[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

Risk management: Defining risk language

Risk classification relates to how an organisation defines the risks it faces. Coherent classification is essential to enterprise risk management (ERM), as ambiguity will lead to confused reporting and management of risk.

However, while firms may have a coherent system for classifying risks that meet their own requirements, such systems are unlikely to be identical between firms. Each system represents a risk ‘language’ bespoke to the firm, with firms using different terminology for the same risks, or the same terminology for completely different risks. The different risk languages used by actuaries in their day-to-day work can cause confusion when actuaries from different firms come together to discuss risk.

To address this, the Actuarial Profession’s risk classification working party was set up at the end of 2009 to develop a common system for the profession and, in doing so, establish a common risk ‘language’ for actuaries to use when discussing risk. The working party — comprising Paul Klumpes, David Wilmot, Jaiwardhan Vij and myself — have recently published a paper setting out such a common risk classification system for actuaries, together with a supporting spreadsheet setting out the very detailed risk categories identified in our work.

Note that the working party was not seeking to develop a definitive ‘one size fits all’ classification. Firms will have their own classification system, which meets their own requirements and we do not seek to supplant these — merely to provide a common basis for discussion between actuaries of different firms. Actuaries are not obliged to adopt the common classification system but it is hoped they will find this reference point helpful in discussing risk with their peers in other organisations.

Differences in risk classification
Even at a high level, significant differences can exist between how different organisations classify risks. Table 1 considers four different high-level classifications used by various regulatory bodies and insurance companies:
>> FSA Prudential Sourcebook
>> German regulator BaFin
>> Lloyds Banking Group
>> Prudential.

Taking just these limited examples, while there are some common categories such as market risk and operational risk, there are also significant differences in terminology, even at a high level. This is particularly true of strategy-related risks.

Moreover, as one drills down to sub-categories, further confusion is possible. For instance, one organisation may class failure of a project as operational risk, while another may class it as strategy risk.

Some other areas of doubt are:
>> Is non-disclosure of material underwriting information an insurance/underwriting risk or operational (fraud) risk?
>> Is spread widening of corporate bonds a credit or a market risk?
>> Is a shortage of buyers in a market a liquidity or a market risk?

This list is by no means exhaustive: the further one drills down into sub-categories, the greater the potential for overlap with other categories and for confused classification. To address this, the working party sought as far as possible to parse risk types into sub-components to identify where there may be overlaps, and to suggest how risk categories may be demarcated.

Risk and economic value
In their work, the working party used the following definition of risk: “The possibility of events, or combinations of events, occurring which have an adverse impact on the economic value of an enterprise as well as the uncertainty over the outcome of past events.”

It follows that any risk classification system should start by considering what the ‘economic value’ of an enterprise is. The working party considered the following definition of economic value:
>> Embedded value comprising: — shareholder net assets (assets less liabilities) — value in-force (VIF), which is the value of existing business relating to future income less costs, including the cost of capital (covering both regulatory and other capital requirements as well as economic capital).
>> Plus goodwill relating to: — the value of future new business, plus — future initiatives to drive down costs, improve persistency and improve the risk/ reward profile.

Risks to embedded value
The adverse events that affect embedded value are:
>> Market movements reducing net assets and/or reduce the VIF of future income (such as fund-related charges)
>> Counterparty defaults reducing net assets
>> Insured perils reducing insurer net assets, while for companies in general, there is a threat to VIF from poor persistency levels
>> Operational loss events that deplete net assets (for example, mis-selling compensation) and/or reduce VIF (as in regulatory challenges of charges). From this, we arrived at the following high-level risk categories: Market risk — the risk that as a result of market movements, a firm may be exposed to fluctuations in the value of its assets, the amount of its liabilities, or the income from its assets. Credit risk — the risk of loss a firm is exposed to if a counterparty fails to perform its contractual obligations (including failure to perform them in a timely manner) including losses from downgrades and other adverse changes to the likelihood of counterparty failure.
>> Insurance and demographic risk — the risk of adverse variation in life and general insurer and pension fund claim experience as well as more general exposure to adverse persistency and other demographic experience, and including adverse changes to assumptions as to future experience.
>> Operational risk — the risk of loss, resulting from inadequate or failed internal processes, people and systems, or from external events. The market, credit and operational risk categories featured above are also categories considered under Basel II.

