Posted tagged ‘Insurance’

Updating your Risk Register

January 26, 2017

It is quite easy for an ERM program to become irrelevant.  All it takes is for it to stay the same for several years.  After just a few years, you will find that you risk management processes are focused upon the issues of several years ago.  You may be missing new wrinkles to your risks and also repeating mitigation exercises that are no longer effective or needed.

That is because the risk environment is constantly changing.  Some risks are become more dangerous while for others the danger is receding.  No firm anywhere has an unlimited budget for risk management.  So to remain effective, you need to constantly reshuffle priorities.

One place where that reshuffling is very much needed is in the risk register.  That is a hard message to sell.  Risk Identification is seen by most as the first baby step in initiating and ERM program.  How could a well developed, sophisticated ERM program need to go back to the first baby step.

But we do need to go back and somehow get people to seriously re-evaluate the Risks on the Risk Register.  That is because risk management is fundamentally a cycle rather than a a one way development process.  We are all brainwashed that constant growth and steady improvement is the fundamental nature of human enterprise.  For risk management to really work, we need that cycle model where we go back and do all of the same steps as last year all over again.

One way to freshen up the process of reviewing the risk register is to bring in outside information.  The link below provides some good outside information that you can use to stimulate your own review.

Willis Re took the top 15 risks from a dozen insurer risk registers and combined them to get 50+ unique risks.  Then over 100 insurer executives and risk management staff helped to rank those 50 risks.

2017’s most dangerous risks for insurers

We took a list of over 50 risks commonly found on insurer risk registers, and asked, “Which risks present the most danger to your firm in 2017?”

Take a look.  How does the resulting ranking look compared to your risk register?  Do any of the top 10 risks show up as middling priority in your program?  Are any of the bottom ten risks near the top of your priority ranking?  So your review can focus on a discussion of the most significant deviations between your ranking and the ranking from the link above. You need to convince yourself that you have good reasons for different priorities or change your priorities.

Insurers need to adapt COSO/ISO Risk Management to achieve ERM

July 29, 2014

Both the COSO and ISO risk management frameworks describe many excellent practices.  However, in practice, insurers need to make two major changes from the typical COSO/ISO risk management process to achieve real ERM.

  1. RISK MEASUREMENT – Both COSO and ISO emphasize what RISKVIEWS calls the Risk Impressions approach to risk measurement.  That means asking people what their impression is of the frequency and severity of each risk.  Sometimes they get real fancy and also ask for an impression of Risk Velocity.  RISKVIEWS sees two problems with this for insurers.  First, impressions of risk are notoriously inaccurate.  People are just not very good at making subjective judgments about risk.  Second, the frequency/severity pair idea does not actually represent reality.  The idea properly applies to very specific incidents, not to risks, which are broad classes of incidents.  Each possible incident that makes up the class that we call a risk has a different frequency severity pair.   There is no single pair that represents the class.  Insurers risks are in one major way different from the risks of non-financial firms.  Insurers almost always buy and sell the risks that make up 80% or more of their risk profile.  That means that to make those transactions they should be making an estimate of the expected value of ALL of those frequency and severity pairs.  No insurance company that expects to survive for more than a year would consider setting its prices based upon something as lacking in reality testing as a single frequency and severity pair.  So an insurer should apply the same discipline to measuring its risks as it does to setting its prices.  After all, risk is the business that it is in.
  2. HIERARCHICAL RISK FOCUS – Neither COSO nor ISO demand that the risk manager run to their board or senior management and proudly expect them to sit still while the risk manager expounds upon the 200 risks in their risk register.  But a highly depressingly large number of COSO/ISO shops do exactly that.  Then they wonder why they never get a second chance in front of top management and the board.  However, neither COSO nor ISO provide strong enough guidance regarding the Hierarchical principal that is one of the key ideas of real ERM.    COSO and ISO both start with a bottoms up process for identifying risks.  That means that many people at various levels in the company get to make input into the risk identification process.  This is the fundamental way that COSO/ISO risk management ends up with risk registers of 200 risks.  COSO and ISO do not, however, offer much if any guidance regarding how to make that into something that can be used by top management and the board.  In RISKVIEWS experience, the 200 item list needs to be sorted into no more than 25 broad categories.  Then those categories need to be considered the Risks of the firm and the list of 200 items considered the Riskettes.  Top management should have a say in the development of that list.  It should be their chooses of names for the 25 Risks. The 25 Risks then need to be divided into three groups.  The top 5 to 7 Risks are the first rank risks that are the focus of discussions with the Board.    Those should be the Risks that are most likely to cause a financial or other major disruption to the firm.   Besides focusing on those first rank risks, the board should make sure that management is attending to all of the 25 risks.  The remaining 18 to 20 Risks then can be divided into two ranks.  The Top management should then focus on the first and second rank risks.  And they should make sure that the risk owners are attending to the third rank risks.  Top management, usually through a risk committee, needs to regularly look at these risk assignments and promote and demote risks as the company’s exposure and the risk environment changes.  Now, if you are a risk manager who has recently spent a year or more constructing the list of the 200 Riskettes, you are doubtless wondering what use would be made of all that hard work.  Under the Hierarchical principle of ERM, the process described above is repeated down the org chart.  The risk committee will appoint a risk owner for each of the 25 Risks and that risk owner will work with their list of Riskettes.  If their Riskette list is longer than 10, they might want to create a priority structure, ranking the risks as is done for the board and top management.  But if the initial risk register was done properly, then the Riskettes will be separate because there is something about them that requires something different in their monitoring or their risk treatment.  So the risk register and Riskettes will be an valuable and actionable way to organize their responsibilities as risk owner.  Even if it is never again shown to the Top management and the board.

