simultaneous extreme scenarios, such as a
catastrophic event concurrent with significant market declines.
There must also be increased integration and meaningful use of risk, liquidity, and capital measures in insurers’
The Future of Enterprise Risk Management continued
Back to the Future
As in most post-crisis periods, there’s a sense in the industry
today of getting back to basics:
■■ Ensuring that there’s a stronger emphasis and improved focus on running a company based on an articulated risk appetite,
tolerances, and limits;
Balance financial risk management with
structural risk management. Spurred by
rising markets, the industry took a significant
move toward financial risk management, developing portfolios focused on maximizing
return but losing sight of liquidity and managing through measures of risk that didn’t
work in times of stress. There will be a period of rebalancing, with more emphasis
on structural risk management, where
risks are offset more naturally. Financial
risk management will still have a role but
only after companies have tried structural
risk management and have invested the
time necessary to understand the potential impact of financial risk management
on capital and liquidity.
■■ Relearning the truth that capital is important but liquidity
is king—liquidity, solvency, capital, and risk are the pillars of a
company’s reputation, ratings, and stock performance;
■■ Recognizing that complexity is unavoidable and must be
prudently managed and that simplicity is a virtue—even the
most complex measurements and modeling will not be effective if insurers don’t make unambiguous decisions based on
their risk appetite;
■■ Utilizing rigorous stress testing to understand and prepare for
potential hazards —models and statistics can help measure many
possible events, but as we’ve recently experienced, understanding the stresses in the tail of the distribution can be critical;
■■ Studying and preparing for the impact of a single major risk
event is essential, but real value comes from understanding the
interaction of multiple risk events occurring simultaneously;
■■ Analyzing the interaction between exposures and potential
events to understand what may occur—risk processes shouldn’t
just look backward but also forward to the next event.
Redefine roles and accountability. The
lessons learned from the financial crisis must drive a reassessment of how a
company’s risk management is connected
with management accountability, responsibility, transparency,
and incentive compensation. Rating agencies and regulators
will ask hard questions about whether chief risk officers have
a tangible ability to influence key decisions. They will ask if
a firm’s risk and capital levels are consistent with its risk
Insurers need to consider candidly their risk management—at
ownership, in accountability for risk throughout their operations,
and ultimately most critical, at the enterprise level. They have to
distinguish between lip service to the ideals of risk governance
and effective, day-to-day tangible risk management. Candor must
also extend to conversations about whether boards have positioned their companies’ CROs to succeed. This process is about
roles and responsibilities, empowerment, and effective measurement and management of risk—yesterday, today, and tomorrow.
Risk leadership and ownership at many companies are still diffused across management ranks. Executives own certain risks at
the same time that they are responsible for monitoring or governing those risks. Compensation is often linked to growth and earnings and is frequently not linked explicitly enough to risk-adjusted
performance objectives and results. This system ultimately weakens, and can even significantly compromise, ERM effectiveness.
For the actuarial profession, now is the time—and the opportunity—to look at its intrinsic ownership stake and performance
in companies’ risk management processes. Is improvement
needed in basic methodologies as well as testing and modeling? Is even more improvement needed in how actuaries communicate their results and analysis to management? It’s a certainty that actuaries can do more things better and differently
to help their companies anticipate, prepare for, and navigate
future waves of volatility and extreme events.
Embed ERM into company culture. Companies still face the
challenge of making sure their employee base understands that
strong ERM must be considered just as important as strong
revenue and profit performance. ERM cannot be just a top-down “policing” control or audit function. Risk management—
in spirit and letter—must be embedded into an organization’s
culture. It must be an intrinsic component of business planning,
business case analytics, pricing, and business-unit capital allocation, and return-on-capital measurement.
ROBB LUCK is an executive in the Insurance and Actuarial
Advisory Services practice of Ernst & Young’s Financial Services
Office. A fellow of the Casualty Actuarial Society and a member
of the Academy, he is based in Chicago and can be reached
at 312-879-6497 or at email@example.com. CHRIS KAROW is a
partner in the Financial Services Office of Ernst & Young LLP.
Chris is based in New York City and can be reached at
212-773-4745 or firstname.lastname@example.org.
This article is solely the opinion of its authors. It does not express the official
policy of the American Academy of Actuaries; nor does it necessarily reflect
the opinions of the Academy’s individual officers, members, or staff.
6/26/09 11:15:17 AM