NEW YORK – Rating agency Standard & Poor's says 2008 could see an overall improvement in the insurance industry’s enterprise risk management (ERM) scores.
S&P has reported its outlook in an article titled "ERM development in the insurance sector could gain strength in 2008" published on its RatingsDirect website.
A review in 2006 of the ERM practices of rated companies showed several dozen companies developing systems to support better ERM practices.
"We predicted that 10 to 15 of those companies could receive improved ERM opinions in 2007," said Standard & Poor's credit analyst David Ingram. "As it turned out, seven of them did."
The paper includes a review of the differing practices and attitude of ERM around the world and the different attitudes toward the components of ERM, such as risk controls, risk management culture and strategic risk management. It also contains a point-by-point synopsis of the S&P process for evaluating ERM in 2008, and lists the key risks and concerns that will receive extra attention when rating insurers' ERM.
Meanwhile, a roundtable of senior insurance executives has studied the preliminary findings from the 2008 Insurance Risk Leadership Survey conducted by the Insurance Advisory Services (IAS) practice of Ernst & Young. The findings showed a disconnect between chief risk officers and ERM. While the survey of chief risk officers (CROs) revealed insurers are optimistic about the future role of ERM, the industry faces significant challenges as it prepares to move to the next level.
The most surprising results were that less than half of survey respondents reported that the CRO or ERM committee has explicit authority to influence key activities, including product design and pricing, investment strategy decisions, and financial or strategic planning.
Roundtable members were also particularly surprised to learn how limited the current CRO risk monitoring responsibilities are at most organisations, with only half of CROs surveyed saying their role includes monitoring equity, interest rate, credit, or operational risk. However, most expect to take on these responsibilities in the future.
One CRO roundtable member called the results shocking and was met with nods from other attendees as they agreed risk monitoring should be a fundamental element of the CRO position. Learning that the ERM committee, the CFO or even the CEO is tasked with monitoring many of these risks, the group suggested this paradigm is unrealistic. The group was also taken aback by the overall lack of segregation of duties and diffused risk ownership uncovered by the survey, and expressed concern this could lead to limited accountability for many risks.
Roundtable members were also surprised by the fact that less than a third (28%) of insurers are using economic capital as a key performance measure but 90% of CROs expect it to be either a key or main performance measure for their companies within three to five years. One roundtable participant pointed out this could be a reflection of the pressure the industry is experiencing from rating agencies.
While survey respondents were optimistic about the future, they recognised the impediments to integrating risk into the decision-making process.
“Insurers could benefit from the lessons learned by the banking industry,” said Chris Karow, a partner at Ernst & Young. “The companies that are best weathering the current credit crisis are those with agile risk management processes and systems, as well as an effective way to share quantitative and qualitative information in order to have meaningful management team discussions. At the same time, those who strictly focus on measurement or decentralised oversight are finding themselves in the eye of the storm.”
The general roundtable consensus was there is a significant need for CROs to simplify risk reporting to make the information they are sharing more meaningful to the board.
“Board members and business unit heads have no desire to be risk managers and too often the ERM data presented is difficult to digest and apply to strategic decision-making,” said Doug French, managing principal and FSO insurance advisory services leader, Ernst & Young. “The best way for CROs to be effective is to package the information in a way that is easy to understand. This will lead to informed questioning and give the CRO the opportunity to provide critical risk insight to guide the company in the right direction. Of course, the value of this insight will be directly dependent on the ability to measure risk on a timely basis, which remains a challenge.”