ENTERPRISE RISK MANAGEMENT – PERSPECTIVS AND SUCCESS STORIES
TODAY’S DISCUSSION 1. Perspectives on ERM and Introduction – Gunnar Pritsch, McKinsey & Company 2. ERM – PNC’s Journey – Tom Whitford, CRO PNC Bank 3. Enterprise Risk Management at The Hartford, Craig Raymond, CRO The Hartford 4. Enterprise Risk Management at AEGON, Ron Harasym, VP Risk Mgmt., AEGON 5. ERM Success Stories – Optimizing Risk and Capital in Property Insurance Portfolio, Stephen Lowe, Tillinghast 6. Panel discussion
PERSPECTIVES ON ENTERPRISE RISK MANAGEMENT Gunnar Pritsch Principal, McKinsey & Company
[email protected] (212) 446 84 27 ERM Symposium - May 2, 2005
TODAY’S DISCUSSION
• Relevance of ERM • Four building blocks of best practice ERM
PERSPECTIVES ON ENTERPRISE RISK MANAGEMENT 1. Regulators and rating agencies worldwide are intensifying focus on enterprise risk management standards; less room for negotiation 2. Recognition across financial service industry that risks are increasingly correlated across businesses and sometimes across different risk types, requiring a much more integrated, enterprise approach to managing them 3. Heightened market sensitivity to risk surprises following major debacles; fiscal surprises of any kind now leading to greater capital (equity and debt) market penalties, often a multiple of actual loss in shareholder value 4. Boards and CEOs have responded by becoming more involved and overhauling their companies’ risk management practices
THE KEY ELEMENTS OF BEST PRACTICE RISK MANAGEMENT ARE ABOUT MANAGEMENT, NOT MODELS
Core elements to best practice risk management
1. Creating full risk transparency 2. Defining the risk strategy / risk appetite 3. Establishing a robust risk organization 4. Instilling effective risk processes and build a shared risk culture
1. BEST-PRACTICE PRINCIPLES FOR RISK TRANSPARENCY Integrated view on risk Management understanding
• “One company view on risk” – e.g., “Heat Map”
• Highlight and explain “hot spots” • Detect new risks, discuss early warning indicators • Review risk-return performance • Shared understanding of nature of key risks, e.g. –Impact of stress scenarios –Impact of cross-cutting risks and key drivers
Robust risk reporting
• Reporting action/decision-oriented (vs. data-driven) • Information consistent as it aggregates from transaction all the way to the Board
• Readers trained Adequate risk measurement methodologies
• Sophistication of measurement approach follows complexity and level of risk exposure
High risk concentration Medium risk concentration
RISK “HEAT MAP” One-year earnings-at-risk (EaR) U.S. $ Millions Business unit 1 Market risk • US$ IR • Local currency IR • Equity market & other Credit risk • Counterparty risk • Lending risk • Investment risk Operational risk Total EaR
Detailed business unit reports
Business unit 2
Business unit 3
2. DEFINING THE RISK APPETITE – HOW MUCH VOLATILITY IS ACCEPTABLE? Quarterly cash flows – 1991-2002 $ Millions 1,000
Trend line Quarterly cash flows
800
Deviation from trend line Percent 110% 80% 50% 20%
600
-10% -40%
400
-70% -100%
200
-130%
0 Q2 Q1 Q4 Q3 Q2 Q1 Q4 Q3 Q2 Q1 Q4 Q3 Q2 Q1 Q4 Q3 Q2 Q1
-190%
01 00 98 97 96 95 93 92 91 90 88 87 86 85 83 82 81 80
-200
-160% -220%
Losses are infrequent, but severe
-250%
-400
-280% -310%
-600
-340% -370%
-800
0%
5%
10%
15%
20%
A RISK APPETITE ‘DASHBOARD’ TO MONITOR RISK PROFILE Current assessment
Green: Desired risk profile
Yellow: Caution! Management focus is necessary to monitor risk profile and improve if appropriate
Red: Danger! Board attention and management action needed to monitor and improve risk profile
Risk adjusted performance
Top quartile of peers in risk adjusted performance and stable/improving risk/return profile
2nd quartile of peers in risk adjusted performance and stable risk/return profile
3rd or 4th quartile of peers in risk adjusted performance and/or deteriorating risk/ return profile
Capital adequacy
Well capitalized with an appropriate cushion
Well capitalized
Undercapitalized or significant excess capital
Risk mix
Risk mix reflects stated strategy
...
...
Risk mix does not reflect stated strategy, but credit risk is continually decreasing as a proportion of total risk
...
Risk mix does not reflect stated strategy, and credit risk is stable or rising as a proportion of total risk
...
3. DESIGNING A BEST-PRACTICE RISK-MANAGEMENT ORGANIZATION 1. Strong and visible commitment from top management 2. Central oversight of risk management across the enterprise (including subsidiaries, corporate functions) 3. Separation of duties 4. Clearly defined responsibility and accountability
Blueprint for best-practice riskmanagement organization
5. Full ownership of risk and risk management at BU level 6. Business units formally involve and view risk management as a thought partner 7. Cost-effectiveness
4. STRENGTHENING THE RISK CULTURE Putting in place robust risk management processes
“Getting the soft side right”
1. Capital allocation
1. Senior management visibly involved in Risk issues
2. Risk adjusted performance measurement
3. Limit structure & policy setting
2. Building a true partnership between Risk and the Businesses
4. Model validation
3. Aligning incentives
5. …
4. Talent
DRAFT
ERM: PNC’s Journey
EE
Tom Whitford Chief Risk Officer May 2005
DRAFT The ERM Journey 2002 Events
Responses
January
Earnings Restatement
2002
February
Earnings Restatement SEC Investigation
2003
& March
July
Customer Fraud
2004
Regulatory Agreements
2005
Create corporate RM organization
Elevate both corporate and business RM practices towards best practices
Continue to enhance ERM framework
DRAFT Core Risk Management Goals Linkage of Strategy and Risk Profile Integration of Credit, Operational and Market Risk Management Effective Management of Risk Based Capital Culture with Strong Discipline and Accountability
DRAFT Strategic Plan Consistent With Risk Principles Risk Principles
Strategic activities build on key competencies and competitive advantage, reducing execution risk
Only take risks that increase shareholder value
Mix of businesses are diversified across major risk types
Economic capital allocation model ensures risks are appropriately sized, diversified and capitalized
Metrics support risk adjusted performance measurement
Regulatory goals of “well-capitalized” and “safe and sound” are core priorities
Regular communication to board and executive management on risk levels ensures transparency
Limit business decisions by a set of “boundaries”
Balance risk caution with need to grow
DRAFT Governance Process Board Committees Approve risk appetite limits and set strategic direction for the Corporation Provide oversight for Risk Management activities
Management Committees Develop strategic vision for key enterprise-level activities Approve policies governing enterprise level activities
Working Committees Develop framework for implementing key enterprise-level activities Develop and adopt policies governing key enterprise-level activities
DRAFT Enterprise Risk Policy Hierarchy 1
Enterprise Risk Policy • PNC’s risk principles and management framework. • Incorporates high level strategy and risk appetite set by Board
2
Corporate Risk Management Policies • Establish standards for managing risk across businesses.
3
Business Level Policy Guidelines • Provide further guidance for business-specific risk management processes.
4
Risk Management Procedures • Procedures outline steps to take in a given process, often in support of complying with a related policy.
5
Internal Control Structure • Key and supporting controls for risk management processes that have been identified and tested.
DRAFT Enterprise Risk Policy Hierarchy: Example Strategic Plan
Approval and Exception Reporting:
Board Level
Performance Objectives
Current Examples:
Risk Philosophy/Appetite
• Enterprise Risk Tolerance Limits • Risk Rating Philosophy
Enterprise Risk Policy •Target Risk Profile • Governance
Corporate Risk Management Policies Management Committee Level
Business/Management Committee Level
Business/Credit Administration Level
• Portfolio Management Policy • Credit Approval Policy
• Risk limits/tolerances by risk pool • Absolute standards in line with risk appetite
Business Level Policy Guidelines • Business specific underwriting guidelines • Aligned with CRM Policy standards
• Risk-specific policies: – Healthcare – Leasing
• Credit Administration Procedures
Credit Administration Procedures • Consistent measurement/monitoring of risk • Specific underwriting processes
DRAFT Risk Aggregation & Transparency Board Risk Reporting − Every Board Meeting − Led by CRO and CReO
Enterprise Risk Profile Risk
Residual Risk
Risk Trend
Risk Management Assessment $
Credit
$
Market
$
Operating
− Enterprise Risk Profile
Economic Capital
Overall
Liquidity
• Profile Changes • Key Developments/Emerging Risks
$ Stable
− Major Risk Issues by Type Residual Risk Alignment: No gap between Current and Desired Residual Risk. One level gap between Current and Desired Residual Risk. Two level gap between Current and Desired Residual Risk.
Risk Trend: Provides a current assessment of how the risk is expected to move over the next quarter, but does not necessarily indicate that the risk level will change.
Risk Management Assessment: Indicates how well the current risk management infrastructure manages inherent risk. • Strong – Effectively identifies and controls all major inherent risks posed by the relevant activity or function. • Satisfactory – Overall, risk management activities are equivalent to inherent risks posed by the relevant activity or function, but may be lacking to some modest degree. • Marginal – Risk management weaknesses exist that need to be addressed in the near term. • Weak – The control environment is not adequately structured to identify, measure, and monitor inherent risks posed by the relevant activity or function.
DRAFT Enterprise Risk Management Roadmap Success Factors
Objective
Enterprise-wide View
“Best-in-class” Risk Management Organization
Effective Governance
Separation of Duties
Aggregation of Risks
Transparency of Risks
Consistency of Practices
ACCOUNTABILITY
Drivers of Success
Board Involvement
Management Leadership
Corporate-wide Initiative
Values Based Process
Regulatory Partnership
ERM
Enterprise Risk Management
Craig Raymond SVP & Chief Risk Officer May 1, 2005
ERM
ERM at The Hartford Hartford Financial Services Group
Hartford Property & Casualty
Hartford Life
Strong Ingrained Risk Management Discipline Decentralized Entrepreneurial
Hartford Investment Management Co
ERM
ERM Key Design Principles
Full ownership of risks and risk management at business unit level Clear accountability and responsibilities Central oversight Cost-efficiency Involvement of risk management with businesses as “thought partner” Complement Hartford’s two-company structure, build on existing risk culture and utilize existing resources whenever possible Achieve visible risk management excellence both internally and externally Add value (not just bureaucracy) both defensively and offensively
ERM
ERM Objectives “No Surprises”
“Maximize Shareholder Value”
• Create common understanding of risk appetite and tolerances • Understand and report on significant risk exposures across enterprise • Develop and share risk mitigation/transfer methods • Build framework that:
enables business leaders to make appropriate and consistent risk/return decisions
facilitates management of overall enterprise risk profile and capital
ERM
ERM Structure HIG CFO HIG CRO
Corporate
Life CRO
P&C CRO
HIMCO CRO
Hartford CRO position established
Dedicated position
Reports to Hartford CFO with regular Board reporting responsibility
Each operating company established CRO position
Senior leaders in companies with scope of responsibilities greater than just risk management
CROs report to HIG CRO for risk management responsibilities and to line management for all other matters
CROs act as virtual risk management team, pooling resources to staff ERM activities Enterprise risk committee (OOC plus Actuaries, CFOs and CROs) sets risk policy and limits based on CRO recommendations
ERM
Lesson Learned Commitment from the top is critical Process can be good Communication is key
Value in sharing across enterprise
Behavior changes occur when you get understanding and buy-in
Enterprise Risk Management Ron Harasym Vice-President Risk Management
Agenda Overview of AEGON Canada Inc Overview of Tools & Metrics Integration into the Decision Making Process ERM in Practice
Overview of AEGON Canada Inc AEGON International N.V.
Transamerica International Holdings Inc. 100%
27%
AEGON Canada Inc. 73% 100%
Transamerica Life Canada
100%
AEGON Capital Management Inc.
AEGON Fund Management Inc.
100% National Financial Corporation
100%
100%
AEGON Dealer Services Canada Inc. 50%
Money Concepts (Canada) Limited 50%
National Financial Insurance Agency Inc.
