A presentation on the proposed ERM risk evaluation standard by the US Actuarial Standards Board.
Présentation de la norme ERM du Actuarial Standards Board des USA
5. Context
Source: INGRAM, Dave(2009), “ERM and Actuaries”, Casualty Actuarial Society E-Forum, Winter
Edition, p.386-395
Enterprise Risk Advisory, LLC 5
6. Context
Risk Controlling:
– Creation of comprehensive risk models:
establish and monitor risk tolerance and limits
– Some existing ASOPs fall in this category but
actuaries mostly absent
Risk Trading:
– Pricing and valuation of risks
– Most ASOPs pertain to this goal, mostly
insurance
Risk Steering:
– EC, Risk-adjusted performance, Value
Enterprise Risk Advisory, LLC 6
7. Context
RISK EVALUATION
RISK TREATMENT
Copyright 2010 by the Society of Actuaries, Schaumburg, Illinois. .
Enterprise Risk Advisory, LLC 7
8. Context
Most ERM standards usually apply at the
company level
Most other ASB ASOPs are very specific,
although they also reference risk issues:
– #7: Analysis of life, health, or property/casualty
insurer cash flows
– #12: Risk classification (All practice areas)
– #19: Appraisal of insurers
– #35: Selection of demographic and other non
economic assumptions for measuring pension
obligations
Enterprise Risk Advisory, LLC 8
9. Context
Source: INGRAM, Dave(2011), “ERM Standards of Practice: A Socratic
Dialogue”, SOA Annual Meeting, p.11-22
Enterprise Risk Advisory, LLC 9
10. Context
Other ERM ''Standards of practice” being
considered:
– IAA: global standards initiative: Ex. Social
Security
– Asset management industry: some initiatives at
the industry level
– Auditors: some very specific individual risk
standards: risk audit and SOX.
Enterprise Risk Advisory, LLC 10
14. Risk standards
Let's listen to Dave Ingram's presentation of the
context at the 2012 ERM Symposium
http://www.ermsymposium.org/2012/audio/C9.mp3
Source: ERM Symposium, 2012, session C9
Enterprise Risk Advisory, LLC 14
20. Risk Evaluation Standard
Purpose: Provide guidance – not guidelines –
to actuaries – for the moment – as it pertains to
risk evaluation – broader than measurement,
quantification but smaller than analysis –
systems: - not just a framework -
– Design or Implement
– Use or Review
Scope: apply to actuaries for any ERM phases:
ERM control or compliance cycle, trading or
steer objectives
Enterprise Risk Advisory, LLC 20
21. Risk Evaluation Standard
Different categories of risk evaluations:
– Risk evaluation models: apply to 3 ERM phases
– Economic Capital: mostly steer phase
– Stress testing: trading & steer phases
– Emerging risk: steer phase
– Other risk evaluations: all 3 phases
Applies to an ERM type work, not pricing nor
valuation as there are particular ASOPs.
Q: What about MAD in principles-based
reserving? Enterprise Risk Advisory, LLC 21
22. Risk Evaluation Standard:
some definitions
Risk Evaluation System — A combination of practices,
tools, and methodologies within a risk management
system used to measure the potential impacts of risk
events on the performance metrics of an organization.
Risk—The potential of future losses or shortfalls from
expectations due to deviation of actual results from
expected results.
Economic Capital—The amount of capital needed for
an organization to survive or to meet a business
objective over a specified period of time at a selected
confidence level, given its risk profile.
Enterprise Risk Advisory, LLC 22
23. Standard doesn't use “standard”
definitions for some components
Ex. Standard uses counterparty risk: risk that the party providing a
risk offset or accepting a risk transfer does not fulfil its
obligations. Missing some components. A counterparty is larger
than credit risk.
Risk Management Terms Survey, SOA, 2007
SOA (2006): Enterprise Risk Management Specialty Guide May 2006, SOA
CCRO (2002): Committee of Chief Risk Officers; Volume 6 of 6 Glossary, Nov 2002
Enterprise Risk Advisory, LLC 23
26. Risk standard definitions
Standard risk definition: deviation from expectations only.
What about the average losses?
Source: Risk Management Terms Survey, SOA, 2007
Enterprise Risk Advisory, LLC 26
Source: Risk Management Terms Survey, SOA, 2007
27. Potential improvements
Adopt industry specific risk definitions:
– Ex.http://ec.europa.eu/internal_market/insurance/docs/sol
vency/impactassess/annex-c08d_en.pdf
ISO Guide 73: Risk management vocabulary
Rephrase the standard to propose that the
evaluation be adapted to the context of how risk
definitions are actually used by practitioners
Create a risk taxonomy adapted to the context:
Ex. If risk is evaluated and treated as a system –
systemic risk -, different from risk evaluation by
source or cause – economic capital calculation-.
