Risk Management Frameworks and relationship with Capital ... · Implement risk management framework...
Transcript of Risk Management Frameworks and relationship with Capital ... · Implement risk management framework...
© 2013 Finity Consulting Pty Limited
Risk Management Frameworks and
relationship with Capital and Risk Appetite
“An insurer must at all times have a risk management framework to manage the risks arising from its business”
APRA Prudential Standard 220
Agenda
2
Risk Management is getting a lot of attention
Board’s Role; Management’s Role
Risk Appetite and Capital
Integration into the Business - Culture
A continuous Journey
First, What is Risk Management?
Risk is about
uncertainty (desirable or undesirable)
impact
Management is about
approaches and techniques
Framework
accountability
Appropriate level of risk is the Risk Appetite – a difficult
thing to express
3
Its enshrined - The Australian Risk
management Standard - AS/NZ 31000
4
Mandate and Commitment
Framework Design for managing risk
Continual improvement of
Framework
Implementing risk management
Monitoring and review of framework
High Profile Risk Management Failures
HIH – Lead to Royal Commission
Centro – Australia’s second biggest shopping centre owner
Lehman Brothers in 2008 triggered the ‘Global Financial
Crisis’
Others – Enron, World Com, Tyco, Parmalat,
AIG a case study
5
High Profile Risk Management Failures
HIH Royal commission 2003 is a great manual
Risk exists to some extent at the heart of every business
Risk is taken for reward
No system of corporate governance can prevent mistakes –
corporate failures will occur
Good governance helps focus the purpose of activity and
enable identification emerging problems early
6
Risk Management critical for all Boards
Not insurance specific
all organisations
all Boards
all management
But special insurance requirements – Prudential Standard 220
The Principle
Boards require management to design and implement
risk management and internal control systems and
report to it on whether risks are being managed
effectively (ASXCGC recommendation 7.2) 7
What should Directors Know about Risk
Familiar with what is meant by risk and the various tools and technique for managing risk
Must understand the Board’s roles and responsibilities in relation to risk
There is no one best practice mode
Depends on organisation size, complexity, resources available, external environment
8
Boards responsibilities
Board to approve and review
Risk management strategy
Risk appetite
Board to ensure risk management process done including
Risk identification
Assessment and quantification
Mitigation and control
Monitoring – Escalation, Communication and Culture
9
Risk management critical for Management
Implement risk management framework is core part of Management’s responsibilities
Integral part of internal management processes
Advise Board and assist in the development of
Risk management strategy
Risk appetite
Report to Board on risk management implementation
Develop a risk management culture within the organisation
10
The Risk Management Process
11
Com
munic
ate
and C
onsult
Monitor
and R
evie
w
Identify Risks
Analyse Risks
Evaluate Risks
Establish Context
Treat Risks
Context:
Identification:
Analysis/
Measurement:
Evaluate:
Treatment Options:
• Assess internal, external &
risk management contexts
• Develop risk appetite, risk
criteria and structure
• What can happen? What can
go wrong?
• Where and when? How and
why?
• Assess risk likelihood &
consequence, review existing
controls, determine level of risk
• Compare risks against criteria
• Set risk priorities
• Identify options, assess
options, prepare and implement
treatment plans
• Avoid, change likelihood/
consequence, share or retain
• Analyse and evaluate residual
risk
Source: AS/NZS ISO 31000
Determining Risk Appetite is difficult
“The concept of risk appetite therefore needs to shift from the laboratories of
risk departments to the heart of the strategic planning process”
Oliver Wyman Group 2005
This is a Board responsibility that cannot be delegated to
management
It’s a complex task and it takes a number of iterations over a number
of planning cycles
12
Risk Appetite in the risk Hierarchy
13
Risk Capacity
Risk Appetite
Risk Tolerance
Risk Targets
Risk Limits
Risk an entity is willing to accept
A function of risk capacity
acceptable / unacceptable outcomes,
The issue of risk appetite is more important in insurance (risk is our business)
However, it is not well-understood due to its complexity
Is ‘Pigeon’ within my risk appetite?
14
Integrating the business components
Where does risk fit?
15
Objectives / Mission Statement
Business Plan
Capital strategy &
targets
Risk Management Framework
and Strategy
Strategy Risk Appetite
Where does capital fit?
Capital
Financial strength
Is a buffer
Allows you to take risk
Its a hard measure (in numbers)
Regulators obsessed with capital
16
Capital Adequacy for Risk Areas
Insurance Risk
Insurance Concentration risk
Asset Risk
Operational Risk – a tough one to put a measure on
17
Capital Adequacy APRA relativities
18
Insurancerisk
Insurancerisk
MER ICRC
Inv.riskAsset risk
Asset conc.
Op. risk Agg. benefit
0%
20%
40%
60%
80%
100%
120%
140%
Current LAGIC
Min
imu
m C
ap
ita
l
Integration into the business
19
Risk
Management
Capital
Management
Governance
Source : Ian Laughlin presentation to FSAA 2011
Risk Culture
Set of values and behaviours
Very difficult to change risk culture
Must be from the top - CEO and Board
Communication. the most important element
Risk Culture is the ‘softer’ side of risk management
20
Elements of a sound Risk Culture
21
• led by the CEO with strong support from executives and Board
• stick to strategy of managing risk Leadership
• consistent and frequent message that everyone has an interest in managing risk
• Sharing risk information
Communication
• Staff trained on managing risk
• Firm takes seriously, allocates resources Engagement
• clearly defined (risk) roles and responsibilities
• People held accountable
• Remuneration aligned with proper risk taking Expectations
It’s a continuous journey
There is no magic wand and needs to evolve
Framework to fit with you
No right way
Need to comply with legislation
Australian legislation is a proxy of good market practice
22
As is most important things
Distribution & Use Reliances & Limitations
This presentation has been prepared for the PNG Director Forum,
held on 16 October 2013. It is not intended, nor necessarily
suitable, for any other purpose.
Third parties should recognise that the furnishing of this presentation
is not a substitute for their own due diligence and should place no
reliance on this presentation or the data contained herein which
would result in the creation of any duty or liability by Finity to the
third party.
Finity wishes it to be understood that the information presented at
the Forum is of a general nature and does not constitute actuarial
advice or investment advice. While Finity has taken reasonable
care in compiling the information presented, Finity does not warrant
that the information provided is relevant to a particular reader’s
situation, specific objectives or needs.
Finity does not have any responsibility to any attendee at the Forum
or to any other party arising from the content of this presentation.
Before acting on any information provided by Finity in this
presentation, readers should consider their own circumstances and
their need for advice on the subject – Finity would be pleased to
assist.