Add to collection(s) Add to saved
  1. Business
  2. Finance

What is Risk Appetite?

advertisement 
Risk Management
Croatian Insurance Days 2010
15th November 2010
Jiri Fialka
Contents
Risk Appetite
3
Stakeholder Expectations
4
Challenges
5
Current Industry Approaches
6
Metrics
7
Where on the distribution?
11
Embedding Risk Appetite
12
Setting Risk Appetite Limits
13
Conclusion
14
2
© 2010 Deloitte Czech Republic
What is Risk Appetite?
Risk Appetite
At the highest level, risk appetite defines the amount of overall risk that a firm is
willing to accept in pursuit of its business objectives.
Some regulators (such as the FINMA in Switzerland) distinguish that from risk
tolerance, the amount of overall risk a firm CAN take.
Risk Appetite Framework
•
•
•
3
The board ultimately needs to set risk appetite and cascade it within the firm.
A risk appetite framework defines the approach for :
o setting the firm’s overarching risk appetite,
o the processes, controls and methodology for setting and managing against
risk limits
The framework will be dependent on a number of factors including the nature,
size and complexity of the business. The two aspects of the framework that are
within the control of management are the level of granularity chosen and the
suite of risk metrics used.
© 2010 Deloitte Czech Republic
What are Stakeholder Expectations?
Solvency II text (CP33)
FSA (Insurance Sector Briefing)
The regulatory text thus far contains high level statements
establishing the imperative for a risk appetite framework:
The FSA is disappointed with progress in insurers and made the
following observations as early as November 2006:
•“well documented risk management strategy that includes... risk
appetite”
•“Risk appetite is not well understood in many firms to a level of
clarity that provides a reference point for all material decision
making. There is a big step between defining and applying risk
appetite”
•The appetite needs to then be expressed in “acceptable levels of
risk limits for each risk type”
•The risk management function will “maintain an organisation-wide
and aggregated view on the risk profile”
•“an appropriate own risk and solvency assessment (ORSA)”
•“Producing meaningful statements of risk appetite has posed
significant challenges for many firms.”
“....slow progress by boards and management to go beyond
definition and apply them a point of reference for material decision
making”.
S&P
A Deloitte perspective
Companies will be viewed as having weak, adequate, strong, or
excellent ERM. Companies are expected to:
• Risk Appetite is the mechanism by which the owners of the firm
express to the management of the firm the risk profile they wish
to take. This is measured at multiple time horizons
•Knowingly take considered risks and understand that losses are
probable. In effect, risk management should provide a company
with reasonable grounds to believe that it will be able to manage
any events and losses within predetermined bounds.
•Measure all of their risks on comparable measures so that the
risk-management process of managing risk taking and limiting
losses to within company tolerances can be performed across all
risks and for the total enterprise.
4
• Risk Appetite is both qualitative and quantitative
• Risk appetite frameworks provide a pivotal link between
strategic objectives of the organisation and its risk management
framework and limit structures.
• Risk appetite should be cascaded to the business to inform day
to day business decisions and become embedded in the firms
risk management framework.
© 2010 Deloitte Czech Republic
Challenges Implementing Risk Appetite
Many firms will face a number of challenges around the development of their risk appetite, particularly ensuring it
is:
• meaningful across a number of metrics and at an appropriate level of granularity, and
• embedded within the day-to-day running of the business.
Challenges
Examples of Weaknesses
Developing
Meaningful Risk
Appetite
• Generic statement by Boards published in annual results but meaningless in practice
• Limit based frameworks where limits are established on ‘experience’, ‘gut-feel’ and ‘expert
knowledge’. The result is inconsistent and unconnected to strategy and extreme losses
• Statements of ‘high’, ‘medium’ and ‘low’ appetite but without any definition of what these mean
• Lack of clarity in statements of what the firm ‘won’t do’, and loose definitions of what the firm
‘will do’
Embedding Risk
Appetite
• Lack of linkage between the quantification of risk appetite and the internal capital framework or
stress testing
• Cottage industries producing KPIs and KRIs. Little or no link to appetite statements and a
heavy focus on lag (rather than lead) indicators
• Lack of operational linkage between the risk appetite statements made and the operation of the
firm, i.e. translating Risk Appetite from a written document into commercial decisions
• Firms and Boards playing lip-service, i.e. because the regulator insists organisations have it
5
© 2010 Deloitte Czech Republic
Current Industry Approaches
The insurance industry is slowly finding its way into Risk Appetite. Solvency II provides considerable impetuous.
