FREE Insurance Networking eNewsletters 
Taking ERM Beyond Rating Agency Requirements
Insurance Networking News, November 1, 2008
Enterprise risk management (ERM) has moved from a relative rarity just three years ago to common practice among insurers today. At least initially, adoption of ERM for many carriers grew from decisions among rating agencies, especially Standard & Poor's, to include the discipline as a rating category. But other forces also have helped move it forward-terrorist attacks, hurricanes and, more recently, the storms in the financial markets.
"There were a couple of leading institutions that practiced ERM because they thought it was good business," says Paul Horgan, partner and leader of the Global Insurance Risk and Capital Team at PricewaterhouseCoopers (PWC) in New York. "But in the United States, it wasn't until the rating agencies really upped the bar on ERM two-and-a-half or three years ago that insurers across the board started investing in it."
Advertisement
But investing in ERM and getting real benefits from it-besides satisfying the rating agencies-are two different things. Banks and investment companies have bought heavily into ERM, and have done so over a longer period of time than most insurance companies. Yet, that investment failed to prevent headline-making disasters for some of them. That's led to questions about ERM's effectiveness and value, but it's also provided a few lessons.
Although insurers have made strong progress in some aspects of ERM implementation, many are still struggling to extend its reach across their enterprises and develop risk data and models in which they have confidence, according to a 2008 PWC study called "Does ERM Matter?"
"I think ERM can matter where it's adopted as a management discipline and if it's driven to making better decisions, as opposed to being adopted primarily for rating agency or regulatory purposes," says Horgan. "More importantly, we saw proof in our data that insurers believe it can matter, as evidenced by their desire to continue to invest in driving ERM down into the business, and their fair self-assessment of their progress."
BEYOND TRADITIONAL MEASURES
In fact, according to a survey conducted earlier this year by Stamford, Conn. consultants Towers Perrin, only 7% of life insurance CFOs considers compliance for regulatory and reporting purposes to be a primary purpose of ERM tools. Thirty-two percent name identifying and quantifying risk across the organization as a primary purpose, and the same percentage cite driving management actions on risk mitigation and value creation.
"What we're seeing in the insurance industry is that carriers who implement ERM are not only improving their management processes, but they're starting to see an improvement in their results," says Towers Perrin Principal John Thomson. "For example, one of the advanced techniques of ERM is the application of more quantitative models for making strategic decisions about deploying capital and then monitoring the return they're getting on those decisions. In an insurance company, that's allocating capital between product lines.
"What companies have found is that some of the areas they may have been supporting from a traditional standpoint, because of historical involvement, may produce returns that are below their corporate expectations, Thomson says. "They may also see other areas where returns are actually better than they'd thought. That allows them to make informed strategic decisions based not on just cost/benefit analysis, but also on risk/reward, so that they can move capital to areas where the returns are more attractive and steer themselves away from areas that have been drags on their organization over time."
Allstate, in Northbrook, Ill., was one of the early ERM adopters. ERM's roots at the carrier go back to 2000, when Thomas Wilson-now chairman, president and CEO of the company-was CFO. Wilson was interested in taking a closer look at capital requirements, and allocating and determining risk-adjusted returns by business units, recalls Larry Moews, VP and corporate risk officer. "There wasn't any crisis," he says. "It was just a CFO asking questions a CFO should ask, and us determining the best way to go about doing that."
Larry Moews
Allstate always considered risk, Moews says, but always considered it in silos. "We were taking equity risk in the variable annuities we'd sell in the life operation. The investment department would have an equity portfolio, and we'd have equities funding our defined benefit pension plan. So, we'd have equity risk sprinkled throughout the company, but we never looked at it holistically. When you look at it holistically, different things pop up."
AT THE BUSINESS UNIT LEVEL
To some extent, says Moews, enterprise risk management is the aggregation of risk at the business unit level. But for the most part, ERM at Allstate concerns itself with risk that affects the organization as a whole. Moews calls it "material risk." "When it comes to enterprise risk management, you only want to concern yourself with risks that are really material to the organization," he says. "Way down deep in the organization someone's performance may be judged on certain risks that are insignificant when you aggregate them for the enterprise. What we try to do from an enterprise perspective is look at the major risks, define them and constantly challenge ourselves that we have the right risk."
Allan Dudek, senior consultant of enterprise risk management at Nationwide Mutual Insurance Co. in Columbus, Ohio, comments that his company's ERM practice takes business-unit risk into account, but has substantially left it alone. "We're in the risk management business," he says. "A lot of very good risk management was being done" before ERM came on the scene, "but a standard way of measuring and stating the risk posture at the top of the house with all of the subsidiaries didn't really exist." When ERM was introduced at the company, it focused on standardization and issues that affected the organization as a whole, he notes, and not on the details of how the business units handled risk. Apart from exploiting good risk management practices that already existed, the move made ERM more palatable to business unit managers.
For more information on related topics, visit the following channels:
