Effective Risk Reporting
Sunder Krishnan
Chief Risk Officer
Reliance Life Insurance Company
2007 Global crisis
•
One of the most significant lessons learned from the global financial
crisis that began in 2007.
•
Information technology (IT) and data architectures were inadequate to
support the broad management of financial risks.
•
Weak risk data aggregation capabilities and risk reporting practices.
•
Severe consequences on the stability of the financial system as a
whole.
•
As a result, the Basel Committee has issued supplemental Pillar 2
(supervisory review process) to enhance ability to identify and manage
risks
Confidential
Slide
The Anthem case – Hackers stole massive data










Tens of Millions of Anthem Inc. Customers in a massive data breach
Largest in Corporate History
Personal Information compromised - Name, Birthdays, Medical IDs, Social
Security Numbers, Street Addresses, e-mail addresses, employment information,
Income data
Damage is being assessed – not yet known whether credit card data is
compromised – FBI is investigating
Very Sophisticated external cyber attack
Largest in the series of companies to suffer severe data breaches
Very swiftly informed the authorities
Personal Apology by CEO to all the customers / members
Everyone urged to change their passwords – all customers would receive some
Identity Fraud Protection ???
Last year hackers obtained credit card data of 40 Million Target Shoppers as well
as personal information of 70 Million Customers
Confidential
Slide 3
Risks - Traditional













Insurance
– Morbidity & Mortality
Risks for Life &
claims & pricing for
Non-life
Lower Persistency than expected
Expenses / costs – underestimated
Customers / agents / advisors not adequately identified
Inadequate distribution or product roll out
Inappropriate selling practices
Morbidity & Mortality estimations deviate from actual
Financial /
Reporting reliability
New Businesses lower than expected
Risk
Inferior return on investment
Solvency / fund crunch issues
Compliance issues with Agents exams & training
Infrastructure not geared up for new businesses
Inadequate investigation of death / accident claims
Inadequate underwriting guidelines – lack of tie ups with adequate
number of quality medical centers, inadequate documentation &
information obtained from policy holders
Reputation
Risk
Confidential
Investments
Risk
Legal / Regulatory /
Ethics / fraud
Risk
Operational
– People, Technology
& Process Risk
Slide 4
Emerging Risks

















