[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

ERM: A role for actuaries

The future of risk is like an iceberg. What we see before our naked eyes is only part of the story. In fact, we are most vulnerable to risks we haven’t prepared for. So how do we navigate the risks that lie beyond?

The asbestos premonition
Asbestos liability is a classic example of the impact of claims on the insurance industry, which had not anticipated such costs at the point of underwriting and led to a number of insurer insolvencies. Remarkably, data on harmful health effects of asbestos were reported as early as 1898. Asbestos exclusions were introduced in the US and Canada as early as 1918 but were forgotten in the following years.

What are emerging risks?
An emerging risk is one resulting from a newly identified hazard to which a significant exposure may occur or from an unexpected new or increased significant exposure and/or susceptibility to a known hazard. The term emerging risk is used to describe risks that are poorly understood, but could potentially become significant.

Why manage emerging risks?
The occurrence of emerging risks can, and repeatedly does, overwhelm the community and the insurance industry. The last ten years has witnessed several large-scale emerging risks, such as the 9/11 terrorism attack, a global financial crisis and an eruption of the EyjafjallajÖkull volcano in Iceland, not to mention the SARS pandemic, an Indian ocean tsunami and the clustering of hurricane landfalls in the US. At the time, most of these risks could have been considered as emerging or re-emerging.

On the horizon, new risks are emerging in the shape of regulatory shifts, climate change, inflation, cyber risk, nanotechnologies, ageing leap, pandemics and the incorporation of new technologies. As a key source of risk to reinsurers, emerging risks need to be managed in an enterprise risk management (ERM) framework.

Actuaries are critical to embed the ERM framework and the profession is becoming increasingly experienced in correlation with demand. Left unattended emerging risks can threaten a company’s very existence. Lastly, rating agencies and increasingly regulators are less likely to provide favourable opinions when insurers fail to demonstrate emerging risks management processes.

Risk management cycle
Risks today are primarily assessed reactively based on relatively recent historical data. However, regardless of the methodology used, risks fundamentally require a forward-looking approach. Actuaries and risk managers can effectively integrate emerging risks in the ERM framework by use of the ordinary control cycle, a version of which is displayed in Figure 1.

Establish context
The objective is to establish a forward-looking systematic framework to manage emerging risks that could, at some point in the future, impair the company’s financial strength, competitive position or reputation. To be successful, the framework needs support from management and the corporate board, to be embedded in the organisation’s culture and to be aligned with the company’s objectives. This preliminary step also implies detecting any major organisational issues impeding the management of emerging risks.

Identify emerging risks
A PESTEL analysis may help systematically screen the risk landscape. PESTEL stands for political, economic, social, technological, environmental and legislative. The PESTEL analysis can be extended to include other sub-categories such as health, infrastructures and so on. This analysis illustrates that the identification of emerging risks needs cross-disciplinary inputs and contributions representative of the corporation. In Table 1, a sample list of emerging risks briefly illustrates the steps of the control cycle.

Emerging risks
An assessment of an emerging risk starts with the early detection of facts related to that risk derived from research, observations and monitoring programmes. If the initial assessment indicates that the risk may be of concern, a more thorough assessment has to be done.

The evidence supporting the assessment of an emerging risk should typically be in the form of an early warning system or indicators. Ideally an indicator should be reliable, sensitive, explicit and should provide information on the nature of the hazard, its potential magnitude, velocity, latency, duration and the areas of the company likely to be affected.

Regular reporting on the indicator scan highlight any change in the likelihood of the risk. The early warning system should integrate a blend of qualitative and quantitative information. In addition, risks can occasionally be detected from historical events and analysing how these have evolved over time through interacting factors such as demographic changes.

Unlike other risks, emergent risks tend not to have a track record which can be used to estimate loss size and frequency. It is crucial for awareness of interconnections since scenarios may impact several parts of the company like pandemics affecting earnings, claims volume, business continuity, investment and the economy at large.

Action and prioritisation
The quality of the assessment is crucial in order to prioritise risks and responses. The type of response depends on the nature of the emerging risk and varies from limiting exposure, risk sharing, hedging, product design, exploiting opportunities to actively managing an emerged risk.

First and foremost, companies should avoid informal response plans due to the potential velocity, magnitude and unusual nature of emerging risks, whether identified or not. Preparedness includes identifying and allocating adequate levels of sufficiently skilled resources to monitor emerging risks and recommending responses should the risk emerge. Beyond pre-existing plans, an effective response depends on the ability of all concerned to react flexibly and creatively as the situation unfolds.

Dry runs can proactively identify risk control weaknesses, improve risk impact estimates and support the general risk learning process.

Emerging risks should be routinely monitored through regular updates of the risk register, dynamic assessment and responses. The management of emerging risks will improve over time as the organisation completes the control cycle and experience emerges. However, the management of emerging risks should not become overly bureaucratic or a box ticking exercise.


David has contributed ‘Enterprise Emerging Risk Management’, presented at the 17th General Insurance Seminar organised by the Australian Institute of Actuaries. The paper looks at a framework for managing emerging risks. See www.actuaries.asn.au/Library/Events/GIS2010/GIS10_Paper_White et al..pdf


David Maneval is head of actuarial in Asia Pacific for Aon Benfield Analytics