[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries
.

ERM: An appetite for risk

General insurers operate in a market characterised by high-transaction volumes of sales, customer service activity and claim incidents. Underlying this are longer-term trends in the external business environment, emerging risks and opportunities accompanied by sharp discontinuities and step changes.

Risk appetite can engender increased rigour, internal consistency and constructive debate about how the insurer pursues its business objectives and evaluates strategic alternatives in the market and the broader environment.

There is a wide diversity of views on what risk appetite really means and how it should be implemented. The Risk Appetite Working Party has been grappling with this important issue over the past year and has come to some conclusions on risk appetite for general insurance undertakings. The findings were the subject of our paper and workshop for the GIRO 2011 conference.

There is no single, universally accepted definition of risk appetite or prescribed path to develop a concept of risk appetite and embed it within an enterprise. Risk appetite can be broadly expressed as the degree of risk that a business is willing to accept in pursuit of its objectives. It is widely recognised that risk appetite has multiple dimensions and many metrics, rather than a single deterministic value - otherwise, stochastic dominance could be used to decide which risks are acceptable and which should be avoided.

Risk appetite is a relatively new concept within ERM. Although sometimes discussed in the context of risk tolerance and/or risk threshold, risk appetite is a much more complex concept. Whereas risk tolerance and risk threshold imply that risk has only a negative or painful aspect and has financial limits, risk appetite recognises that risk includes upside risks as well as downside risks and so risk appetite decisions involve more than trying to quantify downside risk potential.

Risk and opportunity management
Considering risk appetite as a matrix of risk and opportunity and plotting the firm's efficient risk frontier are both useful concepts to start to develop a coherent and internally consistent exposition of risk appetite that recognises ‘upside' and ‘downside' risk.

In Figure 1, the major risks may need to be terminated, avoided or transferred out to another company, other risks can convert to potential opportunities where migrated to an outsourcer or to another corporate ‘parent' who can add more value. Opportunities may be of major value to the company, considered of negligible value or may contain a latent major risk.

Figure 1

The company can also try to map its risk efficient frontier or ‘boundary line' using a risk heat matrix. The positioning of major ‘risks' - or, conversely, opportunities - indicates where they lie individually and the positioning of inter-related risks.

In Figure 2 below, risk ‘R1' exceeds the risk tolerance of the organisation and should be terminated, avoided or transferred out to another company. ‘R2' is in the moderate danger zone - therefore, action plans are required to validate the risk positioning and, if necessary, take action as per ‘R1'. As ‘R5' lies within the acceptable zone, the region in which there is an acceptable balance to the enterprise between risk and reward. But ‘R6' is too simple for the enterprise and should be transferred out to another corporate ‘parent' that can add more value.

Figure 2

 

Multiple dimensions of risk appetite
Risk appetite is articulated using multiple dimensions, multiple sets of financial data, quantitative and qualitative data sources. These dimensions will include, for example:

• Capital. The level of capital in excess of the desired ‘minimum' target and the accessibility and cost of new capital, particularly in a post-loss scenario. When considering aversion to losing capital, it is useful to consider survivability (including measures used by regulators and rating agencies) and sustainability (including a defined buffer above the survivability measure)

• Earnings. Unforeseen financial outcomes can lead to a lack of investor confidence, thereby damaging the enterprise value of an organisation. For publicly traded companies the ultimate measure is the difference between the market and book value. For private and mutual companies - or risk pools/funds - the position is less clear. It is possible to define 'earnings' volatility measures using an Internal Model but this can be slightly arbitrary. Careful interpretation is required with reference to more qualitative factors

• Market size. Market size will often limit a company's risk appetite below the levels implied by overall capital and earnings factors. It may be possible to prescribe certain internal model criteria that are influenced by market size although this issue is not measurable via a model

• Risk confidence. Uncertainty over how a risk may behave will suggest caution for example, when considering risk retentions, especially for volatile lines of business or new products/classes. Underwriters' expertise and credibility will affect risk appetite.

Making risk decisions
There are associated concepts, such as ‘risk tolerance', ‘risk-bearing capacity', ‘risk strategy' and ‘risk limits' that can help the insurer apply and mediate its risk appetite to practical risk decisions.

Risk tolerance is distinct from risk appetite as it may exceed the level of downside risk the company was expecting to take. It can encompass not only desirable risks, but also risks that, while not desirable or sought, would be acceptable under some scenarios. In respect of the potential downside risks, it is a broader concept than risk appetite and is generally concerned with those deviations from the risk appetite that, while unplanned, can be tolerated.

Risk-bearing capacity represents the maximum level of downside risk that is acceptable. Risk strategy represents the type, source, size and time horizon of risks and helps to determine the risk-response strategies, while risk limits provide a more detailed practical articulation that can be implemented - for example, limits on levels of underwriting, outwards reinsurance and operational risk.

The risks faced by different organisations may differ in type and complexity and also from their ability to mobilise risk appetite when making risk decisions. Enterprise size is likely to be a significant factor that will affect how effectively an organisation can deploy risk appetite...

Relatively small enterprises

Strengths and opportunities

• Small, so able to respond quickly to change and unexpected events

• Easier to ensure everyone in the enterprise is aligned with the corporate culture and its shared vision

• Risks and issues may surface more quickly in a smaller company

• Fewer stakeholders and easier to determine the genuine level of risk sought/tolerated

• May be less geographically dispersed

• Less time and cost to implement control structures and authorisation limits


Weaknesses and threats

• Lack of risk and technical expertise and so may desire modelled quantities to exceed set thresholds, but lack modelling capability

• If a company is growing or changing rapidly, can the tolerance and its articulation keep pace?

• Reluctance to formalise and apply risk appetite with rigour

• Disproportionate risk from inappropriate risk appetite

• Potentially more regulatory oversight on smaller start-ups

• Cost of conforming to risk appetite statement requirements designed more for larger firms (for example, Solvency II)

• Potential lack of genuine peer review or challenge, or over-dominance of unrepresentative, small groups

• Less onerous regulation could hide genuine risk levels

• May lack formal warning processes if exceed tolerances


Relatively large enterprises


Strengths and opportunities

• Critical mass and budget to attract and retain high quality risk and technical expertise

• May have reached a stable size so less of a moving target in implementing risk measures

• May have more buy-in/appreciation of formalised, clearly articulated risk appetite

• May be able to absorb risks better

• Potential for greater influence on regulators

• Regulatory requirements better aligned with situation of larger firms under Solvency II

• Board and stakeholder structures facilitate debate on risk appetite and channel dissent

• Disclosure requirements and practices may increase transparency of genuine risk levels


Weaknesses and threats

• Easy for the left hand not to know what the right hand is doing

• Difficult to disseminate a risk appetite or risk appetite statement to lower levels in a multi-layered structure

• Larger firms may be less fleet of foot to change and unexpected events

• Warning signs can take longer to surface

• Stakeholders (for example, large board, shareholders) may be hard to canvas and reconcile their risk appetites

• Perhaps more geographically dispersed

• More complex strategic human resources challenges (for example, link between remuneration and adherence to risk practices).


Risk appetite disclosure

Risk appetite disclosure is an important subject for general insurance undertakings and has been the subject of much attention by Boards and senior management teams. There was clearly a diversity of views on what should be disclosed externally, both via statutory accounts and announcements by boards and CEOs, CFOs and CROs in the public domain information in respect of the 20 leading general insurance undertakings that have been reviewed by the working party.

There was no generally accepted definition of the terms ‘risk appetite' and ‘risk tolerance'; rather a diversity of views on the appropriate definitions. Risk appetite is sometimes articulated as an expression of the level of risk that a general insurance undertaking is prepared to accept in pursuit of strategic objectives and to give a context for its risk and capital management policy

Risk appetite has both quantitative and qualitative risk metrics. Some general insurance undertakings appeared to give more weight to the qualitative risk assessments rather than to quantitative metrics based on their internal and/or partial risk models

Some general insurance undertakings prefer to comment on their strategic management objectives, their ‘risk strategy' and their ‘risk limits', rather than to define or articulate their ‘risk appetite'. For some organisations, it is more important to ensure an appropriate balance between business opportunities and the risks incurred

Risk appetite is discussed as one component of an ERM framework, but it is not discussed in isolation. In other cases, risk appetite is not articulated and discussion concentrates upon risk management. Other general insurance undertakings discuss risk management at a high level and discuss their ‘risk strategy', ‘economic capital' or focus upon risk tolerance to risk decisions.

Making it real and understood
The risk appetite statement should mobilise and help the organisation to deploy risk appetite to enhance decision making. It needs to be clearly articulated and coherent, as well as being designed with reference to the processes for its implementation and governance.

Risk appetite is an important link between an organisation's strategic intent and its record of achievement. The articulation or statement of risk appetite must be as tangible and practical as possible. It is likely that there will be debate within the company about whether the risk appetite framework, its practical implementation and governance should be ‘top down' or ‘bottom up' in its focus, or try to blend elements of both perspectives.

Finally, while the granularity and realism of a bottom-up view may add to credibility, there is a need for an enterprise-wide view. Although a diversity of views will exist on risk appetite, management will need to find unity in diversity and then communicate effectively.

George OrrosGeorge Orros is an independent actuarial and general management consultant, and chair of the Risk Appetite Working Party