Working with your Board to Improve Risk Management and Board Risk Oversight

Recording of this session via any media type is strictly prohibited.

Page 1

Working with your Board to Improve Risk Management and

Board Risk Oversight

Paul Walker – Schiro/Zurich Chair of ERM at St. John’s UniversityArya Yarpezeshkan – CRO at the Navigator’s Group

Joe Pugh – Sr. Advisor, ERM at AARP


• Paul Walker, Ph.D., CPASchiro/Zurich Chair in ERM, St. John’s University

• Arya YarpezeshkanChief Risk Officer, The Navigator’s Group

• Joe PughSenior Advisor, ERM, AARP

Presenters


Top Issues for Boards

• Board top issues:• Risk oversight• Strategic risks

• Investors want more information on strategy and risk oversight (what the board is thinking)


SEC 2014 National Exam Priorities

• Designed to:• communicate with investors and registrants

about areas that the staff perceives to have heightened risk

• and to support the Securities and Exchange Commission (“SEC”) mission to protect investors;


SEC 2014 National Exam Priorities

• Corporate Governance, Conflicts of Interest, and Enterprise Risk Management. The NEP will continue to meet with senior management and boards of entities registered with the SEC, including their affiliates where appropriate, to discuss how each firm identifies and mitigates conflicts of interest and legal, compliance, financial, and operational risks. This initiative is designed to: (i) evaluate firms’ control environment and “tone at the top,” (ii) understand firms’ approach to conflict and risk management, and (iii) initiate a dialogue on key risks and regulatory requirements.


What to Expect

• Strategies for working with your board• Ways to present and report an integrated,

transparent view of your organization’s risks• Ideas on improving and benchmarking risk

management and board risk oversight


1. INTERNATIONAL SPECIALTY INSURANCE UNDERWRITER

3. ONE OF THE “100 MOST TRUSTWORTHY COMPANIES” BY FORBES.COM

2. FOCUSED ON MARINE, ENERGY, SPECIALTY CASUALTY, AND D&O / PROFESSIONAL LIABILITY


Recommendation: Have a governance framework that is appropriate and effective for your organization

8

Group ERM Management Committee

Group ERM Management Committee

Board of Directors – Risk Reporting

Board of Directors – Risk Reporting

Governance & Compliance

Risk Sub-Committee

Governance & Compliance

Risk Sub-Committee

UW & Claims Risk Sub-

Committee

UW & Claims Risk Sub-

Committee

FinanceRisk Sub-

Committee

FinanceRisk Sub-

Committee

OperationsRisk Sub-

Committee

OperationsRisk Sub-

Committee


Recommendation: Clarify roles and responsibilities

Roles and Responsibilities Oversight

Escalation

Coordination

Ownership

Assurance


Recommendation: Provide the Appropriate Information For the Board to Execute its Oversight

Duties

• Is the board receiving the information it needs to foster effective risk oversight, or is it drowning in data providing little knowledge or insight?

• Are we providing the appropriate information for the board to determine if management is effectively managing risk?

• Is there sufficient agenda time for discussing the enterprise’s risks?


Recommendation: Know Your Audience

• Broad or narrow skill sets?

• Big picture or detail oriented?

Unsure of the appropriate level of detail? Then ask them.


Example: Board Risk Reporting

1. Emerging risks and opportunities

2. Risk tolerances vs. actual

3. Key risks

4. Risk events

5. Appendix

Agenda



Emerging Risk Summary

Potential Impact

HIGH Emerging Risk 1 Emerging Risk 4 Emerging Risk 6

MEDIUM Emerging Risk 2 Emerging Risk 5 Emerging Risk 7

LOW Emerging Risk 3

< 6 months 6 m - 2 years >2years

Time frame

Risk Sub-Committee Owner

UW & Claims

Finance

Operations

Compliance & Governance



Risk Tolerance SummarySample Risk Tolerances

Figures in (000s)

% $ % $

1. Maintain a maximum single risk net incurred loss tolerance < x% of shareholder equity2. A single loss-producing event (natural or man-made catastrophe) will not generate net incurred loss of more than x% of shareholders equity, as measured at a 99.6th % excedance probability (1-in-250 year).

3. Multiple loss-producing events within a single 12 month period will not generate net incurred loss of more than x% of shareholders equity, as measured at a 99.6% excedance probability (1-in-250 year).

4. A single or combination of exogenous economic shocks will not result in a de-valuation of invested assets greater than x%, in any continuous 12 month period or less, as measured at a 99.6% excedance probability (1-in-250 year).

5. No single Division will constitute more than x% of our GWP in any single calendar year.

6. Maintain broad and deep intellectual capital in our underwriting units to ensure that business interruption from loss of key personnel cannot cause more than x% of lost GWP over the course of a single year.

7. Business interruption (from external event, disruption to systems / premises) will be mitigated so that no more than x% of GWP is lost over the course of a year.

Q4 13% of

Tolerance

Investments

Underwriting Management

Operational / Reputational

Tolerance Statements

Tolerance Q1 Risk Estimate Q1 14% of

Tolerance

Capital Management & Financial Performance



Capital Adequacy / Key Risks Summary(in USD Mi l )

Q12014

Underwriting Risk xxxNon-Nat Cat Risk xxxNat Cat Risk xxxReserve Risk xxx

Investment Risk xxx

Non-Investment Related Credit Risk xxx

Operational Risk xxx

Total Risk (Before Diversification) xxx(less) Diversification Benefit xx

Total Risk (After Diversification) xxx

Policyholder Surplus xxxSurplus : Risk Ratio xxx %



Key Risk Example: Investment Risk

SummaryInvestment risk increased by xx% as a result of heightened volatility in the Treasury Markets; however, the risk is still within our tolerances.

Risk DriversChanges in the macro-economic environment, etc.

Quantification

Key Risk Indicators…

Action Items…

$xx Stochastically modeled. Investment data as of 9/30/2013. Q4 13 1/100 yr $xx $xx $xx

Figures in (000s)

Period FrequencySeverity:

Minimum CaseSeverity:

Expected Case

Severity:Extreme Case

1/100 yr

SH EquityTolerance1/100 yr % of Tolerance Extreme Case - Methodology



Key Risk Indicators– Detail in AppendixInvestment Key Risk Indicators

Volatility of Expected Return by Risk Factor

Volatility at 99% VaR

Global Financial Stress Scenarios

Q3 2013

Global Financial Stress Scenarios

Portfolio Impact

%

Portfolio Impact

$

Tolerancex.x% of Invested Assets

% of Tolerance

% of Tolerance

Lehman Default - 2008 Russian Financial Crisis - 2008 Equities down 10% EUR down 10% vs. USD Oil Prices Drop - May 2010 Japan Earthquake - Mar 2011 Debt Ceiling Crisis & Downgrade 2011 EUR up 10% vs. USD Equities up 10% Greece Financial Crisis - 2010 Libya Oil Shock - Feb 2011 Equity Markets Rebound - 2009As of 9/30/2013

Q4 2013



Emerging Risk – Detail in Appendix

Analysis

Description

Likelihood Low

Severity High

Time horizon

Trend

Potential Impact (qualitative description)

Risk Drivers

Management Analysis

Action Plans / Mitigation Strategies

Monitoring Controls

Applicable Entity

Controls Owner

Risk Category

Executive Owner

Board Committee Owner

More likely.

Solar Storm events, Failing infrastructures; Cyber attacks

The event could impact multiple lines of business and cause signficant supply chain disruptions.

Traditional loss scenarios only assume power blackouts for a few hours or days. However, space weather events or coordinated terror attacks could cause prolonged blackouts with significant impacts on society and industry. Critical infrastructure such as communication and transport would be hampered, heating and water supply would stop, and production processes and trading would seize.

6 m - 2 years (medium-term)

Prolonged Power Blackout


Takeaways• Have a governance framework that is appropriate and

effective for your organization

• Clarify responsibilities

• Know your audience

• Use the Report Appendix to your advantage

The information presented herein is for informational purposes only and is not intended to be legal, accounting or other professional advice or opinions on specific facts or matters, used for trading or investment purposes or a complete description of certain aspects of the business of Navigators and its operating subsidiaries.


1. SOCIAL MISSION ORGANIZATION

2. NON-PROFIT & NON-PARTISAN

3. FIGHTS FOR PEOPLE 50+

4. A TRUSTED SOURCE OF INFORMATION

5. OFFERS ACCESS TO PROGRAMS, SERVICES & DISCOUNTS

6. CONNECTS PEOPLE TO VOLUNTEER OPPORTUNITIES


ERM at AARP

Program maturity

Modeling the message


Recommendation: Assign ERM to the full board and keep them focused

• Does the full board have primary governance oversight?

• Is the full board focused on the top strategic risks?

• Is the full board dealing with the details of how management is managing the risks?

• Is the board’s role one of “risk” management or “list” management?


Recommendation: Include ERM on board self-assessment

“Critical risks facing the organization are proactively identified by management and fully vetted with the board”

“An appropriate process is in place to effectively manage each of the critical risk areas”

“The board holds management accountable for effective ERM stewardship”


Recommendation: Benchmark your program

•Board’s like to know how your program stacks up

•Is the board comfortable that you have an effective program in place for managing risks? – If not, share statistics•Are we “right-sizing” the benchmarking data?


Recommendation: Keep risk reporting simple

•Does the board have the right information for effective risk oversight?

•Content over quantity

•Are we providing transparency and insight in our risk reporting?



Agenda1.Residual risk heat map2.Summary risk profile scorecard3.Individual risk mitigation scorecards



Sample Illustration Only


Takeaways

• Assign ERM to the full board and keep them focused

• Include ERM on board self-assessment

• Benchmark your program

• Keep risk reporting simple


Board Risk Oversight Improvement• ERM: required and also increases value,

lowers earnings volatility, leads to better decisions, improves reputation…

• Governance metrics are used by analysts, viewed by the market, bad/good news, impact the ability to attract board members

• We have governance metrics and board assessment but not BRO metrics or assessment


Board Risk Oversight Improvement

• Benchmark, review, improve ERM and BRO• BRO Methods

• BRO assessment and self-assessment• BRO metrics and questions


Board Risk Oversight Improvement

• NACD 10• Deloitte 20/21• BRO 30 (Walker et al. 2012)• RCC 27 (Walker et al. 2014)


Board Risk Oversight ToolIn recent work the authors found that the number one tool used by

companies to manage risk is not some sophisticated modeling tool or even a risk assessment exercise. Instead, the number one tool preferred by many companies is to have a conversation about risks with management, and with and among the board. The tool presented here is not meant to replace that conversation, but should be used to ignite that conversation.

For each question for which the board believes there is a lack of consensus, the board should have a discussion about why they are not following this practice. In some cases, the questions are rooted in mandated regulations. In other cases, they are considered a best practice by many companies and by the research team.

34Confidential; not for distribution


Tool• The board and the organization have a rigorous strategic plan which incorporates all

major and emerging risks.• The board is comfortable that management has identified all enterprise level risks.• The board has a clearly defined risk oversight process and has clearly established risk

responsibility.• The organization has a CRO or ERM leader with direct line reporting to the board or a

respective board committee.• The board quarterly reviews risk maps, risk dashboards, or related risk reporting.• The board and organization go beyond risk maps and generate risk action plans as well

as related risk metrics.• Corporate decision making includes a discussion of the potential risks embedded in

those decisions.• The organization is prepared for a S&P or Moody’s assessment of their ERM process.• The board is informed of emerging risks on a timely basis.• The board has received ERM training.



Tool• Executives openly share all risk information with board committees.• The organization has had no major risk debacles in the past fiscal period.• Executives and management level risk committees have adequate

resources and training to identify and manage risks.• Important risk information is streamlined and reported to the appropriate

executives and board level committees promptly.• ERM is viewed as a critical way to create value and grow the organization,

while taking the appropriate risks.• The organization identifies the risks related to compensation plans.• Performance is evaluated in relation to the risks taken in achieving that

performance.• The organization views and assesses risk by business unit.



Tool• The board is engaged in the discussion of strategy and the related risks.• The board includes some members who are experts in the organization’s

relevant risks or risk oversight.• The board feels confident in the risk oversight process.• The board examines its own talent for diversity of views and for the ability

to oversee risk.• The board examines risks that management missed to determine if the

risk was not identified or if it was not assessed properly. The feedback is used to manage future risks better.

• The board has good communication with the CEO on the risks facing the enterprise (both current and emerging).

• The board and management regularly assess their ERM process.



St John’s Univ/Tobin College of Business

MS Risk MS Enterprise Risk Management MBA/MS Acct with a conc. in Risk and ERM Center for Excellence in ERM Executive Education – Certificate in ERM Booth _____


Questions, Final Comments and Contact Information

Paul WalkerSchiro/Zurich Chair of ERM, St. John’s University

[email protected](212) 284-7011

Arya YarpezeshkanChief Risk Officer, The Navigator’s Group


Joe PughSenior Advisor, ERM, AARP


Working with your Board to Improve Risk Management and Board Risk Oversight

Documents

Transcript of Working with your Board to Improve Risk Management and Board Risk Oversight