You are on page 1of 53

CONTENTS

Sr No Topic Page
numbers
1. Executive Summary
2 What Is Risk?
3 How Insurance Works?
4 Introduction To Risk Management
5 Principles Of Risk Management
6 Types Of Risks
7 Other Risks
8 Risk Assessment Process
9 Steps In The Risk Management Process
10 What Are The Benefits Of Risk Management To The
Insurance Company?
11 Potential Risk Treatments
12 Key Trends In Risk Management

13 Emerging Areas Of Risk Management
14 Key Risks Faced By Insurance Sector Globally
15 Enterprise Risk Management For Insurance Companies
16 Where Will The Indian Insurance Market Be In 2020?
17 Conclusion
18

EXECUTIVE SUMMARY
Risk, in insurance terms, is the possibility of a loss or other adverse event that has
the potential to interfere with an organization’s ability to fulfil its mandate, and for
which an insurance claim may be submitted.

Risk management ensures that an organization identifies and understands the risks
to which it is exposed. Risk management also guarantees that the organization
creates and implements an effective plan to prevent losses or reduce the impact if a
loss occurs.

A risk management plan includes strategies and techniques for recognizing and
confronting these threats. Good risk management doesn’t have to be expensive or
time consuming; it may be as uncomplicated as answering these three questions:

1. What can go wrong?
2. What will we do, both to prevent the harm from occurring and in response to
the harm or loss?
3. If something happens, how will we pay for it?

Risk management provides a clear and structured approach to identifying risks.
Having a clear understanding of all risks allows an organization to measure and
prioritize them and take the appropriate actions to reduce losses. Risk management
has other benefits for an organization, including:

• Saving resources: Time, assets, income, property and people are all valuable
resources that can be saved if fewer claims occur.
• Protecting the reputation and public image of the organization.
• Preventing or reducing legal liability and increasing the stability of operations.
• Protecting people from harm.
• Protecting the environment.
• Enhancing the ability to prepare for various circumstances.
• Reducing liabilities.
• Assisting in clearly defining insurance needs.

An effective risk management practice does not eliminate risks. However, having an
effective and operational risk management practice shows an insurer that your
organization is committed to loss reduction or prevention. It makes your organization
a better risk to insure.

WHAT IS RISK?
The Concise Oxford Dictionary defines risk as “hazard, a chance of bad
consequences, loss or exposure to mischance”. In a discussion with students taking
a course on financial risk management, ingredients which typically enter are events,
decisions, consequences and uncertainty. Mostly only the downside is mentioned,
rarely a possible upside. For financial risks, the subject of this book, we might arrive
at a definition such as “any event or action that may adversely affect an
organization’s ability to achieve its objectives and execute its strategies” or,
alternatively, “the quantifiable likelihood of loss or less-than-expected returns”. But
while these capture some of the elements of risk, no single one sentence definition is
entirely satisfactory in all contexts.

People seek security. A sense of security may be the next basic goal after food,
clothing, and shelter. An individual with economic security is fairly certain that he
can satisfy his needs (food, shelter, medical care, and so on) in the present and in the
future. Economic risk (which we will refer to simply as risk) is the possibility of
losing economic security. Most economic risk derives from variation from the
expected outcome. One measure of risk, used in this study note, is the standard
deviation of the possible outcomes. As an example, consider the cost of a car accident
for two different cars, a Porsche and a Toyota.

In the event of an accident the expected value of repairs for both cars is 2500.
However, the standard deviation for the Porsche is 1000 and the standard deviation
for the Toyota is 400. If the cost of repairs is normally distributed, then the
probability that the repairs will cost more than 3000 is 31% for the Porsche but only
11% for the Toyota.

Modern society provides many examples of risk. A homeowner faces a large
potential for variation associated with the possibility of economic loss caused by a
house fire. A driver faces a potential economic loss if his car is damaged. A larger
possible economic risk exists with respect to potential damages a driver might have
to pay if he injures a third party in a car accident for which he is responsible.

Historically, economic risk was managed through informal agreements within a
defined Community.

If someone’s barn burned down and a herd of milking cows was destroyed, the
community would pitch in to rebuild the barn and to provide the farmer with enough
cows to replenish the milking stock. This cooperative (pooling) concept became
formalized in the insurance industry. Under a formal insurance arrangement, each
Insurance policy purchaser (policyholder) still implicitly pools his risk with all other
policyholders. However, it is no longer necessary for any individual policyholder to
know or have any direct connection with any other policyholder.

HOW INSURANCE WORKS
Insurance is an agreement where, for a stipulated payment called the premium,
one party (the insurer) agrees to pay to the other (the policyholder or his
designated beneficiary) a defined amount (the claim payment or benefit) upon the
occurrence of a specific loss. This defined claim payment amount can be a fixed
amount or can reimburse all or a part of the loss that occurred.

The insurer considers the losses expected for the insurance pool and the potential
for variation in order to charge premiums that, in total, will be sufficient to cover
all of the projected claim payments for the insurance pool. The premium charged
to each of the pool participants is that participant’s share of the total premium for
the pool. Each premium may be adjusted to reflect any 3 special characteristics
of the particular policy.

As will be seen in the next section, the larger the policy pool, the more predictable
its results. Normally, only a small percentage of policyholders suffer losses. Their
losses are paid out of the premiums collected from the pool of policyholders.
Thus, the entire pool compensates the unfortunate few. Each policyholder
exchanges an unknown loss for the payment of a known premium.

Under the formal arrangement, the party agreeing to make the claim payments is
the insurance company or the insurer. The pool participant is the policyholder.
The payments that the policyholder makes to the insurer are premiums. The
insurance contract is the policy. The risk of any unanticipated losses is transferred
from the policyholder to the insurer who has the right to specify the rules and
conditions for participating in the insurance pool.

The insurer may restrict the particular kinds of losses covered. For example, a
peril is a potential cause of a loss. Perils may include fires, hurricanes, theft, and
heart attack. The insurance policy may define specific perils that are covered, or
it may cover all perils with certain named exclusions (for example, loss as a result
of war or loss of life due to suicide).

Hazards are conditions that increase the probability or expected magnitude of a
loss. Examples include smoking when considering potential healthcare losses,
poor wiring in a house when considering losses due to fires, or a California
residence when considering earthquake damage.

. Risk. In this manner.In summary. is the variation in potential economic outcomes. the policyholder transfers the economic risk to the insurance company. It is measured by the variation between possible outcomes and the expected outcome: the greater the standard deviation. as discussed in Section I. the greater the risk. an insurance contract covers a policyholder for economic loss caused by a peril named in the policy. The policyholder pays a known premium to have the insurer guarantee payment for the unknown loss.

when deficient knowledge is applied to a situation. whether positive or negative) followed by coordinated and economical application of resources to minimize. a knowledge risk materializes. credit risk. quality. Several risk management standards have been developed including the Project Management Institute. For example.INTRODUCTION TO RISK MANAGEMENT Risk management is the identification. The strategies to manage risk include transferring the risk to another party. and balancing between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled. In ideal risk management. definitions and goals vary widely according to whether the risk management method is in the context of project management. industrial processes. monitor. and earnings quality. and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Methods. reputation. natural causes and disasters as well as deliberate attacks from an adversary. engineering. These risks directly reduce the productivity of knowledge workers. Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on risk even though the confidence in estimates and decisions increase. Relationship risk appears when ineffective collaboration occurs. reducing the negative effect of the risk. and ISO standards. brand value. and accepting some or all of the consequences of a particular risk. and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives. Process engagement risk may be an issue when ineffective operational procedures are applied. assessment. security. project failures. Intangible risk . Intangible risk management identifies a new type of a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability. avoiding the risk. profitability. In practice the process can be very difficult. the National Institute of Science and Technology. a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first. actuarial societies. service. financial portfolios. actuarial assessments. legal liabilities. decrease cost effectiveness. and risks with lower probability of occurrence and lower loss are handled in descending order. accidents. Risks can come from uncertainty in financial markets. or public health and safety.

Risk management also faces difficulties in allocating resources. This is the idea of opportunity cost. ideal risk management minimizes spending and minimizes the negative effects of risks. . Again.management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity. Resources spent on risk management could have been spent on more profitable activities.

iterative and responsive to change • Be capable of continual improvement and enhancement .PRINCIPLES OF RISK MANAGEMENT The International Organization for Standardization (ISO) identifies the following principles of risk management: Risk management should: • Create value • Be an integral part of organizational processes • Be part of decision making • Explicitly address uncertainty • Be systematic and structured • Be based on the best available information • Be tailored • Take into account human factors • Be transparent and inclusive • Be dynamic.

For example. “Examples of Pure versus Speculative Risk Exposures”. Likewise. Securitization is the packaging and transferring of insurance risks to the capital markets through the issuance of a financial security. We explain such risk retention in Chapter 4. etc. known as hedging or securitizations. require risk transfers that use capital markets. Risk professionals find this distinction useful to differentiate between types of risk. professional people who study risk use several words to designate what others intuitively and popularly known as “risk. As we noted in Table 1. The Evolution of Risk Management: Enterprise Risk Management. fire risk. strategic risk. Hedging refers to activities that are taken to reduce or eliminate risks. Using different terminology to describe different aspects of risk allows risk professionals to reduce any confusion that might arise as they discuss risks.g. “Roles (Objectives) Underlying the Definition of Risk”. risk professionals often differentiate between pure risk that features some chance of loss and no chance of gain (e. depending on the particular aspect of the “consequences of uncertainty” that they wish to consider. .” Professionals note several different ideas for risk. on the other hand.) and those they refer to as speculative risk.TYPES OF RISK A) Pure versus Speculative Risk Exposures Some people say that Eskimos have a dozen or so words to name or describe snow. Some risks can be transferred to a third party—like an insurance company.” Some situations. In essence it is self- insuring against adverse contingencies out of its own cash flows.). Speculative risks feature a chance to either gain or lose (including investment risk. reputational risk.3.2. This distinction fits well into Figure 1. These third parties can provide a useful “risk management solution. Evolving Risk Management: Fundamental Tools and Chapter 5. The right-hand side focuses on speculative risk. flood risk.. etc. Risk retention is when a firm retains its risk. The left-hand side represents pure risk.

even if the manufacturer was reasonable in producing it. Table 1. when evaluating the expected financial returns from the introduction of a new product (which represents speculative risk). “Roles (Objectives) Underlying the Definition of Risk” is an approach to managing risk. Risk managers are part of the executive team and are essential to achieving the main objectives of the enterprise. other issues concerning product liability must be considered. ERM is one of today’s key risk management approaches.5.firms might prefer to capture up-side return potential at the same time that they mitigate while mitigating the downside loss potential. A picture of the enterprise risk map of life insurers is shown later in Figure 1. for example. Firms that are evaluated by credit rating organizations such as Moody’s or Standard & Poor’s are required to show their activities in the areas of enterprise risk management.3. . In the business environment. “A Photo of Galveston Island after Hurricane Ike”.2. As you will see in later chapters. The examples provided in Table 1. and mitigating all risks confronted by the entity is a key focus. Product liability refers to the possibility that a manufacturer may be liable for harm caused by use of its product. Operational risks. However. the risks can be more clearly categorized.[9] In today’s environment. identifying. can be regarded as operations that can cause only loss or operations that can provide also gain. evaluating. if it is more specifically defined. “Examples of Pure versus Speculative Risk Exposures” provides examples of the pure versus speculative risks dichotomy as a way to cross classify risks. ERM was listed by the Harvard Business Review as one of the key breakthrough areas in their 2004 evaluation of strategic management approaches by top management. “Examples of Pure versus Speculative Risk Exposures” are not always a perfect fit into the pure versus speculative risk dichotomy since each exposure might be regarded in alternative ways. which is known as enterprise risk management (ERM). It considers all risks simultaneously and manages risk in a holistic or enterprise-wide (and risk-wide) context. the risk manager in businesses is no longer buried in the tranches of the enterprise.2. The simultaneous consideration of pure and speculative risks within the objectives continuum of Figure 1.

social security program Political risk exposure. Nationalize health care systems.) Accounting risk . unemployment. air. irreversible Population changes destruction of food chains Natural disaster damage: floods. earthquakes. Examples of Pure versus Speculative Risk Exposures Pure Risk—Loss or No Loss Only Speculative Risk—Possible Gains or Losses Physical damage risk to property (at the enterprise level) Market risks: interest risk. depletion of resources. stock market risk Liability risk exposure (such as products liability. Market for the product risk windstorms Man-made destructive risks: nuclear risks. such as caused by fire. flood. hazardous-chemical. weather damage foreign exchange risk. population changes.2.Table 1. and other pollution. employment practice liability) Reputational risk Innovation or technical obsolescence risk Brand risk Operational risk: mistakes in process or procedure that Credit risk (at the individual cause losses enterprise level) Mortality and morbidity risk at the individual level Product success risk Intellectual property violation risks Public relation risk Environmental risks: water. political risks Regulatory change risk Mortality and morbidity risk at the societal and global level (as in pandemics. premise liability. etc. wars.

If a car is damaged in a collision. a firm losing its clients because of street . If a firm experiences a fire in the warehouse. it could be said that all exposures are personal. The categorization is often a matter of perspective. These events may be catastrophic or accidental. or as taxpayers). the direct cost is the cost of rebuilding and replacing inventory. however. and dependent old age are examples of personal loss exposures when considered at the individual/personal level. disability. An organization may also experience loss from these events when such events affect employees. unemployment. the direct loss is the cost of repairs. Exposure to premature death. B) Personal Loss Exposures—Personal Pure Risk Because the financial consequences of all risk exposures are ultimately borne by people (as individuals. Consequential or indirect losses are nonphysical losses such as loss of business. stakeholders in corporations. it is common to further explore risks by use of the dichotomy of personal property versus liability exposure risk. For example. sickness. Longevity risk at the societal level Genetic testing and genetic engineering risk Pure Risk—Loss or No Loss Only Speculative Risk—Possible Gains or Losses Investment risk Research and development risk Within the class of pure risk exposures. For example. have a more direct impact on people’s individual lives. social support programs and employer-sponsored health or pension plan costs can be affected by natural or man-made changes. C) Property Loss Exposures—Property Pure Risk Property owners face the possibility of both direct and indirect (consequential) losses. Some risks.

it has the power of transferring the risk from your shoulders to mine. Generally these types of risks are too pervasive to be undertaken by insurers and affect the whole economy as opposed to accidental risk for an individual. D) Liability Loss Exposures—Liability Pure Risk The legal system is designed to mitigate risks and is not intended to create new risks. and as such. Too many people or properties may be hurt or damaged in one location at once (and the insurer needs to worry about its own solvency). However. As such the flood impacts a large number of exposures. and terrorism attacks are the types of loss exposures that are associated with fundamental risk. earthquakes in the western states. E) Catastrophic Loss Exposure and Fundamental or Systemic Pure Risk Catastrophic risk is a concentration of strong. the loss of use of the car or warehouse while repairs are being made. Hurricanes in Florida and the southern and eastern shores of the United States.closure would be a consequential loss. Liability risk may occur because of catastrophic loss exposure or because of accidental loss exposure. which causes damage to an individual or another firm. all these exposures are subject to what is called a fundamental risk. One is exposed to the possibility of liability loss (loss caused by a third party who is considered at fault) by having to defend against a lawsuit when he or she has in some way hurt other people. a party can be held responsible for the financial consequences of causing damage to others. Property loss exposures are associated with both real property such as buildings and personal property such as automobiles and the contents of a building. A property is exposed to losses because of accidents or catastrophes such as floods or hurricanes. positively correlated risk exposures. Under most legal systems. A loss that is catastrophic and includes a large number of exposures in a single location is considered a no accidental risk. The responsible party may become legally obligated to pay for injury to persons or damage to property. All homes in the path will be damaged or destroyed when a flood occurs. Product liability is an illustrative example: a firm is responsible for compensating persons injured by supplying a defective product. such as many homes in the same location. and the additional cost of replacement facilities or lost productivity. Fundamental risks are generally systemic and no diversifiable. . floods in the Midwestern states. Such losses include the time and effort required to arrange for repairs.

political groups. non-catastrophic accidental losses. as opposed to accidental losses such as those caused by accidents such as fires. as opposed to idiosyncratic or diversifiable risks. embezzlement. when the potential losses are reasonably bounded. this is explained below. Another possible categorization of exposures is as follows: Risks of nature Risks related to human nature (theft. armies. burglary. They can be people. businesses. properties. Often. and nations that are at risk of experiencing losses.Accidental Loss Exposure and Particular Pure Risk Many pure risks arise due to accidental causes of loss. not due to man-made or intentional ones (such as making a bad investment). The term “exposures” is used to include all units subject to some potential loss. such as those caused by fires. fraud) Man-made risks Risks associated with data and knowledge. Intellectual property Pure and speculative risks are not the only way one might dichotomize risks. large business organizations. such as insurance. As opposed to fundamental losses. a risk-transfer mechanism. such as flood and hurricanes. exposures are units that are exposed to possible losses. In summary. Risks related to large systems: governments. Risks associated with the legal system (liability)—it does not create the risks but it may shift them to your arena. . are considered particular risks. Another differentiation is by systemic or non-diversifiable risks. Another breakdown is between catastrophic risks. can be used to handle the financial consequences.

or movements of the entire economy such as that precipitated by the credit crisis of fall 2008. As the events of September 2008 have shown. contrary to some interpretations of financial theory. Many of them are self- explanatory. For example. On the other hand. the others are not subject to the same geographical phenomenon causing the risks. or per exposure. are often viewed as being amenable to having their financial consequences reduced or eliminated by holding a well-diversified portfolio. If one property is damaged. These will be further explored in a later chapter about the tools to mitigate risks. This will be discussed in detail below and in later chapters. Table 1. The negative effect does not go away by having more elements in the portfolio. For example. another important dichotomy risk professionals use is between diversifiable and non-diversifiable risk. Systemic risks that are shared by all. the per-unit consequences of the risk can then be significantly reduced. sometimes to the point of being ignorable. but the most important distinction is whether the risk is unique or idiosyncratic to a firm or not. having some factories located in non- earthquake areas or hotels placed in numerous locations in the United States diversifies the risk.3. unit loss much more predictable. such as global warming. and since these exposure units are independent of each other. The field of risk management deals with both diversifiable and non- diversifiable risks. Destroying one’s reputation is not a systemic risk in the economy or the market-place. Every asset or exposure in the portfolio is affected. which are idiosyncratic (with particular characteristics that are not shared by all) in nature. on the other hand. A large number of relatively homogeneous independent exposure units pooled together in a portfolio can make the average. These risks have shown they have the ability to come back to bite (and poison) the entire enterprise and others associated with them. market risk. Risks. “Examples of Risk Exposures by the Diversifiable and Non diversifiable Categories” provides examples of risk exposures by the categories of diversifiable and non-diversifiable risk exposures. are considered non diversifiable. F) Diversifiable and Non diversifiable Risks As noted above. Diversification is the core of the modern portfolio theory in finance and in insurance. such as devaluation of the dollar is systemic risk for all firms in the export or import businesses . Diversifiable risks are those that can have their adverse consequences mitigated simply by having a well-diversified portfolio of risk exposures. the reputation of a firm is unique to the firm. the idiosyncratic risks of some banks could not always be diversified away.

“Examples of Risk Exposures by the Diversifiable and Non diversifiable Categories” we provide examples of risks by these categories.3. Examples of Risk Exposures by the Diversifiable and Non diversifiable Categories Diversifiable Risk— Non diversifiable Risks—Systemic Risk Idiosyncratic Risk • Reputational risk • Market risk • Brand risk • Regulatory risk • Credit risk (at the individual enterprise level) • Environmental risk • Product risk • Political risk • Legal risk • Inflation and recession risk • Physical damage risk (at the enterprise level) such as fire. premise liability. • Accounting risk flood.3. etc. • Longevity risk at the societal level employment practice liability) • Innovation or technical • Mortality and morbidity risk at the societal and obsolesce risk global Level (pandemics. nationalize health care systems. social security program exposure. weather damage • Liability risk (products liability. The examples are not complete and the student is invited to add as many examples as desired. Table 1.In Table 1.) • Operational risk • Strategic risk .

“Risk Balls”. The following is an example of the enterprise risks of life insurers in a map in Figure 1.4.• Longevity risk at the individual level Diversifiable Risk— Non diversifiable Risks—Systemic Risk Idiosyncratic Risk • Mortality and morbidity risk at the individual level G) Enterprise Risks As discussed above. they usually include a long list of risks from employment risks to the operations of hardware and software for information systems. and several others not detailed in the map in Figure 1. the opportunities in the risks and the fear of losses encompass the holistic risk or the enterprise risk of an entity. environmental risks. Operational risks include public relations risks. . “Life Insurers’ Enterprise Risks” Since enterprise risk management is a key current concept today. Because operational risks are so important.6. the enterprise risk map of life insurers is offered here as an example.

• Liquidity risk – the risk of insufficient liquidity to meet obligations when required.Figure 1. . counterparties or reinsurers. These risks include: • Concentration risk – arising from inadequate diversification (or excessive exposure to a particular asset or obligor). • Credit risk – the risk of default by obligors. Life Insurers’ Enterprise Risks OTHER RISK A) ASSET RISK Both life and general insurers hold investments to support their policy liabilities and capital and are subject to a range of asset risks.6.

the insurance sector will need to improve its credit risk management practices. the banking sector is now sharpening its focus on the risks involved in other areas such as trading. such as the level of expenses or the rate of policy attrition).Of course. Choose to invest policyholders’ money in ways that do not match policy obligations. B) Operational Risk Like any business. mainly operational in nature (or else arising through the premium rating process which requires assumptions to be made about operational matters. the characteristic asset risk is market risk. The extent of this mismatching behaviour differs across insurers. focusing only on those risks that are characteristic of a given industry is unwise. The ‘resilience’ of an insurer in the face of market risk can be usefully examined with the help of a simple model . the most significant risk is the credit risk stemming from banks’ lending activities. as insurers become more involved in lending. insurance companies face a number of other risks. In the insurance sector. and • Realization risk – where asset values are dependent on the continuing operation of the business. This is because insurers can. In banking. These risks are common to other types of financial institution also. For this reason. while others may mismatch on a large scale and in doing so introduce substantial market risk. and often do. different sectors of the financial system need to focus on those risks that are most important for them. . These risks include: • Mistakes in promotional material or poor sales practices. and more exposed to counterparty risks in their use of derivatives for asset management. Similarly. The liquidity risk that flows from banks’ deposit-taking business is also important. Some insurers do not mismatch at all.• Market risk – the risk of an adverse movement in the market value of assets not matched by an equal and offsetting reduction in the market value of liabilities. While each of these risks requires management.

• Ill-disciplined investment activity.• Unsound product design. • Errors in effecting reinsurance. As with insurance and asset risks. both good management and capital are needed to cope with risks such as these. • Unanticipated expense overruns. • Errors in premiums or unit prices. • High rates of policy attrition. and fraud. . systems failure.

5. 13. 14. 10. 3. Risk Assessment 2. Monitor effectiveness of risk control activities. Maintain appropriate catastrophe protection. 8. . Support proactive risk and loss control Risk Control programs. 12.RISK ASSESSMENT PROCESS AND GUIDING PRINCIPLES Four Elements of Risk Guiding Principles the Management Process 1. Identify total assets and resources of organizations. 9. Create and sustain management commitment to risk management. Finance risk. 6. Adopt a clearly defined risk Administration management structure. Measure current risk. 4. Project and communicate future losses and potential risk. Identify major exposures to loss. 11. Calculate values of assets and resources. Maintain sound communications with all affected levels of management. taking advantage of all Risk Financing available financial resources. 7. Provide maximum incentive for participation in risk control program. Develop clearly targeted annual objectives.

4) Selecting alternatives. . or loss prevention. Arthur Williams Jr. 2) Identifying exposures to loss. for example—will determine its strategy for managing various risks. involves taking steps to reduce the probability or the severity of a loss. Heins in their book Risk Management and Insurance. and Richard Mr. including avoiding. assuming. but if the exposed facility is in New York the probability of earthquake is slight and it will have a low priority as a risk to be managed. involves taking steps to prevent a loss from occurring. a pharmaceutical company may decide not to market a drug because of the potential liability.STEPS IN THE RISK MANAGEMENT PROCESS According to C. reducing. These steps are 1) Determining the objectives of the organization. Identification and measurement of risks are relatively straightforward concepts. Businesses have several alternatives for the management of risk. 3) Measuring those same exposures. the risk management process typically includes six steps. for example by installing fire sprinklers. The primary objective of an organization—growth. Reducing risks. or loss reduction. and 6) Monitoring the results. for example. As another example. or transferring the risks. 5) Implementing a solution. via such methods as employee safety training. Assuming risks simply means accepting the possibility that a loss may occur and being prepared to pay the consequences. Earthquake may be identified as a potential exposure to loss. Avoiding risks.

Any combination of these risk management tools may be applied in the fifth step of the process. back up computer data often. keep the office clean and free of hazards. which allows a company to pay a small monthly premium in exchange for protection against automobile accidents. and store records securely offsite. and familiarity with. and fire extinguishers. the insurance option is usually chosen when the other options for managing risk do not provide sufficient protection. smoke detectors. . or a variety of other risks.Transferring risk refers to the practice of placing responsibility for a loss on another party via a contract. install strong locks. implementation. various types of insurance policies is a necessary part of the risk management process. Because of its costs. Awareness of. theft or destruction of property. involves a regular review of the company's risk management tools to determine if they have obtained the desired result or if they require modification. monitoring. Nation's Business outlined some easy risk management tools for small businesses: maintain a high quality of work." Companies that choose this option set up a special account or fund to be used in the event of a loss. train employees well and maintain equipment properly. A final risk management tool is self-retention of risks— sometimes referred to as "self- insurance. The most common example of risk transference is insurance. The final step. employee disability.

. and other tasks. that company knows it should charge a higher premium to the insured person. The purpose of an insurance company is to determine the probabilities of risk and to design a premium structure ensuring that the company has a high chance of profiting in the future. The charge reflects the risk of insurance. The higher the risk. an insurance company can determine how high of a premium to certain customers charge during a particular period. and increases the chances that healthier insurance customers can afford the premiums. B) Long Term Solvency The nature of the insurance business is such that small errors in a risk management model can lead to long-term insolvency. asset classes. This protects the insurance company from insolvency. A) Fair Premium With solid risk management procedures. the better an insurance company can serve its customers and derive profit. Miscalculations in risk management models can lead to severe losses at an insurance company over an extended period. It's important for companies to use accurate data to determine their models and assure they stay in business over the long run. insurance companies need to differentiate risks posed by different individuals. the larger the premium. if the insurance company knows the probability that a male of a certain age who smokes has a certain likelihood of contracting a lethal cancer. The more precise the risk model.What Are the Benefits of Risk Management to the Insurance Company? Insurance companies are in the business of managing risk. Insurance companies live and die by prudent risk management. companies. In addition. For example. and vice versa. An insurance company builds its reputation on a long record of paying just claims. Insurance companies write contracts and uphold them.

improving the level of capitalization for the firm. . In general. it can afford to lower the costs of coverage. C) Lower Costs When an insurance company has a more competitive risk management methodology relative to its competitors. the lower the premiums. This increases the insurance pool. The virtuous cycle in the insurance business occurs when a risk management system is accurate. because the insurance company is likely to make a profit on the vast majority of customers. the more people signed up for an insurance program.

Hazard Prevention . A) Risk avoidance This includes not performing an activity that could carry risk. Defence Acquisition University. If this takes too long.outsource or insure) • Retention (accept and budget) Ideal use of these strategies may not be possible. Not entering a business to avoid the risk of loss also avoids the possibility of earning profits. or is otherwise impractical. Another would be not flying in order not to take the risk that the airplane were to be hijacked. in which Risk Management figures prominently in decision making and planning.mitigate) • Sharing (transfer . calls these categories ACAT. Avoidance may seem the answer to all risks. Accept. is too costly. for Avoid. or Transfer. Control. the second stage is mitigation. but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. An example would be not buying a property or business in order to not take on the legal liability that comes with it. This use of the ACAT acronym is reminiscent of another ACAT (for Acquisition Category) used in US Defence industry procurements.Hazard prevention refers to the prevention of risks in an emergency. . all techniques to manage the risk fall into one or more of these four major categories • Avoidance (eliminate. Some of them may involve trade- offs that are not acceptable to the organization or person making the risk management decisions.POTENTIAL RISK TREATMENTS Once risks have been identified and assessed. from the US Department of Defence. withdraw from or not become involved) • Reduction (optimize . Another source. The first and most effective stage of hazard prevention is the elimination of hazards.

the original risk is likely to still revert to the first party. and the measures to reduce a risk. In practice if the insurance company or contractor go bankrupt or end up in court. or customer support needs to another company. Halon fire suppression systems may mitigate that risk. C) Risk sharing Briefly defined as "sharing with another party the burden of loss or the benefit of gain. optimizing risks means finding a balance between negative risk and the benefit of the operation or activity. and between risk reduction and effort applied.[11] For example. As such in the terminology of practitioners and scholars alike. This way. Modern software development methodologies reduce risk by developing and delivering software incrementally. sprinklers are designed to put out a fire to reduce the risk of loss by fire. while handling the business management itself. For example. By an offshore drilling contractor effectively applying HSE Management in its organisation. any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. but the cost may be prohibitive as a strategy. or finding a physical location for a call centre. This method may cause a greater loss by water damage and therefore may not be suitable. software projects can limit effort wasted to a single iteration. it can optimise risk to achieve levels of residual risk that are tolerable. By developing in iterations." The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can transfer a risk to a third party through insurance or outsourcing. Early methodologies suffered from the fact that they only delivered software in the final phase of development. the manufacturing of hard goods. managing the development team. Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher capability at managing or reducing risks. a company may outsource only its software development. B) Risk reduction Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of the loss from occurring. the company can concentrate more on business development without having to worry as much about the manufacturing process. the purchase of an insurance contract is often . Acknowledging that risks can be positive or negative. from a risk.

For example. This includes risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible. Also any amounts of potential loss (risk) over the amount insured is retained risk. This may also be acceptable if the chance of a very large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals of the organization too much. This is different from traditional insurance. Risk retention pools are technically retaining the risk for the group. a personal injuries insurance policy does not transfer the risk of a car accident to the insurance company. but instead losses are assessed to all members of the group. All risks that are not avoided or transferred are retained by default. . or benefit of gain.described as a "transfer of risk. meaning that insurance may be described more accurately as a post-event compensatory mechanism. Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. so the loss attributed by war is retained by the insured. True self-insurance falls in this category." However. War is an example since most property and risks are not insured against war. from a risk when it occurs. The insurance policy simply provides that if an accident (the event) occurs involving the policy holder then some compensation may be payable to the policy holder that is commensurate to the suffering/damage. in that no premium is exchanged between members of the group up front. The risk still lies with the policy holder namely the person who has been in the accident. the buyer of the contract generally retains legal responsibility for the losses "transferred". technically speaking. Some ways of managing risk fall into multiple categories. D) Risk retention Involves accepting the loss. but spreading it over the whole group involves transfer among individual members of the group.

and medium-size companies will focus on risk management and will hire risk managers or assign risk management tasks to treasurers or CFOs. predicts that the key areas for risk management in the 21st century will be operations management. which caused 12. Furthermore. corporate risk managers began concentrating more on ensuring their companies' compliance with federal environmental regulations during the 1990s. droughts. As RIMS predicted. and environmental liability in order to help companies bolster profitability and competitiveness. and windstorms in the future. which they believe will lead to more and fiercer crop damage. Some experts attribute the increase in natural disasters to global warming. For instance. RIMS also believes more small. The trend towards mergers in the 1990s also affected risk management. floods.000 deaths and $9 billion in losses from insurance.KEY TRENDS IN RISK MANAGEMENT The Risk and Insurance Management Society (RIMS). In addition. stricter environmental regulations also prompted companies to have risk managers review their compliance with environmental policies to avoid any penalties for failing to comply. More and more companies called on risk managers to assess the risks involved in these . and ethics. waste management. According to Risk Management. Risk Management indicated that there were five times as many natural disasters in the 1990s as the 1960s and that insurers paid 15 times what they paid in the 1960s. the primary trade group for risk managers. environmental risks. risk managers started to assess environmental risks such as those associated with pollution. there were a record 600 catastrophes worldwide in 1996.

After that. Consequently. review a selling company's expenditures. A final trend in risk management has been the advent of non-traditional insurance policies. for instance. and other aspects that could result in losses. such as natural disasters or economic problems in other parts of the world. they guarantee profits for companies operating in international markets.mergers and to join their merger and acquisition teams. such policies ensure a level of profit even if a company experiences unexpected losses from circumstances beyond its control. . loss experience. providing risk managers with a new tool for preventing and controlling risks. Risk managers on the buying side. These insurance policies cover financial risks such as corporate profits and currency fluctuation. Buyers and sellers both use risk managers to identify and control risks. In addition. preventing losses if a currency appreciates or depreciates. insurance policies. they develop a plan for preventing or controlling the risks they identify.

These non-traditional insurance policies provide coverage of financial risks associated with corporate profits and currency fluctuation. risk managers became a more integral part of company merger and acquisition teams. risk managers examine a selling company's expenditures. insurance policies.. Hence. As forecast by RIMS. natural disasters or economic downturns). tighter environmental regulations also goaded businesses to have risk managers check their compliance with environmental policies to prevent possible penalties for noncompliance. risk managers of corporations started focusing more on verifying their companies' compliance with federal environmental regulations in the 1990s.EMERGING AREAS OF RISK MANAGEMENT In the 1990s. and other areas that indicate a company's potential . the main trade organization for the risk management profession.g. Risk managers can also help alleviate losses resulting from mergers. new areas of risk management began to emerge that provide managers with more options to protect their companies against new kinds of exposures. and hence they help prevent losses from fluctuations in a currency's value. Furthermore. and ethics. these policies in effect guarantee a minimum level of profits. Companies also have the option of obtaining new kinds of insurance policies to control risks. among the emerging areas for risk management were operations management. According to the Risk and Insurance Management Society (RIMS). Moreover. environmental risks. risk managers began to assess environmental risk such as those arising from pollution. these non-traditional policies ensure profits for companies doing business in international markets. even when a company experiences unforeseen losses from circumstances it cannot control (e. Stemming from the wave of mergers in the 1990s. Both parties in these transactions rely on risk management services to determine and control or prevent risks. On the buying side. loss history. which managers and risk managers can take into consideration when determining the best methods for covering potential risks. According to Risk Management. and environmental liability to help make their companies more profitable and competitive. waste management.

Risk managers also suggest methods for preventing or controlling the risks they find. . The importance of online business activities in maintaining relationships with customers and suppliers. communicating with employees. and advertising products and services has offered companies many advantages. but also exposed them to new security risks and liability issues. Business managers need to be aware of the various risks involved in electronic communication and commerce and include Internet security among their risk management activities. Finally. risk managers have been called upon to help businesses manage the risks associated with increased reliance on the Internet.risks.

widening bond spreads and low interest rates. but we’re not necessarily out of the woods yet. where reserve releases continued to support results. the macroeconomic changes affected insurers in different ways. In other words – annuity providers and with-profits firms. cushioning the impact of investment and underwriting losses. and since then the FTSE has risen by about 34% and bond spreads are making their way back to pre-crisis levels. there is still uncertainty around the shape and pace of that recovery. the greatest challenges have been for those most exposed to falls in asset values.KEY RISK FACED BY INSURANCE SECTOR GLOBALLY Capital and solvency The first risks I want to highlight today relate to capital and solvency. Because although the economic environment is more benign than this time last year. this economic crisis has left behind a hangover for both parts of the sector. . But this is only half of the story. As Jon Pain highlighted in his earlier speech. While our central scenario is one of steady recovery. The most marked difference being between the impact on the life sector. As we travelled down the curve. I will return to this longer term picture later. where capital levels came under pressure and the non-life sector. which will affect capital and solvency positions for some time to come. And even though we are now recovering. Life insurers In the life sector. there are still many short and longer-term prudential risks facing firms in this sector. This has eased the immediate pressure. when combined with the regulatory developments coming this way in the next few years. I joined the FSA in July. without a change in firms’ strategies and plans. many UK businesses will find it difficult to ever return to the levels of income and profitability enjoyed before the crisis.

guarantees and options must be appropriately valued and your stress and scenario testing needs to show to what extent they remain affordable as economic conditions change. you need to exercise care in the valuation of assets and liabilities.Although some of these pressures have now eased. Annuity providers in particular remain exposed to renewed widening of bond spreads. And while not related to economic conditions. it’s about monitoring your solvency position. The recent industry/CEIOPS joint task-force report on this thorny question suggests it should be possible to find prudentially sound approaches to incorporating an allowance for illiquidity into the Solvency II framework. in the event of a further economic decline. We’ve already seen examples in some insurers and intermediaries of how leveraged transactions have put pressure on . And finally. As Jon mentioned earlier. with a particular focus on the risk of a further downturn in the economy. The report is a positive step and gives the European Commission a good basis on which to put forward proposals that will ensure future retirees receive a fair deal. we expect that you will need to continue to do so. Under Solvency II. Secondly. it is also important that annuity providers continue to keep pace with changes in life expectancy. insurers considering innovative ways of leveraging capital need to ensure that there is genuine risk transfer and that Mergers and Acquisitions (M&A) transactions financed through debt don’t diminish the overall quality of capital. Conditions can change very quickly and being slow to realise what’s happening and slow to respond could make a big difference to both the capital conserving options available and the opportunity cost – to shareholders and policyholders – of taking those actions. in raising additional capital. Although most have already strengthened assumptions in this area. Thirdly. So a key priority is to pay careful attention to capital management and planning. a key issue is the extent to which annuity writers are able to reflect the illiquid nature of their liabilities in their valuation. regular and on-going stress testing is an important part of planning ahead. and ensure they are appropriately matched by duration. And what might that look like? Firstly. some of these firms may find it difficult to take actions to further conserve or raise additional capital.

Capital management and capital planning are key to restoring the sector’s strength and for preparation to withstand any further economic shocks. an economic downturn also tends to have an impact on people’s propensity to claim. pricing and underwriting? Secondly. In this context then. Recent years have seen record reserve releases. Firstly. the third risk I want to highlight is the re-emerging issue of reserving adequacy. particularly in stressed conditions. the long-term structural changes to the economy arising from the financial crisis may fundamentally alter the characteristics of risks insured by the industry. A more limited scope for reserve releasing. Any loss of pricing discipline in this kind of environment could quickly . how are you going to take account of the changes to the trading environment in making future decisions on reserving. • An increase in social crime leading to higher claims on property-related insurance. and we do not want to see this replayed across the sector. combined with lower investment returns across the asset classes. Firms should take care not to underplay this risk. prudential challenges continue to loom large for 2010. Pressure on corporate clients to drive down costs and squeeze out margins could increase their risks.cash flows. from business interruption to product and employers’ liability. So for the life sector as a whole. This happens for a number of reasons: • Increases in fraudulent claims by policyholders in financial difficulties. which could in turn lead to a pick-up in insurance claims across commercial lines. but this is likely to be unsustainable in the claims environment I’ve just described coupled with lower investment returns and competitive pressures on price. will require firms to focus more on underwriting for profit. but the prolonged recession and the slow and uncertain recovery have increased the prudential risks in this sector. Given that pricing decisions rely on backward-looking data. or • Decisions by commercial customers to self-finance fewer insured events. General insurers The impact of the financial crisis on the general insurance sector was less immediate and less significant. size and type of claims. they should ensure they are monitoring trends and building this into decisions on reserving. with increases in the number.

Solvency II will require greater disclosure and transparency. This is a chance for us to discuss and debate what material challenges remain and what the FSA and you can do to ensure we manage this risk. So while the journey into recession was less risky for the General Insurance (GI) sector. There are bigger risks associated with inadequate engagement than with managing through the uncertainty. because after the coffee break there is a panel session on how far the UK has come in preparing for Solvency II and how much there is still left to do. and firms need to be vigilant against the temptation to under-price new business to remain competitive. As Jon mentioned. and especially so for groups that operate in multiple countries. Insurance intermediaries My final comments on risks to capital and solvency concern intermediaries operating in the insurance markets. some significant hangover effects remain. Solvency II will radically alter the capital adequacy regime for the European insurance industry. The requirements for delivering and demonstrating the standards of risk management and governance will be challenging. . Any firm with a significant currency mis-match either on its balance sheet or its P&L must continue to be prepared for the possibility of major shifts in either direction – especially given the uncertain macroeconomic conditions. Although there are some material technical issues that are not yet finalised. the single biggest prudential challenge for all firms in the insurance sector is Solvency II. Solvency II But of course. The Individual Capital Adequacy Standards regime in the UK is a strong foundation on which to make the transition to Solvency II. And finally. but the new directive goes much further. together with additional and more frequent reporting. firms should not be waiting for these to be resolved. as important as all these prudential risks are. That’s all I want to say on Solvency II for now. further sizeable movements in exchange rates remain a risk to profitability and capital.eat into capital.

This is an ongoing issue in this sector. And for intermediaries competing for commercial business. So although people are saving more. 2012 and beyond The final risks I want to mention today are those associated with the level of change and uncertainty in the regulatory environment. UK new business levels were down for the major groups in 2009 and cash outflows from the existing book continue to exceed new inflows. pose a real challenge to the future viability of this business model. Another source of risk in this sector. At the same time.There is a risk that some firms in this sector don’t have a realistic assessment of the amount of financial resources required to run their business and that as a result some firms are not meeting our threshold condition requirements. the financial crisis and the following recession appear to have reduced consumer demand for insurance products. the savings rate is up from -0. In the non-life sector there is also evidence to show consumers are becoming more willing to drop incidental or non-compulsory insurance cover in order to save money. is the reliance of the broker business model on growth through acquisitions financed through debt.6% at the end of Q3 last year. which is also exacerbated by market conditions. In the life sector. but one we are now more concerned about given the continuing challenges in the economic environment. and goodwill write-downs. ABI data from research carried out in June 2009 suggested that 22% of consumers surveyed had stopped taking out home contents insurance and 17% had stopped taking out buildings insurance. We published a Dear CEO letter about this risk last month and later today it will be the subject of a panel discussion. Across many parts of the life sector. the drop in economic activity in areas like construction and shipping has left the same number of firms chasing less business. Consumers The second set of risks I want to highlight today are to do with consumers. the availability and cost of refinancing maturing debt. In the current environment increased risks abound: servicing debt or interest payments. Never is a discussion on . there is not much evidence that savings are flowing into the insurance sector.7% at the start of 2008 to 8.

risk complete without a section on regulatory risk. Each of these initiatives has very good reasons for being and presents a wealth of opportunity as well as risk. . Solvency II invites a much closer relationship between the kind of business a firm does and how much capital it holds. Oh and there’s always the small matter of a potential change in government. in some cases. they give rise to a significant question over the sustainability of certain business models. which means a number of changes. pension reform under the guise of the government’s National Employment Savings Trust (NEST) and Solvency II – you could be forgiven for thinking the Mayan ‘end of an era’ predictions were made in relation to the UK life sector rather than the ending of an astrological cycle. But for the life sector in particular. not least in terms of the kind of stress testing we expect of you. Potentially leading to changes in consumer behaviour and preferences. Both the RDR and NEST will change the deal between consumers and the industry. Ask yourself if your strategy remains fit for purpose among all this change. which may bring with it a change in the UK’s regulatory approach. NEST and Solvency II. a review of the Insurance Mediation Directive. you’re also on the receiving end of intensive supervision. make for extremely challenging times at the moment. and European Commission proposals on packaged retail investment products. And whichever political party wins the day. If not. But of course it is the risks that I am focused on today. but these risks are particularly relevant today. to certain types of business being more expensive to write than under the existing regime. The agents of change are the 2012 trio of RDR. and changes in the kinds of products and markets attractive to firms. last is most definitely not least. together with the uncertainty in the macroeconomic outlook. a tougher taxation environment also appears inevitable. As Jon outlined this morning. you’ll need to undertake regular and challenging reassessments of your strategy and the adequacy of your resources to deliver that strategy. In order to rise to these challenges and keep your business viable. re-evaluate. On this occasion. You don’t need me to tell you that the combination of all of these changes and all this uncertainty. You can also look forward to taxation changes necessitated by Solvency II. And this will lead. With a significant number of policy initiatives converging in 2012 – the Retail Distribution Review (RDR). And it doesn’t end there.

Risks in Underwriting Individual accounts A non-life insurance company is in the business of assuming risk from individuals and businesses.We’ll be doing some analysis of our own of what the world might look like for the life sector in 2012 and beyond. and ensuring adequate data for quantifying risk accumulations and measuring diversification. Underwriting . The underwriting function needs to ensure that a robust infrastructure is in place so when individual accounts are underwritten the underwriter has: adequate information on the risk. and the ability and incentive to design coverage and price the account properly. The underwriting process itself is not addressed as that subject is amply covered in underwriting texts. such that the exposures can be reasonably known and understood. Minimizing unintended underwriting risk and the risk to the enterprise from unintended risk accumulations is generally a responsibility shared between Underwriting and Risk Management (“RM”). evaluating correlations between risks. Underwriting is the discipline of understanding and evaluating which risks to intentionally assume. ENTERPRISE RISK MANGEMENT FOR INSURANCE COMPANY Risk in Non-life Insurance Underwriting Introduction This chapter addresses the risks inherent in non-life underwriting from the perspective of the Risk Officer. It covers risk issues such as mitigating unintended concentrations. both disciplines are critical. And if you’ve chosen to attend ‘The future of life insurance’ panel after lunch you will have the chance to share your views on the issue. the skills and experience required to analyse the risk. ensuring an adequate underwriting infrastructure to measure and manage exposures.

Underwriting and RM need to determine the economic risks. In cases where risks are correlated with one another. A particular form of systemic risk comes from natural and man-made catastrophic exposure. Systemic risk is the accumulation of losses triggered by a single event or cause. The underwriting infrastructure also needs to provide training and oversight such that applicable laws. and to ensure that customers are treated fairly. By this we mean that the likelihood of a claim occurring is not impacted by the fact that another claim has occurred. as well as effective auditing to ensure compliance with delegated authorities. the (re)insurer must be cognizant of potential concentration risk. Referral authorities need to be in place. in order to minimize opportunities for “rogue” activities. statutes. Concentration risk arises in multiple forms and is the area where RM generally has the greatest involvement. This is necessary to monitor concentrations. and so forth. Adherence to filed rates. regulations. A current risk with potential systemic impact is nanotechnology. filings and so forth are rigorously followed. An underwriting infrastructure also needs to be in place to allow for the meaningful capture of data on the risks underwritten. terrorism funding. and clash risks. Concentration Risk from Insurance Activities The insurance and reinsurance mechanisms work most effectively when dealing with risks that are not correlated with one another. which lines of business might be . meet any regulatory reporting requirements and have the ability to manage the underwriting of individual accounts to remain within agreed limits on aggregate concentrations. affecting one or more industry segments rather than a single risk. forms and similar measures is intended to reduce the opportunity for money laundering. stacking risk. lines of business and policy years. Asbestos is the classic example of a systemic risk affecting multiple industries and policyholders. Concentration risk arises from systemic risks. RM and Underwriting need to ensure processes are in place to identify similar potential risks and to monitor and effectively control accumulations.authority needs to be granted based on skills and experience and not on managerial hierarchical level.

Monitoring and managing risk accumulations requires detailed data (see below). AIR. from multiple business units providing coverage for the same policyholder plus participation in a reinsurance program from a policyholder’s reinsurance captive. floods and windstorms. Clash is a similar concentration risk that occurs when one or more business units insure more than one line of business for the same policyholder which could be affected by the same claim or incident. nor be subject to the same modelling capability. marine. The concentration risk of natural catastrophes arises primarily from exposure to earthquakes. and automobile physical damage. for example. products liability. As such. EQECAT. Property damage and business interruption accumulations are typically modelled by using sophisticated commercial modelling tools (RMS. workers compensation). These exposures may not be coded to location in the same detail as property policies. employer’s liability. Mitigation actions might include simply abstaining from additional underwriting commitments (or no renewing existing commitments upon expiry) or purchasing additional treaty or facultative reinsurance for peak exposures.e. The critical element is having the infrastructure to identify unintended accumulations across multiple business units and all lines of business. This could lead to a higher than intended aggregate loss. group life. such as workers compensation. Systemic risk also includes additional lines of business. Reasonable foresee ability and a large dose of common sense. Stacking refers to the accumulation of net (after reinsurance) retentions within the same line of business on the same insured. the probability of different economic risk outcomes and the aggregate limit to expose the enterprise.. together with an effective name clearance system and an agreed exposure limit are the keys for Underwriting and RM in managing these exposures. Procedures such as a name and location clearance system are typical ways to prevent such an unintended accumulation.). the likely effectiveness of coverage restrictions in policy wordings. Critical from a RM perspective is the ability to monitor accumulations across lines of business and locations and to intervene when aggregate limit boundaries are breached.exposed to loss (i. Here the risk arises. RM needs to be . etc. Stacking is another aspect of concentration risk. accident and health. Exposure to systemic risk arises from both natural and man-made catastrophic events. models and an underwriting infrastructure that spans all lines of business and all business units that write policies in potentially exposed locations.

g. Very low probability events. standby credit. Property and business interruption policies may or may not include coverage for a terrorist act or coverage for NCBR. may provide coverage for all such events. or a pandemic will require RM to have considered not just the underwriting risk but to have incorporated the potential impact on the investment portfolio. RM is uniquely positioned in many insurance organizations to consider the interaction of risks from different organizational silos in stress scenarios. From a RM perspective. Terrorism exposures are generally divided into two categories: conventional attacks (conventional bomb. reinsurance recoverable. For example. . Mitigation actions may then involve internal or commercial reinsurance. This category includes events ranging from terrorism. by their nature. Man-made catastrophic events can similarly impact all lines of business. chemical.comfortable that processes are in place and effective to identify peak property exposures through name and location clearance systems in order to allow for identification of significant exposures to non-property lines of business at the same location. biological. aircraft used as a missile) and nonconventional (nuclear. like a 1 in 250 year windstorm or earthquake. It is also vital that the same infrastructure and modelling capability for monitoring and managing accumulations noted for natural catastrophes be in place for man-made catastrophic exposures. Stress Scenarios Stress scenarios are especially necessary for determining aggregate limit boundaries for natural and man-made catastrophic events and guiding decisions on purchasing reinsurance protections. and/or similar arrangements to balance the potential exposures and financial stress the organization faces. the ERM framework for Lloyd’s includes consideration of specific Realistic Disaster Scenarios as a test of exposures under extraordinary circumstances. Further. liquidity. a “dirty bomb”). it’s important that data be captured identifying policies with NCBR coverage. to a train accident involving toxic chemicals. Policies covering worker compensation or employers liability. radiological “NCBR” e. primarily. and business continuity both from a holding company and individual subsidiary legal entities level. in addition to considering the results generated from the modelling tools. a significant terrorism incident.

and so forth. Similarly. number of employees.Concentration Risk from Credit-Related Exposures Another aspect of concentration risk arises from multiple financial-related exposures to an individual policyholder. and exposure as a counterparty to a derivative transaction. reinsurance recoverable from a captive. Name clearance systems. Granular data including the policyholder’s type of business. third-party liability and/or retrospectively rated insurance programs may generate exposure due to large deductibles. as well as assurance that assessments of the creditworthiness of the policyholder are effective and guiding collateral negotiations. for each precise location (street address. Data Capture Accurate. relevant. latitude and longitude) are critical. modelling and managing the risks of unintended exposure accumulations. plus losses on any debt or equity investments. Experience from many insurers examining losses from Katrina has shown that . thorough. detailed data capture is key to measuring. construction type and age. Detailed data capture is especially critical for monitoring property accumulations for catastrophic exposure to both natural and man-made events. values insured. In addition. as are systems to monitor accumulations by class and line of business. policyholders and lines of business to stay within agreed risk limits. A significant event. and/or financial guarantees. From a RM perspective. business interruption coverage and limits. might lead to losses from a D&O policy. allowing each underwriter participating on a policyholder’s program to see all the commitments to that policyholder. Correlations between the various insurance and financial exposures under stress scenarios need to be determined with limits set reflecting both underwriting and credit rating considerations. RM needs to be comfortable that underwriting has the processes in place to monitor and manage individual account underwriting across multiple business units. are an effective tool in this regard. such as a fraud or severe downturn in profitability. surety and fiduciary coverage’s. retrospective premium adjustments or other credit risk. tools to monitor and evaluate peak exposures bridging insurance commitments and financial holdings need to be in place. securities lending. RM needs to ensure that adequate auditing is in place to allow reliance on the data collected.

basis. Reinsurance Risk Reinsurance is a widely used and valuable tool for mitigating peak risks on both individual accounts and portfolios. Inherent in reinsurance are several risks of concern to the Risk Officer. First and foremost RM must be attentive that the reinsurance purchased is actually providing the appropriate coverage to mitigate the peak risks. or treaty. One reason for this was incomplete data capture of insured locations. but to also think about where the emerging risks are arising and what data is necessary to assess these risks. In this regard. underwriters or facultative buyers must be trained to have coverage afforded by the facultative reinsurance be concurrent with the terms of the underlying policy. RM must also be forward thinking about data capture.modelled catastrophic exposures were understated. It is not sufficient to think about capturing data for risks that are current and obvious. On the facultative side. there needs to be strong communication between underwriting and the reinsurance buying function to ensure that underwriters are aware of the provisions of the reinsurance treaties being purchased. RM needs to ensure that adequate controls are in place . Risk needs to be comfortable that data capture is complete and audited as necessary for the modelled accumulations to be meaningful. and Accounting/Tax Risk) and potentially Reputational Risk. This process generally leads to an “approved list” of acceptable reinsurers and a limit on the aggregate credit exposure to an individual reinsurer which is linked to its credit rating. Reinsurance may be purchased locally on a facultative basis by underwriters for individual accounts with peak exposures and also in multiple business offices on a portfolio. The insurance enterprise is exposed to various risks when purchasing reinsurance. The starting point is the assessment of the credit worthiness of the reinsurer. Credit risk has numerous aspects which must be managed. Operational Risk (including NonConcurrency (mentioned above) Lack of Contract Certainty. In particular. Regulatory Risk. These include: Credit Risk. awareness of exclusions or special acceptance criteria is vital.

Sometimes the structure of these transaction becomes extremely complicated with the captive being the insurer. These include delays in agreeing policy wording and a resulting lack of contract certainty. Facultative reinsurance purchased locally to protect individual policies and treaty reinsurance has significant measures of operational risk. For example. This operational risk is one on which the Risk Officer’s organization must focus. verbal or written. The Risk Officer needs to ensure that the operational risk measures developed enterprise-wide extend to the placement of reinsurance. The Risk Officer needs to be comfortable that procedures are in place so all such arrangements receive appropriate oversight and monitoring. Accounting risk arises as accounting for reinsurance transactions can be complex.so accumulations by reinsurer are monitored with actions taken to mitigate peak exposures. and similar measures. In particular. the financial records of both parties reflect the transaction the same way. including any written or verbal side agreements Also of concern is ensuring that reinsurance transactions are not structured to obfuscate the true financial results of the company. . non-concurrent terms and a simple failure to execute as intended. For both commercial reinsurance and captive arrangements. it becomes difficult to assess the true nature of the transactions and to record all of the necessary accounting entries in an accurate and timely manner. policyholders may have captive insurers or reinsurers involved in their risk management program. any fees are reasonable. a reinsurer and/or a retrocession ire. Overly complex transactions and certain “circular” transactions can lead to accounting difficulties. With many moving parts. no side agreements. training and oversight need to be emphasized and sufficiently robust to ensure that there is a significant degree of risk transfer (underwriting and timing risk). ensuring that appropriate controls are in place to mitigate the risk. Reinsurance transactions need to have risk transfer characteristics in totality support insurance/reinsurance accounting (to be included in financial results as reinsurance) and these characteristics need to be appropriately analysed and documented. the accounting must consider all aspects of the agreement.

The RM should also be aware that these vehicles typically do not include the reinstatement coverage available in traditional reinsurance. Industry loss warranties are attractive to investors for simplicity but include considerable basis risk for the insurer which needs to be evaluated. industry loss warranty protections. the bondholder will not receive all or any of their principle at maturity. one based on the industry loss or the modelled loss from an event. indemnity reinsurance coverage based on the insurer’s ultimate net loss. The SPV. These vehicles are funded by . Industry loss warranty protections are structured similarly but the protection triggers are typically based on relatively narrowly defined risks and regions and a resulting aggregate industry loss. more typically. meaning that the full limit of the reinsurance is collateralized at the inception of the contract. develops its capitalization through the issuance of bonds to investors.Alternative Risk Transfer Large natural catastrophe losses in 2004 and 2005 and enhancements to catastrophe accumulation models have increased the demand for reinsurance and retrocessional protections. These reinsurers provide reinsurance on a fully collateralized basis. Finally. Catastrophe bonds typically involve a special purpose vehicle which provides protection to the insurer/reinsurer. while more attractive to the investor in the catastrophe bonds as the investor doesn’t have to underwrite the individual company. This is done through traditional. In the event the reinsurance is triggered. hedge funds and so-called “sidecars” have grown in popularity. In particular catastrophe bonds. it is possible that the buyer could have a loss to which the coverage does not respond. so-called “side cars” are special purpose reinsurance vehicles similar to those vehicles that facilitate Catastrophe Bonds. Another alternative source of reinsurance capacity is reinsurance provided by thinly capitalized reinsurers backed by hedge funds. In turn. this demand has led to increased utilization of alternative risk transfer mechanisms to supplement the traditional reinsurance markets. a recovery is determined based on a derivative (or parametric) measure of the loss. That is. For example. risks pertaining to the collateral and failure to satisfy statutory requirements. Risks with these vehicles include operational risks. These facilities provide much needed fully collateralized capacity to insurers and reinsurers but may include basis risk which must be included in risk capital determinations. in turn. The parametric coverage approach. includes basis risk the Risk Officer needs to evaluate. or.

Emerging Risks Emerging risks are exposures which may develop or already exist. data collection and operational risk can be gained through a systematic review of large losses in a collaborative effort between underwriting and RM. RM should consider and be aware that many alternative sources of reinsurance are transacted with capital that may be more opportunistic than traditional reinsurance. reinsurance applicability and monitors developments broadly in the insurance. assessment. Risks involving emerging technologies or environmental changes require identification. RM needs to ensure that Underwriting identifies coverage triggers. limit and volume restrictions.both debt and equity and typically provide quota share reinsurance to the sponsor (re)insurer. That’s why people and companies buy insurance. and so forth. which is the risk that the sidecar cannot meet its reinsurance obligations to the cadent in an extreme event. may have a high loss potential and are marked by a high degree of uncertainty. changes in weather patterns. They are difficult to quantify. This capital may disappear if terms and conditions are not ideal. concentration monitoring and management. This structure has the potential of “tail risk”. healthcare and legal arenas. Post –Event Large Loss Reviews Insight into the effectiveness of the myriad individual account underwriting processes. The SPV has limited capital resources and this limitation acts to cap the quota share coverage provided by the facility. RM is a key driver in determining the importance of identifying emerging risks. Examples of such emerging risks would include nanotechnology. genetically modified foods. limits. Incidents that lead to insured losses happen. But insight into adherence to relevant guidelines when the risk was underwritten and the impact the risk has had on the various concentration management measures can provide Underwriting and RM with valuable information. pandemics. designing actions to . accumulation potential across lines of business and policy years. Mitigation actions need to be agreed with Underwriting regarding coverage. lines of business potentially exposed. monitoring and mitigation. reinsurance protection and monitoring of potential accumulations.

It is necessary to determine risk capital and optimize the mix by line. Similarly. As an example. Potential for a D&O exposure also exists if the explosion was found to be the result of management negligence. especially as respects individual subsidiary legal entities. An incident causing a loss may not typically affect both coverage’s. one would expect a higher degree of correlation between D&O exposure. economic outlook. The actual situation is more subtle. exposure to inflation in loss costs in future years is far less in property. reinsurance costs tend to have different trends. RM and Underwriting need to ensure that adequate consideration is given to stress scenarios intended to mirror the probabilities and correlations underlying the risk capital calculations. and so forth. surety. limits exposed and volume in order to minimize required capital through diversification. however. Relevant experience may well be very limited for analysing correlations. financial guarantees and the investment portfolio under stress scenarios.contain unintended accumulations and monitoring that risk measures are effectively in place. competition and similar . Risks in the Underwriting “Cycle” Price levels in non-life insurance tend to move in multi-year cycles as the result of varying levels of industry capital. RM generally needs to work closely with Underwriting to judgmentally assess and agree the degree of correlation. Hence. A large factory explosion may lead to losses to policies that protect workers and to liability if neighbouring buildings are damaged. property and business interruption coverage’s may generally be seen as having a very low correlation with casualty coverage’s. Correlated Risk Assessing the degree of correlation between lines of business and for each line to other risk types is a critical requirement. especially at the critical stress levels most important to risk capital determinations. for the more extreme scenarios. Operational risk might be seen as more strongly correlated with property exposures due to the complications with monitoring aggregate catastrophe accumulations and placing facultative reinsurance than casualty exposures.

considerations (see diagram below). Risk capital is required for uncertainty in this measurement due to the increased risk of understated loss reserves and added volatility as a consequence. particularly during times when marketplace pricing is less than the actuarial price. . RM needs special attention that actual pricing. Increased risk results from a failure to systematically measure deviations from the actuarial price and to fully recognize such deviations in current financial results. terms and conditions will deviate from the actuarial price based on marketplace conditions. Actual prices. Theoretically. terms and conditions are monitored and that loss reserves and current financial results reflect deviations from actuarial pricing. an actuarially correct price for each account can be consistently determined based on desired ROE and anticipated loss trends.

1998). At present. This should be supplemented by innovative insurance products and programmes by panchayats with reinsurance backup by companies and government to extend coverage to much larger sections of the population. rates of technological innovation. “Health insurance can play an invaluable role in improving the overall health care system. and globalization. First. In this case.. the penetration of insurance (premium/GDP) stays exactly the same as in 2002. As a result. Second. both insurance and banking will play a critical role along with the stock market. page 55). The insurable population in India has been assessed at 250 million and this number will increase rapidly in the coming two decades. First. At present. In that case.Where Will The Indian Insurance Market Be In 2020? Vision 2020 identified the following factors as the engines of economic growth in India: Rising education level. Indians spend close to 5% of their income Out of pocket for health related issues. On the other hand. Thus. 2001). let us follow an extremely conservative projection: insurance demand goes exactly in line with income. health insurance is not being discussed much. 2003. availability of information. contain a paragraph about a particular area of insurance: health insurance. Economic growth does not take place in vacuum. there has to be a well-defined legal environment. it mentions banking only once! Given that services sector will become the largest in India. Vision 2020 document mentions “insurance” eight times in the 108 pages. there has to be a well-functioning financial market (see Sinha. Legal framework has big impact on the development of the financial sector. There are two critical Ingredients needed. private pension is its infancy in India. it is easy to see why this is an easy pick. It makes no mention of the financial sector. But. even in the face of rising income. it also Has a huge impact on economic growth (see La Porta et al. however.” (Planning Commission. we will simply . cheaper and faster communication. Let us conduct the following thought experiment using Table 1 for getting an idea of where the Indian market might be in 2020. we are assuming that in 2020. It will not remain so in the coming decades. So is the pension market. This document does.

The insurance business is at a critical stage in India. this could easily add another USD 30 to 40 billion by 2020. increased longevity and aging population will also spur growth in health and pension segments. the premium volume will be USD 67 billion. If it rises to 6%. Growth in income also helps the insurance business to grow. This thought experiment above does not even address the two future potential growth drivers: private pensions and health insurance.multiply the current premium volume figure four-fold. Given that Indians are already spending 5% of their income out of pocket for health care. This will raise the premium volume to USD 135 to USD 160 region by 2020. then the premium volume would rise to USD 121 billion. In Sigma 8/2003. then the premium volume will rise to USD 105 billion. In such a case. evidence from other countries show that rising income below certain threshold has a nonlinear impact on insurance demand (the so-called S curve of insurance demand). Of course. insurance penetration is not likely to stay at 3.2% for India (the figure for 2002) in 2020. Financial deregulation always speeds up the development of the insurance sector. If the penetration rises to 5% (more plausible if we believe in the S curve). So. Over the next two decades we are likely to witness high growth in the insurance sector for three reasons. such figures are available for 2002 for India. . In addition.

A thorough and thoughtful risk management plan is the commitment to prevent harm. • Courts are often sympathetic to injured claimants and give them the benefit of the doubt. Taking the steps to reduce injuries could help in defending against a claim. • Organizations and individuals are held to very high standards of care. public goodwill and continuing donor support. and the recourse they can take if they have been wronged. including brand integrity. • Organizations are perceived as having a lot of assets and/or high insurance policy limits. . is not risk management. Risk management also addresses many risks that are not insurable. An organization should have a risk management strategy because: • People are now more likely to sue. • Organizations are being held liable for the actions of their employees/volunteers. • People are more aware of the level of service to expect. potential loss of tax-exempt status for volunteer groups. however. Purchasing insurance.Conclusion Insurance is a valuable risk-financing tool. Few organizations have the reserves or funds necessary to take on the risk themselves and pay the total costs following a loss.