Risk Capital Standard

Insurers in the US and Canada are required to state their own internal Risk Capital Standard in their ORSA Summary Report. From RISKVIEWS observations over the years of actual insurer actions, insurers have actually operated  with four levels of Risk Capital Standards:

• Solvency – enough capital to avoid take-over by regulators
• Viable – enough capital to avoid reaching Solvency level with “normal” volatility
• Secure – enough capital to satisfy sophisticated commercial buyers that you will pay claims in most situations
• Robust – enough capital to maintain a Secure level of capital after a major loss

In many cases, this is not necessarily a clear conscious decision, but insurers do seem to pick one of those four levels and stick with it.

Insurers operating at the Solvency levels are usually in constant contact with their regulator.  They are almost always very small insurers who are operating on the verge of regulatory takeover.  They operate in markets where there is no concern on the part of their customers for the security of their insurer.  Sometimes these insurers are government sponsored and are permitted to operate at this level for as long as they are able because the government is unwilling to provide enough capital and the company is not able to charge enough premiums to build up additional capital, possibly because of government restrictions to rates.  This group of insurers is very small in most times.  Any adverse experience will mean the end of the line for these companies.

Many insurers operate at the Viable level.  These insurers are usually operating in one or several personal/individual insurance lines where their customers are not aware of or are not sensitive to security concerns.  Most often these insurers write short term coverages such as health insurance, auto insurance or term insurance.  These insurers can operate in this manner for decades or until they experience a major loss event.  They do not have capital for such an event so their are three possible outcomes:  insolvency and breakup of the company, continued operation at the Solvency level of capital with or without gradual recovery of capital to the Viable level.

The vast bulk of the insurance industry operates at the Secure level of capital.  Companies with a Secure capital level are able to operate in commercial/group lines of business, reinsurance or the large amount individual products where there is a somewhat knowledgeable assessment of security as a part of the due diligence process of the insurance buyer.   With capital generally at the level of a major loss plus the Viable capital level, these companies can usually withstand a major loss event on paper, but if their business model is dependent upon those products and niches where high security is required, a major loss will likely put them out of business because of a loss of confidence of their customer base.  After a large loss, some insurers have been able to shift to operating with a Viable capital level and gradually rebuild their capital to regain the Secure position and re-engage with their original markets.  But most commonly, a major loss causes these insurers to allow themselves to be acquired so that they can get value for the infrastructure that supports their high end business model.

A few insurers and reinsurers have the goal of retaining their ability to operate in their high end markets in the event of a major loss by targeting a Robust capital level.  These insurers are holding capital that is at least as much as a major loss plus the Secure capital level.  In some cases, these groups are the reinsurers who provide risk relief to other Robust insurers and to the more cautious insurers at the Secure level.  Other firms in this groups include larger old mutual insurers who are under no market pressure to shed excess capital to improve Return on Capital.  These firms are easily able to absorb moderate losses without significant damage to their level of security and can usually retain at least the Secure level of capital after a major loss event.  If that major loss event is a systematic loss, they are able to retain their market leading position.  However, if they sustain a major loss that is less broadly shared, they might end up losing their most security conscious customers.  Risk management strategy for these firms should focus on avoiding such an idiosyncratic loss.  However, higher profits are often hoped for from concentrated, unique (re)insurance deals which is usually the temptation that leads to these firms falling from grace.

One of the goals of Solvency II in Europe has been to outlaw operating an insurer at the Solvency or Viable levels of capital.  This choice presents two problems:

• It has led to the problem regarding the standard capital formula.  As noted above, the Solvency level is where most insurers would choose to operate.  Making this the regulatory minimum capital means that the standard formula must be near perfectly correct, a daunting task even without the political pressures on the project.  Regulators tendency would be to make all approximations rounding up.  That is likely to raise the cost of the lines of insurance that are most effected by the rounding.
• It is likely to send many insurers into the arms of the regulators for resolution in the event of a significant systematic loss event.  Since there is not ever going to be regulatory capacity to deal with resolution of a large fraction of the industry, nor is resolution likely to be needed (since many insurers have been operating in Europe just fine with a Viable level of capital for many years).  It is therefore likely that the response to such an event will be to adjust the minimum capital requirement in one way or another, perhaps allowing several years for insurers to regain the “minimum” capital requirement.  Such actions will undermine the degree to which insurers who operate in markets that have traditionally accepted a Viable capital level will take the capital requirement completely seriously.

It is RISKVIEWS impression that the Canadian regulatory minimum capital is closer to the Viable level. While the US RBC action level is at the Solvency level.

It is yet to be seen whether the US eventually raises the RBC requirement to the Viable level or if Canada raises its MCCSR to the Secure level because of pressure to comply with the European experiment.

If asked, RISKVIEWS would suggest that the US and Canada waits until (a) the Europeans actually implement Solvency II (which is not expected to be fully inforce for many years after initial implementation due to phase in rules) and (b) the European industry experiences a systematic loss event.  RISKVIEWS is not likely to be asked, however.

It is RISKVIEWS prediction that the highly theoretical ideas that drive Solvency II will need major adjustment and that those adjustments will need to be made at that time when there is a major systematic loss event.  So the ultimate nature of Solvency II will remain a complete mystery until then.

Advertisement

Full Limits Stress Test – Where Solvency and ERM Meet

We can know, looking back at last year, how much risk that an insurer was exposed to. And we can simply look at the balance sheet to see how much capital that they held. So that is the way we have tended to look at solvency. Backwards. Was the insurer solvent last year end? Not really useful information. Unless…

That is, unless you make some potentially heroic assumptions about the future.  Not an unusual assumption.  Just that common assumption that the future will be just like the past.

That assumption is usually ok.  Let’s see.  In the past 15 years, it has been correct four or five times.  But is that good enough for solvency work – a system that might give the right answer a third of the time?!?

But there is a solution.  Regulators have led us right up to that solution but they haven’t yet dared to say what it is. Perhaps they do not know, or even that they are not thinking that the backward looking problem has two aspects.  We are making two of the heroic assumptions:

1. We are assuming that the environment will be the same in the near future as the recent past.
2. We are assuming that the company activity will be the same in the near future as the recent past.

The regulatory response to these two shaky assumptions is:

1. Stress Scenarios
2. Look forward using company plans

Solution 1 can help, but solution 2 can be significantly improved by using the ERM program and risk appetite.  You may have noticed that regulators have all said that ERM is very important.  And that Risk Appetite is a very, very important part of ERM.  But they have never, ever, explained why it is important.

Well, the true answer is that it can be important.  It can be the solution to one part of the backward looking problem.  The idea of looking forward with company plans is a step in the right direction.  But only a half step. The full step solution is the FULL LIMIT STRESS TEST.

That test looks forward to see how the company will operate based upon the risk appetite and limits that management has set.  ERM and risk appetite provide provide a specific vision of how much risk is allowed by management and the board.  The plan represents a target, but the risk appetite represents the most risk that the company is willing to take.

So the FULL LIMIT STRESS TEST would involve looking at the company with the assumption that it chooses to take the full amount of risk that the ERM program allows.  That can then be combined with the stress scenarios regarding the external environment.

Now the FULL LIMIT STRESS TEST will only actually use the risk appetite for firms that have a risk appetite and an ERM program that clearly functions to maintain the risk of he firm within the risk appetite.  For firms that do not have such a system in place, the FULL LIMIT STRESS TEST needs to substitute some large amount of growth of risk that is what industry experience tells us that can happen to a firm that has gone partially or fully out of control with regard to its risk taking.

That makes the connection between ERM and Solvency very substantial and realistic.

• A firm with a good risk management program and tight limits and overall risk appetite will need the amount of capital that would support the planned functioning of the ERM program.  The overall risk appetite will place a limit on the degree to which ALL individual risk limits can be reached at the same time.
• An otherwise similar firm with a risk management program and loose risk appetite will need to hold higher capital.
• A similar firm with individual risk limits but no overall risk appetite will need to hold capital to support activity at the limit for every single risk.
• A firm without a risk management program will need to hold capital to support the risks that history tells us that a firm with uncontrolled growth of risk might take on in a year.  A track record of informal control of risk growth cannot be used as a predictor of the range of future performance.  (It may be valuable to ask all firms to look at an uncontrolled growth scenario as well, but for firms with a good risk control process will be considered to prepare for that scenario with their ERM program.)
• A firm without any real discipline of its risk management system will be treated similarly to a firm without an ERM program.

With this FULL LIMIT STRESS TEST, ERM programs will then be fully and directly connected to Solvency in an appropriate manner.

 

Two Fundamental Flaws of Solvency II

Many people in Europe have worked very hard for many years, attempting to perfect solvency oversight for insurers. The concepts underlying Solvency II are the best thinking about risk regulation that the world has ever seen.

However, there are two fundamental flaws that are drivers of the problems that Solvency II is having in getting to the point of actual implementation.

The first flaw is the targeted level of required capital.  When Solvency II was first imagined, banks seemed to be well run and well regulated.  And under that system banks were reporting returns in the high 20’s.  Insurer returns rarely hit the perennial 15% target.  Banks tended to operate right at their level of regulatory required capital.  Insurers looked at that and suggested that the capital requirement for Solvency II should be at a level that the largest insurers would be comfortable operating at.  There was also a big push for a single set of books.  So with a solvency requirement at the level where a rational insurer would want to operate that would mean that in addition to having only one set of books, there would only be one important capital target.  (for discussion of the flaw in the idea of “one number” management, see Risk and Light.)   But the reason why setting the required capital at that high of a level is that it then leaves no room for error or for disagreement.  (Disagreement is absolutely inevitable.  See Plural Rationalities.) The capital calculation needed to be just right.  A capital requirement that was at say 2/3 of the level a prudent company would want to operate at would leave room for errors and disagreements.  If for some risks the requirements were even 50% higher than what some would feel is the correct number, then companies could in fact live with that.  It would become known in the marketplace that companies that write that risk are likely to have tighter solvency margins, and everyone would be able to go about their business.  But with a target that is so very high, if some risk is set too high, then there would be firms who are forced to hold higher capital than makes sense in their minds for their risks.  That completely destroys the idea of management relying upon a model that is calibrated to what they believe is the wrong result.  It also encourages firms to find ways to get around the rules to only hold what they believe is the right level of capital.  What we are seeing now is the inevitable differences in opinions about riskiness of some activities.  The differences of opinion mean the difference between being in business and not for companies concentrated in those activities.  Or for being in those businesses or not for more diversified groups.  If the Solvency II target was set at, for instance, a 1 in 100 loss level, then there might be room for compromise that would allow that activity to continue for firms willing to run a little tight on solvency margin.

