Determining Risk Capital

Knowing the amount of surplus an insurer needs to support risk is fundamental to enterprise risk management (ERM) and to the own risk and solvency assessment (ORSA).

With the increasing focus on ERM, regulators, rating agencies, and insurance and reinsurance executives are more focused on risk capital modeling than ever before.

Risk – and the economic capital associated with it – cannot actually be measured as you can measure your height. Risk is about the future.

To measure risk, you must measure it against an idea of the future. A risk model is the most common tool for comparing one idea of the future against others.

Types of Risk Models

There are many ways to create a model of risk to provide quantitative metrics and derive a figure for the economic capital requirement.

Each approach has inherent strengths and weaknesses; the trade-offs are between factors such as implementation cost, complexity, run time, ability to represent reality, and ease of explaining the findings. Different types of models suit different purposes.

Each of the approaches described below can be used for purposes such as determining economic capital need, capital allocation, and making decisions about risk mitigation strategies.

Some methods may fit a particular situation, company, or philosophy of risk better than others.

Factor-Based Models

Here the concept is to define a relatively small number of risk categories; for each category, we require an exposure metric and a measure of riskiness.

The overall risk can then be calculated by multiplying “exposure × riskiness” for each category, and adding up the category scores.

Because factor-based models are transparent and straightforward to apply, they are commonly used by regulators and rating agencies.

The NAIC Risk-Based Capital and the Solvency II Standard Formula are calculated in this way, as is A.M. Best’s BCAR score and S&P’s Insurance Capital Model.

Stress Test Models

Stress tests can provide valuable information about how a company might hold up under adversity. As a stand-alone measure or as an adjunct to factor-based methods, stress tests can provide concrete indications that reflect company-specific features without the need for complex modeling. A robust stress testing regime might reflect, for example:

Worst company results experienced in last 20 years
Worst results observed across peer group in last 20 years
Worst results across peer group in last 50 years (or, 20% worse than stage 2) Magnitude of stress-to-failure

Stress test models focus on the severity of possible adverse scenarios. While the framework used to create the stress scenario may allow rough estimates of likelihood, this is not the primary goal.

High-Level Stochastic Models

Stochastic models enable us to analyze both the severity and likelihood of possible future scenarios. Such models need not be excessively complex. Indeed, a high-level model can provide useful guidance.

Categories of risk used in a high-level stochastic model might reflect the main categories from a factor-based model already in use; for example, the model might reflect risk sources such as underwriting risk, reserve risk, asset risk, and credit risk.

A stochastic model requires a probability distribution for each of these risk sources. This might be constructed in a somewhat ad-hoc way by building on the results of a stress test model, or it might be developed using more complex actuarial analysis.

Ideally, the stochastic model should also reflect any interdependencies among the various sources of risk. Timing of cash flows and present value calculations may also be included.

Detailed Stochastic Models

Some companies prefer to construct a more detailed stochastic model. The level of detail may vary; in order to keep the model practical and facilitate quality control, it may be best to avoid making the model excessively complicated, but rather develop only the level of granularity required to answer key business questions.

Such a model may, for example, sub-divide underwriting risk into several lines of business and/or profit centers, and associate to each of these units a probability distribution for both the frequency and the severity of claims. Naturally, including more granular sources of risk makes the question of interdependency more complicated.

Multi-Year Strategic Models with Active Management

In the real world, business decisions are rarely made in a single-year context. It is possible to create models that simulate multiple, detailed risk distributions over a multi-year time frame.

And it is also possible to build in “management logic,” so that the model responds to evolving circumstances in a way that approximates what management might actually do.

For example, if a company sustained a major catastrophic loss, in the ensuing year management might buy more reinsurance to maintain an adequate A.M. Best rating, rebalance the investment mix, and reassess growth strategy.

Simulation models can approximate this type of decision making, though of course the complexity of the model increases rapidly.

Key Questions and Decisions

Once a type of risk model has been chosen, there are many different ways to use this model to quantify risk capital. To decide how best to proceed, insurer management should consider questions such as:

• What are the issues to be aware of when creating or refining our model?
• What software offers the most appropriate platform?
• What data will we need to collect?
• What design choices must we make, and which selections are most appropriate for us?
• How best can we aggregate risk from different sources and deal with interdependency?
• There are so many risk metrics that can be used to determine risk capital – Value at Risk, Tail Value at Risk, Probability of Ruin, etc. – what are their implications, and how can we choose among them?
• How should this coordinate with catastrophe modeling?
• Will our model actually help us to answer the questions most important to our firm?
• What are best practices for validating our model?
• How should we allocate risk capital to business units, lines of business, and/or insurance policies?
• How should we think about the results produced by our model in the context of rating agency capital benchmarks?
• Introducing a risk capital model may create management issues – how can we anticipate and deal with these?

In answering these questions, it is important to consider the intended applications. Will the model be used to establish or refine risk appetite and risk tolerance?

Will modeled results drive reinsurance decisions, or affect choices about growth and merger opportunities? Does the company intend to use risk capital for performance management, or ratemaking?

Will the model be used to complete the NAIC ORSA, or inform rating agency capital adequacy discussions?

The intended applications, along with the strengths and weaknesses of the various modeling approaches and range of risk metrics, should guide decisions throughout the economic capital model design process.

Advertisement

Top 10 RISKVIEWS Posts of 2014 – ORSA Heavily Featured

RISKVIEWS believes that this may be the best top 10 list of posts in the history of this blog.  Thanks to our readers whose clicks resulted in their selection.

• Instructions for a 17 Step ORSA Process – Own Risk and Solvency Assessment is here for Canadian insurers, coming in 2015 for US and required in Europe for 2016. At least 10 other countries have also adopted ORSA and are moving towards full implementation. This post leads you to 17 other posts that give a detailed view of the various parts to a full ORSA process and report.
• Full Limits Stress Test – Where Solvency and ERM Meet – This post suggests a link between your ERM program and your stress tests for ORSA that is highly logical, but not generally practiced.
• What kind of Stress Test? – Risk managers need to do a better job communicating what they are doing. Much communications about risk models and stress tests is fairly mechanical and technical. This post suggests some plain English terminology to describe the stress tests to non-technical audiences such as boards and top management.
• How to Build and Use a Risk Register – A first RISKVIEWS post from a new regular contributor, Harry Hall. Watch for more posts along these lines from Harry in the coming months. And catch Harry on his blog, http://www.pmsouth.com
• ORSA ==> AC – ST > RCS – You will notice a recurring theme in 2014 – ORSA. That topic has taken up much of RISKVIEWS time in 2014 and will likely take up even more in 2015 and after as more and more companies undertake their first ORSA process and report. This post is a simple explanation of the question that ORSA is trying to answer that RISKVIEWS has used when explaining ORSA to a board of directors.
• The History of Risk Management – Someone asked RISKVIEWS to do a speech on the history of ERM. This post and the associated new permanent page are the notes from writing that speech. Much more here than could fit into a 15 minute talk.
• Hierarchy Principle of Risk Management – There are thousands of risks faced by an insurer that do not belong in their ERM program. That is because of the Hierarchy Principle. Many insurers who have followed someone’s urging that ALL risk need to be included in ERM belatedly find out that no one in top management wants to hear from them or to let them talk to the board. A good dose of the Hierarchy Principle will fix that, though it will take time. Bad first impressions are difficult to fix.
• Risk Culture, Neoclassical Economics, and Enterprise Risk Management – A discussion of the different beliefs about how business and risk work. A difference in the beliefs that are taught in MBA and Finance programs from the beliefs about risk that underpin ERM make it difficult to reconcile spending time and money on risk management.
• What CEO’s Think about Risk – A discussion of three different aspects of decision-making as practiced by top management of companies and the decision making processes that are taught to quants can make quants less effective when trying to explain their work and conclusions.
• Decision Making Under Deep Uncertainty – Explores the concepts of Deep Uncertainty and Wicked Problems. Of interest if you have any risks that you find yourself unable to clearly understand or if you have any problems where all of the apparent solutions are strongly opposed by one group of stakeholders or another.

ORSA ==> AC – ST > RCS

The Own Risk and Solvency Assessment (or Forward Looking Assessment of Own Risks based on ORSA principles) initially seems daunting.  But the simple formula in the title of this post provides a guide to what is really going on.

1. To preform an ORSA, an insurer must first decide upon its own Risk Capital Standard.
2. The insurer needs to develop the capacity to project the financial and risk exposure statistics forward for several years under a range of specified conditions.
3. Included in the projection capacity is the ability to determine (a) the amount of capital required under their own risk capital standard and (b) the projected amount of capital available.
4. The insurer needs to select a range of Stress Tests that will be used for the projections.
5. If, under a projection based upon a Stress Test, the available capital exceeds the Risk Capital Standard, then that Stress Test is a pass.                   AC – ST >RCS
6. If, under a projection based upon a Stress Test, the available capital is less than the Risk Capital Standard, then that Stress Test is a fail and requires an explanation of intended management actions.                            AC – ST < RCS  ==> MA

RISKVIEWS suggests that Stress Tests should be chosen so that the company can demonstrate that they can pass (AC – ST >RCS) the tests under a wide range of scenarios AND in addition, that one or several of the Stress Tests are severe enough to produce a fail (AC – ST < RCS  ==> MA) condition so that they can demonstrate that management has conceptualized the actions that would be needed in extreme loss situations.

RISKVIEWS also guesses that an insurer that picks a low Risk Capital Standard and Normal Volatility Stress Tests will get push back from the regulators reviewing the ORSA.

RISKVIEWS also guesses that an insurer that picks a high Risk Capital Standard will fail some or all of the more severe Stress Tests.

Furthermore, RISKVIEWS predicts that many insurers will fail the real Future Worst Case Stress Tests.  Only firms that hold themselves to a Robust Risk Capital Standard are likely to have sufficient capital to potentially maintain solvency.  In RISKVIEWS opinion, these Future Worst Case Stress Tests are useful mainly as the starting point for a Reverse Stress Test process.  In financial markets, we have experienced a real life worst case stress with the 2008 Financial Crisis and the following events.  Imaging insurance worst case scenarios that are as adverse as those events seems useful to promoting insurer survival.  Imagining events that are much worse than those – which is what is meant by the Future Worst Case Scenario idea – seems to be overkill.  But, in fact,  the history of adverse events in the recent past seems to indicate that each new major loss is at least twice the previous record.

A Reverse Stress Test is a process under which an insurer would determine the adverse scenario that drives the insurer to insolvency.  Under the NAIC ORSA, Reverse Stress Tests are required, but it is not specified whether those tests should be based upon a condition of failing to meet the insurer’s own Risk Capital Standard or the regulators solvency standard.  RISKVIEWS would recommend both types of tests be performed.

This discussion is the heart of the ORSA.  The full ORSA requires many other elements.  See the recent post INSTRUCTIONS FOR A 17 STEP ORSA PROCESS for the full discussion.

Instructions for a 17 Step ORSA Process

There are 17 steps to completing your ORSA.  And here are 17 essays that describe all of those steps.

1. Prepare for the ORSA

Five Intro to ERM Risk Control Cycle Topics

2.  Risk Identification

3. Risk Measurement

4. Risk Limits and Controlling

5. Risk Organization

6. Risk Management Policies and Standards

Advanced ERM Topics
7. Stress Testing

8. Risk Capital 

9. Risk Appetite and Tolerance

10. Emerging Risks

11. Interdependence of Risks

12. Risk Management Governance

13. Risk Management Culture

14. Change Risk

15. Risk Disclosure

16. Model Validation
Bringing it All Together
17. Writing the ORSA Report