1 / 20

An Overview of Risk Management based on a Disclosure from an Annual Report

This article provides an overview of risk management based on a disclosure from an annual report. It covers topics such as organizational structure, risk assessment (quantitative/qualitative), risk reporting and communication, and more.

kurtz
Download Presentation

An Overview of Risk Management based on a Disclosure from an Annual Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Overview of Risk Management based on a Disclosure from an Annual Report Jon Wu, jzwu101@gmail.com November 19, 2014

  2. Contents • Organizational Structure • Risk Management • Risk Assessment (Quantitative/Qualitative) • Risk Reporting and Communication Proprietary

  3. Organizational Structure • We will focus on CRO organization structure, its job responsibility, and its relationship with other department (management and collaboration) • Keep in mind, no matter where you are in the organizational chart, the bottom line is to create value of the organization under a certain limits (e.g., risk limits – maintain appropriate risk capital level) and let define the value of the company is: • V = EV + PV of FVNB + Intangible Proprietary

  4. Organizational Structure • The concept of “three lines of defense”1&2 is important to implement the basic foundation of risk management: • First line: Front line functions such as sales, CFO, CIO, pricing actuaries, etc. • Second line: Risk and compliance department • Third line: Internal auditor and external auditor • In Europe, the Pillar II of Solvency II describes Own Risk Solvency Assessment (ORSA). But, it is a principle basis. Insurers have to figure it out themselves. • In US, NAIC just updated its ORSA manual. Insurance company (depending on its size) may need to adopt the requirements in 2015. Don’t forget SOX already required some kinds of risk management from COSO – ERM. • http://www.ey.com/Publication/vwLUAssets/EY-Maximizing-value-from-your-lines-of-defense/$File/EY-Maximizing-value-from-your-lines-of-defense.pdf • https://na.theiia.org/standards-guidance/Public%20Documents/PP%20The%20Three%20Lines%20of%20Defense%20in%20Effective%20Risk%20Management%20and%20Control.pdf • http://www.naic.org/store/free/ORSA_manual.pdf Proprietary

  5. Risk Management - Summary • In general, risk management structure consists of • Risk Management Framework: Include governance, standard of Practice (SoP), organizational structure, risk identification, risk appetite, risk tolerance/limit, risk monitoring/control, and reporting, etc. • Risk Assessment (quantitative and qualitative) • Risk Disclosure Proprietary

  6. Risk Management - Governance • In the governance, company disclose how risk management is organized. It includes description of various committees and how those committees are functioned and related to each other. Those committees include: • Risk Committee • ALM Committee • Model Validation Committee • Models and Assumptions Changes Committee • ORM Committee • Compliance Committee • Finance Committee Proprietary

  7. Risk Management - SoPs • SoPs are used to enforce the standards throughout a big organization in addition to the SoPs and other guidelines specified by various industry group. Examples of SoPs include: • EC SoP • EC Reporting SoP • EV/MCEV SoP • EV/MECV Reporting SoP • Assumption Setting SoP • Product Approval and Review Process SoP • New Investment Class Approval and Review SoP • Etc. Proprietary

  8. Risk Management – Org. Chart • Risk organizational structure is normally structured by risk type. CRO reports to CEO directly. • CRO in general works with CFO, CIO, and actuaries to organize those committee meetings. In general, CRO is the chair. Any changes affecting financial statements have to be worked out with CFO. CIO normally get authority from Risk Committee or ALM Committee to invest per mandated requirements and pricing actuaries have to use models and assumptions agreed-upon based on the decision per Models and Assumptions Changes Committees. Proprietary

  9. Risk Management – Risk Appetite, Risk Tolerance, and Risk Limits • Risk Appetite: It is a qualitative term in general. It reflects company’s business strategy, financial objective, and capital resource. • Risk Tolerance: It can be in qualitative or quantitative term. It should be consistent with risk appetite statement. • Risk Limits: It is quantitative statement in more detailed manners. It describes the limits the company will take and should be consistent with risk tolerance. • Considerations include confidence level, Earnings at Risk, Value at Risk, Capital at Risk, etc. Proprietary

  10. Risk Management – Risk Appetite, Risk Tolerance, and Risk Limits Proprietary

  11. Risk Management – Risk Monitoring and Mitigation • Describe tools and methods used to monitor the risks. • Mitigation can be described in aggregate manner or separately by risk type. Proprietary

  12. Risk Assessment – Risk Factors (Example per Solvency II) Proprietary

  13. Risk Assessment – Market Risk • Interest Rate Risk • Interest Rate Spread Risk • Equity Risk • Real Estate Risk • Implied Volatility Risk (for guarantees, e.g., no lapse guarantee, ratchet, reset, etc.) • FX Risk • Illiquidity Risk • Concentration Risk Proprietary

  14. Risk Assessment – Credit Risk • Credit Spread Risk • Default Risk (based on in rating of investment class) • Counter-party Risk (e.g., reinsurers) Proprietary

  15. Risk Assessment – Business Risk • Lapse Risk (e.g., policyholders’ behavior) • Premium Renewal Risk (e.g., annual renewable health) • Expense Risk (e.g., how fast expense can be reduced in a stressed situation) Proprietary

  16. Risk Assessment – Insurance Risk • Life Mortality/Morbidity Risk • Annuity Mortality and Morbidity Risk • Health/Auto/P&C Claim Risk • Concentration Risk • Catastrophe Risk Proprietary

  17. Risk Assessment – Operational Risk • Mostly qualitative (data security, BCP, failure of adhering to internal policy and procedure) • Reputation risk • Nevertheless, consider number of occurrence and severity (amount per occurrence) and if you have the data you can fit the distribution • Usually, score card approach is used and a factor approach is used. Proprietary

  18. Risk Assessment – Compliance Risk • Mostly qualitative - failure of adhering to law and regulation, internal policy and procedure • Sometimes, it is confusing who is responsible for what – ORM, compliance, and internal audit • Can be quantified like operational risk Proprietary

  19. Risk Reporting and Communication • Disclosure of risk management structure • Disclosure of the risk identification and exposure • Disclosure of the assessment • Disclosure of the mitigation process • List of the reporting and how they are used to manage company’s business (use test) Proprietary

  20. Questions and Comments Proprietary

More Related