Risk Management File 1

RISK MANAGEMENT
The views expressed in this paper are the views of the authors and do not necessarily reflect the views or policies of the Asian Development Bank (ADB), or its Board of Directors or the governments they represent. ADB makes no representation concerning and does not guarantee the source, originality, accuracy, completeness or reliability of any statement, information, data, finding, interpretation, advice, opinion, or view presented.
Risk Management 30/10/02 1 of 45
CONTENTS
1.
Introduction Risk Management Risk Management Issues Risk Management System Risk Identification and Assessment Risk Control and Risk Prevention/Mitigation Risk Management Systems Asset/Investment Risks Asset-Liability Management Investment Risks Insurance Supervisory Issues Derivatives Investment Committees Technical/Liability Risks Risk Prevention/Mitigation Reinsurance Business/Operational Risks Risk Mitigation Principal Elements of Fit and Proper Criteria Business Continuity and Backup Systems Solvency and Capital Adequacy Issues Minimum Capital and Surplus Requirements/Trend towards Risk Based Capital Purpose of Capital Adequacy/Solvency Requirements Objective of a Minimum Statutory Solvency Requirement Types of Statutory Minimum Solvency Requirements Some General Conclusions Trade-Off between Security and Capital Costs Summary Comments on Solvency Margins Risk Based Supervision What is Risk Based Supervision Performance Evaluation System Early Warning System Statistical Analysis Financial Analysis Classification of Insurers On-Site Inspection
4 4 6 8 8 8 10 12 12 13 14 14 15 16 18 19 21 22 22 23 24 24 24 26 27 30 30 31 33 33 35 35 35 36 37 39
2.
3.
4.
5.
6.
7.
8.
9.
Development of Infrastructure Requirements Appointed Actuary System Information Technology/Management Information Systems Concluding Remarks
42 42 43 45
10.
CHAPTER 1 - INTRODUCTION
Insurance supervisors, along with banking and other sector regulators and supervisors, play an important role in ensuring a stable financial environment. This is especially significant in developing countries where efforts are exerted to develop and implement policies and programs in order to attract investments. Global changes especially on the economic and technological fronts occur very rapidly and unless governments in these countries act immediately opportunities may be lost and may never come again. Modern businesses see the need for sound programs of risk management as an essential part of corporate responsibility. They regard the insurance industry as a mirror for a countrys financial stability. Risk Management Risk management is an independent function responsible for planning, directing and organizing measures to reduce, mitigate, and control the impact on an institution of risks arising from its operations. More specifically, risk management may be defined as the systematic application of management policies, procedures and practices to the tasks of identifying, analyzing, assessing, treating and monitoring risk. Risk management helps to mitigate the consequences of adverse events that may occur. This includes taking action to avoid or reduce exposures to the costs or other effects of events occurring rather than reacting after an event has taken place. Risk management, if conducted effectively, will help to achieve more effective corporate performance. The board of directors of a company is responsible for providing stewardship and management oversight for the institution. One of its key responsibilities is ensuring that principal risks are identified and appropriately managed. As part of sound corporate governance, Board Audit Committees have a key role to play in risk management. They are established in order to improve management reporting by overseeing audit functions, internal controls and the financial reporting process. In setting up a risk management program a functional unit within the company is tasked with the responsibility of implementing the program whose activities may address the following: identification of risks; development of measurement systems for risks; establishment of policies and procedures to manage risks; development of risk tolerance limits; monitoring of positions against approved risk tolerance limits; and reporting of results of risk monitoring to senior management and the board.
Risk refers to the likelihood that expected or unexpected events will have a negative impact on the company. Risk categories will vary, but may fall into one of two broad categories: financial risk (credit, market, liquidity, actuarial, reinsurance, etc.) and nonfinancial risk (operations, transaction, reputation, legal, compliance, etc.). An insurance company generally is exposed to three broad categories of risks: (1) investment risks (asset risks), i.e. various kinds of risk which are directly or indirectly associated with the insurers asset management; (2) technical risks (underwriting or liability risks), i.e. various kinds of risk which are directly or indirectly associated with the technical or actuarial bases of calculation for premiums and technical provisions1 in both life and non-life insurance, as well as risks associated with operating expenses and excessive or uncoordinated growth; and (3) non-technical risks (business or operational risks), i.e. various kinds of risk which cannot in any suitable manner be classified as either technical risks or investment risks. While insurance supervisors require that insurance companies provide appropriate risk management programs for the foregoing risks, supervisors must also be concerned about other kinds of risk, such as the following: management risks, e.g. the risk associated with an incompetent management or a management with criminal intentions, risks connected with guarantees issued by insurers in favor of third parties, i.e. the potential strain on the economic capacity of an insurance undertaking caused by a call on a guarantee furnished for the purpose of the financial commitments of a third party, and general business risks, i.e. unexpected changes to the legal conditions to which insurance undertakings are subject, changes in the economic and social environment, as well as changes in business profile and the general business cycle.
The failure of insurers to develop and implement sound risk management programs may result to insolvencies that could weaken and destabilize the financial environment. This situation would also adversely affect the interests of policyholders. Insurance supervisors therefore should ensure that insurers are properly addressing their risks through sound risk management programs. The establishment and implementation of said programs by insurers must be monitored by the insurance supervisor through a combination of tools that may include an early
1
Also called technical liabilities or technical reserves, these are amounts set aside on the balance sheet to meet liabilities arising out of insurance contracts, including claims provision (whether reported or not), provision for unearned premiums, provision for unexpired risks, life assurance provision and other liabilities related to life insurance policies (e.g., premium deposits, savings accumulated over the term of participating policies).
warning system, prudential regulations, asset and liability evaluation, monitoring for compliance with solvency (capital and surplus) requirements, and performance ratings. On-line financial reporting and analyses, on-site inspection, off-site monitoring, and media information are other devices that will enable the insurance supervisor to build risk profiles2 for insurance companies and evaluate their risk exposures. Risk Management Issues For the insurance supervisor, an insurers risk management program should address the following issues, among others: (1) The program should provide a description of the insurers broad business strategy, and the companys view of its principal risks. For each principal risk, this will include (i) a description of the approach to measuring, managing and controlling that risk; (ii) the organization of risk management personnel and their reporting lines, limit structures or other risk control mechanisms; and (iii) where relevant, the role of stress testing3 or contingency planning in managing risk at the business line, legal entity or company wide level. The risk information provides the supervisor with management's perspective on the overall risk profile of the company, the risk profile of the supervised legal entity, and management's approach to managing each risk within the legal entity structure. As part of measuring and monitoring certain risks, insurers may conduct stress testing and other contingency planning at the business line, legal entity or company wide level which, if conducted thoughtfully, can shed additional light on potential risk concentrations and vulnerabilities to changes in the market environment. Organizational information and discussions with management should clarify responsibilities in the risk management area and help the supervisor identify relevant risk management personnel to answer questions. Supervisors may also seek information about the limit structure or other measures to control risk-taking and the use and level of reserving or provisioning, such as the technical provisions of insurance companies. The insurer's approach to administering limits (e.g., the willingness of management to permit limit exceptions) or managing reserves/technical provisions is critical to understand the intended restraints on risktaking at company wide level and within the supervised legal entity. (2) Information on the risk management program should include policies and procedures addressing the introduction of new products or business lines. The new product information helps the supervisor understand how the potentially risky process of introducing new products is managed, and where responsibility for
2 3
Risk profile refers to an assessment of the level of risk-taking activity in light of an existing risk management framework. A simulation of the potential loss to a portfolio resulting from a hypothetical extreme price change, market event, or credit event. Stress tests are used by risk managers to explore vulnerability to risk concentrations.
ensuring adequate controls and due diligence on these products lies within the company. (3) The program should provide a description of the approach to managing the liquidity and funding profile of the supervised entity, including the liquidity of the material assets, the nature and stability of the companys current funding sources and the availability of alternative funding. This will also include large payables, aggregate insurance claims payments, and contracts; and other significant cash and securities needs associated with benefits and claims settlement, as well as the insurers approach to managing significant claims settlement arrangements through or for other firms, such as in the case of settling agents4. Through the liquidity and funding profile of the supervised entity, the insurance supervisor can determine the entitys cash needs to cover liabilities and settlement obligations. The supervisor also learns how quickly the entity can generate cash from its existing assets, from the liquidation of collateral, where appropriate, or through additional liabilities, and how effectively the entity can access credit-sensitive markets.
In some jurisdictions, insurers (principally non-life companies) are allowed to grant authority to certain types of agents to accept insurance and/or settle claims arising from such acceptances for and on behalf of the insurers.
CHAPTER 2 - RISK MANAGEMENT SYSTEM
An effective risk management system is a critical component of an insurance companys management. It is also a foundation for the safe and sound operation of insurers. The board and senior management of an insurance company should develop, implement and maintain a sound and prudent risk management strategy, which includes policies, procedures and controls appropriate to the size, business mix and complexity of the insurers operations. Policies should address all material risks, both financial and nonfinancial, that the insurer is likely to face. The board of directors is charged with the responsibility to instill a strong risk control culture throughout the company, so that material risks and potential problems that emerge can be identified, managed and promptly resolved in the normal course of business operations. No matter how well designed and operated, risk management systems will be subject to some inherent limitations. Nonetheless, risk management systems should provide the insurance supervisor with a reasonable assurance that an insurers business is appropriately controlled and that its risks are being prudently and soundly managed. At a minimum, risk management systems should include (i) a comprehensive risk management strategy approved by the board; and (ii) sound risk management policies and procedures to identify, assess, control, monitor and report on the key risks of the insurer. Risk Identification and Assessment An effective risk management system identifies, manages and continually assesses the material risks that could adversely affect the operations of an insurer. While an insurers policies should address all material risks, the following risk categories at the least should be addressed in the insurers risk management policies: (1) balance sheet and market risk (including product design and pricing risk, underwriting and liability risk, liquidity risk, risk arising from claims management and derivatives risk); (2) credit risk; and (3) operational risk (including legal and reputation-related risks, etc.). Risk Control and Risk Prevention/Mitigation There are external factors that shape a companys solvency profile. These include macroeconomic factors, natural and environmental factors, and political and social factors, all of which influence risk exposure. Most important, of course, are the companys business strategy and its management decisions. Likewise, the regulatory framework, within which management must operate, imposes limits on business policy.
For the long-term financial health of a company, appropriate measures to analyze, control and, as far as suitable, limit the risk exposure are crucial. Such measures normally include measures taken within the company and regulations imposed on the insurer by law or special action of the supervisor. Control activities refer to the policies and procedures that help ensure Board and senior management directives are carried out. In this way, action can be taken to adequately address risks faced by the insurer. Control activities should be reflective of the size and operations of the insurer. Control activities would normally include: (1) reviews by Board and senior management; (2) activity controls for each division or department; (3) physical controls; (4) the establishment of underwriting limits and checking compliance with limits; (5) a system of approvals/authorizations, verifications/reconciliations; and (6) segregation of duties. The risk prevention or risk mitigation methods should consider the importance of certain kinds of risk depending on an insurers size and kind of business (e.g. the investment risk is more important for life than for nonlife insurance). Risk mitigation seeks to make the impact of adverse events predictable and to confine possible adverse experience within acceptable ranges (tolerance limits). This process reduces the volatility and instability of risk and lends it with greater stability and predictability. It makes the net exposure to risk more consistent and predictable, giving an insurer a higher probability of being able to meet its obligations to policyholders. There are a number of risk mitigation tools at the disposal of the insurance supervisor, among others: (1) Legislation to limit the risks to which insurers can be exposed, e.g. by defining what can be insured legislation also limits the risks that insurers can accept; legislation may also prescribe investment limits and prohibit certain activities for insurers. (2) Regulations issued by the insurance supervisor as authorized under the legislation can contain far more detail than the legislation giving flexibility to the supervisor to issue and amend regulations to meet changing market conditions. It is also faster to change regulations than to obtain legislative changes through the lawmaking body. Investment regulations may define the parameters for insurance investments. By prescribing a statutory basis for valuing liabilities, the supervisor can establish margins for adverse deviations in experience through valuation assumptions and methodologies. Through reinsurance regulations, the supervisor can provide an environment that optimizes the ultimate collectibility of reinsurance and, by requiring
reinsurance for certain risks such as earthquake and other catastrophes, effectively limits insurers exposure to acceptable levels. The insurance supervisor may also establish a basis for determining premiums for certain classes of business or may even require approval of rates and policy forms before products are offered to the public. (3) Regulatory guidelines issued by the insurance supervisor to provide a range of acceptable choices within which insurers can establish their own risk limits, set their internal controls, and define situations where prior approval by the supervisor on certain actions or activities may be required. Risk management systems If efficient control systems are in place to monitor risk exposures, a company will be able to adapt more quickly to a changing market situation. The insurer faces a lower probability of ruin within a given time horizon depending on its risk management system. To be aware of a companys risks, management should also control the profitability of the individual lines of business on an ongoing basis. Actuaries can play a dominant role in this context. An efficient risk management system ensures that both existing and future (i.e. potential) risks are identified and measured as completely as possible. The system should rely on comprehensive databases to indicate any risks that may jeopardize the insurers existence as early as possible (through an Early Warning System). Causes of risks should be analyzed and their scope assessed. The insurer should establish internal policies on how to manage risks, which are identified, analyzed and measured. Risk management systems should be in line with an insurers business strategy because the degree to which a companys activities are exposed to risks is largely determined by the strategy chosen. Consequently, the actual risk situation should be reassessed at regular intervals and compared to existing risk strategy so that appropriate revisions can be made. A risk management system may be supplemented by a monitoring system comprising organizational safety measures, internal controls as well as comprehensive checks (especially through internal audits) in order to assess, and if necessary adjust, the effectiveness of measures of the risk management system. Effective management reporting and control systems support internal management decision making within an insurance company. Such systems should be seen as an integral component of a companys overall risk management strategy in that they foster a companys identification, analysis and measurement of risk. Controlling comprises the target-oriented coordination of planning, information supply, monitoring and testing. It aims at establishing and maintaining the insurers ability to react, adapt and coordinate. Risk controlling, in this framework, may include, among others, the following functions: supporting the insurers management by providing it with information relevant to decisions about existing and potential risks,
supporting the management in risk-related planning, and in controlling and monitoring risks, allocating responsibilities, fixing risk limits, fixing a maximum ruin probability, and risk reporting.
The control environment within a company includes the functions of risk measurement, monitoring and control systems, internal and external audit, financial control, compliance, human resources, and information technology. Together, they ensure that actions of the insurer are prudent and compliant, and in line with the risk taking policy approved by the board of directors. The insurance supervisor is interested in receiving information on an insurers control environment. Such information typically include: (1) The companys significant accounting policies and actuarial policies (where relevant), and the role of any internal or external actuaries. (2) A description of the roles, responsibilities and organization of the financial control and compliance functions. The information on accounting policies, actuaries, financial control, and compliance should provide a supervisor with an understanding of key elements of the framework for establishing internal control in the organization and the location within the financial conglomerate of key financial, accounting and actuarial systems and personnel. (3) A description of the roles, responsibilities, organization and allocation of responsibilities between centralized and decentralized elements of the internal audit area and the role of external audit. Internal audit information assists the supervisor in knowing and understanding the objectives of the internal audit department and its interaction with the external auditors. It also describes how audit responsibilities relating to a supervised legal entity are managed between the central audit staff and any staff assigned to a market territory, business line or legal entity. It provides an insight into the recipients of audit reports and the nature of the process to follow up internal audit findings.
CHAPTER 3 - ASSET/INVESTMENT RISKS
An insurance companys core activity is the assumption of risks. This is combined with asset management, since the technical provisions or reserves, which are funded using advance premium payments and the insurers own capital funds, are invested to earn interest. Investment is a function of asset management. Investment is an art as well as a science and is a critical area in any insurance company. Investment difficulties are one of the most frequent causes of insurer failure. A poor selection of investments will give rise to an inferior investment return but this will not normally be a matter of supervisory concern when it is simply the outworking of market and competitive forces. The investment difficulties that will concern the insurance supervisor are more likely to have their origin in a lack of corporate governance, management operating without proper controls. Typical instances are where management adopts a particular project as its own, gets carried away with the upside potential but loses all objectivity in assessing the downside risks. This process can easily spiral, with good money being thrown after bad, and solvency becoming endangered. Risks connected to an insurers investment function will be discussed in a later section of this chapter. Technical provisions must at all times be backed up by equivalent assets that belong to the insurance company and are set aside to guarantee its commitments to policyholders.5 A key driver of the asset strategy adopted by an insurer will be its liabilities profile, and the need to ensure that it holds sufficient assets of appropriate nature, term and liquidity to enable it to meet those liabilities as they become due.6 This is often referred to as the principle of matching assets to liabilities and is best done through a sound asset-liability management (ALM) program. Asset-Liability Management Asset-liability management is the practice of managing a business so that decisions on assets and liabilities are coordinated. It can be defined as the ongoing process of formulating, implementing, monitoring, and revising strategies related to assets and liabilities in an attempt to achieve financial objectives for a given set of risk tolerances and constraints. ALM is relevant to, and critical for, the sound management of the finances of any institution that invests to meet liabilities.7 ALM is a long drawn-out, continuing process and involves the use of a number of investment techniques and sophisticated analytical approaches. It is not the intention of this paper to discuss ALM but is merely being presented as a tool available to insurers to manage their investment risks. Suffice it to say that asset-liability management can help insurers operate not only more soundly, but also more profitably.
5 6 7
Guidance on Insurance Regulation and Supervision for Emerging Market Economies, IAIS, September 1997. Supervisory Standard on Asset Management by Insurance Companies, IAIS, December 1999. Professional Actuarial Specialty Guide, Society of Actuaries, August 1998.
Investment risks Investment risks are concerned with the performance, returns, liquidity and structure of an insurers investments. Such risks can have a substantial impact on the asset side of the balance sheet and the companys overall liquidity, and potentially can lead to the company being over-indebted or insolvent. Investment risks may be classified as follows: (1) Depreciation Risk. The risk associated with a depreciation of the value of investments due to various changes in the capital markets, to changes in exchange rates or to nonpayment by debtors of an insurer (e.g. the credit and market risks). Credit risk arises from a counterpartys inability or unwillingness to fully meet its on- and/or off-balance sheet contractual obligations. Exposure to this risk results from financial transactions with a counterparty including issuer, debtor, borrower, broker, policyholder, reinsurer or guarantor. Market risk arises from adverse movements and/or volatile price variations of investments.
(2) Liquidity Risk. The risk emerging when the insurer fails to make investments (assets) liquid in a proper manner as the companys financial obligations fall due. (3) Matching Risk. This is the risk when the future cash flows generated by assets do not coincide with, or do not cover, the cash flow demands of the corresponding liabilities in a suitable manner. (4) Interest Rate Risk is the risk associated with falling prices of fixed-interest securities due to an increase in market interest rates as well as the reinvestment risk related to falling market interest rates. (5) Evaluation Risk, i.e. the risk that investments are being evaluated at a disproportionately high price. (6) Participation Risk. This risk is related to the holding of an ownership or financial interest in other companies and the possibility of being affected by financial difficulties within these companies. (7) Risks related to the use of financial derivative instruments and especially the credit, market and liquidity risks associated with those instruments. The foregoing list is not exhaustive as there may be other risks associated with investing the assets of insurer; e.g., concentration risk refers to the risk that an insurers assets are invested in too narrow a range of the available choices of investment instrument, industry, geographic distribution, currency, etc. This could be harmful if the asset value declines and in so doing significantly reduces the capital of the company.8
Risk Based Supervision of the Insurance Companies, An Introduction, John Thompson, March 2001.
Insurance Supervision Issues In investing its assets a prudent insurer will seek to ensure that: (i) the distribution of its investments between the various asset classes is appropriate to liabilities; within each asset class there is a dispersion of investments to avoid undue concentration of risk, and each individual investment is prudently selected having regard to overall investment policy and the risk/return expectations of the individual investment.
(ii)
(iii)
The prudent insurer will have in place processes to ensure that there is appropriate matching of liabilities with assets, diversification and proper selection of investment instruments. The objective of insurance legislation and supervision must be to support the maintenance of sound investment policies and practices. It is neither practical nor realistic for regulation to seek to dictate the details of insurers investment policies. Rather, the thrust should be on ensuring that an adequate framework of control is in place and that significant departures from this are reported to the supervisor. Supervisory systems do not usually attempt to directly regulate the matching of assets and liabilities. Given the wide variety of insurance products available, with different liability profiles, direct regulation, by specifying the proportion of liabilities to be invested in a particular asset class, is unlikely to achieve a matched position. Appropriate matching is better achieved by requiring asset/liability analyses to be made and requiring insurers to hold appropriate levels of mismatching reserves. Investment diversification is usually achieved by specifying the maximum admissible investment in an individual asset. This may be expressed as a maximum percentage of the investible fund to be invested in a single asset or that the amount of the investment may not exceed a specific percentage of the investee companys capital or issued debt. Where the maximum is exceeded then such excess is not admissible in assessing assets available to meet solvency requirements. Supervisory systems do not generally attempt to specify the criteria for selection of individual investments. This would be impractical. A better result is achieved by ensuring that appropriate processes are in place within companies to enable each insurer to select investments appropriate to its products and risk profile. An exception would be a prohibition on related party investments. Derivatives A derivative is a financial asset or liability whose value depends on (or is derived from) other assets, liabilities or indexes (the underlying asset). Derivatives are financial contracts and include a wide assortment of instruments, such as forwards, futures, options, warrants, swaps and composites.9
Supervisory Standard on Derivatives, IAIS, October 1998.

