As expected, insurers have continued to accelerate their development of Enterprise Risk Management (ERM) practices following last year’s financial crisis. The impact to both sides of the balance sheet emphasized the importance of tracking every risk a carrier faces and protecting capital from a wide range of threats. As ERM practices evolve, clear definitions and terminology become critical. A common language and framework will facilitate process and technical innovation, improving the transfer of practices across companies and simplifying the disclosure process — all of which will lead to more accurate risk evaluation.
The financial crisis did more than highlight the need for a holistic approach to risk and capital management: it underscored the importance of disclosure. Rating agencies and regulators, in particular, are looking for greater transparency from insurers. Many are already disclosing some risk information, but in the absence of an emergent market standard, the depth and quality of disclosure varies widely. While some of the motivation seems to be compliance-oriented, effective communication about risk will become a competitive advantage.
Clear definitions of critical terms are a cornerstone of this evolution in practice. Across the industry, the terms risk profile, risk appetite and risk tolerance are used frequently, but often with inconsistent meanings. Standardization is necessary both to bring consistency to industry-wide discussions and to ensure that the remedies developed address the specific challenges that our industry faces.
Risk profile refers to the broad parameters a firm considers in executing its business strategy in its chosen market, i.e., the market in which it wants to participate. Risk appetite, on the other hand, is the level of uncertainty a carrier is willing to assume given the rewards that correspond to a certain risk (or set of risks), including the profit potential available and the cost to mitigate uncertainty. Finally, risk tolerance is the stated amount of risk a company is willing or able to assume in executing its business strategy — essentially, its capacity for taking on risk.
In a survey of 35 insurers and reinsurers — spanning the United States, Europe, Bermuda and the Asia-Pacific region — Guy Carpenter found that all already disclose some form of risk tolerance consideration at the enterprise or risk segment level. From our original survey in April 2009 to the update conducted this fall, we found an increase in disclosure, indicating that this is a growing priority in the industry.
Most firms disclosed the method used for measuring their overall risk, but not the resulting amounts or implied levels of capital adequacy. Stress testing and Value at Risk (VaR) were the most common methods of determining risk tolerance. Market and asset risk — as measured with some form of VaR, maximum loss or percent impairment threshold — were the most common types of risk disclosed. European carriers tended to publish more structural ERM information, with those in the Asia-Pacific region preferring to disclose the least. Bermuda is now relatively close to Europe in this regard, a substantial change from our April results.
There is no doubt that ERM-related disclosures are increasing, due in large part to the events of September 2008. Pressure from regulators and rating agencies for transparency is a significant reason, but over time, the motivation will shift to competitive advantage. Disclosure will differentiate those carriers with greater risk management capabilities, translating to a better overall handle on their portfolios and better expected performance. Transparency and a willingness to communicate about risk will demonstrate commitment to the prudent deployment of capital.