MAA_Riskmanagement

Riskmanagement

Master in Actuarial Analytics

Hong Tong Wu

Part 1: qualitative

1. ERM

2. ORSA

3. Softskill training (pass)

4. Economic and supervisory capital, continuity analysis + role of supervision

5. Softskill training (pass)

Part 2: quantitative

6. Risk measures

7. Dependencies + risk capital

8. Standard model Solvency II

9. Capital allocation + performance measurement

10.Valuing insurance liabilities

11.Risk management game + case (grade)

Riskmanagement


Lesson 1: Enterprise risk management (IAA: Chapter 1-5)

Content

1. Setting the scene

2. Governance and ERM framework

3. Risk management policy

4. Risk tolerance statement

5. Risk responsiveness and feedback loop

Setting the scene: What is ERM?





No universally accepted definition

Broad

• all risks faced by the insurer

– ‘downside’ and ‘upside’ risks

– internal and external sources

– company-specific and systematic risks

– quantitative and qualitative risks

• interests of all stakeholders of the insurer


Process

• totality of systems, structures and processes to identify, treat, monitor, report and communicate all sources of risk

• systematic organisation of and coordination between risk functions (integrated versus ‘silos’)


holistic consideration of risk information relating to:

• past events (losses)

• current performances (risk indicators)

• future outcomes (risk profile or risk assessment)

Governance and ERM framework

ERM framework

ERM framework should be proportionate to

- Nature: product diversity

- Scale: small versus large insurer

- Complexity: local versus global

of risks to which the insurer is exposed to.

Governance and risk management

• Corporate governance - processes by which organisations are directed,

controlled and held to account

- relationship between board, managers and owners

• Risk management - enables and facilitates the exercise of direction,

control and accountability

- manifests as a board committee and/or board charter responsibility

Board

Ultimate responsible for ERM framework • Demonstrable support

• Approving the overall risk management strategy/policy

• Setting the risk appetite

• Overseeing the process of ensuring the ‘responsible persons’ are fit and proper

• Monitoring key risk by ensuring the implementation of a suitable risk management and internal controls framework

Risk committee

Assisting the board in their responsibility

Responsibilities:

• Effectiveness of the risk management framework

• Compliance with supervisory requirements

• Establishment a suitable independent risk function, with authority, standing and resources to effectively execute its mandate

• Monitoring the adequacy of corporate insurance covers

Risk committee

Enablers • Establish direct reporting line between

committee and most senior risk executive • Schedule regular one-on-one meetings between

the chair of the committee and most senior risk executive outside formal meetings

• Arrange time for meetings without executive management

• Consult external experts • Report transparantly without ‘filtering’

Risk committee

How is the CRO positioned?

• CFRO

• Member of the board

• Independent position

Developing a risk function

In practice: fragmented risk structures • Actuarial/research function • Internal audit function • Business continuity team • Reinsurance department • Treasury and credit risk function • Capital management function • Market risk assessment function • Health and safety experts • Fraud and investigations experts • Compliance teams


Risk function act and is seen acting in a coordinated fashion (a common lens) • shared understanding of risk tolerance • quality and transparancy of risk information • alignment of incentives with management of risk • connection of risk with capital management • governance structures • clear accountabilities between line and risk

management • strong direct links with strategy and operations


• Risk tolerance

- Does a board-approved risk tolerance exist?

- If so, is it understood by people making day-to-day underwriting, investment and reinsurance decisions?

- Is it appropriate having regard to the insurer’s strategic objectives?


Projectmanagement required (no ‘quick fix’)

• Money: manage costs/benefits

• Organisation: executive-level ownership

• Time: detailed planning with milestones

• Information: objective reporting (‘bad news’)

• Capacity: experienced and skilled resources

• Quality: clear objectives of outcomes

Common risk language

Plethora of ‘competing’ risk language can undermine the effectiveness of ERM:

• confuse people not directly involved in ERM

• reinforce a ‘silo’ approach

• focus on ‘form’ over ‘substance’

• proliferation of process inefficiencies and duplications

• make aggregation of risks difficult

Common risk language

Attibutes and practices:

• common risk categories

• ‘top-down’ risk rating system

• standard templates

‘Upside’ risk management

Practices that support integration of the management of upside and downside risks:

• Ensuring risk function is involved in strategic planning

• Including both risks and opportunities in risk reports

• Reward systems that encourage calculated risk taking

• Reporting on emerging, industry-wide, cross-border and longer term risks

Risk culture

Behaviours:

1. feel confident to speak up (encouraging environment)

2. have skills, capability and empowerment to manage risk situations (training, role clarity and accountability)

3. improve prevention, detection and recovery of risks continuously

Risk management policy


• risk management philosophy

– Capital management

– Performance management

– Pricing

– Reserving

• mission, values and strategy

• scope


• risk language

• risk appetite

• risk governance

• risk culture

• risk reporting and monitoring

• supervisory requirements

• process-level requirements

• process for reviewing and updating the policy.

Risk tolerance statement

Strategy and risk tolerance

Risk tolerance

• 3 – 5 years

• earnings volatility

• regulatory capital (supervisor)

• capital ‘strength’ for desired rating level (rating agency)

• economic capital for ‘risk of ruin’ (policyholders)

• dividend paying capacity (shareholders)

Risk tolerance

• maximum exposure to aggregation of risk

• maximum acceptable net catastrophic loss

• minimum acceptable pricing principles

• descriptions of unacceptable operational risk scenarios

• ‘go/no-go’ criteria for strategic projects

Limits

• 1 year, risk category level

• investment mandates

• concentration limits (business/products, geographies and counterparties)

• counterparty credit limits

• credit quality

• underwriting limits

• confidence interval for insurance reserves

Limits

• liquidity benchmarks

• limits on the use of financial derivatives

• operational risk policies:

– outsourcing

– business interruption

– fraud

– health & safety

– project delivery

Risk responsiveness and feedback loop

Influences on risk profile

• Unexpected losses and significant control failures or incidents (looking back)

• Movements in key risk indicators (present)

• Outputs from periodic risk assessments at the enterprise and business unit levels that have regard to business as usual activities, new initiatives/strategies and external events (looking forward)

Feedback loop

• Establishment of thresholds for reporting significant issues

• Reporting of risk aggregations to identify where limits (and potentially risk tolerance) may have been exceeded

• Protocols for escalation of issues to various levels and management and, if necessary, supervisors

Emerging risks

Emerging risks are developing or already known risks which are subject to uncertainty and ambiguity and are therefore difficult to quantify using traditional risk assessment techniques

Emerging risks

• Reviewing press and trade publications

• Workshops

• Opinions of external experts

• Emerging risk initiative (http://www.croforum.org/emergingrisc.ecp)

– pandemy

– terrorism

– climate change & tropical cyclones

http://www.croforum.org/emergingrisc.ecp

http://www.croforum.org/emergingrisc.ecp

Exercise

To what extend is ERM embedded in your organisation? (see IAA: appendix 2)

Riskmanagement


Lesson 2: ORSA (IAA: Chapter 6)

Own Risk and Solvency Assessment

Risk management process

• Risk identification

• Risk evaluation

• Risk response

• Risk monitoring

• Capital allocation

• Risk-adjusted pricing

• Performance measurement o Return On Risk-Adjusted Capital = Profit/Capital

Risk identification

• Market risk

• Credit risk

• Liquidity risk

• Insurance risk (premium and reserve risk)

• Operational risk

• Concentration risk

• Reputational risk

• Strategic risk

Risk evaluation: qualitative

• Risk matrix

• Risk tree

• Check list (cause and effect)

• Scenario analysis

• Analysis of dependencies

• SWOT

Risk evaluation: quantitative

Risk response

• Avoidance

• Reduction

• Transfer

– Co-insurance

– Reinsurance

– Derivatives

– Insurance-linked securities

Advantages of risk profiling process

• Awareness of the (relative) nature of risks

• Consistency and understanding by collating and presenting a shared view of the most significant risks from time to time.

• Transparency to the board and an opportunity for the board to review management’s formal assessment of significant risks

• Efficiency by ensuring that management effort/risk mitigation is prioritised to the areas of greatest assessed risk

• Learning and continuous improvement through taking action to alter and ideally reduce the risk profile

• Culture of proactive risk management that supports innovation and sustainability

Risk profile

Inherent risk Residual risk Controls

High Low Effective

High High Ineffective

Low Low Over-controlled

Risk profiling process

Results of risk profiling process

• Descriptions of risks

• Categories of risk for aggregation

• Causes or conditions giving rise to a given risk occurring

• Consequences of risks (financial and non-financial terms)

• Rating criteria for risk assessment (financial and/or non-financial proxies for ‘high’, ‘medium’, or ‘low’ risks)

• Inherent risk assessment (likelihood and impact of risk).

• Effectiveness of controls and/or risk mitigation strategies.

• Residual risk assessment

• Action(s) to bring unacceptable residual risk within limits

Exercise

How are the contents of ORSA addressed in the report of your organisation?

Riskmanagement


Lesson 3: Soft Skills Training

Riskmanagement


Lesson 4: Economic and supervisory capital, continuity analysis and role of supervision

(IAA: Chapter 7 to 9)

Economic and Supervisory Capital

Who is first?

Economic Capital Model

• Holistic assessment of key risk drivers

• Asset and liability projections

• Future balance sheets

• Profit and loss statements

• Cash flow statements

• Projected distributions of profit

• Capital and Return on Capital

Economic Capital Model Process

1. Purpose

2. Identify and rank risk

Economic Capital Model Process

3. Simulation approach – Deterministic versus stochastic

4. Risk metrics – VaR versus TailVaR

– Time horizon

– Confidence level

5. Modelling criteria

6. Implementation – fully integrated versus univariate model

Purposes of Economic Capital Model

• Economic capital requirements

• Disaster Planning

• Investment strategy

• Mergers, acquisitions and divestments

• Capital allocation

• Reinsurance programmes

• Optimal business mix

• Reserving volatility

• Capital outflow / inflow policies

Relationship with capital management

Continuity Analysis

Continuity Analysis

• Ongoing versus run-off basis

• Time period of modelling: multi-year approach (medium term)

• Reliability and sufficiency of longer term forecasts

Management actions

• Premium setting

• Asset allocation

• Discretionary policyholder benefits

• Capital reduction / injection policies

• Risk mitigation strategy

Business Continuity Management

• An essential part of operational risk management.

• Business continuity planning enables to anticipate, identify and assess business interruption risks.

• A properly documented and tested Business Continuity Plan (BCP) reduces the impact of interruptions on key business processes and, most importantly, protects reputation.

• A robust BCP also allows to explain to stakeholders and industry supervisors that risks associated with potential business interruptions can be managed.

Crisis Management Planning

• A Crisis Management Plan minimises business impact and loss in the event of a significant incident by providing a clear and organised response strategy supported by predefined response procedures

• At the core of critical incident management is Business Continuity Management (BCM), which provides an organisation with a disciplined capability to continue to operate sustainably in the face of potential significant business disruption.

Role of supervisor

• Prudential supervision is accepted worldwide as an integral component of the regulation of financial institutions

• The fundamental premise underpinning the supervisory role is that the primary responsibility for financial soundness and prudent risk management within a supervised institution rests with the Board and senior management

• In this context the primary emphasis of supervision is on avoidance of problems rather than penalizing those who may be found to have caused problems

Role of supervisor

• Financial oversight

• Mandatory licensing

• Ongoing operational requirements e.g. prudential standards

• Procedures and processes for monitoring compliance with license conditions and ongoing operational requirements

• Where necessary, undertaking action either to force a non-compliant insurer into compliance or remove it from the industry

Risk-based supervision • Consideration of:

– the nature of insurer’s business

– strategic/business plans

– governance arrangements

– financial condition reports

– strategies and processes to manage risk

• Licensing and ongoing supervisory activities typically involve review of documents relating to these areas.

Supervisor Relationship Management Insurers should consider adopting a set of high-level principles to guide engagement with supervisors. In developing a set of appropriate principles, insurers should have regard to:

• Alignment with supervisory objectives

• Preservation and enhancement of corporate reputation

• Proactive and early engagement

• Communication transparency

• Relationship management accountability and coordination

Supervisor Relationship Management • Nature of interaction with supervisors

– Operational / procedural

– Non-standard / unusual

– Strategic

• Supervisory policy development

• Supervisory visits

Exercise

What are the model risks (limits, assumptions) of the economic capital model of your organisation?

Riskmanagement


Lesson 5: Soft Skills Training

Riskmanagement


Lesson 6: Risk measures (EAA: 2.1 – 2.3 (except 2.2.4))

Measures based on moments

• standard deviation:

𝜎 𝑋 = 𝐸 𝑋 − 𝐸(𝑋) 2 = 𝑉𝑎𝑟(𝑋)

• one-sided standard deviation:

𝜎+ 𝑋 = 𝐸 𝑚𝑎𝑥 0, 𝑋 − 𝐸(𝑋)2

Measures based on moments

• partial moments

– h = 0: exceedance probability

– h = 1: mean excess

– h = 2: semi-variance

Value at Risk

• generalized inverse: 𝑉𝑎𝑅𝛼 𝑋 = 𝐹𝑋−1(𝛼)

Tail Value at Risk

Expected shortfall

VaR, TailVaR and ES

𝐸𝑆𝛼 𝑋 = 𝜆𝛼𝑇𝑎𝑖𝑙𝑉𝑎𝑅𝛼 𝑋 + 1 − 𝜆𝛼)𝑉𝑎𝑅𝛼(𝑋

with 𝜆𝛼 =1−𝑃(𝑋≤𝑉𝑎𝑅𝛼 𝑋 )

1−𝛼

Continuous distribution: 𝐸𝑆𝛼 𝑋 = 𝑇𝑎𝑖𝑙𝑉𝑎𝑅𝛼 𝑋

VaR, TailVaR and ES

𝑋~Φ𝜇,𝜎, g monotone increasing function:

𝑉𝑎𝑅𝛼 𝑔(𝑋) = 𝑔(𝜇 + 𝜎Φ0,1−1(𝛼))

𝐸𝑆𝛼 𝑔(𝑋) = 𝑇𝑎𝑖𝑙𝑉𝑎𝑅𝛼 𝑔 𝑋 =

=1

1 − 𝛼 𝑔 𝜇 + 𝜎𝑥 𝜑0,1(𝑥)𝑑𝑥∞

Φ0,1−1(𝛼)

VaR, TailVaR and ES

• Normal distribution (𝑔 𝑋 = 𝑋):

𝑉𝑎𝑅𝛼 𝑋 = 𝜇 + 𝜎Φ0,1−1 𝛼

𝐸𝑆𝛼 𝑋 = 𝑇𝑎𝑖𝑙𝑉𝑎𝑅𝛼 𝑋 = 𝜇 + 𝜎𝜑0,1(Φ0,1

−1 𝛼 )

1 − 𝛼

• Log-normal distribution (𝑔 𝑋 = 𝑒𝑋 ):

𝑉𝑎𝑅𝛼 𝑋 = 𝑒𝜇+𝜎Φ0,1

−1 𝛼

𝐸𝑆𝛼 𝑋 = 𝑇𝑎𝑖𝑙𝑉𝑎𝑅𝛼 𝑋 =𝑒𝜇+𝜎

2/2

1 − 𝛼Φ0,1(𝜎 − Φ0,1

−1 𝛼 )

Coherent risk measures

Value at Risk is not coherent

Expected shortfall is coherent

Exercise

How would you manage the risks as an insurer of Danish fire losses?

Riskmanagement


Lesson 7: Dependencies and risk capital (EAA: 3.1, 3.3, 4.1-4.3 and 4.5)

Diversification

Diversification effect for VaR could be negative!

Correlations

Question 1: Value at Risk

𝑋𝑖~ ln 𝜇𝑖 , 𝜎𝑖

Φ−1 0,99 ≈ 2,326

Question 1: Calculate 𝑉𝑎𝑅0,99(𝑋𝑖)

Unit I 𝝁𝒊 𝝈𝒊 𝑬(𝑿𝒊) 𝑽𝒂𝒓(𝑿𝒊)

1 2 0,5 8,37 19,91

2 1 1 4,48 34,51

3 0,5 2 12,18 7954,67

Answer 1: Value at Risk

Answer 1: 𝑉𝑎𝑅𝛼 𝑋 = 𝑒𝜇+𝜎Φ−1 𝛼

• 𝑉𝑎𝑅0,99 𝑋1 = 23,64

• 𝑉𝑎𝑅0,99 𝑋2 = 27,83

• 𝑉𝑎𝑅0,99 𝑋3 = 172,78

Question 2: diversification

Correlation matrix

Question 2: Calculate 𝑉𝑎𝑅0,99(𝑋1 + 𝑋2 + 𝑋3) by making use of the square-root formula. What is the diversification effect? What are the assumptions?

1 0,5 0,7

0,5 1 0

0,7 0 1

Answer 2: diversification

• 𝑉𝑎𝑅0,99 𝑋1 + 𝑋2 + 𝑋3 = 199,27

• Diversification effect = 24,98

• Multivariate normal distribution

Cost of capital .

𝐶𝑜𝐶 = 𝑟𝑓 + 𝑠

Methods for calculating spread: • opportunity cost

• CAPM: 𝑠 = 𝛽(𝑟𝑚 − 𝑟𝑓) with 𝛽 =𝐶𝑜𝑣(𝑟𝑖,𝑟𝑚)

𝑉𝑎𝑟(𝑟𝑚)

• direct modelling

Cost of Capital (direct modeling)

𝑟𝑓 + 𝑠 𝜌 = 𝑟𝑓 + 𝑠0 𝐸0 + 𝑟𝑓 + 𝑠𝑖 (𝐸𝑖 − 𝐸𝑖−1)

𝑛

𝑖=1

Available capital

• Assets that cover liabilities

• Risk capital that serves as defence against risks

• Excess capital that has no business function

𝐴𝑣𝑎𝑖𝑙𝑎𝑏𝑙𝑒 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 = 𝑀𝑉𝐴 −𝑀𝑉𝐿

• Insolvent: 𝑀𝑉𝐴 −𝑀𝑉𝐿 < 0

• Solvent: 𝑀𝑉𝐴 −𝑀𝑉𝐿 > 𝑟𝑖𝑠𝑘 𝑐𝑎𝑝𝑖𝑡𝑎𝑙

Risk Capital

• Economic risk capital

– Run-off basis

– Going-concern basis

– Reference company basis

• Rating capital

• Solvency capital

Risk Capital .

Approaches to modelling risk capital

• Factor-based models

• Analytical models

• Stress tests (single scenario)

• Scenario-based models (multiple scenarios)

– Regulatory versus company-specific

• Historical

• Hypothetical

• Monte-Carlo

Riskmanagement


Lesson 8: Standard model in Solvency II (IAA: 4.6.2 except 4.6.2.4)

Fundamentals

Non-life insurance:

• mainly factor based or analytic methods

Life insurance:

• mainly scenario-based methods

• change in net asset value

Fundamentals

• Economic balance sheet

𝑁𝐴𝑉 = 𝑀𝑉𝐴 −𝑀𝑉𝐿

• Run-off basis

• Risk measure

– One-year Value-at-Risk

– Confidence level: 99,5%

Structure

Solvency Capital Requirement

𝑆𝐶𝑅 = 𝐵𝑆𝐶𝑅 + 𝑆𝐶𝑅𝑂𝑝 + 𝐴𝑑𝑗𝑇𝑃 + 𝐴𝑑𝑗𝐷𝑇

• 𝐵𝑆𝐶𝑅 = Basic SCR

• 𝑆𝐶𝑅𝑂𝑝 = Operational SCR

• 𝐴𝑑𝑗𝑇𝑃 = −min 𝐵𝑆𝐶𝑅 − 𝐵𝑆𝐶𝑅𝐴𝑑𝑗 , 𝐹𝐷𝐵 =

adjustment for future discretionary benefits

• 𝐴𝑑𝑗𝐷𝑇 = adjustment for deferred taxes

Aggregation of risk types .

Aggregation of risk classes .

Riskmanagement


Lesson 9: Allocation of capital (IAA: 5.1, 5.2.1) and performance measurment (IAA: 6.1-6.4)

Axioms .

Proportional capital allocation

Proportional capital allocation satisfies axioms 1 and 2 for positive subadditive risk measures

Question 3: capital allocation

Allocate the risk capital by:

1. Proportionally

2. Discrete marginally

Answer 3: capital allocation

1. Proportionally: 21,01; 24,73 and 153,53

2. Discrete marginally: 22,48; 7,84 and 168,95

Absolute performance measure

Economic value added

𝐸𝑉𝐴𝑡 = 𝑁𝑡 − 𝐶𝑜𝐶𝑡 ∙ 𝐸𝐶𝑡

• 𝑁𝑡 =Net profit after tax

• 𝐶𝑜𝐶𝑡 = 𝑟𝑓𝑡 + 𝑠𝑡 (hurdle rate)

• 𝐸𝐶𝑡 =economic capital

Relative performance measures .

Relative performance measures

Question 4: Performance measures

• N = 20, 30 and 160

• CoC = 6%

• Calculate EVA and RORAC

Riskmanagement


Lesson 10: Valuing insurance liabilities (IAA: 4.4 and 6.6.4)

Valuing insurance liabilities

1. Best estimate perspective

2. Economic perspective

– Management actions

– Diversification effects

3. Balance sheet perspective

4. Fair value perspective 𝑓𝑎𝑖𝑟 𝑣𝑎𝑙𝑢𝑒 = 𝑀𝑉𝐿 = 𝐸(𝐿) +𝑀𝑉𝑀(𝐿)

Market value margin

• hedgeable risks: replicating portfolio

• non-hedgeable risks (including base risk)

Valuation methods:

• Risk measure: 𝑀𝑉𝐿𝛼 = 𝑉𝑎𝑅𝛼(𝐿)

• Cost of capital

• Market consistent

Cost of capital method

𝑀𝑉𝑀 = 𝐶𝑜𝐶𝑡 ∙ 𝑅𝐶𝑡(1 + 𝑟𝑓𝑡)

𝑡

∞

𝑡=1

Simplifications:

• Fair value risk capital: 𝑅𝐶𝑡 = 𝑆𝐶𝑅𝑡𝐿

• Constant cost of capital: 𝐶𝑜𝐶𝑡 = 6%

• Risk driver: 𝑆𝐶𝑅𝑡+1𝐿 =

𝐸(𝐿𝑡+1)

𝐸(𝐿𝑡)∙ 𝑆𝐶𝑅𝑡

𝐿

Market consistent valuation

The market consistent value of a company is a price at which the company could be sold to an independent rational investor who knows the company well.

• Hedgeable risks: replication with liquid financial instruments

• Non-hedgeable risks: no replication possible e.g. operational risk -> standardized procedures

Exercise: Scenario analysis

• € 189 AAA EU-bonds • € 63 BB EU-bonds (non-investment grade) • € 56 corporate EU-bonds • € 28 shares • € 14 cash Solvency I: • Regulatory capital: € 120 • Regulatory capital requirement coverage: 150% • Minimum regulatory capital requirement

coverage: 120%

Exercise: Scenario analysis

1. Shares crash: 40%

2. Euro-crisis: 50% BB EU-bonds and 30% EU-corporate bonds

3. Economic environment developes as planned positively. The insurance business remains constant.

Questions

1. Which of the three scenarios are appropriate for ORSA?

2. Calculate the stand-alone risk capitals for each scenario. Is the minimum regulatory capital requirement coverage met?

3. Place the three scenarios in a risk matrix

4. What measures could the insurer take for every scenario?

Answers

1. Scenario 1 and 2: risk profile Scenario 3: base

2. Minimum regulatory capital requirement = € 120/150% x 120% = € 96 – Scenario 1: € 120 - € 28 x 40% = € 108,8

– Scenario 2: € 120 - € 63 x 50% - € 56 x 30% = € 71,7

– Scenario 3: € 120

3. Risk matrix: likelihood and impact

Answers

4. Risk control measures

• Scenario 1: set control limits

• Scenario 2: – convert non-investment grade bonds to investment

grade bonds and/or hedge with CDS

– convert EU-corporate bonds to corporate bonds with higher ratings and/or lower concentration risk of EU-corporate bonds

• Scenario 3: risk management (reinsurance, product development, capital investments)

Riskmanagement


Lesson 11: Riskmanagement game

Documents

MAA_Riskmanagement