By Jean-Pierre Berliet
Discussions with senior executives have suggested that decision signals from ERM would be more credible and that ERM would be a more effective management process if ERM were shown to support management of operational risk
Operational risk comprises two different types of risks: execution risk and strategic risk.
These two categories of operational risk are important to policyholders and shareholders because they can reduce both the insurance strength and the value of insurance companies.
Strategic risk stems from external changes that can undermine the profitability and growth expectations of a company’s business model and strategy, and therefore have a significant impact on its value. Execution risk originates in internal failures to manage the operations of a company competently, with the needed level of foresight, prudence, risk awareness, and preparedness. Execution and strategic risks impact insurance companies differently and, as a result, call for distinct mitigation strategies.
Although financial risks are the primary determinant of the volatility of financial results of insurance companies, execution risks can also cause material adverse deviations from expected financial results
Execution risks include, for example, economic losses resulting from i) delays in alleviating adverse consequences of changes in the volume of activity (mismanagement), ii) events that can interrupt business operations whether man made or natural (lack of preparedness), and iii) failures in controls that cause economic losses, create liabilities or damage the company’s reputation (market conduct, regulatory compliance, bad faith in claim management, fraud, IT security, etc..).
Execution risks reduce current financial performance and company valuation. Company valuation is reduced because i) investors often view negative earnings deviations as predictors of future decline in profitability and ii) performance volatility can derail the execution of a company’s growth strategy
Execution risks are relatively easy to identify, if not to mitigate for company management. Although stochastic modeling tools and event databases could be used to simulate the impact of execution risks on financial performance, and fine tune mitigation strategies, undertaking such modeling is very costly, and may be of limited value. Company management has fiduciary obligations to set in place processes designed to avoid executions risks, establish post event recovery procedures, and to ensure compliance.
Both policyholders and shareholders need to note that
- Execution risks can impact financial performance significantly in the year or period of occurrence but may have a more or less pronounced impact on performance in subsequent periods and company valuation, depending on the availability of recovery strategies and the preparedness of a company.
- The impact of execution risks on a company’s market value can be derived from estimated adjustments to free cash flow projections. This is particularly significant in connection with risk events that erode a company’s competitive advantage or damage its reputation. Such events can reduce the market value of a company significantly by reducing its volume of business or its pricing flexibility.
Management processes and management action, not capital, are the natural remedy for execution risks. Board of Directors or Audit Committees of such boards have become increasingly involved in exercising oversight of execution risks and their management by operating executives.
Strategic risks can undermine the economic viability of the business model and future financial performance of insurance companies. They can have a significant adverse effect on i) a company’s insurance ratings and the credit worthiness of its debt and ii) its market capitalization. Strategic risks can cause otherwise solvent companies to lose a substantial share of their market value in a short time, provoke legal action by disgruntled shareholders, inflict serious economic losses to Directors, senior executives and other employees, and induce potential raiders to attempt a take over.
Strategic risks are also very important to policyholders, (especially those who have bought protection against slowly emerging liabilities or policies that provide indemnification benefits in the form of annuity payments), because strategic risks that undermine the ability of companies to earn formerly expected returns also reduce the credit worthiness of these companies. Strategic risks stem from external changes in the regulations, institutional arrangements, competition, technology or demand that can erode the competitive advantage of an insurance company and its ability to operate credibly and profitably as a going concern in the future.
Strategic risks do not receive as much attention as they should because they are difficult to identify and assess, and are often viewed as “uncontrollable”. At any point in time, it can be very difficult to assess whether a quantum change in any element of strategic risks is close to happening. When such a change occurs, however, its impact on future performance can cause a swift decline in the market values of a company.
To identify and manage strategic risks, companies need to:
- Conduct and challenge a periodic defensibility analysis of their business model and competitive advantage
- Monitor market developments for emerging trends with potential adverse effects (loss of business to competitors, emergence of new risk transfer technologies or product innovations, regulatory developments, etc.)
- Develop appropriate responses to adverse developments through adjustment in capabilities, redeployment of capacity, change in composition and level of service provided, industry level lobbying of lawmakers and regulators, sponsorship of and participation in industry associations, etc…
- Communicate reasons for and objectives of needed changes to both customers and shareholders.
- Integrate the planned strategic response into action plans, budgets and objectives of business units
Insurance companies need to include in ERM a process that provides consistent and updateable insights into strategic risks to which they are exposed. Because the insurance industry has been highly regulated, many insurance companies have not developed deep strategy development and assessment skills. It will be a challenge at first for such companies to establish strategic risk assessment frameworks powerful enough to yield robust insights but simple enough to be user friendly.
A number of companies that have already implemented comprehensive frameworks to manage financial risks have begun addressing operational risks more formally. They believe that the introduction in operations management of specific risk management control components will create value by:
- Enhancing the level and the stability of their financial results
- Reducing the probability of serious value losses caused execution risks and strategic risks.
The establishment of operational effective risk management frameworks and processes within ERM is of critical importance to all constituents of insurance companies.
Berliet Associates, LLP
(203) 247 6448
May 22, 2010