Risk Management for Small to Mid-sized Companies

advertisement
Risk Management For
Small to Mid-Sized
Companies
Michael A. Cohen, Principal
Cohen Strategic Consulting
September 16, 2010
Today’s Presentation
• Philosophy
• Process
• Focus of a Small-to-Midsized Company’s
ERM Program
• Internal/External Identification, Review of
Risks
• Financial Analysis/Capital Analysis/Metrics
• Risk Tolerances, Thresholds
2
Today’s Presentation
(continued)
• Investment Strategy, Management
• Governance Structure/Process,
Responsibilities, Communications
• Stakeholders, Discussions
• Case Study
• Business Psychology
• Rating Agency Expectations
• Conclusion
3
ERM Philosophy
• Leadership/involvement from the ‘top’ - the CEO
has to drive ERM in a meaningful way,
enhancing the company’s risk culture
• Supports attainment of (and ideally exceeding)
corporate goals, objectives, interests of
stakeholders
• Concentrate on the company’s major/material risks
(prioritization) at the core of the ERM process, but
be perceptive about other risks; don’t let the
process get bogged down with theoretical concepts
4
ERM Philosophy
(cont’d)
• Risk thresholds and tolerances quantified/
qualified; events that can cause their ‘breaching’
need to be highlighted and mitigated
• Integrate ERM with and into strategic, operational
and financial planning, decision making – not a
silo!
• Use ERM as a problem solving, or better yet, a
problem avoidance effort
5
ERM Process
• Actionable, hands-on process – pragmatic!
• Communication/integration processes up and down, and across the
organization; this is easier to accomplish in a small to mid-sized
company
• Everyone is a risk manager, and a company’s communications process
needs to be an effective, non- threatening enabler whereby staff can
alert executives/ managers with a need to know about risk issues
• All associates should be ‘students of the business’, ideally beyond their
own areas of expertise and responsibility
• Modeling must be done insightfully, and deliver reliable decisionmaking data and analyses
• Decision making processes need to be effective (more on this later)
6
Focus of a Small-to-Midsized
Company’s ERM Program
A small-to-midsized company does not have the resources to ‘do
everything’ (as a large company does), but it can develop and
implement a very effective ERM process:
• Tailor program to fit the organization, its resources, and decisionmaking processes
• Risk identification, quantification/qualification, prioritization,
coordination, mitigation; problem solving
• Focusing on the most impactful areas in the launch phase
• Integration of ERM into strategic and operational planning
• Utilize existing committee structures and decision-making protocols
• Determine risk tolerance, thresholds, tail risks
• Implement risk mitigation processes
• We’re going to talk about rating agencies’ expectations a little bit later
in the presentation
7
Internal/External Identification,
Review of Risks
• Designate an experienced, knowledgeable
executive to coordinate risk committee and the
identification and review of risks; it may be a
dedicated Chief Risk Officer (CRO), but doesn’t
have to be
• Committee with key executives:
- Finance
- Actuarial
- Investments
- Businesses
- Legal
- Audit
- Others with relevant expertise
8
Risk Tolerance (adverse impact),
Thresholds (behavioral triggers)
How much adverse risk impact can your company
’tolerate’?
• Capital
• Earnings
• Business volume – type and amount
• Ratings
• Miscalculations are common!
If your company is exposed to more risk (impact) than can be
comfortably absorbed (your ‘thresholds’ are breached), you
may well need to make some changes.
9
Financial Analysis/Capital
Analysis/Metrics
• Growing earnings, while preventing earnings
‘eroders’
• Growing capital, while preventing capital
‘eroders’
• Economic capital (modeling)
• Cost of capital, capital allocation, returns on
capital (risk adjusted returns)
• Metrics (of performance)
10
Investment Strategy, Management
•
•
•
•
•
•
•
Asset classes invested in
Net yield performance
Realized capital losses/defaults/ impairments
Liquidity
Concentration
Higher yield/higher risk investment options
Counterparty issues
• Investment risk issues and magnitudes are growing and
becoming (much) more uncertain
11
Governance Structure/Process,
Responsibilities, Communications
•
•
•
•
Senior management
Board of Directors
Key managers
The organization
12
Key Constituencies:
Stakeholders
•
•
•
•
•
•
•
•
•
Customers
Producers
Board of directors
Investors/shareholders
Rating agencies
Regulators
Counterparties
Financial and business partners, supply chain
Executives, management and critical staff
• How might they react to risk and uncertainty, and their adverse
impacts in your company?
13
Discussions For Key Constituencies
• ERM Charter, Goals/Objectives
• Risk thresholds, tolerances
• Process in place, including governance; committees
overseeing the most important corporate functions integrate
ERM into their activities, ‘missions’; communications
• Integration into strategic and operational planning
• Financial, actuarial analysis /capital allocation/risk
tolerances, thresholds/metrics/modeling
• Improvements in decision making, problems headed off,
lessons learned
14
Actions Dissatisfied
Stakeholders Might Take
• Cease doing business with you, or diminish the volume of
business they do with you (Customers, Producers,
Counterparties - financial/business partners, supply chain,
Executives/ Management/Critical staff
• Sell stock, lowering the price in the process (Investors)
• Replace management, lower compensation (Board of Directors,
Investors)
• Charge you a higher price (interest rate) for capital (Lenders)
• Downgrade your company (Rating Agencies)
• Mandate that you cannot participate in your business
(Regulators, Institutional Customers - if ratings are not high
enough)
15
Case Study
• Visualize a hypothetical company, with the
following attributes:
- $10 billion in assets
- $700 million in capital (7% C&S/Assets)
- $60 million in annual net income
- $100 million in new life insurance annualized
premium
- $200 million in annual fixed annuity sales
- ‘A’ rating, stable outlook from A. M. Best
- ‘A+’ rating, stable outlook from Standard and
Poors
16
Case Study (continued)
• Risk (impact) tolerance: How much capital
could this company lose, and what level of
reduced earnings could it accept …
comfortably, without feeling that significant
changes needed to be made?
17
Case Study (continued)
• Event: The company suffers a $100 million,
investment related capital loss (that had
been funded with excess capital … of
course)
18
Case Study (continued)
• After the event, the hypothetical company now has the
following attributes:
- $9.9 billion in assets
- $600 million in capital (6.1% C&S/Assets)
- $55 million in annual net income
- Less than $100 million in new life insurance annualized
premium
- Less than $200 million in annual fixed annuity sales
- ‘A’ rating, negative outlook or possibly a downgrade to
an ‘A-’ rating from A. M. Best
- ‘A+’ rating, negative outlook or possibly a downgrade to
an ‘A’ rating from Standard and Poors
19
Reflecting on the Actions Dissatisfied
Stakeholders Might Take
• What stakeholder reactions are most onerous?
• Avoiding those (most onerous) reactions are clearly
your greatest imperative, and define your ultimate
tolerance for risk and what your risk thresholds need
to be
• Hypothesis: A rating downgrade is the most serious
stakeholder reaction a company can experience, as it
has the most impact on triggering other undesirable
stakeholder reactions
20
Business Psychology:
How People Analyze Situations and
Make Decisions Has a Big Impact on
How They Manage Risk
• People work on problems they think they can solve, and they
avoid those they don't think they can solve. Therefore, if the
elements of risk are in the latter category, they won't be
addressed.
• They are slow and cautious in reacting to new information.
Solutions to risk reduction may exist, but they might not be
implemented without an inordinate amount of study, or
possibly not at all.
21
Business Psychology (cont’d)
• They are reluctant to admit ignorance or mistaken assumptions and
tend to forget misassumptions that have been made. An illconceived initiative can be expected to have additional risk, and if
learning doesn't follow, further mistakes may be made.
• They are inclined to be risk averse when they have made gains and
can be risk seeking when they have incurred losses. This leads to a
strategy basically opposite of what should be pursued, which is to
invest more when gaining and less when losing.
• They look at fewer as opposed to more perspectives, possibly
missing a better solution.
22
Business Psychology (cont’d)
• They do not realize when they are at an information disadvantage.
• They are inclined to blame others for poor results, as opposed to
studying the causes for their own mistakes and fixing them.
• They frequently place greater value on what they have created than on
what others have done, either individually or collectively, and may well
miss out on higher-order thinking generated by a group and on critical
perspectives of others.
23
Black Swans:
Unforeseeable Events
with Huge Consequences
• These events aren’t in our mind-sets; when you develop
risk scenarios, many times these events won’t be foreseen
• Q: How can we protect our company’s assets (broadly
defined) from risks we can’t anticipate?
- Increased capital, liquidity (or access to it)
- Diversification: into sound options, not just diversifying
for the sake of it
- Conservatism
- Understanding thoroughly the elements (and risks) of our
businesses (from internal and external views)
24
Rating Agency Expectations
• S&P:
* Has the most intense ERM analysis/expectations
of any rating agency
* Few small-to-midsized life insurance companies
are followed on an interactive basis by S&P
• Others
• Large companies
• Small-to-midsize companies
25
What S&P is Looking For
in Insurers’ ERM Programs:
Large Companies
•
•
•
•
Risk management culture, process
Top management commitment
Governance
Risk tolerance, thresholds; note that the
word ‘appetite’ was not used!
• Risk mitigation, controls
26
What S&P is Looking For
in Insurers’ ERM Programs:
Large Companies
• Preparedness for emerging and unpredictable risks
• Risk models, assumptions
• Strategic risk management: controlled risk taking
in the pursuit of strategic initiatives
• Effective communications
• “What’s behind the Power Point?”
27
What S&P is Looking For
in Insurers’ ERM Programs:
Small to Mid-sized Companies
(they follow only a few of them)
Q: Why can’t small to mid-sized companies do many
of the ERM-related activities that large companies
do?
A: They can. They have to perform the most
important elements of ERM … with fewer
resources but can benefit from closer coordination.
28
Conclusion
• ERM is an integral part of sound management and
decision making, not a fad nor an isolated activity
• Knowing how much risk impact you can
comfortably absorb, and making the necessary
changes if you are beyond your tolerance(s), can
literally save your company
• Risk mitigation/problem solving critical
• Guard against the unpredictable, while not be
paralyzed by fear
• You can do this!
29
Contact Information
Michael A. Cohen, Principal
Cohen Strategic Consulting
(215) 595-7259
mcohen@cohenstrategicconsulting
www.cohenstrategicconsulting.com
30
Download