Professional Documents
Culture Documents
July 2002
Issues viewing this For more articles /
document ? white papers on
please check on insurance, risk and
Conzulting website technology, visit
www.conzulting.in
AN APPROACH TO ERM IN
THE INSURANCE INDUSTRY
RAMA WARRIER & PREETI CHANDRASHEKHAR
1. ABSTRACT 2. INTRODUCTION
1
variance of return. Or, it is a measure of techniques as well as in maintaining an
one’s inability to meet financial liabilities integrated risk approach for the enterprise
as and when they arise. For an enterprise, as a whole. ERM helps in getting and
risk needs to be defined at a broader level. defining a flexible mechanism to handle
Any issue, action or threat that affects the both financial and operational risks.
company’s ability to meet its business
objective and execute its strategies
successfully is called a risk. Risk could
also be defined as a distinct business
possibility with a relatively low
probability of occurrence, but with a
significant adverse impact on the
operation and goals fulfilment of an
organization. Another way of looking at
risk is "Risk is what could lead to the
unexpected scenario which is detrimental
to the smooth and efficient functioning of
an organization in its efforts to achieve
pre-set goals". Or, we could define risk as
any possible event that could undermine In a recent survey conducted by
shareholder's value. There are various Economist Intelligence Unit, the CEOs and
methods of addressing risks - avoid risks, senior finance executive of a wide range of
reduce their effect, and even convert risks organizations mentioned that 41% of them
into opportunities. manage risks using ERM techniques. And
nearly one-fifth is planning to move
towards it within a year. This success of
ERM in financial and non-financial
3. ERM – A ‘CORPORATE’ organizations confirms beyond reasonable
APPROACH doubts that ERM is the future approach
Enterprise Risk Management, called ERM, for risk management.
involves identifying, understanding and
2
Standardizing understanding of risk services etc operate in silos and hence
across the organization having an integrated risk management
More informed decision making method is essential. Another aspect which
Converting risks into opportunities makes ERM a useful tool for insurance
Establishing processes for stabilizing companies is the decision making process
results in the industry. Insurance decisions are
Optimal allocation of resources for based on the highly dynamic information
risk mitigation pool. Unless there is an organization -level
approach to risk management, ensuring
that the decisions are optimal from the
risk management angle is impossible.
5. ERM IN INSURANCE – ITS
RELEVANCE
ERM has been found very useful and
effective by companies who have used it 6. STRATEGY FOR AN
to manage their primary risk exposures. EFFECTIVE ERM PROCESS
Insurance companies being risk carriers An effective ERM process for an insurance
need an even more integrated approach enterprise should integrate its non-
for risk management, as they are required insurance related activities with insurance
to manage secondary risks that yield less related ones resulting in a more
accurate impact analysis results. Insurance comprehensive and strategic approach.
companies the world over are operating in This means that over and above the
an environment of stiff competition and insurance related risks like strategic risks,
increased volatility. They are exposed to Legal risks, Political risks (including
higher risks of insolvency. Added to that terrorism risks) and Catastrophic risks, the
is the fact that there is additional pressure more general risks like technology risks
on technological innovation (expansion of should also be considered. The ERM cycle
e-commerce means that more and more could be modelled in four phases as
information is stored in the form of data shown in figure 2
thereby increasing technology risks). With Identification phase
the expansion of operations of most Quantification phase
3
a Risk matrix at the enterprise level that and perhaps profit testing and
meshes together the risks identified with sensitivity analysis.
the acceptable level of risk. Such an The technology that supports the
approach helps in crystallizing the risk company’s product development and
identification process and helps the management strategy should give it a
enterprise to map its risk management leading edge to reduce cycle time for
process to its business needs more introduction of new products and
effectively. changing business rules of existing
products.
