Honing in on Risk Management

One of the most frightening aspects of the financial services meltdown is that it may well happen again. Indeed, a new paper from Society of Actuaries (SOA) and the Joint Risk Management Section says a focus a widespread embrace of enterprise risk management coupled with regulatory enhancements are needed to avert future crises. 

While using the subprime mortgage crisis as a lens on the financial services meltdown, the paper, "The Financial Crisis and Lessons for Insurers," focuses on risk management in the insurance industry.

"The burst of the housing bubble and subsequent global financial crisis exposed many structural issues in the broader financial system and weakness in firms' risk management approaches; they must be addressed to avoid another major crisis" says Dr. Shaun Wang, a professor and director of Actuarial Science in the Department of Risk Management and Insurance at Georgia State University's Robinson College of Business and holder of the Thomas P. Bowles Chair of Actuarial Science. "To move forward, it is essential to develop intelligence about the big-picture environment and address accordingly the near and long-term challenges facing the insurance industry. This applies not only for insurers, but for businesses in general." 

The paper also contemplates the factors, such as aggressive investing, that caused to insurers to take a hit during the crisis. The paper counsels insurers to keep watch on high profit areas, as these are the areas where the greatest risks emanate. For a strong risk management culture take hold, it must start at the top, the paper argues. 

This last bit of advice dovetails with analysis found in a new report from Boston-based Celent, “Risk Governance and the Board Actions to Ensure a Tight Reign on Post-Crisis Business and IT Priorities.” Authored by Cubillas Ding, the report contends that boards at financial institutions are often in the dark when it comes to risk management. “They frequently do not understand the risks their company faces or believe that managing them is not within their mandate, assuming the responsibility has been delegated to executive management,” Ding writes. “Indeed, at many institutions the information that could inform them of the risk implications of business strategies or of major ‘off-strategy risks’ is unavailable to the board.” 

Ding suggests that risk tolerance must be made at the highest level. 

“Risk appetite must be set by an explicit process, requiring input from business heads, risk, finance, and the board,” he says. “The risk appetite statement must specify on-strategy and off-strategy risks and give tolerance levels for all types of risk the institution faces, including capital, liquidity, earnings volatility, and reputation. Most importantly, it should be expressed in a way that can be understood and acted upon.”