The Convergence Of Regulation & Risk Management!
Risk-Based Supervision For Insurers
What is risk-based supervision? Riskbased supervision involves the regulatory authorities focusing on those aspects of the financial system which pose the greatest risk to its stability. The risk profile and the assessment of risk management are used to guide the level and nature of supervisory activity directed towards that insurer. By focusing on risk (which may be external to the individual insurer) such supervision could help regulators detect potential risks which more traditional methodologies might overlook.
“New facts, collected in old ways under the guidance of old theories, rarely lead to any substantial revision of thought. Facts do not ‘speak for themselves’, they are read in the light of theory’. —Stephen Jay Gould (Ever
Since Darwin, 1977)
'Risk-based' approaches to regulation are premised on the beguilingly simple idea that regulation cannot, and indeed, should not, aim to eliminate all potential harms, or – to put it more generally – 'adverse' regulatory outcomes. In an adaption of Paracelsus' maxim – the likely dose makes the poison – 'risk-based' approaches to regulation take into account the probability as well as the impact of potential adverse regulatory outcomes. A risk-based supervision with more focus on solvency requires changed regulations as well as changed methods of supervision. Risk-based approach entails determining the boundary between acceptable and unacceptable adverse outcomes. In addition, it is necessary for insurers to improve the steering and control over business activities and therefore requires supervisors to review the manner in which insurers are identifying and controlling risks. An effective risk-based approach involves identifying and categorising significant activity (defined as a line of business, business unit, or other insurer-wide process) risks and establishing reasonable controls based on risks identified. Application of a reasoned and well-articulated riskbased approach will justify the determinations of insurers with regard to managing significant activity risks and allow them to exercise reasonable business judgement with respect to their activities.
Risk-based supervision involves the regulatory authorities focusing on those aspects of the financial system which pose the greatest risk to its stability.
Adopting a risk-based approach implies the adoption of a risk management process, which encompasses recognising the existence of the risk(s), undertaking an assessment of the risk(s) and developing strategies to manage and mitigate the identified risks. Every insurer faces a different exposure to each of the risks described below, depending on its business activities. Credit Risk – results from financial transactions with a counter-party including debtors, brokers, policyholders or reinsurers. • Credit risk stems from the possibility that receivables may remain unpaid, in particular those due from reinsurers (more significantly with respect to amounts ceded to reinsurers under various contracts of reinsurance).
However, an insurer has potential credit exposure on the primary side from the time a contract is initiated up to final settlement by the insured or the agent/broker. Insurers have expended considerable efforts in managing credit risk related to their investment portfolios through the prudential standards although credit risk is present mainly in the extensive bond portfolios. Market Risk – arises from changes in market rates or prices. Interest rate risk arises from movements in interest rates. Exposure to this risk primarily results from timing differences in the re-pricing of assets and liabilities, both on- and off-balance sheet, as they either mature or are contractually re-priced. Foreign exchange risk arises from movements in foreign exchange rates. Exposure to this risk mainly occurs during a period in which the insurer has an open position, both on- and offbalance sheet. Market risk also arises from the interest rate used in discounting the expected future claims obligations of the insurer. Product Design and Pricing Risk – arises from the exposure to financial loss from transacting insurance and/or annuity business where costs and
The risk profile and the assessment of risk management are used to guide the level and nature of supervisory activity directed towards that insurer.
liabilities assumed in respect of a product line exceed the expectation in pricing the product line. Product Design and Pricing Risk or Underwriting and Liability Risk – also defined as the underwriting risk, encompasses risks related to the pricing of products (premiums) and the setting of adequate technical provisions to cover claims. Operational Risk – results from deficiencies or breakdowns in internal controls or processes, technology failures, human errors or dishonesty and natural catastrophes. The following provides a picture of the level of operational risk: Growth, Consolidation, or De Novo – If anything should set off operational risk alarm bells, it's this one. That's because in a rapidly
growing, consolidating, or new insurer, every component of operations is in a state of flux. People, policies, information systems, even facilities, may change rapidly often with little or no knowledge of what things will be like on the other side. Information Systems – Often considered the backbone of operations, computer hardware and software systems play a large role in any insurer's operational risk profile. Personnel: Turnover, Training, and Morale – If key senior management or operations positions are vacant or held by unqualified individuals, that training is lacking, or that turnover is high, operational risk is considered high. Transaction Volume and Complexity – When volume is high, such as in a personal lines insurance company that handles a large volume of small dollar transactions, complexity can be low. Complexity refers to transactions that require multiple hand-offs, supported by different systems, or requiring highly-trained personnel. New Products/Services – If an insurer is on the cutting edge of offering new products or services, the corresponding management expertise to offset the new and different types of risk should be reviewed carefully. Ripple Effects – If an operational disruption spilled over to other insurers or major customers, this component would be considered high. This is where operational risk dovetails with reputational and legal risks. Facilities/Geographic Dispersion – A higher level of inherent operational risk would be reflected in a greater than average number of facilities or where the locations are widely dispersed. The greater number and dispersion of facilities increases the likelihood of errors and loss of data in the transfer from branch to back-office. Electronic Delivery – A high level of inherent operational risk would be associated with a fully transactional Internet site because it introduces a myriad of security and compliance challenges. Liquidity Risk – The amount of liquidity required depends on the insurer’s ability to forecast demand and its access to outside sources, particularly in a stressed situation. Contingency plans and stress testing are important mechanisms to help prepare
Application of a reasoned and well-articulated riskbased approach will justify the determinations of insurers with regard to managing significant activity risks and allow them to exercise reasonable business judgement with respect to their activities.
for the increased demands for liquidity that can arise during stressful periods. These risks can materialise under various circumstances, for example: 1. If present or future payment obligations cannot
be met in full or as of the due date, or 2. If refinancing capital can only be raised at higher rates (refinancing risk) in the case of a liquidity crisis or if assets can only be liquidated below current market price (market liquidity risk). Legal and Regulatory Risk – arises from an insurer’s non-conformance with laws, rules, regulations, prescribed practices, or ethical standards in any jurisdiction in which the insurer operates. Legal Risk – insurance is an extremely litigious industry. The litigation process is often lengthy and costly, with an insurer agreeing or being required to pay claims that it never expected under the terms of its policies. It is difficult to predict how courts will interpret the terms of a contract and the actions of the insurer. Regulatory Risk – arises from the noncompliance of regulations, such as noncompliance with existing regulations respecting marketing practices, failure to have adequate capital reserves to cover risks in market, credit and operating portfolio, failure to provide compliance reports, etc. Strategic Risk – exposes the insurer to financial losses caused by changes in the quality of products, services, operating controls, management supervision, competition, and technology. If these risks are not adequately understood, measured and controlled, they may result in earnings volatility and significant capital pressures. Strategic risk also stems from emerging risk concerns, which require significant improvement to the quality of procedures and controls and to increase accountability and awareness; that appropriate resources will be assigned.
A risk-based supervision approach assesses the probability and severity of the material risks to which insurers are subject; it assesses the effectiveness of the controls in reducing the probability of risk events occurring or the severity if they do occur. It further considers what the insurer has in place to deal with an event occurring even though the controls are in place and are functioning properly. The risk of failure can be approximated as the combination of all the risks (being the product of the probability of an event happening and the severity if that event does happen) less the value of the additional support. Risk assessments are never simply technical and involve levels of qualitative judgement and even bias. Tacit knowledge and expertise remain important in assessing risk, despite increased formalisation in supervisory processes, and this is especially true when it comes to analysing softer inherent risks. Often judgements may be made in a context of uncertainty where some degree of flexibility is required concerning the notion of risk, and where different methodologies need to be employed to assess it. Such vagueness may enable long-established equally applied bureaucratic practices to continue but disguised under the new rubric of risk, further adding to confusion and threatening failure in meeting communicated risk objectives. Mohez Remtulla has extensive finance, reinsurance, risk management and regulatory affairs experience in the insurance/reinsurance sectors, having worked as financial executive for some of the largest reinsurance companies and also for the supervisory authority in Canada. He is a qualified accountant by profession and has accomplished many academic achievements in accounting, finance, reinsurance and risk management. He is currently Chief Executive Officer of Fatimide Associates Inc., providing specialised consulting services to the (re)insurance sector. He can be reached at email@example.com.