Not too many jurisdictions allow the use of derivatives for investments by insurance companies because of prudential reasons. However, in those countries where derivatives are permitted, the insurance supervisor must ensure that companies establish and maintain appropriate, sound risk management programs covering derivatives, properly supervised by their respective boards.10 The requirements of the Monetary Authority of Singapore are an example of guidelines which might be adopted.11 Investment Committee As part of sound corporate governance, the board of directors of an insurance company establishes an Investment Committee consisting of directors (both executive and nonexecutive) and principal officers including the Appointed Actuary. The insurance supervisor can issue regulations to compel the creation of this Investment Committee in accordance with best practices. The Investment Committee should be involved in the determination of overall investment policy for approval by the full board and to review its implementation on behalf of the board. However, it is not appropriate for a committee of the board to implement policy; that is best left to the investment professionals. The preferred investment process is that the investment policy (permissible ranges, individual investment criteria, exposures, authority to make investment decisions, reporting, etc.) is developed by a Management Investment Committee (MIC) and is then approved and subsequently monitored at a high level by a Board Investment Committee (BIC). The policy having been approved by the BIC it then becomes the responsibility of the MIC to ensure the professional investment unit of the company implements policy on a day-today basis.
10 11
Principle 9, Insurance Core Principles, IAIS, October 2000. Statutes, Regulations and Notices (Singapore), MAS 112-Derivatives, MAS, February 1999.
CHAPTER 4 TECHNICAL/LIABILITY RISKS
Investment risks are those associated with the management of insurers assets. On the other side of the balance sheet are liabilities, which also present risks for insurers. These liability-related risks are referred to as technical risks. They are also sometimes called underwriting risks because they result directly from the type of insurance business transacted by insurance companies. They differ depending on the class of insurance. Technical risks may exist partly due to factors outside an insurance companys area of business activities, where the company often may have little influence over these factors. The effect of such risks, if they materialize, is that the company may no longer be able to fully meet the guaranteed obligations using the funds established for this purpose, because either the claims frequency, the claim amounts, or the expenses for administration and settlement are higher than expected. In an International Association of Insurance Supervisors (IAIS) Sub-Committee paper on Solvency Issues,12 technical risks have been classified as either current risks (ordinary operating risks) or special risks (extraordinary risks). Current risks consist of the following elements: risk of insufficient tariffs or miscalculations leading to premiums that are too low to cover the insurers expenses related to claims, claims handling and administration, deviation risk, i.e. the risk emerging when the actual development of claims frequencies, mortality, interest rates, inflation etc. does not correspond to the bases of premium calculations, risk of error, i.e. the risk depending on the quality of the basis of computation and arising due to the lack of knowledge about the development of the expected insured risk, evaluation risk, i.e. the risk of technical provisions being insufficient to meet the liabilities of the insurer, reinsurance risk, i.e. the risk of insufficient reinsurance covers or a failure of reinsurers to pay their part of the overall liabilities (or incurred claims) evaluated on a gross basis, operating expenses risk, i.e. the risk of actual or future expenses exceeding to a considerable degree the corresponding amount as estimated by using the bases of calculation, and risks associated with major or catastrophic losses or accumulation of losses caused by a single event.
As to the special risks, they can be considered to consist of the following:

12
On Solvency, Solvency Assessment and Actuarial Issue. An IAIS Issues Paper (Final Version), IAIS, March 2000
risk of excessive or uncoordinated growth, leading to a rapidly increasing claims ratio or an aggravated expenses ratio, and liquidation risk, meaning that an insurers funds are not sufficient to meet all liabilities in cases of discontinuation or runoff of major parts or the whole business (previously written by the company).
The terms ordinary operating risks and extraordinary risks have been offered as substitutes for the terms used in the IAIS issues paper to provide a clearer differentiation between the two classes of risks. The former refers to risks that may be encountered in the normal course of operation of an insurer while the latter obviously arises less frequently, if at all. In addition to the current risks identified in the IAIS issues paper, there are other technical risks, which may arise during the normal course of insurance operation. (1) Product Design and Pricing Risk. Product design and pricing risk arises from the exposure to financial loss from transacting insurance and/or annuity business where costs and liabilities assumed in respect of a product line exceed the expectation in pricing the product line. (2) Underwriting and Liability Risk. Underwriting and liability risk is the exposure to financial loss resulting from the selection and approval of risks to be insured, the reduction, retention and transfer of risk, the reserving and adjudication of claims, and the management of contractual and non-contractual product options. John Thompson in his paper on Risk Based Supervision offers other technical risks. Some risks have been discussed in the previous paragraphs. The following are presented below: (1) Market Risk, i.e., the risk that liabilities that are exposed to volatile price variations cease to be immunized13 as a result of changes in market conditions. This could result from securitisation activities in derivative financial instruments involving the liabilities of the company. (2) Legal Risk, i.e., the risk that the interpretation of insurance contracts extends the scope of the risks that are covered by the contracts beyond those intended by the insurance company. (3) Concentration Risk, i.e., the risk that the customer base of the company is too narrowly focused in terms of a range of insurance risks offered, insured amount, geographical distribution, etc. This affects the ability of the company to diversify its risks and reduces the effectiveness of the use of the law of large numbers.
13
Immunization is the act of establishing a position such that the value of the position is insensitive to changes in some specified parameter. The term is most commonly used to describe a liability and a supporting portfolio such that the net (surplus) market value of the position is insensitive (immune) to changes in interest rates. (Professional Actuarial Specialty Guide, Ibid.)
As mentioned earlier, some technical risks are founded from outside sources where an insurance company has little influence, if at all, such as those arising from: (a) insufficient experience on new markets (e.g. caused by lack of statistics), (b) technological progress, (c) inflation, (d) environmental conditions, (e) change of consumer behavior (claims awareness), or (f) demographic changes. However, the managements business strategy determines considerably the extent to which the company exposes itself to particular risks. Management strategies can directly influence and limit exposure to technical risks by using proactive, preventive measures, such as: (1) Establishing tariffs or premium rate schedules, [e.g., prudent calculation of premiums, premium adjustment clauses, use of surcharges for increased risks and premium rebates as an incentive to avoid losses (malus and bonus systems)], (2) Carefully drafted policy conditions, (e.g., exclusion of risks or termination of lossprone contracts by insurers), (3) Clearly drawn underwriting policy, (e.g., target groups, diversification of risks in a single contract, spreading of risks), (4) Loss prevention and minimization programs for policyholders, (e.g., industrial risks), and (5) Sound reinsurance program, (e.g., fixed-sum/percentage, excess-of-loss or stop-loss contracts). Risk Prevention/Mitigation Because technical risks arise mainly from the provisions set up by insurers to cover their policy obligations, perhaps the most important instrument for risk prevention or risk mitigation regarding foreseeable obligations under contracts-in-force is an adequate allocation of the provisions. It may even be suitable to establish equalization provisions14 for volatile risks.
14
Sometimes referred to as fluctuation provisions, claims fluctuation reserves, or stabilization reserves, these are amounts set aside on the balance sheet in compliance with legal or administrative requirements to equalize fluctuations in loss ratios in future years or to provide for special risks. It depends on the purpose of this amount if the term reserve or provision is used. Amounts set aside for specified types of business (e.g., hail, pollution liability or credit insurance) may be referred to as provisions, whereas amounts set aside to cover fluctuations of the entire portfolio may be referred to as reserve. This item may include catastrophe provisions.
It is not always possible to avoid some technical risks such as the risk of error or deviation risk (as becomes obvious from its definition). Some technical risks can only be avoided at the price of not carrying on certain types of business (e.g., new risks for which sufficient statistical data are not available, or long-term life insurance contracts which may be subject to a reverse tendency in mortality). Also, the risk from catastrophe or major losses is not generally avoidable. The most important means of risk prevention or risk mitigation in these cases are a quantitative limitation by taking out adequate reinsurance. However as discussed below, using reinsurance is not without any risk. Legislation usually establishes general prudential principles covering technical risks. These principles have to be met when an insurer determines the amount of its technical provisions. Insurance supervisors may require that premiums for new business must be sufficient, based on reasonable actuarial assumptions, to enable companies to meet all their commitments, and, in particular, to establish adequate technical provisions. In some jurisdictions supervisors prescribe statistical bases of premiums, require prior approval of rates for certain lines of business, or may limit retention in proportion to the volume of business or the available solvency. Of course, these latter practices do not adhere to the prudential approach of supervision; they pertain more to a centralized regulatory regime. Reinsurance An insurers reinsurance cover as a risk reduction/mitigation device deserves special attention because of the varying impact on the companys financial health. While reinsurance cover is an inevitable tool for the insurer to reduce its risk exposure as regards certain features of its technical risks, reinsurance cessions might be a burden to the solvency of the cedent (reinsured) as two kinds of risk remain inherent: (i) The reinsurance cover might prove insufficient to adequately handle the risk in question because reinsurance needs have not been precisely identified. This might result in relevant clauses of the reinsurance contract being inappropriate. (ii) A reinsurer might prove to be unable or unwilling to pay its part of the liabilities or the claims incurred which can put the insurers liquidity at risk and even cause its bankruptcy. Like other risks, reinsurance risk should be monitored/controlled by both management and supervisors. As part of good corporate governance, insurers may constitute a Reinsurance Committee to oversee reinsurance activities. In order to limit and, as far as possible, prevent reinsurance-related risks, insurers boards of directors will have to assess properly (i) the needs for reinsurance cover according to the various aspects of the risks to be ceded and their appropriate reflection in the features of the reinsurance contract as concluded for each line of business, and reinsurers security or creditworthiness, (i.e. reinsurers ability, financially and administratively, to pay legitimate claims and their reliability to do so and to do so promptly).
(ii)
The assessment of reinsurers security or creditworthiness is an essential measure in a risk management program. In a number of jurisdictions, insurance supervisors issue regulations prescribing that insurers may only use reinsurers that have been granted certain rating classifications by international rating agencies, such as Standard and Poors. In many jurisdictions, supervisors take reinsurance risks into account in different ways. This may be in the framework of accounting (e.g., valuation of receivables, deposit of the reinsurers part of liabilities), or in the framework of solvency requirements (taking into account only a limited part of ceded business to reduce the required margin or requiring free capital in proportion of reinsurance receivables). Caution should be exercise in recognizing reinsurance arrangements, which are entered into primarily to grant the ceding insurer relief from regulatory requirements, including solvency requirements, while providing for little or no real transfer of risk. This is because it is the actual transfer of insurance risk from the insurer to a reliable and creditable reinsurer that enables an insurer to manage its exposure on business written, given the insurers available solvency margin. Types of risks transferred may vary. For example, there is a transfer of underwriting risk when a real possibility exists that losses and expenses recoverable by the ceding insurer will exceed the consideration received by the reinsurer, thus resulting in an underwriting loss to the reinsurer. Transfer of timing risk is present in a property and casualty transaction when the reinsurer risks a reduction in investment income due to accelerated loss payments if anticipated loss patterns are not borne out in the development of recoverable losses under the reinsurance agreement. For life insurance policies, transfers of morbidity, mortality, or lapse risks should be significant. Credit, disintermediation and reinvestment risks may be significant for annuities. Without a transfer of risk significant to the insurers insurance business, reinsurance agreements that simply provide favorable effects to the ceding insurers balance sheet or profit and loss statement may mask the true obligations and risk exposure of the insurer. Such financing arrangements may smooth reported income and reduce volatility in available solvency margin. However, the favorable effects may be minimal, transient and temporary, and cannot be relied upon as evidence of actual or long-term financial strength and solidity. If such financial arrangements are allowed to affect financial statements, their existence should be fully disclosed to prevent uninformed reliance on a potentially misleading or distorted statement of financial condition.
CHAPTER 5 - BUSINESS/OPERATIONAL RISKS
The third category of risk that may be encountered by insurers is non-technical risks (business or operational risks). The term non-technical is used to refer to various kinds of risk, which cannot in any suitable manner be classified as either technical risks or investment risks. While insurance supervisors require that insurance companies provide appropriate risk management programs for their investment and technical risks, supervisors must also be concerned about other kinds of risk, such as the following: (1) Management Risk. This is the risk that the management of an insurance company lacks the skills, experience, or knowledge necessary to manage the company effectively and to protect the rights of policyholders. This is the risk therefore that is associated with an incompetent management or, worse, a management with criminal intentions. The risk, for instance, arising if premiums are charged which have consciously been calculated too low in order to take market shares from competitors is a management risk. (2) General Business Risk. This refers to the risk due to unexpected changes to the legal conditions to which insurance undertakings are subject, changes in the economic and social environment, as well as changes in business profile and the general business cycle. Under this category, a number of specific risks may also be identified as follows: (a) Reduced Earnings the risk that the profitability of the company declines and in so doing reduces the availability of retained earnings as a reliable source of capital in the future.15 (b) Increased Cost of Capital the risk that the cost of issuing new capital instruments in the market, or privately, will be more costly or only be available with more conditions in the future.16 (c) Reduced Capital Availability the risk that sources of capital that the company enjoyed in the past will not be available in the future.17 (d) Legal and regulatory risk arises from an insurers non-conformance with laws, rules, regulations, prescribed practices, or ethical standards in any jurisdiction in which the company operates. (e) Foreign exchange risk arises from movements in foreign exchange rates. Insurers operating in developing and transition economies maintaining extensive transactions with foreign reinsurance companies, where policy liabilities are based in local currencies while remittances to and from reinsurers are
15 16 17
Risk Based Supervision of the Insurance Companies, Ibid. Ibid. Ibid.

