Risk Framework

Contents
1. Introduction
2. Supervision
3. Supervision bodies
4. Basel and Solvency
5. ORSA
6. Sarbanes Oxley
7. COSO ERM Framework
Introduction
Regulatory and K standards
 International business are regulated by different territories
 Subsidiaries / Portfolios that operate in

 Different industry sectors (Finance vs manufacturing)

 Different areas within the same sector (banking vs insurance)

 Within same sector that are subject to different regulations (insurer vs captive)

 Different life cycle stages (new ventures, acquisitions)

4
Regulatory regime
 Functional regulation

 Different authorities oversee different activities (e.g. UK)

 Unified regulation

 Single regulator covers a broad range of activities (e.g. Australia)

 Easier to regulate conglomerates

 Ensure consistency in approach across activities

 Limits incentive for regulatory arbitrage (Firm picking the most favorable environment)

 Economies of scale

 Better sharing of ideas between regulatory staff

 Improved accountability (Less chance of buck-passing between regulators)

5
Regulator link with insurer
 Link insurer’s regulatory strategy with corporate strategy
 Implement a transparent, comprehensive regulatory strategy and communicate to regulator
 Ensure that principles of insurer’s regulatory strategy are understood, accepted & adopted throughout
the organization
 Ensure feedback to regulator focuses on the important issues and is unbiased and practical
 Adopt best practice before it becomes mandatory
 Be proactive
 Communicate regularly and openly

6
Supervision
External supervision
 Prudential supervisory processes:

 Oversight (e.g. financial)

 Licensing

 Requirement to maintain minimum standards (e.g. operational)

 Procedures of monitoring compliance with standards and licenses

 Processes to take action against those who fail to comply

8
Supervisors - Types
 Professional bodies
 Professional regulators
 Industry bodies
 Industry regulators

9
Supervisors - Types
 Professional bodies

 Ensure members are adequately trained (through exams)

 Ensure members maintain their competence, through CE

 Some can discipline members that fail to maintain appropriate standards

 e.g. Institute and Faculty of Actuaries (IFA)

 Professional regulators

 Profession with statutory responsibilities are likely to be subject to external regulation

 Setting and monitoring adherence to the standards

 Disciplining non-adherence

 e.g. Financial Reporting Council (FRC); CFA Institute

10
Supervisors - Types
 Industry bodies

 Promote the interest of their members through lobbying and other activities (e.g. research projects )

 These bodies have a clear bias

 e.g. British Bankers’ Association (BBA); British Sandwich Association (BSA); ABI

 Industry regulators (e.g. PRA, FCA, LSE)

 Act on behalf of government to protect the public by controlling the activities of firms and individuals operating in
a particular industry

 Goal is to prevent problems occurring rather than punishing

 e.g. Prudential Regulation Authority (PRA); Financial Conduct Authority (FCA); London Stock Exchange (LSE)

11
Supervision of insurers
 Considerations when trying to understand an insurer:

 Governance arrangements

 Business plans

 Financial reports

 RM strategies and processes

 Reasons to engage proactively with their supervisors

 Insurer-regulator relationship should be a key component of an insurer’s ERM framework

 Proactively engaging regulators reduce level of risk a supervisor places on a particular insurer as regulatory
engages in risk-based regulation (focusing on riskiest companies)

 Regulators are also well place to advise on what is best practice (as they see a wide range of RM practices), more
likely to benefit from such advice with proactive engagement 12
Supervision bodies
PRA
 Part of Bank of England
 Responsible for:

 Prudential regulation & supervision of banks, building societies, credit unions, insurers, investment firms

 Sets standards and supervises financial institutions at the level of the individual firm

14
FCA
 Regulates the financial services industry in the UK
 Aim:

1. Protect consumers

2. Ensure stability of industry

3. Promote healthy competition

 Listed companies comply

 Certain standards set out in the Listing Rules

 Certain disclosure rules on an ongoing basis

 Combined Code of Corporate Governance 2003, or state why they are not

 Power to suspend trading in a company’s share or cancel their listing

15
LSE
 Has 2 main traded markets:

 Main market

 Alternative investment market (AIM)

 There are >300 companies that are traded as “members”

 They deal directly with one another through the exchange, other companies have to deal with member firms, who
then hedge their own positions

 Regulated by the Office of Fair Trading (OFT)

 Services must comply with certain standards such as EU market standards set out in the Investment Services
Directive (ISD)

16
Basel and Solvency
Basel Accords
 Focus here is on the 3 pillars
 Banks are regulated by the country they are based in (e.g. PRA for UK) but countries also adopt
recommendations from European and international organizations
 Basel Committee on Banking Supervisions: publishes the Basel regulations
 Key aim for each of the Basel accords:

 Basel I (1998): set minimum capital requirements for banks

 Basel II (2004): intended to supersede Basel I

 Basel III: developed post 2008 to work alongside Basel II and focuses primarily on specific liquidity , systemic
and counterpart risks

18
Basel Accords
 Pillar 1:

 Minimum regulatory K based on credit, market and op-risk exposed

 Pillar 2:

 Deals with the issues of Supervisory review, which relates to the bank’s internal RM processes

 Supervisors will assess the bank’s internal systems, processes and risk limits

 Ensure that the bank has set aside sufficient capital for its risks

 Liquidity and concentration risk is a particular focus

 Pillar 3:

 Deals with the level of disclosure that the bank is required to undertake to the public and the market