Deregulation in many South East
Identification Phase: Asian countries has brought in new
This phase entails identifying the various competitive pressures with increased
risks that an insurance company is pressure on margins for the existing
exposed to. After the risks have been players. e.g. in the Indian insurance
identified, they need to be prioritized to industry, some companies who have
arrive at a set of risk factors that are not traditionally been operating in
crucial to the business. The most suitable financial services have entered the
way of doing this is through interviews newly opened up insurance market.
with the management and any relevant Globalization of the industry brings in
documentation that may be available. This new capital , best practices and
is better than verifying a checklist based business process know-how into the
on a preconceived idea of potential risk market.
factors. The risk should be such that it
should be material in preventing an
organization in meeting its goals. The Operational Risks :
risks can be broadly classified in the Another major area of risk exposure for
following categories: insurance companies is the operations.
The growing complexity of operations has
led to increase in the complexity in the
Marketplace risks: risk exposures as well. The important
The insurance company is exposed to categories of operational risk exposure are
4
organization has to concentrate on
improving the efficiency of the HR
processes and management to curb
these risks.
International risks :
The operations of most of the major
players span over different countries,
required to run the business. This
which exposes them to a new set of
would include offices, business
political and market risks. The biggest
equipment, communication
perceived risk on account of international
infrastructure, computers etc. Several
operations is the political risk. The
insurance offices operating from the
peculiarity of this type of risk is that it is
World Trade Centre had to cope with
well beyond the ability of the organization
the problems generated by the
to influence, control or even foresee what
property risk exposure. The business
is likely to happen. Developing clear
continuity plan of the company needs
policies to deal with political risks is
to specifically address the issue of
essential for effectively handling them.
providing alternatives to the
The spectrum of political risks could range
dependence of operations on specific
from the political differences between the
property.
home-country and the host-country to
Legal & Liability risks : Insurance
terrorism risks. In addition to political
companies handle two types of legal
risks, there are significant other exposures
issues – litigations against them and
like marketplace risks, cultural issues,
litigations taken over by them as a
demographic and economic issues which
part of claim settlement. Both these
needs to be carefully managed in the host-
expose the company to legal and
country.
liability risks which need to be
carefully assessed with legal M&A risks
assistance. The potential losses could There has been substantial M&A activity
5
factors emerging from the integration liberalization of regulations. Such sudden
issues. These could be related to increase in competition could upset the
infrastructure, systems, cultural, business plans and projections of the
management etc. The recent incident of established companies.
the merged Japanese banking giant
Mizuho failing to offer promised services
owing to systems breakdown is a good Quantification phase
example of how infrastructure and This phase entails modelling the risks
systems could pose a threat to operations based on the data gathered. The modelling
at the time of a merger . would involve analyzing:
Causes of the risk factor.
Various outcomes of a risk factor
Others The likelihood of the risk factor.
The evolution of the insurance market has Frequency and predictability of its
changed the way insurance is designed occurrence.
and transacted. The product development Potential effect of the risk on the
activity is on the ‘fast track’. Innovation is financial metrics of the company.
a necessity to survive. The eagerness to All the risk factors have an element of
move ahead quickly on the path of uncertainty associated with them with
innovation exposes the organisation to a regards to the timing, nature and the
lot of risks, the main one being quantum. The uncertainty can be best
unintentional acceptance of unknown represented by a probability distribution.
risks from the insured. Increased So, the aim of modelling the risks is to be
competition is a business risk posed by the able to represent the risk, its causes and
6
In order to be able to model the risk, the
first step is an understanding of the causes There are various other methods also
of the risk. An insight into the causes available – influence diagrams, decision
could be obtained through historical trees etc which illustrate graphically how
evidence, interviews and brainstorming different variables or factors that influence
with the senior management. Tools like risk interact with one another. However,
flow charts, questionnaires etc could be all these methods assume certain amount
used to improve the efficiency of this of prior information or knowledge (based
process. on some preliminary analysis based on
If one maps the cause-risk-effect empirical data).In cases where empirical
relationship in a graphical manner, it not data is not available, the key challenge lies
only helps in the causal analysis and in coming up with a probability
better understanding of the risk, but also distribution that best represents the risk
helps in risk mitigation strategies. factor that is being modelled. In the
An illustration for the cause-risk-effect absence of data or any scientific
relationship for an insurance product is knowledge, one needs to rely on expert
given below. opinion.
