Risk Mitigation Strategy: Overcoming crises before they begin
Risk Mitigation Strategy: Overcoming crises before they begin
Syed Danish Ali
Table of Contents
1.INTRODUCTION
2.PLANNING AND MONITORING RISK
3.CREDIT RISK
4.ASSET LIABILITY MANAGEMENT AND MARKET RISK
5.LIFE INSURANCE RISK
6.NON-LIFE & HEALTH INSURANCE RISK
7.PRODUCT DESIGN AND PRICING RISK
8.INFORMATION TECHNOLOGY
9.RISKS RELATED TO OTHER AREAS
- INTRODUCTION
1.1.1.This report seeks to develop a suitable and comprehensive response to number of diverse risks for a sample composite takaful company, i.e., the company’s Risk Mitigation Strategy.
1.1.2.The methodology followed in compiling this report has been as follows:
- During the risk identification exercise, hypothetical existing controls should be evaluated and an assessment of the level of residual risk also made. Where this was not of an acceptable level then the department’s plans to mitigate, the risk should be recorded. Where such plans did not exist, recommendations should be made and agreed as to what needed to be done to reduce the risk to an acceptable level.
- The above planned steps or recommendations should be taken as a starting point to develop the risk mitigation strategy for each area. These have been expanded on in this report.
- Certain generic risks not specific to an individual area also exist. These have also been separately incorporated.
1.1.3.This document is structured into the following sections, each dealing with one of the following areas:
- Planning and Monitoring Risk
- Credit Risk
- Asset Liability Management and Market Risk
- Life Insurance Risk
- Non-Life and Health Insurance Risk
- Product Design and Pricing Risk Control
- Information Technology Risk
- Risk Related to Other Areas
- PLANNING AND MONITORING RISK
2.1.Introduction
2.1.1.A number of the business areas usually identify issues relating to this as key risks for which existing processes and controls are not adequate and required to be mitigated further.
2.1.2.The table below lists risk mitigation measures that can be identified. These have then been grouped into risk mitigation initiatives which are then discussed later in this section (a separate sub-section dealing with each initiative).
Risk Mitigation Step Identified / InitiativeA Strategic Planning Department should be set up to assist the CEO in assessing ground realities and drawing up plans accordingly, also being responsible to ensure that resources being invested in are aligned to realistic business projections as well as the company's overall attitude towards risk. / Implement formal Planning and Monitoring Framework
Communication of business plan to all stakeholders and obtaining commitment to its achievement
Implementation of a capital budgeting framework to align strategic plans to individual business unit plans (also repeated below as valid for both initiatives)
Regular review and adjustment of annual plan to respond to actual experience such that the adjusted plans are realistic and achievable.
Coordination among pricing, product development, marketing & sales departments should be in place.
Detailed financial projections for 10 years including realistic business volumes with a certain product mix, expenses reflecting business volumes (fixed and variable) and product charges based on competitor analysis needs to be in place. This should produce the Shareholders and Takaful fund revenue account and show the emergence of profits as well as ROE for shareholder (including Embedded Value).
Risk Mitigation Step Identified / Initiative
The company should, over a period of time, implement a system where its solvency position is updated as frequent as possible (albeit not with the same level of accuracy as can be measured less frequently), being available on a risk assessment dashboard for top management to view. / Implement a formal Risk Monitoring System
The company should regularly prepare medium term financial position to assess whether its capital is adequate for the next few (usually five) years, and intimate the Board of Directors whenever it feels that this may not be the case.
Implementation of a capital budgeting framework to align strategic plans to individual business unit plans (also repeated above as valid for both initiatives)
2.2.Implement a Formal Planning and Monitoring Framework
2.2.1.Given that business managers are likely to be more than tied up in trying to achieve their direct business goals, there is a need for a dedicated function to ensure that all strategic plans (those of direct business departments as well as support functions) are coordinated.
2.2.2.Preparing the plan is also only half the battle. The other half is ensuring that the plan is implemented in practice. This can only be done through very close (and independent) monitoring of to what extents plans for each functional unit (whether direct business departments or supporting functions) are being achieved in practice and taking corrective measures where these are not being achieved.
2.2.3.An important issue is the need to adjust plans when it is clear that the original plans are not going to be achieved. For example, if it is clear that business levels are going to be half those planned, it may be an idea to delay acquisition of planned resources (HR or otherwise) so that idle capacity does not build up.
2.2.4.In order to address the above issues, the company also needs to set up a Strategic Planning and Monitoring Department which will be responsible for the following:
- In coordination with the Board of Directors and the Chief Executive, define high level strategic planning objectives (such as “achieve x% market share in y years”) both in qualitative and quantitative terms.
- With assistance from the Company’s actuary and Finance Department, prepare a strategic plan which should include projections (business as well as financial statements) for ten years. This plan should be updated every year and totally revamped every three years.
- Set high level targets and assumptions for annual business plans (budgets). Prepare and disseminate the annual budgetary planning document based on which individual departments will prepare budgets. Coordinate the compilation of the annual budget into a single coherent short term plan broken down into monthly quantitative targets.
- Coordinate with the Risk Management function to ensure that the plans being drawn up are within the risk tolerance levels defined by the company.
- Obtain approval of the CEO and then the Board of the annual budget and disseminate targets to individual departments.
- Review actual performance against annual budgets. Discuss causes of variances with respective departmental heads and identify corrective measures if possible. Form a view on whether a change in the original budget estimates is necessary. If required then, after discussion with the CEO, coordinate the effort to make that change along with any consequential changes. Present the changed numbers to the Board.
- Present a quarterly analysis of performance for presentation to the Board. Record Board decisions and ensure that these are implemented.
- In all the above apply best practices in benchmarking business performance (SWOT analysis, competitive position models, simulation and other methods).
2.3.Implement a Formal Risk Monitoring System
2.3.1.Once risks have been identified and measures to mitigate these risks to an acceptable level have been implemented, the main task of the Risk Management Department should be to monitor risks regularly in order to ensure that these remain within the company’s risk tolerance.
Preparation of Annual Plans
- Business plans should be prepared independent of any risk tolerance limits.
- The maximum capital requirement of each line of business should be calculated as the sum of:
- Any capital required to support any losses which may be incurred during the year (losses being determined after absorbing support department costs)
- Any capital required to support technical reserves and the required solvency margin at the end of the reference period.
- The above calculations need to determine a worst-case scenario keeping in mind a confidence level of 99.5%.
- The capital requirements of difference lines of business should then be aggregated to give a company-wide capital requirement. This will be compared with the company’s existing available capital, excluding any inadmissible assets.
- If available capital exceeds the requirement, then the business plan will be accepted for adoption from a risk management perspective.
Periodic Monitoring
- The annual planning process each year will not only prepare a financial plan for the year for which the plan is being primarily made, but will also prepare a tentative plan for the following year.
- After the actual results of each quarter are available, the company will prepare revised plans taking into account the actual position and projecting for the next 12 months. If the result at the end of that 12-month period indicates that available capital may not be enough to cover required capital, then immediate action will be needed to modify plans in order to ensure that the company remains within its risk tolerance limits.
- CREDIT RISK
3.1.Introduction
3.1.1.Credit risk relates to the risk of not being able to realize (usually due to default by the counterparty) assets at value at which they are recognized in the company’s accounting records, whether these be receivables or investments or other assets.This excludes, however, loss of value due to market fluctuation (which is covered under asset liability risk).
3.1.2.The table below lists risk mitigation measures identified for credit risk. These have then been grouped into risk mitigation initiatives which are then discussed later in this section (a separate sub-section dealing with each initiative).
Risk Mitigation Step Identified / InitiativeThe company should (a) carry out a review of the credit status of entities before issuing policies on credit; (b) check for receipt of due premiums before settling claims; (c) check on payment performance before issuing other policies to existing clients; and (d) regularly review receivables. / Implementing a Credit Control Framework
Models can be built that attempt to estimate the transition of rating over time. / Invested Asset Credit Risk
The company concentration of risk should be broken down into sector, locations, policy size and policy type and riders. The company should have a catastrophic cover if the risk is concentrated.
3.2.Implementing a Credit Control Framework
3.2.1.The company’s major credit risk other than investments can emanate from:
- Reinsurers/retakaful operators with whom the company has dealings, the risk being both with respect to amounts receivables (where reinsurance recoveries on claims exceed reinsurance premiums payable) as well as risk of default in paying future reinsurance recoveries when they fall due.
- Customers and brokers with respect to contributions which may not be recovered despite the participant being on cover.
Reinsurance Credit Risk
3.2.2.Insurer hedge large losses through the use of reinsurance (especially non-proportional reinsurance for general takaful), therefore the company can face large losses if reinsurance refuses to pay current or future claims to the company. The risk that the receivable from reinsurance may not be there for the claims paid, claims reported to the reinsurer but not paid by the insurer, and claims that have occurred but have yet to be reported to the insurer (IBNR). The takaful company may face problems from the reinsurer that they have unwillingness to pay some type of claims or only few reinsurers are available to underwrite that risk.
3.2.3.The company should have a mechanism of ceding reinsurance to only those companies which have a credit rating of ‘A’ or above, and should monitor concentration of Reinsurance credit risk. Also, the company should have (but do not usually) models to determine retention as a result of which excessive risks are reinsured which in turn (apart from reducing profits) also increases exposure to credit risk from reinsurers. The following can therefore be recommended:
- Model, for each class of business, its exposure, so as to determine the optimum reinsurance retention level.
- Develop a formal acceptance criteria based on credit analysis including rating (for which the current standard of dealing with ‘A’ rated reinsurers are acceptable).
- Implement procedures for managing reinsurance recoveries to ensure that these are received promptly after payment by the company and also requesting and following up on cash calls for large claims
- Maintain close relationships with reinsurers, for which a contact plan should be developed and implemented.
- Limit exposure to a single reinsurer.
- Monitor systemic risk by ascertaining relationships between reinsures to judge the impact of the failure of a single reinsurer on others.
Other Counterparty Risk
3.2.4.The company may face exposure to other counterparty credit risk like relationships with customers, brokers and other suppliers of goods or services. The company should aggregate these exposures based on different criteria. The company should carry out the review of the credit status of entities before issuing policies on credit. It should check the receipts of premium due before settling claims.
3.2.5.Other practices which should be implemented include the following:
- Monitoring and limiting concentration by sector, location, rating, and name.
- For all corporate clients to whom contracts are issued on credit, developing a mechanism for assessing the credit risk of non-rated clients (i.e., preparing an internal rating mechanism based on a review of financial statements)
- Arrangement of collateralization with brokers
- Regularly Review Receivables
3.3.Invested Asset Credit Risk
3.3.1.Companies usually currently utilize “Traditional Credit Risk Underwriting” approach and only invests in those securities that have minimum of ‘A’ rated credit guarantee from S&P or Moody’s or another rating agency. The regulator can alsoimpose credit concentration limits; internal audit has the responsibility that these limits should be properly adhered to. The company should implement that when there are breaches for the limits.
3.3.2.The companies should plan to move to the modern portfolio based Credit Risk Management as in the long run the above option would not be feasible as the company can hold some risk for better returns. These models hold concentration of credit risk and exposure to risk as well as correlation between each risk category of the portfolio. The company should start collecting data for Portfolio based credit risk mitigation replacing the current method in long run. The following methods are recommended:
- Action Plan in advance for Credit Risk Migration
- Monitor and Control Average Credit Rating of the portfolio
- Monitor Actual and Expected Defaults
- Monitory Loss Recovery in case of default
- ASSET LIABILITY MANAGEMENT AND MARKET RISK
4.1.Introduction
4.1.1.Risks arising from a mismatch of assets and liability (Asset Liability Management [ALM] Risks) are one of the main risks faced by the insurance companies, this relating to the possibility that the value of liabilities and assets backing those liabilities move in different directions. An associated risk is Market risk which is the possibility of assets depreciating in value (without a similar reduction in value of liabilities).
4.1.2.The companies usually have invested majority of available funds in bank deposits (there is lack of bonds/sukuks issuance in GCC unlike in Malaysia). These providerelatively low return to the companies. Given that bank deposits have a capital guarantee, the companiesare not currently exposed to ALM risk. It is, however, losing the opportunity of earning higher returns which it could earn by successfully accepting the risk and managing it.
4.1.3.ALM and Market risk should be covered in the Investment risk register where the following mitigating steps have been identified, the suggested initiatives being indicated in the right-hand column and discussed in sub-sections below.
Risk Mitigation Step Identified / InitiativeThe company should invest in sukuks with a tenor equivalent to the average duration of liabilities. / Cash Flow Matching
The company should prepare cash flow projections periodically in order to determine liquidity needs and plan accordingly, regularly monitoring the liquidity position. / and Immunization
The company should invest in currencies in which liabilities are denominated. / Foreign Exchange Risk Management
The company should limit its exposure to individual institutions by prescribing a maximum proportion of its investment portfolio which can be held in securities linked to a separate entity (other than securities with a sovereign guarantee against default) / Managing Concentration Risk
4.2.Matching Assets with Liabilities
4.2.1.Companies do not usually have any formal mechanism for ensuring that assets and liabilities are matched. Some basic mechanisms need to be adopted which are described below.
Cash Flow Matching and Immunization
4.2.2.Cash flow matching of asset with liabilities and immunization strategies are the traditional ways to manage interest rate and market risk. Duration is defined as percentage change in price of bond when interest rate changes by 1%. Duration does not work well for big change in interest rate but can be a good starting point to manage ALM risks.
4.2.3.It is recommended that, in order to monitor its ALM risk exposure, companiesprepare basic cash flows for both its assets and liabilities in order to monitor any gap. This should be done monthly for the first year, quarterly for the next two years and annually thereafter. As the company commences writing longer term business it needs to manage interest rate risk with sophisticated modified duration matching or immunization strategies and go on to include those that attempt to deal with second-order risks such as convexity and embedded options for the near future. The company should also invest in sukuks with a tenor equivalent to the average duration of liabilities.
Equity market risk
4.2.4.The company will be exposed to equity market risk when the company invests in assets for higher returns. Equity market component can be measured by volatility as well as return of the asset. Fitting past observations to a log-normal (or normal) distribution, then deriving a confidence-based measure of volatility is the normal procedure for measuring equity market risk. This can be adopted by the company once it has a significant equity portfolio.