Post on 08-Jun-2020
The Changing Risk Landscape Delfin Viloria Willis Towers Watson Risk & Analytics, Strategic Risk Consulting
Enterprise Risk Management
© [2018] Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
The Risk Environment is Changing
2 © 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Source: The State of Risk Oversight: An Overview of Enterprise Risk Management Processes. AICPA_ERM_INITIATIVE_Research_Study_2017 theres-no-reward-without-risk-EYs-global-governance-risk-and-compliance-survey-2015
About 70%of large organizations, public companies, and financial services entities perceive the volume and complexities of risks have increased "mostly" or "extensively" in past 5 years
85% of respondents indicated opportunity exists to further improve the linkage between risk and business performance.
25% of full sample describes their risk management processes as "mature" or "robust", with large organizations, public
companies, and financial services entities having more mature processes (but less than 50% are "mature" or "robust")
The Risk Environment is Changing
3
Macro trends: Increasing business complexity leading to increasing risk complexity
Lower tolerance for business failures & increasing blame culture
Risk mitigation is struggling to keep up with the pace of business change
Global and systemic risks appear to be increasingly interconnected and worsening, e.g. terrorism, mortgage lending, climate change, pandemics, natural perils …
Leading to: Increased focus on detailed understanding of risk exposures
More attention paid to risk management from rating agencies, capital providers, regulators and governments
Greater need for transparency, articulation and execution of risk management strategy
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Risk Management Framework
4 © 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
WTW Risk Maturity Assessment WTW RAPIDSM Risk Assessment Process
© 2018 Willis Towers Watson. All rights reserved.
Case Study – WTW Risk Maturity Assessment
6
Advanced framework to assess clients’ risk maturity against recognised industry standards (ISO31000 and COSO II)
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
…Overall WTW has provided us with a structured and operational process for
ongoing risk management implementation that is also
easily integrated into existing management processes. The whole process was efficiently and unobtrusively run for us
by WTW, and the deliverables were well
received by the Executive Committee, who endorsed our new Risk Policy and
other documents with their full support for continued
implementation...
Soo Hak Chung, Oil & Gas Division, Daewoo International
Enterprise Risk Management Maturity Assessment Tool
Framework Elements Basic Average Advanced World Class Priority Timeframe
(Months)Resources Basic Average Advanced World Class
1 Stakeholder Management Low 0 to 3 Low
2 Risk Culture Medium 12 + Low
3 Risk Appetite Low 6 to 12 Low
4 Group Strategy Low 12 + Medium
5 Risk Governance and Policies High 6 to 12 Medium
6 Risk Identification and Quantification Low 12 + Medium
7 Risk Articulation, Treatment and Improvement High 12 + Medium
8 People and risk based reward Medium 6 to 12 Medium
9 Monitoring Low 12 + Low
10 Infrastructure and Technology Medium 6 to 12 High
Targeted StatusImprovement PlanningCurrent Status
Priority Sort Timeframe SortCurrent Status
Reset Order
Resource
Case Study – WTW RAPIDSM Risk Assessment Process
7
WTW Risk Profile Diagnostic Tool - Example Risk Articulation
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
“We engaged Willis to help us understand and improve the
strategic, financial and operational enterprise risks of
some of our key energy facilities. The Willis SRC team
provided valuable new risk insights and their structured
consulting processes enabled our local and international functional leaders to work
together efficiently and effectively.”
Miguel Luque, Director of Insurance, Repsol
willistowerswatson.com
WTW RAPIDSM Risk Assessment Process
8 © 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Risk No.
Before
2 4
Risk Number1
1 : Unable to Attract Qualified Personnel Risk Scores Impact Likelihood GRSBefore Improvement 4 4 16
After Improvement 3 3 9
Triggers
Unable to attract qualified, specialized personnel in multiple critical positions for 12+ months 5
Underlyng Vulnerabilities
Local area and pay scale; Specialized nature of work; High standards of excellence; Aging workforce; Lack of budgetary agility; HR department understaffed & resources diverted
Like
lihoo
d
4
After
2
3 5
1
Consequences
Lack of leadership and direction; Increased work burden; Decreased employee morale; Further difficulty in recruiting; Higher turnover; Reputational impact; Unable to accomplish goals and objectives of Strategic Plan
Current Controls
HR programs to retain talent; Monitoring of key metrics by HR; Attractive recruitment packages compared to competitors; Outside professional services
1
3
ImpactRisk Name Category
Unable to Attract Qualified Personnel Human CapitalAction Measure of Success Allocated to Delivery
Beth 31-Dec-2015
Evaluate vendors for Talent Management System consolidation
Talent Management System consolidated under a single vendor Beth 31-Dec-2015
Demonstrate additional staffing needs Perform time study on utilization of resources and present conclusions on staffing needs to Senior Execs.
Steve 30-Jun-2015
Evaluate Compensation Program Provide recommendations on improvements Jim 31-Jul-2015
Develop and deploy a marketing and PR strategy for Local area
Develop and deploy a marketing and PR strategy for Local area
1
2 3 2
2 1
5 3
0
1
2
3
4
5
6
0 1 2 3 4 5 6
Like
lihoo
d
Impact
Risk Distribution With Current Controls
Risk Register
Risk Distribution (before and after)
Risk Matrix and Improvement
plans
Risk Appetite and Risk Tolerance
© 2018 Willis Towers Watson. All rights reserved.
Case Study – Risk Appetite and Risk Tolerance
10 © 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Group
Compliance Strategic Reporting Operational Risk Type Risk Registers or subjective allocation
Domestic Operation
Overseas Operation OpCo C OpCo A OpCo B Business
Unit Management account
reports KPI choices
Risk Event
Deep-dive analysis
Risk 1 Risk 2 Risk 3 Risk …
Uninsured
Insured
Uninsured
Insured
Uninsured
Insured
Uninsured
Insured
Insurable & Uninsurable
Events
Risk registers, Actuarial modelling or
Scenarios
Actuarial modelling, or other input to develop
assumptions
…The Risk Tolerance analysis gave us input for the senior
management discussion on how much risk we can and how much risk we will take as a company.
This was then cascaded into: low, medium, high and catastrophic
impact criteria used for our annual risk profile workshops on Group
and BU level. In this case we linked the impact criteria to our key performance indicators –
Equity, Ecology and Economy - as well…
Risk and Insurance Manager
Corporate Crisis Events
11
Drop in share price greater than 20% in 20 working day period
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
20%
30%
40%
50%
60%
70%
80%
90%
100%
95 97 99 01 03 05 07 09 11 13 15 17
Und
erpe
rfor
man
ce in
Cor
pora
te V
alue
(%)
S&P 500 LatAm Natural Resource Companies
Corporate Crisis Events
12
On average, major corporations face crises every eight years
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
2,400 events suffered by 1,100 of the worlds largest companies in the last 20 years
Member companies of the S&P 500, FTSE100 and Stoxx 600 Data from Bloomberg Finance L.P. enriched with analysis by Willis Towers Watson
20%
30%
40%
50%
60%
70%
80%
90%
100%
95 97 99 01 03 05 07 09 11 13 15 17
Und
erpe
rfor
man
ce in
Cor
pora
te V
alue
(%)
S&P 500 LatAm Natural Resource Companies
20%
30%
40%
50%
60%
70%
80%
90%
100%
95 97 99 01 03 05 07 09 11 13 15 17
Und
erpe
rfor
man
ce in
Cor
pora
te V
alue
(%)
S&P 500 LatAm Natural Resource Companies
Events Suffered by Large Energy and Natural Resources Companies in Latam
13
114 events since 1995
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Hochschild – Sept 2013 Likely related to inclusion on list of new additions to a NYSE gold miners index, which investors bought and later sold off after exclusion from the final list
Petrobras – Jan 2016 Likely related to corruption scandals and company selling of assets to reduce its debt level
Ocean Rig – Feb 2016 Likely due to breach of obligations from Premier Oil under the drilling contract for the Eirik Raude
YPF – Mar 2009 Likely related to limited flexibility to react during Economic Crisis
Publicly listed Latam Energy or Metal and Mining companies with a market cap >USD1bn Data from Bloomberg Finance L.P. enriched with analysis by Willis Towers Watson
Case Study – Defining and Allocating Risk Appetite and Tolerance
14
WTW Risk Tolerance Clarified – What would be a Crisis for your Organisation?
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Banking covenants
Liquidity / debt
Credit rating
Analysts
Auditors
Risk types can be used to allocate the group’s risk appetite, allowing for the effects of diversification
$37,050,000
$12,350,000
$6,175,000
$6,175,000
Allocation of Risk Appetite across Risk Types Operational Strategic Reporting Compliance
Case Study – Defining and Allocating Risk Appetite and Tolerance
15
Allocation to Risk Type
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Diversification allows us to assign a total of $61.75m
Group risk appetite is
$40m
$6,840,000
$27,360,000
Risk Split Between Insurable and Uninsurable
Insurable Uninsurable
$28,200,000
$8,146,667
$5,640,000
$21,933,333
Allocation of Operational Risk across Divisions
BU 1 BU 2 BU 3 BU 4
Case Study – Defining and Allocating Risk Appetite and Tolerance
16
Allocation to Uninsurable and Insurable Risks
Risk tolerances can then be split between into uninsured and insured
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Diversification allows an allocation of $34.2m
BU’s operational
risk tolerance, $28.2m
Case Study – Defining and Allocating Risk Appetite and Tolerance
17
Allocation to Insurable Class of Risk
This can be split again into the classes of insurance that are relevant for the business unit and type of risk
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
$6,520,000
$1,862,857
$931,429
Allocation of Insurable Risk across Risk Lines
PDBI Liability Other
$6,840,000
$27,360,000
Risk Split Between Insurable and Uninsurable
Insurable Uninsurable
Diversification allows for allocation of $9.3m
BU’s insurable
operational risk, $6.8m
Risk Retention and Transfer Optimisation
© 2018 Willis Towers Watson. All rights reserved.
Case Study – Quantification and Optimization of an Insurable Risk
19 © 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Captive
$4m EEL & $8m AAD
Reinsurers
$500m Limit
Business Unit
Retention $100k per loss
Current Captive Premium: $5.2m
All monetary amounts in USD
millions
Estimated Captive Transfer Premium
Estimated actuarial pricing is calculated as the cost to captive (expected annual claims $4.34m) plus a volatility loading Current Captive premium of $5.2m is
slightly higher than $4.58m suggested by the actuarial model
Extreme Losses “1 in 200”
0.5% probability that total losses could exceed $43.90m
Insurance Limit
Probability of the limit being breached is less than 1 in 1,000 years
Value for money of insurance
insurer’s expected annual claims forecast as $1.2m
Deductibles and Aggregates
$8m stop loss aggregate activated 1 year in 10
Return Period (Years)
Percentile Total Loss
Total Number
Retained within BU
Retained within
Captive
Ceded to Reinsurers
Exceeding Limit
1 in 2 50% 6.68 80 2.50 4.04 - - 1 in 4 75% 10.17 113 3.55 6.43 - -
1 in 10 90% 14.35 152 4.74 8.00 2.06 - 1 in 20 95% 17.91 178 5.60 8.00 5.03 - 1 in 100 99% 29.07 237 7.47 8.00 15.73 - 1 in 200 99.5% 43.90 259 8.18 8.00 33.38 - 1 in 1000 99.9% 164.19 313 9.82 8.00 153.08 -
Mean 8.41 88 2.74 4.34 1.20 0.13 Std Dev 20.78 47.9 1.51 2.40 10.74 12.73
Actuarial Premium Estimate 4.58 1.88
Gross Losses Losses Modelled under Current Programme “Willis’ Strategic Risk Consulting team worked with our finance, risk
and insurance functions to help PEMEX optimize the risks of our
upstream and downstream exposures, with due regard to the
wider business environment in which we operate and facing the Energy Reform in Mexico. Their
team provided important new insights, demonstrating the value of an analytical approach to risk
assessment and risk finance strategy. The agreed deliverables for this complex consultancy were all provided with high quality and
according to our required timescales.”
David Ruelas Rodríguez, Managing Director Risk Management & Insurance, Corporate Finance Office, PEMEX
Case Study – Quantification and Optimization of a NON Insurable Risk
20
LossPIQSM
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
$1,000 $10,000 $100,000 $1,000,000 $10,000,000 $100,000,000 $1,000,000,000
CO
NFI
DE
NC
E L
EV
EL
TOTAL EXPECTED AGGREGATE LOSSES (UNDISCOUNTED) - Logarithmic Scale
CYBER RISKS BY TYPE AND IN TOTALLOSS DISTRIBUTION CURVE AT VARIOUS CONFIDENCE LEVELS
Abuse of authorized network access Targeted attacks Crimeware Cyber espionage Other Total
Model Output - Total Gross
Return Period (Years)
Percentile Expected Loss (€m)
1 in 2 50% 5.8 1 in 4 75% 13.7 1 in 5 80% 17.2 1 in 10 90% 30.7 1 in 20 95% 44.4 1 in 50 98% 59.5
1 in 100 99% 72.4 1 in 200 99.5% 82.8 1 in 500 99.8% 94.9 1 in 1000 99.9% 103.6
Mean 11.3 Std Dev 15.2
Reasonably likely: 1 in 10 years
Remote scenario: 0.5% probability that
losses are of this magnitude
Long-term weighted average:
Starting point for Transfer/mitigation
costs
“Like many others, our organization has identified the need to develop a
deeper understanding of our vulnerability to cyber risks, and how we can manage and insure them. Using their unique Cyber LossPIQ process, Willis Towers Watson not only brought us the latest available industry research (as long as we have our knowledge), but also
helped us to harness the combined knowledge of our IT, financial,
operational and risk resources...”
Tommaso Masarucci E., Jefe del departamento de Financiación de Riesgos (PFR), ECOPETROL
Case Study – WTW “Risk Optimizer”
21
The Efficiency Frontier reveals the options that optimize the Retention / Cost equation
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
"Willis conducted a Risk Optimization for CBRE to
determine whether efficiency in the insurance programs could be
achieved. CBRE implemented strategies recommended to get to the efficient frontier, such as
buying more limit on some classes and removing primary
covers on others. The optimizer also demonstrated the value on
the existing insurance arrangements…"
Tim Bunt | Senior Vice President & Chief Risk Officer CBRE | Global Risk Management
Auto
Worker’s Comp
GL
EPLI
Cyber
8.435
21.012
29.447
28.837
8.825
22.067
30.892
20.096
8.698
20.256
28.954
25.367
1 45 0.975
10 50 0.856
0.500 20 1.257
0.250 5 3.135
0.100 20 2.212
0.500 45 1.157
5 50 0.978
0.500 15 1.167
0.500 10 2.955
0.100 25 2.568
0.250 45 1.231
5 50 0.978
0.500 10 1.125
1 10 2.575
0.100 30 2.789
Move your company’s risk program ontoThe Efficient Frontier
We model thousands of marketable strategies to provide an easy comparison to the current program
Why Should You Care?
22
The cost of poor Governance, Risk Management & Compliance Investors, Regulatory and Boards scrutiny
CEOs looking for a structured approach to managing
risk CFOs looking for reduced financial volatility
© 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Reputation is critical
Gracias
23 © 2018 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Delfin Viloria Partner | Latin America Risk & Analytics | Strategic Risk Consulting Willis Towers Watson 1450 Brickell Ave, Miami 33131, USA delfin.viloria@WillisTowersWatson.com