the center for professional education presentation enterprise risk management (erm) st. john’s...

THE CENTER FOR PROFESSIONAL EDUCATION

Presentation

Enterprise Risk Management

(ERM)

St. John’s University

Thursday, November 12

1


Question

Who said the following?

• "I cannot imagine any condition which would cause a ship to founder.

• I cannot conceive of any vital disaster happening to this vessel.

• Modern ship building has gone beyond that."

2


Answer

• Captain Edward Smith when he was Commander of the RMS Adriatic:

• Five years later he was the first and only commander of the RMS Titanic.

3

THE CENTER FOR PROFESSIONAL EDUCATION 4

Hurricane Andrew (U.S. 1992)

It caused big losses to U.S. insurers. •Florida insurance law did not handle flood and wind damage properly.•Insurance companies lobbied for and received changes in the law.•The changes were in place in 2004 and 2005.•This was good risk management for insurance companies.


Hurricane Andrew (U.S. 1992)

It caused big losses to U.S. insurers. •Florida insurance law did not handle flood and wind damage properly.•Insurance companies lobbied for and received changes in the law.•The changes were in place in 2004 and 2005.•This was good risk management for insurance companies.

•Or was it?


Answer

Did the company have a risk management process for sharing underwriting and claims lessons learned?The companies did not seek changes in the laws in Georgia, Mississippi, Louisiana, or Texas.The companies experienced large financial losses and bad press in 2005.


Risk Definitions

• Possibility of loss or injury.

• Potential for a negative impact to an asset or person.

• Likelihood of an undesirable event.


Hazard Risk

Physical Damage to Assets. Event that destroys buildings, machinery, or other assets used in an organization.

Harm to People. Accidents, injuries, or disease to employees, customers, or others.

Lawsuits. Contractual or liability claims.


ERM Redefines the Sources of Risk

• Exposure. A condition that causes a downside loss.

• Uncertainty. A negative variance from expectations.

• Missed Opportunity. A failure to accept risk is itself a source of risk.


Insurance Company Enterprise Risk

• Underwriting Risk. Poor decisions issuing insurance policies.

• Business Risk. Poor marketing, high cost of operations, weak claims processing.

• Financial Risk. Losses in investment portfolio.

• Regulatory Risk. Failure to meet solvency requirements.


Underwriting Risk

Lines of Business. Choosing insurance in areas where expertise is lacking.

Pricing. Establishing the wrong level of premiums (too high, too low)

Policy Limits. Exceeding capability to pay losses.

Reinsurance. Failing to share large losses.


Business Risk

• Operations. Weaknesses managing issuing policies, managing claims, and administrative support.

• Weak Market. Policies cannot be issued at premiums sufficient to cover losses.

• High Costs. Excessive costs from inefficient or obsolete operations or use of technology.

12


Financial Risk

• Inadequate Cash Flows. Premiums not sufficient to cover losses and costs.

• Inadequate Reserves. Failure to set aside assets to pay losses and adjusting expenses.

• Liquidity from Investment Portfolio. Short-term losses exceed ability to convert long-term investments.

• Inadequate Cash to Share Profits. Insufficient cash to pay dividends.


Enterprise Risk Management

Enterprise risk management (ERM) is an effort to coordinate risk:

• Underwriting.

• Business Risk.

• Financial Risk.

• Regulatory


ERM Definitions

Focus on:•Strategies. Focuses on results and organizational objectives.•Functions. Focuses on activities. that result in the management of risk. •Processes. Focuses on linkages among organizational activities and actions to manage risk.


ERM Defined

Enterprise risk management is:

• Identifying major risks.

• Forecasting the significance of risks.

• Addressing risk in a systematic and coordinated plan.

• Implementing the plan.

• Holding key individuals responsible for managing critical risks.


Goals of ERM

• Better Reputation. ERM is viewed positively.• Higher Profits. Help achieve higher revenues

and lower losses and expenses.• Higher Stock Value. Investors will pay a

premium for insurers with strong risk management programs.

• Fewer Surprises. Insurers will be more reliable when issuing policies and paying losses.


Significance of ERM

• Logic. Systematic and coordinated risk management.

• Regulatory. Responds to government requirements.

• Fiduciary. Helps boards, auditors, and senior managers meet moral and legal obligations.

• Legal Liability. A defensive strategy against lawsuits alleging negligence by officers or directors.

• Social Responsibility. A moral and ethical imperative.


Contributions of ERM (1-3)

ERM makes seven important contributions to the world of risk management: #1. Recognize Upside of Risk. Failure to take a risk

is a risk itself. #2. Identify Risk Owners. Assign each risk to a

single owner with hierarchical co-owners. #3. Align Risk Accountability. Match risks with

existing functional and business units and key initiatives.


Contributions of ERM (4-7)

#4. Create a Central Risk Function. To identify internal and external exposures and share the findings.

#5. Install a High-Tech Platform (HTEP). For risk identification and collaboration.

#6. Involve the Board. Make it easy for the Board to view critical risks.

#7. Standardize Risk Evaluation. Follow a consistent process.


#1. Upside of Risk

• Risk Interaction. An exposure does not occur in isolation. One risk affects other risks.

• Nature of Business Risk. A missed opportunity is a risk.


Hartford Steam Boiler

• Founded in 1866 in Connecticut.

• Boilers replaced waterpower.

• Boilers exploded.

• Goal to reduce explosions.

• Was it successful?

• Did it have an unexpected upside?


Answer

Yes. Successful.

•An inspection company first.

•An insurance company second.

•Rigorous requirements for preventative maintenance and repair.

•Failure to comply would void insurance.

Yes. Upside.

•More business. Higher profits.

23


#2. Risk Owner

For each risk or opportunity a single individual should be:

•Responsible.

•Accountable.


Question

Are there exceptions to the contribution that every risk or opportunity should have an owner?


Answer

No. Risks that cross organizational lines:

• Should be identified centrally.

• Underwriters should communicate with claims.

• Property, liability, and other lines of business should should share lessons learned.


Risk Ownership and Underwriting

Should policyholders have an ERM process with risk owners?

27


Answer

Yes. Customer risk ownership affects:

• Underwriting. Affects level of premiums and scope of coverage.

• Claims. Affects frequency and level of loss.

• Example. U.S. Airways incident.

28


Question

U.S. Airways flight 1549 landed on the Hudson River in 2009 with no loss of life.

•Landing by pilot Sullivan was called the “Miracle on the Hudson.”

•How did U.S. Airways prepare for a crisis?


Answer

Preparation: “Dry Runs.” 3 times a year at every

airport it serves. “Care Team.” Gates agents,

reservation clerks, and other employees dispatched on a “moment’s notice.”

800 Number. For families to call for information.


Question

How did it handle the passengers who were removed from the plane?


Answer

The airline took action: 150 employees from headquarters (Arizona)

to New York. Employees credit cards to buy medicines,

toiletries, and personal items. Bag of cash. Suitcases with prepaid cell phones and sweat

suits (dry clothes). Escorted passengers to hotels with 24-hour

buffets.


Question

What else did it do?


Answer (1)

More action: Arranged train tickets and rental cars for

individuals who did not want to get back on a plane.


Answer (2)



Reached out to high-level executives at Hertz and Amtrak so no hassle getting the tickets.


Answer (3)



Reached out to high-level executives at Hertz and Amtrak so no hassle getting the tickets.

Retained locksmiths to help passengers who had lost keys for cars and home.


Question

Anything else?


Answer (1)

Follow-up action: Sent letters updating passengers after they

arrived home.


Answer (2)


arrived home. Refunded the airplane ticket and gave

each passenger $5,000 to replace lost possessions.


Answer (3)


arrived home. Refunded the airplane ticket and gave each

passenger $5,000 to replace lost possessions.

Paid additional monies to passengers where $5,000 did not cover losses.


Question

Do underwriters and risk managers share stories before and after crises and losses?

41


Answer

That is their job.

42


#3. Align Risk Accountability

The business model is the strategy of firm to be successful.

• Value to be Created. For customers or clients.• Architecture of the Firm. Hierarchy to deliver

value.• Relationships. Network of partners for

creating, marketing, and delivering value.• Resources. Capital, assets, and other

resources to generate sustainable profits.


Align with Risk Owners

• Functional Staff. C-level production, marketing, finance, administration, technology,

• Business Units. Regions, autonomous operations, and subsidiaries.

• Key Initiatives. Major activities reflecting highly visible goals.


Risk Alignment

CEO

Property

Europe AsiaCOOCFO

GeneralLiability

SpecialtyLines

Rein-surance

Legal Counsel


Crop Insurance (1)

U.S Midwest drought of 2002 produced crop insurance for 2004

• Based on inches of rain.

• Covers 14 states.

• Rain measured by county.93. Nebraska counties.99. Iowa counties.102. Illinois counties.

46


Crop Insurance (2)

• $150 million. Target Premiums Written.

• $120 million . 10-year Combined Ratio.*

• Did the company reach its target premiums written?

*(incurred losses + expenses)

earned premium

47


Alignment with Buyers

In the 1990s, Ford Motor Corp. recognized an exposure to price fluctuations in the rare metal palladium needed for catalytic converters.

• The purchasing department signed long-term contracts to purchase Palladium at stable prices.

• Was this commodities risk mitigation strategy effective?


Answer

No.

• Ford’s Research and Development department redesigned catalytic converters requiring minimal palladium.

• In 2001, the price per ounce of palladium dropped from $1,500 to $400.

• Ford suffered a loss of $1 billion.


#4. Create a Central Risk Function

An individual or unit responsible for coordination of risk discussions across the entity.


Central Risk Function (1)

Risk Identification. Risks that might otherwise be missed by key executives.

Risk Sharing. Open channels for collaboration.

Influencing Risk Discussions. Opening silos.


Central Risk Function (2)

Should identify risks in a constant scanning process.

Should occupy a high position in an organizational hierarchy.

Should share unaligned risks and opportunities.


Question

What task should not be performed by a central risk function?


Answer

The central risk function should not manage risk itself.


Question

Some people think Warren Buffett is a stand-alone Central Risk Function. Could this help the Chief Underwriter at an insurance company?

55


Answer

Could be. In 2003 Warren Buffett foresaw signs of the 2008 financial crisis and sounded an alarm:

“ . . . derivatives are financial weapons of mass destruction, carrying dangers that, while now latent, are potentially lethal.”

56


#5. Install an HTEP

A high-tech electronic platform allows: Sharing. Identified risks and scope of each

exposure. Storage. An evaluation of each risk and

relationships among exposures. Strategies. Alternatives, recommendations,

and actions to mitigate risks. Communications. Managers can support or

oppose risk management efforts.


Question

Lightning struck a Phillips N.V. semiconductor fabrication plant in New Mexico.

• It started a small fire that was quickly extinguished.

• Nobody was hurt and damage was minor.

• Was this a critical risk for anyone?


Answer

• The plant was the only source of microscopic circuits for cell phones.

• 40% of production went to Nokia and I.M. Ericsson.


After the Fire

Phillips alerted 30 customers that a fire stopped production.

• Phillips estimated the time delay prior to restarting production.

• It was one week.


Nokia

Nokia had a system to share such information.

• It put the search for microchips into a critical risk category.

• The result was almost no disruption of deliveries to customers.


Ericsson

Ericsson had no sharing system.

• Purchasing did not tell production about the delay for several weeks.

• Ericsson requested help from Phillips and other suppliers of microchips.


Question

What was the total cost of the small fire?


Answer

• Phillips. $1-3 million. $40 million in lost sales offset by business interruption insurance.

• Nokia. Some additional costs offset by a 3% rise in market share.

• Ericsson. $2.3 billion loss. Withdrew from cell phone market. Acquired by Sony.


#6. Involve the Board

Board ofDirectors

ERMCommittee ofthe Board CEO

Central RiskFunction

One possibility.


Another Possibility.

Board ofDirectors

CentralRisk Function

CEOAuditCompensation

Committee

COOInternalAudit

ERMBoard Member


#7. Employ a Standard Process

One such process: Identify the risk. Assign an owner. Assess the impact. Evaluate options. Implement, monitor, and revise.


Presentation

Own Risk and Solvency Assessment (ORSA)

AIG

St. John’s University

Thursday, November 12

68


Own Risk and Solvency Assessment

An internal process by an insurer.

•Assess the adequacy of risk management.

•Assess level of solvency under normal and stress scenarios.

•Regulators applying ERM to an insurance company.

69


ORSA Analysis

Analyze relevant material risks including:

• Underwriting.

• Credit.

• Market.

• Operations.

• Liquidity.

70


Format of ORSA Report

• “O” in ORSA represents insurer’s “own” assessment of risk.

• Insurer determines the framework.

• Continuous process.

71


U.S. Status of ORSA

• Approved by National Association of Insurance Commissioners (NAIC).

• Applies to large and medium size U.S. insurers starting in 2015. ($500 million in premiums)

• States must implement with legislation.

• States can require smaller insurers to implement.

72


ORSA Goals

Foster an effective level of Enterprise Risk Management (ERM) to support risk and capital decisions.

Provide a group-level perspective on risk and capital beyond the boundaries of the individual insurance entity.

73

the center for professional education presentation enterprise risk management (erm) st. john’s...

Documents