==========================================

The second flaw, that surprisingly has only been raised very recently is to total lack of any cost benefit criteria for the process.  If further refinement of Solvency II could prevent one insolvency over a 10 year period, yet would cost other insurers $100 million in expenses and $1 billion in additional capital, is that a good trade-off?  This is the exact sort of thinking that Solvency II REQUIRES of insurers.  EIOPA ought to have a complex model of the insurance industry in Europe so that they can show the risk reward relationship of all of their rules.  What?  You say that is terribly difficult and complicated and would not provide reliable guidance?  EIOPA should  live in the same world that they are requiring of insurers.  Without even a simple minded cost benefit requirement, anything can make it into Solvency II.  The exposure process allows questions to be raised about cost/benefit, but in many cases, that has not happened.  Besides, with no stated criteria for cost benefit, the question is ultimately solved by judgment.  So now we have insurers saying that they will withdraw from parts of the Solvency II process because they are too expensive.  Those insurers have not put forward an objective criteria under which they reached that conclusion either.

It seems unlikely at this point that either of these flaws of Solvency II will be fixed.  A lower standard would seem to too many to be a retreat, a dilution of the power of Solvency II.  Imposing a risk reward or cost benefit rule would result in crazy inconsistencies between decisions made after the rule with those made before or else a very long wait as all of the parts of Solvency II are examined under such a rule.

So it is yet to be seen whether those faults will in the end be fatal.  Solvency II could be tied up in arguments until it is abandoned, it could limp into practice with very mixed support and then be pulled after a few years and enough unanticipated implementation issues, or it could soar for a long run of effective prudential oversight as its designers originally hoped.

I am sure that someone in London can quote you odds.

How Much Strategic ERM is Enough?

Strategic Risk Management is the name given by S&P to the enterprise level activities that seek to improve risk adjusted returns by a strategic capital allocation process.  It is also considered by S&P to the the “Use Test” for economic Capital models.  Strategic Risk Management includes

• Capital Budgeting and Allocation
• Strategic Trade-offs among insurance coverages AND investments
• based on long term view of risk adjusted return
• Recognizing significance of investment risk to total risk profile
• Recognizing ceded reinsurance credit risk
• Selecting which risks to write and which to retain over the long term
• Strategic Asset Allocation
• Risk Reward Optimization

Meanwhile Solvency II had created standards for its internal model Use Test.

The foundation principle of the Solvency II Use Test states that

internal model use should be sufficiently material to result in pressure to increase the quality of the model 

This strongly self referential idea is then supported by 9 Basic Principles.

Principle 1. Senior management and the administrative, management or supervisory body, shall be able to demonstrate understanding of the internal model

Principle 2. The internal model shall fit the business model

Principle 3. The internal model shall be used to support and verify decision-making in the undertaking

Principle 4. The internal model shall cover sufficient risks to make it useful for risk management and decision-making

Principle 5. Undertakings shall design the internal model in such a way that it facilitates analysis of business decisions.

Principle 6. The internal model shall be widely integrated with the risk-management system

Principle 7. The internal model shall be used to improve the undertaking’s risk-management system.

Principle 8. The integration into the risk-management system shall be on a consistent basis for all uses

Principle 9. The Solvency Capital Requirement shall be calculated at least annually from a full run of the internal model

 

From these two descriptions of a Use Test, one should be forgiven for picturing a group of priests in long robes prowling the halls of an insurer in procession carrying a two foot thick book of the internal model.  Their primary religious duty is to make sure that no one at the insurer ever have an independent thought without first thinking about the great internal model.  Every year, the internal model book is reprinted and the priests restart their procession.  

 

But take heart.  A quick look at the website of the European CRO Forum reveals that those firms do not revere their internal models quite so highly.  

 

The above chart suggests that in most groups the internal model is just one consideration for making most strategic decisions of the insurer.  

 

The excerpt below from the Tokio Marine Holdings puts these things into perspective.  

The Group carries out a relative evaluation of each business and prioritizes the allocation of management resources (business portfolio management).  It is achieved by using risk/return indicators for each business and applying a scoring indicator covering market growth potential and profitability, competitive advantages and expected effects of strategies.  Allocated management resources include funds, human resources and risk capital. By allocating these resources to business units and new businesses with even higher profitability and growth potential, we aim to improve the profitability and growth potential of our business portfolio.

You see from that statement that risk return is not the only input nor is capital the only factor under consideration.  Describing Strategic Risk Management as its own separate management process is incorrect.  

 

Strategic Risk Management is one set of inputs and outputs to/from the Strategic Decision Making Process.  

 

And if read carefully, that will satisfy both S&P as well as Solvency II Use Tests.

 

Not About Capital

The reality is that regulatory capital requirements, no matter how much we try to refine them, will always be a blunt tool.  Certainly they should not create the wrong incentives, but we cannot micromanage firm behavior through regulatory capital requirements.  There are diminishing returns to pursuing precision in regulatory capital requirements.

Terri Vaughan, NAIC

These remarks were made in Europe recently by the lead US regulator of the insurance industry.  In Europe, there has never been a regulatory capital requirement that was risk related.  But the Europeans have been making the discussion all about capital for about 10 years now in anticipation of their first risk based capital regime, Solvency II.

The European assumption is that if they follow as closely as possible the regulatory regime that has failed so spectacularly to control the banking system, Basel II, then everything will be under control.

The idea seems to be that if you concentrate, really concentrate, on measuring risk, then insurance company management will really take seriously the idea of managing risk.   Of course, that conclusion is also based upon the assumption that if you really, really concentrate on measuring risk that you will get it right.

But the Law of Risk and Light tells us that our risk taking systems will lead us to avoid the risk in the light and to load up on the risk in the dark.

That means the risks that are properly measured by the risk based capital regulatory system will be managed.

But whatever risks that are not properly measured will come to predominate the system.  The companies that take those risks will grow their business and their profits faster than the companies that do not take those poorly measured risks.

And if everyone is required to use the same expensive risk measurement system, very, very few will invest the additional money to create alternate measures that will see the flaws in the regulatory regime.

The banking system had a flaw.  And many banks concentrated on risks that looked good in the flawed system but that were actually rotten.

What is needed instead is a system that concentrates on risk controlling.  A firm first needs a risk appetite and second needs a system that makes sure that their risks stay within their appetite.

Under a regulatory risk capital system, the most common risk appetite is that a firm will maintain capital above the regulatory requirement.  This represents a transfer of the duty of management and the board onto the regulator.  They never need to say how much risk that they are willing to take.  They say instead that they are in business to satisfy the regulator with regard to their risk taking.

The capital held by the firm should depend upon the firm’s risk appetite.  The capital held should support the risk limits allowed by the board.

And the heart of the risk control system should be the processes that ensure that the risk stays within the limits.

And finally, the limits should not be a part of a game that managers try to beat.  The limits need to be an extremely clear expression of the fundamental way that the firm wants to conduct business.  So any manager that acts in a way that is contrary to the fundamental goals of the firm should not continue to have authority to direct the activities of the firm.

Why ORSA?

At first glance, the Own Risk and Solvency Assessment (ORSA) seems like an unnecessary redundancy.  For some firms, they will have looked at the Standard formula for capital adequacy and then looked again at the Internal Model and the Economic Capital.  And on all of those views, the firm has sufficient solvency margin.

But the problem that ORSA solves is a problem that is so very fundamental that we have almost completely forgotten that it exists.  That problem is that all of the traditional ways of looking at capital adequacy look at the wrong thing.  Yes, you heard that right, we have always and will continue to focus on the wrong thing when we assess capital adequacy.

The basis for capital assessment is the wrong view because it looks backwards.  We already know that the firm survived the past year.  What we really need to know is whether the firm can survive the next year and probably the one after that.

The traditional backwards looking solvency assessment tradition started when there was no viable alternative.  It is a good basis for looking at solvency under only a few possible futures.  Fortunately, many firms broadly operate within the range of futures.

For the backwards looking approach to solvency to have any validity, the future of the firm needs to be very much like the past of the firm.  Firms need capital more for the future than for the past and the balance sheet is more about the past of the firm than the future.  So a capital regime that is tied to the balance sheet is useful only to the firms whose future does not materially change their balance sheet.

But wait, the only time when that capital is needed is when the balance sheet DOES change materially.

So ORSA shifts the question of solvency from the past to the future.

The second thing that ORSA does is to shift the burden of determining adequacy of capital from the regulator to the board and management.  With the ORSA, the board and management will never again have the excuse that they thought everything was fine because they met the standards of the regulators.  The ORSA requires the board and management to assert, IN THEIR OWN OPINION, that the firm has sufficient capital for its own risks AND its own risk management systems.  Prior regimes allowed management to pass a test set by the regulator and thereby show adequacy of capital.  Even if the test did not pick up on some new risk that management was totally aware of but which was not at all recognized by the regulatory formula.

Now that is a game changer.

A Wealth of Risk Management Research

The US actuarial profession has produced and/or sponsored quite a number of risk management research projects.  Here are links to the reports:  A Study of International Solvency Regimes

Determinants of Insurers’ Reputational Risk

2010 Emerging Risks Survey

Reflecting Risk in Pricing Survey Report

Potential Impact of Pandemic Influenza on the U.S. Health Insurance Industry

2009 Emerging Risks Survey

Exploration of Reputational Risk from the Perspective of a Variety of Stakeholders

Policyholder Behavior in the Tail Risk Management Section Working Group UL with Secondary Guarantee 2009 Survey Results

Enterprise Risk Management (ERM) Practice as Applied to Health Insurers, Self-Insured Plans, and Health Finance Professionals

A New Approach for Managing Operational Risk: Addressing the Issues Underlying the 2008 Global Financial Crisis

Policyholder Behavior in the Tail Joint Risk Management Section Working Group Variable Annuity Guaranteed Benefits 2009 Survey Results

The Financial Crisis and Lessons for Insurers

Corporate Reputational Risk and ERM: An Analysis from the Perspective of Various Stakeholders

Emerging Risks Survey

Policyholder Behavior in the Tail Risk Management Section Working Group UL with Secondary Guarantee 2008 Survey Results

Copula Phase Transitions Report

Economic Capital: Correlation Matrices and Other Techniques–A Survey and Discussion

Policyholder Behavior in the Tail Risk Management Section Working Group Variable Annuity Guaranteed Benefits 2007 & 2008 Survey Results

Risk Based Capital Covariance Project

Application of Structural Equation Modeling to the Linkage of Risk Management, Capital Management and Financial Management for the Insurance Industry

Risk Management Terminology

Linkage of Risk Management, Capital Management and Financial Management

Policyholder Behavior in the Tail Project–Annuity Lapse Modeling

Enterprise Risk Management for Property–Casualty Insurance Companies

Policyholder Behavior in the Tail Risk Management Section Working Group Variable Annuity Guaranteed Benefits Survey Results

ERM, not just a good idea, Its the Law

IAIS Adopts ICP 16 on ERM

The International Association of Insurance Supervisors (IAIS) has adopted ERM as an Insurance Core Principle (ICP).

ERM is an acknowledged practice and has become an established discipline and separately identified function assuming a much greater role in many insurers’ everyday business practices. Originally, risk management only facilitated the identification of risks, and was not fully developed to provide satisfactory methods for measuring and managing risks, or for determining related capital requirements to cover those risks.
ERM processes being developed today by insurers increasingly use internal models and sophisticated risk metrics to translate risk identification into management actions and capital needs. Internal models are recognised as powerful tools that may be used, where it is proportionate to do so, to enhance company risk management and to better embed risk culture in the company. They can be used to provide a common measurement basis across all risks (e.g. same methodology, time horizon,  risk measure, level of confidence, etc.) and enhance strategic decision-making, for example capital allocation and pricing.

By this time next year, they expect to have revised the full set of ICPs.  All insurance supervisors are expected to reflect the revised ICPs in their legal frameworks and supervisory practices.  All G20 insurance supervisors will be expected to undertake a self-assessment against the new ICPs by early 2012.

Link to ICP 16

Europeans will notice that ICP 16 is very similar to Pillar 2 of Solvency 2.  Folks in the US will notice that this is very similar to documents that the NAIC has exposed for comment in the last year.

Riskviews has visited a number of non-G20 countries in the past six months and insurers there have all said that their regulators are starting to talk about ERM requirements or have already put them in place.

Death by Solvency

Another great post by  Maggid.

It seems that Solvency II is perfectly designed to reproduce the conditions that led US banks to believe that they were impervious to risks.  They and the regulators believed that they knew what they were doing with regard to Risks and Risk Management.

In 2004, the US Federal Reserve allowed investment banks to cut their capital levels by 2/3, tripling their potential leverage!  Not to worry, they knew how to manage risk.

European insurers are all being told that they need to have economic capital models to manage risks.  A few firms have had these models for more than five years now.  Those models tell us that those firms can reduce their capital by a third or more.

But everyone leaves out of their thinking two important things that will always happen.

The first is called the Peltzman effect by economists.  John Adams calls it the Risk Thermostat effect.  In both cases, it means that when people feel risk decreasing due to safety measures, they often respond by increasing the riskiness of their behaviors.  So the success of Solvency II will make some firms feel safer and some of them will take additional risks because of that.

The second effect is what I call the Law of Risk and Light.  That says that you will accumulate risks wherever you are not looking out for them.  So anywhere that there is a flaw in the Economic Capital model, the activity that accentuates that flaw will look like the best, most desirable business to be in.

But read Maggid’s post.  He provides some actual analysis to support his argument.

Window Dressing

The Wall Street Journal reported today that banks are again very actively doing significant amounts of end out the quarter clean-up that is otherwise known as “window dressing“.

This is a practice that works well, allowing banks to hold capital (figured on their quarter end balance sheets) that is much lower than the risk levels that they are using to create their profits.  This makes them look safer to investors in addition to boosting their ROE.

And while it probably is within the rules of Basel II, it violates the underlying idea behind Pillar 1 and Pillar 3.

The idea behind Pillar 1 is that the banks should hold capital for their risks.  This window dressing practice clearly illustrates one of the major logical flaws in the application of Pillar 1.

To understand the flaw, you need to think for a minute about what the capital is for.  It is not actually for the risks that the bank held during the quarter, nor is it mostly for the risks that happen to be on the balance sheet as of the end of the quarter.  It is primarily to protect the bank in the event of losses form the risks that the banks will be exposed to during the next quarter.  The beginning of quarter balance sheet is being used as a proxy for the risks over the coming quarter.

For a firm that has a highly disciplined risk management process, it would actually make more sense for the firm to hold capital for the RISK LIMITS that it has extended for the coming quarter.  That would be a firm where you could rely upon them to keep their risks within their risk limits for the most part. This makes more sense than holding capital for some arbitrary point in time.  The window dressing proves that point better than any possible theoretical argument.  Besides being the wrong idea, it is subject to easy manipulation.

For firms that are not disciplined in keeping their risks within their risk limits, something higher than the level of capital on their risk limits would be the logical level.  For these firms it would make sense to keep track of the degree to which they exceed their limits (at maximum) and charge them for capital at a level above that.  Say for example 200%.  So if a firm exceeds its risk limits by 10% at maximum in a quarter, their capital for the next quarter would be 120% of the capital needed to support their risk limits for the following quarter.

This check on risk discipline would have several benefits.  It moves the easy possibility of manipulation away from the capital level.  The “legal” window dressing would have to be replaced by fraudulent manipulation of risk reports to fix the capital level.  In addition, disclosure of the degree to which a bank exceeds its risk limit could be disclosed under Pillar 3 and then investors and counterpraties could give their reaction to a bank that cannot control its risks exposures.