Unforeseen risks from technology – hacking, malfunction, not meeting requirements
International terrorism
New diseases
Untested areas of insurance
High competition and thin margins – leading to inferior risk basket of proposals (wrong end of
the cycle)
Need for scale – expectations of high volumes and market versus reality
Need for Intermediation – banks, MF, Distributors…..support infrastructure
 Not adequately geared yet
Infrastructure issues – not adequately supporting micro Insurance
Thinning talent pool of updated insurance professionals compared with the demand
 High attrition rates
Changing technology – necessitating constant upgrading – funds guzzler
Increasing customer awareness and expectations
Risks on processes, technology and people – leverage required to grab opportunities and
meet severe competition
Outsourcing risks
Innovations – face regulatory risks
Alliance risks
Corporate Governance Risks
Marketing – Hype risks
Confidential
Slide 5
Need for Effective Risk Reporting
•
Enhance the infrastructure for reporting key information, particularly that
used by the board and senior management to identify, monitor and
manage risks
•
Improve the decision-making process throughout the organisation;
•
Enhance the management of information across legal entities, while
facilitating a comprehensive assessment of risk exposures at the global
consolidated level;
•
Reduce the probability and severity of losses resulting from risk
management weaknesses;
•
Improve the speed at which information is available and hence
decisions can be made;
•
Improve the organisation’s quality of strategic planning and the ability to
manage the risk of new products and services.
Confidential
Slide
Principles of Effective Risk Reporting
1.
Governance
2.
Data architecture and IT infrastructure
3.
Accuracy and Integrity
4.
Completeness
5.
Timeliness
6.
Adaptability
7.
Accuracy
8.
Comprehensiveness
9.
Clarity and usefulness
10. Frequency
11. Distribution
12. Review
13. Remedial actions and supervisory measures
14. Home/host cooperation
Confidential
Slide
Internal Financial Framework Overview
Clause 49, listing agreement Listed
• CEO/ CFO Certification
•
Establish and maintain internal
Control
•
Evaluate effectiveness of the
internal control systems
•
Deficiencies in design or
operations of internal controls
•
Steps taken to rectify the
deficiencies
Listed /
Unlisted
Companies Act 2013,
Sec 134: As per section 134 (5) (e) of the Companies Act
2013, directors need to make an assertion in Directors
Responsibility Statement that they have laid down internal
financial controls to be followed and that such IFCs are
adequate and operating effectively.
Section 177: Under section 177 (4) (vii), the duties of the
Audit Committee include evaluation of internal financial
controls.
Section 143: Under section 143 (3) (i), Statutory Auditors are
required to make a statement in their Auditors Report,
whether the company has adequate IFC system in place and
the operating effectiveness of such controls.
Schedule IV: The roles and functions codified in Schedule IV
of The Companies Act 2013 clearly state that independent
directors shall satisfy themselves on the integrity of financial
information and that financial controls and systems of risk
management are robust and defensible.
Framework
Confidential
Adequate
Operating Effectively
Slide
Internal Financial Framework Overview
Definition of Internal Financial Controls as per Companies Act, 2013
Internal Financial
Controls (IFC)
Internal Financial
Controls (IFC)
“policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including
adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the
accuracy and completeness of the accounting records, and the timely preparation of reliable financial information”
Financial Reporting
Controls
Fraud Implications
Operational
Controls
Technical Controls
Confidential
Controls to address
Financial Assertions
(includes Fraud and IT risk)
Efficiency / Service
Implications
Quality / Maintenance / etc
Slide
Enterprise wide Risk Management – The Building Blocks
Effective Risk Reporting is an important part of ERM governance
Confidential
Slide
RISK MANAGEMENT WORKING STRUCTURE
Operational Risk
1.
Risk Investigation
2.
Risk Projects
3.
KRI Dashboard
4.
Risk Mate / Automation
5.
MIS and reporting
1.
2.
3.
4.
Risk Review
Continuous Monitoring
Risk Assessments
Risk & Control Self
Assessment
Risk based internal
audit Co-ordination
BCM audit monitoring
5.
6.
Confidential
Market & Credit Risk
•
•
•
•
•
•
•
Mid office Investments
Market Risk MIS
Limit Monitoring
Voice Call Tracking
Personal Trading
Credit Review
Investments
concurrent audit coordination
IT Risk & BCP
Insurance Risk
1.
1.
2.
3.
4.
5.
BCP monitoring
& co-ordination
DR follow-ups
IT risk review &
co-ordination
IT Risk
Assessments
CAATs
2.
3.
4.
5.
ALM Monitoring &
co-ordination
Insurance risk
measures
Strategic risk
Underwriting Risk
Actuarial Risk
Both Reputation and
Financial impact of
each risk is
managed
Slide
How an Organization could gear up for best practices in Risk Management
Strategy
Enterprise Risk Management
Environment
Strategy
Risk
Appetite
Analysts
Regulator
Economic
Capital
Risk
Diversification
Rating
Agencies
Finance
Portfolio
Optimization
Compliance
Process
Risk
Modeling
Risk
Mitigation
Risk
Financing
ORSA
Data
Reporting
Infrastructure
Modeling
Disclosure
Confidential
Investors
Stakeholder
Mgmt
Risk Mgmt
Accounts
RM
Framework
Operations
Mgmt
Information
Solvency & Financial
Condition reporting
Projects
Business
Units
Slide 12
Effective Reporting at Reliance life
Reliance
Capital
Internal audit
Nippon
Reliance Life Insurance
Company Limited –
Reporting to
Board &
Executive
Management
Confidential
Regulators
Slide
Creating a Heat Map and Mitigation
36
6
12
Catastrophic
27
39
6
32
37
6
22
3
Major
I
M
P
A
C
T
21
10
28
26
29
Moderate
5
6
7
11
25
38
6
35
30
23
31
2
8
1
20
9
Minor
24
17
16
18
19
4
33
Plan of action for
Red Risks

