New York — Insurers may be optimistic about the future role of enterprise risk management (ERM), but there are gaps that must be filled in order to achieve ERM’s maximum value, according to senior insurance executives who attended a recent roundtable.
Hosted by the New York-based
The survey of chief risk officers (CROs) from the top 50 U.S. life/health and property/casualty organizations revealed insurers are optimistic about the future role of ERM. However, while the ERM building blocks are in place, the industry faces significant challenges as it prepares to move to the next level.
“Insurance CROs recognize the next era of enterprise risk management is upon them, and are making basic progress in policies, measurement and reporting,” explained Doug French, managing principal and FSO Insurance Advisory Services Leader, Ernst & Young LLP. “However, there are significant gaps that must be filled in order to achieve the end goal of ERM that adds meaningful value to the organization.”
Building on the initial survey findings, the roundtable included a facilitated discussion of ERM progress and the challenges and opportunities for integrating risk into the strategic business decision making process.
Following are key highlights from the survey and discussion:
Confident About Future Role in Strategic Decision Making … Ready to Make it Happen?
While the majority of companies rely on informal processes for evaluating the risk versus reward decision today, 60% expect to have formal structured processes for making these assessments within three years. One roundtable participant noted, “This confirms strategic decision making is the big win out of all this.” The group supported this goal, but was apprehensive about the timeframe being too aggressive.
Roundtable members also were surprised by the economic capital (EC) timeline outlined by survey participants. Less than one-third (28%) of insurers are currently using EC as a key performance measure, but 90% of CROs expect it to be either a key or main performance measure for their companies within three to five years. One roundtable participant pointed out that this may be a reflection of the pressure the industry is experiencing from rating agencies.
Risk aggregation was another area where survey respondents displayed confidence. When asked to rank the value of risk aggregation in strategic decision-making today and in the future, respondents expected its importance to nearly double. This raised additional concerns among the group over managing expectations. They suggested the desire to aggregate exposures seems to be ahead of the methodology that supports it, and without the basic data and modeling in place, there will be no way risk can be aggregated across organizations to support meaningful strategic decision-making.
While survey respondents were optimistic about the future, they recognized the impediments to integrating risk into the decision-making process. In fact, when asked to rank potential challenges today and in the future, there were a number of areas where they expect more difficulty down the road, including lack of data, modeling capabilities with regard to systems, lack of business unit buy-in and risk measures failing to capture business dynamics.
Roundtable members agreed that significant quantitative challenges remain, but were surprised to find that “lack of c-suite buy-in” ranked nearly last on the list of impediments. They suggested this reflects the emerging dual demands with data and modeling challenges top-of-mind, but a growing recognition of th importance of packaging information in a way that will be more useful to executive management.
“Insurers could benefit from the lessons learned by the banking industry,” added Chris Karow, partner, Ernst & Young LLP. “The companies that are best weathering the current credit crisis are those with agile risk management processes and systems, as well as an effective way to share quantitative and qualitative information in order to have meaningful management team discussions. At the same time, those who strictly focused on measurement or decentralized oversight are finding themselves in the eye of the storm.”
CROs Established … but Roles and Responsibilities in Flux
While it is hard to believe only one-quarter (25%) of insurers had a full time CRO just five years ago (according to the 2003 Ernst & Young survey), the potential of this recent c-suite addition has yet to be fully realized, and many aspects of the role are still unsettled.
Less than half of survey respondents reported the CRO or ERM committee currently has explicit authority to influence key activities, including product design and pricing, investment strategy decisions, financial planning or strategic planning.
The group was particularly surprised to learn how limited the current CRO risk monitoring responsibilities are at most organizations. In fact, only half of CROs surveyed say their role currently includes monitoring equity, interest rate, credit or operational risk. However, the vast majority expect to take on these responsibilities in the future.
One CRO roundtable member called the results shocking and was met with nods from other attendees as they agreed risk monitoring should be a fundamental element of the CRO position. Learning that the ERM committee, the CFO or, even the CEO, is currently tasked with monitoring many of these risks, the group suggested this paradigm is unrealistic. The group also was taken aback by the overall lack of segregation of duties and diffused risk ownership uncovered by the survey, and expressed concern this could lead to limited accountability for many risks.
Roundtable members were less surprised to find certain specific risks were being monitored by an alternate source, such as operational IT by the CTO or credit by the ALM committee. However, they noted this may be a greater CRO hurdle, as wrestling the responsibilities away from these owners may be more difficult.
Ability to Articulate Crucial to Generating Board Attention and Strategic Impact
Asked the amount of time the board spends on a range of ERM related issues, equity and operational risk received the most attention, whereas the company’s appetite for risk and ERM policy received the least. The immediate reaction of the roundtable was captured by one participant who said the focus “looks upside down to me … they are spending less time on the things that may come back to haunt them sooner.”
The group raised a compelling factor that may be driving the limited focus on these core ERM elements, suggesting board members are uncomfortable addressing them because of their complexity. One participant said, “Executive management is still skeptical, asking how much ERM will cost and what the ultimate payoff will be. It is difficult to make the rubber hit the road and get the necessary buy-in if we aren’t even speaking their language.”
The general roundtable consensus was there is a significant need for CROs to simplify risk reporting in order to make the information they are sharing more meaningful to the board. It was noted that this is equally, if not more important, for the business unit heads as they are actively seeking this information, and are often disappointed to find it is difficult to integrate into the business decision-making process.
“Board members and business unit heads hav o desire to be risk managers, and too often the ERM data presented is difficult to digest and apply to strategic decision making,” added French. “The best way for CROs to be effective is to package the information in a way that is easy to understand. This will lead to informed questioning and give the CRO the opportunity to provide critical risk insight to guide the company in the right direction. Of course, the value of this insight will be directly dependent on the ability to measure risk on a timely basis which remains a challenge.”
Sources: Ernst & Young, INN archives
Exclusive content available only on InsuranceNetworking.com
