Ready for anything: The Sept. 11 terrorist attacks and the resulting losses across multiple lines have renewed interest in enterprise risk management. (Risk Management Industry Strategies).Enterprise risk management--the complex process of measuring and managing a business's overall risk exposure--has long been a favorite tool of banks for managing the asset and liability sides of their balance sheets. Applied to a global pharmaceutical corporation, for example, this could conceivably embrace risks as diverse as fire, environmental pollution, product recall, business interruption, natural disasters and finance and investment. In recent years, this approach has captured the interest of some major insurance companies, including USAA USAA United Services Automobile Association USAA Urban Superintendents Association of America USAA United States Achievement Academy USAA United States Arbitration Act of 1925 USAA United States Axemen's Association USAA United States Air-Table-Hockey Association , the San Antonio-based insurance and financial-services giant, which is embarking on plans to implement its own versions of this process. Industry observers now think that following the Sept. 11 terror attack terror attack n → atentado (terrorista) terror attack n → attentato terroristico on the World Trade Center--especially in the way it forged the correlation of hitherto unrelated risks--enterprise risk management may hold more appeal to insurers than ever before. "We see the world of analytical tools being expanded from the natural catastrophes to the man-made sides," said Dennis E. Kuzak, senior vice president of Eqecat, the Oakland, Calif.-based catastrophe-modeling and consulting firm Noun 1. consulting firm - a firm of experts providing professional advice to an organization for a fee consulting company business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a . "Whether the issue is an explosion and fire risk on a floating production facility, launch risks for Atlas missiles or re-entry RE-ENTRY, estates. The resuming or retaking possession of land which the party lately had. 2. Ground rent deeds and leases frequently contain a clause authorizing the landlord to reenter on the non-payment of rent, or the breach of some covenant, when the risks for a space shuttle space shuttle, reusable U.S. space vehicle. Developed by the National Aeronautics and Space Administration (NASA), it consists of a winged orbiter, two solid-rocket boosters, and an external tank. , these are amenable AMENABLE. Responsible; subject to answer in a court of justice liable to punishment. to fairly elaborate probabilistic (probability) probabilistic - Relating to, or governed by, probability. The behaviour of a probabilistic system cannot be predicted exactly but the probability of certain behaviours is known. Such systems may be simulated using pseudorandom numbers. models. And we see the idea of creating models for those risks for the insurers now, as opposed to the insureds." Segregated Risk Traditionally, different departments in a company each managed different risks, said Rein Lemberg, practice leader for enterprise risk management at ABS (Automatic Backup System) See backup program. Consulting, Irvine, Calif., which includes Eqecat. With this organization of functional silos, there's rarely the sharing of risk knowledge or mitigation strategies, he noted. "One of the problems with silos is they can have their own definitions, their own way of measuring, describing and valuing a risk," he said. In short, the old way of managing risks can be scattered Scattered Used for listed equity securities. Unconcentrated buy or sell interest. , inconsistent and inefficient, Lemberg said. But enterprise risk management is a holistic approach holistic approach A term used in alternative health for a philosophical approach to health care, in which the entire Pt is evaluated and treated. See Alternative medicine, Holistic medicine. to viewing a company's exposures. "It's a way of thinking about risks, about methodically me·thod·i·cal also me·thod·ic adj. 1. Arranged or proceeding in regular, systematic order. 2. Characterized by ordered and systematic habits or behavior. See Synonyms at orderly. defining things and deciding things and then applying these to developing frameworks, using tools and then finding solutions," he said. Pinning down one all-purpose meaning for enterprise risk management--also referred to as enterprisewide risk management, corporate risk management or holistic risk management--can be challenging, because each company approaches it from a different perspective. "The market really hasn't come up with a definition, and there are a number of definitions out there," said Robert J. Baldoni, head of Ernst & Young's Risk Management and Regulatory Practice's Treasury Advisory Group. "I believe the market really hasn't decided who will be providing these services: Will it be a financial-institution type of service? Is it a systems-house service? Is it an insurance-company or an insurance-broker service? Is it an adviser-consulting organization like us, or is it all of the above?" Baldoni said. Baldoni said he would define enterprise risk management as a decision-support tool that can assist senior managers who need to decide how their companies should allocate capital and measure the risks of acquisitions and ventures, new product launches and entry into new countries, as well as the overall risks of their operations. "They need tools to do that; they need processes to do that," Baldoni said. "It's a developmental application that gets them to that point." USAA already was heading down that road when Christopher E. Mandel came on board in April 2001 as assistant vice president of enterprise risk management in the chief financial officer's office. But at that time, the company was not yet tying all the pieces together, Mandel said. "I see lots of evidences of the riskmanagement model being applied to different processes throughout the company," he said. The internal audit group, for one, uses a model that helps it determine what parts of the organization it should focus its limited resources on as the group determines its audit schedule and the order of magnitude A change in quantity or volume as measured by the decimal point. For example, from tens to hundreds is one order of magnitude. Tens to thousands is two orders of magnitude; tens to millions is three orders of magnitude, etc. . USAA's treasury organization already has financial risk covered. The risk-management group has operational risk covered. Mandel's contribution since coming to the company was to recommend that USAA formalize and add discipline around a business-risk piece. The company has formed a Business Risk Advisory Committee, which serves as the forum for reviewing selected business risks as they emerge. "So, we look at this as a three-legged stool, with financial, operational and business risks--at least, that's the way that we define it today," Mandel said. "We're doing things in all those realms." USAA expects to begin rolling out its plan in earnest during the first quarter of 2002, beginning with development of an Enterprise Risk Advisory Committee, which will include representatives from all key business sectors, Mandel said. The goal is to develop a well-delineated process that the company can then call its "enterprisewide approach to risk management," he said. To that end, USAA is taking what Mandel calls a generic risk-management model, which includes the identification, assessment and financing of risks, then adds controls, measures and monitors. Even before Mandel arrived, company officials were noting that a lot of chief risk managers at financial institutions were claiming to be doing some version of enterprise risk management, and they were asking themselves why USAA wasn't following suit. "We also had to note that we're not just an insurance company--we consider ourselves a diversified financial The diversified financial services segment includes a range of consumer and commercially-oriented companies offering a wide variety of products and services, including various lending products (such as home equity loans and credit cards), insurance, and securities and investment institution," Mandel said. "From an insurance standpoint, we're a reciprocal-exchange structure, but our property/casualty and life insurance operations are only a part of the business, although a major part." USAA also comprises a federal savings bank Noun 1. federal savings bank - a federally chartered savings bank FSB savings bank - a thrift institution in the northeastern United States; since deregulation in the 1980s they offer services competitive with many commercial banks , an investment-management company, a financial-planning network and a real-estate arm involved in joint ventures. "The insurance company risks are probably the most significant that we have from an operational standpoint," Mandel said. He pointed to the threat of class-action lawsuits stemming from life insurance sales practices, after-market parts allegations or behavioral patterns In software engineering, behavioral design patterns are design patterns that identify common communication patterns between objects and realize these patterns. By doing so, these patterns increase flexibility in carrying out this communication. in claims adjustment that have given rise to allegations of bad faith against other insurers. "They're pretty significant issues that have resulted in lots of litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. and lots of dollars being passed to plaintiffs for different reasons," he said. Quantifying Risks A major challenge in USAA's move to enterprise risk management is quantifying the business risks it faces, Mandel said. "If you want to get the resources you need to deal with risk issues -- once you've identified and assessed them -- you need to be able to quantify their potential impact," he said. "Therefore, the kinds of potential return, even if indirect, that you can get out of the efforts you apply to treating those risks, that's the biggest challenge." He has a colleague who notes how "the quantitative types" in the company will say that if something is not specifically quantifiable by a formula, as it is in so many areas of financial-risk management, then it's probably not worth considering. "She would argue, and I would agree, that if it's not quantifiable, it's probably even more potentially catastrophic than anything you can quantify," Mandel said. Perhaps the most important step to success of an enterprise risk-management process is getting the company's chief executive officer directly involved, he said. "Lacking the appointment of a chief risk officer in a formal way, the CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. is the de facto [Latin, In fact.] In fact, in deed, actually. This phrase is used to characterize an officer, a government, a past action, or a state of affairs that must be accepted for all practical purposes, but is illegal or illegitimate. chief risk officer for a company like this, as for any company," Mandel said. "I believe that in this case, we'll get that kind of endorsement on a continuing basis that will allow us to garner the attention we need going forward." Despite the complexities of this process, some say they are detecting heightened interest on the part of more insurers. "As time goes on, things become less new, and so it becomes much easier to talk about," said Prakesh Shimpi, U.S. managing principal for Swiss Re Swiss Re is the world’s largest reinsurer, now that it has acquired GE Insurance Solutions (Ligi 2006). Founded in 1863, Swiss Re now operates in more than 30 countries. General Electric owns 8.9% of the firm. New Markets, whose client base includes insurance companies and major corporations. "I am having more conversations today about this general approach with interested parties." In the book, Integrating Corporate Risk Management, Shimpi and colleagues discuss how capital management and risk management have long been treated as separate parts in the overall discussion of corporate finance, even though they really are two sides of the same coin. The book presents a common risk--management frame-work --the "Insurative Model--which uses techniques that straddle In the stock and commodity markets, a strategy in options contracts consisting of an equal number of put options and call options on the same underlying share, index, or commodity future. both the insurance and capital markets. Shimpi and colleagues don't go out to their clients to sell the Insurative Model, he emphasized. "As we talk to them about issues that they face, as the opportunity presents itself to think about the issues in a larger context, then the insurative framework is helpful," he said. As Mandel can attest To solemnly declare verbally or in writing that a particular document or testimony about an event is a true and accurate representation of the facts; to bear witness to. To formally certify by a signature that the signer has been present at the execution of a particular writing so as , there is no one-size-fits-all strategy when it comes to enterprise risk management. "You really need to take the culture and the structure and everything else into consideration when you decide how to run down this path," Mandel said. "We look around us and we really don't find any other company that's quite like us, which is another reason why we had to look at this and decide it's definitely got to be our version of this thing." Once the decision is made, however, the transition to enterprise risk management can be a struggle for insurers. Unlike financial institutions, where interest-rate risk and credit risk are the two principal risks, insurance companies have the issue of liability management in retaining risk from the policies on their books. "That risk comes from a wide variety of sources--property, casualty, workers' compensation workers' compensation, payment by employers for some part of the cost of injuries, or in some cases of occupational diseases, received by employees in the course of their work. , third-party liability, business interruption, contingent business interruption," Eqecat's Kuzak said. "You begin to stack it all up and see that managing the liability side of that is a major undertaking." Baldoni, for one, thinks enthusiasm about the concept of enterprise risk management was starting to fade in the past year or two. But the events of Sept. 11 could reignite Verb 1. reignite - ignite anew, as of something burning; "The strong winds reignited the cooling embers" ignite, light - cause to start burning; subject to fire or great heat; "Great heat can ignite almost any dry matter"; "Light a cigarette" that interest among insurers, because this approach seeks to embrace hundreds of risks that might affect a business, he said. "If you said I am focusing much more dramatically on 10 of those risks than I was just months ago before the World Trade Center event, is that more focused on enterprise risk management? I don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. ," Baldoni said. "But I do know it's focused on 10 more of those risks or 20 more of those risks. So I think it's focusing people more and more on the broader sense of the connectivity of risks, the linkages of different activities and how they impact a company, its profitability and its survivability sur·viv·a·ble adj. 1. Capable of surviving: survivable organisms in a hostile environment. 2. That can be survived: a survivable, but very serious, illness. ." Lemberg thinks that the biggest change since Sept. 11 has been the definition of an improbable loss event. Corporations now are asking themselves, "what is probable, or, conversely con·verse 1 intr.v. con·versed, con·vers·ing, con·vers·es 1. To engage in a spoken exchange of thoughts, ideas, or feelings; talk. See Synonyms at speak. 2. , what is improbable? And hand in hand with that, what is material to our organization? What's critical? What could do us substantial harm? So, the definition of improbable now has to be revisited and organizations have to come to a common understanding when talking about this," he said. More than ever now, companies must consider combinations of events, not just single occurrences, because the destruction of the World Trade Center triggered a lot of claims, not just in property, Lemberg said. The very nature of this event, with its extremely high concentration of assets and insurance risks coupled with a very high severity, "means, suddenly, insurers have correlations across all these lines of business, which people never saw before," Kuzak said. "That's really the eye-opener here." Insurers that didn't think their life business was correlated with their property business have found out differently. "We've had inquiries from insurers, asking, 'What happens if we have a major earthquake and I write workers' compensation coverage? What kind of exposure do I have?'" RELATED ARTICLE: Enterprise-Risk Models Look at the Big Picture For more than a decade, insurers have been intensifying in·ten·si·fy v. in·ten·si·fied, in·ten·si·fy·ing, in·ten·si·fies v.tr. 1. To make intense or more intense: their efforts to quantify their risks and keep as tight a lid as possible on their exposures. Most recently, industry leaders have begun to take a more holistic view of risk, capital and return by implementing enterprise-risk models based on methodologies such as dynamic financial analysis (DFA DFA - Deterministic Finite-state Automaton. See Finite State Machine. ), value at risk (VaR) and risk-adjusted return Risk-Adjusted Return A measure of how much risk a fund or portfolio takes on to earn its returns, usually expressed as a number or a rating. Notes: This is often represented by the Sharpe Ratio. The more return per unit of risk, the better. on capital (RAROC RAROC Risk-Adjusted Return On Capital ), reports Risk Management Solutions, Newark, Calif., a leading provider of catastrophe models. The company offers the application within the property/casualty industry of enterprise-risk modeling using risk-adjusted return on capital methodologies. Its recently developed Web-delivered product is called P&C Raroc, which allows insurers to see how much capital is needed to support a company and how much is actually available. "Ours is a more top-down approach Top-down approach A method of security selection that starts with asset allocation and works systematically through sector and industry allocation to individual security selection. ," said Peter Ulrich, managing director of the enterprise risk management group for Risk Management Solutions. "This was developed by actuaries and provides more simulation-based models." Through use of the models, insurers can create proforma income and balance sheets, Ulrich said. RIMS also developed a model that analyzes statutory data for property/casualty companies that are doing business in multiple states. The company says its goal is to help clients gain the most complete view of their risk portfolio and thereby improve financial performance. Applied Insurance Research, another top risk-modeling firm, does not market an enterprise risk management tool per se to model all of an insurer's financial and operational risks, said Karen M. Clark, president and chief executive officer. The Boston-based company's core competency A core competency is something that a firm can do well and that meets the following three conditions specified by Hamel and Prahalad (1990):
"For example, we have our output in such a format that it can be read into other models that they are using--either a DFA model or some other kind of model," she said. "It obviously takes a lot of effort on the part of the company to realiy quantify and put together all the different risks and figure out the tools that they're going to use. We have made it so that our output is very easy for them to plug into whatever else they're using, because they're definitely trying more and more to use these other techniques." For the next year or two, the company intends to broaden the scope of what it already models. "The interest is more in man-made catastrophes outside of natural catastrophes, and we'll be looking at more types of risk to add," Clark said. But the prospect of developing a tool that models all the risks of a business may be in AIR's future, she said. "The way you approach risk, a lot of the techniques that you use and the tools that you use to model risk are the same, no matter what kind of risk you are looking at," she said. Eqecat, another leading catastrophe-modeling and consulting firm, provides a suite of software tools to analyze natural hazards: earthquakes, hurricanes, European windstorms A European windstorm is a severe cyclonic storm that tracks across the North Atlantic towards northwestern Europe in the winter months. These storms usually track over the north coast of Scotland towards Norway but can veer south to affect other countries including England, Wales, and floods. "These tools permit insurers to at least take all the natural hazards and begin to look at the probabilities of expected loss over 100, 200 or 500 years from a variety of sources of different kinds of risk," said Dennis E. Kuzak, senior vice president of Eqecat. Another set of Eqecat tools helps insurers optimize their portfolios. In fact, Kuzak sees that as the next wave in the insurance world, with insurers and reinsurers using analytical tools to try to move themselves from wherever they are today to where they want to go in the future. "You can't do total ERM (Enterprise Relationship Management) An umbrella term with many shades of meaning over the years. It may refer to the management of information from any or all of an organization's customers, suppliers, business partners and employees. for an insurance company until you understand how you're going to manage your liabilities, because that's the reason you're in business," Kuzak said. "Insurers--property companies in particular--are in the business of underwriting Underwriting 1. The process by which investment bankers raise investment capital from investors on behalf of corporations and governments that are issuing securities (both equity and debt). 2. The process of issuing insurance policies. risks and how to fund them." |
|
||||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion