effective risk reporting sunder krishnan chief risk officer reliance life insurance company
TRANSCRIPT
Effective Risk ReportingSunder Krishnan
Chief Risk Officer
Reliance Life Insurance Company
Confidential Slide
2007 Global crisis2007 Global crisis
• One of the most significant lessons learned from the global financial crisis that began in 2007.
• Information technology (IT) and data architectures were inadequate to support the broad management of financial risks.
• Weak risk data aggregation capabilities and risk reporting practices.
• Severe consequences on the stability of the financial system as a whole.
• As a result, the Basel Committee has issued supplemental Pillar 2 (supervisory review process) to enhance ability to identify and manage risks
Confidential Slide
The Anthem case – Hackers stole massive data
3
Tens of Millions of Anthem Inc. Customers in a massive data breach Largest in Corporate History Personal Information compromised - Name, Birthdays, Medical IDs, Social
Security Numbers, Street Addresses, e-mail addresses, employment information, Income data
Damage is being assessed – not yet known whether credit card data is compromised – FBI is investigating
Very Sophisticated external cyber attack Largest in the series of companies to suffer severe data breaches Very swiftly informed the authorities Personal Apology by CEO to all the customers / members Everyone urged to change their passwords – all customers would receive some
Identity Fraud Protection ??? Last year hackers obtained credit card data of 40 Million Target Shoppers as well
as personal information of 70 Million Customers
Confidential Slide 4
Lower Persistency than expected Expenses / costs – underestimated Customers / agents / advisors not adequately identified Inadequate distribution or product roll out Inappropriate selling practices Morbidity & Mortality estimations deviate from actual New Businesses lower than expected Inferior return on investment Solvency / fund crunch issues Compliance issues with Agents exams & training Infrastructure not geared up for new businesses Inadequate investigation of death / accident claims Inadequate underwriting guidelines – lack of tie ups with adequate number of
quality medical centers, inadequate documentation & information obtained from policy holders
Legal / Regulatory /Ethics / fraud
Risk
Insurance – Morbidity & Mortality
Risks for Life &claims & pricing for
Non-life
Financial / Reporting reliability
Risk
Operational – People, Technology
& Process RiskInvestments
RiskReputation
Risk
Risks - Traditional
Confidential Slide 5
Emerging Risks Unforeseen risks from technology – hacking, malfunction, not meeting requirements International terrorism New diseases Untested areas of insurance High competition and thin margins – leading to inferior risk basket of proposals (wrong end of
the cycle) Need for scale – expectations of high volumes and market versus reality Need for Intermediation – banks, MF, Distributors…..support infrastructure
Not adequately geared yet Infrastructure issues – not adequately supporting micro Insurance Thinning talent pool of updated insurance professionals compared with the demand
High attrition rates Changing technology – necessitating constant upgrading – funds guzzler Increasing customer awareness and expectations Risks on processes, technology and people – leverage required to grab opportunities and
meet severe competition Outsourcing risks Innovations – face regulatory risks Alliance risks Corporate Governance Risks Marketing – Hype risks
Confidential Slide
Need for Effective Risk ReportingNeed for Effective Risk Reporting
• Enhance the infrastructure for reporting key information, particularly that used by the board and senior management to identify, monitor and manage risks
• Improve the decision-making process throughout the organisation;
• Enhance the management of information across legal entities, while facilitating a comprehensive assessment of risk exposures at the global consolidated level;
• Reduce the probability and severity of losses resulting from risk management weaknesses;
• Improve the speed at which information is available and hence decisions can be made;
• Improve the organisation’s quality of strategic planning and the ability to manage the risk of new products and services.
Confidential Slide
Principles of Effective Risk ReportingPrinciples of Effective Risk Reporting1. Governance
2. Data architecture and IT infrastructure
3. Accuracy and Integrity
4. Completeness
5. Timeliness
6. Adaptability
7. Accuracy
8. Comprehensiveness
9. Clarity and usefulness
10. Frequency
11. Distribution
12. Review
13. Remedial actions and supervisory measures
14. Home/host cooperation
Confidential Slide
Internal Financial Framework Internal Financial Framework OverviewOverview
Clause 49, listing agreement•CEO/ CFO Certification•Establish and maintain internal Control•Evaluate effectiveness of the internal control systems•Deficiencies in design or operations of internal controls•Steps taken to rectify the deficiencies
Clause 49, listing agreement•CEO/ CFO Certification•Establish and maintain internal Control•Evaluate effectiveness of the internal control systems•Deficiencies in design or operations of internal controls•Steps taken to rectify the deficiencies
Companies Act 2013,Sec 134: As per section 134 (5) (e) of the Companies Act 2013, directors need to make an assertion in Directors Responsibility Statement that they have laid down internal financial controls to be followed and that such IFCs are adequate and operating effectively.
Section 177: Under section 177 (4) (vii), the duties of the Audit Committee include evaluation of internal financial controls.
Section 143: Under section 143 (3) (i), Statutory Auditors are required to make a statement in their Auditors Report, whether the company has adequate IFC system in place and the operating effectiveness of such controls.
Schedule IV: The roles and functions codified in Schedule IV of The Companies Act 2013 clearly state that independent directors shall satisfy themselves on the integrity of financial information and that financial controls and systems of risk management are robust and defensible.
Companies Act 2013,Sec 134: As per section 134 (5) (e) of the Companies Act 2013, directors need to make an assertion in Directors Responsibility Statement that they have laid down internal financial controls to be followed and that such IFCs are adequate and operating effectively.
Section 177: Under section 177 (4) (vii), the duties of the Audit Committee include evaluation of internal financial controls.
Section 143: Under section 143 (3) (i), Statutory Auditors are required to make a statement in their Auditors Report, whether the company has adequate IFC system in place and the operating effectiveness of such controls.
Schedule IV: The roles and functions codified in Schedule IV of The Companies Act 2013 clearly state that independent directors shall satisfy themselves on the integrity of financial information and that financial controls and systems of risk management are robust and defensible.
ListedListed / Unlisted
Framework Adequate Operating Effectively
Confidential Slide
Internal Financial Framework Internal Financial Framework OverviewOverviewDefinition of Internal Financial Controls as per Companies Act, 2013
“policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information”
Financial Reporting Controls
Controls to address Financial Assertions
(includes Fraud and IT risk)
Operational Controls
Fraud Implications
Efficiency / Service Implications
Quality / Maintenance / etcTechnical Controls
Confidential Slide
Enterprise wide Risk Management – The Building Enterprise wide Risk Management – The Building BlocksBlocks
Effective Risk Reporting is an important part of ERM governance
Confidential Slide
Operational Risk
RISK MANAGEMENT WORKING STRUCTURE
Market & Credit RiskIT Risk & BCP Insurance Risk
1. Risk Investigation
2. Risk Projects
3. KRI Dashboard
4. Risk Mate /
Automation
5. MIS and reporting
• Mid office - Investments
• Market Risk MIS• Limit Monitoring• Voice Call Tracking• Personal Trading• Credit Review• Investments
concurrent audit co-ordination
1. BCP monitoring & co-ordination
2. DR follow-ups3. IT risk review &
co-ordination4. IT Risk
Assessments5. CAATs
1. ALM Monitoring &
co-ordination
2. Insurance risk
measures
3. Strategic risk
4. Underwriting Risk
5. Actuarial Risk1. Risk Review2. Continuous
Monitoring3. Risk Assessments4. Risk & Control Self
Assessment5. Risk based internal
audit Co-ordination6. BCM audit
monitoring
Both Reputation and Financial impact of each risk is managed
Confidential Slide 12
How an Organization could gear up for best practices in Risk ManagementEnte
rpri
se R
isk
Managem
en
t
Environment
Strategy
Process
Infrastructure
Disclosure
Investors Analysts RegulatorRating
Agencies
RiskAppetite
EconomicCapital
RiskDiversification
PortfolioOptimization
RiskModeling
RiskMitigation
RiskFinancing
RMFramework
ORSA Data Reporting
Modeling Risk MgmtMgmt
Information
StakeholderMgmt
AccountsSolvency & FinancialCondition reporting
Strategy
Finance
Compliance
Operations
Projects
BusinessUnits
Confidential Slide
Effective Reporting at Reliance lifeEffective Reporting at Reliance life
Confidential Slide
Creating a Heat Map and Mitigation
HEAT - MAP
I M P A C T
Catastrophic
Major
Moderate
Minor
Insignificant
Moderate Likely Almost Certain
L I K E L I H O O D
Rare Unlikely
2
3
4
5 1
24
6 7 8
9
10 11
12
13
14
15
1617
18 19
20
21
22232526
27
28
29 30 31
32
366
33
34
35
376
386
396
Plan of action for Red Risks
Responsibility for action
Follow up and update
Confidential Slide
Risk Management Framework & Committee
Broad objective of the Risk Management Committee is to ensure that riskmanagement processes are followed as per COSO guidelines.
Confidential Slide
Export – Web
Send researches to an Intranet server and give users navigation and graphic tools
Periodic update (copy) of the information – Policies, Expenses and Claims
Customers'profile
-Portfolio segmentation
- Cross-selling
- New policies' profiles- Lapses' profiles
- Scoring
Trends andForecastingExpense Mgt.
- Follow up in time of profit centers(Agents, Products…)- Expenses
Reporting- Trends andBudget
-Business simulations
Productsmanagement
- Profit and Lossareas
- Review pricings
- Simulationson new pricings
CreatePricing
- Build new pricings. in Pure Premium. in % of value
- Frequency and Costmodeling
Claims
- Reporting
- Claims' explorer
- ReservingTriangulationsStochastic models
- Claimssegmentation
Reports' generator
- Taylor made Reporting
- Taylor made follow up of entities
- Define specific indicators
System N(example: product p)
System 1(example: Auto Company A)
System 2(example: Auto Company B)
System N-1(example: Fire)
Import files
Clean dataCreate variables
Make insurance calculations
Analyze theRisk Premium and stratify values
Portfolioexplorer
Real Timeprocessing
Confidential Slide
Ongoing Planning and Performance Measurement Process
Evaluating Risk Appetite
• Define vision• Design/Review target
portfolio by– Industry– Geography– Product type
• Distinguish between– Corporate– Retail (personal,
SME)– Treasury
• Risk position• Comparison of actual v/s
target portfolio• Risk adjusted performance
measures• Financial performance
• Competitive positioning
• Strategic aspirations• Risk/return profile
of SBU’s
• Capital allocation• Risk weighted return
measurement• Risk incurring
transactions• Risk mitigation tactics
6. Monitoring And Performance Reporting6. Monitoring And Performance Reporting
1. Strategic Planning1. Strategic Planning
4. Allocate Capital4. Allocate Capital
3. Set Target Returns3. Set Target Returns
5. Business Unit Transactions5. Business Unit Transactions
• Risk return expectation of the bank• Risk grade of the portfolio
2. Evaluate Risk Assessment2. Evaluate Risk Assessment
Confidential Slide
Reporting requirements Reporting requirements
Reliance Capital (Group
Company)
Monthly Risk meeting on Risk practices and implementation
Quarterly CRO meeting on review o f Status
Quarterly Group Conglomerate meeting on aggregation of risk practices
Monthly reporting on Risk trending, indicators, market risk and operation
risk
Nippon Life Risk Reporting
Annually reporting of all policies procedure and practices
Inspection of risk management and audit practices annually
Audit
Conducting various audits and submitting reports to stakeholders and
regulators
Internal audit, IFC review, Statutory audits and concurrent audits
Confidential Slide
Reporting requirements Reporting requirements
IRDA reporting and other regulatory reporting
Monthly Risk meeting on Risk practices and implementationQuarterly CRO meeting on review o f StatusQuarterly Group Conglomerate meeting on aggregation of risk practicesMonthly reporting on Risk trending, indicators, market risk and operation risk Collation of various reports of risks, frauds, investments and market risk
Board and Executive
Management
Quarterly reporting to Board for the following activitiesFinancialsRisk DashboardKey risk indicatorsQuarterly audit report of financials and key regulations by auditorsInternal audit reportInvestmentsALM Report (Asset Liability Management)Compliance update – circulars and reporting deadlines
Monthly reporting to Executive ManagementRisk Dashboard to Risk CommitteeKey ratios and key risk issuesCompliance UpdateDashboard of various service TATsInvestment committeeALM committee
Confidential Slide
Expectations from Actuarial for Effective Risk ReportingExpectations from Actuarial for Effective Risk Reporting
Expectations Expectations
from Actuarial for from Actuarial for
Effective Risk Effective Risk
ReportingReporting
Adequate Statutory reserving
Effective disclosure on Business /Product Assumptions
Monitoring of Assumptions vs actual of insurance risks such as
claims, mortality, persistency, expenses and new business
Business parameters
Channel wise monitoring
Product wise monitoring
Confidential Slide
Risk Management framework with independent reporting line to CEO / CRO / Group – matrix reporting to Audit committee and Board
Governance – Policies and processes Identification – Risk Assessment, Stipulation of risks along processes and projects Measurement – Quantification and Qualification of risks and losses / impact – Financial and Reputation – risks not measurable are qualified Monitoring – Identification, tracking and control of risk events and resolution thereof Mitigation – Proactive management of risks
Quarterly review of the framework – efficiency and effectiveness Appointed Actuary a part of the Risk Committee / Framework Risk Management operational framework – few key areas:
Operational risks, Product / Pricing risks, Risk Transfer to Reinsurance, Underwriting policies….
Fraud prevention framework, Mis-selling, Investigations, Risk Control and monitoring ALM risk or a separate ALM / ALCO with AA as a member Insider Trading Policy Information Systems Risk Risk Management processes – key processes: Control Self Assessments,
Root Cause Analysis, Risk Assessments and Risk Reviews
Risk Management Framework
DetectionMeasurementWhistle blowing
ControlsPolicyResponsibilities
AssessmentVulnerability
Awareness
Confidential Slide
Solvency II ArchitectureThree Pillars
•Market Consistent Valuation•MCR & SCR•Formula to calculate SCR is likely to be based on Tail Value at Risk VaR 99.5% 1-Year•MCR-relation to SCR to set up•Internal models for SCR•Recognition of Credit Risk mitigation•Recognition of Credit for diversification
•Emphasis on good governance
•Own Risk & Solvency Ass.
•Supervisory Review Process
•More developed than in Basel
•New requirements for disclosure to harness market discipline in support of achieving regulatory objectives
•New requirements for transparency
1. QuantitativeRequirements
2. QualitativeRequirements
3. Disclosure &Reporting
Third pillar of Solvency II Architecture requires Effective Disclosure and reporting
Confidential Slide
Integration of ORSA with Internal Solvency II Model
Risk Management Systems
Internal Audit
Outsourcing
Internal Control
Good Repute
Actuarial Function
General Governance
Fit & Proper
Own Risk and Solvency Assessment
Operational Risk
Market Risk
Underwriting Risk
Default Risk
Pillar I – Quantative
Pillar II - Qualitative
Confidential Slide
Integrating Risks to Solvency II Model Counter Party Default Risk
Using Exposure, Probability of Default and Loss Given Default
Type I Exposures: Reinsurance arrangements, Derivatives, Securitizations, Deposits with
ceding institutions, letters of credit and cash at bank. =>99.5th percentile of the variance of the combined exposure
Type 2 Exposures (More diversified but unrated): Receivables from intermediaries, policyholder debtors and deposits with
ceding institutions (if numbers of counterparties are below a certain threshold) => Sum of the [Exposure multiplied by a (generic) Risk Factor]
Credit derivatives: credit risk transferred goes to (market) credit spread risk
Confidential Slide
Market Risk
Interest Rate Risk: Increase in the volatility of Interest Rates
Currency Risk: Most Onerous result for each individual foreign currency and the aggregate
Stress Risk: Credit Stress vary by duration
Property Risk: Consider differential shocks to commercial, retail and other types of property
Concentration Risk: Thresholds 1-2% (from 3-5%)
Integrating Risks to Solvency II Model – Continued…
Confidential Slide
Life & Health Underwriting Risk:
Mortality Stress: 15% permanent increase in Rates (from 10%) Morbidity/disability Stress: 20% permanent decrease in recovery rates Inception rates 50% increase (from 35%) in inception rates in year one followed by 25%
increase for all subsequent years
Lapse Stress: The greater of 50% increase in lapses 50% decrease in lapses Sum of 30% of surrender strains of policies where the surrender strain is positive
CAT Risk: A 2.5 per mile mortality catastrophe test (from 1.5 per mile in QIS 4) Morbidity CAT stress moved to health risk – a number of pan – European catastrophes will
be developed
Integrating Risks to Solvency II Model – Contd…
Confidential Slide
Operational Risks
Additional elements:
Risks arising from any external management of investments: 0.5% of highest amount held with a single 3rd party management company
Risks associated with increased business activity:
Additional capital if the technical provisions/earned premium are expected to increase by more than 10% over the year
Risk associated with the use of management actions in calculating life provisions:
An increase in the loading applied to life technical provisions Substantial increases in the capital factors:
Still no credit for diversification between operational and other risks
Integrating Risks to Solvency II Model – Contd…
Confidential Slide
Risk Appetite
Environment risk Country Risk and Macro Indicators Nature of business, regulations and Impact Industry trends Profitability Asset base and solvency Stake holders expectations
– Owners
– Regulators
– Government
– Customers
Confidential Slide
Risk Management StrategyRisk Management Framework
Enhancement and Extension of risk framework across
Support to Risk Based Capital
Rating for ERM (Enterprise Risk Management)
Self Risk Management
Self Risk assessment across functions and decentralization
Facilitation process
Corroborative Risk Management
Automated Risk Management
Quantitative Risk Management tool
Embedding risk management in process, technology and trainings
Confidential Slide
Improvement in risk management practices
Need to integrate these practices into the management process
Possible change in organization structure
Greater volatility in balance sheet
Possible move to less volatile asset classes
Greater diversification of assets and use of risk mitigation
Increased capital requirements for higher risks
More innovative risk management
Industry consolidation
Changes to product design
Revision of product diversification
Confidential Slide
Expected Impact on Insurers
Confidential Slide
Some Key statistics
Thank you