denominated in a foreign currency (e.g. the US dollar) are specially prone to volatile rate movements in foreign exchange rates. (3) Technology Risk the risk that the companys use of, or dependence on technology exposes the company to a high level of risk.18 (4) Strategic risk arises from an insurers inability to implement appropriate business plans, strategies, decision-making, resource allocation and its inability to adapt to changes in its business environment. (5) Other operational risks arise from problems in the performance of business functions or processes. Exposure to this risk can result from deficiencies or breakdowns in internal controls or processes, technology failures, human errors or dishonesty and natural catastrophes. John Thompsons paper on Risk Based Supervision provides two examples of these risks: (a) Accounting Reliability the risk that the financial report that the company prepares is not an accurate representation of its financial position. (b) Accounting Inconsistency the risk that because of the range and variation in accounting and financial reporting practices that the company is required to meet, the company fails an important measure and is unable to meet the test in the short term. Risk Mitigation The board and senior management of an insurance company should establish, implement and maintain an appropriate risk management system to address the companys non-technical or operational risks. Boards assume primary responsibility for ensuring that only directors (through a Board Nomination Committee) and managers who are fit and proper are voted in and appointed to key positions within the organization. This is because a number of operational risks arise mainly from human errors or dishonesty, by lack of competence or through malicious intent. The probity and competence of an insurers top management, i.e., board of directors and senior management, are therefore critical to achieving supervisory objectives. However, insurers are primarily responsible for ensuring that their own organizations are prudently and soundly managed and directed. Insurance supervisors provide standards and assess the fitness, propriety and other qualifications of directors, senior managers, and key shareholders whose holdings are above specified thresholds and/or who exert a material influence on the companies. Principal elements of fit and proper criteria The Joint Forum on Financial Conglomerates19 released a paper on Supervision of Financial Conglomerates in February 1999. Among various issues, the paper included a
18 19
Ibid. The Joint Forum is comprised of the Basle Committee on Banking Supervision (Basle Committee), the International Organisation of Securities Commissions (IOSCO), and the International Association of Insurance Supervisors (IAIS). The IAIS endorsed the fit and proper principles in San Francisco in
section on fit and proper principles. Fitness tests usually seek to assess the competence of managers and directors and their capacity to fulfil the responsibilities of their positions while propriety tests seek to assess their integrity and suitability. To determine competence, formal qualifications, previous experience and track record are some of the elements focused on by supervisors. To assess integrity and suitability, elements considered include: criminal records, financial position, civil actions against individuals to pursue personal debts, refusal of admission to, or expulsion from, professional bodies, sanctions applied by regulators of other similar industries, and previous questionable business practices. Factors relative to the assessment of the fitness, propriety or other qualifications of key shareholders include business repute and financial position, and whether such ownership would adversely affect the regulated entity. Business Continuity and Backup Systems Disruptions in an insurance companys business can lead to unexpected financial and non-financial losses (e.g., premises, data, reputation, etc.). Disruptions may result from such seemingly mundane occurrences as power failure (adversely affecting information technology systems, for example), denial of access to premises or work areas (e.g., strikes called by employees, prohibition by competent authority), systems failure (e.g., computers, data, building and/or equipment), fire, fraud, and loss of key staff. A risk management program to ensure business continuity in case of such disruptions should be able to identify those events, the likelihood of occurrences, the processes most at risk and the consequences, both financial and non-financial in nature. The risk management program should provide clearly defined management responsibilities (including segregation of duties, authorizations and reconciliation procedures); appropriate control, monitoring and reporting systems; adequate security systems; and backup systems, including activation of post-event processes and communication strategy.
December 1999 and subsequently issued a Guidance Paper for Fit and Proper Principles and Their Application in October 2000.
CHAPTER 6 SOLVENCY AND CAPITAL ADEQUACY ISSUES
The activities of insurance companies throughout the world are subject to supervision in the interest of consumer protection. This is because an insurers core activity is the assumption of risks. The transfer of risk involves an underwriting risk for the insurance company which may call into question the insurers ability to fulfill its claims payment obligations or to continue its business operations. Investment of assets generated from the advance premiums paid by policyholders for the transfer of risk to the insurer is exposed to various risks. Investment in income-bearing assets, too, poses risks, which can endanger the existence of an insurer. Capital funds serve as a buffer against any unforeseen fluctuations in results, against losses that have not been anticipated. Capital enables an insurer to continue operating while problems brought about by such fluctuations or unforeseen losses are addressed or resolved. In this way, the maintenance of adequate capital resources can engender confidence on the part of policyholders, creditors and the market more generally in the financial soundness and stability of the insurer. Capital is therefore the cornerstone of an insurers strength.20 In the US, Europe and Japan, the deregulation of price and product controls has underlined the importance of minimum solvency margins. The US and Japan have devised similar, complex formulae for calculating the minimum amount of capital funds for insurance companies. These take into account underwriting risk, asset risk and credit risk. In the EU, in contrast, the capital funds required are calculated only on the basis of the underwriting risk. The asset risk is limited by means of investment regulations.
Minimum Capital and Surplus Requirements/Trend towards Risk Based Capital. IAIS Core Principle No. 8 provides that The requirements regarding the capital to be maintained by companies which are licensed, or seek a license, in the jurisdiction should be clearly defined and should address the minimum levels of capital or the levels of deposits that should be maintained. Capital adequacy requirements should reflect the size, complexity, and business risks of the company in the jurisdiction.21 This principle is aimed primarily at ensuring that insurers comply with legislated minimum capitalization. Some countries have adopted a risk-based approach to establishing minimum levels of capital for insurers similar to the rules formulated through the Basel Committee on Banking Supervision. However, insurance tests not only of risks on the asset side of the balance sheet, but also of insurance risks recorded as liabilities. At present, there is no equivalent to the Basel Capital Accord in the insurance sector. This is mainly due to the complexity in developing common standards that deal with the variety of insurance liabilities and asset combinations available.22 Purpose of Capital Adequacy/Solvency Requirements
20 21 22
IAIS Paper on Solvency, Solvency Assessment and Actuarial Issues (Final Version), March 2000. Insurance Core Principles, IAIS, October 2000. Experience with the Insurance Core Principles Assessments under the Financial Sector Assessment Program, IMF and World Bank, August 2001.
Capital adequacy and solvency23 both refers to an insurers ability to meet its obligations under all contracts at any time. However due to the very nature of insurance business, it is impossible to guarantee solvency with certainty. Thus, in order to come to a practicable definition, it is necessary to clarify under which circumstances the appropriateness of the assets to cover claims is to be considered, e.g., is only written business (run-off basis24, break-up basis25) to be considered, or is future new business (going-concern basis26) also to be considered. In addition, questions regarding the volume and nature of an insurers business, which time horizon is to be adopted, and what is an acceptable degree of probability of becoming insolvent should be considered.27 Solvency, or conversely insolvency, is therefore assessed by comparing an insurers assets with its liabilities because either side of the balance sheet can trigger insolvency due to: (1) Loss of value of the assets/investments, e.g., due to a stock market crash, interest rate changes or defaults by the issuers of bonds. (2) Underwriting risk (increase in liabilities) (a) Risk of random fluctuation (random increase in claims, although the loss distribution was estimated correctly) (b) Risk of error (calculation of the premium on the basis of an incorrect estimate of loss distribution) (c) Risk of change (the loss distribution changes during the treaty term or run-off period). The underwriting risk may manifest itself during the period of cover or the run-off period (change in reserves risk). Underwriting risk is the major factor influencing the frequency of insolvencies. The number of insolvencies tends to rise in years where the loss ratio is high. While insolvencies are a normal side of competitive markets, consumer protection issues justify supervisory control. (1) Losses may plunge consumers into severe financial difficulties. This gives rise to a particular need for protection.
23
24
25 26 27
In the Australian life insurance context these terms are not used like synonyms: solvency is used assessing financial health on a run-off basis while capital adequacy is used assessing financial health on a going-concern basis. A method of considering the financial situation assuming that no new business will be written but that the company will continue to operate with underwritten insurance contracts until the end of the term set by the policy conditions (e.g. the renewal date, the end of a fixed term, death of the insured person) including the settling of claims eventually arising during this period. A method of considering the financial situation assuming that no new business is written and that the company is liquidated (i.e., the investment portfolio has to be sold at that time). A method of considering the financial situation assuming that the company will continue to operate and that future business will be written. IAIS Sub-Committee on Solvency and Actuarial Issues Paper (Final Version), IAIS, March 2000.
(2) As it is common for current business operations to be financed by advanced premium payments from policyholders, insurers are not subject to supervision by professional creditors or liquid capital markets (as is the case, for example, for bond markets). (3) Public sources of information provide insufficient transparency or up-to-date data to allow an insurers financial situation to be assessed accurately. For the individual policyholders, the effort required to procure and analyze the necessary information is very large. It must normally be assumed, therefore, that policyholders have insufficient information at their disposal. This particularly matters if a guarantee fund28 is available should something go wrong; the policyholders lose the financial incentive to assess the insurers ability to pay (phenomenon of moral hazard). (4) The existence of a guarantee fund may also generate a moral hazard problem with respect to the insurance company. If insurers contributions to the fund are not commensurate with their insolvency risk, then insurers are provided with an incentive to accept extremely risky business, since the negative consequences are shared by all insurers. It is for these reasons that solvency regulations are needed to guarantee that insurers have sufficient capital funds. Should an insurer fail to meet the requirements on capital strength, it should be possible for the insurance supervisor to intervene as early as possible in order to avoid excessive indebtedness at the expense of the policyholder or the guarantee fund. However, supervisory intervention need not prevent every insolvency, as this would be inefficient. Rather it should reduce insolvencies to an acceptable minimum. Objective of a Minimum Statutory Solvency Requirement29 The structure, size and complexity of the insurance industry make it difficult for consumers, brokers, analysts, competitors and other interested parties to adequately assess the institutional risk of the provider of insurance products and services in relative or absolute terms. A risk assessment of the insurer may be a critical element in the decision to purchase an insurance product or service. The customer is buying a promise of a future benefit and needs assurance that the promise can be fulfilled. The main purpose of the supervision of insurance in general is to ensure that insurers have the capacity to meet their obligations to pay the present and future claims of policyholders. It is also of great value to make information on the financial soundness of insurers known to the insurance market. To reduce the risk of failure for insurers, insurance supervision has the core requirement that insurers should maintain sufficient assets to meet obligations under a wide range of
28
29
Several countries have established state guarantee funds to cope with the consequences of insolvencies. The US and the UK have introduced protection schemes for all personal lines of business; in Germany and France, such mechanisms are only in place for motor liability insurance. Japan established in 1998 the Policyholder Protection Corporation to cover for 90% of all losses; 100% for obligatory motor liability and private natural hazards insurance. IAIS Sub-Committee on Solvency and Actuarial Issues Paper (Final Version), ibid.
circumstances. Such a requirement is often described as the statutory minimum solvency requirement30 and may have the following purposes: Reduce the likelihood that an insurer will not be able to meet claims as and when they fall due. Provide a buffer so that the losses of the policyholders can be limited in the event of the failure of the insurer. Provide an early warning for regulatory intervention and early corrective action, taking into account that the supervisor may have access only to incomplete information, and that corrective action may be subject to delays. Promote the confidence of the general public in the financial stability of the insurance sector.
It is also well understood that a requirement of a statutory minimum solvency should have a dynamic basis or approach. This means that the solvency assessment should have some relevance to the ability of the insurer to continue to be able to sustain new business after the point in time at which the current solvency situation is assessed. The statutory minimum solvency requirement is not designed to completely eliminate the risk of institutional failure and the requirement must in practice be kept within bounds. At some level, the marginal benefit to policyholders and other creditors of increasing the minimum requirement is outweighed by the marginal cost of capital to the insurer. It is often difficult to avoid that such costs are ultimately passed on to policyholders in the form of higher premiums or reduced benefits. From the point of view of efficiency, the minimum statutory solvency requirement should thus, in theory, be set at an equilibrium value in the sense described. Lack of data and suitable models makes this task difficult. There are also differences in legislative and supervisory traditions as regards the attitude to the role of mathematical and statistical models. In practice, the determination of minimum requirements seems to be based on experience with or without explicit reasoning and modeling based on risk theory. In the latter case, the initial aim may be set as some acceptable level of probability of ruin or level of resilience, but in the end, the final requirement will often be the result of some kind of a muddlingthrough process, balancing different interests in a less formal manner. Types of Statutory Minimum Solvency Requirements31 There is a variety of ways in which statutory minimum solvency requirements can be designed and imposed on insurers; some important ones are outlined below. The approaches can be said to fall into two groups: fixed ratios and riskbased capital on one hand, and tests based on more extensive risk or ruin theoretic modeling of the whole business on the other. In addition and as a complement, there are the more versatile tools of scenario testing and dynamic solvency analysis32.
30 31 32
The minimum amount of solvency margin (surplus of assets over liabilities) stipulated by domestic law. IAIS Sub-Committee Paper on Solvency and Actuarial Issues, ibid. Dynamic solvency analysis is an actuarial exercise where the assumptions adopted in examining the financial condition of an insurer is varied in order to assess the companys ability to withstand changes in both the external economic environment and in its own internal experience.
Under the fixed ratio model, requirements are pegged to a fixed proportion of some basis or proxy of exposure to risk, often an item from the insurers balance sheet or profit and loss account. Examples are choices of a percentage of premiums written or a quota of the outstanding claims provisions. In practice, the corresponding proportions or ratios involve some degree of arbitrariness, a single ratio often being used for a wide range of activities and having been determined on the basis of general data. A fixed ratio of premiums is a natural point of departure in non-life insurance. Written premiums are an acceptable proxy for the exposure to risk, especially for types of insurance that have rather quick settlement of claims. Such a ratio is part of the solvency requirements of the European Union and Australia. The ratio applied may reflect the overall volatility of risks, but may also be more finetuned and may be differentiated between different classes of business. The ratio may also be lowered for premium volumes exceeding some threshold value, e.g. in the European Union, taking into account that the relative risk in a large portfolio of independent risks is lower than in a smaller portfolio. A fixed ratio of the provisions for outstanding claims is natural in non-life insurance for measuring reserving risk, especially for types of insurance with a slow ratio of settlement of claims. This is used in Australia. The European Union rules use a fixed ratio of the average claims cost, averaged over three years in general, but over seven years for credit, suretyship, storm and hail insurance. The larger of such a ratio and the aforementioned ratio of premiums determines the solvency requirement. For life insurance, fixed ratios may be applied to measures of exposure relevant to the risk at hand. The technical provisions for life insurance contracts may be a basis for measuring the exposure to the risk of guaranteeing yields on contracts. For contracts offering benefits at death, the sum at risk, i.e. the sum that the insurer must add to the technical provisions in case of death, is a better base for the exposure to adverse deviations in the mortality assumptions. For the mortality risk of annuities, i.e. the risk of underestimating life expectancies, the technical provisions may be a better exposure measure. The fixed-ratio approach has the benefit of being simple to describe and to calculate. However, from a theoretical point of view, the fixed-ratio approach has some drawbacks, to some extent also shared with the risk-based capital approach: A general approach may not adequately respond to different risk profiles of individual insurers, notably in non-life insurance. To the extent exposure is based on historical data, there is no explicit dynamic, forward looking basis for the approach. A general model may be vulnerable to the choice of exposure basis and respond illogically, e.g. by increasing requirements in response to stronger premiums or safer technical provisions, and decreasing requirements with rebates on premiums or with weaker reserving.
In response to the coarseness of the simpler fixed-ratio models, risk-based capital (RBC) models have been developed. The minimum requirement is then built up from a number
of lower level ratios, relating to a refinement of risk elements, e.g. different insurance classes, long-tail risks and risks on the asset side. Exposure bases such as premiums or provisions can be adjusted to some extent for deviations from market standards. In addition, some efforts are usually made to take interaction between the lower level ratios into consideration. Still, the level of detail must strike a balance between what is practicable and what ratios can be assessed with adequate data and models; otherwise this approach will be difficult to implement and its adequacy will be cast in doubt. Risk-based capital is presently a characteristic of solvency practices in Japan and the United States, but refined risk factors are also known e.g. in Canada as regards investments. As mentioned, it is in many ways a refinement of the fixed-ratio approach, using similar exposure measures, such as premiums, technical provisions or asset amounts. A useful aspect of risk-based capital as applied in the United States and Japan, and not in itself depending on the more refined approach to risks, is the integrated system of control levels or trigger points33. The idea is to prescribe certain actions or procedures at fixed levels in excess of the 100 per cent level of fulfillment. Such a system of control levels is of course compatible with other solvency practices and is used, at least informally, elsewhere. Under risk or ruin theoretic approaches, the main criterion is to preserve an acceptably low probability of ruin or failure over some time horizon, ranging from a few years to 30 or more. In addition to the approximations that must be made in order to find workable models, some degree of arbitrariness lies in the choice of such probabilities and horizons. Simpler variants of this approach may be implicit in the use of fixed ratios and risk-based capital. Here focus is, however, on a more explicit approach, usually dynamic in the sense that it builds on models for future development under some assumptions, models describing the potential variation or volatility of insurance activities. An important example is the risk theoretical solvency test used in Finland. Within a framework laid down by the supervisory authorities, a company can calculate its solvency requirement. The basis is a model approach reflecting many facets of risks, and in several ways reminiscent of the modeling activities now tried out by many major banks. The modeling process that is required may give deeper insight into the insurance processes, but there may be considerable problems: The models used to describe experience may be too general and the underlying processes may be poorly understood, such as business and rating cycles Some aspects may not have a meaningful statistical description or analysis, such as rare events or future changes in market behaviour or legislation. Model approximations may be so extensive that the value or relevance of calculated or simulated values may be insufficient.
Under the supplementary approach using a scenario survivorship model or dynamic solvency analysis, the insurer is required to test its solvency against a range of adverse conditions in the form of prescribed scenarios. The scenarios may apply to either the
33
A threshold value that requires intervention of the supervisor or imposes certain restrictions on the insurer if its available solvency margin falls short of this amount. A system of solvency requirements may have more than one control level for different types of regulatory action (e.g. RBC approach of US, EU solvency requirements).
existing business or there may be some consideration of new business over a chosen time period. The choice of scenarios and time period where new business is considered, involve a degree of arbitrariness. The approach is clearly dynamic and gives insight into the insurance process, but some drawbacks are: It may be difficult to find scenarios that are both predictive for the individual risk profile of an insurer and that can be tested using available data. Compliance costs can be high, as testing usually requires substantial computer modeling.
Scenarios and dynamic solvency analysis have seen an important development primarily in Canada and the United States, and steps have been taken to give such approaches a formalized framework for supervisory purposes. Some general conclusions34 The approaches to statutory minimum solvency requirements fall into two groups: fixed ratios and risk-based capital on the one hand and tests based on more extensive risk or ruin theoretic modeling of the whole business on the other. The latter approach may be used as a supplement to the former method. A fixed ratio or riskbased capital approach may be seen as a common method for stipulating solvency requirements. Using this approach, the insurer is required to maintain a certain minimum amount of surplus of assets over liabilities. At given time intervals, the company has to prove that its available solvency margin, i.e. the amount of capital elements which are considered as free capital for regulatory purposes, exceeds the required minimum margin. The regulatory system provides one or more control levels. The minimum statutory solvency requirement is one element of a larger conceptual framework involving solvency and financial health in the sense of the ability to fulfil commitments. Seen from the point of view of financial disclosure, the cornerstones of a satisfactory solvency are proper provisions for liabilities and sufficient resources for covering losses. Such resources may include items on the balance sheet, such as capital (equity, reserves), reinsurance ceded, but possibly sources not formally on the balance sheet, such as guarantees or the levy of additional contributions from members of a mutual insurance company. Seen in a wider perspective, solvency is founded on a well-managed business, with proper pricing and balancing of risks and suitable composition of portfolios of insurance contracts and assets. Also investment practices including the use of derivative instruments are usually seen as areas of special importance to solvency. Trade-Off between Security and Capital Costs Insurers generally hold substantially more capital than the amount required by insurance supervisors. The main advantage of this buffer is that policyholders can feel secure in the knowledge that their claims will be paid and shareholders can be comfortable that the ability of the company to continue making profits is protected. However, holding capital funds is costly (capital costs). Incurring unnecessary capital costs lowers shareholder investment returns and raises policyholder premium rates.
34
IAIS Sub-Committee Paper on Solvency and Actuarial Issues, ibid.

