Enterprise Risk Management
Back to fundamentals
As rating agencies rebuild their credibility, ERM gains support elsewhere
By Michael J. Moody, MBA, ARM
Acceptance of new management disciplines is typically difficult and its course is frequently hard to predict. Sometimes the process moves along quickly, while other times it may slow or even reverse. Such is the case with enterprise risk management (ERM).
Over the past few years, acceptance of the concept of ERM has been moving forward at a fairly rapid pace, thanks in large part to the support of the nation’s rating agencies. The rating agencies determined that the adoption of an ERM approach by a rated company would improve the risk and thus usually warrant a more favorable rating. And whether it was noted explicitly (as is the case with S&P) or implicitly (as is the case with Moody’s and A.M.Best), analysis of a firm’s ERM program had become an integral part of the overall rating matrix.
However, as time has passed and the full extent of the 2008/09 financial crisis has become known, rating agencies have come under closer scrutiny. As a result of congressional hearings, legislators may be headed toward restricting the rating agencies’ ability to limit their liability for ratings they have issued. Further, the court system has also been broadening shareholders’ recourse for actions against the rating agencies. Some courts are allowing proceedings to move forward that charge the agencies with committing fraud by trying to hide the risks associated with securities linked to subprime mortgages. Additionally, Congress appears ready to pass more formal regulatory constraints on rating agencies that would make them become more transparent in their work products. As a result of these initiatives, it would seem that the rating agencies will be less effective in driving interest in ERM since they will need to dedicate more time and resources to trying to polish their own tarnished images.
While the influence of the rating agencies may be waning regarding ERM, other factors are coming to the forefront which will serve to promote ERM. One of the more important ones is that the SEC has proposed a new rule that will require public companies to disclose their board’s risk management role. Additionally, this proposed rule would require the organization to discuss how compensation practices affect the company’s overall risk profile. Congress is also considering a “Shareholders Bill of Rights Act of 2009,” which among other things would require the establishment of a risk management committee comprised wholly of outside directors. All of these proposals should continue to drive interest in ERM.
The fundamentals
Another hindrance to the acceptance of ERM has been the lack of agreement as to the basic elements of the ERM process. However, a recent survey completed by reinsurance broker Guy Carpenter may help correct a portion of this problem. Over the past couple of years, Guy Carpenter has been doing significant research into some of the core principles of ERM and how they apply to insurers and reinsurers. As a result of Guy Carpenter’s work, earlier this year, they presented a white paper titled “Risk Profile, Appetite, and Tolerance: Fundamental Concepts in Risk Management and Reinsurance Effectiveness.” Among other things they addressed the following items:
• Provided a common terminology for:
Risk Profile—“the broad parameters a firm considers in executing its business strategy in its chosen market space.”
Risk Appetite—“the level of uncertainty a company is willing to assume given the corresponding reward associated with the risk.”
Risk Tolerance—“a stated amount of risk a company is willing and able to keep in executing its business strategy; in other words, the limits of a company’s capacity for taking on risk.”
• Offer a framework for the items noted above, including best practices,
• Present results of their initial bench marking study
The study provided several critical ideas as to the best practices that would ensure the integration of top-level risk management decisions into the operational framework throughout the firm. They advanced several key concepts and examples of such linkage with operational concepts. Among the items noted were enterprise level monitoring and evaluation of both risk-taking and risk-mitigation strategies. Further, they advocated “operational integration and communication by management of risk tolerance to influence operational decisions.” These could be done via underwriting guidelines, zonal aggregates, and pricing discipline.
One of the key findings that came out of Guy Carpenter’s work was a study of risk tolerances of companies within the insurance industry. They point out that the study was completed on publicly available information such as annual reports and regulatory filings, as well as analyst and rating agency reports. An international group of insurers/reinsurers was used and included 12 European companies, 6 U.S. companies, 9 in Bermuda, and 8 in the Asia-Pacific region. A representative list of findings included:
• All 35 of the firms disclosed some form of consideration of Risk Tolerance.
• While they disclosed the method of measurement, none stated the amount or the level of the measurements.
• Value at Risk (VaR) and stress testing was the most common Risk Tolerance method.
• In general, European companies tended to disclose the most information about their ERM structure.
• Very few companies offered an opinion or position regarding excess capital.
Guy Carpenter completed the initial benchmarking study in early 2009, but due to the extraordinary changes that were occurring in the financial service sector, they believed that it was important to update the study. They published the results in October 2009. Several key findings were noted in the revised study, not the least of which was that there was “continued movement towards more robust enterprise-wide risk management practices in the period following the 2008 financial crisis.”
They also noted that many insurers’/reinsurers’ goal is for greater transparency, since regulators are now accelerating their emphasis on ERM-related disciplines. Bottom line, Carpenter’s “updated survey indicates little change from year-end 2007 to year-end 2008 in the level of disclosure of ERM structure characteristics.” These characteristics would include such things as having a chief risk officer, internal reporting relationships including reporting lines into the board, and formation of a risk committee. Despite this, however, Guy Carpenter notes that, “It is no longer in dispute that advancing the discipline of ERM can help insurers improve the deployment of capital, capital efficiencies, and maximize stable risk-adjusted returns.”
Conclusion
Although the rating agencies may not continue to be one of the key driving forces in promoting the ERM concept, many other factors are contributing to the advancement of ERM. Recent works by firms like Guy Carpenter are helping to resolve questions about the basics of ERM. Further, they are also providing important benchmarking data to assist organizations in determining their position in the industry.
Additionally, efforts to advance ERM will certainly come from regulatory and legislative influences. These efforts will continue to put pressure on company management to recognize and effectively manage these risks. Capital market influences such as SEC rules will also require the boards of public corporations take definitive actions to establish ERM programs.
The author
Michael J. Moody, MBA, ARM, is the managing director of Strategic Risk Financing, Inc. (SuRF). SuRF is an independent consulting firm that has been established to advance the practice of enterprise risk management. The primary goal of SuRF is to actively promote the concept of enterprise risk management by providing current, objective information about the concept, the structures being used, and the players involved.
|