In a post last week, it was noted that US insurers are starting to admit to managing their risks in their public disclosures. The 671 word discussion of the ERM process of Travelers was reproduced. (Notice that over 100 of those words talk about the unreliability of the ERM system. )
But disclosure of ERM processes has been much more widespread and much more extensive in other parts of the world for more than 5 years.
For Example, Munich Re’s 2010 annual report has a 20 page section titled Risk Report. That section has sub headings such as:
Risk governance and risk management system
Risk management organisation, roles and responsibilities
Control and monitoring systems
Underwriting risk: Property-casualty insurance
Underwriting risk: Life and health insurance
Selected Risk Complexes
It is not just Munich Re. Manulife’s Risk Management disclosure is 22 pages of their annual report. Below is the introduction to that section:
Manulife Financial is a financial institution offering insurance, wealth and asset management products and services, which subjects the Company to a broad range of risks. We manage these risks within an enterprise-wide risk management framework. Our goal in managing risk is to strategically optimize risk taking and risk management to support long-term revenue, earnings and capital growth.
We seek to achieve this by capitalizing on business opportunities that are aligned with the Company’s risk taking philosophy, risk appetite and return expectations; by identifying, measuring and monitoring key risks taken; and by executing risk control and mitigation programs.
We employ an enterprise-wide approach to all risk taking and risk management activities globally. The enterprise risk management (“ERM”) framework sets out policies and standards of practice related to risk governance, risk identification, risk measurement, risk monitoring, and risk control and mitigation. With an overall goal of effectively executing risk management activities, we continuously invest to attract and retain qualified risk professionals, and to build, acquire and maintain the necessary processes, tools and systems.
We manage risk taking activities against an overall risk appetite, which defines the amount and type of risks we are willing to assume. Our risk appetite reflects the Company’s financial condition, risk tolerance and business strategies. The quantitative component of our risk appetite establishes total Company targets defined in relation to economic capital, regulatory capital required, and earnings sensitivity.
We have further established targets for each of our principal risks to assist us in maintaining appropriate levels of exposures and a risk profile that is well diversified across risk categories. In 2010, we cascaded the targets for the majority of our principal risks down to the business level, to facilitate the alignment of business strategies and plans with the Company’s overall risk management objectives.
Individual risk management programs are in place for each of our broad risk categories: strategic, market, liquidity, credit, insurance and operational. To ensure consistency, these programs incorporate policies and standards of practice that are aligned with those within the enterprise risk management framework, covering:
■ Assignment of risk management accountabilities across the organization;
■ Delegation of authorities related to risk taking activities;
■ Philosophy and appetite related to assuming risks;
■ Establishment of specific risk targets or limits;
■ Identification, measurement, assessment, monitoring, and reporting of risks; and
■ Activities related to risk control and mitigation.
Such frank discussion of risk and risk management may be seen by some US insurers’ management to be dangerous. In the rest of the world, it is moving towards a situation where NOT discussing risk and risk management frankly and openly is a risk to management.
Which would you prefer?