Skip to main content
The Actuary: The magazine of the Institute and Faculty of Actuaries - return to the homepage Logo of The Actuary website
  • Search
  • Visit The Actuary Magazine on Facebook
  • Visit The Actuary Magazine on LinkedIn
  • Visit @TheActuaryMag on Twitter
Visit the website of the Institute and Faculty of Actuaries Logo of the Institute and Faculty of Actuaries

Main navigation

  • News
  • Features
    • General Features
    • Interviews
    • Students
    • Opinion
  • Topics
  • Knowledge
    • Business Skills
    • Careers
    • Events
    • Predictions by The Actuary
    • Whitepapers
    • Moody's - Climate Risk Insurers series
    • Webinars
    • Podcasts
  • Jobs
  • IFoA
    • CEO Comment
    • IFoA News
    • People & Social News
    • President Comment
  • Archive
Quick links:
  • Home
  • The Actuary Issues
  • December 2015
12

Getting to grips with risk

Open-access content Tuesday 1st December 2015 — updated 5.50pm, Wednesday 29th April 2020

It is difficult to assess all sources of enterprise risk, says Brenda Boultwood, but it is vital if a company wants to demonstrate sound decision-making

2

—


During the course of the past two decades, the financial sector has shown great progress in understanding and quantifying credit and market risk. But operational risk - which some experts estimate may be 70%-80% of a regional bank's total risk capital - is still not well understood or quantified. Operational risks are qualitative, inconsistently defined and often poorly identified. New techniques are emerging that allow operational risk appetite to be monitored and effectively reflected in the strategy and business plans of a company. These techniques include complete risk identification, conversion of qualitative risks into measurable units, predictive risk analytics that provide early warning signals on loss events, and metrics thresholds that trigger notifications and actions, including changing the level of risk-taking.

Qualitative risk: the new frontier
Regulators require banks to develop operational risk frameworks, just as banks have to do for market risk and credit risk. The expected levels of operational risk should be established, and consistent with strategic objectives. Organisations must specify the type of data and the frequency with which they will assess their risk events.

A great deal of work is being done now to make qualitative risk more quantitative, but it is still more art than science. For example, if a bank's deposit system is down, this leads to customer or business disruptions, and there is the financial loss of incomplete transactions on that particular day. There is also a more subtle loss of reputation when the customer chooses to negotiate their next loan with a bank whose systems are more reliable. Banks are starting to collect information about these kinds of risk events. They are doing more risk assessments and are asking people in the field: how do we assess the quality of our risk and control environment?

Companies are also thinking about risk metrics because they want more rigour as they establish a more quantitative basis for qualitative risks. Management should decide on a set of metrics, which will then be monitored for breach of pre-assigned levels.

Take an example
Consider the risk of employee attrition. Part of mitigating this operational risk requires having strong human resources, involving how to attract, train and motivate employees with valuable skills. The risk of employee attrition can be quantified as the percentage of unintended employee turnover, transforming something once qualitative into something measurable.

The first stage of mitigating this risk is to start with a baseline to normalise observations. This can help the company measure the impact of loss owing to lack of well-trained employees. Although 'employee turnover' can be calculated and modelled, how can its actual impact be measured? If departing employees know the internal processes intimately and have forged connections with customers, the amount of monetary loss is rather difficult to quantify. Additionally, we must keep in mind the costs required to recruit and train new employees.

A quantitative risk such as market risk is understood in terms of value-at-risk (VaR). When a certain VaR level is breached during trading, this triggers a message to senior management, who decide what response is needed - accept the higher risk, liquidate the position, or buy a hedge - and then report that to the board. For a qualitative risk such as employee attrition, the company would choose as its baseline an expected level based on history - for example, 2.5% employee turnover.

Then things change. Perhaps a new competitor starts poaching staff, and turnover jumps to 10%. The dashboard that used to show green at 2.5% now shows red at 10%. When a certain level is breached, this triggers a message to senior management, who - just as in the market risk case - have a discussion. Important questions must be considered, such as: "Is this an anomaly?"
"Is this the new norm?". If 10% is the new norm, what is the correct response; more training, better policies and procedures, or more documentation of the skills required for that particular role? Perhaps more IT systems are the answer, because that would help automate much redundant work, and would also reduce dependence on what people are expected to remember.

The discussion around measuring this qualitative risk - establishing an operational risk tolerance metric for employee attrition - has now begun, and some tactical decision-making occurs. The board will eventually examine the breach, and the response thereto, in order to understand the impact on the organisation's overall strategy.

A window into enterprise risk
As companies grow and amass data, they become better at anticipating risk events. As a result, they can focus on better controlling their exposure, thereby limiting the potential for loss - both financial and reputational. There's a silver lining to risk events: fresh data points. Information before, during, and after risk events can and must be captured for use by your organisation's risk management, modelling, and analytics teams.

The data aggregation currently carried out by organisations is largely quantitative. It looks at values around revenue, profits, products produced, expenditures and more. Data aggregation around new metrics - especially around qualitative risks - is more difficult to establish.

Quality data can permit operational risk-based capital modelling, which ties into determining risk and regulatory capital adequacy. In addition to economic risk capital, senior management is also interested in regulatory capital, balance-sheet capital, and rating agency capital. Stress testing and scenario analysis of key risks can also reveal any potential Achilles' heel in desired capital levels.

Risk appetite linked to strategy
Ultimately, the board has accountability to a company's shareholders. Senior management is well aware that if a risk metric exceeds a threshold perceived to be normal, which is in line with past observations, management need an explanation. Is this a one-time event, or does this signal a trend?

With input from the risk management team, management will want to understand various risk implications that such data provides: does the organisation need a temporary plaster, or does it require a new blueprint? More controls might be needed, or the organisation might need to accept a new risk tolerance as part of its risk appetite. Risk data, and the insights that come from it, can provide management with the real-time knowledge needed to continuously fine-tune the organisation's strategy.

Use test analysis
Regulators require that banks perform use test analysis of their day-to-day risk appetite. A great way to assess your organisation's risk framework is to try it out on a new situation. Regulators want banks to be asking themselves what new risks are occurring, and how much extra risk capital those new risks could absorb.

Use test analysis should also be performed on potential mergers and acquisitions. Although both parties have a legal contract, do they know exactly how the partnership is going to work? Do they know exactly how each partner is going to deliver?

Use test analysis also feeds into stress testing. Analysts should ask themselves: "If we introduce a new product/deal/acquisition, what are all the new risks that we introduce?" The company can stress test different scenarios and estimate the level of confidence for what current levels of risk capital it could safely absorb if things went wrong.

A company has a risk appetite for both quantitative and qualitative risks, and both are needed to define an organisation's overall risk tolerances and boundaries. Metrics such as employee attrition, the number of network security penetrations, the length of system down-time or the number of process failures are critical data points. These can help a company calculate its operational risk capital and compare that to its risk appetite, as ultimately reflected in a company's capital and ability to absorb large losses.

No matter the industry, every organisation wants to invest in opportunities where the risk-adjusted return on capital is the highest. Every organisation also wants to avoid those rare, once-in-a-decade, black swan risk events that have the potential to destroy their business. It is only by having access to quality risk data that organisations can be in a position to thrive on risk.

Brenda Boultwood is senior vice-president at MetricStream
This article appeared in our December 2015 issue of The Actuary .
Click here to view this issue

You may also be interested in...

2

Judgment day for pricing

Tony Ward provides an algorithmic framework for building generalised linear models using the field of machine learning
Tuesday 1st December 2015
Open-access content
2

Maintaining model behaviour

With Solvency II and increased regulation on the horizon, Roger Simler and Andrew Wood explore a holistic framework for assessing model error risk
Monday 30th November 2015
Open-access content
2

Kathryn Morgan: Making waves

Kathryn Morgan, director of regulatory operations at the Gibraltar Financial Services Commission talks to Jessica Elkin about power, responsibility and gender diversity
Friday 27th November 2015
Open-access content
2

Emerging markets: Going for gold

With reinsurers increasingly turning to non-traditional sources of growth, Alexander Hanks asks whether they can find their El Dorado in emerging markets
Friday 27th November 2015
Open-access content
2

The Christmas gift of foresight

In the manner of Rudolph’s red nose, Jessica Elkin gives some thought to lighting the way ahead with a new festive strategy for present buying
Tuesday 1st December 2015
Open-access content

People moves - Nov/Dec 2015

People moves - Nov/Dec 2015
Tuesday 1st December 2015
Open-access content

Latest from Archive

2

De-risking too far?

Simon Willes explains why investment de-risking a pension scheme without regard to employer covenant may not lead to optimal member outcomes
Monday 9th September 2019
Open-access content
2

Financial services stand to gain most from low-carbon transition

The financial sector is set to gain most from creating new sustainable products and services in response to climate change, a groundbreaking international study has revealed.
Tuesday 4th June 2019
Open-access content
2

Government gives green light to pension dashboards in 2019

UK savers will soon be able to see all their pension savings in one place after the government today unveiled proposals for a series of dashboards that could come online later this year.
Thursday 4th April 2019
Open-access content

Latest from December 2015

2

Many risk 'a nasty surprise' by hiding Christmas gifts in cars

More than half of people who hide presents in their cars do not take extra precautions to protect them from being stolen, a survey has found.
Monday 21st December 2015
Open-access content
ta filler

Product innovation the biggest challenge for pension providers

Bringing new products to the market has been identified as the biggest obstacle for life and pension providers, according to a pension software firm.
Monday 21st December 2015
Open-access content
2

Actuaries and accountants say selling annuities could leave savers 'worse off'

Experts in the actuarial and accounting industry have criticised the UK government’s decision to launch a secondary annuity market, calling the idea “unlikely to benefit that many people”.
Monday 21st December 2015
Open-access content

Latest from small_opening_image

2

COVID-19 forum for actuaries launched

A forum for actuaries has been launched to help the profession come together and learn how best to respond to the deadly coronavirus sweeping the world.
Wednesday 25th March 2020
Open-access content
2

Travel insurers expect record payouts this year

UK travel insurers expect to pay a record £275m to customers this year as coronavirus grounds flights across the world, the Association of British Insurers (ABI) has revealed.
Wednesday 25th March 2020
Open-access content
2

Grim economic forecasts made as countries lockdown

A sharp recession is imminent in the vast majority of developed and emerging economies as the deadly coronavirus forces businesses to shut down across the world.
Tuesday 24th March 2020
Open-access content

Latest from 12

2

Witty advice on the inconvenience of elbow in mouth

Witty advice on the inconvenience of elbow in mouth
Monday 30th November 2015
Open-access content
Share
  • Twitter
  • Facebook
  • Linked in
  • Mail
  • Print

Latest Jobs

Senior Pricing Associate

Scotland / England, London
Up to £60000 per annum
Reference
149081

Outside IR35 - Reserving Contract - 6-8 months

London (Central)
Daily rate contract - outside IR35
Reference
149079

Actuarial Analyst - Longevity Reinsurance

England, London
Up to £55000 per annum
Reference
149080
See all jobs »
 
 
 
 

Sign up to our newsletter

News, jobs and updates

Sign up

Subscribe to The Actuary

Receive the print edition straight to your door

Subscribe
Spread-iPad-slantB-june.png

Topics

  • Data Science
  • Investment
  • Risk & ERM
  • Pensions
  • Environment
  • Soft skills
  • General Insurance
  • Regulation Standards
  • Health care
  • Technology
  • Reinsurance
  • Global
  • Life insurance
​
FOLLOW US
The Actuary on LinkedIn
@TheActuaryMag on Twitter
Facebook: The Actuary Magazine
CONTACT US
The Actuary
Tel: (+44) 020 7880 6200
​

IFoA

About IFoA
Become an actuary
IFoA Events
About membership

Information

Privacy Policy
Terms & Conditions
Cookie Policy
Think Green

Get in touch

Contact us
Advertise with us
Subscribe to The Actuary Magazine
Contribute

The Actuary Jobs

Actuarial job search
Pensions jobs
General insurance jobs
Solvency II jobs

© 2023 The Actuary. The Actuary is published on behalf of the Institute and Faculty of Actuaries by Redactive Publishing Limited. All rights reserved. Reproduction of any part is not allowed without written permission.

Redactive Media Group Ltd, 71-75 Shelton Street, London WC2H 9JQ