Cause-risk-effect mapping for an insurance If one looks at the various methods that
product is given in figure 3 can be used, they can be positioned in a
Another way of analyzing risks is by continuum depending upon the extent of
mapping the risks with the possible knowledge that one has with regard to the
indicative measures that can be used to outcome. While one end of the spectrum is
model them. The output is a risk matrix complete knowledge, the other end is total
that maps the various risks with the lack of knowledge. In between lies the
measures which enables to classify risks area that deals with problems whose
according to their scope and ability to outcome has varying degrees of
affect the enterprise. uncertainty.
The various methods used to model risks
Given below is an illustration: range from empirical analysis at one end
of the spectrum to that based on expert
7
There is no straitjacket approach to addressed by changes in business
modelling risks. Each of the methods has processes, technology etc. They cannot be
its advantages and disadvantages. The managed through hedging in the capital
method to be chosen should depend upon market. Let us try and illustrate this
the circumstances and data available. through a model for an insurance
company that shows how the various
components of business can be meshed
Measurement and evaluation together to map to the financial metrics.
phase These components can be then mapped to
After the risks have been modelled, we the various risks that the enterprise is
need to be able to
identify the top
risks for an
enterprise. The risks
identified need to
be prioritized in the
order in which they
impact the
enterprise. For this,
the risks need to be
linked to the
financial metrics at
the corporate level.
What is required for
this is a framework
that links the risks
to the financial
metrics. However,
the various risks that are modelled as exposed to. Figure 4 shows the
articulated in the previous section may be illustration. Once that is done, the various
expressed as different units. For e.g. the risks need to be classified as shown in
8
Management & Monitoring The steps of the Management process are
After the top risks affecting an enterprise shown in figure 6
have been identified and
prioritised, the focus shifts to
effectively managing them.
Broadly, the risk manager has
four options to choose from - (i)
Avoidance (ii) Retention (iii)
Reduction and (iv) transfer Risk
avoidance is the ideal way to
manage any type of risk. But it
is more impractical in business
contexts. Risk Retention
involves efforts to optimise the
level of retention of risk within
the company without exposing
the organization to exposures
beyond what is strategically
acceptable. Retention is a key
decision owing to the impact
which it could make on the
bottom line and the difficulty in
arriving at the best possible retention The effect of a particular risk management
level. Risk Reduction is the strategy strategy should translate to its effect on
adopted to contain the potential effects of financial metrics of the enterprise.
any exposure. Risk reduction actions
could include steps like altering the Monitoring
business process to reduce the exposures. The effectiveness of the risk management
Risk Transfer is the easiest to implement, program depends on the speed with
but the most expensive option at the same which it responds to the changes in the
time. assumed scenarios. The environments in
9
of the ERM plan. The roles and Insurance companies are yet to adopt this
responsibilities of the people involved and approach in a full measure. This would be
the frequency, methodology and reporting more relevant to insurance carriers as
of the monitoring process should be their risk exposure is much more complex
clarified and documented to stop than those of other industries owing to the
inefficiency of implementation. complication of accepted risks in addition
to the organizational risk exposures. ERM
as a strategic approach should be an
avenue which insurance companies would
need to explore, especially in the highly
competitive and low-margin market
conditions prevailing today.
ERM needs to be culturally integrated into
the enterprise. It is not a mere technique to
manage risks, but a philosophy which
suggests that risks needs to be identified,
measured and managed with a holistic
perspective.
8. CONCLUSION
ERM has made a considerable impact as a Authors could be reached at warrier@conzulting.in
comprehensive risk management strategy. or Preeti.Chandrashekhar@towerswatson.com
1
0