Beruflich Dokumente
Kultur Dokumente
Risk Maturity
Assessments in an
International Group
Agenda
1 Motivation
2 Development of Assessment Tool
3 Assessment Process
4 Use of Results at the Local Level
5 Use of Results at the Group Level
1
6/1/2017
1 Motivation
2 Development of Assessment Tool
3 Assessment Process
4 Use of Results at the Local Level
5 Use of Results at the Group Level
2
6/1/2017
Why a Risk Maturity Tool? It outlines local ERM path and identifies
sources of “relevant” Best Practice!
ERM
Maturity
Natural development path:
- Road map for next year?
- Priority at given stage?
Risk intelligence OE1
OE3
OE2
Structured
OE8 OE9
OE3
Best practice
Top-down sharing
OE5 OE10
OE4
In-formal OE7
Basic
Operating
Players in young/emerging markets Players in mature markets Entity (OE)
Maturity
1 Motivation
2 Development of Assessment Tool
3 Assessment Process
4 Use of Results at the Local Level
5 Use of Results at the Group Level
3
6/1/2017
Allianz Tool –
Risk Assessment Diagnostic Analysis and Reporting (RADAR)
• Finance
• CEO area
Interaction
5
4
3
‐
Ownership
Risk Model Risk Capital Model
Governance Design
• Model output & Usage • Design & Methodology
• Model Governance • Data Quality & Security
RADAR has a broad scope: 5 maturity levels for more then 100 assessment items!
4
6/1/2017
Risk Management 2
ORSA process
Framework
1
-
IMAP focus areas
Target
Description
■ Involvement in product approval A local product approval process is Level 1 Criteria Level 2 Criteria Level 3 Criteria Level 4 Criteria
process documented.
■ Aspects considered in the course of and and and and
product approval (e.g. economic view The Risk Function is aware of new
with regard to risk/return and changed products after they have The Risk Function has a basic The CRO makes sure that the P&C The Risk Function delivers risk capital The Risk Function makes sure that
considerations) been approved. understanding of the policy terms and product control process is followed. figures allocated to subline/product level tariff plans and pricing tools (including
conditions (including endorsements and challenges product pricing and ratemaking indications) fully employ
and options) and their risk The Risk Function is informed of new profitability based on risk/return capital intensity information and
implications. products at an early stage and leads considerations (RoRC) measure RoRC
decision making process. calculations.
The Risk Function receives
notification of product approvals for New and significantly changed New products are reported to RiCo.
new or changed products at the end products having major impact on risk
of the process and reviews to ensure profile are approved by the RiCo.
compliance with Group minimum
standards. The CRO is advising the product
provider/actuarial team on risk
aspects including customer
suitability, sales incentives, risky
characteristics and financing
requirements.
• To achieve a given level of maturity an OE must meet all the criteria for that level and all lower levels
• Adequate maturity varies by assessment item. There might be different levels of adequate maturity for
• Regulatory requirements
• Our basic expectations
• Specific needs of the OE
• Assessments are basically process oriented (do you have this process or activity in place)
10
5
6/1/2017
Assessment Criteria
Description
■ Compliance with Group and local Group limits are monitored at least on Level 1 criteria Level 2 criteria Level 3 criteria Level 4 criteria
limits an annual basis.
■ Quality of monitoring process and and and and and
scope
■ Input for business steering The Risk Function monitors The Risk Function receives regular The Risk Function monitors exposure The Risk Function monitors exposure
compliance with PC Group limits (e.g. input from the underwriting of all business lines//business based on risk return consideration
for Nat Cat, Terror and man-made department about exceptions for area/territory and the risk capital and delivers steering input to
cat) on a regular basis. transactions, where predefined consumption. underwriting function.
underwriting limits were exceeded.
The CRO informs local RiCo about There are forward-looking measures
breaches including remediation plans A clear escalation process exists in to avoid limit breaches.
ex-post. case of limit breaches (exposure and
gross underwriting limits) leading to The Risk Function estimates risk
OE had no more than 2 major limit timely action plans to remediate the capital consumption in case of new
breaches (utilization greater than limit breaches. products or unexpected growth.
110%) within the last 2 years which Significant new/ additional exposure
are remediated within 12 months. OE had no major limit breaches to existing clusters is reviewed ex-
(utilization greater than 110%) and ante by the Risk Function.
no more than 2 minor limit
breaches (utilization between OE had no major limit breaches
100% and 110%) within the last two within the last twelve months.
years which are remediated within
12 months.
• Bolded language incorporates results oriented criteria along with process oriented criteria. Finding appropriate
results oriented criteria is sometimes difficult
11
1 Motivation
2 Development of Assessment Tool
3 Assessment Process
4 Use of Results at the Local Level
5 Use of Results at the Group Level
12
6
6/1/2017
Group Risk identifies OEs that require Coverage officer and OE jointly
special attention or support (overall scores review and assess best practice
low or specific scores very low areas and improvement opportunities
Coverage Officers are the Group Risk experts that oversee risk issues in the OESs and represent the shareholder as counterparts to the OE CRO on risk issues
1 Motivation
2 Development of Assessment Tool
3 Assessment Process
4 Use of Results at the Local Level
5 Use of Results at the Group Level
14
7
6/1/2017
• Different aspects of risk • Small simple organizations • OE can have the proper • Cost to achieve higher
management may be relevant may be stifled by processes in place but the maturity level may prohibitive
for an entity (e.g. market risk for implementing complex processes can be
a life entity, reputational risk for processes ineffective • OE may be able to develop
a global corporate entity) alternatives that can achieve
• More process development • Conversely the OE might an acceptable result for less
• Modeling assessment items are is needed for complex not have formal processes cost (particularly for those
certainly less important for organizations (e.g. worldwide in place but still be able to outside the EU)
entities that do not use the companies with home office achieve needed results
internal model functions in multiple informally
locations)
• Different regulatory schemes
(particularly outside Europe) will
affect relevance
15
8
6/1/2017
Significant improvements in some areas such as Audit, Product approval process and IT/ BCM
Solid interaction with other finance-related functions (Actuarial, Financial Management,
Reinsurance and Investment) and Non-life underwriting
Some opportunity to improve capital steering (CIR, Investment Strategy) by providing enhanced
support for planning and strategic decisions
Opportunities for improvement in interaction are also in Legal & compliance and Accounting 17
Utilization of Results by OE
Sample Development Plan
no. RADAR Priority Sub-category Issue 2017 RADAR Development Plans Level of Deadlines/ Milestones
Areas Priority
1 RM Framework Reporting Delays in 1. Additional Quantitative Risk Resource to start on 24th April 1., 2. & 3. Q1 Reporting for
reporting 2. Risk Plan to be presented in Q1 reporting all (May RiCo)
3. Actuarial Function Resource Plan to be presented in Q1 reporting H
2 RM Framework Risk Function Skills 1. New quantitative resource to provide cover for closing process 1. Q2 closing
Resources development 2. New quantitative resource to free up some time for other RMF 2. Q4 2017
resources to develop in other areas 3. H2 2017
3. Currently reviewing transfer of capital management Actuary from the 4. End 2017
Actuarial Function to the Risk Management Function. This will increase 5. End 2017
the skill base of the department and also allow current resources to
expand into new areas H
4. Request to Group Risk on what further regular training might be
available at the Group level
5. Strategic Resource Planning program to review the scope of the RMF
and skills required
3 Risk Monitoring Solvency capital Development 1. Sign off of stress and scenarios by BoM to be used in the ORSA ORSA Report for Dec 2017
and Management assessment of the ORSA report L
process
4 Interaction Strategic Enhance 1. Review Capital Intensity versus peers 1. End June 2017 for key
departments capital 2. Involvement in the investment strategy (P&C and Pension). The main peer and ongoing for other
steering and role of the RMF is to investigate the capital capacity of the company to peers
H
reduce the re-risk the P&C investment scheme and the resultant change in 2. Paper to the May Board
volatility of the sensitivity to market risk factors meeting
SCR
5 Interaction Legal & Increase in 1. IRCS project to align activities across control functions 1. Group Compliance
Compliance interaction Workshop 29th Mar 2017,
L other deadlines TBA end
April 2017
6 Interaction Accounting RMF 1. Quarterly MVBS movement review and sign off with Finance 1. Q1 2017 Closing
involvement in
review of M
MVBS
movements
18
9
6/1/2017
1 Motivation
2 Development of Assessment Tool
3 Assessment Process
4 Use of Results at the Local Level
5 Use of Results at the Group Level
19
• OE1 – Internal Model, Global large commercial writer – High complexity, products with
significant reputational risk
• OE2 – Internal Model, single country PC entity
• OE3 – Internal Model, single country, PC entity
• OE4 – Standard Model, Global, retail writer using B2B2C model
20
10
6/1/2017
Different OEs need Scores may vary Scores do not always Distortions may occur to
different maturity levels based on biases reflect the the extent tool is used
based on their of evaluators effectiveness the for other purposes
complexity processes that are in
place
• Complex international • Some people are „harder • OE can have the proper • Items can be missed if tool is
organizations need more graders“ than others processes in place but the limited to those that are
„maturity“ than small entities in processes can be ineffective „regulatory relevant“:
one jurisdiction „where one can • Some maturity items may be
walk down the hall“ interpreted differently by • Conversely the OE might not • Tool can end up with two
different CROs and Group have formal processes in targets – maturity level to
• Different aspects of risk staff (e.g. risk activities place but still be able to reach regulatory requirements
management may be relevant performed outside of risk achieve needed results and maturity level expected by
for an entity (e.g. market risk for team, technical shortcomings informally the shareholder which may be
a life entity, reputational risk for in meeting maturity levels confusing
a global corporate entity)
21
22
11