Archive for the ‘Disclosure’ category

Berkshire Hathaway Risk Appetite

March 20, 2015
“we are far more conservative in avoiding risk than most large insurers. For example, if the insurance industry should experience a $250 billion loss from some mega-catastrophe – a loss about triple anything it has ever experienced – Berkshire as a whole would likely record a significant profit for the year because of its many streams of earnings. We would also remain awash in cash and be looking for large opportunities in a market that might well have gone into shock. Meanwhile, other major insurers and reinsurers would be far in the red, if not facing insolvency.”
Warren Buffett, Berkshire Hathaway Letter to Shareholders, 2014
So Berkshire is prepared to pay out claims on an event that is three times as large as anything that has ever happened.
What are Berkshire’s competitors prepared for?
Here is an excerpt from the Swiss Re 2013 Annual Report:

Risk tolerance and limit framework

Swiss Re’s risk tolerance is an expression of the extent to which the Board of Directors has authorised the Group and Business Units’ executive management to assume risk. It represents the maximum amount of risk that Swiss Re is willing to accept within the constraints imposed by its capital and liquidity resources, its strategy, its risk appetite, and the regulatory and rating agency environment within which it operates. Risk tolerance criteria are specified for the Group and Business Units, as well as for the major legal entities.

A key responsibility of Risk Management is to ensure that Swiss Re’s risk tolerance is applied throughout the business. As part of this responsibility, Risk Management ensures that our risk tolerance targets are a key basis for our business planning processes. Furthermore, both our risk tolerance and risk appetite – the types and level of risk we seek to take within our risk tolerance – are clearly reflected in a limit framework across all risk categories. The limit framework is approved at the Group EC level through the Group Risk and Capital Committee. The individual limits are established through an iterative process to ensure that the overall framework complies with our Group-wide policies on capital adequacy and risk accumulation.

So they have a number but they are not saying what it is.  But they are telling us what they do with that number.

Now here is the Risk Limit Framework from the 2013 Partner Re annual report.

Partner Re

They have a number and here it is.  But look at how much more Buffet has disclosed.  He told that for Berkshire, an event that is three times the largest event experienced by the insurance industry, the loss would be significantly less than the earnings from the investments of Berkshire’s insurance and reinsurance companies plus the earnings of its non-insurance businesses.

Partner Re, whose disclosure is light years more specific than almost any other (re)insurer, is not quite so helpful.  It is good to know that they have the disclosed limits, but they have not provided any information to tell us how much that this adds up to in their mind.  If RISKVIEWS adds them up, these limits come to $21.5B.  Adding like that is the same as assuming that they all happen at once.  If we make the opposie assumption, that they are totally independent, we get a little more than $10B.  Partner Re’s capital is $7.5B.  So when they accept these risks, they must not think that it is likely to pay out their full limit, even on a fully diversified independent risk scenario.

So even with more specific disclosure than almost any other insurer, Partner Re has not revealed how they think of their risk appetite.

On the other hand, while Berkshire has given a better sense of their risk appetite, Buffett hasn’t revealed any number.

But this seems to RISKVIEWS to be real progress.  Perhaps some combination of these three disclosures would be the whole story of risk appetite at a (re) insurer.

We shall wait and see if somehow this evolution continues until investors and policyholders can get the information to understand how well prepared a (re) insurer is to pay its claims and remain in business in a extreme situation.

 

 

ERM Disclosure (2)

August 22, 2011

In a post last week, it was noted that US insurers are starting to admit to managing their risks in their public disclosures.  The 671 word discussion of the ERM process of Travelers was reproduced.  (Notice that over 100 of those words talk about the unreliability of the ERM system. )

But disclosure of ERM processes has been much more widespread and much more extensive in other parts of the world for more than 5 years.

For Example, Munich Re’s 2010 annual report has a 20 page section titled Risk Report.  That section has sub headings such as:

Risk governance and risk management system

Risk management organisation, roles and responsibilities

Control and monitoring systems

Risk reporting

Significant risks

Underwriting risk: Property-casualty insurance

Underwriting risk: Life and health insurance

Market risk

Credit Risk

Operational risk

Liquidity risk

Strategic risk

Reputation Risk

Economic Capital

Available Financial Resources

Selected Risk Complexes

It is not just Munich Re.  Manulife’s Risk Management disclosure is 22 pages of their annual report.  Below is the introduction to that section:

Manulife Financial is a financial institution offering insurance, wealth and asset management products and services, which subjects the Company to a broad range of risks. We manage these risks within an enterprise-wide risk management framework. Our goal in managing risk is to strategically optimize risk taking and risk management to support long-term revenue, earnings and capital growth.
We seek to achieve this by capitalizing on business opportunities that are aligned with the Company’s risk taking philosophy, risk appetite and return expectations; by identifying, measuring and monitoring key risks taken; and by executing risk control and mitigation programs.
We employ an enterprise-wide approach to all risk taking and risk management activities globally. The enterprise risk management (“ERM”) framework sets out policies and standards of practice related to risk governance, risk identification, risk measurement, risk monitoring, and risk control and mitigation. With an overall goal of effectively executing risk management activities, we continuously invest to attract and retain qualified risk professionals, and to build, acquire and maintain the necessary processes, tools and systems.
We manage risk taking activities against an overall risk appetite, which defines the amount and type of risks we are willing to assume. Our risk appetite reflects the Company’s financial condition, risk tolerance and business strategies. The quantitative component of our risk appetite establishes total Company targets defined in relation to economic capital, regulatory capital required, and earnings sensitivity.
We have further established targets for each of our principal risks to assist us in maintaining appropriate levels of exposures and a risk profile that is well diversified across risk categories. In 2010, we cascaded the targets for the majority of our principal risks down to the business level, to facilitate the alignment of business strategies and plans with the Company’s overall risk management objectives.
Individual risk management programs are in place for each of our broad risk categories: strategic, market, liquidity, credit, insurance and operational. To ensure consistency, these programs incorporate policies and standards of practice that are aligned with those within the enterprise risk management framework, covering:

■ Assignment of risk management accountabilities across the organization;
■ Delegation of authorities related to risk taking activities;
■ Philosophy and appetite related to assuming risks;
■ Establishment of specific risk targets or limits;
■ Identification, measurement, assessment, monitoring, and reporting of risks; and
■ Activities related to risk control and mitigation.

Such frank discussion of risk and risk management may be seen by some US insurers’ management to be dangerous.  In the rest of the world, it is moving towards a situation where NOT discussing risk and risk management frankly and openly is a risk to management.

Which would you prefer?

ERM Discosure

August 18, 2011

Here is a tip from the IRMI about how to get started with a new ERM program:

✓ If  you  are  a  public  company,  begin  by asking  the  person  or  group  that  identifies  risks  for  SEC  reports  to  also  identify
the top three corrective actions for the next quarter. Update the list quarterly.

That sounds like a great suggestion.  RISKVIEWS has always been amazed that the standard for disclosure in the US has been to disclose risks but not to say anything about what the firm is doing about those risks.  Based upon the standard disclosures, it is almost impossible to tell the difference between a firm with state of the art risk management and a firm with almost none.

But recently, companies, even in the US, are increasingly including a mention of their risk management activities along with the required laundry list of risks.

Just picking a public firm at random, here is an excerpt from Allstate’s risk disclosure:

As a property and casualty insurer, we may face significant losses from catastrophes and severe weather events

Because of the exposure of our property and casualty business to catastrophic events, our operating results and financial condition may vary significantly from one period to the next. Catastrophes can be caused by various natural and man-made disasters, including earthquakes, volcanoes, wildfires, tornadoes, hurricanes, tropical storms and certain types of terrorism. We may incur catastrophe losses in our auto and property business in excess of: (1) those experienced in prior years, (2) those that we project would be incurred based on hurricane and earthquake losses which have a one percent probability of occurring on an annual aggregate countrywide basis, (3) those that external modeling firms estimate would be incurred based on other levels of probability, (4) the average expected level used in pricing or (5) our current reinsurance coverage limits.Despite our catastrophe management programs, we are exposed to catastrophes that could have a material adverse effect on operating results and financial condition. For example, our historical catastrophe experience includes losses relating to Hurricane Katrina in 2005 totaling $3.6 billion, the Northridge earthquake of 1994 totaling $2.1 billion and Hurricane Andrew in 1992 totaling $2.3 billion. We are also exposed to assessments from the California Earthquake Authority and various state-created catastrophe insurance facilities, and to losses that could surpass the capitalization of these facilities. Our liquidity could be constrained by a catastrophe, or multiple catastrophes, which result in extraordinary losses or a downgrade of our debt or financial strength ratings.

In addition, we are subject to claims arising from weather events such as winter storms, rain, hail and high winds. The incidence and severity of weather conditions are largely unpredictable. There is generally an increase in the frequency and severity of auto and property claims when severe weather conditions occur.

Green text coloring added by RISKVIEWS to highlight mention of risk management activities.

Another example from Travelers:

Catastrophe losses could materially and adversely affect our results of operations, our financial position and/or liquidity, and could adversely impact our ratings, our ability to raise capital and the availability and cost of reinsurance. Our property and casualty insurance operations expose us to claims arising out of catastrophes. Catastrophes can be caused by various natural events, including, among others, hurricanes and other windstorms, earthquakes, hail, wildfires, severe winter weather, floods and volcanic eruptions. Catastrophes can also be man-made, such as a terrorist attack (including those involving nuclear, biological, chemical or radiological events), explosions, infrastructure failures or a consequence of political instability. The geographic distribution of our business subjects us to catastrophe exposures in the United States, which include, but are not limited to: hurricanes from Maine through Texas; tornadoes throughout the Central and Southeast United States; earthquakes in California, the New Madrid region and the Pacific Northwest region of the United States; wildfires, particularly in the Southwest; and terrorism in major cities in the United States. In addition, our international operations subject us to catastrophe exposures in the United Kingdom, Canada and the Republic of Ireland, as well as to a variety of world-wide catastrophe exposures through our Lloyd’s operations. The incidence and severity of catastrophes are inherently unpredictable, and it is possible that both the frequency and severity of natural and man-made catastrophic events could increase. Some scientists believe that in recent years changing climate conditions have added to the unpredictability and frequency of natural disasters (including, but not limited to, hurricanes, tornadoes, other storms and fires) in certain parts of the world and created additional uncertainty as to future trends and exposures. For example, in recent years hurricane activity has impacted areas further inland than previously experienced, thus expanding our overall hurricane exposure. The catastrophe modeling tools that we use, or that we rely on from outside parties, to help manage certain of our catastrophe exposures are based on assumptions and judgments that are subject to error and mis-estimation and may produce estimates that are materially different than actual results. In addition, our increased presence in certain geographic areas, such as in the Midwest and Western regions of the United States, and any changes in climate conditions could cause our data to be more limited and our catastrophe models to be even less predictive, thus limiting our ability to effectively evaluate and manage such exposures. See ‘‘Item 7— Management’s Discussion and Analysis of Financial Condition and Results of Operations—Catastrophe Modeling’’ and ‘‘—Changing Climate Conditions.’’ The extent of losses from a catastrophe is a function of both the total amount of insured exposure in the area affected by the event and the severity of the event. Increases in the value and geographic concentration of insured property and the effects of inflation could increase the severity of claims from catastrophic events in the future. In addition, states have from time to time passed legislation, and regulators have taken action, that has the effect of limiting the ability of insurers to manage catastrophe risk, such as legislation prohibiting insurers from reducing exposures or withdrawing from catastrophe-prone areas or mandating that insurers participate in residual markets. Participation in residual market mechanisms has resulted in, and may continue to result in, significant losses or assessments to insurers, including us, and, in certain states, those losses or assessments may not be commensurate with our direct catastrophe exposure in those states. If our competitors leave those states having residual market mechanisms, remaining insurers, including us, may be subject to significant increases in losses or assessments following a catastrophe. In addition, following catastrophes, there are sometimes legislative initiatives and court decisions which seek to expand insurance coverage for catastrophe claims beyond the original intent of the policies. Also, our ability to increase pricing to the extent necessary to offset rising costs of catastrophes, particularly in the Personal Insurance segment, requires approval of regulatory authorities of certain states. Our ability or our willingness to manage our catastrophe exposure by raising prices, modifying underwriting terms or reducing exposure to certain geographies may be limited due to considerations of public policy, the evolving political environment, changes in the general economic climate and/or social responsibilities. We also may choose to write business in catastrophe-prone areas that we might not otherwise write for strategic purposes, such as improving our access to other underwriting activities. There are also risks that impact the estimation of ultimate costs for catastrophes. For example, the estimation of reserves related to hurricanes can be affected by the inability to access portions of the impacted areas, the complexity of factors contributing to the losses, the legal and regulatory uncertainties and the nature of the information available to establish the reserves. Complex factors include, but are not limited to: determining whether damage was caused by flooding versus wind; evaluating general liability and pollution exposures; estimating additional living expenses; the impact of demand surge; infrastructure disruption; fraud; the effect of mold damage; business interruption costs; and reinsurance collectability. The timing of a catastrophe’s occurrence, such as at or near the end of a reporting period, can also affect the information available to us in estimating reserves for that reporting period. The estimates related to catastrophes are adjusted as actual claims emerge and additional information becomes available. Exposure to catastrophe losses or actual losses following a catastrophe could adversely affect our financial strength and claims-paying ratings and could impair our ability to raise capital on acceptable terms or at all. Also, as a result of our exposure to catastrophe losses or actual losses following a catastrophe, rating agencies may further increase capital requirements, which may require us to raise capital to maintain our ratings or adversely affect our ratings. A ratings downgrade could hurt our ability to compete effectively or attract new business. In addition, catastrophic events could cause us to exhaust our available reinsurance limits and could adversely impact the cost and availability of reinsurance. Such events can also impact the credit of our reinsurers. For a discussion of our catastrophe reinsurance coverage, see ‘‘Item 1—Business—Reinsurance—Catastrophe Reinsurance.’’ Catastrophic events could also adversely impact the credit of the issuers of securities, such as states or municipalities, in whom we have invested. In addition, coverage in our reinsurance program for terrorism is limited. Although the Terrorism Risk Insurance Program Reauthorization Act of 2007 (the Act) provides benefits in the event of certain acts of terrorism, those benefits are subject to a deductible and other limitations. Under this law, once our losses exceed 20% of our commercial property and casualty insurance premium for the preceding calendar year, the federal government will reimburse us for 85% of our losses attributable to certain acts of terrorism which exceed this deductible up to a total industry program cap of $100 billion. Our estimated deductible under the program is $2.08 billion for 2011. In addition, because the interpretation of this law is untested, there is substantial uncertainty as to how it will be applied to specific circumstances. It is also possible that future legislative action could change the Act. Because of the risks set forth above, catastrophes such as those caused by various natural events or man-made events such as a terrorist attack, including ‘‘unconventional’’ acts of terrorism involving nuclear, biological, chemical or radiological events, could materially and adversely affect our results of operations, financial position and/or liquidity. Further, while we seek to manage our exposure to man-made catastrophic events involving conventional means, there can be no assurance that we would have sufficient resources to respond to claims arising out of one or more man-made catastrophic events involving so-called weapons of mass destruction, including nuclear, biological, chemical or radiological means.

Travelers actually has a section of the 10k devoted to Catastrophe modeling:

CATASTROPHE MODELING

The Company uses various analyses and methods, including computer modeling techniques, to analyze catastrophic events and the risks associated with them. The Company uses these analyses and methods to make underwriting and reinsurance decisions designed to manage its exposure to catastrophic events. In making underwriting and reinsurance decisions for hurricane and earthquake exposures, the Company uses third-party proprietary computer modeling in an attempt to estimate the likelihood that the loss from a single event occurring in a one-year timeframe will equal or exceed a particular amount. The tables below set forth the estimated probabilities that losses from a single event occurring in a one-year timeframe will equal or exceed the indicated loss amounts (expressed in dollars and as a percentage of the Company’s common equity). For example, on the basis described below the tables, the Company estimates that there is a one percent chance that the Company’s loss from a single U.S. hurricane occurring in a one-year timeframe would equal or exceed $1.1 billion, or 5% of the Company’s common equity at December 31, 2010. Dollars (in billions) Single U.S.

The last disclosure does provide good context for their risk level.  And their ability to even disclose this information suggests a likelihood that they may be actually using this information to manage the risk.

Travelers goes on to take the unusual step for a US insurer of actually directly addressing their ERM program in their 10k:

ENTERPRISE RISK MANAGEMENT

As a large property and casualty insurance enterprise, the Company is exposed to many risks. These risks are a function of the environments within which the Company operates. Since certain risks can be correlated with other risks, an event or a series of events can impact multiple areas of the Company simultaneously and have a material effect on the Company’s results of operations, financial position and/or liquidity. These exposures require an entity-wide view of risk and an understanding of the potential impact on all aspects of the Company. It also requires the Company to manage its risk-taking to be within its risk appetite in a prudent and balanced effort to create and preserve value for all of the Company’s stakeholders. This approach to Company-wide risk evaluation and management is commonly called Enterprise Risk Management (ERM). ERM activities involve both the identification and assessment of a broad range of risks and the execution of synchronized strategies to effectively manage such risks. Effective ERM also includes the determination of the Company’s risk capital needs, which takes into account regulatory requirements and credit rating considerations, in addition to economic and other factors. ERM at the Company is an integral part of business operations. All risk owners across all functions, all corporate leaders and the board of directors are engaged in ERM. ERM involves risk-based analytics, as well as reporting and feedback throughout the enterprise in support of the Company’s long-term financial strategies and objectives. The Company uses various methods, including sophisticated computer modeling techniques, to analyze catastrophic events and the risks associated with them. These analyses and methods are used in making underwriting and reinsurance decisions as part of managing the Company’s exposure to catastrophic events. In addition to catastrophe modeling and analysis, the Company also models and analyzes its exposure to other extreme events. These analytical techniques are an integral component of the Company’s ERM process and further support the Company’s long-term financial strategies and objectives. In addition to the day-to-day ERM activities within the Company’s business units, other key internal risk management functions include the Management Committee (comprised of the Company’s Chief Executive Officer and the other most senior members of management), the Enterprise and Underwriting Risk Committees of management, the Credit Committee, the Chief Compliance Officer, the Business Conduct Officer, the Corporate Actuarial group, the Corporate Audit group, the Accounting Policy group, the Enterprise Underwriting group and many others. A senior executive oversees the ERM process. The mission of this executive is to facilitate risk assessment and to collaborate in implementing effective risk management strategies throughout the Company. Another strategic ERM objective of this executive includes working across the Company to enhance effective and realistic risk modeling capabilities as part of the Company’s overall effort to understand and manage its portfolio of risks to be within its risk appetite. Board oversight of ERM is provided by the Risk Committee of the board of directors, which reviews the strategies, processes and controls pertaining to the Company’s insurance operations and oversees the implementation, execution and performance of the Company’s ERM program. The Company’s ERM efforts build upon the foundation of an effective internal control environment. ERM expands the internal control objectives of effective and efficient operations, reliable financial reporting and compliance with applicable laws and regulations, to fostering, leading and supporting an integrated, risk-based culture within the Company that focuses on value creation and preservation. However, the Company can provide only reasonable, not absolute, assurance that these objectives will be met. Further, the design of any risk management or control system must reflect the fact that there are resource constraints, and the benefits must be considered relative to their costs. As a result, the possibility of material financial loss remains in spite of the Company’s significant ERM efforts. An investor should carefully consider the risks and all of the other information set forth in this annual report, including the discussions included in ‘‘Item 1A—Risk Factors,’’ ‘‘Item 7A—Quantitative and Qualitative Disclosures About Market Risk,’’ and ‘‘Item 8—Financial Statements and Supplementary Data.’’

And finally, Travelers does disclose in the list of management that there are two senior executives, out of about 50 listed, with the words “Enterprise Risk Management” as a part of their title.

Reporting on an ERM Program

August 15, 2011

In a recent post, RISKVIEWS stated six key parts to ERM.  These six ideas can act as the outline for describing an ERM Program.  Here is how they could be used:

1.  Risks need to be diversified.  There is no risk management if a firm is just taking one big bet.

REPORT: Display the risk profile of the firm.  Discuss how the firm has increased or decreased diversification within each risk and between risks in the recent past.  Discuss how this is a result of deliberate risk and diversification related choices of the firm, rather than just a record of what happened as a result of other totally unrelated decisions. 

2.  Firm needs to be sure of the quality of the risks that they take.  This implies that multiple ways of evaluating risks are needed to maintain quality, or to be aware of changes in quality.  There is no single source of information about quality that is adequate.

REPORT:  Display the risk quality of the firm.  Discuss how the firm has increased or decreased risk quality in the recent past and the reasons for those changes.  Discuss how risk quality is changing in the marketplace and how the firm maintains the quality of the risks that are chosen.

3.  A control cycle is needed regarding the amount of risk taken.  This implies measurements, appetites, limits, treatment actions, reporting, feedback.

REPORT:  The control cycle will be described in terms of who is responsible for each step as well as the plans for remediation should limits be breached.  A record of breaches should also be shown.  (Note that a blemish-less record might be a sign of good control or it might simply mean that the limits are ineffectively large.)  Emerging risks should have their own control cycle and be reported as well.

4.  The pricing of the risks needs to be adequate.  At least if you are in the risk business like insurers, for risks that are traded.  For risks that are not traded, the benefit of the risk needs to exceed the cost in terms of potential losses.

REPORT:  For General Insurance, this means reporting combined ratio.  In addition, it is important to show how risk margins are similar to market risk margins.  Note that products with combined ratios over 100% may or may not be profitable if the reserves do not include a discount for interest.  This is accomplished by mark-to-market accounting for investment risks.  Some insurance products have negative value when marked to market (all-in assets and liabilities) because they are sold with insufficient risk margins.  This should be clearly reported, as well as the reasons for that activity.  

5.  The firm needs to manage its portfolio of risks so that it can take advantage of the opportunities that are often associated with its risks.  This involves risk reward management.

REPORT:  Risk reward management requires determining return on risk for all activities as well as a planning process that starts with projections of such and a conscious choice to construct a portfolio of risks.  This process has its own control cycle.  The reporting for this control cycle should be similar to the process described above.  This part of the report needs to explain how management is thinking about the diversification benefits that potentially exist from the range of diverse risks taken.  

6.   The firm needs to provision for its retained risks appropriately, in terms of set asides (reserves or technical provisions) for expected losses and capital for excess losses.

REPORT:  Losses can be shown in four layers, expected losses, losses that decrease total profits, losses that exceed gains from other sources but that are less than capital and losses that exceed capital.  The likelihood of losses in each of those four layers should be described as well as the reasons for material changes.  Some firms will choose to report their potential losses in two layers, expected losses, losses that reach a certain likelihood (usually 99.5% in a year or similar likelihood).  However, regulators should have a high interest in the nature and potential size of those losses in excess of capital.  The determination of the likelihood of losses in each of the four layers needs to reflect the other five aspects of ERM and when reporting on this aspect of ERM, discussion of how they are reflected would be in order.  

Risk Management Success

March 8, 2011

Many people struggle with clearly identifying how to measure the success of their risk management program.

But they really are struggling with is either a lack of clear objectives or with unobtainable objectives.

Because if there are clear and obtainable objectives, then measuring success means comparing performance to those objectives.

The objectives need to be framed in terms of the things that risk management concentrates upon – that is likelihood and severity of future problems.

The objectives need to be obtainable with the authority and resources that are given to the risk manager.  A risk manager who is expected to produce certainty about losses needs to either have unlimited authority or unlimited budget to produce that certainty.

The most difficult part of judging the success of a risk management program is when those programs are driven by assessments of risk that end up being totally insufficient.  But again the real answer to this issue is authority and budget.  If the assumptions of the model are under the control of the risk manager, that is totally under the risk manager’s control, then the risk manager would be prudent to incorporate significant amounts of margin either into the model or into the processes that use the model for model risk.  But then the risk manager is incented to make the model as conservative as their imagination can make it.  The result will be no business – it will all look too risky.

So a business can only work if the model assumptions are the join responsibility of the risk manager and the business users.

But there are objectives for a risk management program that can be clear and obtainable.  Here are some examples:

  1. The Risk Management program will be compliant with regulatory and/or rating agency requirements
  2. The Risk Management program will provide the information and facilitate the process for management to maintain capital at the most efficient level for the risks of the firm.
  3. The Risk Management program will provide the information and facilitate the process for management to maintain profit margins for risk (pricing in insurance terms) at a level consistent with corporate goals.
  4. The Risk Management program will provide the information and facilitate the process for management to maintain risk exposures to within corporate risk tolerances and appetites.
  5. The Risk Management program will provide the information and facilitate the process for management and the board to set and update goals for risk management and return for the organization as well as risk tolerances and appetites at a level and form consistent with corporate goals.
  6. The Risk Management program will provide the information and facilitate the process for management to avoid concentrations and achieve diversification that is consistent with corporate goals.
  7. The Risk Management program will provide the information and facilitate the process for management to select strategic alternatives that optimize the risk adjusted returns of the firm over the short and long term in a manner that is consistent with corporate goals.
  8. The Risk Management program will provide information to the board and for public distribution about the risk management program and about whether company performance is consistent with the firm goals for risk management.

Note that the firm’s goals for risk management are usually not exactly the same as the risk management program’s goals.  The responsibility for achieving the risk management goals is shared by the management team and the risk management function.

Goals for the risk management program that are stated like the following are the sort that are clear, but unobtainable without unlimited authority and/or budget as described above:

X1  The Risk Management program will assure that the firm maintains profit margins for risk at a level consistent with corporate goals.

X2  The Risk Management program will assure that the firm maintains risk exposures to within corporate risk tolerances and appetites so that losses will not occur that are in excess of corporate goals.

X3  The Risk Management program will assure that the firm avoids concentrations and achieve diversification that is consistent with corporate goals.

X4  The Risk Management program will assure that the firm selects strategic alternatives that optimize the risk adjusted returns of the firm over the short and long term in a manner that is consistent with corporate goals.

The worst case situation for a risk manager is to have the position in a firm where there are no clear risk management goals for the organization (item 4 above) and where they are judged on one of the X goals but which one that they will be judged upon is not determined in advance.

Unfortunately, this is exactly the situation that many, many risk managers find themselves in.

Reconciling Risk Concerns

June 6, 2010

From Jean-Pierre Berliet

Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM were shown to reconcile the risk concerns of policyholders and shareholders.

Creditors, including policyholders, and rating agencies or regulators whose mission it is to protect creditors, and shareholders are all interested in the financial health of an insurer, but in different ways. Creditors want to be assured that an insurance company will be able to honor its obligations fully and in a timely manner. For creditors, the main risk question is: what is the risk of the business? This is another way to ask whether the company will remain solvent.

Shareholders, however, are interested in the value of the business as a going concern, in how much this value might increase and by how much it might decline. For shareholders, the main risk question is: what is the risk to the business? Shareholders are interested in what ERM can do to increase and protect the value of their investment in a company. While both creditors and shareholders are interested in the tail of the distribution of financial results, as an indicator of solvency risk, shareholders are also very interested in the mean of these financial results and their volatility, which could have an adverse impact on the value of their investment.

Policyholders and shareholders’ views are different but not incompatible: a company could not stay in business if it were not able to persuade regulators that it will remain solvent and should be allowed to keep its license, or obtain from rating agencies a rating suitable for the business it writes.  Its value to investors would be significantly impaired..

Insurers recognize that the main drivers of their risk profile are financial risks, including insurance risk accumulations and concentrations, and the related market risk associated with their investment activities. They understand that resulting risks are best controlled at the point of origination through appropriate controls on underwriting and pricing and through reinsurance and asset allocation strategies that limit the volatility of financial outcomes. Stochastic modeling is being used more broadly by companies to understand how such risks accumulate, interact and develop over time and to evaluate strategies that enhance the stability of outcomes. Capital adequacy is the ultimate defense against severe risk “surprises” from insurance and investment activities. It is of interest to policyholders who want to be certain to collect on their claims, but also to shareholders who want assurance that a company can be viewed as a going concern that will write profitable business in the future.