Enterprise Risk Advisory, LLC 27
28. Risk Evaluation Standard
considerations
Financial resources and risk profile:
– Financial strength of the organization – broader
than just capital
– Risk profile, nature, scale and complexity
– Current and long-term risk environments:
internal and external, own assessment or based
on management's
– Organization's strategic goals including risk
tolerance – desired volatility – of value
– Interests of various stakeholders
Enterprise Risk Advisory, LLC 28
29. Risk Evaluation Standard
considerations
Financial resources and risk profile:
– External risk evaluations: Ex., as done by rating
agencies ERM evaluation
– Extent of dependencies, correlations,
interactions of risks
– Fungibility of capital resources
Organization's own risk system:
– Risk appetite, tolerance & management
involvement
– Enterprise Risk Control Effectiveness:
management actions toward unexpected events
Enterprise Risk Advisory, LLC 29
30. Risk Evaluation Standard
considerations
Interaction of financial resources, risk profile
and risk system:
– “If in the actuary’s professional judgement, as
appropriate to the assignment, a significant
inconsistency exists, then that inconsistency
should be reflected in the risk evaluation.”
– Important element to consider but criteria could
be expanded to include other specific
considerations like:
• Looking at existing recent losses and how it was
managed, other professionals' report like Audit,
financial analysts instead of only professional
judgement
Enterprise Risk Advisory, LLC 30
31. Risk Evaluation Standard
considerations
Risk Evaluation models: “Fit for the purpose:”
– Sophistication of models & materiality of risks
– Models reproducible & adaptable to new risks
– Practical considerations: usability, reliability,
timeliness, process, cost effectiveness
– Limitations: inherent & statistical. Ex. VAR
– Model validation, calibration, sensitivity
– Approaches to model correlations
Aspect missing: as in Solvency II, no “use test”
Enterprise Risk Advisory, LLC 31
32. Risk Evaluation Standard
considerations
Risk Evaluation models: Assumptions
– Assumptions supportable, documented & allow
for deviations from the expected
– Regularly revisited to assess effectiveness
– If assumptions reflect anticipated management
& actions are supportable by facts.
Standard should capitalize on other work in this
area, particularly in the valuation area.
Could also have assumptions as to the risk
control effectiveness, not just gross risk.
Enterprise Risk Advisory, LLC 32
33. Risk Evaluation Standard
considerations
Risk Evaluation: Economic Capital models
– Components: timeframe, basis to measure risk
– regulatory, reputation, earnings loss,.. -,
confidence level
– Reflection of significant risks in a consistent and
comprehensive manner
– Appropriateness of method to measure each
risk
Standard could capitalize on the many
economic capital requirements being developed
for Solvency II, ICAP, Rating Agencies' EC
requirementsEnterprise Risk Advisory, LLC 33
34. Risk Evaluation Standard
considerations
Risk Evaluation: Economic Capital models
– Reliance on consistent accounting framework
– Somewhat inconsistent as the idea of an
“economic” capital model is to measure risks on
an “economic”, not an accounting approach!
– Choice of appropriate methods:
• Stochastic, stress tests, scenarios, standard
measures like “add-ons”
– Validation of the models
– Assumptions: remote & unlikely: historical,
market prices, experts, internal consistency,
documented Risk Advisory, LLC
Enterprise 34
35. Risk Evaluation Standard
considerations
Risk Evaluation: Stress & Scenario testing
– Extent to which stress tests reflect similar
degree of adversity. Ex. 1 in 200 year event
– How an organization will function during a
catastrophic event – I think it is the link to
business continuity planning, if any -
– Extreme event may be part of many extreme
events – all correlations go to one -. In other
words, when things go bad, they all go bad at
the same time and reactions by all stakeholders
– How to quantify non readily quantifiable risks
and their potential total impact. Op risk +
Enterprise Risk Advisory, LLC 35
reputation
36. Risk Evaluation Standard
considerations
Risk Evaluation: Stress and Scenario testing
– Methods and models to actually assess impact
on all organizations must be ascertained
– Integrate disparate systems or build one
integrated model
– Assumptions: Tests themselves.
• Effect on other assumptions
• Management responses
• Regulatory and market reactions
• Risk mitigation and time horizon
– Scenarios: limited considerations
Enterprise Risk Advisory, LLC 36
37. Risk Evaluation Standard
considerations
Risk Evaluation: Emerging risks
– Impact of emerging risks over time
– Limited considerations in the standard
Risk Evaluation: other risk evaluations
– Used in risk monitoring, mitigation: compliance
and control ERM
– Apply same considerations as in general risk
evaluation and risk evaluation models
Data quality: ASOP 23
Documentation: ASOP 41
Enterprise Risk Advisory, LLC 37
38. Risk Evaluation Standard
considerations
Risk Evaluation: Document and disclosure
– Economic capital: models, results, limitations,
timeframe, measurement basis, confidence
– Stress & scenarios: results, intended use &
limitations
– Emerging risks: methods and sources
– Major assumptions: as before
– Risks included: risks excluded?
– Model validation results
– If major deviations from this standard: ASOP 41
– What about other disclosure standards
Enterprise Risk Advisory, LLC 38
39. Risk Evaluation Standard
Potential applications
IAIS Core Principles:16 and 20
NAIC ORSA
NAIC Form F: Enterprise risk reports
Solvency II, Pillar II, Pillar III and ORSA
Rating agencies' ERM and EC assessments
ComFrame
IAA Care report
Enterprise Risk Advisory, LLC 39
40. Reactions
Questions asked by the task force:
Enterprise Risk Advisory, LLC 40
41. Reactions
Questions raised:
– Sufficient guidance for risk evaluation?
– Flexible enough?
– Explicit enough about the reliance on the work of
others?
– ERM scope clear enough so that it doesn't extend
to other actuarial work?
25 comments, mostly by individuals, companies
and two organizations
Review comments and get your input
Enterprise Risk Advisory, LLC 41
42. Reactions
Comments so far:
– Pierson: guidance question. Should consider
joining the two proposed standards as the risk
evaluation and risk treatment are related. What
is relevant is the net risk to the organization
– Bakos: scope questions.
• Doesn't see difference between evaluation of risks
net of expectations covered by this standard and
other “common actuarial tasks” like reserving and
pricing, which also involve risk classification &
evaluation.
• Only applies to CERA doing ERM work or any
actuary?
Enterprise Risk Advisory, LLC 42
43. Reactions
Blanchard III: guidance questions
– Comments on definitions and ERM cycle
– Replace emerging by environmental scan
– Risk modelling should be done only after
understanding materiality of risks, data sources
and mitigation initiatives
Koller: guidance question
– Align definitions with other more standard
definitions
Zher: good start for guidance, flexible enough,
area of concern on the reliance on others
Enterprise Risk Advisory, LLC 43
44. Reactions
Bradley:
– Make link with ORSA as risk evaluation will
contribute to this process
– Should standard be rephrased ERM evaluation
and not just “risk” evaluation as ERM considers
risks and gains?
– Align “stress-test” definition with external
definitions
Pfluger:
– More emphasis on correlation, required capital,
not flexible enough to handle new standards,
inevitable to integrate others
Enterprise Risk Advisory, LLC 44
45. Reactions
Rochette:
– Is the purpose more “risk assessment” within
ERM than an evaluation, which is a broader
term?
– View proposed standard as a good start if goal is
to review, not complete enough is goal is to
design, implement, use
– To make it more flexible, should be more-
principles based
– Inevitable to work with others. EC section should
refer to that explicitly, otherwise, silo EC
– Should standard be ERM-context dependent?
Enterprise Risk Advisory, LLC 45
46. Reactions
Hay: not enough guidance, flexible enough,
reliance inevitable as ERM is team-work,
division of standard arbitrary – why exclude
pricing, reserving, claims – not realistic to
separate ERM from other “actuarial” activities
Financial Reporting Council: UK regulator for
governance and reporting
– Board responsible to assess risks
– Risk evaluation is part of that role of Boards
Enterprise Risk Advisory, LLC 46
48. Reactions
North American CRO Council:
– “We strongly believe that ERM is not an actuarial process
and goes beyond an actuarial function.”
– “We believe it may be premature to develop a standard
related to ERM and that expressing the ERM principles
in the form of guidance document may be more
appropriate at this time.”
– “This standard would be adding to existing and growing
compliance requirements in the ERM landscape.”
Enterprise Risk Advisory, LLC 48
49. Your reactions?
Outstanding issues related to any new ERM
standards:
Source: ERM Symposium, 2012, session C9
Enterprise Risk Advisory, LLC 49
50. Your reactions?
Should we have such a standard? Do you
agree with the ERM standard task force's
earlier conclusions or do you agree with
NACRO's conclusions?
Your reactions to the standard itself: guidance,
scope, flexible enough, interactions with non
actuaries? Other issues?
Do you think that the actuarial profession
should develop its own theoretical ERM
Framework to position itself in the ERM space?
Should standards reflect “existing”50
Enterprise Risk Advisory, LLC
practice or
“best” practice?