Risk Appetite
frameworks are not
in place
Solvency II and FSA
is driving thinking
External inputs and
benchmarking
Long term risks
make appetite
complicated
No linkage between
ICA models and
Appetite
No obvious sponsor
or driver, e.g. CRO
6
• Firms all have some form of Appetite statements
• We are not aware of many firms who have in place a robust Risk Appetite
framework
• FSA Arrow reviews are increasingly focusing on risk appetite
• Solvency II strongly establishes the requirement without providing any detail
• Firms are reaching out to consultants to provide intellectual input
• Appetite is increasingly included as a work stream within Solvency II programmes
• Long terms insurance risks potentially make appetite more complicated than
banking
• The same complication should demand a robust approach to setting appetite for
risks
• Existing Appetite frameworks are operated without reference to or input from risk
drivers within the capital model.
• Volatility or earnings at risk should be drawn from the same model as the capital
• Few firms contain a CRO with holistic risk responsibilities – these individuals drive
Appetite frameworks within banks. This is not a Chief Actuary mind set.
• Solvency II requires firms to think as Groups not just legal entities. How will firms
complete a Group-wide ORSA without a robust Appetite framework?
© 2010 Deloitte Czech Republic
Metrics – It’s not just about capital!
•
To date, many life companies have only used a
capital metric to define their risk appetite.
•
For example, firms have defined risk appetite as
having sufficient capital to cover its internal capital
requirements based on a particular credit rating (e.g.
AA).
•
A capital metric focuses on preservation of
policyholder benefits without providing sufficient
insight into how the risks can be managed to meet
the broader business objectives.
•
Including other value metrics in the framework, such
as earnings or cashflow, allows a firm to set its risk
appetite more broadly and ensures a clearer link to
business objectives.
Business Objectives
Risk
Capital
Value
Risk Appetite needs to be
articulated in the context of
broader business objectives.
7
© 2010 Deloitte Czech Republic
Metrics – Capital at Risk
The capital requirement (or capital at risk) provides a measure of the level of risk exposure for an organisation. In
isolation, the nominal capital requirement does not provide much information. However, it is possible to use
relative metrics to help articulate risk appetite.
Risk capacity and risk exposure
Company balance sheet
Surplus
Capital
Requirement
Relative capital requirements by risk class
Company balance sheet
Additional Risk
capacity
indicator
Surplus
Risk class N
Assets
Assets
Liabilities
Liabilities
Relative risk
exposure
indicator by risk
class
• The capital requirement represents a measure of the risk
that the organisation is currently exposed to.
Metric
Type
Metric
• The surplus represents additional risk capacity, giving
insight into the ability of the organisation to take on further
risk.
Risk
Capacity
Excess assets over
liabilities/ Capital
requirement
Provides insight into how much more
risk the business can take on relative
to existing risk exposure.
Capital requirement/
liabilities
Provides insight into the level of risk
exposure that exists within the
business.
Capital requirement for
risk class N/ Capital
requirement
Provides insight into the relative
exposures to specific risk classes
in the current risk profile of the
business.
• The capital requirement should be able to be split by risk
class.
• Consideration can be made of both current relative risk
exposures and forecasted/ projected relative risk exposures.
8
Risk class 1
Risk class 2
Capital
Requirement
Risk exposure
indicator
Risk
exposure
Description
© 2010 Deloitte Czech Republic
Metrics – Capital at Risk
In this section we look at how Capital at Risk could be developed at the next level of granularity.
Risk Exposure
Capital Required as % of liabilities - Diversified
Group
30%
8%
7%
25%
Legal
Entity 1
Legal
Entity 2
Capital required as % of
liabilities (CRL%) - Diversified
20%
15%
10%
Risk Appetite - CRL% Diversified - Low
5%
Risk Appetite - CRL% Diversified - High
0%
Term
Assur.
