Armoghan Mohammed asks whether the reoccurrence of high-risk events signals a need to review risk planning
In any field, at any time, one sector may lead the way in terms of applying latest thinking and best practice. This is the case in the risk management industry today, where, thanks to Solvency II compliance, risk practitioners in the insurance sector are at the vanguard of new approaches.
Solvency II represents the most comprehensive risk management framework in the world. Insurers have had to raise their game, aided by actuaries and other risk management professionals.
Under Solvency II, insurers must hold capital against risk events potentially occurring once every 200 years - which, for most, includes assessing the impact of events never previously experienced.
Making such assessments is a complex business. These events are often termed 'black swans' - unforeseen risk events that have a major impact. Yet, as highlighted in PwC's report 'Black swans turn grey - The transformation of risk', events that fit the common understanding of 'black swans' are happening more frequently. These 'grey-swan' events are arguably part of a faster-changing and more uncertain world, indicative of a new risk landscape. The speed with which high-impact events occur is increasing, and so is the potential for contagion across traditional risk categories. Catastrophic risks can not only threaten an individual organisation's existence but also undermine entire industries.
As a result, some organisations outside the insurance sector feel their risk frameworks no longer give the protection they need. Some are concerned that their enterprise risk management (ERM) systems don't offer the flexibility and speed of response required to provide adequate risk resilience to grey-swan events. Even insurers, with all their investment in Solvency II, face challenges.
To ensure robustness in this new landscape, sophisticated internal models and statistical analyses need to be combined with a pragmatic approach for determining responses to events that are not modelled but have very severe consequences - something frequently neglected in Solvency II programmes.
Furthermore, companies need to link risk categories or understand their interdependencies. Tail dependency - the tendency for the most severe events in different areas to coincide - is receiving much attention as part of Solvency II projects, but remains more art than science, with limited industry consensus.
Many businesses have also focused little attention on strategic risk, regarding risk and strategy as separate from each other. Again, insurers have a Solvency II imperative here, with the Own Risk and Solvency Assessment (ORSA) requiring boards to explicitly consider risk and solvency over their strategic planning horizon. However, this is an embryonic area.
Organisations should look to enhance their ERM frameworks, following the insurance sector's lead and using some of the techniques being developed for ORSA, such as risk appetite.
By explicitly defining their risk appetite, organisations can raise awareness among all staff of what can be considered acceptable risks and so strengthen their risk resilience. However, there is still one arguable area of weakness across all sectors - the alignment of risk and business strategy. Although this is receiving increased attention within the insurance industry, with both ORSA and the 'Use Test' providing a degree of regulatory imperative, more could be done.
The board must take the lead, clearly articulating its view; this can then be reflected in the definition of risk appetite and the promotion of a risk-aware culture.
With the investment in risk management for Solvency II, the insurance industry (and the actuarial profession with it) faces huge reputational risks from major events that are not reflected in our ever-more sophisticated models. The next grey-swan event is just around the corner - any additional steps organisations can take to strengthen risk resilience should be embraced.