[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

Risk management: Alchemy of risk

The introduction of risk and principles-based regulation is a welcome development for UK insurers, but has only taken the industry so far. The common use of capital metrics focusing on extreme downside risk has led insurers to transfer risks from their balance sheets through de-risking exercises. So has the industry lost sight of its purpose: to assume risk where management competency exists and, through sound risk management, turn risk into profit?

Risk management is not new to insurance companies. However, insurers’ risk frameworks have not sufficiently encouraged holistic risk management, nor necessarily recognised all of the risks to which insurers are exposed. The quantification of an insurer’s risk-based capital — either through an individual capital assessment, internal economic capital or ratings capital approach — has required management to investigate and understand more thoroughly the risks to which their business is exposed. This, in turn, has allowed management to implement tools and processes that assist with the management of extreme downside risk.

Naturally, insurers wish to realise the full benefits of their investment in sophisticated risk-based modelling techniques. Therefore, the above investigations are often used as the starting point for the definition of insurers’ risk appetite by way of risk exposure limits. These can be better described as capital-driven risk tolerance statements that focus primarily on extreme downside risk.

A risk appetite statement certainly needs to encompass risk tolerance, but how much risk? Critically, it should also incorporate consideration of risk desirability: which risks and why?

Risk tolerance has implications for financial planning and budgeting, capital management, limit setting and risk monitoring and reporting. This should be articulated at multiple levels of confidence corresponding to defined tolerance thresholds, such as profits warning, credit downgrade, dividend cut, crisis refinancing, takeover threat and insolvency.

Risk desirability has implications for strategy selection, such as helping to inform which strategic ‘bets’ are placed in terms of economies, markets, customer segments and the ongoing alignment of risks to risk management competencies or vice versa.

In framing a risk appetite statement, management needs to consider risk tolerance and risk desirability in a manner that helps assess the relative attractiveness or otherwise of each risk position to the firm. This is ideally based around risk to value, with value being defined as, for instance, a proxy for market capitalisation for proprietary firms. This requires risk appetite to be delivered in the context of desired returns, earnings growth rates and market expectations. In addition, it needs to combine shorter-term management and market earnings perspectives with longer-term solvency and ratings capital views.

Crucially, the management information used for this purpose needs to be presented in a format that is both accessible and informative to management, and which allows management to overlay possible future business actions onto this. Below is a simple four-step approach to developing such a risk appetite statement.

Step 1: Stakeholder identification
The first step involves an analysis of external and internal stakeholders and their expectations for the insurer’s risk appetite. External stakeholders include policyholders, regulators, debt holders, rating agencies, analysts and shareholders. On the other hand, internal stakeholders include the board, senior management, employees and pension scheme members.

Regulators’ and rating agencies’ views are typically aligned in broad terms with those of the policyholder. Their focus is on the ability of the insurer to pay claims and service debt commitments in extreme downside scenarios — the policyholder focus is shown in Figure 1, above. Consequently, economic capital metrics and risk-tolerance-based statements are relevant when assessing the attractiveness of each risk position to the firm’s policyholders.

The views of the board, senior management and analysts are typically aligned with those of the shareholders. After fulfilling policyholder commitments and managing financial constraints such as regulatory, economic and rating agency capital, they will be focused on the ability of the insurer to provide an adequate return on the shareholders’ investments and the variability of that return — the shareholder focus is also shown in Figure 1.

Value-management metrics, such as market-consistent embedded values including an allowance for franchise value, and risk tolerance and desirability statements, are relevant when assessing the attractiveness of each risk position to the firm’s shareholders.

These metrics, when used alongside risk tolerance and desirability statements, can allow management to assess the relative attractiveness of each risk position to the firm’s stakeholders. This assessment will involve both top-down and bottom-up analyses.

Step 2: Top-down analysis
The top-down analysis is a high-level view of the firm’s risk appetite. This is derived from the board’s strategic and business plans, which will take into account risks that the insurer is skilled in managing, perhaps due to availability of skilled resources or advanced tools that give the firm a competitive advantage. The risk appetite should also allow for the views of key external stakeholders, such as the providers of funding and regulators.

This builds on this step and involves:
>> Assessment of the risk capacity — the maximum risk the firm can bear, which is a function of the quantum and fungibility of existing capital and the firm’s ability to access further capital
>> Calibration of the firm’s risk tolerance and risk appetite — the quantum of risk the firm is seeking within its overall capacity in terms of earnings volatility, growth ambitions, capital at risk and/or other key metrics
>> Determination of the target level of return and acceptable variability of return
>> Construction of the target risk profile, which presents the allocation of risk appetite to risk categories.

This approach should allow management to understand the expected impact on the value of the company in a range of scenarios. These include those that allow for the crystallisation of upside and downside risk, thus providing an objective comparison of which risks to retain or seek out and vice versa. In this context, basing business planning on comprehensive risk-reward metrics moves away from having a technical solvency focus towards a more holistic perspective on value management.

Step 3: Bottom-up analysis
Often the current risk profile of an insurer is defined by its historic risk-taking activity, based around its ability to assume a certain aggregate level of risk through its capital base. In many cases the risk profile is unlikely to explicitly reflect the desire of the board to actively retain and seek risks with reference to a balanced risk appetite statement. As a result, the current risk profile may not be aligned with the target risk profile defined in Step 2.

To begin to address this issue, the bottom-up analysis describes in detail the current risk profile and should use the insurer’s economic capital metrics in conjunction with the insurer’s value-management metrics. The top-down and bottom-up analyses can be iteratively reworked so that they converge to an optimum risk appetite. This involves senior management reviewing the differences between their target risk profile and the current risk profile, identifying the business options that exist to facilitate a move from existing to target risk exposures, and in turn enabling the execution of a risk-based strategy through the business planning process.

Step 4: Definition of risk appetite
Having agreed an optimum risk appetite, it is necessary to articulate this using a clear risk appetite statement and risk policies. The risk appetite statement in its broadest terms should outline:

>> The level of strategic exposure to each risk. Statements should be worded such that quantitative measurement of these exposure levels can be conducted
>> Processes to allow the assessment of additional risks and the fluid restructuring of strategic exposures to allow capitalisation of return on risk profiles. These processes should assess the implications of restructuring strategic exposures for all stakeholders
>> Minimum return versus risk levels to be considered for future business activities, such as corporate activity, new products and value-adding projects.

The risk policies should translate the statements into more tangible terms that set guidelines for the execution of risk management across the firm. These policies will be used by those with responsibility for implementing the board’s and senior management’s risk appetite. For example, investment mandates will highlight to the firm’s fund managers the level of exposure to equity-type investments sought both quantitatively — such as adopting an equity-backing ratio between 15% and 35% with more than 75% of the equity investment UK-registered — and qualitatively — such as a preference for defensive, high-yielding stocks. Ideally, the risk policies should be framed so as to enable the assessment of staff performance and hence feed into their remuneration review.

The business cycle
Once risk choices are agreed and articulated through a firm’s governance, the performance of the business can be monitored and compared to that expected over the period. The performance against expectations should be used to aid the back-testing of any quantitative models used to support the risk appetite definition.

The key benefit, however, is to highlight how competently or otherwise the risks have been managed. This information can then feed back into the risk appetite setting for the following period, completing the business cycle. The risk appetite, along with further board-level analyses and metrics, can be presented as part of a management information pack that outlines the financial performance of the insurer and the revised risk appetite for the next business cycle.

Actuaries are ideally placed to help insurers implement these techniques, which form a key part of an enterprise risk management framework. Perhaps actuaries can help to empower the insurance industry to do what it does best — assuming those risks that the insurer is skilled in managing and hence, turning risk into profit.

Marcus Bowser is a principal consultant and Jon MacDonald is a director in the insurance practice of PricewaterhouseCoopers.

Figure 1: Area of interest for policyholders and stakeholders