Post on 30-Aug-2018
ENTERPRISE RISK MANAGEMENT –PERSPECTIVS AND SUCCESS STORIES
TODAY’S DISCUSSION
4. Enterprise Risk Management at AEGON, Ron Harasym, VP Risk Mgmt., AEGON
1. Perspectives on ERM and Introduction – Gunnar Pritsch, McKinsey & Company
2. ERM – PNC’s Journey – Tom Whitford, CRO PNC Bank
3. Enterprise Risk Management at The Hartford, Craig Raymond, CRO The Hartford
5. ERM Success Stories – Optimizing Risk and Capital in Property Insurance Portfolio, Stephen Lowe, Tillinghast
6. Panel discussion
PERSPECTIVES ON ENTERPRISE RISK MANAGEMENT
Gunnar PritschPrincipal, McKinsey & Companygunnar.pritsch@mckinsey.com(212) 446 84 27
ERM Symposium - May 2, 2005
• Relevance of ERM
• Four building blocks of best practice ERM
TODAY’S DISCUSSION
PERSPECTIVES ON ENTERPRISE RISK MANAGEMENT
4. Boards and CEOs have responded by becoming more involved and overhauling their companies’ risk management practices
1. Regulators and rating agencies worldwide are intensifying focus on enterprise risk management standards; less room for negotiation
2. Recognition across financial service industry that risks are increasingly correlated across businesses and sometimes across different risk types, requiring a much more integrated, enterprise approach to managing them
3. Heightened market sensitivity to risk surprises following major debacles; fiscal surprises of any kind now leading to greater capital (equity and debt) market penalties, often a multiple of actual loss in shareholder value
THE KEY ELEMENTS OF BEST PRACTICE RISK MANAGEMENT ARE ABOUT MANAGEMENT, NOT MODELS
Core elements to best practice risk management
1. Creating full risk transparency
2. Defining the risk strategy / risk appetite
3. Establishing a robust risk organization
4. Instilling effective risk processes and build a shared risk culture
1. BEST-PRACTICE PRINCIPLES FOR RISK TRANSPARENCY
Integrated viewon risk
• “One company view on risk” – e.g., “Heat Map”
Management understanding
•Highlight and explain “hot spots”•Detect new risks, discuss early warning indicators•Review risk-return performance•Shared understanding of nature of key risks, e.g.
–Impact of stress scenarios–Impact of cross-cutting risks and key drivers
Robust riskreporting
•Reporting action/decision-oriented (vs. data-driven)• Information consistent as it aggregates from
transaction all the way to the Board•Readers trained
Adequate risk measurement methodologies
•Sophistication of measurement approach follows complexity and level of risk exposure
RISK “HEAT MAP” High risk concentrationMedium risk concentration
Business unit 1
Market risk• US$ IR• Local currency IR• Equity market & otherCredit risk• Counterparty risk• Lending risk• Investment risk
Operational risk
Total EaR
One-year earnings-at-risk (EaR)U.S. $ Millions
Detailed business unit
reports
Business unit 2
Business unit 3
-800
-600
-400
-200
0
200
400
600
800
1,000
Q1 80
Q2 81
Q3 82
Q4 83
Q1 85
Q2 86
Q3 87
Q4 88
Q1 90
Q2 91
Q3 92
Q4 93
Q1 95
Q2 96
Q3 97
Q4 98
Q1 00
Q2 01
Quarterly cash flows – 1991-2002$ Millions
Quarterly cash flows
Trend line
Losses are infrequent, but
severe
Deviation from trend linePercent
0% 5% 10% 15% 20%-370%-340%-310%-280%-250%-220%-190%-160%-130%-100%-70%-40%-10%20%50%80%110%
2. DEFINING THE RISK APPETITE – HOW MUCH VOLATILITY IS ACCEPTABLE?
A RISK APPETITE ‘DASHBOARD’ TO MONITOR RISK PROFILE
Risk adjustedperformance
Capital adequacy
Risk mix
Current assessment
Green: Desired risk profile
Yellow: Caution! Management focus is necessary to monitor risk profile and improve if appropriate
Red: Danger! Board attention and management action needed to monitor and improve risk profile
Top quartile of peers in risk adjusted performance and stable/improving risk/return profile
2nd quartile of peers in risk adjusted performance and stable risk/return profile
3rd or 4th quartile of peers in risk adjusted performance and/or deteriorating risk/ return profile
Well capitalized with an appropriate cushion
Well capitalized Undercapitalized or significant excess capital
Risk mix reflects stated strategy
Risk mix does not reflect stated strategy, but credit risk is continually decreasing as a proportion of total risk
Risk mix does not reflect stated strategy, and credit risk is stable or rising as a proportion of total risk
. . . . . . . . . . . .
3. DESIGNING A BEST-PRACTICE RISK-MANAGEMENT ORGANIZATION
1. Strong and visible commitment from top management
2. Central oversight of risk management across the enterprise (including subsidiaries, corporate functions)
3. Separation of duties
4. Clearly defined responsibility and accountability
5. Full ownership of risk and risk management at BU level
6. Business units formally involve and view risk management as a thought partner
7. Cost-effectiveness
Blueprint for best-practice risk-management organization
4. STRENGTHENING THE RISK CULTURE
Putting in place robust risk management processes
“Getting the soft side right”
1. Capital allocation
2. Risk adjusted performance measurement
3. Limit structure & policy setting
4. Model validation
5. …
1. Senior management visibly involved in Risk issues
2. Building a true partnership between Risk and the Businesses
3. Aligning incentives
4. Talent
DRAFT
EEERM: PNC’s JourneyTom Whitford
Chief Risk Officer
May 2005
DRAFTThe ERM Journey
2002
July
January Earnings Restatement
Earnings RestatementSEC Investigation
Regulatory Agreements
February
March Customer Fraud
Responses
2005
2003
&
2004
Continue to enhanceERM framework
Create corporate RM organization
Elevate both corporateand business RM practicestowards best practices
2002 Events
DRAFTCore Risk Management Goals
Linkage of Strategy and Risk Profile
Integration of Credit, Operational and Market Risk Management
Effective Management of Risk Based Capital
Culture with Strong Discipline and Accountability
DRAFTStrategic Plan Consistent With Risk Principles
Only take risks that increase shareholder value
Limit business decisions by a set of “boundaries”
Strategic activities build on key competencies and competitive advantage, reducing execution risk
Mix of businesses are diversified across major risk types
Economic capital allocation model ensures risks are appropriately sized, diversified and capitalized
Metrics support risk adjusted performance measurement
Regulatory goals of “well-capitalized” and “safe and sound” are core priorities
Regular communication to board and executive management on risk levels ensures transparency
Balance risk caution with need to grow
Risk Principles
DRAFTGovernance ProcessBoard Committees
Approve risk appetite limits and set strategic direction for theCorporationProvide oversight for Risk Management activities
Management CommitteesDevelop strategic vision for key enterprise-level activitiesApprove policies governing enterprise level activities
Working CommitteesDevelop framework for implementing key enterprise-level activitiesDevelop and adopt policies governing key enterprise-level activities
DRAFT
Enterprise Risk Policy• PNC’s risk principles and management framework.• Incorporates high level strategy and risk appetite set by Board
Corporate Risk Management Policies• Establish standards for managing risk across businesses.
Business Level Policy Guidelines• Provide further guidance for business-specific risk management
processes.
Risk Management Procedures• Procedures outline steps to take in a given process, often in
support of complying with a related policy.
Internal Control Structure• Key and supporting controls for risk management processes that
have been identified and tested.
1
2
3
4
5
Enterprise Risk Policy Hierarchy
DRAFTEnterprise Risk Policy Hierarchy: Example
Strategic Plan
Performance Objectives Risk Philosophy/Appetite
Enterprise Risk Policy
•Target Risk Profile• Governance
Corporate Risk Management Policies
• Risk limits/tolerances by risk pool• Absolute standards in line with risk appetite
Business Level Policy Guidelines
• Business specific underwriting guidelines• Aligned with CRM Policy standards
Board Level
Management CommitteeLevel
Business/Management Committee Level
Credit Administration Procedures
• Consistent measurement/monitoring of risk• Specific underwriting processes
Business/Credit Administration Level
Approval andException Reporting: Current Examples:
• Enterprise Risk Tolerance Limits • Risk Rating Philosophy
• Portfolio Management Policy• Credit Approval Policy
• Risk-specific policies:– Healthcare– Leasing
• Credit Administration Procedures
DRAFTRisk Aggregation & Transparency
Board Risk Reporting− Every Board Meeting
− Led by CRO and CReO
− Enterprise Risk Profile
− Major Risk Issues by Type
Enterprise Risk Profile
Residual Risk Alignment: Risk Trend:Provides a current assessment of how the risk is expected to move over the next quarter, but does not necessarily indicate that the risk level will change.
No gap between Current and Desired Residual Risk.One level gap between Current and Desired Residual Risk.Two level gap between Current and Desired Residual Risk.
Risk Management Assessment:Indicates how well the current risk management infrastructure manages inherent risk.
• Strong – Effectively identifies and controls all major inherent risks posed by the relevantactivity or function.
• Satisfactory – Overall, risk management activities are equivalent to inherent risks posed bythe relevant activity or function, but may be lacking to some modest degree.
• Marginal – Risk management weaknesses exist that need to be addressed in the near term.• Weak – The control environment is not adequately structured to identify, measure, and
monitor inherent risks posed by the relevant activity or function.
Operating
Market
Credit
Overall
Risk
StableLiquidity
$
$
$
$
Economic Capital
Risk Management Assessment
Risk Trend
ResidualRisk • Profile Changes
• Key Developments/Emerging Risks
DRAFT
Board InvolvementManagement LeadershipCorporate-wide InitiativeValues Based ProcessRegulatory Partnership
Drivers of Success
Success Factors
Enterprise-wide View
Effective Governance
Separation of Duties
Aggregation of Risks
Transparency of Risks
Consistency of Practices
ACCOUNTABILITY
“Best-in-class” Risk Management Organization
Objective
Enterprise Risk Management Roadmap
ERM
Craig RaymondSVP & Chief Risk OfficerMay 1, 2005
Enterprise Risk Management
ERM
ERM at The Hartford
Strong Ingrained Risk Management Discipline
Decentralized
Entrepreneurial
Hartford Financial Services Group
Hartford Investment Management Co
Hartford Property & Casualty Hartford Life
ERM
Full ownership of risks and risk management at business unit levelClear accountability and responsibilitiesCentral oversightCost-efficiency Involvement of risk management with businesses as “thought partner”Complement Hartford’s two-company structure, build on existing risk culture and utilize existing resources whenever possibleAchieve visible risk management excellence both internally andexternallyAdd value (not just bureaucracy) both defensively and offensively
ERM Key Design Principles
ERM
ERM Objectives
“No Surprises” “Maximize Shareholder Value”• Create common understanding of risk appetite and tolerances
• Understand and report on significant risk exposures across enterprise
• Develop and share risk mitigation/transfer methods
• Build framework that:enables business leaders to make appropriate and consistent risk/return decisions
facilitates management of overall enterprise risk profile and capital
ERM
ERM Structure
Hartford CRO position establishedDedicated positionReports to Hartford CFOwith regular Board reporting responsibility
Each operating company established CRO positionSenior leaders in companies with scope of responsibilities greater than just risk managementCROs report to HIG CRO for risk management responsibilities and to line management for all other matters
CROs act as virtual risk management team, pooling resources to staff ERM activitiesEnterprise risk committee (OOC plus Actuaries, CFOs and CROs) sets risk policy and limits based on CRO recommendations
HIG CFO
HIG CRO
Corporate Life CRO P&C CRO HIMCO CRO
ERM
Lesson Learned
Commitment from the top is critical
Process can be good
Communication is keyValue in sharing across enterpriseBehavior changes occur when you get understanding and buy-in
Enterprise Risk Management
Ron HarasymVice-President Risk Management
Agenda
Overview of AEGON Canada Inc
Overview of Tools & Metrics
Integration into the Decision Making Process
ERM in Practice
Overview of AEGON Canada Inc
Transamerica InternationalHoldings Inc.
AEGON Canada Inc.
AEGONInternational N.V.
Transamerica LifeCanada
AEGON CapitalManagement Inc.
AEGON FundManagement Inc.
National FinancialCorporation
National FinancialInsurance Agency Inc.
AEGON DealerServices Canada Inc.
Money Concepts(Canada) Limited
27%
100%
73%
100% 100% 100%
100% 100%
50% 50%
Overview of Tools & Metrics
Business Plan
Dynamic Capital Adequacy Testing
Embedded Value
Shock Testing
Economic Capital
Integration into the Decision Making Process
Accountabilities
Risk Categorization
Risk Triggers
Exposure & Consequences
Potential Risk Mitigation
ERM in Practice
Pre-Emptive Strikes
Fire-Fighting
2 May 2005
Stephen Lowe, FCAS, MAAA Managing Director
© 2005 Towers Perrin
ERM Success Stories:Optimizing Risk and Capital in a Property Insurance Portfolio
2005 ERM Symposium – Chicago
2© 2005 Towers Perrin
The Client
Major property & casualty insurerWrites personal and commercial property insurance nationallyConcentrations of exposure are an obvious issue
Extensive knowledge of property insurance risksDetailed database of insured exposureLicenses variety of catastrophe models
While analytical tools are in place to measure risk, the client wanted to more actively manage risk
3© 2005 Towers Perrin
Key issues and obstacles
1. ERM too high level and intangible— Not actionable— Value creation not apparent
2. Inconsistent metrics and analytics
3. Resistance to changes in traditional decision processes
— Staff versus line— Black box models
4© 2005 Towers Perrin
ERM Value Framework
How much capital do I
need?
What type of capital do I
need?
Risk and Capital Management
Value Management
CapitalCosts
Returnon Risk
Risk Structure
Capital Structure
Capital AdequacyPortfolio of
Capital Resources
Portfolio of Enterprise
Risks
Economic Capital
Value Creation
Maximize value by using economic capital to relate a firm’s decisions on the risks it takes to the decisions on the capital it uses to finance its business
5© 2005 Towers Perrin
Phase 1:Decisions about the portfolio of risks
Is this a good risk?
Is this risk a good addition to our existing portfolio?
Concentrations of exposure createthe need for additional economic capital
6© 2005 Towers Perrin
1: Decisions about the portfolio of risks
How much capital do I
need?
What type of capital do I
need?
Risk and Capital Management
Value Management
CapitalCosts
Returnon Risk
Risk Structure
Capital Structure
Capital AdequacyPortfolio of
Capital Resources
Portfolio of Enterprise
Risks
Economic Capital
Value Creation
Because property risk pricing is imperfect, one can create value by improving the geographic diversification of the portfolio
7© 2005 Towers Perrin
1: New analysis facilitated better risk decisions, leading to higher value creation
Underwriting Status
Closed (266)Manager Approval (391)Open (210)
Optimization results were translated into zip code growth priorities for local underwriting decisions
Constrained optimization to determine best possible portfolio
10% targeted growth in portfolio
8% reduction in required economic capital
8© 2005 Towers Perrin
Phase 2: Decisions about portfolio of capital resources
Tactical: Given the amount of paid up capital, how much contingent should I buy?
Strategic: Should I change the mix between paid up capital
and contingent capital?
Debt
Equity
NetRisks
Reinsurance
GrossRisks
Reinsurance
Debt
Equity
GrossRisks
Debt
Equity
Conventional approach
Framework approach
9© 2005 Towers Perrin
2: Decisions about the portfolio of capital
How much capital do I
need?
What type of capital do I
need?
Risk and Capital Management
Value Management
CapitalCosts
Returnon Risk
Risk Structure
Capital Structure
Capital AdequacyPortfolio of
Capital Resources
Portfolio of Enterprise
Risks
Economic Capital
Value Creation
One can also create value by altering the mix of capital, for example by shifting from expensive contingent capital to less expensive debt
10© 2005 Towers Perrin
2: New analysis facilitated better risk decisions, leading to higher value creation
11© 2005 Towers Perrin
Success
1. Reconciling different internal points of view— Actuarial versus corporate finance
2. Communicating successfully— Translating approaches / results into traditional
measures
3. Focusing on actionable areas
4. Clearly demonstrating value creation
0
1. What keeps you awake at night? What are the top 3 risks your businesses faces? How do you think these will change?
1
2. Where do you see the benefit of ERM? Given it’s a cost center, how do you show the value?
2
3. What do you see as the main catalyst (e.g., Board, Rating Agency, felt need, regulator) for a successful ERM initiative?
3
4. How do you enable the board of directors to have an effective dialogue on risk?
4
5. What should be the mandate of ERM and the role of the CRO?
5
6. What should be the relationship between corporate ERM and the businesses?
6
7. How do you build the “E” into risk management? How should ERM influence decision making and what change effort is required?