Insurance risk was also common (though BaFin termed this underwriting risk) but the working party considered the term too narrow, as it implies risk relating to insurance companies only. The reference to demographic risk makes it clear that this is a broader category — persistency risk in particular is key for many firms outside the insurance industry and beyond financial services.

Liquidity risk
The high-level categories mentioned above cover threats to the quantum of embedded value, such as threats to the amount of realistic assets in excess of realistic liabilities. However, solvency is based not just on the amount of assets relative to liabilities but also on how liquid these are.

If assets are not sufficiently liquid, they may have to be sold at a discount to market value to meet liabilities as they fall due and/or a firm may have to borrow to cover the shortfall in liquid funds, giving rise to interest costs. In extremis, a firm may find itself unable to meet liabilities as they fall due.

There is thus the need to consider the liquidity as well as the amount of assets relative to liabilities and we need to add a high-level category for liquidity risk, which is defined as: “The risk that a firm, although solvent, either does not have available sufficient financial resources to enable it to meet its obligations as they fall due, or can secure such resources only at excessive cost.”

Risk to goodwill — strategy risk
The categories considered so far relate to existing assets and liabilities and the embedded value arising from these, but a large component of a firm’s economic value relates to goodwill in respect of future new business and initiatives to extract greater value from the existing book of business. Thus a separate strategy risk category has been added to cover threats to the realisation of this goodwill.

This will cover:
>> Risks leading to actual strategic outcomes differing adversely to expectations
>> Risks that may inhibit strategy and strategic choices
>> The risk that the strategy chosen is sub-optimal.

Note there is a body of opinion that suggests such strategic risks should not be considered as a separate category but as manifestations of other risks — for example, market risk may cover the impact of falling stock markets on equity-related product sales.

However, the working party has chosen to separate out strategic risks in the common risk classification system on the basis that the controls required to manage these are different from those to manage embedded value. The impact of market falls on embedded value may be hedged using derivatives but, for new business, managing the impact is more about offering a diversified product range and not being overly reliant on, say, equity funds.

Frictional risk
The definition of economic value above includes a deduction for the cost of capital. The amount, and hence cost, of capital is not determined solely by the economic risks faced by a firm, but also by regulatory, accounting and rating agency requirements.

The excess of these requirements over economic capital required may be termed ‘frictional capital’. Frictional capital requirements may increase in the absence of any change in economic risk profile with the cost of this extra capital having an adverse impact on economic value.

The common risk classification system has a frictional risk category to cover this. The category also covers problems caused by operating structure such as the fungibility of capital tied up in subsidiaries.

Finally, the category also covers tax risks such as changes to the corporation tax regime and portfolio-specific impacts such as deferral of tax relief because of an adverse mix of business.

Aggregation and diversification risk
It is important in considering risk to look at not just the individual components but also how they come together as a whole. Risks may be super-additive, with the combined impact greater than the sum of the individual parts. More often than not risks are sub-additive, with risks unlikely to crystallise to the same extent simultaneously.

Firms allow for this diversification benefit in assessing capital requirements, but there is a risk that the combined impact may be greater than expected, in that the diversification benefit is less than expected.

Thus the common risk classification system has a final, over-arching high-level category for aggregation and diversification risk, which is defined as: “The risk that the aggregate of risks across individual categories is greater than the sum of the individual parts and/or that anticipated diversification benefits are not fully realised.”

Aggregation and diversification is also considered as a sub-set of each high-level category, for example, market risk will include an aggregation and diversification risk category to address the combined impact of individual market risks such as equities and property. However, this high-level category will consider impact across the other high-level categories, such as between market and operational risks.

Summary of high-level categories
The working party’s view of risk can be summarised in Figure 2. Based on the view of risk outlined, the common risk classification system has high-level categories for:
>> Market risk
>> Credit risk
>> Insurance and demographic risk
>> Operational risk
>> Liquidity risk
>> Strategy risk
>> Frictional risk
>> Aggregation and diversification risk.

Risk classification is only a starting point in ERM, which ultimately needs to consider how the individual strands represented by the individual risk categories interact both in aggregate and at each entity level, as well as the rewards available.

However, it is hoped actuaries will find the common reference point this system provides useful in discussing risk with their peers in other organisations.

I would encourage actuaries to read the final paper on the Profession’s website www.actuaries.org.uk and either make use of the common definitions when discussing risk with peers outside their organisation or, if using alternative definitions, to define these as precisely as possible.


Patrick Kelliher is the head of market risk and ALM at Aegon UK