In addition, this same logic could be applied to insurers under Solvency II.  There is no reason why insurance regulators need to follow the flawed logic of the banking regulators.

Addendum:  Above I say that the window dressing works well.  That is only partly true.  Sometimes, it does not work at all.  And banks can become stuck with risks and losses from those risks that are far larger than what they had been disclosing.  That happens when markets freeze up.

You see, if many banks are doing the same sorts of window dressing, they all run the risk that there will be too many sellers and not enough buyers for those couple of days at the end of the quarter.  Or maybe just for that one night.  And the freeze is likeliest when the losses are about tho strike.

So in reality, window dressing is not a good plan if you believe that things can ever go poorly.

Will History Repeat?

In the 1980’s a dozen or more firms in the US and Canadian Life Insurance sector created and used what were commonly called required surplus systems.  Dale Hagstrom wrote a paper that was published in 1981, titled Insurance Company Growth .  That paper described the process that many firms used of calculating what Dale called Augmented Book Profits.  An Augmented Book Profit later came to be called Distributable Earnings in insurance company valuations.  If you download that paper, you will see on page 40, my comments on Dale’s work where I state that my employer was using the method described by Dale.

In 1980, in the first work that I was able to affix my newly minted MAAA, I documented the research into the risks of Penn Mutual Life Insurance Company that resulted in the recommendation of the Required Surplus, what we would now call the economic capital of the firm.  By the time that Dale’s paper was published in 1981, I had documented a small book of memos that described how the company would use a capital budgeting process to look at the capital utilized by each line of business and each product.  I was the scribe, the ideas come mostly from the Corporate Actuary, Henry B. Ramsey. We created a risk and profit adjusted new business report that allowed us to show that with each new product innovation, our agents immediately shifted sales into the most capital intensive or least profitable product.  It also showed that more and more capital was being used by the line with the most volatile short term profitability.  Eventually, the insights about risk and return caused a shift in product design and pricing that resulted in a much more efficient use of capital.

Each year, throughout the 1980’s, we improved upon the risk model each year, refining the methods of calculating each risk.  Whenever the company took on a new risk a committee was formed to develop the new required surplus calculation for that risk.

In the middle of the decade, one firm, Lincoln National, published the exact required surplus calculation process used by their firm in the actuarial literature.

By the early 1990’s, the rating agencies and regulators all had their own capital requirements built along the same lines.

AND THEN IT HAPPENED.

Companies quickly stopped allocating resources to the development and enhancement of their own capital models.  By the mid-1990’s, most had fully adopted the rating agency or regulatory models in the place of their own internal models.

When a new risk came around, everyone looked into how the standard models would treat the new risk.  It was common to find that the leading writers of a new risk were taking the approach that if the rating agency and regulatory capital models did not assess any capital to the new risk, then there was NO RISK TO THE FIRM.

Companies wrote more and more of risks such as the guaranteed minimum benefits for variable annuities and did not assess any risk capital to those risks.  It took the losses of 2001/2002 for firms to recognize that there really was risk there.

Things are moving rapidly in the direction of a repeat of that same exact mistake.  With the regulators and rating agencies more and more dictating the calculations for internal capital models and proscribing the ERM programs that are needed, things are headed towards the creation of a risk management regime that focuses primarily on the management of regulatory and rating agency perception of risk management and away from the actual management of risks.

This is not what anyone in the risk management community wants.  But once the regulatory and rating agency visions of economic capital and ERM systems are fully defined, the push will start to limit activity in risk evaluation and risk management to just what is in those visions – away from the true evaluation of and management of the real risks of the firm.

It will be clear that it is more expensive to pursue the elusive and ever changing “true risk” than to satisfy the fixed and closed ended requirements that anyone can read.  Budgets will be slashed and people reassigned.

The Use Test – A Simple Suggestion

Many are concerned about what the “Use Test” will be. Will it be a pop quiz or will companies be allowed to study?

Well, I have a suggestion for a simple and, I believe, fairly foolproof test. That would be for top management (not risk management or modeling staff) to be able to hold a conversation about their risk profile each year.

Now the first time that they can demonstrate that would not be the “Use Test”. It would be the second or third time that would constitute the test.

The conversation would be simple. It would involve explaining the risk profile of the firm – why the insurer is taking each of the major risks, what do they expect to get out of that risk exposure and how are they making sure that the potential losses that they experience are not worse than represented by their risk model. This discussion should include recognition of gross risk before offsets as well as net retained risk.

After the first time, the discussion would include an explanation of the reasons for the changes in the risk profile – did the profile change because the world shifted or did it change due to a deliberate decision on the part of management to take more or less or to retain more or less of a risk.

Finally a third part of the discussion would be to identify the experience of the past year in terms of its likelihood as predicted by the model and the degree to which that experience caused the firm to recalibrate its view of each risk.

To pass the test, management would merely need to have a complete story that is largely consistent from year to year.

Those who fail the test would be making large changes to their model calibration and their story from year to year – stretching to make it look like the model information was a part of management decisions.

Some firms who might have passed before the crisis who should have failed were firms who in successive years told the same story of good intentions with no actions in reducing outsized risks.

For firms who are really using their models, there will be no preparation time needed for this test. Their story for this test will be the story of their firm’s financial management.

Ideally, I would suggest that the test be held publicly at an investor call.

Take CARE in evaluating your Risks

Risk management is sometimes summarized as a short set of simply stated steps:

1. Identify Risks
2. Evaluate Risks
3. Treat Risks

There are much more complicated expositions of risk management.  For example, the AS/NZ Risk Management Standard makes 8 steps out of that. 

But I would contend that those three steps are the really key steps. 

The middle step “Evaluate Risks” sounds easy.  However, there can be many pitfalls.  A new report [CARE] from a working party of the Enterprise and Financial Risks Committee of the International Actuarial Association gives an extensive discussion of the conceptual pitfalls that might arise from an overly narrow approach to Risk Evaluation.

The heart of that report is a discussion of eight different either or choices that are often made in evaluating risks:

1. MARKET CONSISTENT VALUE VS. FUNDAMENTAL VALUE 
2. ACCOUNTING BASIS VS. ECONOMIC BASIS         
3. REGULATORY MEASURE OF RISK    
4. SHORT TERM VS. LONG TERM RISKS          
5. KNOWN RISK AND EMERGING RISKS        
6. EARNINGS VOLATILITY VS. RUIN    
7. VIEWED STAND-ALONE VS. FULL RISK PORTFOLIO       
8. CASH VS. ACCRUAL 

The main point of the report is that for a comprehensive evaluation of risk, these are not choices.  Both paths must be explored.

ReCapitalization Fantasy

Guest Post from Larry Rubin

I question whether sufficient attention is being paid to the definition of risk in most risk measures and in solvency II. In this case the use of 1-year VAR. Insurance companies makes long term promises as compared to other financial institutions. Yet we have seen the inadequacies of this risk measure for these other institutions. 1-year VAR is based on the assumption that if a company can survive a year it can re-capitalize. The credit crisis has shown that in a period of economic distress when it is most likely that many companies will be “in the tail” the ability to re-capitalize is suspect if non-existent. Companies such as, Lehman Brothers, Northern Rock, AIG and INDYMac could not re-capitalize. Bear Stearns, Merrill Lynch and WaMU required government support to facilitate the sale of their liabilities.
I believe one of the lessons of the credit crisis is that is that either the 1-year VAR analysis needs to reflect the potential drying up of capital during a tail event or insurance companies need to re-think the 1-year VAR measure. US Risk Based Capital, while an imperfect measure, has had ruin theory as its fundamental premise. This measure has held up well as most US life insurance operating companies maintained sufficient capital to survive to the point where it was possible to re-capitalize

Larry H. Rubin

Adaptability is the Key Survival Trait

…different and potentially much more difficult issues arise in the identification and measurement of risks where past experience is an uncertain or potentially misleading guide. When risk materialises, it may do so as a risk previously thought to be understood and managed that turns out to be very different indeed, and may do so quickly, well within normal audit cycles. The valuation of an asset or liability in a stressed market environment and the identification of other potential risks that may not previously have been encountered pose major questions for real-time assessment that are unlikely to have been factored into construction of the pre-existing business model.

Excerpt from the Walker Review

To survive such situations, it seems that the ability to quickly assess new situations, especially ones that look like old tried and true but that are seriously more dangerous, and to change what the organization is doing in response to these risks is key.

But to do that, significant amounts of senior resources must be dedicated to determining whether such risks are NOW in the environment each and every day.  The findings of this review must be taken very seriously and the organization must consider the possibility of changing course – not just a minor correction – a major change of business activity.

In addition to the discernment to identify such situations, the organization must cultivate the capacity to make such changes quickly and effectively.

An organization that can do those things have true adaptability and have a much better chance of survival.

However, for a business to be very profitable, it needs to be very focused, very efficient.  Everyone in the organization needs to be pointed in the same direction.  Doubt will undermine.

Within capitalism, the conflict is resolved by allowing individual businesses to maximize profits and relying on an assumption that there will be enough diversity of businesses that enough businesses will have chosen the right business model for the new environment.  Some of the most successful businesses from the old environment will fail to adapt, but some of the laggards will now thrive.

And therefore, the system survives.

But, that is not always so.  In some circumstances, too many firms choose the exact same strategy.  If the environment stays unchanging for too long, individual firms lose any adaptability that they might have had, they all become specialists in that one “most profitable thing”.  A major change in the environment and too many businesses fail too fast.

How does that happen?

Regulators play a large role.  The central bankers work very hard to keep the environment on a steady course, moderating the bumps that encourage diversity.

Prudential and risk management regulation also play a large role, forcing everyone to pay attention to the exact same risks and encouraging similar risk treatments through capital regime incentives.

So for the system to remain healthy, it needs adaptability and adaptability comes from diversity.  And diversity will not exist unless the environment is more variable.  There needs to be diversity in terms of both business strategy and interms of risk management approaches.

So improving the prudential regulation will have the effect of driving everyone to have the same risk management – it will have the perverse effect of diminishing the likelihood of survival of the system.

Understanding and Balance

Everything needs to balance.  A requirement that management understand the model creates and equal and opposite obligation on the part of the modelers to really explain the assumptions that are embedded in the model and the characteristics that the model will exhibit over time.

This means that the modelers themselves have to actually understand the assumptions of the model – not just the mechanical assumptions that support the mechanical calculations of the model.  But the fundamental underlying assumptions about why the sort of model chosen is a reliable way to represent the world.