 Purpose is to facilitate market discipline on firms through appropriate pricing for capital

19
Basel II Criticism
 Too much emphasis on a single number that aggregates a wide variety of risks
 Some risk (e.g. op-risk) are difficult to quantify
 Some risk (e.g. liquidity) are only given cursory consideration
 Costly to implement esp. if banks want to use internal model

20
Basel II Criticism
 Risk-herding:

 Since banks all measure risk the same way, they might try to protect themselves in the same way at the same
time of crisis

 Market value may undervalue certain assets (e.g. gov. fixed income)

 Implied levels of confidence could be spurious as some securities (e.g. CDOs) have not existed for very long

 Pro-cyclicality:

 Systemic risk that assets may need to be sold if their market value falls, which forces price even lower

 Overconfident in risk control due to the complexity of the risk modeling

 More complex calculations

21
Basel III Responses
 Strengthens the K requirements for banks
 Limiting cross-holding in other financial institutions and associated to limited systemic risk
 Introduces a conservation buffer to provide breathing space in times of financial stress
 Changes the minimum ratios of Tier 1 and Tier 2 capital
 Allows some flexibility in K requirements in times of financial crisis to limit pro-cyclicality

 Criticism:

 Continue to use risk-weighting dependent upon subjective rating agency assessments

22
Solvency II - Goal
 Introduce economic risk-based solvency requirements
 More comprehensive requirement of both A/L side risks
 Requirement to hold K against market, credit, op, underwriting risk
 Emphasis on the fact that K is NOT the only (or best) way to militate against failures
 More prospective focus
 Streamlined approach which aims to recognize the economic reality of how groups operate

23
Solvency II - Pillars
 Pillar 1

 Quantitative requirements

 Designed to capture u/w, credit, market, op, liquidity and event risks

 Can use standard formula or internal model

 Thresholds: SCR (Below which regulatory action is taken) and MCR (Below which authorization if foregone)

 Pillar 2

 Qualitative requirements on undertakings such as risk management as well as supervisory activities

 Carry out ORSA to quantify their ability to continue to meet the SCR and MCR in the near future

 Pillar 3

 Covers supervisory reporting and disclosure

24
Basel II vs. SII
 Three pillars & each deals with similar aspects of the company’s risk (K, supervisory & disclosure)
 Largely risk-based (vs SI was volume based) e.g. allocate K to business areas that run the highest risk
(can deal with embedded options, guarantees, and other non-volume related risk)
 Designed to be suitable for multi national firms
 The approaches to regulation are consistent for both banking and insurance business

 Differences: contagion risk

 Basel II is based on the concept that market participants are dependent on one another and there is significant
contagion risk in the banking sector

 SII was not designed with systemic risk in mind as it is considered unlikely

26
ORSA
ORSA
 Purpose: Provide board and sr. management of an insurance company with an assessment of

 1. Adequacy of its RM

 2. Current , and likely future solvency position

 ORSA is now part of the International Association of Insurance Supervisors (IAIS) standards
 Overall principles are equivalent across jurisdictions with some different details
 ORSA can be a tool for:

 Improving insurance business practice

 Allowing regulators to enhance their assessments of ability of insurance companies to withstand stress events

29
ORSA - Requirements
 Identify the risk exposed
 Identify RM processes and controls in place
 Quantify its ongoing ability to continue to meet is solvency K requirements (both MCR & SCR)
 Projections of financial position over terms longer than that normally required to calculate regulatory
K requirements
 Analyze quantitative & qualitative elements of its business strategy
 Identify relationship between RM & the level and quality of financial resources needed and available

30
Sarbanes Oxley
Sarbanes Oxley
 Goal of SOX:

 Improve the reliability of corporate disclosures to protect shareholders

 Key features of SOX:

 To inspect published account of quoted firms, and

 To prosecute any accountancy firm deems to be in breath of the regulations

 Increased accountability of CEOs and CFOs of public companies

 Required to certify that the financial statements do not contain any untrue facts and are personally responsible
for financial disclosures in the financial reports

 Each published report must contain an internal control report (ICR) which commits management to maintain
proper internal controls and review their effectiveness

 Requirement for external auditors to report on the assessment made by the management

 Made it illegal for management to interfere with the audit process 32

 Make it illegal to destroy records or documents with intent to influence an investigation

Sarbanes Oxley
 Key themes for management to consider as part of their governance, risk and compliance (GRC) system

 Are controls identified and documented?

 Are controls consistent across the business?

 Do controls address the critical factors? (i.e. the right controls in place?)

 Do the controls include RM?

 What testing procedures are required before signing off the ICR

33
COSO ERM Framework
COSO ERM Framework
 SOX requires demonstration of adequate internal controls

 Many companies use COSO ERM framework (voluntary) to demonstrate adequate internal controls

 COSO (Committee of Sponsoring Organizations of the Treadway Commission) issued a set of definitions
and standards against which organizations can assess their internal control
 Principles of the COSO framework

1. Risk represents opportunity as well as downside

2. ERM is a parallel and iterative process

3. Everyone at all levels has a role in RM

4. Any RM process is imperfect

5. Implementation of RM must balance cost with potential benefit

35
COSO ERM Framework
 Dimensions of the COSO cube

1. ERM components/process (e.g. risk assessment, monitoring)

2. In each business objective covered by the framework (e.g. operational, strategic)

3. And at each business level of application (e.g. subsidiary, unit)

36