Risk Management Report - PACICC Plan.pdf · P&C liquidation expertise1 has “retired” (or will soon) High Financial Risk 1-2 Insolvency cost exceeds annual assessment capacity

Risk Management Report

April 2015

What’s new in this report: Risk Limit / Risk Appetite Statement

Revised Risk Register

Nine new and emerging risks (see Section 3 of

Risk Register)

Contents

Page Introduction

1

Mission and Principles

1

Risk Management

1

a) Risk Limit / Risk Appetite Statement b) Risk identification

2 3

Risk Profile

5

Risk Register Section 1: Major and significant risks Section 2: Other identified risks Section 3: New and emerging risks

7

13 19

Appendix: Risk management definitions

22

1

Introduction Each Spring the Board of Directors prepares a report on PACICC’s risk management activities (this report). The annual Risk Management Report is developed by the Audit and Risk Committee and senior management. Risk management is also a continuous process at PACICC, reviewed as a standing issue at meetings of the Board, the Audit and Risk Committee, and senior management. The Advisory Committee of insurance industry Chief Risk Officers provides independent advice on best practices, when requested. Risk management is central to the successful management and governance of PACICC.

PACICC Mission Statement and Principles The Mission of the Property and Casualty Insurance Compensation Corporation is to protect eligible policyholders from undue loss in the event that a member insurer becomes insolvent. We work to minimize the cost of insurer insolvencies and seek to maintain a high level of consumer and business confidence in Canada’s P&C insurance industry through the financial protection we provide to policyholders. Principles:

a) In the unlikely event that an insurer becomes insolvent, policyholders should be protected from undue financial loss through

prompt payment of covered claims.

b) Financial preparedness is fundamental to PACICC’s successful management support of insurance company liquidations,

requiring both adequate financial capacity and prudently managed compensation funds.

c) Good corporate governance, well informed stakeholders and cost effective delivery of member services are foundations for

success.

d) Frequent and open discussions with members, regulators, liquidators and other stakeholders will strengthen PACICC’s

performance.

e) In-depth P&C insurance industry knowledge – based on applied research and analysis, is essential for effective monitoring of

insolvency risk.

Risk Management Risk management includes all actions used to control risks that could prevent PACICC from achieving its mission. PACICC’s risk management framework sets out the policies and governance, key responsibilities, processes and activities necessary for effective risk management. (See the Appendix for a list of definitions generally associated with risk management and as used at PACICC.) Two elements of the risk management framework include:

The risk limit / risk appetite statement establishing the amount of risk PACICC is willing accept or tolerate

The process for identifying risks that will be subject to analysis, assessment and monitoring.

2

a) Risk Limit / Risk Appetite Statement (NEW)

PACICC’s risk limit / risk appetite is $1.54 billion. PACICC measures its risk limit / risk appetite in relation to its ability to generate revenue from member companies over a two-year period to pay for the eligible claims of an insolvent member. PACICC’s annual maximum assessment capacity is 1.5 percent of the total covered premiums of member companies. Based on 2014 industry results, PACICC can generate up to $1.54 billion over a two-year period. PACICC also maintains a Compensation Fund to address liquidity issues in the days and weeks immediately following a member insurer insolvency. The Compensation Fund presently holds an additional $52 million. The annual assessment cap seeks to minimize the risk that funds required by PACICC could impose a solvency risk on healthy member insurers. It is possible, although very unlikely, that PACICC’s requirement for funds may exceed its risk limit / risk appetite. PACICC is actively working to reduce the risk of an extraordinary insolvency event. PACICC is also working to establish alterative financing options. However, as the financial guarantee fund for the industry, PACICC does not have the authority to reject member insurer insolvencies. If PACICC needs to generate more than $1.54 billion through our current funding mechanisms, then the required funds would be collected over several years, and approved payment of consumer claims would be delayed until funds become available. Key reasons why PACICC’s risk limit-risk appetite is set at two times the annual general assessment capacity include:

This is the maximum industry assessment that could be levied on member firms without causing further solvency problems or

possible contagion effects

Two years is a reasonable time period to settle most eligible policyholder claims resulting from the insolvency of a member

company based PACICC’s experience paying the covered claims of failed members, and claims development in the industry

Funds recovered from a liquidated estate are generally not available for a period of several years or longer so it is important

that PACICC has the capacity to generate most of the required funds to wind-up an insolvent insurer

Two years is the maximum time that PACICC should plan to commit all of its capacity to wind-up a member insurance

company, because a longer time period would impair PACICC’s preparedness to respond to the risk of subsequent

insolvency events

PACICC maintains a Compensation Fund that is available to meet initial payout requirements during the early stage of a

member company insolvency. (The Compensation Fund had a market value of $52 million as of February 2015)

To fulfill its Mission, it is essential for PACICC to refund unearned premiums promptly, and to settle claims within a

reasonable period following a member insolvency. Protecting this “ability to pay” helps maintain consumer confidence in

Canada’s P&C insurance industry, and preserves PACICC’s reputation as a reliable guarantee fund.

Claims liabilities beyond PACICC’s risk limit / risk appetite are extraordinary risks, and must be managed outside the normal general assessment mechanism. For example, revenues to pay for these additional claims liabilities could be generated through PACICC’s proposed extraordinary funding mechanism.

3

b) Risk Identification

PACICC maintains a comprehensive risk profile of all the key significant risks that could prevent the organization from achieving its mission. The risk profile was prepared by PACICC’s Audit and Risk Committee and senior management. It is continuously reviewed and updated as necessary. The Board is ultimately responsible for assuring the risk profile is appropriate for the organization. PACICC has established criteria for identifying significant risks. Parameters are set for gradients of impact (severity) from low to high,

and similarly for likelihood (probability). In some cases, consideration of the adverse impact on reputation is required and appropriate

gradients are set.

Risk Register

Considering PACICC’s Mission and key functions, each aspect of an organization’s operation, activities and functions is assessed as

to vulnerabilities. In turn, each vulnerability is analyzed and reasonably likely causes or triggers are identified. Consequences are

considered, including possible reputation impacts. Each risk is assessed as to potential impact, considering a reasonable probability

of the risk occurring. If considered significant, the vulnerability is posted and tracked on the risk register with brief notes as to the

basis for the risk being assessed as significant.

Risk Profile

PACICC has established a threshold of acceptable risk, based on the organization’s risk limit / risk appetite. Three “zones” are

utilized, as follows:

Red Unacceptable risks

Yellow Risks to be monitored closely

Green Risks to be managed

For PACICC, the risks assessed as falling in the red and yellow zones are priority issues and these are posted on the risk profile,

which is used for more extensive analysis, monitoring and reporting.

Identifying risks (new and emerging)

Once a risk profile is prepared, one challenge is identifying new and emerging risks. Risk identification is a process that is used to

find, recognize and describe the risks that could adversely affect PACICC’s ability to achieve its mission. This includes the

identification of possible triggers and potential consequences. Historical data, theoretical analysis, informed opinions, expert advice

and stakeholder input are used to identify PACICC’s risks. This is a dynamic process, assigned to senior management working with

4

the members of the Audit and Risk Committee to coordinate and to lead the necessary review to keep the risk profile current as to

the risks most likely to affect the organization.

Senior management conduct an annual exercise dedicated to reviewing and updating the risk profile. This includes a ”brain-storming” segment that is used to identify new risks and to validate existing risks. Risks are reviewed periodically to ensure that management and the Board of Directors have a comprehensive understanding of the risks and the various impacts on the organization.

Risk Assessment

Part of identifying risks includes discussing the ranking and prioritizing of the identified risks. Senior management works with the Audit and Risk Committee to review and solicit information as to risks, and to quantify the potential impact of a risk on the organization. Part of the review seeks to analyze co-related risks and to determine the combined impact. In addition, the federal regulator (OSFI) periodically requires the industry to prepare “stress test scenarios” considering co-related risks. Part of the assessment requires consideration of the potential impact of adverse publicity or reaction by stakeholders. Of particular importance are risks that could diminish PACICC’s ability to maintain confidence in the financial viability of Canada’s P&C insurance industry.

In assessing risks, PACICC considers the probability of an event occurring. The potential impact is then assessed and used as the basis for the organization’s risk management priorities and action plans. In PACICC’s case, a key consideration is the likelihood of a risk causing member insurers to become insolvent.

Periodically, a reality test as to the ranking and prioritizing of risks is a valuable step. While subjective, this exercise helps ensure that profiled risks are rated appropriately and are receiving adequate resources and attention.

5

PACICC’s Risk Profile, as at April 2015

Very High

Financial Risk 1-1 Insolvency cost exceeds two times annual assessment capacity

Risks:

1-1 Failure of one of Canada’s 10 largest P&C insurers; or multiple failures from a catastrophe

1-2 Failure of a larger member insurer; or multiple, smaller insurer insolvencies

1-3 Supervisory practices below minimum IAIS standards

1-4 Rate regulation may contribute to insurer insolvency

1-5 Insurance company winding-up practices in Canada are outdated

1-6 Adverse changes in new insurance legislation

1-7 PACICC could be forced to increase coverage & benefits

1-8 Risks 1-1 or 1-2 could place extraordinary demands on PACICC’s human resources

1-9 Lack of member financial information could result in higher-than-expected wind-up costs

1-10 Much of Canada’s accumulated P&C liquidation expertise has “retired” (or will soon)

High

Financial Risk 1-2 Insolvency cost exceeds annual assessment capacity

Regulatory Risks 1-6 New laws 1-7 Benefits

unilaterally enhanced

Medium

Operational Risks 1-8 Extraordinary

resource demands

1-9 Insolvency costs greater than anticipated

Operational Risks 1-10 Lack of

Liquidator expertise

Low

Regulatory Risks 1-3 Inadequate

solvency supervision

1-4 Regulation of rates

1-5 WURA

Very Low Low Medium High

Likelihood

Imp

act

Ra

tin

g

6

Rating Criteria

A. Impact (Severity)

Impact Criteria Ranking

Low Medium High Very High

a) Assessment Risk < $ 5 million $5 to $500 million $ .5 to $1.5 billion >$1.5 billion

b) Operations Risk <$100 thousand $ .1 to $1.0 million $1.0 to $2.0 million >2.0 million

c) Reputation Risk Isolated complaints, industry focus only

Local media and regulatory involvement

Social media exposure, wide media coverage, regulatory involvement

Constant national media attention, government intervention

B. Likelihood (Probability)

Likelihood Criteria Ranking

Very Low Low Medium High

All risks Occur < 1 / 100 years Occur within 10 yrs Occur within 5 yrs Occur within 1 yr

7

Section 1: Major Risks (red) and Significant Risks (yellow)

Risk No

Inherent Risk and Description

Triggers for adverse Impact Controls/ Mitigation Rating (Net Risk)

Impact Likelihood

1-1 Financial Risk – Costs

exceed two times

PACICC’s annual

assessment capacity

Failure of one of Canada’s 10-largest P&C insurers (or failure of their parent companies)

Concurrent, multi-member insurer insolvencies, resulting from a major natural or man-made catastrophic event.

An extensive major financial crisis leading to multiple insolvencies. Factors could include; stronger economic growth and employment could fuel higher inflation, adverse reaction to volatility of the market, Bank of Canada may increase interest rates.

PACICC monitors the financial condition of the industry and individual insurers within the industry

PACICC has prepared an extensive analysis as to the critical point for the industry’s capacity to react to catastrophes (Natural Disasters and Catastrophes - 2013)

PACICC has initiated a review aimed at setting up an Extraordinary Funding Mechanism

PACICC has established a Compensation Fund of approximately $52 million under PACICC control to meet immediate requirements.

OSFI and other regulators monitor insurer exposure to Earthquake (Guideline B-9)

IBC has a committee reviewing impact of the costs of extreme earthquakes

PACICC is working with RMS Canada to develop more accurate estimates of the potential for a large earthquake to trigger insurer insolvencies Canadian Institute of Actuaries requires inflation risk to be taken into account as part of DCAT modelling OSFI’s annual stress testing exercises recently examined higher inflation (in 2010)

Very High Very Low

8

Risk No



Impact Likelihood

1-2 Financial Risk –

Annual payout exceeds

industry annual

assessment capacity

Insolvency of a larger Member insurer could result in an assessment greater than the Annual Assessment Threshold in the first year of an insolvency.

Assessments for concurrent, multiple insolvencies of smaller member insurers could also exceed the industry Annual Assessment Threshold

Failure of a smaller or provincial insurer (concentration in a small market, e.g. province) which limits the assessment base)

An unexpected event adversely affects the profitability of a number of Member companies – e.g. a natural catastrophe, terrorism or adverse economic trends, with adverse impact on Member ability to meet increased expense for annual assessment

Insurers have not adequately controlled their underwriting exposure in the earthquake zones

Insurers have not arranged sufficient reinsurance protection

PACICC monitors the financial condition of the industry and individual insurers within the industry

PACICC has established a Compensation Fund of approximately $52 million under PACICC control to meet immediate requirements.

PACICC has initiated a review aimed at setting up an Extraordinary Funding Mechanism

PACICC has prepared an extensive analysis as to the critical point for the industry’s capacity to react to catastrophes (Natural Disasters and Catastrophes - 2013)

Policyholders in B.C. and Alberta will soon be required to have coverage for fire following an earthquake

PACICC is aware of efforts by IBC to update estimates of insured and economic losses that could result from a major urban earthquake in Canada

PACICC is currently working with RMS Canada to develop more accurate estimates of the potential for a large earthquake to trigger member insurer insolvencies

High

Very Low

1-3 Regulatory Risk –

Inadequate solvency

supervision

Some insurance legislation and/or regulations at the provincial level in Canada do not contain adequate standards for insurance solvency supervision. In particular, practices do not meet the minimum standards published by the International Association of Insurance Supervisors

PACICC advocates that insurance solvency supervision be done by regulators that meet international standards. Presently, some provincial supervision falls below IAIS standards

Dr. Norma Neilson (U. of Calgary) has documented which provinces do not meet

Low High

9

Risk No



Impact Likelihood

(IAIS)

international standards for solvency supervision

Ontario announced its intention to withdraw from insurance solvency supervision

CCIR established a solvency supervisory working group

PACICC has developed an insolvency protocol; updated its Model Winding-Up Order; developed case-study materials that have been distributed to all insurance superintendents; and has conducted seminars with regulators in B.C., Alberta, Ontario and Newfoundland


Regulation of

insurance rates may

contribute to insurer

insolvency

Political pressure exerted on the rate filing/approval process (e.g. Ontario to reduce rates)

Incorrect assumptions regarding what constitutes an adequate rate of return for an insurance company

Insurance companies are not permitted to challenge the decisions of rate regulators if insurers disagree with those decisions

Relatively weak regulation of actuarial practices for pricing and loss reserving in some provinces

Discussions by politicians to regulate property rates

Scrutiny of insurance company financial health by rating agencies, supplemented by PACICC’s own financial analysis

Growing use of risk-based supervision by regulators

PACICC research on the relationship between solvency and rate regulation

PACICC encourages senior staff at OSFI to communicate concerns regarding the regulation of rates (for example, automobile insurance rate reduction) to provincial supervisors when they deem it appropriate

PACICC is seeking to strengthen provincial regulation of actuarial practices. PACICC is also seeking more information about the role of consulting actuaries in the regulation of insurance rates

Low High

10

Risk No



Impact Likelihood


Insurance company

winding-up and

restructuring legislation

and practices are out-

dated in Canada

Canada's Winding-up and Restructuring Act (WURA) has not undergone a comprehensive review in nearly 100 years

Few updates and changes have been made to the WURA

Insolvency management and corporate restructuring practices have evolved internationally at a much faster pace than has Canada's legislative framework

PACICC made a detailed submission to Finance Canada in November 2010 proposing specific changes to modernize the WURA. The submission was made as part of the scheduled five-year review of Federal financial-sector legislation

PACICC has also initiated stakeholder discussions about the difficulties expected with a complex, conglomerate failure

Progress toward mitigating this risk has been slow. We expect some international pressures – coming from the Financial Stability Board and from the IAIS – ultimately to assist in modernizing Canada’s resolution regime for failed P&C insurance companies. But the timing remains difficult to predict. In the meantime, PACICC faces some reputation risk among its members when existing (or new) insolvencies take many years to be resolved

Low High


Adverse changes in

new insurance

legislation

Government could enact legislation affecting aspects of PACICC’s operations (e.g. membership eligibility, industry funding, reporting procedures, Board composition, regulatory oversight, etc.)

PACICC could be compelled to add members in a line or lines of business inconsistent with its current mandate

The risk is higher for legislation proposed or enacted by provincial governments

Review of PACICC coverage and benefits (scheduled as 2016 priority)

PACICC maintains regular dialogue with industry regulators to ensure that possible risks and exposures are understood

Active monitoring of industry developments and financial performance

Regular communication with stakeholders helps ensure that PACICC's mandate is clearly understood

High

Low

11

Risk No



Impact Likelihood


Benefits unilaterally

enhanced; insolvency

costs are deemed

unrecoverable

Broader interpretation of insurance policy wording by courts and regulators

Insurance supervisors could, for example, coerce the industry into funding higher levels of premium refunds than PACICC currently provides

If PACICC was forced to cover certain specialty lines, the assessment base could be insufficient to fund the costs of failure (for example, this could be triggered by a change in a provincial statute)

Maintain a good understanding of financial guarantee fund best practices in other countries

Educate stakeholders on best practices

Continue to advocate that moral hazard risk be minimized and that protection apply to personal lines and business policyholders, excluding large corporations

High Low

1-8 Operational Risk –

Extraordinary demands

on PACICC’s human

resources due to the

failure of a larger

member company, or to

multiple company

failures

Large or multiple insurer failures would likely result in a high volume of requests for claims settlement authority and/or resolution of related issues

PACICC has developed a contingency plan to address this risk. The plan was approved by the Board in November 2010

Regular dialogue takes place with regulators to discuss troubled companies

PACICC staff conduct periodic solvency tests on member insurers

Medium Low


Insolvency costs

greater than anticipated

Insolvency of a Member company for which PACICC has no or limited financial data and is ill-equipped to assess insolvency costs in advance

Our research shows that deficient loss reserves and/or inadequate pricing are key causes of insurer failure (deficient reserves are hard to detect in advance)

We advocate that insurance supervisors make insurance company financial data publicly available (consistent with PACICC position paper). Some success was achieved with Alberta’s decision in 2009 to make insurance company data public. (Discussions with other provinces continue)

Through a combination of publicly available data and voluntary disclosure, PACICC now has financial data for all but 6 percent (or 12) of its member companies

Medium Low

12

Risk No



Impact Likelihood

We encourage provincial insurance supervisors to adopt the IAIS standards of solvency supervision

Maintain dialogue with regulators and member insurers to gain better understanding of marketplace (for example, through anecdotal evidence)


Loss of accumulated

liquidation expertise

Ageing/pending retirement of the most experienced licensed trustees in bankruptcy who have hands-on experience liquidating P&C insurance companies

This reduces the ability of firms to assemble, on short notice, a full team of qualified professionals

A sustained period of good financial health in the P&C insurance industry, diminishing opportunities to train successors

PACICC’s concerns have been communicated to insurance supervisors and to the leading firms that provide insurance company liquidation services

PACICC’s ability to mitigate this risk is limited. Although the estimated financial impact in a single calendar year may be modest, we consider the likelihood of occurrence to be “medium” (meaning the risk could occur within five years – especially in the event of a member insolvency)

Medium Medium

Post to Risk Profile – major risk

Post to Risk Profile – significant risk

Maintained on Risk Register

New risk

13

Section 2: Other Identified Risks (not considered major or significant)

Risk No



Impact Likelihood


Failure of member to

pay assessment

obligations

Poor internal administration processes by Members can lead to non- or late payment

Members may experience cash flow problems

Some Members may not understand their payment obligations

Deliberate non-payment due to disagreement or dissatisfaction

Member assessments are mandatory once approved by the Board of Directors, and are due within 30 days of receipt

PACICC can charge interest on overdue assessments (we have done so, but rarely)

To maintain licensing, member companies are required under provincial legislation to meet the requirements of PACICC

PACICC notifies the responsible regulator of any assessments that are substantially overdue (by more than three months)

The existing rules (as specified in the Memorandum of Operation) are working reasonably well, so no special or additional risk management actions are needed at this time

Very Low Low


Liquidity crisis

adversely affects

Canada’s P&C

insurance industry

Risks related to new and largely unregulated financial products are poorly developed and can increase to the point where large unexpected or unintended losses are incurred

Capital held by insurers in the form of invested assets declines in value

Monitoring the financial health of PACICC member companies (where we have adequate data)

Monitoring efforts by policymakers and solvency regulators to address the underlying causes of a credit crisis

Advising member company CEOs to proactively manage

Low Low

14

Risk No



Impact Likelihood

Liquidity crisis reduces available credit, dampens economic activity and increases the risk of recession

credit/liquidity/market risks and communicate concerns to solvency supervisors


Risk to PACICC’s

investment portfolio of

higher rates of

inflation

Downturn in financial markets

Poor investment choices

Ratings downgrade(s) of held investments

PACICC regularly (annually) reviews its investment policy

PACICC uses a professional investment manager

Low

Low


Significant property or

liability loss in excess

of insurance coverage

Fire or explosion in our building/ work location

Break-in involving theft or vandalism on premises

Loss of laptops

For alleged improper actions by PACICC’s Directors or Officers, liability claims could be made for breach of duty or conflict of interest. PACICC insurance coverage includes D&O

Annual review of insurance policies and limits

PACICC’s By-laws provide that member funding can be called upon in the unlikely event that financial liability exceeded the Corporation’s D&O insurance policy limit (Section XVII, paragraph 52. (2))

Low

Low


Operating

requirements exceed

budget

An unanticipated large capital or operating expenditure, such as IT or premises costs

Structural accounting or funding changes in budget requirements can result in short-term adjustments (for example, the Board’s decision to pay investment management fees from the annual operating budget rather than from the Compensation Fund)

Operating Fund surplus (approx. $1.5 million) can, with Board approval, fund a short-term budget deficit without asking members to pay more

Low Low

15

Risk No



Impact Likelihood


Greater use of

unlicensed

reinsurance in Canada

PACICC’s experience with insurance liquidations shows that unlicensed reinsurance is difficult to collect for an insolvent insurer. Two factors contribute to this risk:

unlicensed reinsurers operate outside of Canada and are not subject to Canadian insurance regulation; and

it is less likely that an unlicensed reinsurance contract would contain an insolvency clause

OSFI Guideline B-3 has changed the rules respecting limits on unlicensed reinsurance in Canada, removing the 25 percent limit, potentially allowing insurers to utilize more unlicensed reinsurance – provided they can justify a higher share in the Reinsurance Risk Management Plans (RRMP’s) they submit to OSFI

Thus far, there appears to be no significant increase in the use of unlicensed reinsurance by P&C insurance companies in Canada

Monitoring market trends to track changes in the share of unlicensed reinsurance

Maintaining a dialogue with OSFI regarding changes in the share of unlicensed reinsurance and the potential risks this could pose

Low

Low


Government decision

to tax PACICC’s

investment income

(Currently exempt

from income tax as

non-profit)

Existing policies could be “reinterpreted” by the Canada Revenue Agency to question the tax-free status of PACICC’s Compensation Fund

CRA is conducting audits of non-profit corporations to ensure that those so designated are not engaging in activities intended to earn a profit

Maintain a good understanding of the tax treatment of guarantee funds in other countries, and work with guarantee fund counterparts in Canada, should PACICC need to counter a tax-related threat

Low Low

16

Risk No



Impact Likelihood


Requirement for all

Board members to be

public directors

Potential for frustration if insurance regulators seek to exert greater control or influence over PACICC (for example, to expand our mandate to address restructuring and wind-up)

Governance at other financial guarantee funds (for example, Assuris) could encourage regulators to seek changes at PACICC

P&C insurance guarantee funds in other countries are governed by a majority of industry directors because this is the best model for our mandate to address the wind-up of failed Member companies

Continuing discussions with interested parties stresses the importance of effective governance consistent with PACICC’s mandate

PACICC strives to demonstrate that its governance is effective and that its Board functions well. These messages are conveyed through regular corporate reporting to members and other stakeholders, as well as meetings with insurance supervisors

Insurance supervisors receive copies of all PACICC Board submissions and are invited to participate in Board meetings

PACICC has a written Board mandate covering a Code of Ethics and Business Practices

Low Low


Loss of key personnel

Senior staff could leave PACICC to accept other employment, for health reasons, etc.

Lack of adequate succession planning by PACICC

Losing depth is potentially a bigger exposure than losing a CEO

Staff could be borrowed short-term from IBC, Assuris, CDIC, and/or member companies

Documented procedures

A management succession plan is in place, overseen by PACICC’s Governance and Human Resources Committee

Low Low


Significant IT failure

Equipment failure

Computer viruses

Attack by computer hacker

PACICC uses an externally-hosted, secure, internet-based server that provides full back up and recovery for all corporate records. All staff are equipped so they can continue their work offsite when required

Low Low

17

Risk No



Impact Likelihood


Major external event

could interrupt

business

Issues affecting the availability of staff would have an immediate/direct impact on PACICC service delivery to stakeholders (policyholders, Members, regulators, media, etc.)

Possible events include: flu pandemic, terrorist attack, large-scale natural disaster, power black-out, fire and severe weather (ice storm, flood)

Human resources policies and procedures in place are efficient, fair and appropriate

New website enhances PACICC’s ability to communicate information to stakeholders via the Internet

Disaster recovery plan is documented

Ability to work off-site is supported by IT services arrangement; insurance would cover PACICC for most losses; and we have a fire-proof safe for protecting original documents

Citrix software limits data being stored on laptops

Medium Low


Key operations at

PACICC could fall

below best practice

PACICC could fail to gather and analyze information regarding practices utilized by P&C (and other) financial guarantee funds

Funding constraints could create difficulty in maintaining operational effectiveness could become more difficult to obtain

PACICC is undertaking research to gather up-to-date information on key operational practices utilized by P&C insurance guarantee funds in other developed countries

Where possible, management should seek to identify emerging operational pressures or risks as information for PACICC’s Board of Directors

Recent research released by the OECD suggests that increasing “co-insurance” could be an effective practice for guarantee funds to follow. (Yet if PACICC was to adopt this practice for covered claims payments, it would be difficult to avoid reputation damage)

Low Low

18

Risk No



Impact Likelihood


Unauthorized access,

ineffective governance

Fraud

Security breach

Loss of data

Under Review

OSFI has indicated concern and has surveyed the industry

Low

(Preliminary)

Low

(Preliminary)


Rating, underwriting,

claims

Unexpected coverage

Losses greater than expected

Inadequate coverage

Wildfires

Under Review Medium

(Preliminary)

Low

(Preliminary)


Failure of a financial

conglomerate could

lead to unintended

consequences for

insurance consumers

International failure, with Canadian operation, branch or subsidiary

Domestic conglomerate with Life and or Banking affiliates

CDIC (for example) has more extensive powers and administrative options than PACICC (the ability to create a “bridge bank” in the event of a failure)

Under Review Medium

(Preliminary)

Low

(Preliminary)


Key Suppliers

Unanticipated failure could impair PACICC operations in the short-term while alternate arrangements are made (new supplier contracted or new equipment sourced)

Key service areas include: IT supplier, Financial accounting, Investment management, Banking and Legal

PACICC retains established, reputable suppliers with proven experience

Service level agreements are in place (for example, IT)

While the loss of service being provided by a supplier could be disruptive in the short term, management believes that PACICC’s current outsourced service arrangements could be replaced quickly (in most cases within one month)

Low Low

19

Section 3: New and Emerging Risks (Note: highlighted risks are those considered most relevant to PACICC)

Risk No



Impact Likelihood

3-1 Financial Risk – Risk

of correlation to

covered policies

Nuclear risks are

covered by Nuclear

Pool, which includes

PACICC members

Destruction of a nuclear facility in

Canada

Member participates in a series of

nuclear losses

Under Review

(added to Register 3 – 2015)

TBD TBD


Extreme weather and

climate change

Catastrophic insurance damage

claims from wildfire, flood, tornadoes,

etc.

Under Review


TBD TBD


Critical infrastructure

failure

Roads inaccessible to handle claims

Staff unavailable to handle claims

Prolonged power outage

Communications system breakdown

Under Review


TBD TBD


PACICC coverage

limits may prove

inadequate

Price of homes increasing Under Review


TBD TBD

20

Risk No



Impact Likelihood


New insurance

product(s) not covered

by PACICC

Driverless cars

Drones (for commercial use)

Cyber crime coverage

Flood insurance

Under Review


TBD TBD

3-6

(1-1)

Financial Risk –

Insolvency caused by

financial market

instability

Note: new Triggers for

Risk 1-1

Oil price shock

Deflation

Under Review


TBD TBD

3-7

(2-9)

(2-11)

Operational Risk –

Pandemic

Note: new Triggers for

Risks 2-9 and 2-11

Pandemic Under Review


TBD TBD

3-8

(1-4)

Regulatory Risk –

Property rates could be

subject to regulatory

approval

Note: new Trigger for

Risk 1-4

Property rates regulated Under Review


TBD TBD


Increased

requirements for

consumer education

and awareness

Consumers not aware of coverage

Financial Literacy initiatives

Increasing international regulatory

initiatives

Under Review


TBD TBD

21

Appendix: PACICC Risk Management Definitions

Note: The following definitions have been based on the ISO 31000 2009 Plain English Risk Management Dictionary, with minor edits as appropriate for PACICC’s risk management environment.

Risk Risk is the “effect of uncertainty on objectives” and an effect is a positive or negative deviation from what is expected. Organizations strive to reduce uncertainty as much as possible.

Uncertainty is a state or condition that involves a deficiency of information and leads to inadequate or incomplete knowledge or understanding. In the context of risk management, uncertainty exists whenever the knowledge or understanding of an event, consequence, or likelihood is inadequate or incomplete.

Risk management (Enterprise Risk Management – ERM)

Risk management refers to a coordinated set of activities and methods that is used to direct an organization and to control the many risks that can affect its ability to achieve objectives. The term risk management also refers to the architecture that is used to manage risk. This architecture includes risk management principles, the risk management framework and risk management processes.

Risk management framework (Risk Management Statement)

A risk management framework is a set of components that support and sustain risk management throughout an organization. There are two types of components: foundations and organizational arrangements. Foundations include the risk management policy, goals and objectives, mandate, and commitment (Mission and Principles). Organizational arrangements include the plans, relationships, accountabilities, resources, processes and activities used to manage the organization’s risks.

Risk management policy

A risk management policy documents an organization’s commitment to risk management and clarifies its general direction and intention. Components include procedures, practices, controls, responsibilities and activities (including their sequence and timing).

Risk management process

A risk management process is one that systematically applies management policies, procedures, controls and practices to a set of activities intended to establish the context of risks, communicate with stakeholders and identify, analyze, evaluate, treat, monitor and review risks.

To establish the context means to define the external and internal parameters that organizations must consider when they manage risk. External context includes external stakeholders, local, national, and international environment, as well as any external factors

http://www.praxiom.com/iso-31000.htm#4._RISK_MANAGEMENT_FRAMEWORK_

http://www.praxiom.com/iso-31000.htm#5._RISK_MANAGEMENT_PROCESS_

22

that influence its objectives. Key drivers and trends include stakeholder values, perceptions and relationships, as well as social, cultural, political, legal, regulatory, financial, technological, economic, natural, and the competitive environment factors.

Internal context includes its internal stakeholders, the approach to governance, contractual relationships, capabilities, culture and standards. Governance includes the organization’s structure, policies, objectives, roles, accountabilities and decision making process. Capabilities include knowledge and resources; human, technological and capital.

Risk assessment

Risk assessment is a process that is in turn made up of three processes: risk identification, risk analysis and risk evaluation.

Risk identification is a process that is used to find, recognize and describe the risks that could affect the achievement of objectives. It also includes the identification of possible causes and potential consequences. Historical data, theoretical analysis, informed opinions, expert advice and/or stakeholder input could be used to identify an organization’s risks.

Risk analysis is a process that is used to understand the nature, sources and causes of the risks that are identified and used to estimate the level of risk. Analysis is also used to study impacts and consequences and to examine the controls that currently exist.

Risk evaluation is a process that is used to compare risk analysis results with risk appetite in order to determine whether or not a specified level of risk is acceptable or tolerable.

Risk Register (PACICC-defined)

PACICC has compiled a Risk Register of more likely risks applicable to PACICC not meeting its goals and objectives, with a cursory assessment of each. More significant risks are then selected for in-depth review and, if deemed appropriate, escalated to PACICC’s Risk Profile.

Risk Profile (PACICC-defined)

The PACICC Risk Profile is a graphic presentation and written description of the major risks which could significantly and adversely impact PACICC’s ability to meet its goals and objectives. The description includes a comprehensive risk assessment (see definition), ranking of the severity and likelihood (probability) of the risk, a description of consequences, and a description of the treatment (action plan) showing owners and timelines. The Risk Profile includes any risks that the organization must monitor and manage, regardless of type of risk, for example, financial, operational, or reputational.

A consequence is the outcome of an event and has an effect on objectives. A single event can generate a range of consequences which can have both positive and negative effects on goals and objectives. Initial consequences can also escalate through ripple effects.

23

Likelihood (probability) is the chance that something might happen. Likelihood can be defined, determined, or measured objectively or subjectively and can be expressed either qualitatively or quantitatively.

The severity of a risk is its magnitude. It is estimated by considering and combining consequences and likelihoods. The severity of risk can be assigned to a single risk or to a combination of risks. Severity is described as Level of risk per ISO 39000

Risk treatment is a risk modification process. It involves selecting and implementing one or more treatment options, e.g. avoiding the risk, reducing the risk, removing the source of the risk, modifying the consequences, changing the probabilities, sharing the risk with others, or simply retaining the risk.

Risk appetite (PACICC defined, with adaption / modification of ISO definitions of Risk Attitude and Risk Criteria)

Risk appetite is a point of reference used to assess and evaluate the significance or importance of an organization’s risks. It is used to determine whether a specified level of risk is acceptable or tolerable. An organization’s risk appetite also defines its general approach to risk, for example, whether risks should be retained, shared, reduced or avoided, and whether or not risk treatments are implemented or postponed.

Residual risk

Residual risk is the risk left over by determining the inherent risk of an activity, then reducing the risk based on the organization’s governance and control processes, and specific risk-mitigation measures.

The key objective in monitoring risks on the Risk Profile is to ensure implementation treatments (action plans) serve to reduce residual risk. Mitigation strategies include removing the source of the risk, modifying the consequences, changing the probabilities, transferring the risk or retaining the risk.

Documents

Risk Management Report - PACICC Plan.pdf · P&C liquidation expertise1 has “retired” (or will soon) High Financial Risk 1-2 Insolvency cost exceeds annual assessment capacity