These two ideas do not contradict the main thrust of COSO and ISO but they do represent a major adjustment in approach for insurance company risk managers who have been going to COSO or ISO for guidance.  It would be best if those risk managers knew in advance about these two differences from the COSO/ISO approach that is applied in non-financial firms.

Setting your Borel Point

July 28, 2014

What is a Borel Risk Point you ask?  Emile Borel once said

“Events with a sufficiently small probability never occur”.

Your Borel Risk Point (BRP) is your definition of “sufficiently small probability” that causes you to ignore unlikely risks.

Chances are, your BRP is set at much too high of a level of likelihood.  You see, when Borel said that, he was thinking of a 1 in 1 million type of likelihood.  Human nature, that has survival instincts that help us to survive on a day to day basis, would have us ignoring things that are not likely to happen this week.

Even insurance professionals will often want to ignore risks that are as common as 1 in 100 year events.  Treating them as if they will never happen.

And in general, the markets allow us to get away with that.  If a serious adverse event happens, the unprepared generally are excused if it is something as unlikely as a 1 in 100 event.

That works until another factor comes into play.  That other factor is the number of potential 1 in 100 events that we are exposed to.  Because if you are exposed to fifty 1 in 100 events, you are still pretty unlikely to see any particular event, but very likely to see some such event.

Governor Andrew Cuomo of New York State reportedly told President Obama,

New York “has a 100-year flood every two years now.”
Solvency II has Europeans all focused on the 1 in 200 year loss.  RISKVIEWS would suggest that is still too high of a likelihood for a good Borel Risk Point for insurers. RISKVIEWS would argue that insurers need to have a higher BRP because of the business that they are in.  For example, Life Insurers primary product (which is life insurance, at least in some parts of the world) pays for individual risks (unexpected deaths) that occur at an average rate of less than 1 in 1000.  How does an insurance company look their customers in the eye and say that they need to buy protection against a 1 in 1000 event from a company that only has a BRP of 1 in 200?
So RISKVIEWS suggest that insurers have a BRP somewhere just above 1 in 1000.  That might sound aggressive but it is pretty close to the Secure Risk Capital standard.  With a Risk Capital Standard of 1 in 1000, you can also use the COR instead of a model to calculate your capital needed.

ORSA ==> AC – ST > RCS

June 30, 2014

The Own Risk and Solvency Assessment (or Forward Looking Assessment of Own Risks based on ORSA principles) initially seems daunting.  But the simple formula in the title of this post provides a guide to what is really going on.

