Category Archives: Risk

A pragmatic approach to modelling real-world interest rates

Even without the advent of Solvency II and the appeal of internal models to model capital more accurately, it’s likely that the events following the global financial crisis (GFC) would have sharpened up European insurance companies’ risk modelling capabilities.

In Asia, insurance companies are also investing significant resources in developing their own economic capital models. Boards of directors have been charged with the measurement of risk and the need to plan their capital requirements through such things as an Own Risk and Solvency Assessment (ORSA) and an Internal Capital Adequacy Assessment Process (ICAAP) in Singapore and Malaysia, respectively.

Much has already been written about building complex Monte Carlo engines to calculate risk measures. This report by Milliman’s Clement Bonnet and Nigel Knowles addresses a question about the front-end of the risk measurement process: How do we project our yield curve?

Milliman Asia ERM Newsletter, February 2014

This Milliman Asia ERM Newsletter highlights the latest developments in enterprise risk management (ERM) across the Asia Pacific region. ERM activity in the insurance sector is accelerating at a rapid pace around the region, especially since a number of regulators have introduced Own Risk and Solvency Assessments (ORSA). Even in countries where ORSA has not been introduced yet, there is an increased interest among risk managers who realize the value that ERM can add to their business through enhanced business resilience.

The newsletter features regulatory and market developments related to ERM from India, Singapore, and Thailand. An article by Neil Cantle on the complexity of risk within businesses is also included.

New techniques for identifying emergent operational risks

Techniques for assessing operational risk have come a long way in the past ten years. Today, many companies are going beyond the regulatory minimum to implement sophisticated models that contribute to better understanding and management of operational risk across the business.

One question that tends to push the limits of existing models, however, is identifying emerging operational risk before it produces a loss. Given that risk events are typically not entirely new but rather simply new combinations of known risks, an approach that enables us to analyze which risk drivers exhibit evolutionary change can identify which ones are most likely to create emergent risks. By borrowing a technique from biology—phylogenetics, the study of evolutionary relationships—we can understand how certain characteristics of risk drivers evolve over time to generate new risks. The success of such an approach is heavily dependent on the degree to which operational risk loss data is available, coherent, compatible, and comprehensive. A well-structured loss data collection (LDC) framework can be a key asset in attempting to understand and manage emergent risks.

Broadening the definition of operational risk
In the financial industry, where operational risk has been a significant target of regulators for more than a decade, operational risk is typically defined as “the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events.” However, this definition doesn’t consider all the productive inputs of an operation, and, more critically, does not account for the interaction between internal and external factors.

A broader, more useful definition is “the risk of loss resulting from inadequate or failed productive inputs used in an operational activity.” Operational risk includes a very broad range of occurrences, from fraud to human error to information technology failures. Different production factors can be more or less important among various industries and companies, and relationships among them—particularly where labor is concerned—are changing rapidly. To be effective as tools for managing operational risk day-to-day, models need to account for the specific risk characteristics of a given company as well as how those characteristics can change over time.

Examples productive inputs relevant for operational risk

Type Productive input Description
Natural resources Land The physical space used to carry out the production process that may be owned, rented, or otherwise utilized.
Natural resources Raw materials Naturally occurring goods such as water, air, minerals, flora, and fauna.
Labor Physical labor Physical work performed by people.
Labor Human capital The value that employees provide through the application of their personal skills that are not owned by an organization.
Labor Intellectual capital The supportive infrastructure, brand, patents, philosophies, processes, and databases that enable human capital to function.
Labor Social capital The stock of trust, mutual understanding, shared values, and socially held knowledge, commonly transmitted throughout an organization as part of its culture.
Capital Working capital The stock of intermediate goods and services used in the production process such as parts, machines, and buildings.
Capital Public capital The stock of public goods and services used but not owned by the organizations such as roads and the Internet.

Continue reading

What scenarios pose the greatest risks to the Pension Protection Fund?

The U.K.’s Pension Protection Fund (PPF) will be taking over an insolvent pension plan for the first time. This news brings the following question into focus: Are there scenarios that may render the organisation unviable?

A team from the PPF and Milliman recently performed a reverse stress test of the fund to identify risks that could result in organisational failure. This aiCIO article highlights the results from their subsequent paper. Here is an excerpt:

Lucy Currie, an actuarial practice leader at the PPF, was tasked with finding out under which scenarios the institution could-and would-fail.

“We looked at what a successful PPF was, and what could go wrong,” Currie told aiCIO after presenting a paper she co-authored on the study last month. “We looked at the definition of failure and realised there was no single one. There were various routes, including reputational and political issues, but none of them were financial.”

…She, along with a team from consultants and actuaries Milliman, set about interviewing a range of these stakeholders at the PPF. This ranged from the press relations and human resources departments to board members at the institution. Across a series of meetings, the team built up a cognitive map using the responses they gathered that showed the routes to failure.

“We talked about specific scenarios to make it real for stakeholders so they could draw on past experiences,” Currie said. “It was also a good way to validate what we are getting right.”

The map used the same language as had been reported in the stakeholder interviews, as the results had to be meaningful and relatable to all parties.

These responses fed into “critical nodes”, an impact upon which could trigger a tipping point to failure for the PPF.

The six scenarios identified included staffing and administration issues, or outside forces impeding the institution’s proper function.

“We worked back and looked at how they could all happen,” said Currie. “We created something that would feel real for the board and ran a ‘scenario day’.”

The scenarios identified were not just present day potential failures, but also looked to the future.

“We looked at underlying issues that pervade across the entire organisation,” said Currie, “and we did not identify any new risks. We did make new connections to how scenarios could occur, however-the board was reassured.”

The exercise offered new insight if not new risks, the team said, and made connections between the “owners” of the risks and those with power to monitor and manage them.

The article also poses another interesting question. With Solvency II-type governance for pensions delayed, is it time for European funds to conduct comparable exercises to comply with IORP Directive regulations?

To read the entire paper on reverse stress testing at the PPF, click here.

The business value of modelling operational risk

Every organization tries to reduce operational risk as a basic part of day-to-day operations whether that means enforcing safety procedures or installing antivirus software. Yet not as many take the next steps to holistically assess operational risk, quantify the severity, likelihood, and frequency of different risks, and understand the interdependencies among risk drivers. Companies may see operational risk modelling as an unnecessary cost, or they may not have considered it at all. Yet the right approach to modelling operational risk can support a wide range of best practices within an organization, including:

• Risk assessment: Measuring an organization’s exposure to the full range of operational risks to support awareness and action.
• Economic capital calculation: Setting capital reserves that enable organizations to survive adverse operational events without tying up excessive capital.
• Business continuity and resilience planning: Discovering where material risks lie and changing systems, processes, and procedures to minimize the damage to operations caused by an adverse event.
• Risk appetite and risk limit setting: Creating a coherent policy concerning the amount of operational risk an organization is willing to accept, and monitoring it to ensure the threshold is not breached.
• Stress testing: Modelling how an organization performs in an adverse situation to aid in planning and capital reserving.
• Reverse stress testing: Modelling backward from a catastrophic event to understand which risks are most material to an organization’s solvency.
• Dynamic operational risk management: Monitoring, measuring, and responding to changing characteristics of operational risk that is due to shifts in the operating environment, risk management policies, or company structure.

At the more basic level, having a detailed understanding of operational risk simply supports efforts to manage and reduce it—a worthy goal for almost any organization. Modelling enables an organization to consciously set an appropriate balance between operational resilience and profitability.

In order to achieve these goals, it is important to choose a methodology for which the results are accessible and actionable for the decision makers on the front lines of operational risk. Even financial organizations that once chose models primarily to meet regulatory requirements are beginning to move toward models that help the organization actively understand and reduce operational risk. The tangible business benefits are simply too great to ignore.

Continue reading

Implementing and integrating next-generation analytical techniques in the financial industry

The state of operational risk modeling in the financial industry today
Basel II allows banks to choose from three approaches to operational risk: the Basic Indicator Approach (BIS), the Standardized Approach (SA) and the Advanced Measurement Approach (AMA) While the BIS and SA are attractively simple and inexpensive to implement, they are ultimately very blunt tools.

While adopting an Advanced Measurement Approach is much more labor-intensive and requires regulatory approval, large institutions recognize that these challenges are outweighed by the benefits of a more sophisticated approach to measuring operational risk. These include improved reputation among investors and other stakeholders, significantly reduced operational risk capital requirements, and, most importantly, better risk management processes that can actually help reduce losses.

The Advanced Measurement Approach brings with it many requirements, but does not require banks to use a specific modeling methodology. Nevertheless, most banks today have converged on the loss distribution approach (LDA). In the LDA, the severity and frequency of operational risk losses are analyzed and modeled separately. Once severity and frequency have been calculated, the aggregate loss distribution is typically generated using Monte Carlo simulation techniques.

Continue reading

Measuring operational risk capital to deliver business value

Market risk, counterparty risk, and technical risks specific to health, life, and property and casualty lines of business have long been quantified by insurers in response to regulatory requirements. The measurement of operational risk, on the other hand, has only been incorporated into insurance regulatory frameworks over the past decade, and approaches to modeling it are in their relative infancy. The most common approaches for modeling operational risk focus predominantly on prediction of extreme losses, which provides little in the way of practical guidance to management. In this post, we examine standard methods, and introduce a sophisticated and relatively new approach known as structural or causal modeling.

What is operational risk?
Most regulatory frameworks define risk along the lines of “the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events.” This definition is somewhat limited as it doesn’t consider the full range of potential productive inputs that constitute typical operations—and, just as importantly, how operational activities interact with environmental factors outside the organization’s control. In many cases, internal operational failures create a heightened sensitivity to external factors, and it is the interplay among them that can cause severe loss. Therefore, it is useful to define operational risk as “the risk of loss resulting from inadequate or failed productive inputs used in an operational activity.” This accounts for the broad and heterogeneous nature of risk among different industries and even amongst different companies in the same industry.

Continue reading

Enterprise risk management poses strategic challenges

As advances in enterprise risk management (ERM) continue, insurers will encounter new strategic challenges. This Insurance News article highlights Josh Corrigan’s discussion on ERM strategy at the 2013 Actuaries Institute summit in Sydney.

Here is an excerpt:

“During the 1990s [risk management] captured balance sheet interactions, combined with the acceleration of financial risk techniques,” he said. “In the past 10 years the concept of risk appetite has developed and there is a focus on management and governance.”

ERM is now moving towards embedding and understanding how risk fits into an organisation’s culture, Mr Corrigan says.

It is also concerned with risk dynamics and the way various components relate to one another.

“Risk governance is largely focusing on the regulatory framework in which insurers work.

“But organisations need to think about the social structure around ERM and how to deliver risk insight and value to executives and boards.”

Actuaries will play a significant role developing ERM strategies and must engage with people outside the profession as part of that process, Mr Corrigan says.

“We still have a way to go to develop ERM in insurers, and operational risk still needs a lot of work.”

Systems thinking, the whole is greater than the sum of its parts

The reductionist approach is so embedded in actuarial training that the thought of accessing a complex problem holistically may seem daunting. However, a holistic systems thinking approach to enterprise risk management can produce a more complete picture of how business components interact in a non-linear way.

In this InsuranceERM.com article (subscription needed), Milliman’s Matt Cocke and Richard See-Toh provide an asset allocation example featuring two historical statistical models with significant risk management shortcoming. The authors also give an overview of the systems thinking approach that takes into account underlying drivers which determine a portfolio’s performance.

Here is an excerpt from the article:

These systems are adaptive, where the nature of the components and their interactions often change over time and have the capacity to produce quite exotic behaviours. These interconnections and feedback loops preclude holding some subsystems constant in order to study the others in isolation. It is therefore necessary to describe such systems at multiple scales in order to identify how emergent properties are produced.

In the asset allocation example, to apply a systems approach, we would seek to capture the underlying interactions and relationships between components driving the asset returns. The system that we would model would take into account factors such as market competitors, regulation, international markets, the level of confidence of investors and institutions and economic productivity, with direct and indirect connections between these factors and others being clearly acknowledged.

…By understanding the underlying structure and relationships we can better identify how such events ripple through the whole system, and recognise under what circumstances the interaction of elements of the system would behave differently. This can then be reflected in our analysis which will manifest itself through the calibration of underlying probability distributions used in the modelling process. Traditional approaches would typically ignore these dynamics.

The interaction of system factors would allow us to drill down, acknowledging any paradigm shifts, and see the possible impact on markets and how this potentially alters the overall success of asset selection.

Milliman’s enterprise risk management thought leaders recognised

Neil Cantle and Elliot Varnell are among the ten actuaries to receive the Chartered Enterprise Risk Actuary (CERA) qualification from the Institute and Faculty of Actuaries “in recognition of their exceptional roles as thought leaders in the field of enterprise risk management.”

Here is an excerpt from the official press release:

Philip Scott, President of the Institute and Faculty of Actuaries said:

“This award not only recognises the major contribution these individuals have made to thought leadership in the field of Enterprise Risk Management, but also their commitment to embedding ERM within industry practice.

“There are now 108 CERA qualified actuaries working in a wide variety of roles. From regulators and consultants to insurers and asset managers, the CERA qualification is proving an invaluable asset to actuaries as they apply their skill-sets to new challenges

“Our new ERM thought leaders will act as ambassadors for both ERM and the CERA qualification, impressing on both actuaries and the wider business community the value of the qualification.”