Overview of Tools & Metrics Business Plan Dynamic Capital Adequacy Testing Embedded Value Shock Testing Economic Capital
Integration into the Decision Making Process
Accountabilities Risk Categorization Risk Triggers Exposure & Consequences Potential Risk Mitigation
ERM in Practice
Pre-Emptive Strikes Fire-Fighting
ERM Success Stories: Optimizing Risk and Capital in a Property Insurance Portfolio 2005 ERM Symposium – Chicago Stephen Lowe, FCAS, MAAA Managing Director 2 May 2005
© 2005 Towers Perrin
The Client Major property & casualty insurer Writes personal and commercial property insurance
nationally Concentrations of exposure are an obvious issue Extensive knowledge of property insurance risks Detailed database of insured exposure Licenses variety of catastrophe models While analytical tools are in place to measure risk, the
client wanted to more actively manage risk
© 2005 Towers Perrin
2
Key issues and obstacles 1. ERM too high level and intangible
— Not actionable — Value creation not apparent 2. Inconsistent metrics and analytics 3. Resistance to changes in traditional decision
processes — Staff versus line — Black box models
3
© 2005 Towers Perrin
ERM Value Framework Maximize value by using economic capital to relate a firm’s decisions on the risks it takes to the decisions on the capital it uses to finance its business
Value Creation
Capital Costs
Return on Risk Value Management Portfolio of Enterprise Risks
Capital Adequacy
Portfolio of Capital Resources
Risk and Capital Management
Risk Structure How much capital do I need?
Capital Structure What type of capital do I need?
Economic Capital
© 2005 Towers Perrin
4
Phase 1: Decisions about the portfolio of risks
Is this a good risk?
Is this risk a good addition to our existing portfolio?
Concentrations of exposure create the need for additional economic capital
5
© 2005 Towers Perrin
1: Decisions about the portfolio of risks Because property risk pricing is imperfect, one can create value by improving the geographic diversification of the portfolio
Value Creation
Capital Costs
Return on Risk Value Management Portfolio of Enterprise Risks
Capital Adequacy
Portfolio of Capital Resources
Risk and Capital Management
Risk Structure How much capital do I need?
Capital Structure What type of capital do I need?
Economic Capital
© 2005 Towers Perrin
6
1: New analysis facilitated better risk decisions, leading to higher value creation
Constrained optimization to determine best possible portfolio 10% targeted growth in portfolio 8% reduction in required economic capital
Underwriting Status Closed (266) Manager Approval (391) Open (210)
Optimization results were translated into zip code growth priorities for local underwriting decisions
7
© 2005 Towers Perrin
Phase 2: Decisions about portfolio of capital resources Debt Conventional approach Debt
Net Risks Equity Reinsurance
Gross Risks Debt
Equity Framework approach
Gross Risks
Equity Reinsurance
Strategic: Should I change the mix between paid up capital and contingent capital? © 2005 Towers Perrin
Tactical: Given the amount of paid up capital, how much contingent should I buy? 8
2: Decisions about the portfolio of capital One can also create value by altering the mix of capital, for example by shifting from expensive contingent capital to less expensive debt
Value Creation
Capital Costs
Return on Risk Value Management Portfolio of Enterprise Risks
Capital Adequacy
Portfolio of Capital Resources
Risk and Capital Management
Risk Structure How much capital do I need?
Capital Structure What type of capital do I need?
Economic Capital
© 2005 Towers Perrin
9
2: New analysis facilitated better risk decisions, leading to higher value creation
© 2005 Towers Perrin
10
Success 1. Reconciling different internal points of view
— Actuarial versus corporate finance 2. Communicating successfully
— Translating approaches / results into traditional measures 3. Focusing on actionable areas 4. Clearly demonstrating value creation
© 2005 Towers Perrin
11
1. What keeps you awake at night? What are the top 3 risks your businesses faces? How do you think these will change?
0
2. Where do you see the benefit of ERM? Given it’s a cost center, how do you show the value?
1
3. What do you see as the main catalyst (e.g., Board, Rating Agency, felt need, regulator) for a successful ERM initiative?
2
4. How do you enable the board of directors to have an effective dialogue on risk?
3
5. What should be the mandate of ERM and the role of the CRO?
4
6. What should be the relationship between corporate ERM and the businesses?
5
7. How do you build the “E” into risk management? How should ERM influence decision making and what change effort is required?
6