Table of Contents 

 

Enterprise Risk Management

ERM: A two-year report card

Insurers push ERM adoption, motivated by rating agency interest

By Michael J. Moody, MBA, ARM


Enterprise risk management (ERM) is about to mark an important milestone. While ERM has been around for a number of years, it was only two years ago that the concept was introduced to the public when the Committee of Sponsoring Organizations of the Treadway Commission (COSO) drafted a document titled Enterprise Risk Management - Integrated Framework and made it available for public comment.

Without question, the ERM concept has gained significant exposure and acceptance over the past two years. While there are any number of reasons for the widespread acceptance of ERM, one of the primary drivers of the movement has been and will continue to be regulatory compliance. Initially, it was the Sarbanes-Oxley Act (SOX) that received the lion’s share of the attention. However, subsequent rules forwarded by the Securities and Exchange Commission and the New York Stock Exchange soon also demanded awareness. All of these new requirements left corporate America searching for a new method to control its risks. ERM was there to answer the call.

Early advocates

Despite the public’s relatively recent exposure to ERM, there is one industry segment that has been using a holistic approach to risk management for the past 20 years. That group is the banking industry. Early on, the larger, regional money center banks saw the immediate benefits to viewing risk management from a portfolio perspective. As a result, they were quick to embrace ERM, and today, it is widely accepted within the banking industry. In fact, over the past few years, ERM has become a core competence across all operating units of many banks. As a result, risk methodologies have become integrated into many bank organizations.

Banks have also advanced the role of the chief risk officer (CRO). Today it is commonplace for a bank to have a CRO, whom it relies upon to assist in decision-making and enhancing business performance. Bank CROs are already beginning to note that their roles are expanding due to the increasingly complex and uncertain business environment. They are having to look beyond the traditional financial risk in addressing their ERM mandates. And boards, for their part, are expecting a more proactive approach to risk management—one that anticipates and responds to emerging risks as well as being more involved in strategic decisions. In short, bank CROs have become valued members of upper management.

New kids on the block

With the success that banks were experiencing with ERM, it was only natural that other financial service segments, namely insurers, would start to turn their attention to the ERM concept. As with banks, insurers’ interest in ERM predates the release of COSO’s ERM Framework. However, insurers’ acceptance of ERM has appreciably trailed banks’. Nevertheless, interest among insurers has continued to build over the past two years.

As with other industry segments, the insurance industry was diligently working towards SOX compliance as well as the other new rules and regulations. As this work unfolded, insurers soon became aware how well ERM would dovetail with their compliance efforts. Shortly after this revelation, a number of early adopters began to report major competitive advantages from implementing an ERM culture in their organizations. Some began to openly advertise the fact that they were able to make a business case for ERM.

Another major reason for acceptance within the insurance sector was the willingness of actuaries to assist in the quantification aspects of ERM. In that regard, the Casualty Actuarial Society (CAS) had been a strong supporter of the ERM concept, and many of the initial studies and strategic endeavors centered on the work performed by CAS members. Soon the Society of Actuaries (SOA) was also active in this new risk management approach. The SOA sponsored several major ERM conferences and supported the ERM concept with research and further studies. Many SOA members believe that movement into the CRO’s role is a natural career path for actuaries.

Additional pressure

Some insurers were beginning to embark on an ERM path in 2000 and 2001; however, after the events of 9/11, many chose to move back to a more traditional risk management approach. Despite some early success, many insurers abandoned their commitment to a holistic approach to risk management and lost interest in ERM.

However, following a strong push from a regulatory compliance standpoint, ERM started to become a hot topic in the insurance community again. And as it sits today, the insurance industry is moving swiftly towards an ERM approach to risk management. But it is not just the regulatory concerns or even the business case that are generating the interest in ERM within the insurance industry today. As we have reported previously, it is the rating agencies that are now doing what regulations and business cases could not do: putting ERM on the front burner at most insurers.

Coming to grips with the new rating landscape

Most rating agencies profess that, as part of their overall rating methodology, they have always been concerned about an insurer’s approach to risk management. However, since October 2005, there is little doubt about whether there is explicit recognition of risk management in the rating formulation.

That’s when Standard & Poor’s (S&P) became the first rating agency to indicate a methodology that would specifically analyze an insurer’s ERM capabilities. However, S&P not only analyzed the insurer’s ERM capabilities, but more importantly they took the results of the analysis into account when assigning a rating. Among other things, S&P has stated, as part of their analysis, they will assess the insurer’s risk management culture, risk control efforts, ability to determine emerging risks as well as their risk and capital models.

Subsequent to S&P’s announcement, other agencies also indicated interest in insurers’ ERM programs. In February 2006, A.M. Best stated it would include an ERM program analysis as an integral but separate part of its rating analysis. Moody’s followed shortly thereafter, noting that while its rating process already considered a top level assessment of business risk, they would begin a separate ERM analysis. Fitch Ratings also indicated that their agency was going to begin reviewing an insurer’s business model to determine how ERM is embedded within it.

In commenting on the rating agencies’ new interest in ERM, consulting group Towers Perrin notes that ERM can be quite valuable because they “consider more than just the quantitative building blocks that contribute to healthy insurance company management.” They go on to say, “It also takes into account qualitative issues such as governance, systems and process, risk analysis and, significantly, the culture of the company.” At the end of the day, Towers Perrin believes that, “ERM facilitates a rating agency’s fundamental understanding of the nature of risk an insurer is taking on, the price it is charging to do so and its ability to measure and monitor.”

So now, two years after COSO first introduced its ERM Framework, one industry, the insurance industry, is beginning to see the importance that is being attached to a holistic approach to risk management. Those insurers that were early adopters of the ERM concept will definitely have a ratings advantage for the next 12 to 24 months. However, as the agencies continue to develop their analysis and fine tune their rating methodology, insurers will need to address any shortcoming in their ERM programs.

It should be noted that most of the broader industry-based rating agencies (i.e., S&P, Moody’s, etc.), have indicated a willingness to expand their ERM assessment into other industry segments. As a result, while ERM incorporation into the strategic planning process of the financial service industry has been significant, a much broader based movement is expected soon. Fortunately, ERM has advanced to a point where it can begin providing sustainable, value-added results. And as was the case with the financial service sector, it will be the early adopters who reap the greatest rewards.

The rating agencies have forced the insurance industry to sit up and take notice of ERM. Further, they show the same ability to move their interest into other industry segments as well. As a result, one would believe that ERM will now begin to be fast tracked at corporations in a wide variety of industries. *

 
 
 

It is the rating agencies that are now doing what regulations and business cases could not do: putting ERM on the front burner at most insurers.

 

CONTACT US | HOME