Holistic thinking

The mutual insurer Ethias is not a name that trips off the lips of many people outside the Belgian financial sector. Yet the €1.5 billion (£1.32 billion) capital injection made by the Belgian government in Brussels in 2008 to prop up this company made it the third-highest receiver of state aid in the European insurance sector, after Dutch heavyweights ING and Aegon (€10 billion and €3 billion respectively).

Liege-based Ethias’s problems were caused by an investment policy that left it heavily exposed to the country’s banking sector. The crucial point is not that it ignored the cardinal rule of investing – diversify your portfolio – but that its travails stand out among a European insurance sector that can be said to have had safely navigated the crisis.

This view is supported by Simon Harris, managing director of rating agency Moody’s European insurance team, who says the generally positive performance of the European industry is a reflection of its improved attitude to risk management.

“Risk management is something that can always be improved, but we feel insurers have improved their risk profile, relative to their position in the last asset-led crisis in 2002–03,” he says.

Harris cites increased hedging portfolios and a de-risked asset strategy as the main causes of this increased performance, but also highlights structural changes in the way insurers manage risk. In particular, he cites the increased use of chief risk officers (CROs) and greater integration of risk management across the business.

“Previously, insurers would have one actuary doing the pricing, another team on asset allocation and someone else designing the products – it was sometimes a very siloed approach and they often didn’t speak to each other effectively,” he says. “But by bringing people under one roof, and making one person – the CRO – responsible for holistic risk management, the risk management process has become more integrated.”

This view is supported by Greg Carter, managing director of Fitch’s Insurance Group in London. Carter points to the relative strength of the insurance industry in the recent crisis as proof of how far it has come since the bursting of the dotcom bubble in 2003, although he concedes strong capital positions at the start of 2007 meant it “was a good time for a crisis”.

Carter cites the rating actions taken by Fitch since then – while it has downgraded about half the firms it monitors, the average was only by a notch. “The crisis was a severe challenge, and one that the industry passed,” he says. “That is not to say that another one couldn’t turn up around the corner.”

Holistic
The process of making the risk management process holistic has become one of the industry’s most discussed terms – enterprise risk management (ERM). And this term is key to satisfying Solvency II’s use test. Unlike its banking equivalent, Basel II, where companies merely had to demonstrate they had a model, with Solvency II they need to demonstrate it is embedded in companies’ decision-making process.

Article 118 of the Level I text of the Solvency II directive states, “Insurance and reinsurance undertakings shall demonstrate that the internal model is widely used in and plays an important role in the following: [governance, risk management and economic and solvency assessments].”

And according to Brian Heale, software product director at Towers Watson, implementing the use test and associated culture presents insurers with a significant challenge. “The Solvency II risk-based regime is compelling companies to install robust risk management and monitoring processes and physically embed them within the business. In practice this means a move beyond the pillar one requirement of simply calculating capital numbers to actually understanding where those numbers come from and how they can be used support business decision-making”.

But not only does the use test require companies to demonstrate the integration of the internal model into all aspects of the company, according to consultation paper (CP) 56, it also needs insurers to document the process of how the model is used, and this should also be done on a historical basis.

The CP 56 states: “A record of version control of the internal model needs to be kept. Changes made, whether minor or major, to the design or the operational details of the internal model shall be documented, including the rationale for the changes.”

This requirement was criticised by the Chief Risk Officer’s Forum in its response to CP 56, which argued that once the model has been validated that should be sufficient assurance that it does work. However, the Committee of European Insurance and Occupational Pensions Supervisors has given no indication it will take these points on board and Heale argues that the current wording gives little guidance to insurers. “But it is clear that change will have to occur.

Documenting an internal model to varying levels for different audiences (e.g. the board, the regulator and business decision-makers) will also produce a change in practices – in response to the need to produce detailed model documentation, one person told me all you need to do is just print out the underlying computer code of the model! Clearly, this is of no use to a non-technical audience and this type of attitude will need to change dramatically in order to meet the regulatory requirements,” he says.

While the focus with ERM has been on its role in Solvency II, European regulators are not the only ones taking an interest. Rating agencies have also been focusing on the issue. And with the minimum standard for the directive being roughly equivalent to a triple B corporate rating, while most internationally diversified groups are looking to be rated double A, the ratings approach will be more onerous than the regulator’s.

Ratings
According to Fitch’s Carter, this means that irrespective of the reg-ulatory drivers, companies will need to focus on rating agency requirements for holistic risk management. Though he shies away from describing this as enterprise risk management.

“I’m a little bit sceptical about what ERM actually is – the first reference I can find to it occurs in around 2003, since then it has become a buzz term in the industry, and consultants have made a lot of money off the back of it,” he says. “Ultimately, ERM is all about the ‘M’. If the management is good, then a holistic approach to the risks faced will be employed.”

But according to Neil Cantle, consulting actuary at Milliman’s London office, the industry’s strong focus on understanding the mainstream risks has led it to ignore the issue of emerging risks.

“Companies have excellent models for the risks that they understand – market risk, credit risk, interest rate risk – but emerging risks can have the blended characteristics of all three. This is not correlation and it is reflective of the continuing silo-based mindset that the real combination of these is ignored,” he says.

According to Cantle, the issue of emerging risks – those risks that are not yet fully appreciated – is a key issue. The CRO Forum recently initiated a research project into the likely impact of nanotechnology on future insurance claims, which he says is a good example of the way to approach emerging risks.

“The evidence for what you don’t know is out there,” he says, “and in some ways the issue of emerging risks is merely a reflection that companies are doing well at managing other risk.”

The reinsurance sector has taken a lead in understanding the importance of being aware of the unknown and Cantle cites Swiss Re’s approach to tackling pandemic risk as a good example of the type of thinking required by the industry in order to meet the emerging ERM issues.
“With bird flu, Swiss Re had teams thinking of where the pandemic risk was coming from – modelling the patterns of transmissions and of treatment, for example.”

Could this create a degree of over caution? Cantle thinks not: “The technological and modelling capability is out there. It is just like with a car – if you are a trained mechanic, you would be able to look under the bonnet and see signs of wear and tear that would lead to a breakdown; it wouldn’t be a case of waiting for the car to stop working before you can ascertain the problem.”

But as Cantle looks to the understanding of emerging risks as a key focus for insurers looking to get a strong grip on ERM, others have more prosaic concerns. And while the industry may have given the strong impression that it has the issue under control, regulators – in the guise of Solvency II – will need to see evidence of this.

Moody’s Harris agrees with Cantle’s point on the high level of understanding among the reinsurance industry over the understanding of emerging risk, but he argues instead that the issue itself “has always been of concern and always will – getting an understanding of emerging risks is an inherent part of the insurance industry”.

There may be a lack of consensus over the relative importance of different risks when approaching the ERM issue, but all those interviewed agree that the recent financial crisis has focused insurers’ attention on the need to take an enterprise-wide approach to risk management.

Heale says this also prompted a realisation among senior risk managers that speed of information was also vital. In October 2008 there was a 20% fall on global stock markets in a single week – a timeframe that was much shorter than it took insurers to calculate the impact this had on their balance sheets.

“By the time insurers had calculated their new solvency capital levels the world had moved on – and if it takes three weeks to respond to incidents of this type then the window for taking remedial action may well have closed. But this lesson has been learned – companies are now investing on a large scale in getting the raw computer power to run capital/risk calculations not only on a more frequent basis, but also a dramatically quicker basis. For example, we have several clients who are now running their models on compute grids of up to 1000 CPUs and this is reducing model run times from days to a just few hours,” says Heale.