Reviewing Risk Appetite

[The material below is the work of an ad hoc IAA working group.  It was produced in 2011 but never completed or published.  RISKVIEWS is sharing so that this good work can be viewed.]

Risk appetite setting and its implication on business strategy. 

Risk appetite is a high-level view of the risks the organization is willing to accept in pursuit of value. When an insurer defines the optimal level of risk, a common view of the ultimate priority is to serve shareholder’s benefits. This will facilitate the decision on the types of risks and magnitudes of the risks to be taken that are consistent with business strategies and market situation. At the same time, the desired risk profile should satisfy the explicit and implicit constraints set by other parties such as regulators, rating agencies, policyholders, debt holders, senior management, and employees. Some external changes have also expedited the process. S&P has required a clear statement of risk appetite as a foundation of “strong” or “excellent” ERM rating. Solvency II also requires insurers to explicitly consider their risk appetite.

Risk appetite framework normally includes three levels.

Enterprise risk tolerance: The aggregate amount of risk the company is willing to take, expressed in terms of

1. capital adequacy
2. earnings volatility
3. credit rating target

It represents the company’s long term target and shall be revised only if there are fundamental changes to the company’s financial profile, market situation and strategic objective. Risk appetite helps prevent default by preserving capital position. This is required by regulators, rating agencies, policyholders, and debtholders. These stakeholders show little or no interest in the upside from risk taking. On the other hand, shareholders are interested in the upside resulted from risk taking and low earnings volatility.

Risk appetite for each risk category: Enterprise risk tolerance needs to be allocated to risk appetite for specific risk categories and business activities. For example, selling life insurance policies or underwriting property and casualty risks. Or taking more market risk versus credit risk. By doing this, the company’s resources, like capital, can be allocated to the areas that the company feels comfortable with, or has competitive advantages.  When determining or updating risk appetite for different risk categories, in addition to considering the constraints set by enterprise risk tolerance, it should aim to maximize the risk-adjusted return of risk-taking activities.

Risk limit: Risk limits are the most granular level which is used for business operation. It translates enterprise risk tolerance and risk appetite for each risk category into risk monitoring measures. The consistency between risk limit and enterprise risk tolerance help the company realize its risk objective and maximize risk adjusted return.

Risk appetite not only protects value, but also creates value for the business. It helps senior management make informed decisions to maximize risk adjusted return for the shareholder. Ensuring the consistency between risk appetite and risk limits is very important. Both rating agencies and investors are concerned about whether risk appetite is properly aligned with the risk limits being set for business operation. A sound risk management practice requires risk appetite being integrated into business strategy and corporate culture.

Desired actions/features of risks management by category:

Ad Hoc

1. Unsystematic description of the company’s willingness to take risk. This could possibly be by an answer to investors, regulators or rating agencies’ inquiry and not fully linked with the company’s ability to take risk.

Basic

1. The company has a formal statement of enterprise risk tolerance which has been approved by Board of Directors (BOD). The statement should at least include target credit rating, capital adequacy, earnings volatility, and attitude to operational risk such as reputation risk and legal risk.
2. Risk appetite statement is incorporated in the risk management policy and will be reviewed annually by risk management committee and BOD.
3. When making a strategic decision, the impact is sometimes checked against enterprise risk tolerances to make sure they are not breached.

Standard

1. The company has a well established risk appetite framework which includes enterprise risk tolerance, risk appetite for each identified risk category and risk limits. Those are reviewed and approved by BOD and updated at least annually or in market turmoil.
2. The risk appetite framework considers all the constraints the company faces and reflects key stakeholders’ risk preference. They include regulators both at group level and local level, shareholders, debtors, and management.
3. There exists a consistent framework to align risk limits with enterprise risk tolerance. This is essential to make sure all the business decision is made within the company’s tolerance of risk.
4. Integration of risk appetite and strategic planning. Risk appetite framework plays an active role in providing information about risk exposures of business activities and risk reward trade off. Asset allocation and product mix are the two key areas.
5. The whole company is involved in risk appetite framework to facilitate risk identification and foster a healthy risk culture.

Advanced

1. Risk appetite framework is integrated with all the business decision, including business operation constrained by risk limits and strategic decision to fit into enterprise risk tolerance. Strategic decisions include, but are not limited to strategic asset allocation, tactic asset allocation, new business planning, capital allocation, and risk management strategies.
2. Performance measurement of management is linked to risk adjusted return or risk adjusted value.
3. Effective and company wide education and communication of risk appetite framework are in place and regularly scheduled.
4. Back testing of risk appetite framework is conducted to identify new risks, key assumption errors, and model errors.
5. Risk appetite framework is considered more of strategic risk management than risk limit system.
6. Risk appetite framework puts more efforts on emerging risks or risks hard to identify and quantify. Qualitative analysis becomes critical in corporate strategic decision.

Explore posts in the same categories: Enterprise Risk Management, Risk Appetite

Tags: Business, ERM

You can comment below, or link to this permanent URL from your own site.