  1. To preform an ORSA, an insurer must first decide upon its own Risk Capital Standard.
  2. The insurer needs to develop the capacity to project the financial and risk exposure statistics forward for several years under a range of specified conditions.
  3. Included in the projection capacity is the ability to determine (a) the amount of capital required under their own risk capital standard and (b) the projected amount of capital available.
  4. The insurer needs to select a range of Stress Tests that will be used for the projections.
  5. If, under a projection based upon a Stress Test, the available capital exceeds the Risk Capital Standard, then that Stress Test is a pass.                   AC – ST >RCS
  6. If, under a projection based upon a Stress Test, the available capital is less than the Risk Capital Standard, then that Stress Test is a fail and requires an explanation of intended management actions.                            AC – ST < RCS  ==> MA

RISKVIEWS suggests that Stress Tests should be chosen so that the company can demonstrate that they can pass (AC – ST >RCS) the tests under a wide range of scenarios AND in addition, that one or several of the Stress Tests are severe enough to produce a fail (AC – ST < RCS  ==> MA) condition so that they can demonstrate that management has conceptualized the actions that would be needed in extreme loss situations.

RISKVIEWS also guesses that an insurer that picks a low Risk Capital Standard and Normal Volatility Stress Tests will get push back from the regulators reviewing the ORSA.

RISKVIEWS also guesses that an insurer that picks a high Risk Capital Standard will fail some or all of the more severe Stress Tests.

Furthermore, RISKVIEWS predicts that many insurers will fail the real Future Worst Case Stress Tests.  Only firms that hold themselves to a Robust Risk Capital Standard are likely to have sufficient capital to potentially maintain solvency.  In RISKVIEWS opinion, these Future Worst Case Stress Tests are useful mainly as the starting point for a Reverse Stress Test process.  In financial markets, we have experienced a real life worst case stress with the 2008 Financial Crisis and the following events.  Imaging insurance worst case scenarios that are as adverse as those events seems useful to promoting insurer survival.  Imagining events that are much worse than those – which is what is meant by the Future Worst Case Scenario idea – seems to be overkill.  But, in fact,  the history of adverse events in the recent past seems to indicate that each new major loss is at least twice the previous record.

A Reverse Stress Test is a process under which an insurer would determine the adverse scenario that drives the insurer to insolvency.  Under the NAIC ORSA, Reverse Stress Tests are required, but it is not specified whether those tests should be based upon a condition of failing to meet the insurer’s own Risk Capital Standard or the regulators solvency standard.  RISKVIEWS would recommend both types of tests be performed.

This discussion is the heart of the ORSA.  The full ORSA requires many other elements.  See the recent post INSTRUCTIONS FOR A 17 STEP ORSA PROCESS for the full discussion.

Risk Capital Standard

June 23, 2014

Insurers in the US and Canada are required to state their own internal Risk Capital Standard in their ORSA Summary Report. From RISKVIEWS observations over the years of actual insurer actions, insurers have actually operated  with four levels of Risk Capital Standards:

  • Solvency – enough capital to avoid take-over by regulators
  • Viable – enough capital to avoid reaching Solvency level with “normal” volatility
  • Secure – enough capital to satisfy sophisticated commercial buyers that you will pay claims in most situations
  • Robust – enough capital to maintain a Secure level of capital after a major loss

In many cases, this is not necessarily a clear conscious decision, but insurers do seem to pick one of those four levels and stick with it.

Insurers operating at the Solvency levels are usually in constant contact with their regulator.  They are almost always very small insurers who are operating on the verge of regulatory takeover.  They operate in markets where there is no concern on the part of their customers for the security of their insurer.  Sometimes these insurers are government sponsored and are permitted to operate at this level for as long as they are able because the government is unwilling to provide enough capital and the company is not able to charge enough premiums to build up additional capital, possibly because of government restrictions to rates.  This group of insurers is very small in most times.  Any adverse experience will mean the end of the line for these companies.

Many insurers operate at the Viable level.  These insurers are usually operating in one or several personal/individual insurance lines where their customers are not aware of or are not sensitive to security concerns.  Most often these insurers write short term coverages such as health insurance, auto insurance or term insurance.  These insurers can operate in this manner for decades or until they experience a major loss event.  They do not have capital for such an event so their are three possible outcomes:  insolvency and breakup of the company, continued operation at the Solvency level of capital with or without gradual recovery of capital to the Viable level.

The vast bulk of the insurance industry operates at the Secure level of capital.  Companies with a Secure capital level are able to operate in commercial/group lines of business, reinsurance or the large amount individual products where there is a somewhat knowledgeable assessment of security as a part of the due diligence process of the insurance buyer.   With capital generally at the level of a major loss plus the Viable capital level, these companies can usually withstand a major loss event on paper, but if their business model is dependent upon those products and niches where high security is required, a major loss will likely put them out of business because of a loss of confidence of their customer base.  After a large loss, some insurers have been able to shift to operating with a Viable capital level and gradually rebuild their capital to regain the Secure position and re-engage with their original markets.  But most commonly, a major loss causes these insurers to allow themselves to be acquired so that they can get value for the infrastructure that supports their high end business model.