Methodologies used by rating agencies on behalf of creditors describe in detail how the rating process deals with the three main drivers of a company’s financial position and of the volatility (risk) of this position. In response to rating agency concerns, insurance companies focus on determining how much “economic capital” they need to remain solvent, as a first step toward demonstrating the adequacy of their capital. Analyses they perform involve calculation of the losses they can suffer under scenarios that combine the impact of all the risks to which they are exposed. This “total risk” approach and the related focus on extreme loss scenarios (“high severity/low frequency” scenarios) are central to addressing creditors’ concerns.

To address the solvency concerns of creditors, rating agencies and regulators and the value risk of shareholders, insurance companies need to know their complete risk profile and to develop separate risk metrics for each group of constituents. Knowledge of this risk profile enables them to identify the distinct risk management strategies that they need to maintain high ratings while also protecting the value of their shareholders’ investment. Leading ERM companies have become well aware of this requirement and no longer focus solely on tail scenarios to develop their risk management strategies.

(more…)

Window Dressing

May 26, 2010

The Wall Street Journal reported today that banks are again very actively doing significant amounts of end out the quarter clean-up that is otherwise known as “window dressing“.

This is a practice that works well, allowing banks to hold capital (figured on their quarter end balance sheets) that is much lower than the risk levels that they are using to create their profits.  This makes them look safer to investors in addition to boosting their ROE.

And while it probably is within the rules of Basel II, it violates the underlying idea behind Pillar 1 and Pillar 3.

The idea behind Pillar 1 is that the banks should hold capital for their risks.  This window dressing practice clearly illustrates one of the major logical flaws in the application of Pillar 1.

To understand the flaw, you need to think for a minute about what the capital is for.  It is not actually for the risks that the bank held during the quarter, nor is it mostly for the risks that happen to be on the balance sheet as of the end of the quarter.  It is primarily to protect the bank in the event of losses form the risks that the banks will be exposed to during the next quarter.  The beginning of quarter balance sheet is being used as a proxy for the risks over the coming quarter.

For a firm that has a highly disciplined risk management process, it would actually make more sense for the firm to hold capital for the RISK LIMITS that it has extended for the coming quarter.  That would be a firm where you could rely upon them to keep their risks within their risk limits for the most part. This makes more sense than holding capital for some arbitrary point in time.  The window dressing proves that point better than any possible theoretical argument.  Besides being the wrong idea, it is subject to easy manipulation.

For firms that are not disciplined in keeping their risks within their risk limits, something higher than the level of capital on their risk limits would be the logical level.  For these firms it would make sense to keep track of the degree to which they exceed their limits (at maximum) and charge them for capital at a level above that.  Say for example 200%.  So if a firm exceeds its risk limits by 10% at maximum in a quarter, their capital for the next quarter would be 120% of the capital needed to support their risk limits for the following quarter.

This check on risk discipline would have several benefits.  It moves the easy possibility of manipulation away from the capital level.  The “legal” window dressing would have to be replaced by fraudulent manipulation of risk reports to fix the capital level.  In addition, disclosure of the degree to which a bank exceeds its risk limit could be disclosed under Pillar 3 and then investors and counterpraties could give their reaction to a bank that cannot control its risks exposures.

In addition, this same logic could be applied to insurers under Solvency II.  There is no reason why insurance regulators need to follow the flawed logic of the banking regulators.

Addendum:  Above I say that the window dressing works well.  That is only partly true.  Sometimes, it does not work at all.  And banks can become stuck with risks and losses from those risks that are far larger than what they had been disclosing.  That happens when markets freeze up.

You see, if many banks are doing the same sorts of window dressing, they all run the risk that there will be too many sellers and not enough buyers for those couple of days at the end of the quarter.  Or maybe just for that one night.  And the freeze is likeliest when the losses are about tho strike.

So in reality, window dressing is not a good plan if you believe that things can ever go poorly.


%d bloggers like this: