Enterprise Risk Management

1.1. INTRODUCTION

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

A survey conducted by Aon 2009 Global Risk Management (Aon, 2009) revealed that there is a growing need to manage risk on an enterprise-wide basis due to the increasing complexity of uncertainty for organizations. Risks are more complex, difficult to control, carry a higher degree of unpredictability and impact the entire enterprise far more than ever before. According to the survey, the implementation of a pro-active and more holistic approach to managing the effects of uncertainty on objectives has become a necessity for staying in business.

According to Casualty Actuarial Society CAS, in a paper by Cary Schneider published in 2011 Enterprise Risk Management Offers New Opportunities for Insurers to Develop New Risk Transfer Products, risks are being considered as a source of opportunity for value creation and not something to be minimized or avoided. The risk is not fully avoidable but knowing how to assess it is a way to gain competitive edge.

Companies have demonstrated a growing concern with the need for risk management, considering the recent financial scandals and financial crisis involving the financial services industry. Thus, it is possible to note that risk management is a very present issue and has been the agenda of many debates.

International regulators, such as the Basel Committee on Banking Supervision (BCBS) have a primary duty to produce recommendations to increase the soundness of national banking systems and, as a consequence, to stringent an overall world financial sector stability.

Developed by the BCBS, Basel III is a comprehensive set of reform measures, to strengthen the regulation, supervision and risk management of the banking sector. With its full implementation by 2019, Basel III requires banks to satisfy precisely defined qualitative standards for risk management. (McKinsey Working Papers on Risk, Number 26, November 2010).

The specific objective of Basel III is to take into account the impact of operating risk management on value creation capacity, thereby allowing enterprises to anticipate and cover counterparty risk (i.e., the risk when the counterparty of a transaction fails to meet its obligations or when it might be incapable of meeting the obligations before the fulfillment of a transaction).

To avoid providing false estimations to meet minimum solvency capital and liquidity requirements, financial reporting should be based on the interaction of two poles of data processing. On the one hand, counterparty credit risk (CCR) data should help reduce uncertainty on the value creation objectives of the enterprises business model. This is in conformance with ISO 31000:2009 (risk management); International Accounting Standard (IAS); and the US Statement of Financial Accounting Standards (SFAS) 95, 102 and 104 (cash flow statement), thereby enabling the business to acquire or maintain its credit lines. On the other hand, investment companies, banks, insurance companies and financial analysts need to provide justification to prudential regulators of the origin and traceability of their CCR management data and, consequently, the reliability of their calculations for credit value adjustment (CVA) and forward-looking funding ratios (i.e., probability of default, CCR coverage and stress test of capital adequacy). (The Value in Using IT-directed Investor Relationship Management , Frank Bezzina, Ph.D., Pascal Lele, Ph.D., Ronald Zhao, Ph.D., Simon Grima, Ph.D., Robert W. Klein, Ph.D. and Martin Hellmich, Ph.D.)

The nature of insurance activity - covering risks for the economy, financial and corporate undertakings and households - has both differences and similarities when compared to the other financial sectors. Insurance, unlike most financial products, is characterised by the reversal of the production cycle insofar as premiums are collected when the contract is entered into and claims arise only if a specified event occurs.

The EU insurance regulation is on track to implement Solvency II by 1 January 2016; One of the main aims of Solvency II is to increase the protection for policyholders and to avoid any market disruption in the insurance sector (Caruana, 2011). Thus, Solvency II requires companies to understand the risks that are present in the company so that they can allocate enough capital in order to cover those risks.

As part of Solvency II preparatory guidelines published by The European Insurance and Occupational Pensions Authority (EIOPA), highlights that regulators should put in place the guidelines to be used to perform a forward looking view on the risks to which insurance and reinsurance undertakings are exposed. For this, it is expected that insurance and reinsurance undertakings actively prepare and begin the implementation of the forward looking assessment of the companys own risks (KPMG, 2013).

EIOPA defines Forward Looking Assessment of Own Risks (FLAOR):

Article 45 of Solvency II requires the undertaking to perform a regular forward looking assessment of the undertakings own risks as part of the risk-management system. The main purpose of the forward looking assessment of the undertakings own risks is to ensure that the undertaking engages in the process of assessing all the risks inherent to its business and determines the corresponding capital needs. To achieve this, an undertaking needs adequate and robust processes to assess, monitor and measure its risks and overall solvency needs, and also to ensure that the output from the assessment forms an important part of the decision making processes of the undertaking. Conducting an assessment of the overall solvency needs properly involves input from across the whole undertaking. The forward looking assessment of the undertakings own risks is not complied with by producing only a report or by filling templates. ( C.f. EIOPA/13/414, Section II, 5.1)

Within the Solvency II pillars, it is Own Risk and Solvency Assessment, the ORSA. Firms need to define how they create value for the various stakeholders, to embed their Enterprise Risk Management framework into their governance and decision making process and demonstrate that the Enterprise Risk Management framework is appropriate to the nature, scale and complexity of the risks within their business. (KPMG, 2013)

ORSA is part of a strategic analysis process cycle which links together all pillars of Solvency II, the outputs of risk, capital and strategic planning, to advise the Board on the continuous sound operation of the firm, the current and future capital requirements from the standard formula/internal model, based on the business strategy, risk appetite and external environment. The ORSA therefore, requires a joined up approach across the company KPMG (2013).

In a note published in June 2015, The European Commission has adopted its first third country equivalence decisions under Solvency II. Australia, together with five other third countries, has been granted 10 years of equivalence decision. The decision covers solvency calculation.

There are three distinct areas for equivalence evaluation of third countries under Solvency II, Solvency Calculation is one area that concerns Australia:

Solvency calculation (article 227 of Solvency II): This is of relevance to EU insurers operating in a third country. If an EU insurer is active in a third country which is deemed equivalent, it can carry out its EU prudential reporting for a subsidiary in that third country under the rules of the third country, instead of Solvency II rules. (European Commission, MEMO IP/15/5126)

These decisions now need to pass to the European Parliament and the Council for scrutiny, for which the time limit is three months, with possible extension by a further three months. Publication in the EU Official Journal and entry into force will only take place after successful completion of Parliament and Council scrutiny. (European Commission, MEMO IP/15/5126)

Equivalence is one important consideration in structuring decisions. Separately, a number of groups are looking to move to a branch structure to ease movement of capital around the business. Some are also reviewing their domicile as they seek a base where regulation is aligned to their strategy and avoid the potential traps from non-equivalence. Further considerations include buying reinsurance from non-equivalent jurisdictions and how equivalence affect acquisition decisions.

Looking ahead, equivalence will provide a further catalyst for regulatory harmonisation worldwide, which may eventually allow groups to apply similar capital rules across all their operating territories. Key areas of focus on the IAIS convergence agenda include group supervision and the own risk and solvency assessment (ORSA). (PWC, 2015)

The problem facing risk management professionals is a lack of research upon which to base their activities, a general lack of a model that approximates the risk management realities of the field to the current requirements by international regulators. The research presented here provides a structure for better understanding the new dimensions of risk measurement and management performed by the banks and insurance industry.

Hence, the central concern of the research project, upon which this thesis reports, is to investigate the current state of risk management practices of EU and Non EU based in Malta insurers. This is in comparison with EU insurers operating in Australia and on the domestic level of risk management practices taking into account the adoption of the Basel risk-based capital standards in Malta. In addition develop, from existing knowledge and relevant frameworks, a practical model for use by risk management professionals.

1.1.1. BACKGROUND TO THE STUDY

The insurance sector has been immersed in a permanent updating process, fostering the changes needed to adapt both to the new economic environments and to the growing levels of safety, transparency and effectiveness which are increasingly being demanded by financial markets and citizens. Their frequent uncertainty necessarily leads supervisors and companies to look for higher levels of safety through new approaches to solvency, supervision and risk management procedures (Claudio Fernandez, 2014).

During the past years, boards and top management teams at insurance companies globally have given increased attention to enterprise risk management (ERM). The drive to implement more effective ERM is a response to greater regulatory scrutiny, more challenging rating agency standards and investor concerns about volatile macroeconomic conditions.

An ERM framework cannot overcome the detrimental effects of poorly underwritten business, high costs or investments that excessively expose the capital base; however, it can play a critical role in reinforcing risk awareness and provide the practical tools and processes to embed risk-conscious behavior in everyday decisions. Evidence suggests that organizations can create significant value by applying ERM practices, especially during market downturns (McKinsey&Company, 2014).

The Committee of Sponsoring Organizations of the Treadway Commission (2004b) defines ERM as follows:

Enterprise risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.(p. 4)

Enterprise Risk Management has emerged to distinguish itself as a key contributor to the success of the modern-day enterprise from those approaches that merely address Governance or Compliance. Enterprise Risk Management should link everything from strategy, operations, markets and shareholder value to legal, compliance, board o...