A few insurers and reinsurers have the goal of retaining their ability to operate in their high end markets in the event of a major loss by targeting a Robust capital level.  These insurers are holding capital that is at least as much as a major loss plus the Secure capital level.  In some cases, these groups are the reinsurers who provide risk relief to other Robust insurers and to the more cautious insurers at the Secure level.  Other firms in this groups include larger old mutual insurers who are under no market pressure to shed excess capital to improve Return on Capital.  These firms are easily able to absorb moderate losses without significant damage to their level of security and can usually retain at least the Secure level of capital after a major loss event.  If that major loss event is a systematic loss, they are able to retain their market leading position.  However, if they sustain a major loss that is less broadly shared, they might end up losing their most security conscious customers.  Risk management strategy for these firms should focus on avoiding such an idiosyncratic loss.  However, higher profits are often hoped for from concentrated, unique (re)insurance deals which is usually the temptation that leads to these firms falling from grace.

One of the goals of Solvency II in Europe has been to outlaw operating an insurer at the Solvency or Viable levels of capital.  This choice presents two problems:

  • It has led to the problem regarding the standard capital formula.  As noted above, the Solvency level is where most insurers would choose to operate.  Making this the regulatory minimum capital means that the standard formula must be near perfectly correct, a daunting task even without the political pressures on the project.  Regulators tendency would be to make all approximations rounding up.  That is likely to raise the cost of the lines of insurance that are most effected by the rounding.
  • It is likely to send many insurers into the arms of the regulators for resolution in the event of a significant systematic loss event.  Since there is not ever going to be regulatory capacity to deal with resolution of a large fraction of the industry, nor is resolution likely to be needed (since many insurers have been operating in Europe just fine with a Viable level of capital for many years).  It is therefore likely that the response to such an event will be to adjust the minimum capital requirement in one way or another, perhaps allowing several years for insurers to regain the “minimum” capital requirement.  Such actions will undermine the degree to which insurers who operate in markets that have traditionally accepted a Viable capital level will take the capital requirement completely seriously.

It is RISKVIEWS impression that the Canadian regulatory minimum capital is closer to the Viable level. While the US RBC action level is at the Solvency level.

It is yet to be seen whether the US eventually raises the RBC requirement to the Viable level or if Canada raises its MCCSR to the Secure level because of pressure to comply with the European experiment.

If asked, RISKVIEWS would suggest that the US and Canada waits until (a) the Europeans actually implement Solvency II (which is not expected to be fully inforce for many years after initial implementation due to phase in rules) and (b) the European industry experiences a systematic loss event.  RISKVIEWS is not likely to be asked, however.

It is RISKVIEWS prediction that the highly theoretical ideas that drive Solvency II will need major adjustment and that those adjustments will need to be made at that time when there is a major systematic loss event.  So the ultimate nature of Solvency II will remain a complete mystery until then.

ERM Control Cycle

April 20, 2013

ERM Control Cycle

The seven principles of ERM for Insurers can be seen as forming an Enterprise Risk Control cycle.

The cycle starts with assessing and planning for risk taking.  That process may include the Diversification principle and/or the Portfolio principle.

Next to the steps of setting Considerations and Underwriting the risks.  These steps are sometimes operated together and sometimes separate, usually depending upon the degree to which the risks are  small and homogeneous or large and unique.

The Risk Control cycle is then applied to the risks that have been accepted.  That step is needed because even if a risk is properly priced and appropriately accepted, the insurer will want to manage the aggregate amount of such risks.  Within the risk control cycle, there is a risk mitigation step and within that step an insurer may choose to reduce their total risk or to increase their risk taking capacity.

Risks that have been accepted through the underwriting process and that the insurer is retaining after the risk control cycle process must be assessed for Provisioning, both for reserve and capital.

Finally, for this discussion of the ERM Cycle, the insurer needs to consider whether there are additional risks that have been unknowingly accepted that may emerge in the future.  The Future risk principle provides a path for that step.