14
34
15
13
Responsibility for
action

Insignificant
Follow up and
update

HEAT - MAP
Confidential
Rare
Unlikely
Moderate
Likely
Almost Certain
L I K E L I H O O D
Slide
Risk Management Framework & Committee
Broad objective of the Risk Management Committee is to ensure that risk
management processes are followed as per COSO guidelines.
Confidential
Slide
Export – Web
Send researches to an Intranet server and give users navigation and graphic tools
Trends and
Reports'
Forecasting
Expense Mgt. generator
- Follow up in time
of profit centers
(Agents, Products…)
- Expenses
Reporting
- Trends and
Budget
-Business simulations
- Taylor made
Reporting
Customers'
profile
-Portfolio
segmentation
- Cross-selling
Products
management
- Profit and Loss
areas
-Taylor made
follow up of entities
-
- Review pricings
- Define specific
indicators
- Scoring
- Simulations
on new pricings
Import
files
Clean data
Create
variables
New policies' profiles
- Lapses' profiles
Make
insurance
calculations
Create
Pricing
Claims
- Build
- Claims' explorer
- Reporting
new pricings
. in Pure Premium
. in % of value
- Frequency and Cost
modeling
Analyze the
Risk Premium and
stratify values
- Reserving
Triangulations
Stochastic models
- Claims
segmentation
Real Time
processing
Portfolio
explorer
System 1
System 2
System N-1
System N
(example: Auto Company A)
(example: Auto Company B)
(example: Fire)
(example: product p)
Periodic
Confidential update (copy) of the information – Policies, Expenses and Claims
Slide
Evaluating Risk Appetite
• Define vision
• Design/Review target
portfolio by
– Industry
– Geography
1. Strategic
– Product type
Planning
• Distinguish between
– Corporate
– Retail (personal,
SME)
– Treasury
• Risk return expectation of the bank
• Risk grade of the portfolio
2. Evaluate Risk
Assessment
3. Set Target
Returns
Ongoing Planning
and Performance
Measurement
Process
6. Monitoring And
Performance Reporting
• Risk position
• Comparison of actual v/s
target portfolio
• Risk adjusted performance
measures
• Financial performance
Confidential
• Competitive
positioning
• Strategic aspirations
• Risk/return profile
of SBU’s
4. Allocate
Capital
5. Business Unit
Transactions
• Capital allocation
• Risk weighted return
measurement
• Risk incurring
transactions
• Risk mitigation tactics
Slide
Reporting requirements
Monthly Risk meeting on Risk practices and implementation
Reliance Capital
(Group
Company)
Quarterly CRO meeting on review o f Status
Quarterly Group Conglomerate meeting on aggregation of risk practices
Monthly reporting on Risk trending, indicators, market risk and operation
risk
Annually reporting of all policies procedure and practices
Nippon Life Risk
Reporting
Inspection of risk management and audit practices annually
Conducting various audits and submitting reports to stakeholders and
Audit
regulators
Internal audit, IFC review, Statutory audits and concurrent audits
Confidential
Slide
Reporting requirements
IRDA reporting
and other
regulatory
reporting
Monthly Risk meeting on Risk practices and implementation
Quarterly CRO meeting on review o f Status
Quarterly Group Conglomerate meeting on aggregation of risk practices
Monthly reporting on Risk trending, indicators, market risk and operation
risk
Collation of various reports of risks, frauds, investments and market risk
Quarterly reporting to Board for the following activities
Board and
Executive
Management
Confidential
Financials
Risk Dashboard
Key risk indicators
Quarterly audit report of financials and key regulations by auditors
Internal audit report
Investments
ALM Report (Asset Liability Management)
Compliance update – circulars and reporting deadlines
Monthly reporting to Executive Management
Risk Dashboard to Risk Committee
Key ratios and key risk issues
Compliance Update
Dashboard of various service TATs
Investment committee
ALM committee
Slide
Expectations from Actuarial for Effective Risk Reporting
Adequate Statutory reserving
Effective disclosure on Business /Product Assumptions
Expectations
Monitoring of Assumptions vs actual of insurance risks such as
from Actuarial for
claims, mortality, persistency, expenses and new business
Effective Risk
Business parameters
Reporting
Channel wise monitoring
Product wise monitoring
Confidential
Slide
Risk Management Framework

Risk Management framework with independent reporting line to CEO / CRO / Group –
matrix reporting to Audit committee and Board








Governance – Policies and processes
Identification – Risk Assessment, Stipulation of risks along processes and projects
Measurement – Quantification and Qualification of risks and losses / impact – Financial and Reputation – risks not measurable are qualified
Monitoring – Identification, tracking and control of risk events and resolution thereof
Mitigation – Proactive management of risks
Quarterly review of the framework – efficiency and effectiveness
Appointed Actuary a part of the Risk Committee / Framework
Risk Management operational framework – few key areas:








Operational risks, Product / Pricing risks, Risk Transfer to Reinsurance,
Underwriting policies….
Fraud prevention framework, Mis-selling, Investigations,
Risk Control and monitoring
ALM risk or a separate ALM / ALCO with AA as a member
Insider Trading Policy
Information Systems Risk
Risk Management processes – key processes: Control Self Assessments,
Root Cause Analysis, Risk Assessments and Risk Reviews
Awareness

Responsibilities

Whistle blowing




Confidential
Vulnerability

Assessment
Policy

Measurement

Controls
Detection
Slide
Solvency II Architecture
Three Pillars
1. Quantitative
Requirements
•Market Consistent Valuation
•MCR & SCR
•Formula to calculate SCR is
likely to be based on Tail Value
at Risk VaR 99.5% 1-Year
•MCR-relation to SCR to set up
•Internal models for SCR
•Recognition of Credit Risk
mitigation
•Recognition of Credit for
diversification
2. Qualitative
Requirements
•Emphasis on good governance
•Own Risk & Solvency Ass.
3. Disclosure &
Reporting
•New requirements for
disclosure to harness market
discipline in support of
achieving regulatory objectives
•Supervisory Review Process
•More developed than in Basel
•New requirements for
transparency
Third pillar of Solvency II Architecture requires Effective Disclosure and reporting
Confidential
Slide
Integration of ORSA with Internal Solvency II
Model
Fit & Proper
Risk
Management
Systems
Pillar I – Quantative
Pillar II - Qualitative
General
Governance
Own Risk and
Solvency Assessment
Internal Audit
Operational Risk
Market Risk
Actuarial
Function
Underwriting Risk
Outsourcing
Default Risk
Good Repute
Confidential
Internal
Control
Slide
Integrating Risks to Solvency II Model

Counter Party Default Risk

Using Exposure, Probability of Default and Loss Given Default

Type I Exposures:
Reinsurance arrangements, Derivatives, Securitizations, Deposits with
ceding institutions, letters of credit and cash at bank. =>99.5th percentile
of the variance of the combined exposure




Type 2 Exposures (More diversified but unrated):
Receivables from intermediaries, policyholder debtors and deposits with
ceding institutions (if numbers of counterparties are below a certain
threshold) => Sum of the [Exposure multiplied by a (generic) Risk Factor]
Credit derivatives: credit risk transferred goes to (market) credit spread
risk
Confidential
Slide
Integrating Risks to Solvency II Model – Continued…

Market Risk

Interest Rate Risk:
Increase in the volatility of Interest Rates

Currency Risk:
Most Onerous result for each individual foreign
currency and the aggregate

Stress Risk:
Credit Stress vary by duration

Property Risk:
Consider differential shocks to commercial, retail and
other types of property

Concentration Risk:
Thresholds 1-2% (from 3-5%)
Confidential
Slide
Integrating Risks to Solvency II Model – Contd…

Life & Health Underwriting Risk:

Mortality Stress: 15% permanent increase in Rates (from 10%)
Morbidity/disability Stress:
20% permanent decrease in recovery rates
Inception rates 50% increase (from 35%) in inception rates in year one followed by 25%
increase for all subsequent years










Lapse Stress: The greater of
50% increase in lapses
50% decrease in lapses
Sum of 30% of surrender strains of policies where the surrender strain is positive
CAT Risk:
A 2.5 per mile mortality catastrophe test (from 1.5 per mile in QIS 4)
Morbidity CAT stress moved to health risk – a number of pan – European catastrophes will
be developed
Confidential
Slide
Integrating Risks to Solvency II Model –
Contd…

Operational Risks

Additional elements:


Risks arising from any external management of investments:
0.5% of highest amount held with a single 3rd party management
company

Risks associated with increased business activity:

Additional capital if the technical provisions/earned premium are expected
to increase by more than 10% over the year

Risk associated with the use of management actions in calculating life
provisions:


An increase in the loading applied to life technical provisions
Substantial increases in the capital factors:

Still no credit for diversification between operational and other risks
Confidential
Slide
Risk Appetite







Environment risk
Country Risk and Macro Indicators
Nature of business, regulations and Impact
Industry trends
Profitability
Asset base and solvency
Stake holders expectations
– Owners
– Regulators
– Government
– Customers
Confidential
Slide
Risk Management Strategy
Risk Management Framework

Enhancement and Extension of risk framework across

Support to Risk Based Capital

Rating for ERM (Enterprise Risk Management)
Self Risk Management

Self Risk assessment across functions and decentralization

Facilitation process

Corroborative Risk Management
Automated Risk Management
Quantitative Risk Management tool
Embedding risk management in process, technology and trainings
Confidential
Slide
Improvement in risk management practices
Need to integrate these practices into the management process
Possible change in organization structure
Greater volatility in balance sheet
Possible move to less volatile asset classes
Greater diversification of assets and use of risk mitigation
Increased capital requirements for higher risks
More innovative risk management
Industry consolidation
Changes to product design
Revision of product diversification
Confidential
Slide
Expected Impact on Insurers
Confidential
Slide
Some Key statistics
Confidential
Slide
Thank you