Two Fundamental Flaws of Solvency II

Many people in Europe have worked very hard for many years, attempting to perfect solvency oversight for insurers. The concepts underlying Solvency II are the best thinking about risk regulation that the world has ever seen.

However, there are two fundamental flaws that are drivers of the problems that Solvency II is having in getting to the point of actual implementation.

The first flaw is the targeted level of required capital.  When Solvency II was first imagined, banks seemed to be well run and well regulated.  And under that system banks were reporting returns in the high 20′s.  Insurer returns rarely hit the perennial 15% target.  Banks tended to operate right at their level of regulatory required capital.  Insurers looked at that and suggested that the capital requirement for Solvency II should be at a level that the largest insurers would be comfortable operating at.  There was also a big push for a single set of books.  So with a solvency requirement at the level where a rational insurer would want to operate that would mean that in addition to having only one set of books, there would only be one important capital target.  (for discussion of the flaw in the idea of “one number” management, see Risk and Light.)   But the reason why setting the required capital at that high of a level is that it then leaves no room for error or for disagreement.  (Disagreement is absolutely inevitable.  See Plural Rationalities.) The capital calculation needed to be just right.  A capital requirement that was at say 2/3 of the level a prudent company would want to operate at would leave room for errors and disagreements.  If for some risks the requirements were even 50% higher than what some would feel is the correct number, then companies could in fact live with that.  It would become known in the marketplace that companies that write that risk are likely to have tighter solvency margins, and everyone would be able to go about their business.  But with a target that is so very high, if some risk is set too high, then there would be firms who are forced to hold higher capital than makes sense in their minds for their risks.  That completely destroys the idea of management relying upon a model that is calibrated to what they believe is the wrong result.  It also encourages firms to find ways to get around the rules to only hold what they believe is the right level of capital.  What we are seeing now is the inevitable differences in opinions about riskiness of some activities.  The differences of opinion mean the difference between being in business and not for companies concentrated in those activities.  Or for being in those businesses or not for more diversified groups.  If the Solvency II target was set at, for instance, a 1 in 100 loss level, then there might be room for compromise that would allow that activity to continue for firms willing to run a little tight on solvency margin.

==========================================

The second flaw, that surprisingly has only been raised very recently is to total lack of any cost benefit criteria for the process.  If further refinement of Solvency II could prevent one insolvency over a 10 year period, yet would cost other insurers $100 million in expenses and $1 billion in additional capital, is that a good trade-off?  This is the exact sort of thinking that Solvency II REQUIRES of insurers.  EIOPA ought to have a complex model of the insurance industry in Europe so that they can show the risk reward relationship of all of their rules.  What?  You say that is terribly difficult and complicated and would not provide reliable guidance?  EIOPA should  live in the same world that they are requiring of insurers.  Without even a simple minded cost benefit requirement, anything can make it into Solvency II.  The exposure process allows questions to be raised about cost/benefit, but in many cases, that has not happened.  Besides, with no stated criteria for cost benefit, the question is ultimately solved by judgment.  So now we have insurers saying that they will withdraw from parts of the Solvency II process because they are too expensive.  Those insurers have not put forward an objective criteria under which they reached that conclusion either.

It seems unlikely at this point that either of these flaws of Solvency II will be fixed.  A lower standard would seem to too many to be a retreat, a dilution of the power of Solvency II.  Imposing a risk reward or cost benefit rule would result in crazy inconsistencies between decisions made after the rule with those made before or else a very long wait as all of the parts of Solvency II are examined under such a rule.

So it is yet to be seen whether those faults will in the end be fatal.  Solvency II could be tied up in arguments until it is abandoned, it could limp into practice with very mixed support and then be pulled after a few years and enough unanticipated implementation issues, or it could soar for a long run of effective prudential oversight as its designers originally hoped.

I am sure that someone in London can quote you odds.

How Much Strategic ERM is Enough?

Strategic Risk Management is the name given by S&P to the enterprise level activities that seek to improve risk adjusted returns by a strategic capital allocation process.  It is also considered by S&P to the the “Use Test” for economic Capital models.  Strategic Risk Management includes

• Capital Budgeting and Allocation
• Strategic Trade-offs among insurance coverages AND investments
• based on long term view of risk adjusted return
• Recognizing significance of investment risk to total risk profile
• Recognizing ceded reinsurance credit risk
• Selecting which risks to write and which to retain over the long term
• Strategic Asset Allocation
• Risk Reward Optimization

Meanwhile Solvency II had created standards for its internal model Use Test.

The foundation principle of the Solvency II Use Test states that

internal model use should be sufficiently material to result in pressure to increase the quality of the model 

This strongly self referential idea is then supported by 9 Basic Principles.

Principle 1. Senior management and the administrative, management or supervisory body, shall be able to demonstrate understanding of the internal model

Principle 2. The internal model shall fit the business model

Principle 3. The internal model shall be used to support and verify decision-making in the undertaking

Principle 4. The internal model shall cover sufficient risks to make it useful for risk management and decision-making

Principle 5. Undertakings shall design the internal model in such a way that it facilitates analysis of business decisions.

Principle 6. The internal model shall be widely integrated with the risk-management system

Principle 7. The internal model shall be used to improve the undertaking’s risk-management system.

Principle 8. The integration into the risk-management system shall be on a consistent basis for all uses

Principle 9. The Solvency Capital Requirement shall be calculated at least annually from a full run of the internal model

 

From these two descriptions of a Use Test, one should be forgiven for picturing a group of priests in long robes prowling the halls of an insurer in procession carrying a two foot thick book of the internal model.  Their primary religious duty is to make sure that no one at the insurer ever have an independent thought without first thinking about the great internal model.  Every year, the internal model book is reprinted and the priests restart their procession.  

 

But take heart.  A quick look at the website of the European CRO Forum reveals that those firms do not revere their internal models quite so highly.  

 

The above chart suggests that in most groups the internal model is just one consideration for making most strategic decisions of the insurer.  

 

The excerpt below from the Tokio Marine Holdings puts these things into perspective.  

The Group carries out a relative evaluation of each business and prioritizes the allocation of management resources (business portfolio management).  It is achieved by using risk/return indicators for each business and applying a scoring indicator covering market growth potential and profitability, competitive advantages and expected effects of strategies.  Allocated management resources include funds, human resources and risk capital. By allocating these resources to business units and new businesses with even higher profitability and growth potential, we aim to improve the profitability and growth potential of our business portfolio.

You see from that statement that risk return is not the only input nor is capital the only factor under consideration.  Describing Strategic Risk Management as its own separate management process is incorrect.  

 

Strategic Risk Management is one set of inputs and outputs to/from the Strategic Decision Making Process.  

 

And if read carefully, that will satisfy both S&P as well as Solvency II Use Tests.

 

Not About Capital

The reality is that regulatory capital requirements, no matter how much we try to refine them, will always be a blunt tool.  Certainly they should not create the wrong incentives, but we cannot micromanage firm behavior through regulatory capital requirements.  There are diminishing returns to pursuing precision in regulatory capital requirements.

Terri Vaughan, NAIC

These remarks were made in Europe recently by the lead US regulator of the insurance industry.  In Europe, there has never been a regulatory capital requirement that was risk related.  But the Europeans have been making the discussion all about capital for about 10 years now in anticipation of their first risk based capital regime, Solvency II.

The European assumption is that if they follow as closely as possible the regulatory regime that has failed so spectacularly to control the banking system, Basel II, then everything will be under control.

The idea seems to be that if you concentrate, really concentrate, on measuring risk, then insurance company management will really take seriously the idea of managing risk.   Of course, that conclusion is also based upon the assumption that if you really, really concentrate on measuring risk that you will get it right.

But the Law of Risk and Light tells us that our risk taking systems will lead us to avoid the risk in the light and to load up on the risk in the dark.

That means the risks that are properly measured by the risk based capital regulatory system will be managed.

But whatever risks that are not properly measured will come to predominate the system.  The companies that take those risks will grow their business and their profits faster than the companies that do not take those poorly measured risks.

And if everyone is required to use the same expensive risk measurement system, very, very few will invest the additional money to create alternate measures that will see the flaws in the regulatory regime.

The banking system had a flaw.  And many banks concentrated on risks that looked good in the flawed system but that were actually rotten.

What is needed instead is a system that concentrates on risk controlling.  A firm first needs a risk appetite and second needs a system that makes sure that their risks stay within their appetite.

Under a regulatory risk capital system, the most common risk appetite is that a firm will maintain capital above the regulatory requirement.  This represents a transfer of the duty of management and the board onto the regulator.  They never need to say how much risk that they are willing to take.  They say instead that they are in business to satisfy the regulator with regard to their risk taking.

The capital held by the firm should depend upon the firm’s risk appetite.  The capital held should support the risk limits allowed by the board.

And the heart of the risk control system should be the processes that ensure that the risk stays within the limits.

And finally, the limits should not be a part of a game that managers try to beat.  The limits need to be an extremely clear expression of the fundamental way that the firm wants to conduct business.  So any manager that acts in a way that is contrary to the fundamental goals of the firm should not continue to have authority to direct the activities of the firm.

Why ORSA?

At first glance, the Own Risk and Solvency Assessment (ORSA) seems like an unnecessary redundancy.  For some firms, they will have looked at the Standard formula for capital adequacy and then looked again at the Internal Model and the Economic Capital.  And on all of those views, the firm has sufficient solvency margin.

But the problem that ORSA solves is a problem that is so very fundamental that we have almost completely forgotten that it exists.  That problem is that all of the traditional ways of looking at capital adequacy look at the wrong thing.  Yes, you heard that right, we have always and will continue to focus on the wrong thing when we assess capital adequacy.

The basis for capital assessment is the wrong view because it looks backwards.  We already know that the firm survived the past year.  What we really need to know is whether the firm can survive the next year and probably the one after that.

The traditional backwards looking solvency assessment tradition started when there was no viable alternative.  It is a good basis for looking at solvency under only a few possible futures.  Fortunately, many firms broadly operate within the range of futures.

For the backwards looking approach to solvency to have any validity, the future of the firm needs to be very much like the past of the firm.  Firms need capital more for the future than for the past and the balance sheet is more about the past of the firm than the future.  So a capital regime that is tied to the balance sheet is useful only to the firms whose future does not materially change their balance sheet.

But wait, the only time when that capital is needed is when the balance sheet DOES change materially.

So ORSA shifts the question of solvency from the past to the future.

The second thing that ORSA does is to shift the burden of determining adequacy of capital from the regulator to the board and management.  With the ORSA, the board and management will never again have the excuse that they thought everything was fine because they met the standards of the regulators.  The ORSA requires the board and management to assert, IN THEIR OWN OPINION, that the firm has sufficient capital for its own risks AND its own risk management systems.  Prior regimes allowed management to pass a test set by the regulator and thereby show adequacy of capital.  Even if the test did not pick up on some new risk that management was totally aware of but which was not at all recognized by the regulatory formula.

Now that is a game changer.

A Wealth of Risk Management Research

The US actuarial profession has produced and/or sponsored quite a number of risk management research projects.  Here are links to the reports:  A Study of International Solvency Regimes

Determinants of Insurers’ Reputational Risk

2010 Emerging Risks Survey

Reflecting Risk in Pricing Survey Report

Potential Impact of Pandemic Influenza on the U.S. Health Insurance Industry

2009 Emerging Risks Survey

Exploration of Reputational Risk from the Perspective of a Variety of Stakeholders

Policyholder Behavior in the Tail Risk Management Section Working Group UL with Secondary Guarantee 2009 Survey Results

Enterprise Risk Management (ERM) Practice as Applied to Health Insurers, Self-Insured Plans, and Health Finance Professionals

A New Approach for Managing Operational Risk: Addressing the Issues Underlying the 2008 Global Financial Crisis

Policyholder Behavior in the Tail Joint Risk Management Section Working Group Variable Annuity Guaranteed Benefits 2009 Survey Results

The Financial Crisis and Lessons for Insurers

Corporate Reputational Risk and ERM: An Analysis from the Perspective of Various Stakeholders

Emerging Risks Survey

Policyholder Behavior in the Tail Risk Management Section Working Group UL with Secondary Guarantee 2008 Survey Results

Copula Phase Transitions Report

Economic Capital: Correlation Matrices and Other Techniques–A Survey and Discussion

Policyholder Behavior in the Tail Risk Management Section Working Group Variable Annuity Guaranteed Benefits 2007 & 2008 Survey Results

Risk Based Capital Covariance Project

Application of Structural Equation Modeling to the Linkage of Risk Management, Capital Management and Financial Management for the Insurance Industry

Risk Management Terminology

Linkage of Risk Management, Capital Management and Financial Management

Policyholder Behavior in the Tail Project–Annuity Lapse Modeling

Enterprise Risk Management for Property–Casualty Insurance Companies

Policyholder Behavior in the Tail Risk Management Section Working Group Variable Annuity Guaranteed Benefits Survey Results

ERM, not just a good idea, Its the Law

IAIS Adopts ICP 16 on ERM

The International Association of Insurance Supervisors (IAIS) has adopted ERM as an Insurance Core Principle (ICP).

ERM is an acknowledged practice and has become an established discipline and separately identified function assuming a much greater role in many insurers’ everyday business practices. Originally, risk management only facilitated the identification of risks, and was not fully developed to provide satisfactory methods for measuring and managing risks, or for determining related capital requirements to cover those risks.
ERM processes being developed today by insurers increasingly use internal models and sophisticated risk metrics to translate risk identification into management actions and capital needs. Internal models are recognised as powerful tools that may be used, where it is proportionate to do so, to enhance company risk management and to better embed risk culture in the company. They can be used to provide a common measurement basis across all risks (e.g. same methodology, time horizon,  risk measure, level of confidence, etc.) and enhance strategic decision-making, for example capital allocation and pricing.

By this time next year, they expect to have revised the full set of ICPs.  All insurance supervisors are expected to reflect the revised ICPs in their legal frameworks and supervisory practices.  All G20 insurance supervisors will be expected to undertake a self-assessment against the new ICPs by early 2012.

Link to ICP 16

Europeans will notice that ICP 16 is very similar to Pillar 2 of Solvency 2.  Folks in the US will notice that this is very similar to documents that the NAIC has exposed for comment in the last year.

Riskviews has visited a number of non-G20 countries in the past six months and insurers there have all said that their regulators are starting to talk about ERM requirements or have already put them in place.

Death by Solvency

Another great post by  Maggid.

It seems that Solvency II is perfectly designed to reproduce the conditions that led US banks to believe that they were impervious to risks.  They and the regulators believed that they knew what they were doing with regard to Risks and Risk Management.

In 2004, the US Federal Reserve allowed investment banks to cut their capital levels by 2/3, tripling their potential leverage!  Not to worry, they knew how to manage risk.

European insurers are all being told that they need to have economic capital models to manage risks.  A few firms have had these models for more than five years now.  Those models tell us that those firms can reduce their capital by a third or more.

But everyone leaves out of their thinking two important things that will always happen.

The first is called the Peltzman effect by economists.  John Adams calls it the Risk Thermostat effect.  In both cases, it means that when people feel risk decreasing due to safety measures, they often respond by increasing the riskiness of their behaviors.  So the success of Solvency II will make some firms feel safer and some of them will take additional risks because of that.

The second effect is what I call the Law of Risk and Light.  That says that you will accumulate risks wherever you are not looking out for them.  So anywhere that there is a flaw in the Economic Capital model, the activity that accentuates that flaw will look like the best, most desirable business to be in.

But read Maggid’s post.  He provides some actual analysis to support his argument.

Window Dressing

The Wall Street Journal reported today that banks are again very actively doing significant amounts of end out the quarter clean-up that is otherwise known as “window dressing“.

This is a practice that works well, allowing banks to hold capital (figured on their quarter end balance sheets) that is much lower than the risk levels that they are using to create their profits.  This makes them look safer to investors in addition to boosting their ROE.

And while it probably is within the rules of Basel II, it violates the underlying idea behind Pillar 1 and Pillar 3.

The idea behind Pillar 1 is that the banks should hold capital for their risks.  This window dressing practice clearly illustrates one of the major logical flaws in the application of Pillar 1.

To understand the flaw, you need to think for a minute about what the capital is for.  It is not actually for the risks that the bank held during the quarter, nor is it mostly for the risks that happen to be on the balance sheet as of the end of the quarter.  It is primarily to protect the bank in the event of losses form the risks that the banks will be exposed to during the next quarter.  The beginning of quarter balance sheet is being used as a proxy for the risks over the coming quarter.

For a firm that has a highly disciplined risk management process, it would actually make more sense for the firm to hold capital for the RISK LIMITS that it has extended for the coming quarter.  That would be a firm where you could rely upon them to keep their risks within their risk limits for the most part. This makes more sense than holding capital for some arbitrary point in time.  The window dressing proves that point better than any possible theoretical argument.  Besides being the wrong idea, it is subject to easy manipulation.

For firms that are not disciplined in keeping their risks within their risk limits, something higher than the level of capital on their risk limits would be the logical level.  For these firms it would make sense to keep track of the degree to which they exceed their limits (at maximum) and charge them for capital at a level above that.  Say for example 200%.  So if a firm exceeds its risk limits by 10% at maximum in a quarter, their capital for the next quarter would be 120% of the capital needed to support their risk limits for the following quarter.

This check on risk discipline would have several benefits.  It moves the easy possibility of manipulation away from the capital level.  The “legal” window dressing would have to be replaced by fraudulent manipulation of risk reports to fix the capital level.  In addition, disclosure of the degree to which a bank exceeds its risk limit could be disclosed under Pillar 3 and then investors and counterpraties could give their reaction to a bank that cannot control its risks exposures.

In addition, this same logic could be applied to insurers under Solvency II.  There is no reason why insurance regulators need to follow the flawed logic of the banking regulators.

Addendum:  Above I say that the window dressing works well.  That is only partly true.  Sometimes, it does not work at all.  And banks can become stuck with risks and losses from those risks that are far larger than what they had been disclosing.  That happens when markets freeze up.

You see, if many banks are doing the same sorts of window dressing, they all run the risk that there will be too many sellers and not enough buyers for those couple of days at the end of the quarter.  Or maybe just for that one night.  And the freeze is likeliest when the losses are about tho strike.

So in reality, window dressing is not a good plan if you believe that things can ever go poorly.

Will History Repeat?

In the 1980′s a dozen or more firms in the US and Canadian Life Insurance sector created and used what were commonly called required surplus systems.  Dale Hagstrom wrote a paper that was published in 1981, titled Insurance Company Growth .  That paper described the process that many firms used of calculating what Dale called Augmented Book Profits.  An Augmented Book Profit later came to be called Distributable Earnings in insurance company valuations.  If you download that paper, you will see on page 40, my comments on Dale’s work where I state that my employer was using the method described by Dale.

In 1980, in the first work that I was able to affix my newly minted MAAA, I documented the research into the risks of Penn Mutual Life Insurance Company that resulted in the recommendation of the Required Surplus, what we would now call the economic capital of the firm.  By the time that Dale’s paper was published in 1981, I had documented a small book of memos that described how the company would use a capital budgeting process to look at the capital utilized by each line of business and each product.  I was the scribe, the ideas come mostly from the Corporate Actuary, Henry B. Ramsey. We created a risk and profit adjusted new business report that allowed us to show that with each new product innovation, our agents immediately shifted sales into the most capital intensive or least profitable product.  It also showed that more and more capital was being used by the line with the most volatile short term profitability.  Eventually, the insights about risk and return caused a shift in product design and pricing that resulted in a much more efficient use of capital.

Each year, throughout the 1980′s, we improved upon the risk model each year, refining the methods of calculating each risk.  Whenever the company took on a new risk a committee was formed to develop the new required surplus calculation for that risk.

In the middle of the decade, one firm, Lincoln National, published the exact required surplus calculation process used by their firm in the actuarial literature.

By the early 1990′s, the rating agencies and regulators all had their own capital requirements built along the same lines.

AND THEN IT HAPPENED.

Companies quickly stopped allocating resources to the development and enhancement of their own capital models.  By the mid-1990′s, most had fully adopted the rating agency or regulatory models in the place of their own internal models.

When a new risk came around, everyone looked into how the standard models would treat the new risk.  It was common to find that the leading writers of a new risk were taking the approach that if the rating agency and regulatory capital models did not assess any capital to the new risk, then there was NO RISK TO THE FIRM.

Companies wrote more and more of risks such as the guaranteed minimum benefits for variable annuities and did not assess any risk capital to those risks.  It took the losses of 2001/2002 for firms to recognize that there really was risk there.

Things are moving rapidly in the direction of a repeat of that same exact mistake.  With the regulators and rating agencies more and more dictating the calculations for internal capital models and proscribing the ERM programs that are needed, things are headed towards the creation of a risk management regime that focuses primarily on the management of regulatory and rating agency perception of risk management and away from the actual management of risks.

This is not what anyone in the risk management community wants.  But once the regulatory and rating agency visions of economic capital and ERM systems are fully defined, the push will start to limit activity in risk evaluation and risk management to just what is in those visions – away from the true evaluation of and management of the real risks of the firm.

It will be clear that it is more expensive to pursue the elusive and ever changing “true risk” than to satisfy the fixed and closed ended requirements that anyone can read.  Budgets will be slashed and people reassigned.

The Use Test – A Simple Suggestion

Many are concerned about what the “Use Test” will be. Will it be a pop quiz or will companies be allowed to study?

Well, I have a suggestion for a simple and, I believe, fairly foolproof test. That would be for top management (not risk management or modeling staff) to be able to hold a conversation about their risk profile each year.

Now the first time that they can demonstrate that would not be the “Use Test”. It would be the second or third time that would constitute the test.

The conversation would be simple. It would involve explaining the risk profile of the firm – why the insurer is taking each of the major risks, what do they expect to get out of that risk exposure and how are they making sure that the potential losses that they experience are not worse than represented by their risk model. This discussion should include recognition of gross risk before offsets as well as net retained risk.

After the first time, the discussion would include an explanation of the reasons for the changes in the risk profile – did the profile change because the world shifted or did it change due to a deliberate decision on the part of management to take more or less or to retain more or less of a risk.

Finally a third part of the discussion would be to identify the experience of the past year in terms of its likelihood as predicted by the model and the degree to which that experience caused the firm to recalibrate its view of each risk.

To pass the test, management would merely need to have a complete story that is largely consistent from year to year.

Those who fail the test would be making large changes to their model calibration and their story from year to year – stretching to make it look like the model information was a part of management decisions.

Some firms who might have passed before the crisis who should have failed were firms who in successive years told the same story of good intentions with no actions in reducing outsized risks.

For firms who are really using their models, there will be no preparation time needed for this test. Their story for this test will be the story of their firm’s financial management.

Ideally, I would suggest that the test be held publicly at an investor call.

Take CARE in evaluating your Risks

Risk management is sometimes summarized as a short set of simply stated steps:

1. Identify Risks
2. Evaluate Risks
3. Treat Risks

There are much more complicated expositions of risk management.  For example, the AS/NZ Risk Management Standard makes 8 steps out of that. 

But I would contend that those three steps are the really key steps. 

The middle step “Evaluate Risks” sounds easy.  However, there can be many pitfalls.  A new report [CARE] from a working party of the Enterprise and Financial Risks Committee of the International Actuarial Association gives an extensive discussion of the conceptual pitfalls that might arise from an overly narrow approach to Risk Evaluation.

The heart of that report is a discussion of eight different either or choices that are often made in evaluating risks:

1. MARKET CONSISTENT VALUE VS. FUNDAMENTAL VALUE 
2. ACCOUNTING BASIS VS. ECONOMIC BASIS         
3. REGULATORY MEASURE OF RISK    
4. SHORT TERM VS. LONG TERM RISKS          
5. KNOWN RISK AND EMERGING RISKS        
6. EARNINGS VOLATILITY VS. RUIN    
7. VIEWED STAND-ALONE VS. FULL RISK PORTFOLIO       
8. CASH VS. ACCRUAL 

The main point of the report is that for a comprehensive evaluation of risk, these are not choices.  Both paths must be explored.

ReCapitalization Fantasy

Guest Post from Larry Rubin

I question whether sufficient attention is being paid to the definition of risk in most risk measures and in solvency II. In this case the use of 1-year VAR. Insurance companies makes long term promises as compared to other financial institutions. Yet we have seen the inadequacies of this risk measure for these other institutions. 1-year VAR is based on the assumption that if a company can survive a year it can re-capitalize. The credit crisis has shown that in a period of economic distress when it is most likely that many companies will be “in the tail” the ability to re-capitalize is suspect if non-existent. Companies such as, Lehman Brothers, Northern Rock, AIG and INDYMac could not re-capitalize. Bear Stearns, Merrill Lynch and WaMU required government support to facilitate the sale of their liabilities.
I believe one of the lessons of the credit crisis is that is that either the 1-year VAR analysis needs to reflect the potential drying up of capital during a tail event or insurance companies need to re-think the 1-year VAR measure. US Risk Based Capital, while an imperfect measure, has had ruin theory as its fundamental premise. This measure has held up well as most US life insurance operating companies maintained sufficient capital to survive to the point where it was possible to re-capitalize

Larry H. Rubin

Adaptability is the Key Survival Trait

…different and potentially much more difficult issues arise in the identification and measurement of risks where past experience is an uncertain or potentially misleading guide. When risk materialises, it may do so as a risk previously thought to be understood and managed that turns out to be very different indeed, and may do so quickly, well within normal audit cycles. The valuation of an asset or liability in a stressed market environment and the identification of other potential risks that may not previously have been encountered pose major questions for real-time assessment that are unlikely to have been factored into construction of the pre-existing business model.

Excerpt from the Walker Review

To survive such situations, it seems that the ability to quickly assess new situations, especially ones that look like old tried and true but that are seriously more dangerous, and to change what the organization is doing in response to these risks is key.

But to do that, significant amounts of senior resources must be dedicated to determining whether such risks are NOW in the environment each and every day.  The findings of this review must be taken very seriously and the organization must consider the possibility of changing course – not just a minor correction – a major change of business activity.

In addition to the discernment to identify such situations, the organization must cultivate the capacity to make such changes quickly and effectively.

An organization that can do those things have true adaptability and have a much better chance of survival.

However, for a business to be very profitable, it needs to be very focused, very efficient.  Everyone in the organization needs to be pointed in the same direction.  Doubt will undermine.

Within capitalism, the conflict is resolved by allowing individual businesses to maximize profits and relying on an assumption that there will be enough diversity of businesses that enough businesses will have chosen the right business model for the new environment.  Some of the most successful businesses from the old environment will fail to adapt, but some of the laggards will now thrive.

And therefore, the system survives.

But, that is not always so.  In some circumstances, too many firms choose the exact same strategy.  If the environment stays unchanging for too long, individual firms lose any adaptability that they might have had, they all become specialists in that one “most profitable thing”.  A major change in the environment and too many businesses fail too fast.

How does that happen?

Regulators play a large role.  The central bankers work very hard to keep the environment on a steady course, moderating the bumps that encourage diversity.

Prudential and risk management regulation also play a large role, forcing everyone to pay attention to the exact same risks and encouraging similar risk treatments through capital regime incentives.

So for the system to remain healthy, it needs adaptability and adaptability comes from diversity.  And diversity will not exist unless the environment is more variable.  There needs to be diversity in terms of both business strategy and interms of risk management approaches.

So improving the prudential regulation will have the effect of driving everyone to have the same risk management – it will have the perverse effect of diminishing the likelihood of survival of the system.

Understanding and Balance

Everything needs to balance.  A requirement that management understand the model creates and equal and opposite obligation on the part of the modelers to really explain the assumptions that are embedded in the model and the characteristics that the model will exhibit over time.

This means that the modelers themselves have to actually understand the assumptions of the model – not just the mechanical assumptions that support the mechanical calculations of the model.  But the fundamental underlying assumptions about why the sort of model chosen is a reliable way to represent the world.

For example, one of the aspects of models that is often disturbing to senior management is the degree to which the models require recalibration.  That need for recalibration is an aspect of the fundamental nature of the model.  And I would be willing to guess that few modelers have in their explanation of their model fully described that aspect of their model and explained why it exists and why it is a necessary aspect of the model.

That is just an example.  We modelers need to understand all of these fundamental points where models are simply baffling to senior management users and work to overcome the gap between what is being explained and what needs to be explain.

We are focused on the process.  Getting the process right.  If we choose the right process and follow it correctly, then the result should be correct.

But the explanations that we need are about why the choice of the process made sense in the first place.  And more importantly, how, now that we have followed the process for so long that we barely remember why we chose it, do we NOW believe that the result is correct.

What is needed is a validation process that gets to the heart of the fundamental questions about the model that are not yet known!  Sound frustrating enough?

The process of using risk models appropriately is an intellectual journey.  There is a need to step past the long ingrained approach to projections and models that put models in the place of fortune tellers.  The next step is to begin to find value in a what-if exercise.  Then there is the giant leap of the stochastic scenario generator.  Many major conceptual and practical leaps are needed to move from (a) getting a result that is not reams and reams of complete nonsense to (b) getting a result that gives some insight into the shape of the future to (c) realizing that once you actually have the model right, it starts to work like all of the other models you have ever worked with with vast amount of confirmation of what you already know (now that you have been doing this for a couple of years) along with an occasional insight that was totally unavailable without the model.

But while you have been taking this journey of increasing insight, you cross over and become one of those who you previously thought to talk mostly in riddles and dense jargon.

But to be fully effective, you need to be able to explain all of this to someone who has not taken the journey.

The first step is to understand that in almost all cases they do not give a flip about your model and the journey you went throughto get it to work.

The next step is to realize that they are often grounded in an understanding of the business.  For each person in your management team, you need to understand which part of the business that they are grounded in and convince them that the model captures what they understand about the part of the business that they know.

Then you need to satisfy those whse grounding is in the financials.  For those folks, we usually do a process called static validation – show that if we set the assumptions of the model to the actual experience of last year, that the model actually reproduces last year’s financial results.

Then you can start to work on an understanding of the variability of the results.  Where on the probability spectrum was last year – both for each element and for the aggregate result.

That one is usually troublesome.  For 2008, it was particularly troublesome for any firms that owned any equities.  Most models would have placed 2008 stock market losses almost totally off the charts.

But in the end, it is better to have the discussion.  It will give the management users a healthy skepticism for the model and more of an appreciation for the uses and limitations of the entire modeling methodology.

These discussions should lead to understanding and balance.  Enough understanding that there is a balanced view of the model.  Not total reliance and not total skepticism.

The Glass Box Risk Model

I learned a new term today “The Glass Box Risk Model” from a post by Donald R. van Deventer,

Glass Boxes, Black Boxes, CDOs and Grocery Lists

You can read what he has to say about it.  I just wanted to pass along the term “Glass Box.”

A Glass Box Risk Model is one that is exactly the opposit of a Black Box.  With a Black Box Model, you have no idea what is going on inside.  WIth a Glass Box, you can see everything inside.

Something is needed, however, in addition to transparency, and that is clarity.  To use the physical metaphor further, the glass box could easily be crammed with so, so much complicated stuff that it is only transparent in name.  The complexity acts as a shroud that keeps real transparency from happening.

I would suggest that argues for separability of parts of the risk model.  The more different things that one tries to cram into a single model, the less likely that it is separable or truely transparent.

That probably argues against any of the elegance that modelers sometimes prize.  More code is probably preferable to less if that makes things easier to understand.

For example, I give away my age, but I stopped being a programmer about the time when actuaries took up APL.  But I heard from everyone who ever tried to assign maintenance of an APL program to someone other than the developer, that APL was a totally elegant but totally opaque programming language.

But I would suggest that the Glass Box should be the ideal for which we strive with our models.

Global ERM Best Practices Webinar III

Date
December 1, 2009

Time

Times vary by location.  Program runs for 18 hours to allow for daytime viewing in all locations.

Location:
This webcast takes place via the Internet.  At your location.

Speakers from Europe, Americas and Asia-Pacific areas.

ERM is a unique field that is developing in all parts of the world at more or less the same time; therefore it is a new practice area where a global actuarial community of practitioners is developing. The webcast includes speakers from Europe and Asia/Pacific, as well as the Americas, and allows risk officers to share emerging risk management practices across different geographical regions.

The objective of this webcast is to provide the global actuarial community with new and emerging enterprise risk management (ERM) practices from different geographical regions. This webcast will include speakers from Asia/Pacific, Europe and the Americas offering insight into ERM best practices.

The webcast objectives

• Disseminating and promoting global ERM best practices to the actuarial community
• Offering accessible information about ERM to actuaries
• Facilitating the discussion of practical and theoretical ERM issue and possible solutions
• Promoting global standards of best practices in ERM

Who Should Attend

• Actuaries who are currently practicing in the ERM area within Insurers or consultancies and
• Actuaries and actuarial students who wish to get exposed to ERM practices so they can participate in ERM programs at insurers in the future
• Other nonactuarial risk officer

MORE INFORMATION

REGISTER HERE

Session Description in Comment to this post.

Speakers will be posted when available.