For the ERM Cycle, there is actually no such thing as FINALLY.  As a cycle, it repeats infinitely.  The picture above has many two headed arrows in addition to the one way arrows that represent a single circular process.

The ERM idea sits in the middle of these seven principles.  The ERM idea is the idea that an insurer will follow a cycle like this for all of the risks of the insurer and in addition for the aggregation of all risks.  This will be done to protect all of the stakeholders of the insurers, policyholders, stockholders, bondholders, management, employees and communities to the greatest extent that their sometimes contradictory interests allow.

Most firms will put different degrees of emphasis on different elements.  Some will have very faint arrows between ERM and some of the other principles.  Some insurers will neglect some of these principles completely.

It may be that the choice of which principles to emphasize are tightly linked with their view of the risk environment.

env copy

This a part of the discussion of the seven ERM Principles for Insurers

Risk Portfolio Management

April 18, 2013

In 1952, Harry Markowitz wrote the article “Portfolio Selection” which became the seed for the theory called Modern Portfolio Theory. Modern Portfolio Theory (MPT) promises a path to follow to achieve the maximum return for a given level of risk for an investment portfolio.

It is not clear who first thought to apply the MPT ideas to a portfolio of risks in an insurer. In 1974, Gustav Hamilton of Sweden’s Statsforetag proposed the “risk management circle” to describe the interaction of all elements in the risk management process, including assessment, control, financing and communication. In 1979, Randell Brubaker wrote about “Profit Maximization for a multi line Property/Liability Company.” Since then, the idea of risk and reward optimization has become to many the actual definition of ERM.

Standard & Poor’s calls the process “Strategic Risk Management”.

“Strategic Risk Management is the Standard & Poor’s term for the part of ERM that focuses on both the risks and returns of the entire firm. Although other aspects of ERM mainly focus on limiting downside, SRM is the process that will produce the upside, which is where the real value added of ERM lies.“

The Risk Portfolio Management process is nothing more or less than looking at the expected reward and loss potential for each major profit making activity of an insurer and applying the Modern Portfolio Management ideas of portfolio optimization to that risk and reward information.

At the strategic level, insurers will leverage the risk and reward knowledge that comes from their years of experience in the insurance markets as well as from their enterprise risk management (ERM) systems to find the risks where their company’s ability to execute can produce better average risk-adjusted returns. They then seek to optimize the risk/reward mix of the entire portfolio of insurance and investment risks that they hold. There are two aspects of this optimization process. First is the identification of the opportunities of the insurer in terms of expected return for the amount of risk. The second aspect is the interdependence of the risks. A risk with low interdependency with other risks may produce a better portfolio result than another risk with a higher stand alone return on risk but higher interdependence.

Proposals to grow or shrink parts of the business and choices to offset or transfer different major portions of the total risk positions can be viewed in terms of risk-adjusted return. This can be done as part of a capital budgeting/strategic resource allocation exercise and can be incorporated into regular decision-making. Some firms bring this approach into consideration only for major ad hoc decisions on acquisitions or divestitures and some use it all the time.

There are several common activities that may support the macro- level risk exploitation.

Economic Capital
Economic capital (EC) flows from the Provisioning principle. EC is often calculated with a comprehensive risk model consistently for all of the actual risks of the company. Adjustments are made for the imperfect correlation of the risks. Identification of the highest-concentration risks as well as the risks with lower correlation to the highest-concentration risks is risk information that can be exploited. Insurers may find that they have an advantage when adding risks to those areas with lower correlation to their largest risks if they have the expertise to manage those risks as well as they manage their largest risks.

Risk-adjusted product pricing
Another part of the process to manage risk portfolio risk reward involves the Consideration principle. Product pricing is “risk-adjusted” using one of several methods. One such method is to look at expected profits as a percentage of EC resulting in an expected return-to-risk capital ratio. Another method reflects the cost of capital associated with the economic capital of the product as well as volatility of expected income. The cost of capital is determined as the difference between the price to obtain capital and the rate of investment earnings on capital held by the insurer. Product profit projections then will show the pure profit as well as the return for risk of the product. Risk-adjusted value added is another way of approaching risk-adjusted pricing.

Capital budgeting
The capital needed to fulfill proposed business plans is projected based on the economic capital associated with the plans. Acceptance of strategic plans includes consideration of these capital needs and the returns associated with the capital that will be used. Risk exploitation as described above is one of the ways to optimize the use of capital over the planning period. The allocation of risk capital is a key step in this process.