Annuities
Pensions
Business
unit 1
Business
unit 2
Business
unit 3
Risk Exposure
Risk % of Liabilities - Interest - Diversified
6%
Interest
5%
Risk Appetite - Interest Rate
contribution - Diversified - Low
4%
3%
Risk Appetite - Interest Rate
contribution - Diversified - High
2%
1%
0%
Legal
Entity 1
Group
BU 1 BU 2 Term
Annuities
Assurance
Legal Entity 1
Legal
Entity 2
BU 3 Pensions
Legal
Entity 1
Legal Entity 2
Group
Risk Exposure
Risk % of Liabilities - Credit Spreads - Diversified
In the example, the Group is
exposed to 5 risks:
• Interest
• Credit Spreads
• Asset Share Volatility
14%
Legal Entity 1
Legal
Entity 2
BU 3 Pensions
Legal Entity 2
Risk Exposure
Risk % of Liabilities - Asset Share Volatility - Diversified
8%
12%
7%
Credit Spreads
10%
8%
6%
Risk Appetite - Credit Spreads
contribution - Diversified - Low
4%
Risk Appetite - Credit Spreads
contribution - Diversified - High
5%
3%
0%
1%
Group
BU 1 BU 2 Term
Annuities
Assurance
Legal Entity 1
Legal
Entity 2
BU 3 Pensions
Risk Appetite - Asset Share
Volatility contribution Diversified - Low
4%
2%
Legal
Entity 1
Asset Share Volatility
6%
2%
• Equity
BU 1 BU 2 Term
Annuities
Assurance
Risk Appetite - Asset Share
Volatility contribution Diversified - High
0%
Legal Entity BU 1 - Term
BU 2 1
Assurance Annuities
Legal Entity 2
Group
Legal Entity 1
Legal Entity BU 3 2
Pensions
Legal Entity 2
• Mortality
Risk Exposure
Risk % of Liabilities - Mortality - Diversified
Risk Exposure
Risk % of Liabilities - Equity - Diversified
8%
16%
14%
7%
6%
Equity Levels
Risk Appetite - Equity Levels
contribution - Diversified - Low
4%
3%
Risk Appetite - Equity Levels
contribution - Diversified - High
2%
1%
Mortality Level
Risk Appetite - Mortality
contribution - Diversified - Low
8%
6%
Risk Appetite - Mortality
contribution - Diversified - High
4%
2%
0%
0%
Legal
Entity 1
9
12%
10%
5%
Group
BU 1 BU 2 Term
Annuities
Assurance
Legal Entity 1
Legal
Entity 2
BU 3 Pensions
Legal Entity 2
Legal
Entity 1
Group
BU 1 BU 2 Term
Annuities
Assurance
Legal Entity 1
Legal
Entity 2
BU 3 Pensions
Legal Entity 2
Metrics – Earnings at Risk
Earnings at Risk attempts to address the value aspect of risk appetite, to provide a more complete picture of the
nature of risks that the organisation could be exposed to. Earnings at Risk provides a different perspective on risk
relative to Capital at Risk as it focuses on how risks impact earnings and also potentially cashflow. Thus, there
are likely to be conflicts as different risks will bite for Earnings at Risk relative to Capital at Risk.
• The Earnings at Risk number can be considered as the difference between a projected earnings and stressed earnings value.
• This diagram depicts how Earnings at Risk could be analysed separately for a forecasted period and risk appetite set for each year
(refreshed annually).
Year 1
Risk 1
Earnings
At
Risk
Projected
Earnings
Year 1
Stressed
Earnings
Year 1
Risk 2
Risk N
Earnings volatility due to
individual risk drivers
Year 1
• Earnings at risk is likely to be focused on different points on
the distribution relative to capital at risk (e.g. 1 in 10 vs 1 in
200).
• Earnings at risk will be focused on both New Business and
Existing Business.
• Cashflow at risk is a another metric that can be considered.
Important in relation to dividend payments by the
organisation.
10
Year 2
Year 3
Year 4
Year 5
• There will be challenges around projecting a risk-based
balance sheet to assess earnings at risk. In particular:
• Methodology and Technology
• What-if capability
• Achieving the right balance between accuracy and ability to
carry out What-if analysis
• Likely to be conflicts as different risks will bite for Earnings
at Risk relative to Capital at Risk. Difficult management
decisions.
© 2010 Deloitte Czech Republic
Where on the distribution?
To support Risk Appetite and ORSA an Internal Model should do more than calculate the tail.
• If the model analyses different loss
horizons risk managers can understand
drivers of risk
Loss distribution
Drivers of losses
are different
• At which horizon is the firm managing its
Risk Appetite?
• Risks driving ‘difficulty’ (aka reverse
stresses) are not the same as the
catastrophic tail risks of capital
Expected
Scenario 1
Scenario 2
Worst case
• Limit frameworks and concentration risks
will be different at different horizons
Banks
Insurers
Banks
Insurers
Credit cards
Motor claims
Wholesale
Catastrophe
Retail loans
Equity
Fin. Institutions
Longevity
Small business
Interest Rate
Mortgages
Default
Market risk
Spread
• Limit frameworks should be clear on which limits are managing tail risk and which profit volatility
• Risk appetite frameworks can leverage the model to identify risk drivers at the varying horizons and
ensure suitable limits are in place, e.g. concentration risk within a card portfolio
11
© 2010 Deloitte Czech Republic
Embedding Risk Appetite
•
Risk appetite should be set by the Board as part of the annual planning cycle
•
Cascaded to business and regional units as part of their operational planning
•
Risk appetite set at Group, Business Unit, Major-Product and Risk Class
•
Periodic (monthly / quarterly) risk reporting should include MI which monitors
risk exposures against limits
•
Consistent process for treatment of breaches
•
Board and senior management training, awareness and engagement
•
Standing item on terms of reference of risk committees
•
Continuous refinement and iteration
•
Linkage between risk appetite limits and operational limits around risk drivers
(such as products and asset allocations)
•
Inclusion in performance management (role profiles and objectives)
12
© 2010 Deloitte Czech Republic
Setting Risk Appetite Limits
Limit setting should consider and involve:
•
Risk Philosophy
•
What-if Analysis
Illustration of risk appetite limits
Risk appetite limit thresholds
Current capital
cover ratio
•
Historical Analysis
•
Loss horizons
•
Hard and soft limits
•
Treatment of breaches
•
Top-down and bottom-up approaches – a range of
Capital cover
position
Approaching thresholds
operational limits will already be established
•
Senior management, SME, risk and actuarial function
Time
input
•
Iteration and refinement
13
© 2010 Deloitte Czech Republic
Conclusion
•
Risk Appetite is not currently embedded within the life industry.
•
Solvency II will act as a significant catalyst towards embedding Risk Appetite.
•
Risk Appetite is not just about capital.
•
To be meaningful, risk appetite will need to be sufficiently granular across a
suite of metrics.
•
To be effective, risk appetite will need to be embedded in the day-to-day
management of the business.
•
Timely management information and forward-looking KPIs will be critical to
successful implementation.
14
© 2010 Deloitte Czech Republic
This document is confidential and prepared solely for your
information. Therefore you should not, without our prior
written consent, refer to or use our name or this document
for any other purpose, disclose them or refer to them in
any prospectus or other document, or make them
available or communicate them to any other party. No
other party is entitled to rely on our document for any
purpose whatsoever and thus we accept no liability to any
other party who is shown or gains access to this
document.
15
Deloitte refers to one or more of Deloitte Touche
Tohmatsu Limited, a UK private company limited by
guarantee, and its network of member firms, each of
which is a legally separate and independent entity. Please
see www.deloitte.com/cz/about for a detailed description
of the legal structure of Deloitte Touche Tohmatsu Limited
and its member firms.
© 2010 Deloitte Czech Republic
Related documents
The Top Four Essential Objectives to Auditing ERM
The Top Four Essential Objectives to Auditing ERM
Cancer Complications
Cancer Complications
Client Intake Form
Client Intake Form
How much Risk to do – Workshop output
How much Risk to do – Workshop output
*Perfect Pet* Vocabulary Words
*Perfect Pet* Vocabulary Words
高三英语unit4词汇
高三英语unit4词汇
Client History Questionnaire Pg 1 - Associated Christian Therapy
Client History Questionnaire Pg 1 - Associated Christian Therapy
Download
advertisement