A number of stakeholders have perhaps diverging interests regarding the equity base required of an insurer. Policyholders benefit from the knowledge that the insurer can meet claims paying commitments, yet policyholders do not want capital requirements to become so burdensome that premium rates become excessive. Insurance supervisors, too, aim at protecting the consumer while maintaining the long-run viability of insurance markets. A companys owners, in contrast, are interested in generating a high risk adjusted return on their investments and so must make a trade-off between protecting the franchise value of their company on the one hand and incurring capital costs on the other. Both staff and management have a vested interest in keeping their company in business and in having leeway for action, while also keeping shareholders happy. Rating agencies, too, are interested in the fulfillment of all obligations, which includes all the claims of investors. Each of these stakeholders has a different view regarding the tradeoffs involved in holding capital, and conflicting views about the optimal amount of capital funds can result. Only a relatively small number of physical assets, such as an office building, and computer hardware, are needed for a company to offer insurance protection. Risk capital is not tied to normal business activities and can thus be invested profitably. The net costs of reserves are thus the costs of capital funds minus the investment returns. From the investors standpoint, the fact that an insurer has capital funds available which it can reinvest in the capital market gives it the traits of an investment fund. The insurers indirect investment risk in the capital market is leveraged by the underwriting risk. However, an insurance companys investment of capital involves substantial tax disadvantages and agency costs when compared to a direct investment by an investor. Summary Comments on Solvency Margins It is a standard requirement of insurance regulation that companies must hold additional assets over their policyholder and other accounting liabilities. Such prudential solvency margins are a demonstration of technical solvency. If they are breached they do not necessarily signify that an insurer is insolvent and unable to meet its obligations to policyholders and other parties. Properly designed they act as an early warning system of potential difficulty and allow the supervisory authorities to initiate action to avoid failure. There is no single answer for the appropriate level of a solvency margin. Set at too high a level the margin will impose an excessive capital requirement on insurers leading to a higher cost of insurance to consumers and reduced level of profitability to shareholders. Excessive capital requirements may also deter new entrants to the market and reduce competition. On the other hand, if solvency margins are set too low then there is the possibility that weak companies will be allowed to continue to operate for too long at risk to policyholders. The strength of the system does not depend solely on the level of solvency margin but also to the degree of conservatism or otherwise included in the determination of policyholder liabilities. The extent that these also include prudential margins can be reflected in the solvency margins required. The development of solvency margins, and the underlying theoretical bases, has evolved over time as insurance markets have grown. Developments have however been
exponential in recent years. This has been due to a combination of more complex insurance and investment markets, a deeper understanding of risk management and the availability of more powerful computing tools. Until the 1990s solvency margins were generally formula (fixed-ratio approach) driven and concentrated primarily on liability risks. Since then there has been a move to decompose the risk on both the asset and liability sides of the balance sheets and make an assessment of risk, which is more specific to the individual company (the risk based capital approach). There are parallels with the banking industry where the original Basle Capital Accord on a formula approach to calculation of tier 1 and tier 2 capital are being replaced by an encouragement to banks to make a more detailed assessment of risk. The formula based approach has the advantage of simplicity and ease of application but conversely it does not capture the details of a particular companys risk exposure. While the risk based capital approach may appear superior it does have its own problems. It is definitely more complex, difficult and expensive to implement. If too great a freedom is given to insurers in the choice of assumptions and parameters the approach can be highly subjective. Its efficacy is also untried. A middle variation on the pure risk based capital approach is to specify the categories of risk which must be assessed, but to mandate risk percentages (and hence capital requirements) based on industry analysis. Whichever approach is selected the effectiveness of the supervisory system will depend not only on the method but also on the level at which the various requirements are set.
CHAPTER 7 RISK BASED SUPERVISION
With a growing trend towards a prudential approach to insurance supervision, supervisory emphasis is placed: on the strength of an insurers management, on statutory responsibility for sound practice being placed on the insurer and its advisers (e.g. forms of corporate governance), in supporting the increasing competence of relevant professional bodies (i.e. auditors and actuaries) and their involvement in the supervisory process, and on encouraging as far as possible market-based self regulation for market conduct issues. Protection of policyholders is provided by placing emphasis on quality of management and solvency with there being additional policyholder benefit from competitive enhancement of products and services. Forms of prudential supervision are consistent with a market that is becoming more dynamic and is in the process of change. The level and frequency of supervisory scrutiny however will depend on the risk assessment of the insurer as an institution. Insurance companies that are well managed relative to their risks will require less supervision; not all areas within an insurer need to be reviewed every year. More often than not the insurance supervisor has limited resources and therefore must deploy those resources more effectively and efficiently. The supervisory authority will need to develop and implement a supervisory framework that will provide an effective process to assess the safety and soundness of an insurance company by evaluating the insurers risk profile, financial condition, risk management processes, and compliance with applicable laws and regulations. Such is the nature of a prudential supervisory approach that is risk based. What is Risk Based Supervision Risk based supervision is a structured approach to identify the key risks to which insurance companies are exposed, to assess the risk mitigation techniques that are used to manage these risks, to assess the net risk exposure that emerges in terms of its level and volatility and then to focus the supervisory effort on the most significant of these net risk exposures.35 Supervision will include reviews of an insurers major risk management control functions such as financial analysis, compliance, internal audit, risk management system, including senior management and board oversight. Because the supervisory authority frequently has limited resources it must focus its resources on insurers where there is the greatest probability of financial difficulty. The supervisor will rely on external auditors
35
Risk Based Supervision of the Insurance Companies, An Introduction, John Thompson.

for the fairness of the financial statements and on actuaries36 for the adequacy of policy liabilities and will use their work to modify the scope of its own reviews to minimize duplication of efforts. The supervisor should be able to discern the relative level of financial risk, or risk profile, of each company. This includes not only the level of risk for one company relative to another, but also the areas of greatest risk within a particular company.37 Risk based supervision is structured because it systematically considers all of the key aspects of a companys business and within each looks at the risks to that area of operation. These key areas can be either business lines, geographic areas of operation or operational areas within the company itself. This structured approach, together with the documentation that emerges, breaks the work into manageable pieces. Over time the whole company would be looked at in this way and the most vulnerable areas of the company will be identified for detailed analysis. By keeping the documentation and analysis up to date the supervisor can quickly review the supervisory examination plan for the year and focus resources on the most critical areas.38 As with most systems, the initial implementation stage is the most difficult phase of the supervisory process when the supervisor gathers, collates and develops a database for each insurer. The supervisor builds up the database of knowledge that will be used to form an overall assessment as to the risk level in each company through: (i) (ii) (iii) (iv) ratio analysis, information gleaned from on-site inspections, information picked up in general conversations with people in the industry, and articles in trade journals and the media.39
This is where information technology (IT) plays a very important role in the supervisory process. IT is no longer simply an enabler, it is a powerful force of change. The supervisory authority has to integrate its supervisory strategy, organizational capability and information technology with each other. The supervisor can carry out benchmarking studies on a range of subjects, which compare companies with their peers to identify best industry practices for dealing with various levels of risk. Through IT and an effective management information system, the supervisor can develop and establish an early warning system (EWS) that would detect potential as well as developing problems with insurers. An EWS may well be the trigger for active intervention by the supervisor at the earliest possible time. The section on The Supervisory Process contained in the paper Supervisory Framework 1999 and beyond issued by the Office of the Superintendent of Financial Institutions of Canada can be a model for a risk based supervisory approach.
36 37 38 39
Appointed Auditor and Appointed Actuary systems. Re-Engineering Insurance Supervision: Policy Research Working Paper 2024, Lawrie Savage, World Bank. Risk Based Supervision, ibid. Re-Engineering Insurance Supervision, ibid.
CHAPTER 8 - PERFORMANCE EVALUATION SYSTEM
A sound supervisory framework would not be complete if it fails to provide for a system to monitor progress, compliance with existing laws and regulations, and the periodic review of performance of insurance companies. A risk based supervisory system should enable the insurance supervisor to set industry performance benchmarks, and use appropriate analytical tools, ratios and other means to assess insurance companies financial position and monitor their performance. While the supervisory system places great reliance on the appointed actuary and the appointed auditor systems, that does not negate the need for close financial monitoring by the supervisor. A deterioration in the solvency margin, for example, may trigger active intervention by the supervisor. However in the case of a failing company, the solvency margin should not be relied on as the sole indicator of financial health. A range of indicators is available which will assist the supervisors assessment of a company. In addition to the free assets and solvency ratio these indicators include statistics which monitor the stable development of the insurer, its profitability and operating margins, quality of its investment portfolio and liquidity. When a company does face difficulties, it will be natural for management to seek to minimize the difficulties and even manipulate some information. Properly supervised, it is less likely that the insurer will be able to obfuscate all the indicators available to the supervisor. Thus by paying attention to all available indicators the supervisor may obtain an early warning of impending difficulties. Effective implementation of the monitoring systems will depend heavily on available IT systems. It is therefore important that IT considerations are included in the implementation planning from an early stage. A welcome development is the increase in the number of jurisdictions requiring electronic submission of reports to the supervisory authority by insurance companies. An effective risk based supervisory approach will require some system of surveillance or off-site monitoring which would assist the supervisor in obtaining current data on insurers. This enables the supervisor to act and/or make decisions regarding insurers that encounter difficulties, within the shortest possible time from when the difficulties arose. Early Warning System A system giving the supervisor an early warning of difficulties faced by an insurer will consist of (i) statistical analysis, (ii) financial analysis, and (iii) a process for classifying insurers through risk profiles. (1) Statistical Analysis It is important for the insurance supervisor to select a range of statistical measures to indicate the progress of an insurer. Historical tables are developed from which trends and variances can be calculated and comparisons with other companies made. On an
aggregate basis a number of these statistics can be incorporated in the supervisors report on the industry. Until a credible body of data emerges the statistics will be of limited value. Nonetheless over time this statistical database will become an indispensable tool for monitoring. There are a number of indicators that can be utilized in statistical analysis, among which are: (a) growth of business, (b) expenses and commissions, (c) statistical and accounting premiums, (d) claims and benefits, (e) surplus and change in liabilities, (f) investment portfolio and liquidity, (g) solvency margin, (h) insurance reserves. While intercompany comparisons are useful they should be used with caution. While an outlying result may require explanation it may well be a valid result due to the peculiarity of a companys products or method of operation and may not be a cause for concern. There are special difficulties in the early years of supervision of a newly licensed company. Because of the small amount of data the statistical measures will inevitably be volatile and it will not be easy to decide if a particular variation is a random event or indicative of a real problem. Similarly the growth of business may well be exponential, without any cause for concern, if it is in line with business plans. Given the wealth of material available in the financial statements and statistical indicators it is normal that in all companies there will be some results out of line with trend. Given the overall situation of the company such isolated individual results may not be an indicator of an underlying problem. Sensible judgement has to be exercised in such cases so as to avoid pursuing the acquisition of additional information which serves little or no purpose in the exercise of prudential supervision. (2) Financial Analysis Review of the statistical indicators is a quick way of highlighting areas of possible difficulty. It is however no substitute for a more general financial analysis by someone with a strong actuarial or accounting background. An overall review of the financial statements will supplement the statistical analysis and provide a better understanding of the company. This again emphasizes the need for continuous oversight, and for monitoring the entirety of a companys operations, rather than performing a series of discrete unrelated tasks. The Financial Condition Report (FCR), for example, prepared by the appointed actuary provides a different perspective on the companys operation. While the aforementioned
measures are from an historic aspect, the FCR will both review the operations of the past year and provide the appointed actuarys assessment of future prospects. If done to a high standard of rigor with a number of sensitivity tests this is likely to be the single most informative document available to the supervisor. Unlike the financial statements it is a confidential document seen only by the insurer and the supervisor. The FCR relates to a more thorough examination covering in detail the insurers financial condition and planned future operations; and in particular, its current solvency position and how that might develop. The FCR is a legislated requirement in a number of jurisdictions, although the form of the report and guidance as to how the examination is to be carried out are contained in the standards of the profession body. The appointed actuary presents the report to the insurers board and to the insurance supervisor on a confidential basis. The importance of the report is not only that it is an assessment of the insurers position and the basis for the appointed actuarys advice to the board; but that, if in a suitable form backed up by standards set down by the profession, it provides the justification for that advice and gives the appointed actuary the assurance and authority needed to present it. The FCR contains in detail, the analysis, findings and the reasons for the actuarial assumptions; an examination of the important components of the insurers operations in for instance the areas of new business, expenses, investments, and not only in the usual actuarial areas such as mortality, lapsation and pricing; an appraisal of the insurers current position. It would not be a historical document relating to a date many months before and would include the insurers business plans for the future and prospects as regards future solvency. In the case of newly registered companies, the report deals with the companys progress, making a year by year analysis; in particular, it monitors the deviations from the initial projections and the impact of expenses in relation to the business written and the consequent strain on capital. It ensures that the reserving basis is not capitalizing future profits from the business written (requiring a close comparison of the premium basis with the reserving basis) masking the strain on capital. (3) Classification of Insurers As a market develops the fortunes of individual companies will vary. Some will perform according to the expectations of their business plan. Others may grow more rapidly, experience a shortfall in revenues due to difficulties in building a distribution system, may have above average expenses, below average investment performance, etc. The differing circumstances mean that not all companies will require the same supervisory resources. It would be a waste of scarce resources to devote the same attention to a strongly capitalized, well performing insurer as to a weaker company with a number of perceived shortcomings. An approach that can be used is to adopt a ranking system where each insurer is assigned a rank according to its perceived supervisory need. Some supervisors in jurisdictions using a case based approach call it a case security ranking. Lawrie Savage in his paper on Re-Engineering Insurance Supervision refers to such a system as a regulatory ladder as the need for supervision progresses (i.e. increases) when an insurers ranking deteriorates.
The ranking system or regulatory ladder approach (i) permits supervisory staff to feel comfortable that their recommendations and actions are reasonably consistent over time and from one situation to another, (ii) gives the supervisor and government confidence that the supervisors actions will be in accordance with government policy, and (iii) enables companies to know the strength of the supervisory response that can be expected in various situations and to govern themselves accordingly.40 To assist the supervisor in allocating resources it is helpful for a supervisory authority to have in operation a system of ranking insurers. Under such a system insurers are classified according to their perceived supervisory needs. A particular problematic insurer, for example, might require ten times the supervisory attention of another less problematic company. An insurers ranking will determine the size and quality of supervisory resources allocated to it. A common approach is to adopt a four level ranking system. Every supervised insurer would be ranked at one of the four levels. These levels might be: Category A. An insurer of undoubted status, long established with a proven strong management team, well financed and covering its solvency margin requirements by a factor of, say, 3, stable operations with strong balance sheet and not being the subject of any supervisory concerns. Category B. A stable insurer, well established with a balanced portfolio, regular profitability, has a comfortable solvency margin (e.g. factor of 2 plus), with no particular supervisory concerns, possibly a member of a large group that would be willing to provide additional financial backing if needed. Category C. An insurer that gives cause for concern, which might be based on one or any combination of factors including financial vulnerability with weak balance sheet, high investment risk exposure, limited solvency margin cover, possible concentration in single volatile market area (e.g. motor), erratic profitability, poor claims paying record, new or indifferent management, poor reinsurance program, rapid expansion, known to be price cutting, past supervisory difficulties and ongoing supervisory concerns (e.g. poor track record of financial ratios). Category D. An insurer giving grave cause for concern, financially very weak with possible breach of solvency margin requirement and no obvious additional sources of financial support. A potential case for the appointment of a provisional liquidator. The supervisory regime required for an insurer would vary depending on its ranking. For example a Category D insurer would require concentrated supervision of a highly skilled hands on nature pending decisions on the insurers future compared with a Category A insurer who would only require a light supervisory approach.
40
Re-Engineering Insurance Supervision, ibid.

The use of any ranking system would be internal to the supervisory authority and strictly confidential. An insurers ranking should be approved at senior level (probably by the head of the supervisory authority) and kept under periodic review. On-Site Inspection The IAIS has provided some guidelines for insurance supervisors on on-site inspections through Supervisory Standard No. 2 issued in October 1998. The IAIS paper describes on-site inspection as a vitally important part of the supervisory process closely related to the on-going monitoring process. However, Lawrie Savage in his earlier cited research paper presents a very vivid description of the subject and is therefore reproduced in its entirety as follows. The only way the supervisor is able to find out what is really happening within a company is to visit the companys head office to observe first hand. As useful as early warning tests and other financial data may be, there is no substitute for having skilled personnel acting as the eyes and ears of the supervisor. Financial information is always dated, may be inaccurate and cannot provide insights comparable to the on-site inspection in terms of understanding managements approach to running the company. The on-site inspection has five main objectives: 1. Understand the insurer and its business environment; 2. Detect solvency problems; 3. Detect non-compliance with legislation; 4. Resolve detected problems early; and 5. Obtain information on system-wide issues. The latter point refers to issues the supervisor has observed in the company being inspected, but which will likely have implications for other companies as well. These are generally emerging issues where thought and planning is required to formulate a consistent government policy. Some recent examples include the use of derivative instruments by insurers and the outsourcing of core business functions. The on-site examination has four main phases: planning, on-site investigation, reporting and follow-up. The planning phase utilizes knowledge of the companies risk profiles to determine inspection priorities on a company by company basis. Once it has been established which companies represent the greatest level of concern, one can consider the particular areas within those companies which pose the most significant threat to continued financial health. For example, if the company in question has been highly reliant on reinsurance, and its financial position has recently been deteriorating, one will certainly want to look closely at the reinsurance arrangements to be satisfied that if necessary, the reinsurers will be in place and able to discharge their obligations. If this same company has a history of conservatively investing its funds and has a low level of risk in
that area, there will probably be little to be gained by spending much time reviewing the investment department. The whole idea is to use the information at ones disposal to establish inspection priorities, both in terms of identifying individual companies for visits and the functional areas within those companies for attention. An important part of the planning process is to select the team members and to put together a detailed work plan as to what is to be reviewed in the companys offices, including expected time horizons. One supervisor attaches a notional billing rate to the time consumed in the inspection, comparable to that which would be charged by professional consultants. This tends to reinforce the importance of getting value for money and also provides a frame of reference when thinking about what was achieved by the inspection. For example, if an on-site inspection runs up a notional cost of $100,000, does the cost seem reasonable when balanced against the information obtained? (We repeat, this is not a real cost that has to be paid by the company or the supervisor. It is merely a way of assigning a kind of commercial value to the supervisory process for the purposes of internal management control and evaluation.) In the on-site phase the inspectors are gathering information which is adding to the accuracy of the companys risk profile. As more information becomes available the supervisor should be constantly questioning whether it changes the risk profile. If so, and the change is in the direction of greater risk, the supervisor may very well decide that additional work is required. The inspectors should also be on the look out for any issues that could have wider implications for insurance supervision (i.e. system wide issues). It is very important for inspectors to keep in constant communication with company management as they carry out their examination tasks. Inspectors have sometimes thought they had stumbled upon something quite disturbing, and have confronted management at the conclusion of the visit, only to find that they didnt have the full story and that the situation was different than they had assumed. This type of thing is not only embarrassing to the supervisory group, but will give rise to bad feelings and a reluctance by management to fully cooperate with supervisory staff. As a matter of philosophy, we have always found that much more information can be obtained by a friendly and outgoing group of inspectors than by personnel who are over zealous, overly authoritarian or who plainly show by their demeanour that they suspect management of the worst. Inspectors should accept all information with enthusiasm, saving the real analysis and comment for back at the office. The best source of information is discussion with company management. An inspector who is capable of engaging management in discussion as to current business problems, managements strategy for approaching the marketplace and so on, can usually find out much more in a short time than is likely to be divulged by reviewing documents and financial data. When the on-site work comes to a close it is important to formally meet with senior management to give them an overview of the inspections findings. There should be no surprises if the lines of communication have been properly open during the course of the inspection. It is appropriate to provide the management group with a formal agenda prior to the meeting so they can give thought ahead of time to the points theyll wish to raise. While it will not always be possible to agree fully on what needs to be done, there should be agreement as to the facts of the case.
Discussion at the meeting should be limited to important issues that pertain to the long term viability of the company. The bringing forward of a myriad of relatively less important issues merely detracts from the underlying purpose of the inspection -- i.e. to assess the risk profile of the company and to modify that profile if necessary. Items of significance are those which do fundamentally change the companys risk profile, or if it is already considered to be a high risk situation, which serve to confirm that assessment. The exit meeting should be followed up by a formal letter or report to management detailing the results of the inspection. This should document the reliance that has been placed on outside parties such as the auditors and actuary, describe the areas that were actually reviewed, set out the findings and observations, make any recommendations considered appropriate and, finally, request management for its plans for addressing the issues. In our experience a powerful tool for dealing with problems is to request management to put together a formal business plan for presentation to the supervisor. Most of the time management and the supervisor will agree on the nature of the problems. The onus is then on the company, not the supervisor, to come up with a reasonable plan for correcting the problems. The use of a business plan has several significant benefits. First it enables the supervisor to get a sense as to the ability of the management team to recognize and address the problems. If the plan seems unrealistic and unlikely to succeed, it tells the supervisor a great deal about the management team and the likelihood of long term success for the company. However, most often it marks the beginning of an iterative and ongoing process of working with the company to correct the problems. The supervisor will generally have a great deal of experience in seeing how financial problems develop and how they have been successfully overcome. Offering constructive suggestions to management and working closely with management to help them come up with a business plan that is likely to have a higher chance of success, not only provides a real service to the company, it also builds credibility for the supervisor and leads to the probability of even greater co-operation in the future. The inspection process can then be seen as a continuing and connected cycle consisting of planning for the inspection, carrying out the inspection, reporting on the findings, working with management to see that identified problems are corrected, continuing to add to the knowledge of the companys risk profile through financial analysis and other means, beginning to plan for the next inspection, and so on into the future.
CHAPTER 9 - DEVELOPMENT OF INFRASTRUCTURE REQUIREMENTS
The implementation of sound risk management programs requires that certain components within the insurance supervisory system be in place. This is particularly important in developing countries where actuarial and systems resources are inadequate or not available. The adoption of risk based supervision, for example, will not prosper in the absence of adequate infrastructures for (i) an appointed actuary system and (ii) information technology and management information systems. Appointed Actuary System There is a need to take account in an appropriate manner of the various kinds of risks that an insurance company is exposed to. Accordingly, it is important for insurance companies to have access to professional expertise who possess relevant skills in mathematics, modern statistical models and methods (including risk theory), as well as economics and finance. This will ensure that these risks are analyzed in a proper manner and adequate risk prevention/mitigation methods are applied. The actuary is expected to provide professional expertise in the following important areas related to solvency and solvency assessment of the insurance business: (a) analysis of risks and products pricing, (b) evaluation of technical liabilities and estimation of necessary technical provisions, (c) developing recommendations with respect to risk prevention/mitigation methods to be applied, (d) evaluations regarding the need for a solvency margin and especially whether the available solvency margin should be higher than the required minimum, (e) solvency assessment in the sense that is described in previous sections, and (f) preparation of various kinds of reports (especially the Financial Condition Report) to be submitted to the supervisory authority. In a large number of jurisdictions, actuaries are normally heavily involved in the areas listed above. Some of them will often have the tasks described in items (a), (b) and (f) as their main responsibility. Different regulatory regimes assign different levels of professional responsibility to the actuary. At one end is the substantive (or material) control approach where supervisory approval of products is required. The scope for individual actuarial judgement is limited because the supervisory authority exercises key judgements on adequacy and viability. In some jurisdictions, the insurers actuary may approve the mortality tables used, but plays otherwise a relatively limited supervisory role as the companys chief executive and the board of directors take responsibility for the proper pricing of products,
establishing prudent technical provisions and exercising sound and prudential overall financial management. The supervisory authority exercises direct supervision through a strong level of on-site inspection. The supervisor sends a technical team, with accounting and actuarial skills, who not only review the financial statements of their assigned companies, but also pay extended visits to the companies to review their systems and controls, approve their technical bases and methodologies and audit a sample of their calculations. At the other end of the spectrum is the appointed actuary approach used in the UK where the responsibilities of the actuary are spelt out in professional guidance, rather than in legislation or direct requirements of the insurance supervisory authority. This system has become increasingly widespread. It requires however a high level of actuarial education and professionalism with the active support and involvement of professional associations of actuaries in each jurisdiction. Developing countries are hard pressed implementing such a system because of the inadequate supply of qualified actuaries. This has led to the situation that, where a full appointed actuary is set out in the legislation, the educational requirement has been the Fellowship of four major actuarial societies: the two UK Institutes, the Society in the US, and the Institute in Australia. It appears that the role of the actuary will progress steadily away from just the historic evaluation of liabilities to a more expansive responsibility. This will include ensuring and monitoring the adequacy of assets to meet liabilities on a continuous basis, and a strong forward-looking reporting role to the boards of directors on future financial condition; thus playing a key role in the identification of risk and its successful management. Regardless of regulatory traditions, the role of the actuary, both within the insurance companies and in the position of supervisor, is critical to the maintenance of financially sound insurance companies. Information Technology/Management Information Systems (MIS) The importance of information technology and appropriate management information systems to effective and efficient insurance supervision cannot be overemphasized. In achieving its primary objective of protecting policyholder interests, the insurance supervisor needs these modern tools to facilitate the gathering and processing of voluminous data in order to speed up its decision-making responsibility. With the increasing deregulation of insurance markets, the supervisor has to contend with many issues, such as the cross-border operations of insurers that do considerable business using electronic means. This has led to the situation where the supervisory authority has had to play catch up with companies it supervises. This is exacerbated in jurisdictions where supervisory resources are limited especially in developing economies. The supervisor has three main uses for IT: (1) for receiving (i.e. electronically), processing and analyzing returns and other statutory reports submitted by insurers; (2) generating reports that the supervisory authority is required to submit to its government, the public, and also for its own internal use; and
(3) to automate the supervisory authoritys internal systems, e.g., administration, human resources management, accounting and funds management, and its own risk management system. The use of IT not only facilitates the supervisory authoritys internal processes. IT also brings transparency in its operations, fulfilling the supervisors responsibility for exercising sound corporate governance.
CHAPTER 10 CONCLUDING REMARKS
Risk is present everywhere. It is endemic in all activities, whether personal or commercial. It is because of risk that insurance was invented and has evolved into what the industry is today. Because an insurance companys core function is the assumption of risks, the insurer needs to establish, implement, and continuously improve its internal systems to manage the risks its assumes for others as well as those risks it faces in conducting its own operations. The supervisory authority must ensure that sound risk management systems are securely in place in all the insurance companies it supervises in order to protect policyholders interests and maintain stability in the financial market.

Risk Management File 1

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Management File 1

Uploaded by

Copyright:

Available Formats

RISK MANAGEMENT

Risk Management 30/10/02 1 of 45

Risk Management 30/10/02 2 of 45

Risk Management 30/10/02 3 of 45

CHAPTER 2 - RISK MANAGEMENT SYSTEM

Risk Management 30/10/02 11 of 45

CHAPTER 3 - ASSET/INVESTMENT RISKS

Supervisory Standard on Derivatives, IAIS, October 1998.

CHAPTER 4 TECHNICAL/LIABILITY RISKS

As to the special risks, they can be considered to consist of the following:

Risk Management 30/10/02 20 of 45

CHAPTER 5 - BUSINESS/OPERATIONAL RISKS

Risk Based Supervision of the Insurance Companies, Ibid. Ibid. Ibid.

CHAPTER 6 SOLVENCY AND CAPITAL ADEQUACY ISSUES

IAIS Sub-Committee Paper on Solvency and Actuarial Issues, ibid.

Risk Management 30/10/02 32 of 45

CHAPTER 7 RISK BASED SUPERVISION

Risk Based Supervision of the Insurance Companies, An Introduction, John Thompson.

CHAPTER 8 - PERFORMANCE EVALUATION SYSTEM

Re-Engineering Insurance Supervision, ibid.

Risk Management 30/10/02 41 of 45

CHAPTER 9 - DEVELOPMENT OF INFRASTRUCTURE REQUIREMENTS

Risk Management 30/10/02 44 of 45

CHAPTER 10 CONCLUDING REMARKS

Risk Management 30/10/02 45 of 45

You might also like