CRO’s Talk @ #ICA2014


Notes from two sessions:

Top Risks:

  • Market Risk
  • Operational Risk
  • Credit Risk – Spread + Default
  • Longevity
  • Regulation – Multiple and conflicting requirements from Local, Regional and International regulators
  • Regulations – constantly changing
  • Prolonged Low interest Rates

What are Insurers doing in response to top risks:

  • Hedging
  • Not getting paid for all risks that they take
  • CRO acts as buffer for regulatory risk – best response is regular discussions with regulator

Senior Management buy in is most important for CRO and success of ERM

Need a diverse ERM team

Risk management folks in Business Units are an important source of information about what is going on

Three lines of defense:  BU risk taking are primarily responsible, RM provides risk measurement and risk policies, Audit provides assurance of compliance with policies and limits

CRO is part of value creation chain.  But needs to avoid any conflicts of interest

One CRO has his own model, does not depend on business unit model.

With multiple models that is a risk of spending too much analytical time on cross model validation and not enough using model

Need to pay attention to PV of future benefits of current plans

Look at scenarios that are not in the models

Focus should be on the really key parameters for the risks that have a real impact on the balance sheet

Almost impossible to get interdependency correct

ORSA requirements mean that one company that had been doing internal solvency assessment for over 10 years must increase efforts and especially documentation

CRO is the Face of the ERM program to internal and external audiences

CRO must engage with BU leaders as an equal in the organization

CRO heads the Risk and Control Committee

Primary function of Risk function is challenge and oversight

CRO leads a full day ERM meeting with the board once per year

ORSA sign-off is new board role – focuses attention (Bermuda)

Board engagement depends on good communication about risk – not too technical

New board members get risk education session – had been only for new members of risk committee, but other board members complained and insisted

First time for public risk and risk management disclosures.  Highly concerned about interpretation and questions from various audiences

Regulation is having too much influence on Risk Management priorities – using up the RM budget and resources with things that would not otherwise be a priority to the company

But regulatory focus means higher priority and notice of RM in company

Regulators may be going overboard with local capital requirements resulting in stranded capital for some groups, reducing the value of diversification and increasing the cost of insurance

One group has model for regulatory report that does not necessarily fit with local requirements – CRO must resolve

CRO does not want to be DR. NO – RM should be adviser to business

Strategy advisor – managing a portfolio of risks – Risk Tolerances tied to Risk limits based upon capital budgeting concerns

CRO contribution to risk controlling – making the mitigation more effective or less costly

Explaining risk culture – why does the company have limits and do risk mitigation

Top Challenges:

  • Staying on top of constantly changing regulatory changes
  • Internal positioning of Risk – not the technocrats of risk
  • State of Flux of everything – lots of changes – rules still evolving – need to help company to navigate
  • Establishing and maintaining role of CRO as strategic advisor
  • Turnover of top management – making sure new managers are up to speed with risk management framework
  • Risk culture – what the employees do when no on is looking.  Getting everyone to make the same sorts of choices
  • How to get risk function involved in supporting corporate goals
  • Group risk policy much too detailed.  Risk principles may conflict with detailed policies.

CRO must be willing to Fall on their sword.  That is just part of the job.  Must be willing to challenge when things are not right.  Actuarial standards are good support for this.

Lots more.  Get the recordings when they are available.




Explore posts in the same categories: Enterprise Risk Management


You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: