Risk Management File 1

8/6/2019 Risk Management File 1

1/45

RISK MANAGEMENT

The views expressed in this paper are the views of the authors and do not necessarilyreflect the views or policies of the Asian Development Bank (ADB), or its Board ofDirectors or the governments they represent. ADB makes no representationconcerning and does not guarantee the source, originality, accuracy, completeness orreliability of any statement, information, data, finding, interpretation, advice, opinion, orview presented.

Risk Management30/10/02

1 of 45


2/45

CONTENTS

1. Introduction 4Risk Management 4

Risk Management Issues 6

2. Risk Management System 8Risk Identification and Assessment 8Risk Control and Risk Prevention/Mitigation 8Risk Management Systems 10

3. Asset/Investment Risks 12Asset-Liability Management 12Investment Risks 13Insurance Supervisory Issues 14Derivatives 14

Investment Committees 15

4. Technical/Liability Risks 16Risk Prevention/Mitigation 18Reinsurance 19

5. Business/Operational Risks 21Risk Mitigation 22Principal Elements of Fit and Proper Criteria 22Business Continuity and Backup Systems 23

6. Solvency and Capital Adequacy Issues 24

Minimum Capital and Surplus Requirements/Trend towards Risk BasedCapital 24

Purpose of Capital Adequacy/Solvency Requirements 24Objective of a Minimum Statutory Solvency Requirement 26Types of Statutory Minimum Solvency Requirements 27Some General Conclusions 30Trade-Off between Security and Capital Costs 30Summary Comments on Solvency Margins 31

7. Risk Based Supervision 33What is Risk Based Supervision 33

8. Performance Evaluation System 35Early Warning System 35

Statistical Analysis 35Financial Analysis 36Classification of Insurers 37

On-Site Inspection 39


2 of 45


3/45

9. Development of Infrastructure Requirements 42

Appointed Actuary System 42Information Technology/Management Information Systems 43

10. Concluding Remarks 45


3 of 45


4/45

CHAPTER 1 - INTRODUCTION

Insurance supervisors, along with banking and other sector regulators and supervisors,play an important role in ensuring a stable financial environment. This is especially

significant in developing countries where efforts are exerted to develop and implementpolicies and programs in order to attract investments. Global changes especially on theeconomic and technological fronts occur very rapidly and unless governments in thesecountries act immediately opportunities may be lost and may never come again.

Modern businesses see the need for sound programs of risk management as anessential part of corporate responsibility. They regard the insurance industry as a mirrorfor a countrys financial stability.

Risk Management

Risk management is an independent function responsible for planning, directing and

organizing measures to reduce, mitigate, and control the impact on an institution of risksarising from its operations. More specifically, risk management may be defined as thesystematic application of management policies, procedures and practices to the tasks ofidentifying, analyzing, assessing, treating and monitoring risk.

Risk management helps to mitigate the consequences of adverse events that mayoccur. This includes taking action to avoid or reduce exposures to the costs or othereffects of events occurring rather than reacting after an event has taken place. Riskmanagement, if conducted effectively, will help to achieve more effective corporateperformance.

The board of directors of a company is responsible for providing stewardship and

management oversight for the institution. One of its key responsibilities is ensuring thatprincipal risks are identified and appropriately managed. As part of sound corporategovernance, Board Audit Committees have a key role to play in risk management. Theyare established in order to improve management reporting by overseeing audit functions,internal controls and the financial reporting process.

In setting up a risk management program a functional unit within the company is taskedwith the responsibility of implementing the program whose activities may address thefollowing:

identification of risks;

development of measurement systems for risks; establishment of policies and procedures to manage risks;

development of risk tolerance limits;

monitoring of positions against approved risk tolerance limits; and

reporting of results of risk monitoring to senior management and the board.


4 of 45


5/45

Risk refers to the likelihood that expected or unexpected events will have a negativeimpact on the company. Risk categories will vary, but may fall into one of two broadcategories: financial risk (credit, market, liquidity, actuarial, reinsurance, etc.) and non-financial risk (operations, transaction, reputation, legal, compliance, etc.).

An insurance company generally is exposed to three broad categories of risks:

(1) investment risks (asset risks), i.e. various kinds of risk which are directly or indirectlyassociated with the insurers asset management;

(2) technical risks (underwriting or liability risks), i.e. various kinds of risk which aredirectly or indirectly associated with the technical or actuarial bases of calculation forpremiums and technical provisions1 in both life and non-life insurance, as well asrisks associated with operating expenses and excessive or uncoordinated growth;and

(3) non-technical risks (business or operational risks), i.e. various kinds of risk which

cannot in any suitable manner be classified as either technical risks or investmentrisks.

While insurance supervisors require that insurance companies provide appropriate riskmanagement programs for the foregoing risks, supervisors must also be concernedabout other kinds of risk, such as the following:

management risks, e.g. the risk associated with an incompetent management or amanagement with criminal intentions,

risks connected with guarantees issued by insurers in favor of third parties, i.e. thepotential strain on the economic capacity of an insurance undertaking caused by a

call on a guarantee furnished for the purpose of the financial commitments of a thirdparty, and

general business risks, i.e. unexpected changes to the legal conditions to whichinsurance undertakings are subject, changes in the economic and socialenvironment, as well as changes in business profile and the general business cycle.

The failure of insurers to develop and implement sound risk management programs mayresult to insolvencies that could weaken and destabilize the financial environment. Thissituation would also adversely affect the interests of policyholders. Insurancesupervisors therefore should ensure that insurers are properly addressing their risksthrough sound risk management programs.

The establishment and implementation of said programs by insurers must be monitoredby the insurance supervisor through a combination of tools that may include an early

1 Also called technical liabilities or technical reserves, these are amounts set aside on the balance

sheet to meet liabilities arising out of insurance contracts, including claims provision (whetherreported or not), provision for unearned premiums, provision for unexpired risks, life assuranceprovision and other liabilities related to life insurance policies (e.g., premium deposits, savingsaccumulated over the term of participating policies).


5 of 45


6/45

warning system, prudential regulations, asset and liability evaluation, monitoring forcompliance with solvency (capital and surplus) requirements, and performance ratings.

On-line financial reporting and analyses, on-site inspection, off-site monitoring, andmedia information are other devices that will enable the insurance supervisor to buildrisk profiles2 for insurance companies and evaluate their risk exposures.

Risk Management Issues

For the insurance supervisor, an insurers risk management program should address thefollowing issues, among others:

(1) The program should provide a description of the insurers broad business strategy,and the companys view of its principal risks.

For each principal risk, this will include (i) a description of the approach tomeasuring, managing and controlling that risk; (ii) the organization of riskmanagement personnel and their reporting lines, limit structures or other risk control

mechanisms; and (iii) where relevant, the role of stress testing3 or contingencyplanning in managing risk at the business line, legal entity or company wide level.

The risk information provides the supervisor with management's perspective on theoverall risk profile of the company, the risk profile of the supervised legal entity, andmanagement's approach to managing each risk within the legal entity structure. Aspart of measuring and monitoring certain risks, insurers may conduct stress testingand other contingency planning at the business line, legal entity or company widelevel which, if conducted thoughtfully, can shed additional light on potential riskconcentrations and vulnerabilities to changes in the market environment.

Organizational information and discussions with management should clarify

responsibilities in the risk management area and help the supervisor identify relevantrisk management personnel to answer questions. Supervisors may also seekinformation about the limit structure or other measures to control risk-taking and theuse and level of reserving or provisioning, such as the technical provisions ofinsurance companies. The insurer's approach to administering limits (e.g., thewillingness of management to permit limit exceptions) or managingreserves/technical provisions is critical to understand the intended restraints on risk-taking at company wide level and within the supervised legal entity.

(2) Information on the risk management program should include policies and proceduresaddressing the introduction of new products or business lines.

The new product information helps the supervisor understand how the potentiallyrisky process of introducing new products is managed, and where responsibility for

2 Risk profile refers to an assessment of the level of risk-taking activity in light of an existing riskmanagement framework.

3 A simulation of the potential loss to a portfolio resulting from a hypothetical extreme price change,market event, or credit event. Stress tests are used by risk managers to explore vulnerability to riskconcentrations.


6 of 45


7/45

ensuring adequate controls and due diligence on these products lies within thecompany.

(3) The program should provide a description of the approach to managing the liquidityand funding profile of the supervised entity, including the liquidity of the materialassets, the nature and stability of the companys current funding sources and the

availability of alternative funding.

This will also include large payables, aggregate insurance claims payments, andcontracts; and other significant cash and securities needs associated with benefitsand claims settlement, as well as the insurers approach to managing significantclaims settlement arrangements through or for other firms, such as in the case ofsettling agents4.

Through the liquidity and funding profile of the supervised entity, the insurancesupervisor can determine the entitys cash needs to cover liabilities and settlementobligations. The supervisor also learns how quickly the entity can generate cash fromits existing assets, from the liquidation of collateral, where appropriate, or through

additional liabilities, and how effectively the entity can access credit-sensitivemarkets.

4 In some jurisdictions, insurers (principally non-life companies) are allowed to grant authority to certaintypes of agents to accept insurance and/or settle claims arising from such acceptances for and onbehalf of the insurers.


7 of 45


8/45

CHAPTER 2 - RISK MANAGEMENT SYSTEM

An effective risk management system is a critical component of an insurance companysmanagement. It is also a foundation for the safe and sound operation of insurers. Theboard and senior management of an insurance company should develop, implement andmaintain a sound and prudent risk management strategy, which includes policies,procedures and controls appropriate to the size, business mix and complexity of theinsurers operations. Policies should address all material risks, both financial and non-financial, that the insurer is likely to face.

The board of directors is charged with the responsibility to instill a strong risk controlculture throughout the company, so that material risks and potential problems thatemerge can be identified, managed and promptly resolved in the normal course ofbusiness operations.

No matter how well designed and operated, risk management systems will be subject tosome inherent limitations. Nonetheless, risk management systems should provide theinsurance supervisor with a reasonable assurance that an insurers business isappropriately controlled and that its risks are being prudently and soundly managed.

At a minimum, risk management systems should include (i) a comprehensive riskmanagement strategy approved by the board; and (ii) sound risk management policiesand procedures to identify, assess, control, monitor and report on the key risks of theinsurer.

Risk Identification and Assessment

An effective risk management system identifies, manages and continually assesses the

material risks that could adversely affect the operations of an insurer.

While an insurers policies should address all material risks, the following risk categoriesat the least should be addressed in the insurers risk management policies:

(1) balance sheet and market risk (including product design and pricing risk,underwriting and liability risk, liquidity risk, risk arising from claims management andderivatives risk);

(2) credit risk; and

(3) operational risk (including legal and reputation-related risks, etc.).

Risk Control and Risk Prevention/Mitigation

There are external factors that shape a companys solvency profile. These includemacroeconomic factors, natural and environmental factors, and political and socialfactors, all of which influence risk exposure. Most important, of course, are thecompanys business strategy and its management decisions. Likewise, the regulatoryframework, within which management must operate, imposes limits on business policy.


8 of 45


9/45

For the long-term financial health of a company, appropriate measures to analyze,control and, as far as suitable, limit the risk exposure are crucial. Such measuresnormally include measures taken within the company and regulations imposed on theinsurer by law or special action of the supervisor.

Control activities refer to the policies and procedures that help ensure Board and seniormanagement directives are carried out. In this way, action can be taken to adequatelyaddress risks faced by the insurer. Control activities should be reflective of the size andoperations of the insurer.

Control activities would normally include:

(1) reviews by Board and senior management;

(2) activity controls for each division or department;

(3) physical controls;

(4) the establishment of underwriting limits and checking compliance with limits;

(5) a system of approvals/authorizations, verifications/reconciliations; and

(6) segregation of duties.

The risk prevention or risk mitigation methods should consider the importance of certainkinds of risk depending on an insurers size and kind of business (e.g. the investmentrisk is more important for life than for nonlife insurance).

Risk mitigation seeks to make the impact of adverse events predictable and to confine

possible adverse experience within acceptable ranges (tolerance limits). This processreduces the volatility and instability of risk and lends it with greater stability andpredictability. It makes the net exposure to risk more consistent and predictable, givingan insurer a higher probability of being able to meet its obligations to policyholders.

There are a number of risk mitigation tools at the disposal of the insurance supervisor,among others:

(1) Legislation to limit the risks to which insurers can be exposed, e.g. by defining whatcan be insured legislation also limits the risks that insurers can accept; legislationmay also prescribe investment limits and prohibit certain activities for insurers.

(2) Regulations issued by the insurance supervisor as authorized under the legislationcan contain far more detail than the legislation giving flexibility to the supervisor toissue and amend regulations to meet changing market conditions. It is also faster tochange regulations than to obtain legislative changes through the lawmaking body.Investment regulations may define the parameters for insurance investments. Byprescribing a statutory basis for valuing liabilities, the supervisor can establishmargins for adverse deviations in experience through valuation assumptions andmethodologies. Through reinsurance regulations, the supervisor can provide anenvironment that optimizes the ultimate collectibility of reinsurance and, by requiring


9 of 45


10/45

reinsurance for certain risks such as earthquake and other catastrophes, effectivelylimits insurers exposure to acceptable levels. The insurance supervisor may alsoestablish a basis for determining premiums for certain classes of business or mayeven require approval of rates and policy forms before products are offered to thepublic.

(3) Regulatory guidelines issued by the insurance supervisor to provide a range ofacceptable choices within which insurers can establish their own risk limits, set theirinternal controls, and define situations where prior approval by the supervisor oncertain actions or activities may be required.

Risk management systems

If efficient control systems are in place to monitor risk exposures, a company will be ableto adapt more quickly to a changing market situation. The insurer faces a lowerprobability of ruin within a given time horizon depending on its risk management system.To be aware of a companys risks, management should also control the profitability ofthe individual lines of business on an ongoing basis. Actuaries can play a dominant role

in this context.

An efficient risk management system ensures that both existing and future (i.e. potential)risks are identified and measured as completely as possible. The system should rely oncomprehensive databases to indicate any risks that may jeopardize the insurersexistence as early as possible (through an Early Warning System). Causes of risksshould be analyzed and their scope assessed. The insurer should establish internalpolicies on how to manage risks, which are identified, analyzed and measured.

Risk management systems should be in line with an insurers business strategy becausethe degree to which a companys activities are exposed to risks is largely determined bythe strategy chosen. Consequently, the actual risk situation should be reassessed at

regular intervals and compared to existing risk strategy so that appropriate revisions canbe made.

A risk management system may be supplemented by a monitoring system comprisingorganizational safety measures, internal controls as well as comprehensive checks(especially through internal audits) in order to assess, and if necessary adjust, theeffectiveness of measures of the risk management system.

Effective management reporting and control systems support internal managementdecision making within an insurance company. Such systems should be seen as anintegral component of a companys overall risk management strategy in that they fostera companys identification, analysis and measurement of risk.

Controlling comprises the target-oriented coordination of planning, information supply,monitoring and testing. It aims at establishing and maintaining the insurers ability toreact, adapt and coordinate. Risk controlling, in this framework, may include, amongothers, the following functions:

supporting the insurers management by providing it with information relevant todecisions about existing and potential risks,

Risk Management30/10/0210 of 45


11/45

supporting the management in risk-related planning, and in controlling andmonitoring risks,

allocating responsibilities,

fixing risk limits,

fixing a maximum ruin probability, and

risk reporting.

The control environmentwithin a company includes the functions of risk measurement,monitoring and control systems, internal and external audit, financial control,compliance, human resources, and information technology. Together, they ensure thatactions of the insurer are prudent and compliant, and in line with the risk taking policyapproved by the board of directors.

The insurance supervisor is interested in receiving information on an insurers control

environment. Such information typically include:

(1) The companys significant accounting policies and actuarial policies (where relevant),and the role of any internal or external actuaries.

(2) A description of the roles, responsibilities and organization of the financial controland compliance functions. The information on accounting policies, actuaries,financial control, and compliance should provide a supervisor with an understandingof key elements of the framework for establishing internal control in the organizationand the location within the financial conglomerate of key financial, accounting andactuarial systems and personnel.

(3) A description of the roles, responsibilities, organization and allocation ofresponsibilities between centralized and decentralized elements of the internal auditarea and the role of external audit. Internal audit information assists the supervisor inknowing and understanding the objectives of the internal audit department and itsinteraction with the external auditors. It also describes how audit responsibilitiesrelating to a supervised legal entity are managed between the central audit staff andany staff assigned to a market territory, business line or legal entity. It provides aninsight into the recipients of audit reports and the nature of the process to follow upinternal audit findings.



12/45

CHAPTER 3 - ASSET/INVESTMENT RISKS

An insurance companys core activity is the assumption of risks. This is combined withasset management, since the technical provisions or reserves, which are funded usingadvance premium payments and the insurers own capital funds, are invested to earninterest.

Investment is a function of asset management. Investment is an art as well as a scienceand is a critical area in any insurance company. Investment difficulties are one of themost frequent causes of insurer failure. A poor selection of investments will give rise toan inferior investment return but this will not normally be a matter of supervisory concernwhen it is simply the outworking of market and competitive forces. The investmentdifficulties that will concern the insurance supervisor are more likely to have their originin a lack of corporate governance, management operating without proper controls.Typical instances are where management adopts a particular project as its own, getscarried away with the upside potential but loses all objectivity in assessing the downsiderisks. This process can easily spiral, with good money being thrown after bad, andsolvency becoming endangered. Risks connected to an insurers investment function willbe discussed in a later section of this chapter.

Technical provisions must at all times be backed up by equivalent assets that belong tothe insurance company and are set aside to guarantee its commitments topolicyholders.5 A key driver of the asset strategy adopted by an insurer will be itsliabilities profile, and the need to ensure that it holds sufficient assets of appropriatenature, term and liquidity to enable it to meet those liabilities as they become due.6 Thisis often referred to as the principle of matching assets to liabilities and is best donethrough a sound asset-liability management (ALM) program.

Asset-Liability Management

Asset-liability management is the practice of managing a business so that decisions onassets and liabilities are coordinated. It can be defined as the ongoing process offormulating, implementing, monitoring, and revising strategies related to assets andliabilities in an attempt to achieve financial objectives for a given set of risk tolerancesand constraints. ALM is relevant to, and critical for, the sound management of thefinances of any institution that invests to meet liabilities.7 ALM is a long drawn-out,continuing process and involves the use of a number of investment techniques andsophisticated analytical approaches. It is not the intention of this paper to discuss ALMbut is merely being presented as a tool available to insurers to manage their investmentrisks. Suffice it to say that asset-liability management can help insurers operate not only

more soundly, but also more profitably.

5 Guidance on Insurance Regulation and Supervision for Emerging Market Economies, IAIS,September 1997.

6 Supervisory Standard on Asset Management by Insurance Companies, IAIS, December 1999.7 Professional Actuarial Specialty Guide, Society of Actuaries, August 1998.



13/45

Investment risks

Investment risks are concerned with the performance, returns, liquidity and structure ofan insurers investments. Such risks can have a substantial impact on the asset side ofthe balance sheet and the companys overall liquidity, and potentially can lead to thecompany being over-indebted or insolvent.

Investment risks may be classified as follows:

(1) Depreciation Risk. The risk associated with a depreciation of the value ofinvestments due to various changes in the capital markets, to changes in exchangerates or to nonpayment by debtors of an insurer (e.g. the credit and market risks).

Credit risk arises from a counterpartys inability or unwillingness to fully meet itson- and/or off-balance sheet contractual obligations. Exposure to this risk resultsfrom financial transactions with a counterparty including issuer, debtor, borrower,broker, policyholder, reinsurer or guarantor.

Market risk arises from adverse movements and/or volatile price variations ofinvestments.

(2) Liquidity Risk. The risk emerging when the insurer fails to make investments (assets)liquid in a proper manner as the companys financial obligations fall due.

(3) Matching Risk. This is the risk when the future cash flows generated by assets donot coincide with, or do not cover, the cash flow demands of the correspondingliabilities in a suitable manner.

(4) Interest Rate Risk is the risk associated with falling prices of fixed-interest securitiesdue to an increase in market interest rates as well as the reinvestment risk related to

falling market interest rates.

(5) Evaluation Risk, i.e. the risk that investments are being evaluated at adisproportionately high price.

(6) Participation Risk. This risk is related to the holding of an ownership or financialinterest in other companies and the possibility of being affected by financialdifficulties within these companies.

(7) Risks related to the use of financial derivative instruments and especially the credit,market and liquidity risks associated with those instruments.

The foregoing list is not exhaustive as there may be other risks associated with investingthe assets of insurer; e.g., concentration risk refers to the risk that an insurers assetsare invested in too narrow a range of the available choices of investment instrument,industry, geographic distribution, currency, etc. This could be harmful if the asset valuedeclines and in so doing significantly reduces the capital of the company.8

8 Risk Based Supervision of the Insurance Companies, An Introduction, John Thompson, March

2001.



14/45

Insurance Supervision Issues

In investing its assets a prudent insurer will seek to ensure that:

(i) the distribution of its investments between the various asset classes isappropriate to liabilities;

(ii) within each asset class there is a dispersion of investments to avoid undueconcentration of risk, and

(iii) each individual investment is prudently selected having regard to overallinvestment policy and the risk/return expectations of the individual investment.

The prudent insurer will have in place processes to ensure that there is appropriatematching of liabilities with assets, diversification and proper selection of investmentinstruments. The objective of insurance legislation and supervision must be to supportthe maintenance of sound investment policies and practices. It is neither practical norrealistic for regulation to seek to dictate the details of insurers investment policies.

Rather, the thrust should be on ensuring that an adequate framework of control is inplace and that significant departures from this are reported to the supervisor.

Supervisory systems do not usually attempt to directly regulate the matching of assetsand liabilities. Given the wide variety of insurance products available, with differentliability profiles, direct regulation, by specifying the proportion of liabilities to be investedin a particular asset class, is unlikely to achieve a matched position. Appropriatematching is better achieved by requiring asset/liability analyses to be made and requiringinsurers to hold appropriate levels of mismatching reserves.

Investment diversification is usually achieved by specifying the maximum admissibleinvestment in an individual asset. This may be expressed as a maximum percentage of

the investible fund to be invested in a single asset or that the amount of the investmentmay not exceed a specific percentage of the investee companys capital or issued debt.Where the maximum is exceeded then such excess is not admissible in assessingassets available to meet solvency requirements.

Supervisory systems do not generally attempt to specify the criteria for selection ofindividual investments. This would be impractical. A better result is achieved by ensuringthat appropriate processes are in place within companies to enable each insurer toselect investments appropriate to its products and risk profile. An exception would be aprohibition on related party investments.

Derivatives

A derivative is a financial asset or liability whose value depends on (or is derived from)other assets, liabilities or indexes (the underlying asset). Derivatives are financialcontracts and include a wide assortment of instruments, such as forwards, futures,options, warrants, swaps and composites.9

9 Supervisory Standard on Derivatives, IAIS, October 1998.



15/45

Not too many jurisdictions allow the use of derivatives for investments by insurancecompanies because of prudential reasons. However, in those countries wherederivatives are permitted, the insurance supervisor must ensure that companiesestablish and maintain appropriate, sound risk management programs coveringderivatives, properly supervised by their respective boards.10 The requirements of theMonetary Authority of Singapore are an example of guidelines which might be adopted. 11

Investment Committee

As part of sound corporate governance, the board of directors of an insurance companyestablishes an Investment Committee consisting of directors (both executive and non-executive) and principal officers including the Appointed Actuary. The insurancesupervisor can issue regulations to compel the creation of this Investment Committee inaccordance with best practices. The Investment Committee should be involved in thedetermination of overall investment policy for approval by the full board and to review itsimplementation on behalf of the board. However, it is not appropriate for a committee ofthe board to implement policy; that is best left to the investment professionals. Thepreferred investment process is that the investment policy (permissible ranges, individual

investment criteria, exposures, authority to make investment decisions, reporting, etc.) isdeveloped by a Management Investment Committee (MIC) and is then approved andsubsequently monitored at a high level by a Board Investment Committee (BIC). Thepolicy having been approved by the BIC it then becomes the responsibility of the MIC toensure the professional investment unit of the company implements policy on a day-to-day basis.

10 Principle 9, Insurance Core Principles, IAIS, October 2000.11

Statutes, Regulations and Notices (Singapore), MAS 112-Derivatives, MAS, February 1999.



16/45

CHAPTER 4 TECHNICAL/LIABILITY RISKS

Investment risks are those associated with the management of insurers assets. On theother side of the balance sheet are liabilities, which also present risks for insurers. Theseliability-related risks are referred to as technical risks. They are also sometimes calledunderwriting risks because they result directly from the type of insurance businesstransacted by insurance companies. They differ depending on the class of insurance.

Technical risks may exist partly due to factors outside an insurance companys area ofbusiness activities, where the company often may have little influence over thesefactors. The effect of such risks, if they materialize, is that the company may no longerbe able to fully meet the guaranteed obligations using the funds established for thispurpose, because either the claims frequency, the claim amounts, or the expenses foradministration and settlement are higher than expected.

In an International Association of Insurance Supervisors (IAIS) Sub-Committee paper onSolvency Issues,12 technical risks have been classified as either current risks (ordinaryoperating risks) or special risks (extraordinary risks). Current risks consist of thefollowing elements:

risk of insufficient tariffs or miscalculations leading to premiums that are too low tocover the insurers expenses related to claims, claims handling and administration,

deviation risk, i.e. the risk emerging when the actual development of claimsfrequencies, mortality, interest rates, inflation etc. does not correspond to the basesof premium calculations,

risk of error, i.e. the risk depending on the quality of the basis of computation and

arising due to the lack of knowledge about the development of the expected insuredrisk,

evaluation risk, i.e. the risk of technical provisions being insufficient to meet theliabilities of the insurer,

reinsurance risk, i.e. the risk of insufficient reinsurance covers or a failure ofreinsurers to pay their part of the overall liabilities (or incurred claims) evaluated on agross basis,

operating expenses risk, i.e. the risk of actual or future expenses exceeding to aconsiderable degree the corresponding amount as estimated by using the bases of

calculation, and

risks associated with major or catastrophic losses or accumulation of losses causedby a single event.

As to the special risks, they can be considered to consist of the following:

12 On Solvency, Solvency Assessment and Actuarial Issue. An IAIS Issues Paper (Final Version),

IAIS, March 2000



17/45

risk of excessive or uncoordinated growth, leading to a rapidly increasing claims ratio

or an aggravated expenses ratio, and

liquidation risk, meaning that an insurers funds are not sufficient to meet all liabilitiesin cases of discontinuation or runoff of major parts or the whole business

(previously written by the company).

The terms ordinary operating risks and extraordinary risks have been offered assubstitutes for the terms used in the IAIS issues paper to provide a clearer differentiationbetween the two classes of risks. The former refers to risks that may be encountered inthe normal course of operation of an insurer while the latter obviously arises lessfrequently, if at all.

In addition to the current risks identified in the IAIS issues paper, there are othertechnical risks, which may arise during the normal course of insurance operation.

(1) Product Design and Pricing Risk. Product design and pricing risk arises from the

exposure to financial loss from transacting insurance and/or annuity business wherecosts and liabilities assumed in respect of a product line exceed the expectation inpricing the product line.

(2) Underwriting and Liability Risk. Underwriting and liability risk is the exposure tofinancial loss resulting from the selection and approval of risks to be insured, thereduction, retention and transfer of risk, the reserving and adjudication of claims, andthe management of contractual and non-contractual product options.

John Thompson in his paper on Risk Based Supervision offers other technical risks.Some risks have been discussed in the previous paragraphs. The following arepresented below:

(1) Market Risk, i.e., the risk that liabilities that are exposed to volatile price variationscease to be immunized13 as a result of changes in market conditions. This couldresult from securitisation activities in derivative financial instruments involving theliabilities of the company.

(2) Legal Risk, i.e., the risk that the interpretation of insurance contracts extends thescope of the risks that are covered by the contracts beyond those intended by theinsurance company.

(3) Concentration Risk, i.e., the risk that the customer base of the company is toonarrowly focused in terms of a range of insurance risks offered, insured amount,

geographical distribution, etc. This affects the ability of the company to diversify itsrisks and reduces the effectiveness of the use of the law of large numbers.

13 Immunization is the act of establishing a position such that the value of the position is insensitive tochanges in some specified parameter. The term is most commonly used to describe a liability and asupporting portfolio such that the net (surplus) market value of the position is insensitive (immune) tochanges in interest rates. (Professional Actuarial Specialty Guide, Ibid.)



18/45


19/45

It is not always possible to avoid some technical risks such as the risk of error ordeviation risk (as becomes obvious from its definition). Some technical risks can only beavoided at the price of not carrying on certain types of business (e.g., new risks forwhich sufficient statistical data are not available, or long-term life insurance contractswhich may be subject to a reverse tendency in mortality). Also, the risk from catastrophe

or major losses is not generally avoidable. The most important means of risk preventionor risk mitigation in these cases are a quantitative limitation by taking out adequatereinsurance. However as discussed below, using reinsurance is not without any risk.

Legislation usually establishes general prudential principles covering technical risks.These principles have to be met when an insurer determines the amount of its technicalprovisions. Insurance supervisors may require that premiums for new business must besufficient, based on reasonable actuarial assumptions, to enable companies to meet alltheir commitments, and, in particular, to establish adequate technical provisions. Insome jurisdictions supervisors prescribe statistical bases of premiums, require priorapproval of rates for certain lines of business, or may limit retention in proportion to thevolume of business or the available solvency. Of course, these latter practices do not

adhere to the prudential approach of supervision; they pertain more to a centralizedregulatory regime.

Reinsurance

An insurers reinsurance cover as a risk reduction/mitigation device deserves specialattention because of the varying impact on the companys financial health.

While reinsurance cover is an inevitable tool for the insurer to reduce its risk exposure asregards certain features of its technical risks, reinsurance cessions might be a burden tothe solvency of the cedent (reinsured) as two kinds of risk remain inherent:

(i) The reinsurance cover might prove insufficient to adequately handle the risk inquestion because reinsurance needs have not been precisely identified. This mightresult in relevant clauses of the reinsurance contract being inappropriate.

(ii) A reinsurer might prove to be unable or unwilling to pay its part of the liabilities orthe claims incurred which can put the insurers liquidity at risk and even cause itsbankruptcy.

Like other risks, reinsurance risk should be monitored/controlled by both managementand supervisors. As part of good corporate governance, insurers may constitute aReinsurance Committee to oversee reinsurance activities. In order to limit and, as far aspossible, prevent reinsurance-related risks, insurers boards of directors will have to

assess properly

(i) the needs for reinsurance cover according to the various aspects of the risks tobe ceded and their appropriate reflection in the features of the reinsurancecontract as concluded for each line of business, and

(ii) reinsurers security or creditworthiness, (i.e. reinsurers ability, financially andadministratively, to pay legitimate claims and their reliability to do so and to do sopromptly).



20/45

The assessment of reinsurers security or creditworthiness is an essential measure in arisk management program. In a number of jurisdictions, insurance supervisors issueregulations prescribing that insurers may only use reinsurers that have been grantedcertain rating classifications by international rating agencies, such as Standard andPoors. In many jurisdictions, supervisors take reinsurance risks into account in different

ways. This may be in the framework of accounting (e.g., valuation of receivables, depositof the reinsurers part of liabilities), or in the framework of solvency requirements (takinginto account only a limited part of ceded business to reduce the required margin orrequiring free capital in proportion of reinsurance receivables).

Caution should be exercise in recognizing reinsurance arrangements, which are enteredinto primarily to grant the ceding insurer relief from regulatory requirements, includingsolvency requirements, while providing for little or no real transfer of risk. This isbecause it is the actual transfer of insurance risk from the insurer to a reliable andcreditable reinsurer that enables an insurer to manage its exposure on business written,given the insurers available solvency margin.

Types of risks transferred may vary. For example, there is a transfer of underwriting riskwhen a real possibility exists that losses and expenses recoverable by the ceding insurerwill exceed the consideration received by the reinsurer, thus resulting in an underwritingloss to the reinsurer. Transfer of timing risk is present in a property and casualtytransaction when the reinsurer risks a reduction in investment income due to acceleratedloss payments if anticipated loss patterns are not borne out in the development ofrecoverable losses under the reinsurance agreement. For life insurance policies,transfers of morbidity, mortality, or lapse risks should be significant. Credit,disintermediation and reinvestment risks may be significant for annuities.

Without a transfer of risk significant to the insurers insurance business, reinsuranceagreements that simply provide favorable effects to the ceding insurers balance sheet or

profit and loss statement may mask the true obligations and risk exposure of the insurer.Such financing arrangements may smooth reported income and reduce volatility inavailable solvency margin. However, the favorable effects may be minimal, transient andtemporary, and cannot be relied upon as evidence of actual or long-term financialstrength and solidity. If such financial arrangements are allowed to affect financialstatements, their existence should be fully disclosed to prevent uninformed reliance on apotentially misleading or distorted statement of financial condition.



21/45

CHAPTER 5 - BUSINESS/OPERATIONAL RISKS

The third category of risk that may be encountered by insurers is non-technical risks(business or operational risks). The term non-technical is used to refer to various kindsof risk, which cannot in any suitable manner be classified as either technical risks orinvestment risks.

While insurance supervisors require that insurance companies provide appropriate riskmanagement programs for their investment and technical risks, supervisors must also beconcerned about other kinds of risk, such as the following:

(1) Management Risk. This is the risk that the management of an insurance companylacks the skills, experience, or knowledge necessary to manage the companyeffectively and to protect the rights of policyholders. This is the risk therefore that isassociated with an incompetent management or, worse, a management with criminalintentions. The risk, for instance, arising if premiums are charged which haveconsciously been calculated too low in order to take market shares from competitorsis a management risk.

(2) General Business Risk. This refers to the risk due to unexpected changes to thelegal conditions to which insurance undertakings are subject, changes in theeconomic and social environment, as well as changes in business profile and thegeneral business cycle. Under this category, a number of specific risks may also beidentified as follows:

(a) Reduced Earnings the risk that the profitability of the company declines and inso doing reduces the availability of retained earnings as a reliable source ofcapital in the future.15

(b) Increased Cost of Capital the risk that the cost of issuing new capitalinstruments in the market, or privately, will be more costly or only be availablewith more conditions in the future.16

(c) Reduced Capital Availability the risk that sources of capital that the companyenjoyed in the past will not be available in the future.17

(d) Legal and regulatory risk arises from an insurers non-conformance with laws,rules, regulations, prescribed practices, or ethical standards in any jurisdiction inwhich the company operates.

(e) Foreign exchange risk arises from movements in foreign exchange rates.Insurers operating in developing and transition economies maintaining extensivetransactions with foreign reinsurance companies, where policy liabilities arebased in local currencies while remittances to and from reinsurers are

15 Risk Based Supervision of the Insurance Companies, Ibid.16 Ibid.17

Ibid.



22/45

denominated in a foreign currency (e.g. the US dollar) are specially prone tovolatile rate movements in foreign exchange rates.

(3) Technology Risk the risk that the companys use of, or dependence on technologyexposes the company to a high level of risk.18

(4) Strategic risk arises from an insurers inability to implement appropriate businessplans, strategies, decision-making, resource allocation and its inability to adapt tochanges in its business environment.

(5) Other operational risks arise from problems in the performance of business functionsor processes. Exposure to this risk can result from deficiencies or breakdowns ininternal controls or processes, technology failures, human errors or dishonesty andnatural catastrophes. John Thompsons paper on Risk Based Supervisionprovidestwo examples of these risks:

(a) Accounting Reliability the risk that the financial report that the companyprepares is not an accurate representation of its financial position.

(b) Accounting Inconsistency the risk that because of the range and variation inaccounting and financial reporting practices that the company is required tomeet, the company fails an important measure and is unable to meet the test inthe short term.

Risk Mitigation

The board and senior management of an insurance company should establish,implement and maintain an appropriate risk management system to address thecompanys non-technical or operational risks. Boards assume primary responsibility forensuring that only directors (through a Board Nomination Committee) and managers

who are fit and proper are voted in and appointed to key positions within theorganization. This is because a number of operational risks arise mainly from humanerrors or dishonesty, by lack of competence or through malicious intent.

The probity and competence of an insurers top management, i.e., board of directors andsenior management, are therefore critical to achieving supervisory objectives. However,insurers are primarily responsible for ensuring that their own organizations are prudentlyand soundly managed and directed. Insurance supervisors provide standards andassess the fitness, propriety and other qualifications of directors, senior managers, andkey shareholders whose holdings are above specified thresholds and/or who exert amaterial influence on the companies.

Principal elements of fit and proper criteria

The Joint Forum on Financial Conglomerates19 released a paper on Supervision ofFinancial Conglomerates in February 1999. Among various issues, the paper included a

18 Ibid.

19 The Joint Forum is comprised of the Basle Committee on Banking Supervision (Basle Committee),the International Organisation of Securities Commissions (IOSCO), and the International Associationof Insurance Supervisors (IAIS). The IAIS endorsed the fit and proper principles in San Francisco in



23/45

section on fit and proper principles. Fitness tests usually seek to assess thecompetence of managers and directors and their capacity to fulfil the responsibilities oftheir positions while propriety tests seek to assess their integrity and suitability. Todetermine competence, formal qualifications, previous experience and track record aresome of the elements focused on by supervisors. To assess integrity and suitability,elements considered include: criminal records, financial position, civil actions against

individuals to pursue personal debts, refusal of admission to, or expulsion from,professional bodies, sanctions applied by regulators of other similar industries, andprevious questionable business practices. Factors relative to the assessment of thefitness, propriety or other qualifications of key shareholders include business repute andfinancial position, and whether such ownership would adversely affect the regulatedentity.

Business Continuity and Backup Systems

Disruptions in an insurance companys business can lead to unexpected financial andnon-financial losses (e.g., premises, data, reputation, etc.). Disruptions may result fromsuch seemingly mundane occurrences as power failure (adversely affecting information

technology systems, for example), denial of access to premises or work areas (e.g.,strikes called by employees, prohibition by competent authority), systems failure (e.g.,computers, data, building and/or equipment), fire, fraud, and loss of key staff.

A risk management program to ensure business continuity in case of such disruptionsshould be able to identify those events, the likelihood of occurrences, the processesmost at risk and the consequences, both financial and non-financial in nature. The riskmanagement program should provide clearly defined management responsibilities(including segregation of duties, authorizations and reconciliation procedures);appropriate control, monitoring and reporting systems; adequate security systems; andbackup systems, including activation of post-event processes and communicationstrategy.

December 1999 and subsequently issued a Guidance Paper for Fit and Proper Principles and TheirApplication in October 2000.



24/45

CHAPTER 6 SOLVENCY AND CAPITAL ADEQUACY ISSUES

The activities of insurance companies throughout the world are subject to supervision inthe interest of consumer protection. This is because an insurers core activity is theassumption of risks. The transfer of risk involves an underwriting risk for the insurancecompany which may call into question the insurers ability to fulfill its claims paymentobligations or to continue its business operations. Investment of assets generated fromthe advance premiums paid by policyholders for the transfer of risk to the insurer isexposed to various risks. Investment in income-bearing assets, too, poses risks, whichcan endanger the existence of an insurer.

Capital funds serve as a buffer against any unforeseen fluctuations in results, againstlosses that have not been anticipated. Capital enables an insurer to continue operatingwhile problems brought about by such fluctuations or unforeseen losses are addressedor resolved. In this way, the maintenance of adequate capital resources can engenderconfidence on the part of policyholders, creditors and the market more generally in thefinancial soundness and stability of the insurer. Capital is therefore the cornerstone of aninsurers strength.20

In the US, Europe and Japan, the deregulation of price and product controls hasunderlined the importance of minimum solvency margins. The US and Japan havedevised similar, complex formulae for calculating the minimum amount of capital fundsfor insurance companies. These take into account underwriting risk, asset risk and creditrisk. In the EU, in contrast, the capital funds required are calculated only on the basis ofthe underwriting risk. The asset risk is limited by means of investment regulations.

Minimum Capital and Surplus Requirements/Trend towards Risk Based Capital.

IAIS Core Principle No. 8 provides that The requirements regarding the capital to bemaintained by companies which are licensed, or seek a license, in the jurisdiction shouldbe clearly defined and should address the minimum levels of capital or the levels ofdeposits that should be maintained. Capital adequacy requirements should reflect thesize, complexity, and business risks of the company in the jurisdiction.21 This principleis aimed primarily at ensuring that insurers comply with legislated minimumcapitalization. Some countries have adopted a risk-based approach to establishingminimum levels of capital for insurers similar to the rules formulated through the BaselCommittee on Banking Supervision. However, insurance tests not only of risks on theasset side of the balance sheet, but also of insurance risks recorded as liabilities. Atpresent, there is no equivalent to the Basel Capital Accord in the insurance sector. This

is mainly due to the complexity in developing common standards that deal with thevariety of insurance liabilities and asset combinations available.22

Purpose of Capital Adequacy/Solvency Requirements

20 IAIS Paper on Solvency, Solvency Assessment and Actuarial Issues (Final Version), March 2000.21

Insurance Core Principles, IAIS, October 2000.22

Experience with the Insurance Core Principles Assessments under the Financial Sector AssessmentProgram, IMF and World Bank, August 2001.



25/45

Capital adequacy and solvency23both refers to an insurers ability to meet its obligationsunder all contracts at any time. However due to the very nature of insurance business, itis impossible to guarantee solvency with certainty. Thus, in order to come to apracticable definition, it is necessary to clarify under which circumstances theappropriateness of the assets to cover claims is to be considered, e.g., is only written

business (run-off basis24, break-up basis25) to be considered, or is future new business(going-concern basis26) also to be considered. In addition, questions regarding thevolume and nature of an insurers business, which time horizon is to be adopted, andwhat is an acceptable degree of probability of becoming insolvent should beconsidered.27 Solvency, or conversely insolvency, is therefore assessed by comparingan insurers assets with its liabilities because either side of the balance sheet can triggerinsolvency due to:

(1) Loss of value of the assets/investments, e.g., due to a stock market crash, interestrate changes or defaults by the issuers of bonds.

(2) Underwriting risk (increase in liabilities)

(a) Risk of random fluctuation (random increase in claims, although the lossdistribution was estimated correctly)

(b) Risk of error (calculation of the premium on the basis of an incorrect estimate ofloss distribution)

(c) Risk of change (the loss distribution changes during the treaty term or run-offperiod).

The underwriting risk may manifest itself during the period of cover or the run-off period(change in reserves risk). Underwriting risk is the major factor influencing the frequency

of insolvencies. The number of insolvencies tends to rise in years where the loss ratio ishigh.

While insolvencies are a normal side of competitive markets, consumer protection issuesjustify supervisory control.

(1) Losses may plunge consumers into severe financial difficulties. This gives rise to aparticular need for protection.

23 In the Australian life insurance context these terms are not used like synonyms: solvency is used

assessing financial health on a run-off basiswhile capital adequacy is used assessing financial healthon a going-concern basis.24 A method of considering the financial situation assuming that no new business will be written but that

the company will continue to operate with underwritten insurance contracts until the end of the termset by the policy conditions (e.g. the renewal date, the end of a fixed term, death of the insuredperson) including the settling of claims eventually arising during this period.

25 A method of considering the financial situation assuming that no new business is written and that the

company is liquidated (i.e., the investment portfolio has to be sold at that time).26

A method of considering the financial situation assuming that the company will continue to operateand that future business will be written.

27 IAIS Sub-Committee on Solvency and Actuarial Issues Paper (Final Version), IAIS, March 2000.



26/45

(2) As it is common for current business operations to be financed by advanced

premium payments from policyholders, insurers are not subject to supervision byprofessional creditors or liquid capital markets (as is the case, for example, for bondmarkets).

(3) Public sources of information provide insufficient transparency or up-to-date data toallow an insurers financial situation to be assessed accurately. For the individualpolicyholders, the effort required to procure and analyze the necessary information isvery large. It must normally be assumed, therefore, that policyholders haveinsufficient information at their disposal. This particularly matters if a guaranteefund28 is available should something go wrong; the policyholders lose the financialincentive to assess the insurers ability to pay (phenomenon of moral hazard).

(4) The existence of a guarantee fund may also generate a moral hazard problem withrespect to the insurance company. If insurers contributions to the fund are notcommensurate with their insolvency risk, then insurers are provided with an incentiveto accept extremely risky business, since the negative consequences are shared by

all insurers.

It is for these reasons that solvency regulations are needed to guarantee that insurershave sufficient capital funds. Should an insurer fail to meet the requirements on capitalstrength, it should be possible for the insurance supervisor to intervene as early aspossible in order to avoid excessive indebtedness at the expense of the policyholder orthe guarantee fund. However, supervisory intervention need not prevent everyinsolvency, as this would be inefficient. Rather it should reduce insolvencies to anacceptable minimum.

Objective of a Minimum Statutory Solvency Requirement29

The structure, size and complexity of the insurance industry make it difficult forconsumers, brokers, analysts, competitors and other interested parties to adequatelyassess the institutional risk of the provider of insurance products and services in relativeor absolute terms. A risk assessment of the insurer may be a critical element in thedecision to purchase an insurance product or service. The customer is buying a promiseof a future benefit and needs assurance that the promise can be fulfilled.

The main purpose of the supervision of insurance in general is to ensure that insurershave the capacity to meet their obligations to pay the present and future claims ofpolicyholders. It is also of great value to make information on the financial soundness ofinsurers known to the insurance market.

To reduce the risk of failure for insurers, insurance supervision has the core requirementthat insurers should maintain sufficient assets to meet obligations under a wide range of

28 Several countries have established state guarantee funds to cope with the consequences ofinsolvencies. The US and the UK have introduced protection schemes for all personal lines ofbusiness; in Germany and France, such mechanisms are only in place for motor liability insurance.Japan established in 1998 the Policyholder Protection Corporation to cover for 90% of all losses;100% for obligatory motor liability and private natural hazards insurance.

29 IAIS Sub-Committee on Solvency and Actuarial Issues Paper (Final Version), ibid.



27/45

circumstances. Such a requirement is often described as the statutory minimumsolvency requirement30and may have the following purposes:

Reduce the likelihood that an insurer will not be able to meet claims as and whenthey fall due.

Provide a buffer so that the losses of the policyholders can be limited in the event ofthe failure of the insurer.

Provide an early warning for regulatory intervention and early corrective action,taking into account that the supervisor may have access only to incompleteinformation, and that corrective action may be subject to delays.

Promote the confidence of the general public in the financial stability of the insurancesector.

It is also well understood that a requirement of a statutory minimum solvency shouldhave a dynamic basis or approach. This means that the solvency assessment should

have some relevance to the ability of the insurer to continue to be able to sustain newbusiness after the point in time at which the current solvency situation is assessed.

The statutory minimum solvency requirement is not designed to completely eliminate therisk of institutional failure and the requirement must in practice be kept within bounds. Atsome level, the marginal benefit to policyholders and other creditors of increasing theminimum requirement is outweighed by the marginal cost of capital to the insurer. It isoften difficult to avoid that such costs are ultimately passed on to policyholders in theform of higher premiums or reduced benefits. From the point of view of efficiency, theminimum statutory solvency requirement should thus, in theory, be set at an equilibriumvalue in the sense described. Lack of data and suitable models makes this task difficult.There are also differences in legislative and supervisory traditions as regards the attitude

to the role of mathematical and statistical models. In practice, the determination ofminimum requirements seems to be based on experience with or without explicitreasoning and modeling based on risk theory. In the latter case, the initial aim may beset as some acceptable level of probability of ruin or level of resilience, but in the end,the final requirement will often be the result of some kind of a muddlingthroughprocess, balancing different interests in a less formal manner.

Types of Statutory Minimum Solvency Requirements31

There is a variety of ways in which statutory minimum solvency requirements can bedesigned and imposed on insurers; some important ones are outlined below. Theapproaches can be said to fall into two groups: fixed ratios and riskbased capital on

one hand, and tests based on more extensive risk or ruin theoretic modeling of thewhole business on the other. In addition and as a complement, there are the moreversatile tools of scenario testing and dynamic solvency analysis32.

30 The minimum amount of solvency margin (surplus of assets over liabilities) stipulated by domestic

law.31

IAIS Sub-Committee Paper on Solvency and Actuarial Issues, ibid.32 Dynamic solvency analysis is an actuarial exercise where the assumptions adopted in examining the

financial condition of an insurer is varied in order to assess the companys ability to withstandchanges in both the external economic environment and in its own internal experience.



28/45

Under the fixed ratio model, requirements are pegged to a fixed proportion of somebasis or proxy of exposure to risk, often an item from the insurers balance sheet or profitand loss account. Examples are choices of a percentage of premiums written or a quotaof the outstanding claims provisions. In practice, the corresponding proportions or ratiosinvolve some degree of arbitrariness, a single ratio often being used for a wide range of

activities and having been determined on the basis of general data.

A fixed ratio of premiums is a natural point of departure in non-life insurance. Writtenpremiums are an acceptable proxy for the exposure to risk, especially for types ofinsurance that have rather quick settlement of claims. Such a ratio is part of the solvencyrequirements of the European Union and Australia. The ratio applied may reflect theoverall volatility of risks, but may also be more finetuned and may be differentiatedbetween different classes of business. The ratio may also be lowered for premiumvolumes exceeding some threshold value, e.g. in the European Union, taking intoaccount that the relative risk in a large portfolio of independent risks is lower than in asmaller portfolio.

A fixed ratio of the provisions for outstanding claims is natural in non-life insurance formeasuring reserving risk, especially for types of insurance with a slow ratio of settlementof claims. This is used in Australia. The European Union rules use a fixed ratio of theaverage claims cost, averaged over three years in general, but over seven years forcredit, suretyship, storm and hail insurance. The larger of such a ratio and theaforementioned ratio of premiums determines the solvency requirement.

For life insurance, fixed ratios may be applied to measures of exposure relevant to therisk at hand. The technical provisions for life insurance contracts may be a basis formeasuring the exposure to the risk of guaranteeing yields on contracts. For contractsoffering benefits at death, the sum at risk, i.e. the sum that the insurer must add to thetechnical provisions in case of death, is a better base for the exposure to adverse

deviations in the mortality assumptions. For the mortality risk of annuities, i.e. the risk ofunderestimating life expectancies, the technical provisions may be a better exposuremeasure.

The fixed-ratio approach has the benefit of being simple to describe and to calculate.However, from a theoretical point of view, the fixed-ratio approach has some drawbacks,to some extent also shared with the risk-based capital approach:

A general approach may not adequately respond to different risk profiles of individualinsurers, notably in non-life insurance.

To the extent exposure is based on historical data, there is no explicit dynamic,

forward looking basis for the approach.

A general model may be vulnerable to the choice of exposure basis and respondillogically, e.g. by increasing requirements in response to stronger premiums or safertechnical provisions, and decreasing requirements with rebates on premiums or withweaker reserving.

In response to the coarseness of the simpler fixed-ratio models, risk-based capital (RBC)models have been developed. The minimum requirement is then built up from a number



29/45

of lower level ratios, relating to a refinement of risk elements, e.g. different insuranceclasses, long-tail risks and risks on the asset side. Exposure bases such as premiums orprovisions can be adjusted to some extent for deviations from market standards. Inaddition, some efforts are usually made to take interaction between the lower level ratiosinto consideration. Still, the level of detail must strike a balance between what ispracticable and what ratios can be assessed with adequate data and models; otherwise

this approach will be difficult to implement and its adequacy will be cast in doubt.

Risk-based capital is presently a characteristic of solvency practices in Japan and theUnited States, but refined risk factors are also known e.g. in Canada as regardsinvestments. As mentioned, it is in many ways a refinement of the fixed-ratio approach,using similar exposure measures, such as premiums, technical provisions or assetamounts. A useful aspect of risk-based capital as applied in the United States andJapan, and not in itself depending on the more refined approach to risks, is theintegrated system of control levels or trigger points33. The idea is to prescribe certainactions or procedures at fixed levels in excess of the 100 per cent level of fulfillment.Such a system of control levels is of course compatible with other solvency practicesand is used, at least informally, elsewhere.

Under risk or ruin theoretic approaches, the main criterion is to preserve an acceptablylow probability of ruin or failure over some time horizon, ranging from a few years to 30or more. In addition to the approximations that must be made in order to find workablemodels, some degree of arbitrariness lies in the choice of such probabilities andhorizons. Simpler variants of this approach may be implicit in the use of fixed ratios andrisk-based capital. Here focus is, however, on a more explicit approach, usually dynamicin the sense that it builds on models for future development under some assumptions,models describing the potential variation or volatility of insurance activities. An importantexample is the risk theoretical solvency test used in Finland. Within a framework laiddown by the supervisory authorities, a company can calculate its solvency requirement.The basis is a model approach reflecting many facets of risks, and in several ways

reminiscent of the modeling activities now tried out by many major banks. The modelingprocess that is required may give deeper insight into the insurance processes, but theremay be considerable problems:

The models used to describe experience may be too general and the underlyingprocesses may be poorly understood, such as business and rating cycles

Some aspects may not have a meaningful statistical description or analysis, such asrare events or future changes in market behaviour or legislation.

Model approximations may be so extensive that the value or relevance of calculatedor simulated values may be insufficient.

Under the supplementary approach using a scenario survivorship model or dynamicsolvency analysis, the insurer is required to test its solvency against a range of adverseconditions in the form of prescribed scenarios. The scenarios may apply to either the

33 A threshold value that requires intervention of the supervisor or imposes certain restrictions on theinsurer if its available solvency margin falls short of this amount. A system of solvency requirementsmay have more than one control level for different types of regulatory action (e.g. RBC approach ofUS, EU solvency requirements).



30/45

existing business or there may be some consideration of new business over a chosentime period. The choice of scenarios and time period where new business is considered,involve a degree of arbitrariness. The approach is clearly dynamic and gives insight intothe insurance process, but some drawbacks are:

It may be difficult to find scenarios that are both predictive for the individual risk pro-

file of an insurer and that can be tested using available data.

Compliance costs can be high, as testing usually requires substantial computermodeling.

Scenarios and dynamic solvency analysis have seen an important development primarilyin Canada and the United States, and steps have been taken to give such approaches aformalized framework for supervisory purposes.

Some general conclusions34

The approaches to statutory minimum solvency requirements fall into two groups: fixed

ratios and risk-based capital on the one hand and tests based on more extensive risk orruin theoretic modeling of the whole business on the other. The latter approach may beused as a supplement to the former method. A fixed ratio or riskbased capital approachmay be seen as a common method for stipulating solvency requirements. Using thisapproach, the insurer is required to maintain a certain minimum amount of surplus ofassets over liabilities. At given time intervals, the company has to prove that its availablesolvency margin, i.e. the amount of capital elements which are considered as free capitalfor regulatory purposes, exceeds the required minimum margin. The regulatory systemprovides one or more control levels.

The minimum statutory solvency requirement is one element of a larger conceptualframework involving solvency and financial health in the sense of the ability to fulfil

commitments. Seen from the point of view of financial disclosure, the cornerstones of asatisfactory solvency are proper provisions for liabilities and sufficient resources forcovering losses. Such resources may include items on the balance sheet, such ascapital (equity, reserves), reinsurance ceded, but possibly sources not formally on thebalance sheet, such as guarantees or the levy of additional contributions from membersof a mutual insurance company. Seen in a wider perspective, solvency is founded on awell-managed business, with proper pricing and balancing of risks and suitablecomposition of portfolios of insurance contracts and assets. Also investment practicesincluding the use of derivative instruments are usually seen as areas of specialimportance to solvency.

Trade-Off between Security and Capital Costs

Insurers generally hold substantially more capital than the amount required by insurancesupervisors. The main advantage of this buffer is that policyholders can feel secure inthe knowledge that their claims will be paid and shareholders can be comfortable thatthe ability of the company to continue making profits is protected. However, holdingcapital funds is costly (capital costs). Incurring unnecessary capital costs lowersshareholder investment returns and raises policyholder premium rates.

34 IAIS Sub-Committee Paper on Solvency and Actuarial Issues, ibid.



31/45

A number of stakeholders have perhaps diverging interests regarding the equity baserequired of an insurer. Policyholders benefit from the knowledge that the insurer canmeet claims paying commitments, yet policyholders do not want capital requirements tobecome so burdensome that premium rates become excessive. Insurance supervisors,too, aim at protecting the consumer while maintaining the long-run viability of insurance

markets. A companys owners, in contrast, are interested in generating a high riskadjusted return on their investments and so must make a trade-off between protectingthe franchise value of their company on the one hand and incurring capital costs on theother. Both staff and management have a vested interest in keeping their company inbusiness and in having leeway for action, while also keeping shareholders happy. Ratingagencies, too, are interested in the fulfillment of all obligations, which includes all theclaims of investors. Each of these stakeholders has a different view regarding the trade-offs involved in holding capital, and conflicting views about the optimal amount of capitalfunds can result.

Only a relatively small number of physical assets, such as an office building, andcomputer hardware, are needed for a company to offer insurance protection. Risk capital

is not tied to normal business activities and can thus be invested profitably. The netcosts of reserves are thus the costs of capital funds minus the investment returns. Fromthe investors standpoint, the fact that an insurer has capital funds available which it canreinvest in the capital market gives it the traits of an investment fund. The insurersindirect investment risk in the capital market is leveraged by the underwriting risk.However, an insurance companys investment of capital involves substantial taxdisadvantages and agency costs when compared to a direct investment by an investor.

Summary Comments on Solvency Margins

It is a standard requirement of insurance regulation that companies must hold additionalassets over their policyholder and other accounting liabilities. Such prudential solvency

margins are a demonstration of technical solvency. If they are breached they do notnecessarily signify that an insurer is insolvent and unable to meet its obligations topolicyholders and other parties. Properly designed they act as an early warning systemof potential difficulty and allow the supervisory authorities to initiate action to avoidfailure.

There is no single answer for the appropriate level of a solvency margin. Set at too higha level the margin will impose an excessive capital requirement on insurers leading to ahigher cost of insurance to consumers and reduced level of profitability to shareholders.Excessive capital requirements may also deter new entrants to the market and reducecompetition. On the other hand, if solvency margins are set too low then there is thepossibility that weak companies will be allowed to continue to operate for too long at risk

to policyholders.

The strength of the system does not depend solely on the level of solvency margin butalso to the degree of conservatism or otherwise included in the determination ofpolicyholder liabilities. The extent that these also include prudential margins can bereflected in the solvency margins required.

The development of solvency margins, and the underlying theoretical bases, hasevolved over time as insurance markets have grown. Developments have however been



32/45

exponential in recent years. This has been due to a combination of more complexinsurance and investment markets, a deeper understanding of risk management and theavailability of more powerful computing tools.

Until the 1990s solvency margins were generally formula (fixed-ratio approach) drivenand concentrated primarily on liability risks. Since then there has been a move to

decompose the risk on both the asset and liability sides of the balance sheets and makean assessment of risk, which is more specific to the individual company (the risk basedcapital approach). There are parallels with the banking industry where the original BasleCapital Accord on a formula approach to calculation of tier 1 and tier 2 capital are beingreplaced by an encouragement to banks to make a more detailed assessment of risk.

The formula based approach has the advantage of simplicity and ease of application butconversely it does not capture the details of a particular companys risk exposure. Whilethe risk based capital approach may appear superior it does have its own problems. It isdefinitely more complex, difficult and expensive to implement. If too great a freedom isgiven to insurers in the choice of assumptions and parameters the approach can behighly subjective. Its efficacy is also untried.

A middle variation on the pure risk based capital approach is to specify the categories ofrisk which must be assessed, but to mandate risk percentages (and hence capitalrequirements) based on industry analysis. Whichever approach is selected theeffectiveness of the supervisory system will depend not only on the method but also onthe level at which the various requirements are set.



33/45

CHAPTER 7 RISK BASED SUPERVISION

With a growing trend towards a prudential approach to insurance supervision,supervisory emphasis is placed:

on the strength of an insurers management,

on statutory responsibility for sound practice being placed on the insurer and itsadvisers (e.g. forms of corporate governance),

in supporting the increasing competence of relevant professional bodies (i.e.auditors and actuaries) and their involvement in the supervisory process, and

on encouraging as far as possible market-based self regulation for market conductissues.

Protection of policyholders is provided by placing emphasis on quality of managementand solvency with there being additional policyholder benefit from competitiveenhancement of products and services. Forms of prudential supervision are consistentwith a market that is becoming more dynamic and is in the process of change.

The level and frequency of supervisory scrutiny however will depend on the riskassessment of the insurer as an institution. Insurance companies that are well managedrelative to their risks will require less supervision; not all areas within an insurer need tobe reviewed every year. More often than not the insurance supervisor has limitedresources and therefore must deploy those resources more effectively and efficiently.

The supervisory authority will need to develop and implement a supervisory framework

that will provide an effective process to assess the safety and soundness of aninsurance company by evaluating the insurers risk profile, financial condition, riskmanagement processes, and compliance with applicable laws and regulations. Such isthe nature of a prudential supervisory approach that is risk based.

What is Risk Based Supervision

Risk based supervision is a structured approach to identify the key risks to whichinsurance companies are exposed, to assess the risk mitigation techniques that areused to manage these risks, to assess the net risk exposure that emerges in terms of itslevel and volatility and then to focus the supervisory effort on the most significant ofthese net risk exposures.35

Supervision will include reviews of an insurers major risk management control functionssuch as financial analysis, compliance, internal audit, risk management system,including senior management and board oversight. Because the supervisory authorityfrequently has limited resources it must focus its resources on insurers where there isthe greatest probability of financial difficulty. The supervisor will rely on external auditors

35 Risk Based Supervision of the Insurance Companies, An Introduction, John Thompson.



34/45

for the fairness of the financial statements and on actuaries36 for the adequacy of policyliabilities and will use their work to modify the scope of its own reviews to minimizeduplication of efforts. The supervisor should be able to discern the relative level offinancial risk, or risk profile, of each company. This includes not only the level of risk forone company relative to another, but also the areas of greatest risk within a particularcompany.37

Risk based supervision is structured because it systematically considers all of the keyaspects of a companys business and within each looks at the risks to that area ofoperation. These key areas can be either business lines, geographic areas of operationor operational areas within the company itself. This structured approach, together withthe documentation that emerges, breaks the work into manageable pieces. Over timethe whole company would be looked at in this way and the most vulnerable areas of thecompany will be identified for detailed analysis. By keeping the documentation andanalysis up to date the supervisor can quickly review the supervisory examination planfor the year and focus resources on the most critical areas.38

As with most systems, the initial implementation stage is the most difficult phase of the

supervisory process when the supervisor gathers, collates and develops a database foreach insurer. The supervisor builds up the database of knowledge that will be used toform an overall assessment as to the risk level in each company through:

(i) ratio analysis,

(ii) information gleaned from on-site inspections,

(iii) information picked up in general conversations with people in the industry, and

(iv) articles in trade journals and the media.39

This is where information technology (IT) plays a very important role in the supervisoryprocess. IT is no longer simply an enabler, it is a powerful force of change. Thesupervisory authority has to integrate its supervisory strategy, organizational capabilityand information technology with each other. The supervisor can carry out benchmarkingstudies on a range of subjects, which compare companies with their peers to identifybest industry practices for dealing with various levels of risk.

Through IT and an effective management information system, the supervisor candevelop and establish an early warning system (EWS) that would detect potential as wellas developing problems with insurers. An EWS may well be the trigger for activeintervention by the supervisor at the earliest possible time.

The section on The Supervisory Process contained in the paper SupervisoryFramework 1999 and beyond issued by the Office of the Superintendent of FinancialInstitutions of Canada can be a model for a risk based supervisory approach.

36 Appointed Auditor and Appointed Actuary systems.37 Re-Engineering Insurance Supervision: Policy Research Working Paper 2024, Lawrie Savage,

World Bank.38 Risk Based Supervision, ibid.39

Re-Engineering Insurance Supervision, ibid.

Risk Managem

Documents

Risk Management File 1