You are on page 1of 53


Risk, in insurance terms, is the possibility of a loss or other adverse event that has
the potential to interfere with an organization’s ability to fulfil its mandate, and for
which an insurance claim may be submitted.

Risk management ensures that an organization identifies and understands the risks
to which it is exposed. Risk management also guarantees that the organization
creates and implements an effective plan to prevent losses or reduce the impact if a
loss occurs.

A risk management plan includes strategies and techniques for recognizing and
confronting these threats. Good risk management doesn’t have to be expensive or
time consuming; it may be as uncomplicated as answering these three questions:

1. What can go wrong?
2. What will we do, both to prevent the harm from occurring and in response to
the harm or loss?
3. If something happens, how will we pay for it?

Risk management provides a clear and structured approach to identifying risks.
Having a clear understanding of all risks allows an organization to measure and
prioritize them and take the appropriate actions to reduce losses. Risk management
has other benefits for an organization, including:

• Saving resources: Time, assets, income, property and people are all valuable
resources that can be saved if fewer claims occur.
• Protecting the reputation and public image of the organization.
• Preventing or reducing legal liability and increasing the stability of operations.
• Protecting people from harm.
• Protecting the environment.
• Enhancing the ability to prepare for various circumstances.
• Reducing liabilities.
• Assisting in clearly defining insurance needs.

An effective risk management practice does not eliminate risks. However, having an
effective and operational risk management practice shows an insurer that your
organization is committed to loss reduction or prevention. It makes your organization
a better risk to insure.


The Concise Oxford Dictionary defines risk as “hazard, a chance of bad
consequences, loss or exposure to mischance”. In a discussion with students taking
a course on financial risk management, ingredients which typically enter are events,
decisions, consequences and uncertainty. Mostly only the downside is mentioned,
rarely a possible upside. For financial risks, the subject of this book, we might arrive
at a definition such as “any event or action that may adversely affect an
organization’s ability to achieve its objectives and execute its strategies” or,
alternatively, “the quantifiable likelihood of loss or less-than-expected returns”. But
while these capture some of the elements of risk, no single one sentence definition is
entirely satisfactory in all contexts.

People seek security. A sense of security may be the next basic goal after food,
clothing, and shelter. An individual with economic security is fairly certain that he
can satisfy his needs (food, shelter, medical care, and so on) in the present and in the
future. Economic risk (which we will refer to simply as risk) is the possibility of
losing economic security. Most economic risk derives from variation from the
expected outcome. One measure of risk, used in this study note, is the standard
deviation of the possible outcomes. As an example, consider the cost of a car accident
for two different cars, a Porsche and a Toyota.

In the event of an accident the expected value of repairs for both cars is 2500.
However, the standard deviation for the Porsche is 1000 and the standard deviation
for the Toyota is 400. If the cost of repairs is normally distributed, then the
probability that the repairs will cost more than 3000 is 31% for the Porsche but only
11% for the Toyota.

Modern society provides many examples of risk. A homeowner faces a large
potential for variation associated with the possibility of economic loss caused by a
house fire. A driver faces a potential economic loss if his car is damaged. A larger
possible economic risk exists with respect to potential damages a driver might have
to pay if he injures a third party in a car accident for which he is responsible.

Historically, economic risk was managed through informal agreements within a
defined Community.

If someone’s barn burned down and a herd of milking cows was destroyed, the
community would pitch in to rebuild the barn and to provide the farmer with enough
cows to replenish the milking stock. This cooperative (pooling) concept became
formalized in the insurance industry. Under a formal insurance arrangement, each
Insurance policy purchaser (policyholder) still implicitly pools his risk with all other
policyholders. However, it is no longer necessary for any individual policyholder to
know or have any direct connection with any other policyholder.


Insurance is an agreement where, for a stipulated payment called the premium,
one party (the insurer) agrees to pay to the other (the policyholder or his
designated beneficiary) a defined amount (the claim payment or benefit) upon the
occurrence of a specific loss. This defined claim payment amount can be a fixed
amount or can reimburse all or a part of the loss that occurred.

The insurer considers the losses expected for the insurance pool and the potential
for variation in order to charge premiums that, in total, will be sufficient to cover
all of the projected claim payments for the insurance pool. The premium charged
to each of the pool participants is that participant’s share of the total premium for
the pool. Each premium may be adjusted to reflect any 3 special characteristics
of the particular policy.

As will be seen in the next section, the larger the policy pool, the more predictable
its results. Normally, only a small percentage of policyholders suffer losses. Their
losses are paid out of the premiums collected from the pool of policyholders.
Thus, the entire pool compensates the unfortunate few. Each policyholder
exchanges an unknown loss for the payment of a known premium.

Under the formal arrangement, the party agreeing to make the claim payments is
the insurance company or the insurer. The pool participant is the policyholder.
The payments that the policyholder makes to the insurer are premiums. The

insurance contract is the policy. The risk of any unanticipated losses is transferred
from the policyholder to the insurer who has the right to specify the rules and
conditions for participating in the insurance pool.

The insurer may restrict the particular kinds of losses covered. For example, a
peril is a potential cause of a loss. Perils may include fires, hurricanes, theft, and
heart attack. The insurance policy may define specific perils that are covered, or
it may cover all perils with certain named exclusions (for example, loss as a result
of war or loss of life due to suicide).

Hazards are conditions that increase the probability or expected magnitude of a
loss. Examples include smoking when considering potential healthcare losses,
poor wiring in a house when considering losses due to fires, or a California
residence when considering earthquake damage.

In summary, an insurance contract covers a policyholder for economic loss
caused by a peril named in the policy. The policyholder pays a known premium
to have the insurer guarantee payment for the unknown loss. In this manner, the
policyholder transfers the economic risk to the insurance company. Risk, as
discussed in Section I, is the variation in potential economic outcomes. It is
measured by the variation between possible outcomes and the expected outcome:
the greater the standard deviation, the greater the risk.

definitions and goals vary widely according to whether the risk management method is in the context of project management. assessment. accidents. Methods. whether positive or negative) followed by coordinated and economical application of resources to minimize. financial portfolios. natural causes and disasters as well as deliberate attacks from an adversary. monitor. actuarial assessments. industrial processes. and ISO standards. credit risk. the National Institute of Science and Technology. actuarial societies. project failures. . legal liabilities. or public health and safety. engineering. Several risk management standards have been developed including the Project Management Institute. and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives. Risks can come from uncertainty in financial markets. and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.INTRODUCTION TO RISK ASSESSMENT Risk management is the identification. security.

and balancing between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled. a knowledge risk materializes. service. In ideal risk management. decrease cost effectiveness. Risk management also faces difficulties in allocating resources. reducing the negative effect of the risk. reputation. For example. Resources spent on risk management could have been spent on more profitable activities. . Intangible risk management identifies a new type of a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability. Process engagement risk may be an issue when ineffective operational procedures are applied. Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on risk even though the confidence in estimates and decisions increase. Again. In practice the process can be very difficult. brand value. and earnings quality. a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first. avoiding the risk. and accepting some or all of the consequences of a particular risk.The strategies to manage risk include transferring the risk to another party. These risks directly reduce the productivity of knowledge workers. Intangible risk management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity. and risks with lower probability of occurrence and lower loss are handled in descending order. ideal risk management minimizes spending and minimizes the negative effects of risks. when deficient knowledge is applied to a situation. quality. This is the idea of opportunity cost. Relationship risk appears when ineffective collaboration occurs. profitability.

iterative and responsive to change • Be capable of continual improvement and enhancement .PRINCIPLES OF RISK MANAGEMENT The International Organization for Standardization (ISO) identifies the following principles of risk management: Risk management should: • Create value • Be an integral part of organizational processes • Be part of decision making • Explicitly address uncertainty • Be systematic and structured • Be based on the best available information • Be tailored • Take into account human factors • Be transparent and inclusive • Be dynamic.

depending on the particular aspect of the “consequences of uncertainty” that they wish to consider. reputational risk.” Professionals note several different ideas for risk. strategic risk. Speculative risks feature a chance to either gain or lose (including investment risk. professional people who study risk use several words to designate what others intuitively and popularly known as “risk. etc. fire risk. “Roles (Objectives) Underlying the Definition of Risk”. . flood risk. “Examples of Pure versus Speculative Risk Exposures”.3. risk professionals often differentiate between pure risk that features some chance of loss and no chance of gain (e.) and those they refer to as speculative risk. Using different terminology to describe different aspects of risk allows risk professionals to reduce any confusion that might arise as they discuss risks.TYPES OF RISK A) Pure versus Speculative Risk Exposures Some people say that Eskimos have a dozen or so words to name or describe snow.g. This distinction fits well into Figure 1.). etc.2. Likewise. As we noted in Table 1..

