Upload
augustine-cross
View
213
Download
0
Embed Size (px)
Citation preview
1© 2014 CSAA Insurance Group. Confidential and proprietary.© 2014 CSAA Insurance Group. Confidential and proprietary.
September 19, 2014
Strategic Risk ManagementJeff Huebner
Nicole Murray
Risky Business Week
2© 2014 CSAA Insurance Group. Confidential and proprietary.
We make explicit risk decisions, we are in the business of risk
• We aspire to be the #1 insurer in AAA member households across the markets we serve. As an insurer, our job is to assume and manage our member policyholders' personal lines insurance risk. We need to make risk choices and take risk in order to achieve this vision.
• In order to be the #1 insurer across the markets we serve, we need to take an appropriate level of risk for the financial, catastrophic, operational, and execution risk associated with growing books of personal lines business. We need to have a willingness to accept the higher level risk that is associated with growing our business.
• We believe that our strategy needs to be a consistent, aligning, guiding, and a driving force for the enterprise. We believe that frequently changing our strategy represents a very large risk. When it comes to enterprise strategy, we have a moderate appetite for the risk that we don't have the perfect strategy as the greater risk comes with too frequent changing of strategy. To support this, we need consistent communication to all employees to ensure alignment on the strategy.
Risk Category Low Appetite Moderate Appetite High Appetite
Catastrophe Risk n
Competition Risk n
Investment Risk n
Regulatory Risk n
Strategic Risk n
3© 2014 CSAA Insurance Group. Confidential and proprietary.
History of our Enterprise Risk Management program
2014
• Pre-separation, we used a high level ERM structure to identify, assess, prioritize, manage, monitor, and report risk.
• Included ERM into Audit Committee Charter
• Developed ERM guiding principles, risk management framework and ERM governance roles and responsibilities
• Identified top enterprise risks through interviews with management and ELT
• Identified risk owners for top enterprise risks and created ERM frameworks for each risk
• Conducted first ERM Leadership Team meetings
• A.M. Best identified our ERM capabilities as strong to superior
• Completed draft ORSA* report and participated in ORSA pilot program with CA DOI
• Created first Risk Appetite Statement
• Internal Audit provided independent assurance of our Business Continuity Planning and IT Disaster Recovery risks
2013201220112005 - 2010
*Own Risk and Solvency Assessment (ORSA) – component of an insurer’s enterprise risk management framework , is a confidential internal assessment appropriate to the nature, scale and complexity of an insurer conducted by the insurer of the material and relevant risks identified by the insurer associated with an insurer’s current business plan and the sufficiency of capital resources to support those risks.
4© 2014 CSAA Insurance Group. Confidential and proprietary.
Management owns risk and its management
The ERM team owns the risk process and focuses on key risks. The ERM team does not provide assurance
Strong and visible commitment from all members of the ERM leadership team, C-suite executives and Board of Directors
Clearly defined ownership for all key risks
Leverage ERM to ensure explicit risk choices rather than implicit or default decisions
Employ a single, consistent framework to achieve clarity and common understanding on disparate risks
Enterprise Risk Management Guiding Principles
5© 2014 CSAA Insurance Group. Confidential and proprietary.
Enterprise Risk Management Five Lines of Defense
Each enterprise risk is reviewed by five lines of defense, which is a four step process at each line of defense:
Identify and preliminary asses
Assess and prioritize likelihood and severity
Assign accountability and risk response
Monitor and reporting
Risk Owner
ERM Core Team
ERM Leadership
Team
Executive Leadership
Team
Board or Committee
6© 2014 CSAA Insurance Group. Confidential and proprietary.
Each top enterprise risk is evaluated through a consistent and extensive risk review process
Our risk identification process includes emerging risk discussions with the ERM Leadership Team and Executive Leadership Team, annual Board survey and review of risks within the industry and our peers
Once a risk is identified as a top enterprise risk, we use the following ERM process for each risk:
• Identify a risk owner• Identify C-suite owner• Identify Board or Committee
ownership• Define the risk• Set risk tolerance• Identify risk drivers and action
items• Identify and publish key risk and
performance indicators• Evaluate risk’s potential impact on
strategic initiatives and key company goals
• Quantify gross risk score• Identify mitigating controls• Evaluate mitigating control status• Quantify residual risk score• Determine current risk status• Identify target risk status• Determine current status of
mitigation efforts• Identify target status of mitigation
efforts• Speed of onset spectrum• Top risks correlations mapped
The risk owner then presents the completed ERM framework to the following groups:
• ERM Leadership Team – a body of 7 cross functional executives
• Executive Leadership Team (C suite)
• The Board or Board Committee that oversees the risk
7© 2014 CSAA Insurance Group. Confidential and proprietary.
ERM risks classified by speed of onset
8© 2014 CSAA Insurance Group. Confidential and proprietary.
For each top enterprise risk, we have articulated risk tolerances, with the following as representative examples
Overall risk tolerance
We want to manage risk to ensure we can do all of the following:
• Pay 100% of all claims to support our policyholders’ needs (including major catastrophe)
• Have the financial position to be able, if we choose, to renew all of our existing policies and continue to support AAA members with their existing insurance needs
• Have the additional capital to support growth, both in support of the strategy we have outlined, and in a post-catastrophe, dislocated market where AAA members reach to us to support them
• Maintain a minimum BCAR score of 250 and a capital position above required economic capital
Catastrophe and Reinsurer credit risk
We have a risk tolerance of up to 15% of surplus lost in a 1-in-250 year event
We will not tolerate excessive exposure to individual reinsurer credit risk and use allocation caps based on AM Best ratings as follows:
• $55 million cap for A++, $50 million cap for A+, $30 million cap for A, and $10 million cap for A-
Loss Reserves
We have little tolerance for the risk of adverse loss development and we set the loss reserve margin at a 95% confidence level that carried personal lines reserves will not be exceeded, given anticipated inflation
9© 2014 CSAA Insurance Group. Confidential and proprietary.
ERM Framework Template
Appendix
10© 2014 CSAA Insurance Group. Confidential and proprietary.© 2014 CSAA Insurance Group. Confidential and proprietary.
Risk NameEnterprise Risk Management
11© 2014 CSAA Insurance Group. Confidential and proprietary.
Risk Name
Risk Definition:
Business Owner: ELT Owner: Board/Committee:
Risk Tolerance:
Current Target Commentary
Risk Status
Status of mitigation efforts
Action Owner Date
Risk status legend: l Unacceptable Risk l Elevated Risk/Area of Focus l Acceptable Risk l Well Within Tolerance
Mitigation Status: l Unsatisfactory l Needs Improvement l Satisfactory l Exemplary
12© 2014 CSAA Insurance Group. Confidential and proprietary.
Risk Name
Risk Drivers Owner
Risk status legend: l Unacceptable Risk l Elevated Risk/Area of Focus l Acceptable Risk l Well Within Tolerance
Mitigation Status: l Unsatisfactory l Needs Improvement l Satisfactory l Exemplary
13© 2014 CSAA Insurance Group. Confidential and proprietary.
Risk Name
Impact on Strategic Initiatives Impact on Enterprise OGSM
High Perf Culture
World-Class Agency Partnership
Exceptional Marketing & Direct Sales
Member-Centric Product Dev &
Mgt
Top-Tier Claims Experience
Easy Selling & Servicing
Strong Financial
Health
Top-tier Customer Experience
Significant PIF Growth
Competitive Expense &
Combined Ratios
High Level Of Employee
Engagement
Key performance indicator/Key risk indicator
Owner Target Year end 2011
Year end 2012
Q1/Q2 2013
Q3/Q42013
Year end 2013
14© 2014 CSAA Insurance Group. Confidential and proprietary.
Commentary:
Gross Risk Score =
Assurance
Description of Control Likelihood Severity Owner Status
Residual Risk Score =
Risk Assurance Matrix – Risk Name
Mitigation Status: l Unsatisfactory l Needs Improvement l Satisfactory l Exemplary
15© 2014 CSAA Insurance Group. Confidential and proprietary.
Risk Name
Status Update: Organizational Response:
Conclusion: