Risk Management

Despite significant progress among insurers, Enterprise risk management still not fit for purpose

This report is a follow-up to a study published in 2004. It is based on a survey of 53 insurers conducted in the second half of 2007 and first quarter of 2008. The respondents were primarily chief risk officers or others directly responsible for overseeing their organizations’ enterprise risk management programs. Seventeen of the insurers are based in Europe, 16 in North America, 11 in the Asia-Pacific region and nine in Bermuda.

Against the background of an ever tougher risk environment and growing demands from investors, regulators and rating agencies, many insurers and other financial services organisations are asking questions about the effectiveness of ERM and its ability to deliver a return on investment or meet the expectations of stakeholders.

Good progress has been made in terms of developing and implementing ERM capabilities amongst insurers. More than 90% of survey respondents have ERM programmes in place and see it as an opportunity to improve decision-making and increase shareholder value. ERM is also clearly a boardroom priority across the industry, (66% strongly agree and 23% slightly agree), with some 40% of respondents stating that their firm has a board-level ERM committee. The role of the chief risk officer (CRO) is also gaining in stature with around 60% of firms saying that their CRO communicates directly with the board on at least some risk management issues.

And yet, despite progress at the top, the study found that ERM is, in many cases, neither relevant to nor clearly understood by business teams. It is not fully embedded into strategic decisions and its integration into day-to-day decision-making and frontline risk taking within many insurance companies remains limited, potentially undermining its ability to deal with a more complex risk environment and more exacting stakeholder expectations. Fewer than half of survey participants are confident that ERM has been embedded into their strategic planning, resource allocation and performance management functions.

Senior management expectations of ERM have soared as they increasingly look for ERM to help them strike the right balance between risk and reward amid mounting competition, a softening of non-life rates and the credit turmoil which has highlighted systematic risk management failures in many financial services businesses. At the same time, the evolving risk environment and more exacting analyst, investor, regulator and rating agency expectations are raising the bar for ERM, increasing the pressure on insurers to put risk at the heart of their strategy and operations.

The findings of our latest survey indicate that while many insurers have made valuable progress in developing effective ERM capabilities, unless they make ERM relevant to and integral across their businesses as a whole it will not meet expectations and achieve anticipated objectives.

Risk limits often do not reflect enterprise-wide risk appetite

Procedures for monitoring and control are often still orientated around separate risk/business silos, making a portfolio view of risk difficult to sustain. While most insurers are at least ‘fairly confident’ (and 44% are ‘very confident’) that they have clearly defined their risk appetite, critically, the alignment of risk appetite and key business decisions is often limited.

ERM effectiveness is often hindered by poor risk information and analysis

Many respondents also recognise that their risk and data systems are still patchy. According to the survey, fewer than 40% of respondents believe their firm’s risk data and systems are ‘good’ or ‘excellent’, only a marginal improvement from 2004. Communication and escalation of risk information were also highlighted as areas of weakness. Many participants are still finding it difficult to monitor and manage emerging risks, and fewer respondents appear to be using their ERM knowledge to identify and capitalise on unfolding opportunities, rather than simply mitigating their exposures.

Attracting and retaining talent is critical

Good people are critical to developing the status and effectiveness of ERM. It is telling that few respondents felt able to answer the question about the industry’s ability to attract, hire and train competent risk managers.

Greater attention to recruitment and career development will be critical in ensuring that organisations have the people they need to develop and deliver value from ERM. In turn, more effective training could help to improve awareness of risk and enhance understanding of how ERM worked and can contribute to the business.

The PricewaterhouseCoopers global survey demonstrates a strong commitment for ERM but if insurers want to take ERM to the next level, they need to develop a much stronger firm-wide understanding of its mission and objectives, a clearer allocation of appropriate roles and responsibilities and the ability to leverage risk management capabilities that already exist within the company.

With regard to South African insurers, the 2008 PwC Emerging Trends and Strategic Issues in South African Insurance report reveals that the most threatening risks to their earnings are credit risk, environmental risk and liquidity risk. Policyholders are the greatest source of fraud for short-term insurers versus syndicates for long term insurers. Interestingly, there is a trend away from reinsurance, with more companies increasing their risk appetites as they improve their risk management policies and procedures. Respondents in this particular survey highlighted that principal challenges for them in the coming years are prioritised as compliance and regulatory requirements, followed by a lack of skilled resources, which is confirmed in the ERM global survey, and then customer behaviour. Investment managers are increasing as a risk to long-term insurers and underwriting managers are more threatening to the short-term companies.

Another challenge comes from Solvency II regulations (Strategic Capital Management and Solvency II EU draft Framework Directive) and reporting. If South Africa follows the Solvency II requirements (which is most likely), this will require more attention to the risk profile, mitigation and sensitivity; this will include quantifying the ‘history of loss’. Many South African insurers rely on the actuarial quantification of risk but the nature of risks addressed by insurers is moving well outside actuarial bounds – such as regulation, skills, environment and distribution channels.

It is likely 2008 will provide an immediate challenge to the efficacy and organisational relevance of ERM as insurers face market and economic stress. However, within this challenging environment, effective ERM could help companies to sustain investor confidence, identify commercial opportunities and allocate scarce capital where it can earn its best risk adjusted return.

Related posts
CyberRisk Management

Increasing levels of commercial crime highlight need for formal risk management processes

ReinsuranceRisk Management

The state of the riot wrap market in South Africa

Risk Management

Flood risk modelling could have prepared us for the KZN floods

Risk Management

SA risk body launches guideline on future of risk management