Product liability refers to the possibility that a manufacturer may be liable for harm caused by use of its product. Evolving Risk Management: Fundamental Tools and Chapter 5. . The Evolution of Risk Management: Enterprise Risk Management. The examples provided in Table 1. “Examples of Pure versus Speculative Risk Exposures” provides examples of the pure versus speculative risks dichotomy as a way to cross classify risks. Hedging refers to activities that are taken to reduce or eliminate risks. “Examples of Pure versus Speculative Risk Exposures” are not always a perfect fit into the pure versus speculative risk dichotomy since each exposure might be regarded in alternative ways. Table 1. can be regarded as operations that can cause only loss or operations that can provide also gain. Risk retention is when a firm retains its risk. The left-hand side represents pure risk. Securitization is the packaging and transferring of insurance risks to the capital markets through the issuance of a financial security. when evaluating the expected financial returns from the introduction of a new product (which represents speculative risk). For example. In essence it is self- insuring against adverse contingencies out of its own cash flows. In the business environment. require risk transfers that use capital markets.The right-hand side focuses on speculative risk. other issues concerning product liability must be considered. Operational risks. These third parties can provide a useful “risk management solution. We explain such risk retention in Chapter 4. Some risks can be transferred to a third party—like an insurance company. even if the manufacturer was reasonable in producing it. Risk professionals find this distinction useful to differentiate between types of risk. for example. known as hedging or securitizations. on the other hand. However.2. Firms might prefer to capture up-side return potential at the same time that they mitigate while mitigating the downside loss potential. the risks can be more clearly categorized.2.” Some situations. if it is more specifically defined.

which is known as enterprise risk management (ERM). and mitigating all risks confronted by the entity is a key focus. ERM is one of today’s key risk management approaches. stock market risk Liability risk exposure (such as products liability. “Roles (Objectives) Underlying the Definition of Risk” is an approach to managing risk. “A Photo of Galveston Island after Hurricane Ike”. such as caused by fire.The simultaneous consideration of pure and speculative risks within the objectives continuum of Figure 1. employment practice liability) Reputational risk Innovation or technical obsolescence risk Brand risk Operational risk: mistakes in process or procedure that Credit risk (at the individual cause losses enterprise level) Mortality and morbidity risk at the individual level Product success risk Intellectual property violation risks Public relation risk .5. It considers all risks simultaneously and manages risk in a holistic or enterprise-wide (and risk-wide) context.[9] In today’s environment. the risk manager in businesses is no longer buried in the tranches of the enterprise. Examples of Pure versus Speculative Risk Exposures Pure Risk—Loss or No Loss Only Speculative Risk—Possible Gains or Losses Physical damage risk to property (at the enterprise level) Market risks: interest risk. A picture of the enterprise risk map of life insurers is shown later in Figure 1. As you will see in later chapters. ERM was listed by the Harvard Business Review as one of the key breakthrough areas in their 2004 evaluation of strategic management approaches by top management.2. flood. Firms that are evaluated by credit rating organizations such as Moody’s or Standard & Poor’s are required to show their activities in the areas of enterprise risk management. identifying. Table 1. Risk managers are part of the executive team and are essential to achieving the main objectives of the enterprise. weather damage foreign exchange risk. premise liability. evaluating.3.

Nationalize health care systems. however. hazardous-chemical. and other pollution. it could be said that all exposures are personal. Exposure to premature death.Environmental risks: water. population changes. unemployment. social security program Political risk exposure. political risks Regulatory change risk Mortality and morbidity risk at the societal and global level (as in pandemics. Market for the product risk windstorms Man-made destructive risks: nuclear risks. wars. stakeholders in corporations. or as taxpayers). air. . earthquakes. depletion of resources. have a more direct impact on people’s individual lives. Some risks. irreversible Population changes destruction of food chains Natural disaster damage: floods. sickness. B) Personal Loss Exposures—Personal Pure Risk Because the financial consequences of all risk exposures are ultimately borne by people (as individuals. it is common to further explore risks by use of the dichotomy of personal property versus liability exposure risk.) Accounting risk Longevity risk at the societal level Genetic testing and genetic engineering risk Pure Risk—Loss or No Loss Only Speculative Risk—Possible Gains or Losses Investment risk Research and development risk Within the class of pure risk exposures. etc.

For example. C) Property Loss Exposures—Property Pure Risk Property owners face the possibility of both direct and indirect (consequential) losses. Liability risk may occur because of catastrophic loss exposure or because of accidental loss exposure. If a firm experiences a fire in the warehouse. D) Liability Loss Exposures—Liability Pure Risk The legal system is designed to mitigate risks and is not intended to create new risks. social support programs and employer-sponsored health or pension plan costs can be affected by natural or man-made changes. the direct loss is the cost of repairs. Product liability is an illustrative example: a firm is responsible for compensating persons injured by supplying a defective product. One is exposed to the possibility of liability loss (loss caused by a third party who is considered at fault) by having to defend against a lawsuit when he or she has in some way hurt other people. a party can be held responsible for the financial consequences of causing damage to others. If a car is damaged in a collision. These events may be catastrophic or accidental. The categorization is often a matter of perspective. However. A property is exposed to losses because of accidents or catastrophes such as floods or hurricanes. An organization may also experience loss from these events when such events affect employees. Consequential or indirect losses are nonphysical losses such as loss of business. The responsible party may become legally obligated to pay for injury to persons or damage to property. For example. Under most legal systems. Property loss exposures are associated with both real property such as buildings and personal property such as automobiles and the contents of a building.disability. which causes damage to an individual or another firm. unemployment. it has the power of transferring the risk from your shoulders to mine. the loss of use of the car or warehouse while repairs are being made. . Such losses include the time and effort required to arrange for repairs. and dependent old age are examples of personal loss exposures when considered at the individual/personal level. a firm losing its clients because of street closure would be a consequential loss. the direct cost is the cost of rebuilding and replacing inventory. and the additional cost of replacement facilities or lost productivity.

businesses. A loss that is catastrophic and includes a large number of exposures in a single location is considered a no accidental risk. and nations that are at risk of experiencing losses. such as many homes in the same location. when the potential losses are reasonably bounded. The term “exposures” is used to include all units subject to some potential loss. burglary. properties. positively correlated risk exposures. Often. earthquakes in the western states. non-catastrophic accidental losses. Accidental Loss Exposure and Particular Pure Risk Many pure risks arise due to accidental causes of loss. are considered particular risks. As such the flood impacts a large number of exposures. E) Catastrophic Loss Exposure and Fundamental or Systemic Pure Risk Catastrophic risk is a concentration of strong. such as insurance. all these exposures are subject to what is called a fundamental risk. fraud) Man-made risks Risks associated with data and knowledge. Too many people or properties may be hurt or damaged in one location at once (and the insurer needs to worry about its own solvency). a risk-transfer mechanism. such as those caused by fires. They can be people. Generally these types of risks are too pervasive to be undertaken by insurers and affect the whole economy as opposed to accidental risk for an individual. Another possible categorization of exposures is as follows: Risks of nature Risks related to human nature (theft. embezzlement. and as such. All homes in the path will be damaged or destroyed when a flood occurs. Fundamental risks are generally systemic and no diversifiable. exposures are units that are exposed to possible losses. can be used to handle the financial consequences. and terrorism attacks are the types of loss exposures that are associated with fundamental risk. not due to man-made or intentional ones (such as making a bad investment). . Hurricanes in Florida and the southern and eastern shores of the United States. In summary. floods in the Midwestern states. As opposed to fundamental losses.