For example, one of the aspects of models that is often disturbing to senior management is the degree to which the models require recalibration.  That need for recalibration is an aspect of the fundamental nature of the model.  And I would be willing to guess that few modelers have in their explanation of their model fully described that aspect of their model and explained why it exists and why it is a necessary aspect of the model.

That is just an example.  We modelers need to understand all of these fundamental points where models are simply baffling to senior management users and work to overcome the gap between what is being explained and what needs to be explain.

We are focused on the process.  Getting the process right.  If we choose the right process and follow it correctly, then the result should be correct.

But the explanations that we need are about why the choice of the process made sense in the first place.  And more importantly, how, now that we have followed the process for so long that we barely remember why we chose it, do we NOW believe that the result is correct.

What is needed is a validation process that gets to the heart of the fundamental questions about the model that are not yet known!  Sound frustrating enough?

The process of using risk models appropriately is an intellectual journey.  There is a need to step past the long ingrained approach to projections and models that put models in the place of fortune tellers.  The next step is to begin to find value in a what-if exercise.  Then there is the giant leap of the stochastic scenario generator.  Many major conceptual and practical leaps are needed to move from (a) getting a result that is not reams and reams of complete nonsense to (b) getting a result that gives some insight into the shape of the future to (c) realizing that once you actually have the model right, it starts to work like all of the other models you have ever worked with with vast amount of confirmation of what you already know (now that you have been doing this for a couple of years) along with an occasional insight that was totally unavailable without the model.

But while you have been taking this journey of increasing insight, you cross over and become one of those who you previously thought to talk mostly in riddles and dense jargon.

But to be fully effective, you need to be able to explain all of this to someone who has not taken the journey.

The first step is to understand that in almost all cases they do not give a flip about your model and the journey you went throughto get it to work.

The next step is to realize that they are often grounded in an understanding of the business.  For each person in your management team, you need to understand which part of the business that they are grounded in and convince them that the model captures what they understand about the part of the business that they know.

Then you need to satisfy those whse grounding is in the financials.  For those folks, we usually do a process called static validation – show that if we set the assumptions of the model to the actual experience of last year, that the model actually reproduces last year’s financial results.

Then you can start to work on an understanding of the variability of the results.  Where on the probability spectrum was last year – both for each element and for the aggregate result.

That one is usually troublesome.  For 2008, it was particularly troublesome for any firms that owned any equities.  Most models would have placed 2008 stock market losses almost totally off the charts.

But in the end, it is better to have the discussion.  It will give the management users a healthy skepticism for the model and more of an appreciation for the uses and limitations of the entire modeling methodology.

These discussions should lead to understanding and balance.  Enough understanding that there is a balanced view of the model.  Not total reliance and not total skepticism.

The Glass Box Risk Model

I learned a new term today “The Glass Box Risk Model” from a post by Donald R. van Deventer,

Glass Boxes, Black Boxes, CDOs and Grocery Lists

You can read what he has to say about it.  I just wanted to pass along the term “Glass Box.”

A Glass Box Risk Model is one that is exactly the opposit of a Black Box.  With a Black Box Model, you have no idea what is going on inside.  WIth a Glass Box, you can see everything inside.

Something is needed, however, in addition to transparency, and that is clarity.  To use the physical metaphor further, the glass box could easily be crammed with so, so much complicated stuff that it is only transparent in name.  The complexity acts as a shroud that keeps real transparency from happening.

I would suggest that argues for separability of parts of the risk model.  The more different things that one tries to cram into a single model, the less likely that it is separable or truely transparent.

That probably argues against any of the elegance that modelers sometimes prize.  More code is probably preferable to less if that makes things easier to understand.

For example, I give away my age, but I stopped being a programmer about the time when actuaries took up APL.  But I heard from everyone who ever tried to assign maintenance of an APL program to someone other than the developer, that APL was a totally elegant but totally opaque programming language.

But I would suggest that the Glass Box should be the ideal for which we strive with our models.

Global ERM Best Practices Webinar III

Date
December 1, 2009

Time

Times vary by location.  Program runs for 18 hours to allow for daytime viewing in all locations.

Location:
This webcast takes place via the Internet.  At your location.

Speakers from Europe, Americas and Asia-Pacific areas.

ERM is a unique field that is developing in all parts of the world at more or less the same time; therefore it is a new practice area where a global actuarial community of practitioners is developing. The webcast includes speakers from Europe and Asia/Pacific, as well as the Americas, and allows risk officers to share emerging risk management practices across different geographical regions.

The objective of this webcast is to provide the global actuarial community with new and emerging enterprise risk management (ERM) practices from different geographical regions. This webcast will include speakers from Asia/Pacific, Europe and the Americas offering insight into ERM best practices.

The webcast objectives

• Disseminating and promoting global ERM best practices to the actuarial community
• Offering accessible information about ERM to actuaries
• Facilitating the discussion of practical and theoretical ERM issue and possible solutions
• Promoting global standards of best practices in ERM

Who Should Attend

• Actuaries who are currently practicing in the ERM area within Insurers or consultancies and
• Actuaries and actuarial students who wish to get exposed to ERM practices so they can participate in ERM programs at insurers in the future
• Other nonactuarial risk officer

MORE INFORMATION

REGISTER HERE

Session Description in Comment to this post.

Speakers will be posted when available.