Contingencies Online - July/August 2009

The Future of Enterprise Risk Management continued

■■ As insurers look back at their recent performance, it will also be critical to determine how embedded and effective risk management actually was in decision-making and performance measurement.

Reassuring the Rating agencies

The industry is now in a period of reassessment and, at many companies, self-assessment. There is much to examine, both about the recent bullish appetite for and the underestima-tion of market risk. There also must be a review of established ERM practices and specific aspects of risk governance, analysis, transparency, and disclosure.

Both life and property/casualty insurers today are tuning in more intently than ever to rating agency views about the recent past and short- to mid-term future. The two sectors have felt different impacts from the financial crisis. Life company balance sheets have been affected more substantially, and to ensure their survival, life companies are alert to rating agency expectations about capital positions and the risk levels of various product and investment portfolios. Because their investment portfolios tend to be shorter term and more conservative, property/casualty companies were generally not as exposed to the crisis, but they are nevertheless concerned about rating agency assessments and performance forecasts.

The rating agencies are taking a particularly tough stance. They are emphatic about wanting to look hard and deep at the assumptions and models companies were working with and at the models they plan to work with in the future. They are placing greater emphasis on scenarios, stress-testing, and using multiple views of risk to triangulate on necessary capital levels, and are focusing, along with state regulators, on reserve levels and liquidity testing. There’s a particularly strong interest in how companies will manage future market volatility, including market dislocations or Black Swan events. Insurers are now expected to update the agencies on how their assumptions and models have changed and the impact those changes will have on running their businesses.

Regulators are also looking at risk management practices in the context of capital adequacy standards and companies’ ability to remain solvent under extreme circumstances. Even after the initial, much-publicized phase of capital adequacy stress-testing for banks and other financial institutions is complete, higher capital requirements, greater transparency, and disclosure of risk-related issues will be de rigueur.

The market is not only experiencing the raising of the rating bar; the views of rating agencies will also carry more weight than ever, particularly as they look at potential performance under extreme conditions. In turn, ratings will weigh more heavily in companies’ access to and cost of capital as well as their investor appeal.

In the wake of inevitable calls for reforms and more disciplined risk governance and management practices, it will be important to be alert to the potential impacts of procyclicality. There’s the

44 CONTINGENCIES JUL/AUG.09

temptation to set much higher, more stringent standards in reaction to the bottom of the economic cycle rather than to look across the entire cycle. This creates the potential for exacerbating the global credit squeeze and systemic dysfunctionality. While new capital requirements will inevitably be influenced by the behaviors of the recent past, these requirements could perpetuate continued volatility, poor financial performance, and further downgrades.

All stakeholders have an understandable interest in insisting that financial services firms build a stronger capital base. The entire system and individual companies must have greater insulation from future financial shocks and imbalances. There are certainly risks in both excessively procyclical and countercyclical strategies, but no one is arguing for maintaining the status quo. Now’s the time for dialogue and consensus about the appropriate type and severity of changes in regulation, public policy, and ratings criteria.

lessons learned

One immediate, obvious outcome of the credit crisis and equity-market volatility is heightened public awareness of and emphasis on risk management.

As the rating agencies update their views of specific companies and reset their ratings (these days, more often lower than higher), there are concerns about the effectiveness of future risk management. Insurers will call upon their actuarial departments to play a larger role in formulating the response to the call for better risk management, answering questions such as: ■■ Does the company have a credible handle on its approach to protecting its capital adequacy? How much can it lose? How much will it take to recover? Will its business strategies allow it to recover?

■■ Is the company applying rigorous stress-based financial testing and forecasting, particularly for trigger events that could quickly affect liquidity and capital?

■■ Are a company’s compensation structures now designed for credible risk-adjusted performance measurement and compensation? Do evaluation criteria stress rewarding desired behavior rather than punishing undesirable behavior? Is performance looked at and measured holistically?

■■ Is there alignment of communications across the company’s management levels—from actuarial staff to the board of directors—and within business units so that the insurer’s risks are both understood and incorporated into business decisions?

These are hard questions. But hard questions are good questions if they stimulate discussion and recommitment to building on what went right and correcting what went wrong with risk management during the recent crisis. It’s worth noting that thus far in the industry’s retrospection, there’s little evidence that risk management policies, procedures, and models were fundamentally flawed. Rather, most questions concern the degree and efficacy of risk management’s integration into business decision-making, performance criteria, and the company’s mind-set and culture.