sometimes to the point of being ignorable. unit loss much more predictable. or movements of the entire economy such as that precipitated by the credit crisis of fall 2008. large business organizations. another important dichotomy risk professionals use is between diversifiable and non-diversifiable risk. on the other hand. These will be further explored in a later chapter about the tools to mitigate risks. this is explained below. armies. The negative effect does not go away by having more elements in the portfolio. F) Diversifiable and Non diversifiable Risks As noted above. such as flood and hurricanes. Risks. are considered non diversifiable.Risks associated with the legal system (liability)—it does not create the risks but it may shift them to your arena. For example. Risks related to large systems: governments. which are idiosyncratic (with particular characteristics that are not shared by all) in nature. such as global warming. the per-unit consequences of the risk can then be significantly reduced. Another differentiation is by systemic or non-diversifiable risks. Diversifiable risks are those that can have their adverse consequences mitigated simply by having a well-diversified portfolio of risk exposures. as opposed to accidental losses such as those caused by accidents such as fires. as opposed to idiosyncratic or diversifiable risks. and since these exposure units are independent of each other. Every asset or exposure in the portfolio is affected. Another breakdown is between catastrophic risks. A large number of relatively homogeneous independent exposure units pooled together in a portfolio can make the average. This will be discussed in detail below and in later . are often viewed as being amenable to having their financial consequences reduced or eliminated by holding a well-diversified portfolio. political groups. or per exposure. If one property is damaged. the others are not subject to the same geographical phenomenon causing the risks. Intellectual property Pure and speculative risks are not the only way one might dichotomize risks. Systemic risks that are shared by all. Diversification is the core of the modern portfolio theory in finance and in insurance. having some factories located in non- earthquake areas or hotels placed in numerous locations in the United States diversifies the risk.

Table 1. On the other hand.3. “Examples of Risk Exposures by the Diversifiable and Non diversifiable Categories” we provide examples of risks by these categories. For example. the idiosyncratic risks of some banks could not always be diversified away. market risk. Destroying one’s reputation is not a systemic risk in the economy or the market-place.3. These risks have shown they have the ability to come back to bite (and poison) the entire enterprise and others associated with them. Many of them are self- explanatory. The field of risk management deals with both diversifiable and non- diversifiable risks. but the most important distinction is whether the risk is unique or idiosyncratic to a firm or not. contrary to some interpretations of financial theory.3. The examples are not complete and the student is invited to add as many examples as desired. such as devaluation of the dollar is systemic risk for all firms in the export or import businesses In Table 1. As the events of September 2008 have shown. the reputation of a firm is unique to the firm. Table 1. “Examples of Risk Exposures by the Diversifiable and Non diversifiable Categories” provides examples of risk exposures by the categories of diversifiable and non-diversifiable risk exposures.chapters. Examples of Risk Exposures by the Diversifiable and Non diversifiable Categories Diversifiable Risk— Non diversifiable Risks—Systemic Risk Idiosyncratic Risk • Reputational risk • Market risk • Brand risk • Regulatory risk • Credit risk (at the individual enterprise level) • Environmental risk • Product risk • Political risk • Legal risk • Inflation and recession risk .

and several others not detailed in the map in Figure 1.) • Operational risk • Strategic risk • Longevity risk at the individual level Diversifiable Risk— Non diversifiable Risks—Systemic Risk Idiosyncratic Risk • Mortality and morbidity risk at the individual level G) Enterprise Risks As discussed above. • Accounting risk flood.4. The following is an example of the enterprise risks of life insurers in a map in Figure 1.6. they usually include a long list of risks from employment risks to the operations of hardware and software for information systems. Operational risks include public relations risks. “Life Insurers’ Enterprise Risks” Since enterprise risk management is a key current concept today. • Longevity risk at the societal level employment practice liability) • Innovation or technical • Mortality and morbidity risk at the societal and obsolesce risk global Level (pandemics. environmental risks. “Risk Balls”. Because operational risks are so important. the opportunities in the risks and the fear of losses encompass the holistic risk or the enterprise risk of an entity. the enterprise risk map of life insurers is offered here as an example. weather damage • Liability risk (products liability. .• Physical damage risk (at the enterprise level) such as fire. social security program exposure. etc. nationalize health care systems. premise liability.

Life Insurers’ Enterprise Risks OTHER RISK .6.Figure 1.

and often do. while others may mismatch on a large scale and in doing so introduce substantial market risk. the most significant risk is the credit risk stemming from banks’ lending activities. as insurers become more involved in lending. The ‘resilience’ of an insurer in the face of market risk can be usefully examined with the help of a simple model . • Credit risk – the risk of default by obligors. different sectors of the financial system need to focus on those risks that are most important for them. In banking. While each of these risks requires management. focusing only on those risks that are characteristic of a given industry is unwise. A) ASSET RISK Both life and general insurers hold investments to support their policy liabilities and capital and are subject to a range of asset risks. counterparties or reinsurers. The liquidity risk that flows from banks’ deposit-taking business is also important. Some insurers do not mismatch at all. the banking sector is now sharpening its focus on the risks involved in other areas such as trading. Similarly. • Market risk – the risk of an adverse movement in the market value of assets not matched by an equal and offsetting reduction in the market value of liabilities. Choose to invest policyholders’ money in ways that do not match policy obligations. This is because insurers can. For this reason. • Liquidity risk – the risk of insufficient liquidity to meet obligations when required. The extent of this mismatching behaviour differs across insurers. These risks include: • Concentration risk – arising from inadequate diversification (or excessive exposure to a particular asset or obligor). and • Realization risk – where asset values are dependent on the continuing operation of the business. In the insurance sector. the characteristic asset risk is market risk. These risks are common to other types of financial institution also.Of course. and more exposed to .

systems failure. B) Operational Risk Like any business. both good management and capital are needed to cope with risks such as these. • Unsound product design. . insurance companies face a number of other risks.counterparty risks in their use of derivatives for asset management. the insurance sector will need to improve its credit risk management practices. such as the level of expenses or the rate of policy attrition). • Ill-disciplined investment activity. mainly operational in nature (or else arising through the premium rating process which requires assumptions to be made about operational matters. • Errors in effecting reinsurance. • Unanticipated expense overruns. These risks include: • Mistakes in promotional material or poor sales practices. • High rates of policy attrition. As with insurance and asset risks. • Errors in premiums or unit prices. and fraud.

8. Measure current risk. 5. Calculate values of assets and resources. Support proactive risk and loss control Risk Control programs. Project and communicate future losses and potential risk. Identify major exposures to loss. 7. Identify total assets and resources of organizations. Provide maximum incentive for participation in risk control program. .RISK ASSESSMENT PROCESS AND GUIDING PRINCIPLES Four Elements of Risk Guiding Principles the Management Process 1. 3. Risk Assessment 2. 6. Monitor effectiveness of risk control activities. 4.

Arthur Williams Jr. 14. 5) Implementing a solution. 9. Develop clearly targeted annual objectives. but if the exposed facility is in New York the probability of earthquake is slight and it will have a low priority as a risk to be managed. Earthquake may be identified as a potential exposure to loss. 3) Measuring those same exposures. 13. Create and sustain management commitment to risk management. Maintain appropriate catastrophe protection. 4) Selecting alternatives. The primary objective of an organization—growth. Heins in their book Risk Management and Insurance. STEPS IN THE RISK MANAGEMENT PROCESS According to C. 12. These steps are 1) Determining the objectives of the organization. 11. 10. Adopt a clearly defined risk Administration management structure. and 6) Monitoring the results. 2) Identifying exposures to loss. . the risk management process typically includes six steps. for example—will determine its strategy for managing various risks. Identification and measurement of risks are relatively straightforward concepts. and Richard Mr. Maintain sound communications with all affected levels of management. taking advantage of all Risk Financing available financial resources. Finance risk. for example.