Risk-adjusted performance measurement (RAPM)
Financial results of business plans are measured on a risk-adjusted basis. This includes recognition of the cost of holding the economic capital that is necessary to support each business as reflected in risk-adjusted pricing as well as the risk premiums and loss reserves for multi-period risks such as credit losses or casualty coverages. This should tie directly to the expectations of risk- adjusted profits that are used for product pricing and capital budgeting. Product pricing and capital budgeting form the expectations of performance. Risk-adjusted performance measurement means actually creating a system that reports on the degree to which those expectations are or are not met.

For non-life insurers, Risk Portfolio Management involves making strategic trade-offs between insurance, credit (on reinsurance ceded) and all aspects of investment risk based on a long-term view of risk-adjusted return for all of their choices.

Insurers that do not practice Portfolio Risk Management usually fail to do so because they do not have a common measurement basis across all of their risks. The recent move of many insurers to develop economic capital models provides a powerful tool that can be used as the common risk measure for this process. Economic capital is most often the metric used to define risk in the risk/reward equation of insurers.

Some insurers choose not to develop an EC model and instead rely upon rating agency or regulatory capital formulas. The regulatory and rating agency capital formulas are by their nature broad market estimates of the risk capital of the insurer. These formulae will over-state the capital needs for some of the insurer’s activity and understate the needs for others. The insurer has the specific data about their own risks and can do a better job of assessing their risks than any outsider could ever do. In some cases, insurers took high amounts of catastrophe exposure or embedded guarantee and option risks, which were not penalized in the generic capital formulas. In the end, some insurers found that they had taken much more risk than their actual loss tolerance or capacity.

Risk Portfolio management provides insurers with the framework to take full advantage of the power of diversification in their risk selection. They will look at their insurance and investment choices based on the impact, after diversification, on their total risk/reward profile. These insurers will also react to the cycles in risk premium that exist for all of their different insurance risks and for all of their investment risks in the context of their total portfolio.

Sales of most insurance company products result in an increase in the amount of capital needed by the business due to low or negative initial profits and the need to support the new business with Economic Capital. After the year of issue, most insurance company products will show annual releases of capital both due to the earnings of the product as well as the release of supporting capital that is no longer needed due to terminations of prior coverages. The net capital needs of a business arise when growth (new sales less terminations) is high and/or profits are low and capital is released when growth is low and/or profits are high.

The definition of the capital needs for a product is the same as the definition of distributable earnings for an entire business: projected earnings less the increase in Economic Capital. The capital budgeting process will then focus on obtaining the right mix of short and long term returns for the capital that is needed for each set of business plans.

Both new and existing products can be subjected to this capital budgeting discipline. A forecast of capital usage by a new product can be developed and used as a factor in deciding which of several new products to develop. In considering new and existing products, capital budgeting may involve examining historic and projected financial returns.

Pitfalls of Risk Portfolio Management

In theory, optimization processes can be shown to produce the best results for practitioners. And for periods of time when fluctuations of experience are moderate and fall comfortably within the model parameters, continual fine tuning and higher reliance on the modeled optimization recommendations produce ever growing rewards for the expert practitioner. However, model errors and uncertainties are magnified when management relies upon the risk model to lever up the business. And at some point, the user of complex risk models will see that levering up their business seems to be a safe and profitable way to operate. When volatility shifts into a less predictable and/or higher level, the highly levered company can find it self quickly in major trouble.

Even without major deviations of experience, the Risk Portfolio Management principles can lead to major business disruptions. When an insurer makes a major change in its risk profile through an acquisition or divestiture of a large part of their business, the capital allocation of all other activities may shift drastically. Strict adherence to theory can whipsaw businesses as the insurer makes large changes in business.

Insurers need to be careful to use the risk model information to inform strategic decisions without overreliance and abdication of management judgment. Management should also push usage of risk and reward thinking throughout the organization. The one assumption that seems to cause the most trouble is correlation. The saying goes that “in a crisis, all correlations go to one”. If the justification for a major strategic decision is that correlations are far from one, management should take note of the above saying and prepare accordingly. In addition management should study the variability of correlations over time. They will find that correlations are often highly unreliable and this should have a major impact on the way that they are used in the Risk Portfolio Management process.

Risk Portfolio Management is one of the Seven ERM Principles for Insurers

%d bloggers like this: