Archive for the ‘Emerging Risks’ category

Top 10 RISKVIEWS Posts of 2014 – ORSA Heavily Featured

December 29, 2014

RISKVIEWS believes that this may be the best top 10 list of posts in the history of this blog.  Thanks to our readers whose clicks resulted in their selection.

  • Instructions for a 17 Step ORSA Process – Own Risk and Solvency Assessment is here for Canadian insurers, coming in 2015 for US and required in Europe for 2016. At least 10 other countries have also adopted ORSA and are moving towards full implementation. This post leads you to 17 other posts that give a detailed view of the various parts to a full ORSA process and report.
  • Full Limits Stress Test – Where Solvency and ERM Meet – This post suggests a link between your ERM program and your stress tests for ORSA that is highly logical, but not generally practiced.
  • What kind of Stress Test? – Risk managers need to do a better job communicating what they are doing. Much communications about risk models and stress tests is fairly mechanical and technical. This post suggests some plain English terminology to describe the stress tests to non-technical audiences such as boards and top management.
  • How to Build and Use a Risk Register – A first RISKVIEWS post from a new regular contributor, Harry Hall. Watch for more posts along these lines from Harry in the coming months. And catch Harry on his blog, http://www.pmsouth.com
  • ORSA ==> AC – ST > RCS – You will notice a recurring theme in 2014 – ORSA. That topic has taken up much of RISKVIEWS time in 2014 and will likely take up even more in 2015 and after as more and more companies undertake their first ORSA process and report. This post is a simple explanation of the question that ORSA is trying to answer that RISKVIEWS has used when explaining ORSA to a board of directors.
  • The History of Risk Management – Someone asked RISKVIEWS to do a speech on the history of ERM. This post and the associated new permanent page are the notes from writing that speech. Much more here than could fit into a 15 minute talk.
  • Hierarchy Principle of Risk Management – There are thousands of risks faced by an insurer that do not belong in their ERM program. That is because of the Hierarchy Principle. Many insurers who have followed someone’s urging that ALL risk need to be included in ERM belatedly find out that no one in top management wants to hear from them or to let them talk to the board. A good dose of the Hierarchy Principle will fix that, though it will take time. Bad first impressions are difficult to fix.
  • Risk Culture, Neoclassical Economics, and Enterprise Risk Management – A discussion of the different beliefs about how business and risk work. A difference in the beliefs that are taught in MBA and Finance programs from the beliefs about risk that underpin ERM make it difficult to reconcile spending time and money on risk management.
  • What CEO’s Think about Risk – A discussion of three different aspects of decision-making as practiced by top management of companies and the decision making processes that are taught to quants can make quants less effective when trying to explain their work and conclusions.
  • Decision Making Under Deep Uncertainty – Explores the concepts of Deep Uncertainty and Wicked Problems. Of interest if you have any risks that you find yourself unable to clearly understand or if you have any problems where all of the apparent solutions are strongly opposed by one group of stakeholders or another.

ERM on WillisWire

December 3, 2013

Risk Management: Adaptability is Key to Success

swiss-army-knife_645x400

There is no single approach to risk management that will work for all risks nor, for any one risk, is there any one approach to risk management that will work for all times. Rational adaptability is the strategy of altering … Continue reading →


Resilience for the Long Term

Resilient Sprout in Drought

In 1973, CS Holling, a biologist, argued that the “Equilibrium” idea of natural systems that was then popular with ecologists was wrong.He said that natural systems went through drastic, unpredictable changes – such systems were “profoundly affected by random events”.  … Continue reading →


Management is Needed: Not Incentive Compensation

Bizman in Tie

Many theoreticians and more than a few executives take the position that incentive compensation is a powerful motivator. It therefore follows that careful crafting of the incentive compensation program is all that it takes to get the most out of a … Continue reading →


A Gigantic Risk Management Entertainment System

game-controller-in-room_645x400

As video gaming has become more and more sophisticated, and as the hardware to support those games has become capable of playing movies and other media, video game consoles have now become “Entertainment Systems”.  Continue reading →


Panel at ERM Symposium: ERM for Financial Intermediaries

SS Meaning of Risk Mgmt  77408059 April 23 12

Insurance company risk managers need to recognize that traditional activities like underwriting, pricing and reserving are vitally important parts of managing the risks of their firm. Enterprise risk management (ERM) tends to focus upon only two or three of the … Continue reading →


ERM Symposium Panel: Actuarial Professional Risk Management

SS Risk Button - Blank Keys  53606569 April 23

In just a few days, actuaries will be the first group of Enterprise Risk Management (ERM) professionals to make a commitment to specific ERM standards for their work. In 2012, the Actuarial Standards Board passed two new Actuarial Standards of … Continue reading →


Has the Risk Profession Become a Spectator Sport?