Avoiding risks. . the insurance option is usually chosen when the other options for managing risk do not provide sufficient protection. a pharmaceutical company may decide not to market a drug because of the potential liability. or transferring the risks. A final risk management tool is self-retention of risks— sometimes referred to as "self- insurance. and fire extinguishers. train employees well and maintain equipment properly. monitoring. for example by installing fire sprinklers. reducing. Awareness of. Transferring risk refers to the practice of placing responsibility for a loss on another party via a contract. implementation. back up computer data often. and familiarity with." Companies that choose this option set up a special account or fund to be used in the event of a loss. install strong locks. Assuming risks simply means accepting the possibility that a loss may occur and being prepared to pay the consequences. involves a regular review of the company's risk management tools to determine if they have obtained the desired result or if they require modification. Any combination of these risk management tools may be applied in the fifth step of the process. assuming. or loss prevention. Reducing risks. various types of insurance policies is a necessary part of the risk management process. via such methods as employee safety training. The most common example of risk transference is insurance. Nation's Business outlined some easy risk management tools for small businesses: maintain a high quality of work. or loss reduction. Because of its costs. which allows a company to pay a small monthly premium in exchange for protection against automobile accidents. and store records securely offsite. or a variety of other risks. As another example. involves taking steps to reduce the probability or the severity of a loss.Businesses have several alternatives for the management of risk. smoke detectors. The final step. involves taking steps to prevent a loss from occurring. keep the office clean and free of hazards. employee disability. including avoiding. theft or destruction of property.

In addition. companies. For example. insurance companies need to differentiate risks posed by different individuals. if the insurance company knows the probability that a male of a certain age who smokes has a certain likelihood of contracting a lethal cancer.What Are the Benefits of Risk Management to the Insurance Company? Insurance companies are in the business of managing risk. A) Fair Premium With solid risk management procedures. asset classes. The higher the risk. This protects the insurance company . that company knows it should charge a higher premium to the insured person. the better an insurance company can serve its customers and derive profit. The more precise the risk model. an insurance company can determine how high of a premium to certain customers charge during a particular period. The charge reflects the risk of insurance. Insurance companies live and die by prudent risk management. The purpose of an insurance company is to determine the probabilities of risk and to design a premium structure ensuring that the company has a high chance of profiting in the future. and other tasks. and vice versa. the larger the premium.

it can afford to lower the costs of coverage. the lower the premiums. and increases the chances that healthier insurance customers can afford the premiums. In general. . It's important for companies to use accurate data to determine their models and assure they stay in business over the long run. The virtuous cycle in the insurance business occurs when a risk management system is accurate.from insolvency. B) Long Term Solvency The nature of the insurance business is such that small errors in a risk management model can lead to long-term insolvency. Insurance companies write contracts and uphold them. C) Lower Costs When an insurance company has a more competitive risk management methodology relative to its competitors. improving the level of capitalization for the firm. because the insurance company is likely to make a profit on the vast majority of customers. An insurance company builds its reputation on a long record of paying just claims. Miscalculations in risk management models can lead to severe losses at an insurance company over an extended period. the more people signed up for an insurance program. This increases the insurance pool.

all techniques to manage the risk fall into one or more of these four major categories • Avoidance (eliminate.outsource or insure) • Retention (accept and budget) Ideal use of these strategies may not be possible. withdraw from or not become involved) • Reduction (optimize . Another source. This use of the ACAT acronym is reminiscent of another ACAT (for Acquisition Category) used in US Defence industry procurements. Accept. Defence Acquisition University. for Avoid. Some of them may involve trade- offs that are not acceptable to the organization or person making the risk management decisions. from the US Department of Defence. . calls these categories ACAT. or Transfer. Control.mitigate) • Sharing (transfer .POTENTIAL RISK TREATMENTS Once risks have been identified and assessed. in which Risk Management figures prominently in decision making and planning.

but the cost may be prohibitive as a strategy. This way. optimizing risks means finding a balance between negative risk and the benefit of the operation or activity. Early methodologies suffered from the fact that they only delivered software in the final phase of development.[11] For example.Hazard prevention refers to the prevention of risks in an emergency. or customer support needs to another company. sprinklers are designed to put out a fire to reduce the risk of loss by fire. Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher capability at managing or reducing risks. B) Risk reduction Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of the loss from occurring. If this takes too long. the company can concentrate more on . while handling the business management itself. Halon fire suppression systems may mitigate that risk. Modern software development methodologies reduce risk by developing and delivering software incrementally. Avoidance may seem the answer to all risks. The first and most effective stage of hazard prevention is the elimination of hazards. Acknowledging that risks can be positive or negative. is too costly. This method may cause a greater loss by water damage and therefore may not be suitable. A) Risk avoidance This includes not performing an activity that could carry risk. the manufacturing of hard goods. Another would be not flying in order not to take the risk that the airplane were to be hijacked. any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. By developing in iterations. Not entering a business to avoid the risk of loss also avoids the possibility of earning profits. and between risk reduction and effort applied. An example would be not buying a property or business in order to not take on the legal liability that comes with it. For example. it can optimise risk to achieve levels of residual risk that are tolerable. software projects can limit effort wasted to a single iteration. By an offshore drilling contractor effectively applying HSE Management in its organisation. Hazard Prevention . or is otherwise impractical. the second stage is mitigation. but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. a company may outsource only its software development.

but instead losses are assessed to all members of the group. from a risk. but spreading it over the whole group involves transfer among individual members of the group. Risk retention pools are technically retaining the risk for the group. in that no premium is exchanged between members of the group up front. Some ways of managing risk fall into multiple categories. As such in the terminology of practitioners and scholars alike. War is an example since most property and risks are not insured against war. from a risk when it occurs. managing the development team. the buyer of the contract generally retains legal responsibility for the losses "transferred". The insurance policy simply provides that if an accident (the event) occurs involving the policy holder then some compensation may be payable to the policy holder that is commensurate to the suffering/damage. This is different from traditional insurance. a personal injuries insurance policy does not transfer the risk of a car accident to the insurance company. Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. This includes risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible. True self-insurance falls in this category. the original risk is likely to still revert to the first party. In practice if the insurance company or contractor go bankrupt or end up in development without having to worry as much about the manufacturing process. For example. or finding a physical location for a call centre. meaning that insurance may be described more accurately as a post-event compensatory mechanism. and the measures to reduce a risk. so the loss attributed ." However. The risk still lies with the policy holder namely the person who has been in the accident. D) Risk retention Involves accepting the loss. or benefit of gain. C) Risk sharing Briefly defined as "sharing with another party the burden of loss or the benefit of gain. the purchase of an insurance contract is often described as a "transfer of risk. All risks that are not avoided or transferred are retained by default." The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can transfer a risk to a third party through insurance or outsourcing. technically speaking.

As RIMS predicted.and medium-size companies will focus on risk management and will hire risk managers or assign risk management tasks to treasurers or CFOs. Also any amounts of potential loss (risk) over the amount insured is retained risk. This may also be acceptable if the chance of a very large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals of the organization too much. and environmental liability in order to help companies bolster profitability and competitiveness. and ethics. stricter environmental regulations also prompted . risk managers started to assess environmental risks such as those associated with pollution. In addition. According to Risk Management. waste management. predicts that the key areas for risk management in the 21st century will be operations management. environmental war is retained by the insured. RIMS also believes more small. corporate risk managers began concentrating more on ensuring their companies' compliance with federal environmental regulations during the 1990s. KEY TRENDS IN RISK MANAGEMENT The Risk and Insurance Management Society (RIMS). the primary trade group for risk managers.

which they believe will lead to more and fiercer crop damage. and other aspects that could result in losses. A final trend in risk management has been the advent of non-traditional insurance policies. insurance policies. These insurance policies cover financial risks such as corporate profits and currency fluctuation. preventing losses if a currency appreciates or depreciates. floods. review a selling company's expenditures. In addition. Risk Management indicated that there were five times as many natural disasters in the 1990s as the 1960s and that insurers paid 15 times what they paid in the 1960s. such policies ensure a level of profit even if a company experiences unexpected losses from circumstances beyond its control. The trend towards mergers in the 1990s also affected risk management. More and more companies called on risk managers to assess the risks involved in these mergers and to join their merger and acquisition teams. providing risk managers with a new tool for preventing and controlling risks. droughts. and windstorms in the future. . Furthermore. Consequently. Buyers and sellers both use risk managers to identify and control risks. For instance. loss experience. such as natural disasters or economic problems in other parts of the world. After that. they develop a plan for preventing or controlling the risks they identify. which caused 12. for instance. they guarantee profits for companies operating in international markets.companies to have risk managers review their compliance with environmental policies to avoid any penalties for failing to comply.000 deaths and $9 billion in losses from insurance. Risk managers on the buying side. there were a record 600 catastrophes worldwide in 1996. Some experts attribute the increase in natural disasters to global warming.

new areas of risk management began to emerge that provide managers with more options to protect their companies against new kinds of exposures.EMERGING AREAS OF RISK MANAGEMENT In the 1990s. Furthermore. waste management. risk managers of corporations started focusing more on verifying their companies' compliance with federal environmental regulations in the 1990s. the main trade organization for the risk management profession. These non-traditional . Companies also have the option of obtaining new kinds of insurance policies to control risks. and environmental liability to help make their companies more profitable and competitive. tighter environmental regulations also goaded businesses to have risk managers check their compliance with environmental policies to prevent possible penalties for noncompliance. risk managers began to assess environmental risk such as those arising from pollution. As forecast by RIMS. According to the Risk and Insurance Management Society (RIMS). According to Risk Management. among the emerging areas for risk management were operations management. environmental risks. and ethics. which managers and risk managers can take into consideration when determining the best methods for covering potential risks.

