer's top ten - with customers likely to be eager yet more discerning  under Solvency II, one would think this is an area for enhancement in order to stand out from the similarly-rated crowd
• The quality of risk management appears to have spiked as a concern largely due to the emergence of emerging market firms into the space playing catch-up (on paper at least), as well as concerns that some firms are playing at risk management without making necessary adaptations to the prevailing risk culture.

Munich Re on Strategic Risk - ORSA food for thought

A thought-provoker from Munich Re for anyone in the business of Emerging Risk/'Top Down' risk review activity with this release called "Strategic Risk to Risk Strategy", which leans on the findings of the World Economic Forum's 2012 Risk Report to observe how the risks highlighted may compromise existing insurer strategies, as well as materialise into the thoughts of underwriters once sufficient data exists.

With coverage of "strategic risk" featuring in everyone's ORSA thoughts, as well as obligations around scenario analysis and reverse stress testing, there are some benchmarks in here that are worthy of consideration for practitioners. In particular;

Strategic Risk definition
Risk of making wrong business decisions, implementing decisions poorly, or being unable to adapt to changes in the operating environment


Subcategories of Strategic Risk

• Ineffective M&A
• Incorrect interpretation of external activity in a given market
• Decision making based on poor pricing/profitability assumptions
• Legal misinterpretation

Specific points

• In their opinion an insurer's risk strategy "goes beyond covering the risk capital requirement for a portfolio for the forthcoming financial year on the basis of valid models" to actually questioning and enhancing a company's business. I think most practitioners would agree that any documented risk strategy would look further forward than one-year! 
• That shortcomings around the evaluation of Strategic Risk "...are not so much of a question of the [informational] resources available", which are plentiful, nor are they especially time-pressured.
• They also include a definition of Reverse Stress Testing as scenarios which "endanger a company's business model as a whole" - interesting purely in the absence of an EU-driven definition to-date, as it tallies along with UK equivalent definitions.

An edited list of Strategic Risk scenarios is included (p3) which you may want to line up against your own activity in this field, and follow on by exploring which of these are within and outside of an insurer's sphere of influence. You might also benefit from the diagram on p6 on the main stakeholders in an insurance company which may influence your selection of strategic risk scenarios depending on your structure and business model. 

Reactions magazine - CRO Risk Forum - Solvency II and ERM opinion

I covered the last one of these releases from Reactions magazine this time last year on the basis that it had some good all round coverage of ERM and Solvency II from Europe's highest profile risk executives, and again they haven't disappointed.

This recent release again has a veritable Who's Who of European CROs providing their take on a range of matters, so is definitely worth your time. It covers most of today's hot topics, including SIFIs, ERM, Solvency II, ORSA (in US), Internal Modelling and Emerging Risk.

I've taken the following from it;

Hannover Re CRO

• "...experiencing increasing requirements for internal model approval" - strange one this, as they have already converted to a Societas Europaea, potentially driven by a wish to escape a more onerous challenge in this respect from Bafin and the FSA - doesn't therefore sound like that tactic is of much use!
• Their internal model is currently S&P ECM III-approved - detail on the significance of that available here for those not familiar with their methodology etc, but of course a positive review of an ECM will impact both S&P's assessment of a company's ERM framework, as well as the amount of capital required to sustain a particular rating.
• The CRO uses the cost of the Risk Function against the capital savings from an approved model as a demonstration of the function's value - in the absence of a range of alternatives, I guess it's worth a shot.
• As CRO, has a veto of decision making at executive committee level
• Comments in a rather peeved manner that current draft Level 3 proposals insist upon separately staffed and operationally independent compliance, risk and actuarial functions (they appear to have everything balled up into a second line of defence 'risk control unit'  - bit confused by this, but I'm guessing he has seen something behind closed doors, and rightly doesn't appreciate EIOPA determining how a company should be departmentally structured.

SCOR CRO

• The financial crisis "...has shown that the diversification of financial risks disappears in extreme situations"

Kiln CRO

• "Every generation of activity since [Level 1] has produced ever increasing requirements for documentation"
• "We are wallowing in paperwork"
• As with Hannover Re, they cite S&P internal model approval positively against the developing EIOPA/national requirements - only 40 pages required to evidence a standard sufficient for S&P 'model approval'
• They differentiate between Strategic Risk and Emerging Risk, with the latter seen positively as product development opportunities.

Protiviti - top risks for 2013

Nice piece of 'top risks' benchmarking for practitioners was pushed out this week by Protiviti - heavily US-centric, cross-industry (around 25% financial services, but all respondents are C-suite types), and the 'risks' are provided as a selection of 20 pre-written items, but the work has still got some mileage, even if I am far from convinved by the early statement that "...the first question an organisation seeks to answer in risk management is 'what are our most critical risks'" with no reference to their strategic objectives!

Let's take that as an editorial oversight, and pick through the highlights;

• Unsurprisingly, economic conditions and regulatory change/scrutiny are top of the financial services hitlist of 'top risks' (and indeed other industries)
• CROs and Chief Audit Executives were less likely to rate a risk "less significant" than their first-line counterparts - nest feathering or legitimate conservatism?
• Financial services considerably more likely to deploy additional resource to enhance risk management capabilities in the next year

There is also a "suggested questions for Boards" list at the back, which covers (albeit in a rather flannel-y fashion) the kind of items which emerged in the FSB's risk governance recommendations from earlier in the week, such as;

• Is the Board sufficiently involved in/informed of the risk assessment process regarding the implementation of strategy (mergers & acquisitions, new lines etc)?
• Is the MI around the Risk Profile sufficient?
• Is there an existing emerging risk management process?
• Is the risk profile consistent with risk appetite?

A decent piece to run through your NEDs at the very worst, and potentially of some use for your emerging risk/reverse stress testing activities for 2013.

Chartered Institute of Internal Auditors - recommendations for UK financial services

The Chartered Institute of Internal Auditors recently created a sub-committee to provide professional guidance "...designed to be a benchmark for effective internal audit in financial services in the UK", and they have just reported back with this feast of fun, which is a vital read for anyone working in control functions within financial services. The opinions they have used to create this guidance have been purloined not only from the profession itself, but also from other professions, regulatory bodies and executive/non-executive directors

They note in summary that there is "strong support for an unrestricted scope for internal audit", while drawing attention to disparity of opinion around matters such as: IA directly challenging strategy; IA reporting to Risk Committees (rather than audit committees) in certain instances; compulsory attendance of Chief Internal Auditors at Executive Committees; and the direction of managerial reporting lines.

The proposed guidance reads very much like the Corporate Governance Code, and is relatively light. It is broken into the following sections, where I have noted anything I found new or controversial alongside (my focus being predominantly scope creep into the Risk function's activity):

1. Role and Mandate of IA - increased focus on risk assessment and risk coverage adequacy
2. Scope and Priorities of IA - unrestricted scope ultimately advised; expected to "independently determine" key risks, and assess "the setting of, and adherence to, risk appetite"; assess the "risk and control culture"; allows for potential involvement of IA on "real time basis" in key corporate events (mergers, disposals, new lines of business etc)
3. Reporting results - factors in reporting obligations to both Risk and Audit Committees where appropriate, and builds in an expectation of an annual independent assessment of governance (which covers off one of the FSB's recommendations covered yesterday!)
4. Interaction with Risk, Compliance and Finance functions - nothing new
5. Independence and Authority - Chief Internal Auditor expected to be executive committee-equivalent, have the right to attend Excom, access to all MI, and report directly to either the Chairman of the Board, Audit Committee or at a push, Risk Committee. A secondary line to an executive director should only go to CEO
6. Resources - all resourcing decisions effectively divorced from the business, to reside with the Chief Internal Auditor and the Audit Committee
7. Quality assessment - external assessment of the function recommended periodically.
8. Relationships with regulators - nothing new
9. Wider considerations - expectation that the "tone at the top" of a firm should be what fosters acceptance of IA

Any controversy? Perhaps around the seniority of the Chief Internal Auditor, and their assessment of the setting of and adherence to Risk Appetite. I think my main concern as a risk practitioner would be the potential for differences of opinion around what constitutes "adequate" risk management, given the Internal Audit predeliction for COSO on all things risk-related, against the IRM or ISO31000. 

Let battle commence?

Clear Path Analysis - Solvency II "The Global Dimension"

This piece of research from the guys at Clear Path Analysis (sign up required) has been in the offing for a while, and as I covered their last impressive release on this blog (and I don't have a life :-( ), I've been looking forward to it...

There is certainly plenty in here to keep those of every persuasion entertained (with the sponsors as omnipresent as their funding permits!), but I've sectioned out highlights for my own benefit;

Foreword

• Solvency II "...clearly a step in the right direction" - oddly, not followed by a punchline...
• On the likelihood of Sol II remaining ahead of the IAIS approach to solvency regulation - "Asia no longer looks to the west for regulatory best practice", going on to cheekily recommend a cherry-picking approach

Barbara Ridpath - think tank CEO, on short-termism and regulation

• Highlights one (widely acknowledged) consequence of Solvency II being a disincentive to invest in long term and/or non-Sovereign debt instruments, which is not in the mandate of the regulations, or indeed the regulators.

Roundtable on un-level playing fields between EU and non-EU insurers - includes Standard Life Sol II lead

• Solvency II likely to weed out companies who can't handle the ongoing compliance cost from running EU operations
• Large piece on Canadian equivalence (of particular importance to Standard Life of course) and the practicalities of equivalence being neither sought nor at this point offered for a non-EEA wing of a EEA HQd insurer.
• Standard Life not happy with equivalence assessments running concurrently with IMAP, due (rightly) to the significance of a "yay" or a "nay" to the strategic thinking around non-EEA arms.
• Suggestion that Asia is looking harder at the IAIS approach as opposed to Solvency II for future direction

Data and Risk Reporting Interview - Dan Wilkinson, ERM head at Liberty Syndicates

• Increased formality around Data and Risk reporting, using both controls-focused and risk-focused approaches. Makes reference to a monthly management committee which takes reporting on data deficiency matters, which I have heard reference to on the circuit before, and certainly demonstrates that data inputs, whether for internal modelling or for strategic decision making, feature as a high priority, rather than taken as read.
• Notes that his employer is moving risk reporting away from the 1-in-200 VaR to "...more foreseeable points in the distribution", which we definitely like to hear in the ORSA world!
• Alludes to concerns around disclosing ORSA-related information to the outside world, which is an area yet to be adequately chewed over by regulators and industry quite yet, let alone ratings agencies, analysts etc
• "Sensible amount of proportionality" should be adopted when deciding what should be disclosed - is that a contradiction in terms, an oxymoron, or some other expression I can't quite lift off of Google!
• Sensibly stresses that an effective emerging risk policy should allow input and challenge at all levels of an organisation, when asked about internal models evolving with the risk profile of the business.
• "...biggest deliverable is cultural" - i.e. stripping back your long-since-gone consultancy friends' technical documentation (where required) in order to make it more accessible and free BAU staff to use the new facilities, be it a spruced up RMF or a full Internal Model - appreciate I may be doing myself a disservice by highlighting it!
• Didn't agree one bit with the comment that ORSA could "...inflate regulatory capital, based on rather speculative assumptions" - FSA have been pretty clear that ORSA has no bearing on required capital, appreciating the nuances around what they say and what actually transpires!
• Also wasn't massively sold on the comment that the ORSA "...should bring together information that is used within the business to allow analysis of medium term trends", unless of course he was cut off mid-sentence!

"Challenges of Pillar III" roundtable, focused seemingly on getting asset managers to pull their fingers out! Includes a CRO from an Italian insurer

• "Asset managers who are not willing or able to invest in appropriate data management and reporting systems will find it hard, if not impossible, to attract or retain insurance clients" - so there!
• Suggestion that "parts of the industry will have to get up to speed on" underlying assets which they are currently invested in for the look-through basis - I suspect that there are plenty of horror-stories to emerge once some CIOs and CFOs get a proper butchers at what some of their collectives are actually invested in, particularly with the advent of outsourcing investment management or just administration over the last decade or so...
• Note that ratings agency priorities over the near-term may focus more on differences between SF and IM-calculated SCRs and the impact of transitionals, rather than purely on SCR outcomes.
• Note that "Solvency II is effectively a lead in this area [transparency]", so no pre-conditions should be expected from ratings agencies
• Even bring up the old gripe that EEV/MCEV is still not understood well enough by agencies/analysts, so by implication there should be few worries about additional disclosures!

Considerations for Building a Diversified Investment Portfolio - Charles Pears from Insight Investment

Really accessible and well structured two-pager on portfolio diversification, of particular use to non-experts which covers

• Rationale for insurance companies looking for low risk returns;
• Risk drivers which make that difficult in today's environment, even if accepting minimal risk
• Why companies may look to seek excess returns, and the constraints around that
• Why decisions to accept more risk for enhanced rewards should be (but perhaps aren't always) knowledge based
• Basic options for enhancing portfolio returns without breaking the bank from a capital perspective.

Interesting is wrapped up with a comment that "...we expect insurers who adopt a Liability Driven Investment approach will secure a meaningful competitive advantage" - hard sell perhaps, but the rationale for it is well documented here.

AIRMIC and Cass Business School - Full study available (at a price)

Having already blogged on the executive summary of this paper, I was delighted to see the full version has been released (available here) - however, you may very well need to pay up (pdf version is around £100). I would suggest if you have reverse stress testing work to do that it would be money well spent.

AIRMIC Conference 2011 - Presentations now available

Was very kindly directed to these by the AIRMIC guys - two of use in my line of work were the Solvency II specific presentation from some Allianz reps and a good one from Lloyds on emerging risk - the former gives some decent insights as to how a massive organisation has to administrate the Solvency II project, while the latter is a decent benchmarking piece for performing qualitative risk identification, analysis and synthesis.