The 2013 ERM Symposium goes back to Chicago this year after a side trip to DC for 2012. This is the 11th year for the premier program for financial risk managers. Continue reading →


What to Do About Emerging Risks…

snake-hatching_645x400

WillisWire has on several occasions featured opinions from a large number of our contributors about what might be the next emerging risk in various sectors. But what can be done once you have identified an emerging risk? Continue reading →


U.S. Insurers Need to Get Ready for ORSA

paperwork

Slowly, but surely, and without a lot of fanfare, U.S. insurance regulators have been orchestrating a sea change in their interaction with companies over solvency.  Not as dramatic as Solvency II in Europe, but the U.S. changes are actually happening … Continue reading →


Resiliency vs. Fragility

TREES_645_400(2)

Is there really a choice?  Who would choose to be Fragile over Resilient? Continue reading →

– See more at: http://blog.willis.com/author/daveingram/#sthash.xxAR1QAP.dpuf

EMERGING RISKS SURVEY

October 24, 2013

 TAKE PART IN THE ANNUAL EMERGING RISKS SURVEY

The Joint Risk Management Section, sponsored by the Casualty Actuarial Society, Canadian Institute of Actuaries, and the Society of Actuaries, is interested in better understanding how risk managers deal with emerging risks. 

This online survey is a follow-up to earlier surveys of emerging risks and will help to provide insight to evolving trends.

We would greatly appreciate you taking the time to complete the survey by November 12. It should take about 10 minutes to complete the basic survey. We hope you will share your thoughts and experiences in comment boxes.
All responses are anonymous.

If you have questions about the survey, please contact Barbara Scott.

Thanks very much for your consideration!
 

Follow this link to the Survey:
Take the Survey

Or copy and paste the URL below into your internet browser:
http://soa.qualtrics.com/WRQualtricsSurveyEngine/?SID=SV_enCCsQQRC69rImF&RID=MLRP_42djj6AnslfxzjT&_=1

Why some think that there is No Need for Storm Shelters

May 22, 2013

The BBC featured a story about the dearth of storm shelters in the area hit last week by tornadoes.

Why so few storm shelters in Tornado Alley hotspot?

The story goes on to discuss the fact that Americans, especially in red states like Oklahoma, strongly prefer keeping the government out of the business of providing things like storm shelters, allowing that to be an individual option.  Then reports that few individuals opt to spend their money on shelters.

The answer might well be in the numbers…

Below, from the National Oceanic and Atmospheric Administration (NOAA) is a list of the 25 deadliest tornadoes in US history:

1. Tri-State (MO, IL, IN) – March 18, 1925 – 695 deaths
2. Natchez, MS – May 6, 1840 – 317 deaths
3. St. Louis, MO – May 27, 1896 – 255 deaths
4. Tupelo, MS – April 5, 1936 – 216 deaths
5. Gainesville, GA – April 6, 1936 – 203 deaths
6. Woodward, OK – April 9, 1947 – 181 deaths
7. Joplin, MO – May 22, 2011 – 158 deaths
8. Amite, LA, Purvis, MS – April 24, 1908 – 143 deaths
9. New Richmond, WI – June 12, 1899 – 117 deaths
10. Flint, MI – June 8, 1953 – 116 deaths
11. Waco, TX – May 11, 1953 – 114 deaths
12. Goliad, TX – May 18, 1902 – 114 deaths
13. Omaha, NE – March 23, 1913 – 103 deaths
14. Mattoon, IL – May 26, 1917 – 101 deaths
15. Shinnston, WV – June 23, 1944 – 100 deaths
16. Marshfield, MO – April 18, 1880 – 99 deaths
17. Gainesville, GA – June 1, 1903 – 98 deaths
18. Poplar Bluff, MO – May 9, 1927 – 98 deaths
19. Snyder, OK – May 10, 1905 – 97 deaths
20. Comanche, IA & Albany, IL – June 3, 1860 – 92 deaths
21. Natchez, MS – April 24, 1908 – 91 deaths
22. Worcester, MA – June 9, 1953 – 90 deaths
23. Starkville, MS to Waco, AL -April 20, 1920 – 88 deaths
24. Lorain & Sandusky, OH – June 28, 1924 – 85 deaths
25. Udall, KS – May 25, 1955 – 80 deaths

Looks scary and impressively dangerous.  Until you look more carefully at the dates.  Most of those events are OLD.  In fact, if you look at this as a histogram, you see something interesting…

Deadly Tornadoes

You see from this chart, why there are few storm shelters.  Between the 1890’s and 1950’s, there were at least two very deadly tornadoes per decade.  Enough to keep people scared.  But before the last week, there had not been a decade in over 50 years with any major events.  50  years is a long time to go between times when someone somewhere in the US needed a storm shelter to protect them from a very deadly storm.

This is not to say that there have not been storms in the past 50 years.  The chart below from the Washington Post, shows the losses from tornadoes for that same 50 year period and the numbers are not small.

It is RISKVIEWS’ guess that in the face of smaller, less deadly but destructive storms, people are much more likely to attribute their own outcome to some innate talent that they have and the losers do not have.  Sort of like the folks who have had one or several good experiences at the slot machines who believe that they have a talent for gambling.

Another reason is that almost 45% of storm fatalities are folks who live in trailers.  They often will not even have an option to build their own storm shelter.  There it is probably something that could be addressed by regulations regarding zoning of trailer parks.

Proper risk management can only be done in advance.  The risk management second guessing that is done after the fact helps to create a tremendous drag on society.  We are forced into spending money to prevent recurrence of the last disaster, regardless of whether that expenditure makes any sense at all on the basis of frequency and severity of the potential adverse events or not.

We cannot see the future as clearly as we can see the past.  We can only prepare for some of the possible futures. 

The BBC article stands on the side of that discussion that looks back after the fact and finds fault with whoever did not properly see the future exactly as clearly as they are now able to see the past.

A simple recent example of this is the coverage of the Boston Marathon bombers.  Much has been made of the fact that there were warnings about one or more members of the family before the event.  But no one has chosen to mention how many others who did not commit bombings were there similar or even much more dire warnings about.  It seems quite likely, that the warnings about these people were dots in a stream of hundreds of thousands of similar warnings.

Learnings from the Superstorm

April 29, 2013

From the FSOC 2013 Annual Report with minor paraphrasing…

• Planning and testing: It is important that your company and all of your important counterparties, vendors, and sub contractees, fully understand the functionality of contingency systems, and that key operations and business personnel communicate efficiently to assure enterprise-wide clarity. Expanded testing exercises would enhance assurance of failover reliability. Such testing should involve all parties inside and outside your firm that you depend upon to continue functioning, and should also involve providers of essential services such as power, water, and telecommunications.

• Incident management: Protocols for assuring a timely decision on whether and when to close or open the company would benefit from review and streamlining by the responsible parties. Likewise, protocols for assuring timely decisions within the firm on whether and when to leverage back-up sites would benefit from continued regular testing. Furthermore, operational interdependencies need to be fully incorporated in the decision-making process.

• Personnel: The resilience of critical components of the company requires geographic dispersal of both electronic systems and personnel sufficient to enable an organization to operate despite the occurrence of a wide-scale disruption affecting the metropolitan or geographic area of the organization’s primary operations, including communities economically integrated with, adjacent to, or within normal commuting distance of the primary operations area. Organizations, including major firms, need to continuously and rigorously analyze their routine positioning and emergency repositioning of key management and staff. This is an ongoing requirement as technology, market structure, and institutions evolve rapidly. Developed business continuity plans should be implemented, and key staff should be sent to disaster recovery sites when there is advance notice of events.

• Dependencies: Cross-industry interdependencies require constant review, reassessment, and improvement by organizations to mitigate the impact of energy, power, transport, and communications failures during severe incidents, and to help ensure reliable redundancy.

Future Uncertainty

April 16, 2013

Often called emerging risks. Going back to Knight’s definitions of Risk and Uncertainty, there is very little risk contained in these potential situations.  Emerging risks are often pure uncertainty.  Humans are good at finding patterns.  Emerging risks are breaks in patterns.

What to Do about Emerging Risks…

Emerging risks are defined by AM Best as “new or evolving risks that are difficult to manage because their identification, likelihood of occurrence, potential impacts, timing of occurrence or impact, or correlation with other risks, are highly uncertain.” An example from the past is asbestos; other current examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. Lloyd’s, a major sufferer from the former emerging risk of asbestos, takes emerging risks very seriously. They think of emerging risks as “an issue that is perceived to be potentially significant but which may not be fully understood or allowed for in insurance terms and conditions, pricing, reserving or capital setting”.

What do the rating agencies expect?

AM Best says that insurers need “sound risk management practices relative to its risk profile and considering the risks inherent in the liabilities it writes, the assets it acquires and the market(s) in which it operates, and takes into consideration new and emerging risks.” In 2013, Best has added a question asking insurers to identify emerging risks to the ERM section of the SRQ. Emerging Risks Management has been one of the five major pillars of the Standard & Poor’s Insurance ERM ratings criteria since 2006.

How do you identify emerging risks?

A recent report from the World Economic Forum, The Global Risks 2012 report is based on a survey of 469 experts from industry, government, academia and civil society that examines 50 global risks. Those experts identified 8 of those 50 risks as having the most significance over the next 10 years:

  •   Chronic fiscal imbalances
  •   Cyber attacks
  •   Extreme volatility in energy and agriculture prices
  •   Food shortage crises
  •   Major systemic financial failure
  •   Rising greenhouse gas emissions
  •   Severe income disparity
  •   Water supply crises

This survey method for identifying or prioritizing risks is called the Delphi method and can be used by any insurer. Another popular method is called environmental scanning which includes simply reading and paying attention for unusual information about situations that could evolve into future major risks.

What can go wrong?

Many companies do not have any process to consider emerging risks.  At those firms, managers usually dismiss many possible emerging risks as impossible.  It may be the company culture to scoff at the sci fi thinking of the emerging risks process.  The process Taleb describes of finding ex post explanation for emerging Black Swan risks is often the undoing of careful plans to manage emerging risk.  In addition, lack of imagination causes some managers to conclude that the past worst case is the outer limit for future losses.

What can you do about emerging risks?

The objectives for emerging risks management are just the same as for other more well-known risks: to reduce the frequency and severity of future losses. The uncertain nature of emerging risks makes that much more difficult to do cost effectively. Insurers can use scenario testing to examine potential impact of emerging risks and to see what actions taken in advance of their emergence might lessen exposures to losses. This scenario testing can also help to identify what actions might lessen the impact of an unexpected loss event that comes from a very rapidly emerging risk. Finally, insurers seek to identify and track leading indicators of impending new risk emergence.

Reinsurance is one of the most effective ways to protect against emerging risks, second only to careful drafting of insurance contract terms and conditions

Many of the largest insurers and reinsurers have developed very robust practices to identify and to prepare for emerging risks.  Other companies can learn from the insurers who practice emerging risk management and adapt the same processes to their emerging risks.

Normal risk control processes focus on everyday risk management, including the management of identifiable risks and/or risks where uncertainty and unpredictability are mitigated by historical data that allow insurers to estimate loss distribution with reasonable confidence. Emerging risk management processes take over for risks that do not currently exist but that might emerge at some point due to changes in the environment. Emerging risks may appear abruptly or slowly and gradually, are difficult to identify, and may for some time represent an ill formed idea more than factual circumstances. They often result from changes in the political, legal, market, or physical environment, but the link between cause and effect is fully known in advance. An example from the past is asbestos; other examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. 
For these risks, normal risk identification and monitoring will not work because the likelihood is usually completely unknown. Nevertheless, past experience shows that when they materialize, they have a significant impact on the insurers and therefore cannot be excluded from a solid risk management 
program. So insurers have implemented unique specific strategies and approaches to cope with them properly.

Identifying emerging risks

Emerging risks have not yet materialized or are not yet clearly defined and can appear abruptly or very slowly. Therefore, having some sort of early warning system in place, methodically identified either through internal or external sources, is very important. To minimize the uncertainty surrounding these risks, insurers will consistently gather all existing relevant information to amass preliminary evidence of emerging risks, which would allow the insurer to reduce or limit growth of exposure as the evidence becomes more and more certain.  However, Insurers practicing this discipline will need to be aware of the cost of false alarms.

Assessing their significance

Assess the relevance (i.e. potential losses) of the emerging risks linked to a company’s commitment— which classes of business and existing policies would be affected by the materialization of the risk—and continue with the assessment of the potential financial impact, taking into account potential correlation with other risks already present in the firm. For an insurer, the degree of concentration and correlation of the risks that they have taken on from their customers are two important parameters to be considered; the risk in question could be subject to very low frequency/high intensity manifestations, but if exposure to that particular risk is limited, then the impact on the company may not be as important. On the other hand, unexpected risk correlations should not be underestimated; small individual exposures can coalesce into an extreme risk if underlying risks are highly interdependent. When developing extreme scenarios, some degree of imagination to think of unthinkable interdependencies could be beneficial.

A further practice of insurers is to sometimes work backwards from concentrations to risks. Insurers might envision risks that could apply to their concentrations and then track for signs of risk emergence in those areas. Some insurers set risk limits for insurance concentrations that are very similar to investment portfolio credit limits, with maximum concentrations in specific industries in geographic or political regions. In addition, just as investment limits might restrict an insurer’s debt or equity position as a percentage of a company’s total outstanding securities, some insurers limit the percentage of coverage they might offer in any of the sectors described above.

Define appropriate responses

Responses to emerging risks might be part of the normal risk control process, i.e., risk mitigation or transfer, either through reinsurance (or retrocession) in case of insurance risks, through the financial markets for financial risks, or through general limit reduction or hedging. When these options are not available or the insurer decides not to use them, it must be prepared to shoulder significant losses, which can strain a company’s liquidity.  Planning access to liquidity is a basic part of emerging risk management.  Asset-selling priorities, credit facilities with banks, and notes programs are possible ways of managing a liquidity crisis.

Apart from liquidity crisis management, other issues exist for which a contingency plan should be identified in advance. The company should be able to quickly estimate and identify total losses and the payments due. It should also have a clear plan for settling the claims in due time so as to avoid reputation issues. Availability of reinsurance is also an important consideration: if a reinsurer were exposed to the same risks, it would be a sound practice for the primary insurer to evaluate the risk that the reinsurer might delay payments.

Advance Warning Process

For the risks that have identified as most significant and where the insurer has developed coherent contingency plans, the next step is to create and install an advanced warning process.  To do that, the insurer identifies key risk indicators that provide an indication of increasing likelihood of a particular emerging risk.

Learn

Finally, sound practices for managing emerging risks include establishing procedures for learning from past events. The company will identify problems that appeared during the last extreme event and identify improvements to be added to the risk controls.  In addition, expect to get better at each step of the emerging risk process with time and experience.

But emerging risk management costs money.  And the costs that are most difficult to defend are the emerging risks that never emerge.  A good emerging risk process will have many more misses than hits.  Real emerged risks are rare.  A company that is really taking emerging risks seriously will be taking actions on occasion that cost money to perform and possibly include a reduction in the risks accepted and the attendant profits.  Management needs to have a tolerance for these costs.  But not too much tolerance.

 

This is one of the seven ERM Principles for Insurers

Watch Your Back! The Machines are Coming!!!

November 26, 2012

Did you see the 2004 movie I Robot?  Do you remember the scene where the hoards of silver robots came down the streets and started to take over?

Where is Robot Take Over on your risk list?

In Artificial intelligence – can we keep it in the box? two writers from Cambridge argue that the threat from AI is not an “if?” question, but a “when?” question.

The authors are part of a group at Cambridge (actually, there are three members of the group) who are interested in studying threats from technology.  “Many scientists are concerned that developments in human technology may soon pose new, extinction-level risks to our species as a whole.” says their website, The Cambridge Project for Existential Risk.

Go back and watch I Robot again.  The only reason that the robot rebellion was foiled was because there was one robot who was designed to be independent enough to disagree.

If the “group” from Cambridge is correct, we need to get working on designing that robot that will save the day.

But first, we should ask them what they mean by “many scientists”?


%d bloggers like this: