RISK MANAGEMENT & INSURERS

Is a risk, good or bad?

In insurance business, like in all the others, threats and opportunities are intertwined, and co-exist in the external environment. If a risk is perceived, by insurers, as a ‘bad thing’, a threat, then an insurer’s defense mechanism would develop a negative attitude towards the insurable risks of the party.

If a risk is perceived as a ‘good thing’, an opportunity, an insurer tends to be creative in thinking and in his behavioral attitude towards the insurance risk acceptance. An insurer’s mindset, how risks are perceived, matters more in either case. For insurance business to progress, abundant availability of third party insurable risks is the very essence of its existence.

Since insurance deals with issues of ‘future uncertainty’, the enterprise risks impinge on it from several undefined sources. The basic business raw materials of insurers are the insurable risk exposures of the second party, the insured. Insurers internally tend to retain a huge portion of each accepted risk, within them to ensure adequate retained revenues. The overall quality of risk acceptances, therefore, has to be favorable.

The insurers’ business model for producing incomes and profits is thus an example of the discipline of risk management, at its quintessential best. But insurers, not only need to ‘risk manage’ transferred risk exposures of others; but they also need to manage their own enterprise risk exposures, as do other business entities. Enterprise risk management is the buzz word now.

ERM:

Enterprise Risk Management is a dynamic and evolving business philosophy, for the construction of appropriate internal firewalls either to ward off or to minimize the likely negative financial impact, against external threats to its profitable operations or its survival.

But the duration dates for the currency of any ERM program and its substance is short. And it needs up-gradation, at short intervals, as the climate of externalities keep changing, positively or negatively. ‘Thinking aggressively of the future’ of the enterprise and putting it in a state of readiness to deal with major unexpected negative contingencies is its substance.

ERM acts as the enterprise’s shock-absorber against market aberrations, without throwing it off balance. Is that all that it does? No. What more can ERM do for an insurer?

The outcome of an ERM exercise can equally be on exploitation of numerous business opportunities available to an insurer, which can relate to the threats they might pose to the realization of the opportunities that are being chased. All business opportunities do come with accompanying uncertain threats. The dilemma is: should the ERM be viewed as an instrument for containing threats or as a business opportunity to exploit as well? How does an insurer resolve this dilemma? The famous saying that crisis is an opportunity not to be wasted applies.

Opportunities and threats available in the market are inevitably intertwined. The element of perceived ‘negativity’, as now, makes the ERM program look, as if it is an instrument and a tool of business protection to enterprises.

How then could enterprises pursue risks for business rewards as well? How can a positive feeling towards taking ‘risks’ be generated by ERM, as business risks are compulsorily required to make revenues and margins? Taking risks is the life blood of an enterprise. Insurers’ fundamental business model is to take risks on behalf of others. It is by this process that they aim to earn their profit margins.

Concentrating on the ‘upside’ of the risk-zeroing in on the exploitation of available external opportunities– than on the external threats that would endanger its achievement, that is the ‘downside’ of the risk is not only a matter of business strategy but also of management perception.

ERM should identify the available core strengths within to be able to leverage the market opportunities, while simultaneously containing the threats they impose on the insurer, which would seek to act as hurdles. Building HR, streamlining business processes, by pursuing smart business strategies to capture business opportunities represent a big ERM challenge.

Strategic risk management:

Many enterprises, nowadays, talk of ‘strategic risk management’ (SRM), as an important subsidiary part of ERM, as a new focused business objective. What is strategic risk management? SRM is defined by RIMS as; ‘a business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an enterprise’s strategy and strategic execution’. ‘Risk’ is seen as a competitive advantage than simply a threat to strategic execution.

Inevitably, therefore, there has to be a continuously improving internal decision-making processes, for a penchant for questioning the manner of how decisions are now made and the speed with which they are made.

The real ‘devil’ is in the execution of strategies and monitoring progress.

SRM is the foundation and the ERM is the super structure of risk management. SRM changes the ‘status quo’ way of the current business thinking in an enterprise.

SRM concentrates on the idea that in their pursuit of achieving particularized financial objectives, enterprises have not only to make precise and detailed plans but devise and execute specific business and market strategies to achieve them, even while minimizing the threats inherent in such opportunities.

Planning of objectives and execution of suitable strategies are key ingredients to the success of an enterprise.

SRM thus denotes a positive business orientation, because it focuses on realizing the specific enterprise’s objectives and in implementing the necessary strategies to achieve them, as primary.

SRM pointedly looks at available opportunities, more keenly; and the threats that prevent them to achieve more critically. It looks at internal competencies of HR and the processes for minimizing threats, while chasing opportunities. But the ultimate goal is to exploit opportunity.

SRM tends to measure risk as an opportunity first. Then it begins searching and identifying the threats to them.  Hence planning and execution go to the very top of the agenda, with a laser focus. SRM is quietly operational in focus, while ERM is holistic in view and represents a risk umbrella on a long-term basis. Both need to be in place for long-term and short-term purposes.

SRM deals both with ‘opportunities available and the threats imposed’ to achievement of objectives. ERM deals with the ‘strengths and weaknesses’ of an enterprise, as a long-term vision. SRM tends to build value to customers and builds the brand name.

ERM builds the fortress required in the internal risk maps by concentrating on good corporate governance, HRD and cost-efficient management and building acceptable culture of behavior. ERM builds character of the enterprise, while SRM deals with its market conduct for gains.

Asking right questions?

Instead of asking “what are the risks in my business” the insurer should be asking: “Here are my strategic objectives. What are the risks that could impact on my company’s ability to reach them”, as seen through the lens of an insurer’s financial statements? ERM and SRM are unique to each enterprise; and not to be perceived as common to all in the industry, as is believed now.

Knowing where an insurer is, before embarking on where it wants to go, needs definitive answers of why an insurer wants to go, where it wants to go; and if it has the internal the competencies to arrive at the planned destination, in the short or long term. Strategic objectives have to be outlined before the appropriate SRM begins to take shape.

Risk exposures categorized:

An underwriter has to deal with six major types of risk exposures, at a minimum. to price risks. The first type of risk exposure is the risk characteristics of the particular physical risk offered for insurance coverage and its unique indices, as evaluated, for the probability of loss occurrences and the extent of the Maximum Probable Loss.

The second type relates to the risk handling practices and risk management philosophy of the particular insured, at a conceptual level and in his operational practices.

The third type of risk category, which is even more important deals with those risks relating to ‘external’ perils covered, which are not in the control of either of the physical risk itself or of the insured such as perils of terrorism, riots and strikes, natural perils and availability of reinsurance at economic costs– which perils all lie for their causation in the external domain of an insured.

The fourth type of risk exposure deals with the risk of disruption in the supply chain channels, following catastrophic events occurring elsewhere, but impacting on the loss potential of the insured risk.

This risk has assumed special focus recently, when the Nuclear Tsunami in Japan affected many enterprises in the US, who were dependent on the continued Japanese supplies. “Just-in-time’ concept for building inventory to save on costs constrains manufacturers to greater level of dependency on the affected major and specialist suppliers.

The fifth category of risk exposure is the likely impact of the European Solvency II requirements, due to come into force shortly.

Solvency II looks at Capital availability of an insurer/reinsurer, with a sharper focus on their risk management practices, their corporate governance handling norms and internal control mechanisms and the quality of their public disclosures about information relating to them.

In this exercise, the capital models used by insurers to measure underwriting risks and understand their customers’ risk profiles, more intimately, will become crucial for their solvency.

The customers’ risk exposures are required to be looked at in different ways as pointed above. Inevitably, this requirement will force the costs of insurance/reinsurance to rise and these will be passed onto the insurers/consumers. Since the major world reinsurers are in Europe, the implementation of solvency II will have ripple effects.

The sixth type of risk exposure, which further complicates underwriting and pricing a risk is the operation of the principle of indemnity, forcing insurers / insured to rely on quite a few external claim–service distribution agencies to define what constitutes the real monetary performance of an insurance contract.

Each one of the external agencies in the process also brings in a serious moral hazard element of its own, apart from their expertise, which insurers may be unable either to identify or to monitor or control. All these external agencies are unique to this industry, and they tend to add to increasingly un-definable claims costs. The cultural aspects and social values will determine how these moral hazard costs will affect pricing.

How can an underwrite factor all these various risk exposures and their aberrations in his rating mechanism; more so, as he is usually kept out of loop in the management of claims?

Knowing individual customers?

Insurers usually tend to believe that the only equitable method available for third party ‘risk exposure acceptance’ is to suitably price the risk initially. But to stay in the market one has to be competitive. Such a singular attitude, however, shuts them off from considering many other ways of perceiving, understanding and managing the risk exposures offered.

Insurers should understand that the accepted risk exposure is really and is always owned and controlled by the insured throughout the term of the policy.

Risk exposures are contractually transferred; but their ownership, control and management remain entirely with the insured. The insurer is thus at a serious advantage in the levels of controlling RM of an insured, on the behavioral and moral hazard issue of the insured.

The two contracting parties have also different performance objectives. Hence, defining ‘risk’ in terms of performance ‘uncertainty’, from only the insurers’ angle is rather difficult.

But what risk process mechanisms are currently used to know a customer’s risk behavior better is an aspect of RM now not in full gear? The ‘risk behavior’ of the insured and its management ream must be elicited through detailed information in the proposal form, by inspections and market intelligence. Who really is a customer in a NL insurance contract -the risk per se and/or the insured?

An agreed risk management covenants should be specified in the cover and these must be seen as enforceable during the policy period. Price becomes irrelevant, if a claim was to occur.

How the insured is managing his accident prevention systems and the measures he intends taking to mitigate its loss potential must be ascertained in advance to price the risk and to control the risk behavior of the insured and its employees. What about ERM that details internal RM objectives and processes?

The question before an underwriter is: how should he price the risk before its acceptance? Should he go by the historical experience of the claims experience of the physical risk alone? The Tariff rating architecture was built on this single idea of this characteristic.

The underwriter today has no tools to analyze the risk exposures flowing form the other four sources of risk exposures. The industry is still oblivious of the full spectrum of risk exposures in the single risk offered for acceptance. Insurers must develop a suitable framework to build data and processes to contain the inevitable risk exposures that form a part of an acceptance of risk.

Regulation and RM:

FSA, UK conducts a review of RM practices of insurers at regular intervals on (1) Governance and oversight (2) Risk appetite of insurers (3) Implementing RM (4) MIS design and its usage (5) the impact of internal control assessment systems. To get the ERM philosophy and its execution accepted, ERM as a topic needs to be a regular item on the Board agenda at every meeting, says the FSA.

The corporate strategy and the corporate risk appetite must be defined and approved by the Board, from the point of corporate outcomes to be realized than as mere process tools. Solvency issues, ALM assessments need periodical monitoring. MIS should be designed keeping the size, complexity and risks of its business.

Range of enterprise risk exposures:

Internally, for managing their business, insurers are exposed to enterprise risks such as: (1) Market Risk (2) Operational risk (3) Liquidity risk (4) ALM risks (4) Credit risk (5) Insurance risk (6) Investment risk (7) Accounting Standard risks and (8) outsourcing risk among others.

Insurers need to constantly examine their control systems and how these risks impact on the financial performance of the enterprise, by prudential monitoring; but these risks, managed with prudence, business shrewdness and proper controls could be real sources of growth and profit.

Threats and opportunities co-exist in the market. The essential purpose and outcome of RM is to improve the economic performance of the enterprise, despite threats, and to enable it to utilize market opportunities for growth and profits. It needs to reduce the impact of threats or adverse outcomes-called as ‘downside’ risk.

An aim of improving performance seeks to exploit opportunities or favorable possibilities, what is called as ‘upside’ risk, despite the threats.

Risk spectrum in insurance:

There are two risk domains: internal domain with strengths and weaknesses and the external one with opportunities and threats. ERM essentially deals with risks already accepted, as a part of insurers being business enterprises. It is a defensive exercise to mitigate the possible effects of threats to making profits and reaching planned outcomes.

But the primary goal of an insurer is that of an active risk seeker of others’ risk exposures, as an underwriter. How does an insurer practice this trade? What risk management techniques does an insurer bring to bear on risk acceptances to meet his business strategic objectives? These inputs significantly affect the ERM internal framework to be designed later on.

Thus an insurer has two programs for ERM-one prior to making risk selection and acceptances and the terms and the other conditions to nurture effectively the business taken in. Current ERM practices focus on managing risk exposures to business objectives, after they have been accepted. The greater emphasis perhaps should be on how risks for acceptance are selected, priced and accepted and then controlled.

Particularly so, as once the risk transfer takes place, the ownership, the control and the management of the risk continues unfettered with the insured himself. The risk behavior of an insured is never under the insurer’s control except through policy wordings and terms.

The insurer is dependent on the insured from the beginning of sale to the end, for managing risk exposures unlike in other trades, where the buyer is entirely dependent on the seller, once the sale is concluded.

ERM, therefore, needs to be used as an instrument for controlling and achieving desired outcomes of revenue gathering and more importantly in controlling claims’ costs. Risk control is the most dominant feature in ERM, than any other aspect of ERM sequence.

Risk appetite, portfolio-wise needs to be defined, to tolerate and manage volatility in claim performance. ERM also acts as a powerful capital management tool and it must be recognized as such and implemented to monitor capital availability and how the monetary resources are utilized. The various enterprise risk exposures of insurers, as business enterprises, have been mentioned above.

Dynamic financial analysis (DFA):

The latest topic of serious study of insurers, in enterprise risk management, is about conducting stochastic simulation, instead of scenario testing under deterministic assumptions valid for such scenarios only. Identifying risk co-variances, measuring sensitivity of estimations of liabilities and valuations of assets through Dynamic Financial Analysis, is a new concept.

DFA addresses a variety of future economic and financial issues of market concern to an insurer, of how they might impact on the pro-forma financial statements of the future, in terms of the integrity of the assumptions now made to project them.

Various external variable factors could change, in unexpected ways, in the coming years, and more so, in turbulent economic times on the future outcomes. New assumptions regarding the future have to be made and new scenarios worked out.

Some of the variability in outcomes comes from unexpected losses or random loss occurrences (e.g. as a consequence of natural perils), rise in GDP, inflation, interest rates, unemployment rates etc., and the sensitivity of the currently established reserves and the current asset valuation  would then come under pressure.

Rising inflation would usually raise the reserves established; rising interest rates would depress the value of fixed-income securities. Both these variables move in tandem; hence investment risks and reserving risks are inter-linked. Inflation has influence on underwriting returns, interest rate on investment incomes.

Hence, DFA deals with the aspect of scenario testing and tries to predict the future outcomes. Such risk analysis, therefore, has an impact on planning appropriate corporate strategy. The current procedures and assumptions that current economic and market conditions would prevail in the future could lead to making faulty business plans, affecting shareholder value and solvency margins.

Indian scene:

As part of corporate governance norms the IRDA has prescribed the constitution of RM Committee as a mandatory requirement. The RM committee must (1) perform specialized analyses and quality reviews (2) report on aggregated view of the risk profile of the insurer as well as the individual portfolio (3) report on details of risk exposures and the actions taken to manage them (4) advise the Board on RM decisions on strategic and operational matters such as corporate strategy etc.

The IRDA view has thus recognized the importance of strategic risk management, as a part of overall RM. RM should be related to the insurer’s internal strengths and weaknesses of internal infrastructure and capabilities to tackle the market opportunities that have huge swathes of threats, as accompaniments.

In addition, the IRDA has entrusted the responsibility of monitoring the minimum solvency margin to the appointed actuary, whose duties include rate making, liability estimations and to produce a Financial Stability report in a prescribed format annually.

Final word:

The write-up has discussed issues such as: Who is the customer? What are the KYC norms that insurers should adopt, as prudent underwriters? What are the subtleties of non-life insurance business, with its costing complexities, with only ‘win-lose’ contracts to sell? How risk management is a twin-edged science of managing the external environment of risk acceptances, as both an opportunity and a threat? Why is SRM crucial to insurers, as they run insurance business, as business enterprises?

Insurers believe that RM of insurers is all about internal ERM of managing threats to them as business enterprises. The focus, this write-up pleads, should be on insurers being equally keen on how and why they should risk manage their ‘inputs’ of risk acceptances, from customers, even more stringently to reduce the threats to the ‘grand bargain’ of managing their ERM. Opportunity exploitation is as important as minimizing threats to the achievement of objectives.

Insurers really are the risk managers to all the entrepreneurs in the nation, by spreading risk awareness and the need for superior risk control. Accidents must be consciously prevented from occurring. Preventing national waste is the role of insurers.

By: G V Rao, Chairman/CEO, GVR Risk Management Associates (P) Ltd, Hyderabad, Published in “The Insurance Times”, October, 2012

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.