© 2013 Finity Consulting Pty Limited

Risk Management Frameworks and

relationship with Capital and Risk Appetite

“An insurer must at all times have a risk management framework to manage the risks arising from its business”

APRA Prudential Standard 220

Agenda

2

Risk Management is getting a lot of attention

Board’s Role; Management’s Role

Risk Appetite and Capital

Integration into the Business - Culture

A continuous Journey

First, What is Risk Management?

Risk is about

uncertainty (desirable or undesirable)

impact

Management is about

approaches and techniques

Framework

accountability

Appropriate level of risk is the Risk Appetite – a difficult

thing to express

3

Its enshrined - The Australian Risk

management Standard - AS/NZ 31000

4

Mandate and Commitment

Framework Design for managing risk

Continual improvement of

Framework

Implementing risk management

Monitoring and review of framework

High Profile Risk Management Failures

HIH – Lead to Royal Commission

Centro – Australia’s second biggest shopping centre owner

Lehman Brothers in 2008 triggered the ‘Global Financial

Crisis’

Others – Enron, World Com, Tyco, Parmalat,

AIG a case study

5

High Profile Risk Management Failures

HIH Royal commission 2003 is a great manual

Risk exists to some extent at the heart of every business

Risk is taken for reward

No system of corporate governance can prevent mistakes –

corporate failures will occur

Good governance helps focus the purpose of activity and

enable identification emerging problems early

6

Risk Management critical for all Boards

Not insurance specific

all organisations

all Boards

all management

But special insurance requirements – Prudential Standard 220

The Principle

Boards require management to design and implement

risk management and internal control systems and

report to it on whether risks are being managed

effectively (ASXCGC recommendation 7.2) 7

What should Directors Know about Risk

Familiar with what is meant by risk and the various tools and technique for managing risk

Must understand the Board’s roles and responsibilities in relation to risk

There is no one best practice mode

Depends on organisation size, complexity, resources available, external environment

8

Boards responsibilities

Board to approve and review

Risk management strategy

Risk appetite

Board to ensure risk management process done including

Risk identification

Assessment and quantification

Mitigation and control

Monitoring – Escalation, Communication and Culture

9

Risk management critical for Management

Implement risk management framework is core part of Management’s responsibilities

Integral part of internal management processes

Advise Board and assist in the development of

Risk management strategy

Risk appetite

Report to Board on risk management implementation

Develop a risk management culture within the organisation

10

The Risk Management Process

11

Com

munic

ate

and C

onsult

Monitor

and R

evie

w

Identify Risks

Analyse Risks

Evaluate Risks

Establish Context

Treat Risks

Context:

Identification:

Analysis/

Measurement:

Evaluate:

Treatment Options:

• Assess internal, external &

risk management contexts

• Develop risk appetite, risk

criteria and structure

• What can happen? What can

go wrong?

• Where and when? How and

why?

• Assess risk likelihood &

consequence, review existing

controls, determine level of risk

• Compare risks against criteria

• Set risk priorities

• Identify options, assess

options, prepare and implement

treatment plans

• Avoid, change likelihood/

consequence, share or retain

• Analyse and evaluate residual

risk

Source: AS/NZS ISO 31000

Determining Risk Appetite is difficult

“The concept of risk appetite therefore needs to shift from the laboratories of

risk departments to the heart of the strategic planning process”

Oliver Wyman Group 2005

This is a Board responsibility that cannot be delegated to

management

It’s a complex task and it takes a number of iterations over a number

of planning cycles

12

Risk Appetite in the risk Hierarchy

13

Risk Capacity

Risk Appetite

Risk Tolerance

Risk Targets

Risk Limits

Risk an entity is willing to accept

A function of risk capacity

acceptable / unacceptable outcomes,

The issue of risk appetite is more important in insurance (risk is our business)

However, it is not well-understood due to its complexity

Is ‘Pigeon’ within my risk appetite?

14

Integrating the business components

Where does risk fit?

15

Objectives / Mission Statement

Business Plan

Capital strategy &

targets

Risk Management Framework

and Strategy

Strategy Risk Appetite

Where does capital fit?

Capital

Financial strength

Is a buffer

Allows you to take risk

Its a hard measure (in numbers)

Regulators obsessed with capital

16

Capital Adequacy for Risk Areas

Insurance Risk

Insurance Concentration risk

Asset Risk

Operational Risk – a tough one to put a measure on

17

Capital Adequacy APRA relativities

18

Insurancerisk

Insurancerisk

MER ICRC

Inv.riskAsset risk

Asset conc.

Op. risk Agg. benefit

0%

20%

40%

60%

80%

100%

120%

140%

Current LAGIC

Min

imu

m C

ap

ita

l

Integration into the business

19

Risk

Management

Capital

Management

Governance

Source : Ian Laughlin presentation to FSAA 2011

Risk Culture

Set of values and behaviours

Very difficult to change risk culture

Must be from the top - CEO and Board

Communication. the most important element

Risk Culture is the ‘softer’ side of risk management

20

Elements of a sound Risk Culture

21

• led by the CEO with strong support from executives and Board

• stick to strategy of managing risk Leadership

• consistent and frequent message that everyone has an interest in managing risk

• Sharing risk information

Communication

• Staff trained on managing risk

• Firm takes seriously, allocates resources Engagement

• clearly defined (risk) roles and responsibilities

• People held accountable

• Remuneration aligned with proper risk taking Expectations

It’s a continuous journey

There is no magic wand and needs to evolve

Framework to fit with you

No right way

Need to comply with legislation

Australian legislation is a proxy of good market practice

22

As is most important things

Distribution & Use Reliances & Limitations

This presentation has been prepared for the PNG Director Forum,

held on 16 October 2013. It is not intended, nor necessarily

suitable, for any other purpose.

Third parties should recognise that the furnishing of this presentation

is not a substitute for their own due diligence and should place no

reliance on this presentation or the data contained herein which

would result in the creation of any duty or liability by Finity to the

third party.

Finity wishes it to be understood that the information presented at

the Forum is of a general nature and does not constitute actuarial

advice or investment advice. While Finity has taken reasonable

care in compiling the information presented, Finity does not warrant

that the information provided is relevant to a particular reader’s

situation, specific objectives or needs.

Finity does not have any responsibility to any attendee at the Forum

or to any other party arising from the content of this presentation.

Before acting on any information provided by Finity in this

presentation, readers should consider their own circumstances and

their need for advice on the subject – Finity would be pleased to

assist.