Risk managers can also help alleviate losses resulting from mergers. natural disasters or economic downturns). Moreover. Hence. risk managers became a more integral part of company merger and acquisition teams.. and hence they help prevent losses from fluctuations in a currency's value. Business managers need to be aware of the various risks involved in electronic communication and commerce and include Internet security among their risk management activities. even when a company experiences unforeseen losses from circumstances it cannot control (e. . Finally. loss history. communicating with employees. these non-traditional policies ensure profits for companies doing business in international policies provide coverage of financial risks associated with corporate profits and currency fluctuation. but also exposed them to new security risks and liability issues. risk managers have been called upon to help businesses manage the risks associated with increased reliance on the Internet. these policies in effect guarantee a minimum level of profits.g. On the buying side. insurance policies. Stemming from the wave of mergers in the 1990s. and other areas that indicate a company's potential risks. risk managers examine a selling company's expenditures. Both parties in these transactions rely on risk management services to determine and control or prevent risks. The importance of online business activities in maintaining relationships with customers and suppliers. Risk managers also suggest methods for preventing or controlling the risks they find. and advertising products and services has offered companies many advantages.

which will affect capital and solvency positions for some time to come. While our central scenario is one of steady recovery. but we’re not necessarily out of the woods yet. Because although the economic environment is more benign than this time last year. But this is only half of the story. And even though we are now recovering.KEY RISK FACED BY INSURANCE SECTOR GLOBALLY Capital and solvency The first risks I want to highlight today relate to capital and solvency. the macroeconomic changes affected insurers in different ways. The most marked difference being between the impact on the life sector. where reserve releases continued to support results. I joined the FSA in July. As we travelled down the curve. where capital levels came under pressure and the non-life sector. and since then the FTSE has risen by about 34% and bond spreads are making their way back to pre-crisis levels. . This has eased the immediate pressure. there is still uncertainty around the shape and pace of that recovery. there are still many short and longer-term prudential risks facing firms in this sector. this economic crisis has left behind a hangover for both parts of the sector. cushioning the impact of investment and underwriting losses.

As Jon mentioned earlier. In other words – annuity providers and with-profits firms. And while not related to economic conditions. Under Solvency II. So a key priority is to pay careful attention to capital management and planning. some of these firms may find it difficult to take actions to further conserve or raise additional capital. And what might that look like? Firstly. the greatest challenges have been for those most exposed to falls in asset values. when combined with the regulatory developments coming this way in the next few years. many UK businesses will find it difficult to ever return to the levels of income and profitability enjoyed before the crisis. widening bond spreads and low interest rates. without a change in firms’ strategies and plans. with a particular focus on the risk of a further downturn in the economy. in the event of a further economic decline. Although most . it is also important that annuity providers continue to keep pace with changes in life expectancy. Annuity providers in particular remain exposed to renewed widening of bond spreads. The recent industry/CEIOPS joint task-force report on this thorny question suggests it should be possible to find prudentially sound approaches to incorporating an allowance for illiquidity into the Solvency II framework. regular and on-going stress testing is an important part of planning ahead. Secondly. it’s about monitoring your solvency position.As Jon Pain highlighted in his earlier speech. a key issue is the extent to which annuity writers are able to reflect the illiquid nature of their liabilities in their valuation. The report is a positive step and gives the European Commission a good basis on which to put forward proposals that will ensure future retirees receive a fair deal. Life insurers In the life sector. and ensure they are appropriately matched by duration. I will return to this longer term picture later. Although some of these pressures have now eased. you need to exercise care in the valuation of assets and liabilities. Conditions can change very quickly and being slow to realise what’s happening and slow to respond could make a big difference to both the capital conserving options available and the opportunity cost – to shareholders and policyholders – of taking those actions.

This happens for a number of reasons: • Increases in fraudulent claims by policyholders in financial difficulties. . how are you going to take account of the changes to the trading environment in making future decisions on reserving. Given that pricing decisions rely on backward-looking data. Capital management and capital planning are key to restoring the sector’s strength and for preparation to withstand any further economic shocks. Thirdly. or • Decisions by commercial customers to self-finance fewer insured events. we expect that you will need to continue to do so. particularly in stressed conditions. General insurers The impact of the financial crisis on the general insurance sector was less immediate and less significant. And finally. in raising additional capital. and we do not want to see this replayed across the sector. with increases in the number. an economic downturn also tends to have an impact on people’s propensity to claim. So for the life sector as a whole. Firstly.have already strengthened assumptions in this area. prudential challenges continue to loom large for 2010. insurers considering innovative ways of leveraging capital need to ensure that there is genuine risk transfer and that Mergers and Acquisitions (M&A) transactions financed through debt don’t diminish the overall quality of capital. the long-term structural changes to the economy arising from the financial crisis may fundamentally alter the characteristics of risks insured by the industry. but the prolonged recession and the slow and uncertain recovery have increased the prudential risks in this sector. pricing and underwriting? Secondly. guarantees and options must be appropriately valued and your stress and scenario testing needs to show to what extent they remain affordable as economic conditions change. from business interruption to product and employers’ liability. • An increase in social crime leading to higher claims on property-related insurance. Pressure on corporate clients to drive down costs and squeeze out margins could increase their risks. size and type of claims. We’ve already seen examples in some insurers and intermediaries of how leveraged transactions have put pressure on cash flows. which could in turn lead to a pick-up in insurance claims across commercial lines.

they should ensure they are monitoring trends and building this into decisions on reserving. further sizeable movements in exchange rates remain a risk to profitability and capital. will require firms to focus more on underwriting for profit. A more limited scope for reserve releasing. firms should not be waiting for these to be resolved. the third risk I want to highlight is the re-emerging issue of reserving adequacy. In this context then. together with additional and more frequent reporting. The requirements for delivering and demonstrating the standards of risk management and governance will be challenging. Any loss of pricing discipline in this kind of environment could quickly eat into capital. and firms need to be vigilant against the temptation to under-price new business to remain competitive. and especially so for groups that operate in multiple countries. Any firm with a significant currency mis-match either on its balance sheet or its P&L must continue to be prepared for the possibility of major shifts in either direction – especially given the uncertain macroeconomic conditions. but this is likely to be unsustainable in the claims environment I’ve just described coupled with lower investment returns and competitive pressures on price. There are bigger risks associated with inadequate engagement than with managing through the uncertainty. Although there are some material technical issues that are not yet finalised. As Jon mentioned. And finally. Solvency II will radically alter the capital adequacy regime for the European insurance industry. the single biggest prudential challenge for all firms in the insurance sector is Solvency II.Firms should take care not to underplay this risk. some significant hangover effects remain. combined with lower investment returns across the asset classes. as important as all these prudential risks are. So while the journey into recession was less risky for the General Insurance (GI) sector. Solvency II will require greater disclosure and transparency. Solvency II But of course. Recent years have seen record reserve releases. . The Individual Capital Adequacy Standards regime in the UK is a strong foundation on which to make the transition to Solvency II. but the new directive goes much further.

In the current environment increased risks abound: servicing debt or interest payments. pose a real challenge to the future viability of this business model. but one we are now more concerned about given the continuing challenges in the economic environment. There is a risk that some firms in this sector don’t have a realistic assessment of the amount of financial resources required to run their business and that as a result some firms are not meeting our threshold condition requirements. Another source of risk in this sector. the financial crisis and the following recession appear to have reduced consumer demand for insurance products. is the reliance of the broker business model on growth through acquisitions financed through debt. This is a chance for us to discuss and debate what material challenges remain and what the FSA and you can do to ensure we manage this risk. We published a Dear CEO letter about this risk last month and later today it will be the subject of a panel discussion. So although people are saving more. the savings rate is up from -0. In the life sector. Across many parts of the life sector. which is also exacerbated by market conditions. there is not much evidence that savings are flowing into the insurance sector. Insurance intermediaries My final comments on risks to capital and solvency concern intermediaries operating in the insurance markets.7% at the start of 2008 to 8. because after the coffee break there is a panel session on how far the UK has come in preparing for Solvency II and how much there is still left to do. This is an ongoing issue in this sector.That’s all I want to say on Solvency II for now.6% at the end of Q3 last year. and goodwill write-downs. Consumers The second set of risks I want to highlight today are to do with consumers. the availability and cost of refinancing maturing debt. At the same time. In the non-life sector there is also evidence to show consumers are becoming more willing to drop incidental or non-compulsory insurance cover in order to save . UK new business levels were down for the major groups in 2009 and cash outflows from the existing book continue to exceed new inflows.

make for extremely challenging times at the moment. they give rise to a significant question over the sustainability of certain business models. Never is a discussion on risk complete without a section on regulatory risk. and European Commission proposals on packaged retail investment products. On this occasion. Potentially leading to changes in consumer behaviour and preferences. you’re also on the receiving end of intensive supervision. not least in terms of the kind of stress testing we expect of you. which means a number of changes. The agents of change are the 2012 trio of RDR. As Jon outlined this morning. ABI data from research carried out in June 2009 suggested that 22% of consumers surveyed had stopped taking out home contents insurance and 17% had stopped taking out buildings insurance. And it doesn’t end there. a tougher taxation environment also appears inevitable. And whichever political party wins the day. And for intermediaries competing for commercial business. Oh and there’s always the small matter of a potential change in government. pension reform under the guise of the government’s National Employment Savings Trust (NEST) and Solvency II – you could be forgiven for thinking the Mayan ‘end of an era’ predictions were made in relation to the UK life sector rather than the ending of an astrological cycle. With a significant number of policy initiatives converging in 2012 – the Retail Distribution Review (RDR).money. a review of the Insurance Mediation Directive. But for the life sector in particular. but these risks are particularly relevant today. which may bring with it a change in the UK’s regulatory approach. Solvency II invites a much closer relationship between the kind of business a firm does and . You don’t need me to tell you that the combination of all of these changes and all this uncertainty. together with the uncertainty in the macroeconomic outlook. NEST and Solvency II. Both the RDR and NEST will change the deal between consumers and the industry. 2012 and beyond The final risks I want to mention today are those associated with the level of change and uncertainty in the regulatory environment. last is most definitely not least. the drop in economic activity in areas like construction and shipping has left the same number of firms chasing less business. You can also look forward to taxation changes necessitated by Solvency II. and changes in the kinds of products and markets attractive to firms.

how much capital it holds. ENTERPRISE RISK MANGEMENT FOR INSURANCE COMPANY Risk in Non-life Insurance Underwriting Introduction This chapter addresses the risks inherent in non-life underwriting from the perspective of the Risk Officer. and ensuring adequate data for quantifying risk accumulations and measuring diversification. We’ll be doing some analysis of our own of what the world might look like for the life sector in 2012 and beyond. Risks in Underwriting Individual accounts A non-life insurance company is in the business of assuming risk from individuals and businesses. ensuring an adequate underwriting infrastructure to measure and manage exposures. If not. And if you’ve chosen to attend ‘The future of life insurance’ panel after lunch you will have the chance to share your views on the issue. Minimizing unintended underwriting risk and the risk to the enterprise from unintended risk accumulations is generally a . It covers risk issues such as mitigating unintended concentrations. in some cases. And this will lead. to certain types of business being more expensive to write than under the existing regime. evaluating correlations between risks. you’ll need to undertake regular and challenging reassessments of your strategy and the adequacy of your resources to deliver that strategy. Each of these initiatives has very good reasons for being and presents a wealth of opportunity as well as risk. In order to rise to these challenges and keep your business viable. re-evaluate. But of course it is the risks that I am focused on today. Ask yourself if your strategy remains fit for purpose among all this change. The underwriting process itself is not addressed as that subject is amply covered in underwriting texts. Underwriting is the discipline of understanding and evaluating which risks to intentionally assume.

and clash risks. statutes. meet any regulatory reporting requirements and have the ability to manage the underwriting of individual accounts to remain within agreed limits on aggregate concentrations. Referral authorities need to be in place. Underwriting authority needs to be granted based on skills and experience and not on managerial hierarchical level. The underwriting function needs to ensure that a robust infrastructure is in place so when individual accounts are underwritten the underwriter has: adequate information on the risk. both disciplines are critical. and so forth. In cases where risks are correlated with one another. Concentration risk arises in multiple forms and is the area where RM generally has the greatest involvement. regulations. . and to ensure that customers are treated fairly. stacking risk. Concentration risk arises from systemic risks. By this we mean that the likelihood of a claim occurring is not impacted by the fact that another claim has occurred. Concentration Risk from Insurance Activities The insurance and reinsurance mechanisms work most effectively when dealing with risks that are not correlated with one another. An underwriting infrastructure also needs to be in place to allow for the meaningful capture of data on the risks underwritten. filings and so forth are rigorously followed. terrorism funding. forms and similar measures is intended to reduce the opportunity for money laundering. the (re)insurer must be cognizant of potential concentration risk. This is necessary to monitor concentrations. the skills and experience required to analyse the risk. and the ability and incentive to design coverage and price the account properly. The underwriting infrastructure also needs to provide training and oversight such that applicable laws.responsibility shared between Underwriting and Risk Management (“RM”). A particular form of systemic risk comes from natural and man-made catastrophic exposure. as well as effective auditing to ensure compliance with delegated authorities. in order to minimize opportunities for “rogue” activities. Adherence to filed rates. such that the exposures can be reasonably known and understood.

Monitoring and managing risk accumulations requires detailed data (see below). Exposure to systemic risk arises from both natural and man-made catastrophic events.. the likely effectiveness of coverage restrictions in policy wordings. workers compensation). which lines of business might be exposed to loss (i.Systemic risk is the accumulation of losses triggered by a single event or cause. lines of business and policy years. affecting one or more industry segments rather than a single risk. together with an effective name clearance system and an agreed exposure limit are the keys for Underwriting and RM in managing these exposures. Stacking refers to the accumulation of net (after reinsurance) retentions within the same line of business on the same insured. Here the risk arises. Stacking is another aspect of concentration risk. RM and Underwriting need to ensure processes are in place to identify similar potential risks and to monitor and effectively control accumulations. . the probability of different economic risk outcomes and the aggregate limit to expose the enterprise. Underwriting and RM need to determine the economic risks. products liability. Critical from a RM perspective is the ability to monitor accumulations across lines of business and locations and to intervene when aggregate limit boundaries are breached. models and an underwriting infrastructure that spans all lines of business and all business units that write policies in potentially exposed locations. Clash is a similar concentration risk that occurs when one or more business units insure more than one line of business for the same policyholder which could be affected by the same claim or incident. Reasonable foresee ability and a large dose of common sense. Asbestos is the classic example of a systemic risk affecting multiple industries and policyholders. Procedures such as a name and location clearance system are typical ways to prevent such an unintended accumulation. The critical element is having the infrastructure to identify unintended accumulations across multiple business units and all lines of business. This could lead to a higher than intended aggregate loss. from multiple business units providing coverage for the same policyholder plus participation in a reinsurance program from a policyholder’s reinsurance captive.e. Mitigation actions might include simply abstaining from additional underwriting commitments (or no renewing existing commitments upon expiry) or purchasing additional treaty or facultative reinsurance for peak exposures. for example. A current risk with potential systemic impact is nanotechnology.

the ERM framework for Lloyd’s includes consideration of specific Realistic Disaster Scenarios as a test of exposures under extraordinary circumstances. radiological “NCBR” e.g. Property damage and business interruption accumulations are typically modelled by using sophisticated commercial modelling tools (RMS. RM needs to be comfortable that processes are in place and effective to identify peak property exposures through name and location clearance systems in order to allow for identification of significant exposures to non-property lines of business at the same location. primarily. by their nature. Property and business interruption policies may or may not include coverage for a terrorist act or coverage for NCBR. a significant . etc. it’s important that data be captured identifying policies with NCBR coverage. From a RM perspective. biological. in addition to considering the results generated from the modelling tools. Very low probability events. marine. a “dirty bomb”). For example. nor be subject to the same modelling capability. employer’s liability. AIR. RM is uniquely positioned in many insurance organizations to consider the interaction of risks from different organizational silos in stress scenarios. As such. like a 1 in 250 year windstorm or earthquake. EQECAT. to a train accident involving toxic chemicals.The concentration risk of natural catastrophes arises primarily from exposure to earthquakes. Further. Man-made catastrophic events can similarly impact all lines of business. This category includes events ranging from terrorism.). and automobile physical damage. floods and windstorms. It is also vital that the same infrastructure and modelling capability for monitoring and managing accumulations noted for natural catastrophes be in place for man-made catastrophic exposures. group life. chemical. Policies covering worker compensation or employers liability. accident and health. may provide coverage for all such events. such as workers compensation. Stress Scenarios Stress scenarios are especially necessary for determining aggregate limit boundaries for natural and man-made catastrophic events and guiding decisions on purchasing reinsurance protections. These exposures may not be coded to location in the same detail as property policies. aircraft used as a missile) and nonconventional (nuclear. Systemic risk also includes additional lines of business. Terrorism exposures are generally divided into two categories: conventional attacks (conventional bomb.

Name clearance systems. retrospective premium adjustments or other credit risk. Data Capture Accurate. Mitigation actions may then involve internal or commercial reinsurance. might lead to losses from a D&O policy. detailed data capture is key to measuring. securities lending. are an . tools to monitor and evaluate peak exposures bridging insurance commitments and financial holdings need to be in place. surety and fiduciary coverage’s. RM needs to be comfortable that underwriting has the processes in place to monitor and manage individual account underwriting across multiple business units.terrorism incident. and/or financial guarantees. and/or similar arrangements to balance the potential exposures and financial stress the organization faces. and exposure as a counterparty to a derivative transaction. From a RM perspective. A significant event. In addition. policyholders and lines of business to stay within agreed risk limits. modelling and managing the risks of unintended exposure accumulations. third-party liability and/or retrospectively rated insurance programs may generate exposure due to large deductibles. plus losses on any debt or equity investments. standby credit. reinsurance recoverable from a captive. reinsurance recoverable. thorough. such as a fraud or severe downturn in profitability. liquidity. relevant. RM needs to ensure that adequate auditing is in place to allow reliance on the data collected. Similarly. Concentration Risk from Credit-Related Exposures Another aspect of concentration risk arises from multiple financial-related exposures to an individual policyholder. as well as assurance that assessments of the creditworthiness of the policyholder are effective and guiding collateral negotiations. Correlations between the various insurance and financial exposures under stress scenarios need to be determined with limits set reflecting both underwriting and credit rating considerations. or a pandemic will require RM to have considered not just the underwriting risk but to have incorporated the potential impact on the investment portfolio. allowing each underwriter participating on a policyholder’s program to see all the commitments to that policyholder. and business continuity both from a holding company and individual subsidiary legal entities level.

Inherent in reinsurance are several risks of concern to the Risk Officer. First and foremost RM must be attentive that the reinsurance purchased is actually providing the appropriate coverage to mitigate the peak risks. In particular. One reason for this was incomplete data capture of insured locations. and Accounting/Tax Risk) and potentially Reputational Risk. RM must also be forward thinking about data capture. but to also think about where the emerging risks are arising and what data is necessary to assess these risks. for each precise location (street address. Experience from many insurers examining losses from Katrina has shown that modelled catastrophic exposures were understated. latitude and longitude) are critical.effective tool in this regard. business interruption coverage and limits. Detailed data capture is especially critical for monitoring property accumulations for catastrophic exposure to both natural and man-made events. as are systems to monitor accumulations by class and line of business. and so forth. Operational Risk (including NonConcurrency (mentioned above) Lack of Contract Certainty. Reinsurance Risk Reinsurance is a widely used and valuable tool for mitigating peak risks on both individual accounts and portfolios. Granular data including the policyholder’s type of business. It is not sufficient to think about capturing data for risks that are current and obvious. Regulatory Risk. underwriters or facultative buyers must be trained to have coverage afforded by the facultative reinsurance be concurrent with the terms of the underlying policy. there needs to be strong communication between underwriting and the reinsurance buying function to ensure that underwriters are aware of the provisions of the reinsurance treaties being purchased. Risk needs to be comfortable that data capture is complete and audited as necessary for the modelled accumulations to be meaningful. These include: Credit Risk. The insurance enterprise is exposed to various risks when purchasing reinsurance. In this regard. number of employees. awareness of exclusions or special acceptance criteria is vital. construction type and age. . values insured. On the facultative side.

Reinsurance may be purchased locally on a facultative basis by underwriters for individual accounts with peak exposures and also in multiple business offices on a portfolio. policyholders may have captive insurers or reinsurers involved in their risk management program. Reinsurance transactions need to have risk transfer characteristics in totality support insurance/reinsurance accounting (to be included in financial results as reinsurance) and these characteristics need to be appropriately analysed and documented. Overly complex transactions and certain “circular” transactions can lead to accounting difficulties. or treaty. These include delays in . In particular. For example. training and oversight need to be emphasized and sufficiently robust to ensure that there is a significant degree of risk transfer (underwriting and timing risk). RM needs to ensure that adequate controls are in place so accumulations by reinsurer are monitored with actions taken to mitigate peak exposures. Accounting risk arises as accounting for reinsurance transactions can be complex. The Risk Officer needs to be comfortable that procedures are in place so all such arrangements receive appropriate oversight and monitoring. This operational risk is one on which the Risk Officer’s organization must focus. ensuring that appropriate controls are in place to mitigate the risk. With many moving parts. For both commercial reinsurance and captive arrangements. This process generally leads to an “approved list” of acceptable reinsurers and a limit on the aggregate credit exposure to an individual reinsurer which is linked to its credit rating. no side agreements. it becomes difficult to assess the true nature of the transactions and to record all of the necessary accounting entries in an accurate and timely manner. verbal or written. any fees are reasonable. the financial records of both parties reflect the transaction the same way.Credit risk has numerous aspects which must be managed. including any written or verbal side agreements Also of concern is ensuring that reinsurance transactions are not structured to obfuscate the true financial results of the company. basis. The starting point is the assessment of the credit worthiness of the reinsurer. and similar measures. a reinsurer and/or a retrocession ire. Sometimes the structure of these transaction becomes extremely complicated with the captive being the insurer. Facultative reinsurance purchased locally to protect individual policies and treaty reinsurance has significant measures of operational risk. the accounting must consider all aspects of the agreement.

the bondholder will not receive all or any of their principle at maturity. this demand has led to increased utilization of alternative risk transfer mechanisms to supplement the traditional reinsurance markets. one based on the industry loss or the modelled loss from an event. hedge funds and so-called “sidecars” have grown in popularity. The SPV. Risks with these . develops its capitalization through the issuance of bonds to investors. more typically. includes basis risk the Risk Officer needs to evaluate. For example. That is. In particular catastrophe bonds. These facilities provide much needed fully collateralized capacity to insurers and reinsurers but may include basis risk which must be included in risk capital determinations. industry loss warranty protections. Alternative Risk Transfer Large natural catastrophe losses in 2004 and 2005 and enhancements to catastrophe accumulation models have increased the demand for reinsurance and retrocessional protections. These reinsurers provide reinsurance on a fully collateralized basis. Industry loss warranty protections are structured similarly but the protection triggers are typically based on relatively narrowly defined risks and regions and a resulting aggregate industry loss. In the event the reinsurance is triggered. indemnity reinsurance coverage based on the insurer’s ultimate net loss. it is possible that the buyer could have a loss to which the coverage does not respond. This is done through traditional. meaning that the full limit of the reinsurance is collateralized at the inception of the contract. while more attractive to the investor in the catastrophe bonds as the investor doesn’t have to underwrite the individual company. The parametric coverage approach. a recovery is determined based on a derivative (or parametric) measure of the loss. Industry loss warranties are attractive to investors for simplicity but include considerable basis risk for the insurer which needs to be evaluated. The Risk Officer needs to ensure that the operational risk measures developed enterprise-wide extend to the placement of reinsurance. Another alternative source of reinsurance capacity is reinsurance provided by thinly capitalized reinsurers backed by hedge funds.agreeing policy wording and a resulting lack of contract certainty. non-concurrent terms and a simple failure to execute as intended. or. Catastrophe bonds typically involve a special purpose vehicle which provides protection to the insurer/reinsurer. In turn. in turn.

and so forth. data collection and operational risk can be gained through a systematic review of large losses in a collaborative effort between underwriting and RM. concentration monitoring and management. Emerging Risks Emerging risks are exposures which may develop or already exist. lines of business potentially exposed. accumulation potential across lines of business and policy years. Post –Event Large Loss Reviews Insight into the effectiveness of the myriad individual account underwriting processes. RM should consider and be aware that many alternative sources of reinsurance are transacted with capital that may be more opportunistic than traditional reinsurance. pandemics. The SPV has limited capital resources and this limitation acts to cap the quota share coverage provided by the facility. The RM should also be aware that these vehicles typically do not include the reinstatement coverage available in traditional reinsurance. Risks involving emerging technologies or environmental changes require identification. which is the risk that the sidecar cannot meet its reinsurance obligations to the cadent in an extreme event. Examples of such emerging risks would include nanotechnology. changes in weather patterns. RM needs to ensure that Underwriting identifies coverage triggers. may have a high loss potential and are marked by a high degree of uncertainty. . monitoring and mitigation. They are difficult to quantify. This capital may disappear if terms and conditions are not ideal. Finally. risks pertaining to the collateral and failure to satisfy statutory requirements. so-called “side cars” are special purpose reinsurance vehicles similar to those vehicles that facilitate Catastrophe Bonds. assessment. limits.vehicles include operational risks. But insight into adherence to relevant guidelines when the risk was underwritten and the impact the risk has had on the various concentration management measures can provide Underwriting and RM with valuable information. genetically modified foods. Incidents that lead to insured losses happen. That’s why people and companies buy insurance. These vehicles are funded by both debt and equity and typically provide quota share reinsurance to the sponsor (re)insurer. This structure has the potential of “tail risk”.

however. limits exposed and volume in order to minimize required capital through diversification. Hence. . RM generally needs to work closely with Underwriting to judgmentally assess and agree the degree of correlation. Correlated Risk Assessing the degree of correlation between lines of business and for each line to other risk types is a critical requirement. property and business interruption coverage’s may generally be seen as having a very low correlation with casualty coverage’s. Operational risk might be seen as more strongly correlated with property exposures due to the complications with monitoring aggregate catastrophe accumulations and placing facultative reinsurance than casualty exposures. It is necessary to determine risk capital and optimize the mix by line. Potential for a D&O exposure also exists if the explosion was found to be the result of management negligence. reinsurance costs tend to have different trends. The actual situation is more subtle. designing actions to contain unintended accumulations and monitoring that risk measures are effectively in place. Relevant experience may well be very limited for analysing correlations. An incident causing a loss may not typically affect both coverage’s. surety. one would expect a higher degree of correlation between D&O exposure. Mitigation actions need to be agreed with Underwriting regarding coverage. reinsurance protection and monitoring of potential accumulations. financial guarantees and the investment portfolio under stress scenarios. RM is a key driver in determining the importance of identifying emerging risks. especially as respects individual subsidiary legal entities. exposure to inflation in loss costs in future years is far less in property. limit and volume restrictions. and so forth. healthcare and legal arenas.reinsurance applicability and monitors developments broadly in the insurance. As an example. especially at the critical stress levels most important to risk capital determinations. for the more extreme scenarios. A large factory explosion may lead to losses to policies that protect workers and to liability if neighbouring buildings are damaged. Similarly. RM and Underwriting need to ensure that adequate consideration is given to stress scenarios intended to mirror the probabilities and correlations underlying the risk capital calculations.

particularly during times when marketplace pricing is less than the actuarial price. terms and conditions will deviate from the actuarial price based on marketplace conditions. Theoretically.Risks in the Underwriting “Cycle” Price levels in non-life insurance tend to move in multi-year cycles as the result of varying levels of industry capital. . competition and similar considerations (see diagram below). terms and conditions are monitored and that loss reserves and current financial results reflect deviations from actuarial pricing. economic outlook. Increased risk results from a failure to systematically measure deviations from the actuarial price and to fully recognize such deviations in current financial results. Actual prices. Risk capital is required for uncertainty in this measurement due to the increased risk of understated loss reserves and added volatility as a consequence. an actuarially correct price for each account can be consistently determined based on desired ROE and anticipated loss trends. RM needs special attention that actual pricing.

As a result. both insurance and banking will play a critical role along with the stock market.Where Will The Indian Insurance Market Be In 2020? Vision 2020 identified the following factors as the engines of economic growth in India: Rising education level. contain a paragraph about a particular area of insurance: health insurance. availability of information. rates of technological innovation. On the other hand. Vision 2020 document mentions “insurance” eight times in the 108 pages. There are two critical Ingredients needed. however. and globalization. “Health insurance can play an invaluable role in improving the overall health care system. This document does. The insurable population in India has been assessed at 250 million and this number will increase rapidly in the coming . cheaper and faster communication. It makes no mention of the financial sector. 1998). First. there has to be a well-defined legal environment. Economic growth does not take place in vacuum. it also Has a huge impact on economic growth (see La Porta et al.. there has to be a well-functioning financial market (see Sinha. Legal framework has big impact on the development of the financial sector. 2001). it mentions banking only once! Given that services sector will become the largest in India. Second.

we will simply multiply the current premium volume figure four-fold. evidence from other countries show that rising income below certain threshold has a nonlinear impact on insurance demand (the so-called S curve of insurance demand). So. private pension is its infancy in India. Growth in income also helps the insurance business to grow. If it rises to 6%. 2003. It will not remain so in the coming decades. This should be supplemented by innovative insurance products and programmes by panchayats with reinsurance backup by companies and government to extend coverage to much larger sections of the population. But. we are assuming that in 2020. In such a case. this could easily add another USD 30 to 40 billion by 2020. Thus. This will raise the premium volume to USD 135 to USD 160 region by 2020. So is the pension market. In that case. let us follow an extremely conservative projection: insurance demand goes exactly in line with income. increased longevity and aging population will also spur growth in health and pension segments. Let us conduct the following thought experiment using Table 1 for getting an idea of where the Indian market might be in 2020. If the penetration rises to 5% (more plausible if we believe in the S curve). At present. the penetration of insurance (premium/GDP) stays exactly the same as in 2002. Given that Indians are already spending 5% of their income out of pocket for health care. In Sigma 8/2003. In addition.2% for India (the figure for 2002) in 2020. it is easy to see why this is an easy pick. First.” (Planning Commission. In this case. Of course. Indians spend close to 5% of their income Out of pocket for health related issues. At present. such figures are available for 2002 for India. the premium volume will be USD 67 billion. even in the face of rising income. Financial deregulation always speeds up the development of the insurance sector.two decades. This thought experiment above does not even address the two future potential growth drivers: private pensions and health insurance. then the premium volume would rise to USD 121 billion. The insurance business is at a critical stage in India. health insurance is not being discussed much. . page 55). Over the next two decades we are likely to witness high growth in the insurance sector for three reasons. then the premium volume will rise to USD 105 billion. insurance penetration is not likely to stay at 3.

An organization should have a risk management strategy because: • People are now more likely to sue. • People are more aware of the level of service to expect. Risk management also addresses many risks that are not insurable. A thorough and thoughtful risk management plan is the commitment to prevent harm. • Courts are often sympathetic to injured claimants and give them the benefit of the doubt. however. • Organizations are being held liable for the actions of their employees/volunteers. Few organizations have the reserves or funds necessary to take on the risk themselves and pay the total costs following a loss. and the recourse they can take if they have been wronged. Purchasing insurance. . • Organizations and individuals are held to very high standards of care. including brand integrity. potential loss of tax-exempt status for volunteer groups. public goodwill and continuing donor support.Conclusion Insurance is a valuable risk-financing tool. Taking the steps to reduce injuries could help in defending against a claim. is not risk management. • Organizations are perceived as having a lot of assets and/or high insurance policy limits.