April 30th, 2009

Risk Profile, Appetite, and Tolerance: Fundamental Concepts in Risk Management and Reinsurance Effectiveness

Posted at 1:01 AM ET

Financial Intelligence Team

Prior to the recent turbulence in the financial markets, insurers and reinsurers were increasing their use of enterprise risk management (ERM) to make risk and capital management decisions. While this was driven in part by rating agencies and regulators, many carriers began to recognize the value of metric-based frameworks and capital models in evaluating their portfolios.

Download the full briefing >>


As the financial crisis continues to unfold — and explanations are offered — it is clear that more robust enterprise-wide risk management will be the result. Many industry participants and observers anticipate that regulatory and rating agency scrutiny will accelerate at an unprecedented rate. Further, insurer and reinsurer shareholders and Boards of Directors are likely to demand that risk be measured and managed as it relates directly to capital on an enterprise-wide basis, particularly as an integral part of the corporate governance process.

Advancing the ERM dialogue can help insurers make value-accretive decisions through the improved deployment of capital. A thorough understanding of the basic concepts of enterprise-wide risk is fundamental to the implementation of ERM disciplines, establishing risk management parameters, and integrating this knowledge into the process of making strategic business decisions. As a result, insurance and reinsurance firms will not only be better prepared to respond to the internal and external questions relating to risk and capital, but (perhaps more importantly), they could benefit by establishing hedging or reinsurance strategies to drive capital efficiencies and maximize stable risk-adjusted returns.

We will address three core aspects of the emerging ERM and capital management dialogue:

  1. We will offer a framework for defining common terminology: distinguishing Risk Profile, Risk Appetite, and Risk Tolerance. Currently there are no consistent, overarching definitions of commonly used risk terms. Greater clarity in this area is fundamental to a proper understanding of the concepts involved.
  2. We will offer a framework for discussing risk tolerance, including best practices.
  3. We will present the results of Guy Carpenter’s initial risk tolerance benchmarking study, which will allow us to advise our clients about their own circumstances and the general context of the markets in which they operate.

Risk Profile, Risk Appetite, and Risk Tolerance

The definitions and use of Risk Profile, Risk Appetite, and Risk Tolerance vary considerably in professional articles and position papers across the (re)insurance industry. To properly consider the dynamic tradeoff between risk and return we provide the following definitions.

Risk Profile: the broad parameters a firm considers in executing its business strategy in its chosen market space.

Risk Appetite: the level of uncertainty a company is willing to assume given the corresponding reward associated with the risk. A company with a high risk appetite would be a company accepting more uncertainty for a higher reward, while a company with a low risk appetite would seek less uncertainty, for which it would accept a lower return.

Risk Tolerance: a stated amount of risk a company is willing and able to keep in executing its business strategy — in other words, the limits of a company’s capacity for taking on risk.


RT Co. is a large, reasonably well-capitalized national multi-line writer with profit and growth goals typical of those of similar insurers. Using the definitions above, RT Co.’s Risk Profile can be thought of in terms of the market space in which it wants to participate (e.g., lines and classes of business) and the corresponding management decisions (i.e., risk selection, claims handling processes/back office, distribution channels, expense structure, and strategic execution). Alternatively, part of RT Co.’s Risk Profile is the market space in which it does not want to participate, such as aggressive asset strategies or international expansion.

Consistent with its Risk Profile, RT Co. evaluates how much profit potential is available and the cost of mitigating uncertainty to develop its Risk Appetite. For example, after analysis, a “moderate” Risk Appetite maybe defined by RT Co. as:

  • A target return on equity of 10 percent
  • Retention of net catastrophic risk less than or equal to its peers
  • Avoidance of excessive underwriting volatility, asset risk, or operational risk

Given the risk appetite of RT Co., it establishes a set of Risk Tolerances to properly articulate its capacity for assuming risks. For example, RT Co., may express its risk tolerances as follows:

  • High probability of maintaining an A rating
  • Quarterly impact from non-catastrophe underwriting results not greater than 10 percent of forecasted earnings
  • Net 1:100 probable maximum loss (PML) limited to 10 percent of capital
  • Net 1:250 PML limited to 15 percent of capital
  • Remote chance of asset loss greater than 10 percent of capital in any one year

To further clarify the concept of Risk Appetite, the following chart shows the basic tradeoff between risk and reward, where the willingness to bear risk increases the potential profit while increasing the possibility of a decrease in surplus (capital).


Best Practices in Using Risk Tolerance to Manage Risk

Because risk appetite and enterprise level risk tolerance statements are fundamental to a company, senior management and the board of directors should be active participants in the identification and consideration of risk/reward tradeoffs as they establish the Risk Profile, Risk Appetite, and, ultimately, the Risk Tolerance to be used for both internal decision making and external communication. The establishment of a Risk Committee as part of the board of directors is now widely viewed as the proper authority responsible for reviewing enterprise-level Risk Tolerance levels.

Rating agencies and other interested parties look for management to be able to link significant changes in its Risk Profile with corresponding changes to the company’s Risk Appetite or Risk Tolerances. Continuing the prior example, assume RT Co. announced its intention to aggressively grow its property business in the Southeastern United States. Rating agencies would want to know how the implications on its risk profile (i.e., increased catastrophe exposed business) impacted the company’s stated risk appetite or risk tolerance. For example, if RT Co. did not change its risk appetite, a rating agency would expect the company to defend its reinsurance purchasing strategy in light of the increased catastrophe risk.

A critical best practice in this area is to ensure that these top-level risk management decisions are integrated into the operational framework throughout the firm. The following are examples of such linkage and operational concepts:

  • Enterprise-level monitoring and evaluation of risk-taking and risk mitigation strategies through economic or risk-based capital measures, in which all significant risks are identified, measured, and managed (including stress testing)
  • Operational integration and communication by management of risk tolerance to influence operational decisions, for example, through underwriting guidelines, zonal aggregates, and pricing discipline
  • Use of risk mitigation strategies when risk exceeds risk tolerance limits or could impair reputation

Risk Tolerane as Part of a Risk Hedging and Reinsurance Strategy

Since companies compare the cost of alternative reinsurance structures with the associated benefits, as measured by the relative impact on their Risk Tolerance boundaries, understanding a company’s Risk Appetite and Risk Tolerance is a strategic imperative. The frequency with which insurance and reinsurance companies will have conversations with their constituents (e.g., rating agencies, regulators, and boards of directors) on this topic will increase dramatically in the coming months. A deep conceptual understanding, as firms shape their risk tolerances, is critical to achieving successful outcomes.

As indicated, there is not a one-size-fits-all risk tolerance statement, and most companies use several implicit or explicit risk tolerance boundaries. The table below shows examples of risk tolerance areas directly impacted by reinsurance.


Survey of Publicly Disclosed Information on Risk Tolerance

Guy Carpenter undertook a project to study the ERM structure and risk tolerances of firms within the industry. The study was comprised of publicly available information, including annual reports, regulatory filings, and analyst and rating agency reports. It identified information from 12 companies domiciled in Europe, six in the United States, nine in Bermuda, and eight in the Asia-Pacific region. These companies are mainly publicly traded and have large global operations.

The overall observation is that the public disclosure of companies’ risk tolerances is limited. Based on our review, though, the following general observations and trends were identified:

  • Of the 35 companies in the study, all disclose some form of consideration of Risk Tolerance at the enterprise or risk segment level (such as market/asset, credit, or insurance risk).
  • Firms generally disclosed the method for measurement, but not the amount or level. Metrics used for measurement varied based on the risk being measured. Some insurers used more than one metric. Examples of disclosure of method and corresponding level varied widely.


  • The most prevalent disclosed Risk Tolerance methods were Value at Risk (VaR) and stress testing.
  • Disclosures related to market/asset risk (measured with some form of VaR, max loss, or percent impairment threshold) were found most commonly in our survey.


  • European companies tend to disclose more information about their ERM “structure” characteristics — such as having a Chief Risk Officer (CRO), reporting relationships, a risk committee, or reporting lines into the board - than companies in other regions, with Bermuda and Asia-Pacific companies disclosing the least about their ERM structural elements. We believe that the low disclosure identified in the survey in some regions does not suggest that the firms do not have the roles noted. Rather, it highlights that the firms included in the study do not disclose the structural element if they exist.[table]
  • Very few companies offer an opinion or position regarding excess capital, although some reference commentary on management activity, such as share buybacks, that is indicative of an opinion relative to excess capital.
  • The disclosure of capital allocation and modeling method appears most often in Europe, with no apparent distinction between insurance and reinsurance companies. Combined operations (i.e., those that include both insurance and reinsurance within the corporate operating structure) appear to provide more details in their disclosure/description of modeling methods. Examples of methods, as stated, include:
    • Mix of risk-based capital models and scenario testing, sometimes include the International Monetary Fund (IMF) stress tests
    • Economic-based capital modeling
    • Risk-based capital modeling, such as for the UK Financial Services Authority (FSA)

Anticipated Change — Increased Scrutiny of Risk Appetite and Risk Tolerance

We anticipate that there will be considerable momentum, growing at an ever accelerating pace, as regulatory, capital markets, and legislative influences around the world join to require management recognition of the risks of their enterprises.

Despite the fact that publicly disclosed information is so limited, the increasing external demands will be coupled with management recognition of potential competitive advantages. We anticipate significantly increased transparency with regard to the Risk Profile, Risk Appetite, and Risk Tolerance by firms in the industry. We intend to continue to monitor disclosure trends and update the Risk Tolerance Benchmarking Study as this broader base of information becomes available.


  • Susan Witcraft, Managing Director, Minneapolis +1 952.832.2143
  • Frank Achtert, Managing Director, Munich +49
  • Iain Boyer, Managing Director, Norwalk +1 203.229.8807
  • Michelle Harnick, Managing Director, New York +1 917.937.3125
  • Dave Lightfoot, Managing Director, Seattle +1 206.621.2929
  • Scott Lohman, Managing Director, Seattle +1 206.621.2929
  • Don Mango, Managing Director, Morristown +1 973.285.7914
  • Eddy Vanbeneden, Managing Director, Brussels +32 2.674.98.11
  • Gina Carlson, Senior Vice President, Minneapolis +1 952.832.2224
  • Debbie Griffin, Senior Vice President, New York +1 917.937.3119
  • David Flandro, Senior Vice President, London +44 (0)20 7357 3267
  • Jeff Bellmont, Vice President, Minneapolis +1 952.832.2157
  • Sebastien Portman, Vice President, Zurich +41 44.285.9322
  • Benoit Butel, Vice President, Paris +33

Download the full briefing >>

Statements concerning, tax, accounting, legal or regulatory matters should be understood to be general observations based solely on our experience as reinsurance brokers and risk consultants, and may not be relied upon as tax, accounting, legal or regulatory advice which we are not authorized to provide. To the extent that you discuss such statements with your clients, be sure to advise your clients that all such matters should be reviewed with their own qualified advisors in these areas.

AddThis Feed Button
Bookmark and Share

Related Posts