You need good Risk Sense to run an insurance company
It seems to happen all too frequently.
A company experiences a bad loss and the response of management is that they were not aware that the company had such a risk exposure.
For an insurance company, that response just isn’t good enough. And most of the companies where management has given that sort of answer were not insurers.
At an insurance company, managers all need to have a good Risk Sense.
Risk Sense is a good first order estimate of the riskiness of all of their activities.
Some of the companies who have resisted spending the time, effort and money to build good risk models are the companies whose management already has an excellent Risk Sense. Management does not see the return for spending all that is required to get what is usually just the second digit.
By the way, if you think that your risk model provides reliable information beyond that second digit, you need to spend more time on model validation.
To have a reliable Risk Sense, you need to have reliable risk selection and risk mitigation processes. You need to have some fundamental understanding of the risks that are out there in the areas in which you do business. You also need to be constantly vigilant about changes to the risk environment that will require you to adjust your perception of risk as well as your risk selection and mitigation practices.
Risk Sense is not at all a “gut feel” for the risk. It is instead more of a refined heuristic. (See Evolution of Thinking.) The person with Risk Sense has the experience and knowledge to fairly accurately assess risk based upon the few really important facts about the risks that they need to get to a conclusion.
The company that needs a model to do basic risk assessment, i.e. that does not have executives who have a Risk Sense, can be highly fragile. That is because risk models can be highly fragile. Good model building actually requires plenty of risk sense.
The JP Morgan Chase experiences with the “London Whale” were a case of little Risk Sense and staff who exploited that weakness to try to get away with excessive risk taking. They relied completely on a model to tell them how much risk that they were taking. No one looked at the volume of activity and had a usual way to create a good first order estimate of the risk. The model that they were using was either inaccurate for the actual situation that they were faced with or else it was itself gamed.
A risk management system does not need to work quite so hard when executives have a reliable Risk Sense. If an executive can look at an activity report and apply their well honed risk heuristics, they can be immediately informed of whether there is an inappropriate risk build up or not. They need control processes that will make sure that the risk per unit of activity is within regular bounds. If they start to have approved activities that involve situations with much higher levels of risk per unit of activity, then their activity reports need to separate out the more risky activities.
Models are too fragile to be the primary guide to the level of risk. Risk taking organizations like insurers need Risk Sense.