What Value has ERM Added to the Organisation?
Tony Coleman Chief Risk Officer & Group Actuary Insurance Australia Group
Reputation Risk Can Multiply the Cost of Financial Loss 2001
2004
Incident
NAB HomeSide Write Down
NAB Foreign Currency
Impact
$4bn Share value fell
$0.4bn Share value fell PLUS Directors resigned CEO resigned Loss of confidence
There is a reduced tolerance for mistakes
The Wheel of Misfortune
Source: www.erisk.com
Australian General Insurance Industry Premium Pool
• 120 licensed insurers • Industry consolidation 2001 - 2003
$6.5 billion
$16 billion
• Public Liability, Tort reform • Regulatory reforms • “Post HIH” environment
IAG
Australian Regulatory Framework
ASX
APRA
Integrity of market
ASIC
Prudential regulation
• market integrity • consumer protection • corporate regulation
State Govt Authorities
ACCC Privacy Commissioner
• Workers Compensation • Motor Liability Source:
PwC Insurance facts and figures 2004
More than 19 Regulators in Australia alone
Insurance Australia Group Australia
Personal Lines Short-tail Motor vehicle Home and contents Niche (eg.boat, caravan, travel)
Long-tail Compulsory Third Party (CTP)
International
CGU
Short-tail Fire & ISR Commercial property Commercial motor Rural & horticultural Marine
New Zealand Long-tail Public liability Professional indemnity Home warranty Workers’ compensation
Captive
Asian Operations
IAG Performance Share Price • IAG has consistently outperformed the Australian All Ordinaries Index Combined ratio 120.0%
Combined Ratio
110.0%
• Is trending down and now at 90.7% • IAG has now reported underwriting profits for 3 consecutive years
90.7%
90.5%
90.8%
95.6%
70.0%
95.7%
107.5%
100.8%
80.0%
107.7%
90.0%
109.4%
100.0%
Gross Written Premium
60.0% FY98 FY99 FY00 FY01 FY02 FY03 1H04 2H04 FY04
7000
• 26% Compound annual growth rate • Now at $6.4bn • More than doubled since listing 4 years ago
6000 5000 4000 3000 2000 1000 0 2001
2002 Net Earned
2003
2004
Gross Written
IAG – Risk Influences HIH collapse
Largest Australian Insurance Loss (Sydney Hailstorm)
1998
1999
Purchase of SGIC/SGIO
11.9.01
2000
NAB FX Major Tort law losses in reform share Hardies AMP markets MDU losses (Asbestos) collapse
2001
Demutualisation
Development of joint venture of IMA
Purchase of State Insurance (NZ) & HIH Workers Comp
2002
2003
Purchase of CGU & NZI Insurance
2004
Sale of Clearview Business
Sale of Health Insurance
IAG Restructure
Keeping our Eyes on the Horizon • Framework • Culture • Operating model
Framework
Board & CEO Commitment We “deliver value in four ways: • paying claims • understanding and pricing risk • managing our costs • reducing risk in the community” (IAG Annual Report 2004)
Oversight Framework Customers
IAG Board Chairman’s Committee IAG Audit Committee IAG Risk Management & Compliance Committee (RMCC)
Shareholders Community Regulators
Ex te rn al S tak eh older s
Approved Auditor
Board Management Committees
Oversight roles
Subsidiary Boards Operational Review Meeting (ORM) Underwriting & Pricing Policy Committee (UPPCO) Asset & Liability Committee (ALCO) Regulatory Affairs Committee (RAC) IAGAM RMCC CEO & Executive Team Chief Risk Officer & Group Actuary Corporate Treasurer Chief Underwriting Officer Group Risk & Compliance BU Compliance & Risk Managers Group Legal
Board Committees Chairman’s Committee
Audit Committee
Risk & Compliance
Monitor remuneration and human resource policies and practices
External financial reporting
Risk management strategy
Related party transactions
Internal control systems
External audit
Operational risk framework
Board performance and makeup Social and ethical impacts of the Group’s business practices
Management Committees Executive Team
Asset & Liability
Business Performance
Balance Sheet, Market, Credit, Reinsurance Investments, Derivatives
Operational Risk
Underwriting Regulatory & Pricing Affairs Policy Underwriting
Reputation
Pricing
Regulatory Engagement
Chief Risk Officer Structure IAG Board Risk & Compliance Committee
Chairman’s Committee
Audit Committee
IAG CEO Chief Risk Officer – Tony Coleman Operational Risk Frameworks • Compliance • Business Continuity • Data Integrity • Fraud • Project / IT
ALCO & UPPCo • Capital
Internal Audit
Management • Underwriting • Investments • Credit • Reinsurance
Shared Language IAG’s RISK CATEGORIES Underwriting / reserving Capital management
Operational
Investments & Market
Corporate Governance
Credit Quality
Reinsurance
Claims management
Liquidity
Derivatives
Reserving / Actuarial
Structure is Necessary but not Sufficient Principal Board
IAG Board
Principal Board Audit Committee
N A B
Internal Audit
Group Risk Forum
Central Risk Management Committee BU Risk Management Executive Committees
Culture
IAG RMCC
I A G
IAG Audit Committee
Management Committees ORM, ALCO, UPPCO, IAGAM RMCC
ORA
Rest of ERGA
Risk & Compliance Community
IAG’s Risk Culture • Foster an environment where risks / incidents / breaches are reported promptly • Avoid ‘bad news travels slowly’ syndrome • Avoid ‘shoot the messenger’ syndrome • Promote transparency and a ‘fix it’ mentality
IAG’s Risk Culture Approach Make risk management behaviours ‘part of the way we do things’ – – – –
Understand BU cultural survey results Develop IAG and BU specific activities Quantify operational risk Hold Executives and Senior Managers accountable for improvements – Include in all external / internal audits and health checks.
Risk Tracking Measures • Balanced scorecard approach impacting executive remuneration
Red Orange Yellow Green
• Simplicity and consistency • Profit-before-Tax relativities • Group operational risk tolerance • Regular Business Unit and project ratings • External audit alignment
Risk Culture Measure 100% 90% 80% 70% 60% 50%
Strongly agree
Agree
Disagree
40% 30% 20% 10% 0%
Survey focusing on:
Slightly agree
Slightly Disagree Strongly disagree
Example only – bares no resemblance to actual IAG results
• • • •
Prevention Detection Recovery Continuous Improvement
Operating Model
Risk Management Control Cycle Risk management
Performance management
Capital
Reserving
Pricing
Management Assurance Framework [retrospective] CEO, CFO, CRO
Annual Report and external returns for regulators and shareholders
IAG
Group Executives & Specialists
Biannual declarations and reports to support key issues
DQM
Risk Profile for each division
Risk profiles
Operational Managers
Key processes agreed, owned, documented and reviewed
Key processes
Policies & procedures
Frontline
Frontline support tools
Risk profiles [prospective] Catastrophic 1 11 Major 4
6
Moderate
3
2
5
10 7
8
Minor
9
Insignificant
0
Rare
5
Unlikely
30
Likely
70
Probable
95
Almost Certain
Risk Reporting Licence changes & Breaches
Regulators
ERM performance
Board Committees
ERM exceptions
Executive Management
ERM Dashboard
Business Unit Management
Licence Performance
Responsible Officers
Benefits of ERM 0
10
20
30
40
50
60
Shareholder Value Protected Improved risk predictiveness Awareness of risk improved Cross enterprise risk identified Quality or service improved Losses reduced Strategy clarified Common language established Reputation protection Process improvement Happy regulators
Primary benefit Source: PricewaterhouseCoopers Global ERM Survey
Second
Third
70
Benefits of ERM (cont.) Does Your Company Have a CRO?
What are the Benefits of ERM? 24
Awareness of risk
39%
Yes
No
29%
16
Improved Corporate Governance
15
Product & pricing discipline
Yes* 32%
12
Aggregation of risk
* Not a separate full time role
• The CRO role is becoming ‘the norm’ • Seniority of CRO role is improving
Improved decision making
9
Understand risk exposures
9
• Benefits outweigh the costs • Infusing risk management into culture is the next challenge
Source: “A Survey of Risk Management in the Insurance Industry” (Ernst & Young)
Example – Climate Change
Temperatures are Increasing Global temperatures – difference from 1961-90 average
1990’s were the warmest decade and 1998, 2001-3 the warmest years
Small Climate Changes Can Increase Hazards Dramatically Hazard
Change in Climate
Result
Cyclone
2.2°C mean temperature increase
Increase of 5-10% in cyclone wind speed
Bushfire
1°C mean summer temperature increase
17-28% increase in bushfires
Drought
1.3°C maximum temperature increase
25% increase in evaporation leading to increased bushfire risk
Flood
25% increase in 30 minute precipitation
1 in 100 year flood becomes 1 in 17 year
Source: Mills et al(2001)
25% Increase in Peak Gusts Causes 650% Increase in Building Damage 700
25% increase in peak gust causes 650% increase in building damages
600
% Increase in Damages
500
400
300
200
100
0 Under 20 knots
20-40 knots
40-50 knots
50-60 knots
NSW, NRMA Building Insurance only
Source: Sydney Morning Herald 25th August 2003
IAG’s Response 1
Internal
2
Supply Chain Helping our suppliers and supply chains cleaner and safer
3
Products & Customers
Researching Climate Change, Achieving internal Corporate Sustainability targets Driving cultural change
Integrating sustainability into products and the customer interface
Suppliers: Smash Repair Industry Encouraging safer and cleaner production and waste management • Recycling bumper bars • Waste strategy for suppliers
• Insurance premium
discount for ‘Preferred Smash Repairers’
“Greensafe” Car Profiler • Enabling informed purchase decisions • Rating cars by environmental and safety performance • Collaboration with NSW EPA
12
10
10
8 6 4.48
4 2
1.43
0 12
High
10 8 6
3.62
2 0
1.39
High
Low
Earnings Volatility Low Earnings Growth Companies
10.14
8 6
6.26
4 2 0 12
Low
Earnings Volatility
4
Market Value Added
12
Market Value Added
Low Return Companies
Market Value Added
High Return Companies
Market Value Added
Management of Volatility
10
High
Low
Earnings Volatility
8 6
4.9
5.94
4 2 0
High
Low
Earnings Volatility High Earnings Growth Companies
An Enterprise Risk Framework November 10, 2004 Doug Brooks, VP & CRO
Topics •
Risk Management in Sun Life context
•
Risk Management Mandate
•
Risk Management Framework
•
Risk Management Organization
Themes • The importance of executive support • Suiting the framework to your organization • Knowing your objectives • Learn from bad experiences (hopefully others’) • The importance of different perspectives
3
Sun Life Financial: Enterprise Risk Framework
Sun Life: Diversified Business 2003 Asia UK 2% 13% MFS 11%
Total US = 31%
US 20%
Canada 54%
Canada 54%
Background Sun’s approach developed largely as the result of a number of serious issues • • • • •
Guaranteed Annuity Options in the UK Pension Misselling in the UK Reinsurance problems Trust Company Vanishing Premiums
Pros/Cons of Top-Down Approach •
Significant Advantages: – visibility and attention – resources – key issues dealt with
•
Potential Disadvantages: – viewed as corporate bureaucracy – BUs don’t “own” – systematic structure not developed
Framework must reflect Business •
Business Characteristics: – – – –
•
nature of risks, state of risk management diversity of businesses extent of growth (key business objectives) business partners (outsourcing, JVs etc.)
Organizational Characteristics: – centralized vs. decentralized – culture • •
technical vs. non-technical entrepreneurial
– incentives
Key Elements of ERM •
Development of a cohesive and integrated risk management framework – – – – –
• •
A target risk profile A common language in which to discuss risk and return A common measurement framework for quantifiable risks Comprehensive risk reporting Policies and limits to guide business activities
Risk/Return culture Continual development of technical tools and processes
Risk Management Framework RISK COMMUNICATIONS
RISK TOOLS
CULTURE
PHILOSOPHY
RISK RESOURCES
OBJECTIVES RISK TOLERANCES
ACCOUNTABILITIES
RISK PROCESSES
RISK POLICIES
Objectives of Risk Management •
• •
•
Avoid risks that could materially affect the value of the company Contribute to sustainable earnings Take risks that the company can manage in order to increase returns Provide transparency of the company’s risks through internal and external reporting
Importance of Objectives •
Enables Focus and Prioritization: – encourages discipline
•
Ensures Alignment: – initiatives align with objectives
•
Enhances Communication: – provides context
Risk Philosophy •
•
• •
Our business is accepting risks for appropriate returns Reflecting shareholder and policyholder expectations, external ratings and positioning in market place, we will take on risks that meet the organization’s objectives Alignment with corporate vision and strategy Embedded into the business management practices of every Business Group leader
Culture “Everyone is a Risk Manager” Key Organizational Attributes • • • • • •
Acting with Integrity Understanding Impact on Customers Embedded Risk Management – Discipline Full and Transparent Communication Collaboration Alignment
Risk Categorization • • • • •
Categories Sub-categories Source Exposure Triggers Direct Consequences
Risk Categorization MARKET RISK
CREDIT RISK OPERATIONAL RISK
INSURANCE RISK
Operational Risk – Examples of Sub-Categories • • •
Financial Reporting Risk: Systems & Process Risks People Risk: – the risks arising from the actions/inactions of people – risks of distribution systems
• • •
Legal/Regulatory Risk: Environmental Risk: Strategic Risks
Desired Risk Profile Risk Filter • return/volatility • capability to manage risk – identify and understand risk •
•
appropriate level of monitoring and reporting as well as the infrastructure to support monitoring and reporting ability to act on mitigation plans
Desired Risk Profile Category
Acceptable within policy tolerances
Corporate Approval / Coordinatio n
Unacceptabl e Risks
Credit Risk
Risk A Risk B
Risk C
Market Risk
Risk D Risk E Risk F
Risk G
Risk H Risk I
Insurance Risk
Risk J Risk K Risk L
Risk M
Risk N
Operational Risk
Risk O Risk P Risk Q
Risk R Risk S
Risk Management Structure Board Risk Review Committee
•Requires management to identify and review the major areas of risk •Approves and reviews compliance with the policies implemented by the Company
Executive Risk Committee
•Provides oversight of risk globally •Approves and reviews compliance with risk policies •Monitors breaches of risk tolerance limits and directs action •Sponsors review and analysis on risk exposures related to specific issues
Chief Risk Officer
•Develops and coordinates the Company’s enterprise risk management framework •Reports to the EVP & CFO as well as to the Risk Review Committee
Enterprise Risk Mgmt. Committee
•Comprised of the chief risk officer, other corporate functional heads and the country risk leaders from the main operations •Meets monthly and reports into the ERC
Business Group risk leaders
•Country risk leader either chairs a risk management committee or reports on risk management to the senior management team •Country risk leaders report into, liase with, or participate directly on the CRSC
Corporate Risk Mandate Development and Articulation of Company Risk Management Philosophy Development of Risk Management Framework Governance of Risk Management Management of Risks at Corporate Level Consulting on Risk Issues
Corporate Risk Structure Financial Risk Management • Policy and Reporting • Developmental Work • Hedging, other issues Operational Risk Management • Policy and Reporting • Process Work (Top-10, Business Practice Review etc.) General Insurance • D&O Coverage and claims management • Property & Casualty (Sun Life owned properties)
Accountabilities Risk Committee Network • Risk Review Committee • Executive Risk Committee • Enterprise Risk Management Committees • • • •
Capital Management Committee Corporate Mergers & Acquisitions Committee Financial Disclosure Committees Worldwide Investment Committee
Risk Management Reporting •
Ongoing reporting processes – – – –
•
Market Risk Tolerance Limits Earnings at Risks Top-10 Risk Report Regular Compliance Reports
Regular reports on specific issues – Equity-related Guarantees and Hedges – Guaranteed Annuity Options (GAO)
•
Ad hoc reports
Market Risk Tolerance Limit (MRTL) Report •
•
Tests sensitivity of the company’s income to changes in the interest rate and equity market environments Results compared to tolerance limits
MRTL Report - Interest Rates 100 80 60 40 20 0 -20 -40 -60 -80 -100
I mpact 98%
85%
15%
2%
MRTL Report - Equity Markets 150 100 50 0 -50
98%
85%
15%
2%
I mpact
-100 -150 -200
Earnings-at-Risk (EaR) Report •
•
•
Looks at sensitivity of company’s income to interest rate, equity market and currency changes Tests sensitivity at the 95th percentile level based on 10,000 scenarios Chart on next slide shows these sensitivities in the form of cones by risk and by business unit
Earnings at Risk Report
80 60
Equity Interest Currency
40 20 0
Equity BU#1
BU#3
Top-10 Risk Process Bottom-up Process with Structure • • • •
encourages discussion and learning provides focused and actionable results provides form and forum for follow-up information is accessible and understandable in addressing both financial and nonfinancial risks
Worldwide Top Ten Risks BU #1
BU #2
BU #3
BU #4
BU #5
BU #6
Risk #1
Risk #2
PRIORITIZATION LEGEND
Risk #3 SIGNIFICANT Risk #4 MAJOR Risk #5
Risk #6
Risk #7
Risk #8
Risk #9
Risk #10
Experiences from Rollout •
Importance of Communication – repeat the key messages – find simple ways to illustrate technical concepts
•
Stakeholder Involvement and Ownership – Board, Senior Management – Business Unit Decision Makers
• • •
Clear Objectives Communication and Education Early Uses and “Quick Wins”
MODERATE
MINOR NEGLIGIBLE
Learning from Experience •
Experience is usually the best teacher – unfortunately often costly, negative – generates attention, focus – may be “knee jerk”
• •
Important to learn from principles, not specifics “Can’t Happen Here” – often has to be close, personal
QUESTIONS & ANSWERS