One of the lessons from my post on the objective of risk management was that there are a number of perspectives on the objective of risk management. I asked a number of leading industry experts to share their perspective.
Two weeks ago, I shared the views of James Tufts, Group CRO of Guardian Financial Services (here). His perspective emphasised that the objective of risk management is to clarify the role of risk management of the business and of the risk function.
Today, I am delighted to share the views of Carlos Montalvo Rebuelta, Executive Director of EIOPA. As a regulator, it is perhaps not surprising that he focuses on the extent to which Solvency II regulation changes the objective of risk management.
I will continue sharing these perspectives in the next few weeks.
Solvency II: a revolution in risk culture?
Carlos Montalvo Rebuelta, Executive Director, EIOPA
As Executive Director of EIOPA, in charge of managing the Authority and an insurance supervisor that has faced very different approaches to risk management across national supervised entities, I would like to touch upon the topic of risk management in insurance.
If we start the topic far away from business, in Nature, we see how species try to do the best out of the environment they operate in, in order to survive, yes, but also in order to prevail and ensure a legacy. They are confronted with risks and they exploit opportunities, risk management at its best, albeit in a very primitive form.
Within the corporate world, but outside the financial sector, we may take the example of EIOPA, where different toolkits are used to anticipate and address challenges, but also to identify and grab opportunities. Risk logs, monitoring tools, clear reporting lines, allocation of ownership for action… doesn’t that sound familiar? Risk management, indeed, reinforced by the conviction from senior management on the usefulness of it; setting the tone from the top.
A distinctive feature of insurance and reinsurance is that the business itself is all about risk. The core objective of (re)insurers is to deal with different kinds of risks making a profit out of them. So, the industry should already have a wide range of specific know-how and experience in the area of risk management, if only because this is what the business is all about i.e. risk.
However, the financial crisis has shown that financial market participants, including insurers, need to rely on stronger risk management capabilities in order to deal with the different challenges posed by the economic slowdown and the financial market volatility. In other words, their risk management frameworks were not always up to the challenge stemming from the crisis.
Self-regulation within undertakings proved insufficient. Very often, any concerns raised about long-term sustainability of the company were ignored or even ferociously denied. Wrong incentives, short term gambits, unsustainable growth… reality was far away from what undertakings claimed to be their situation, with the consequences we all have witnessed.
The upcoming supervisory and regulatory framework for insurance - Solvency II - is going to make significant changes in the current risk culture of many insurers. It is a different way of looking at and managing risks. First of all, it presents risk management not as a point in time procedure, but as a continuous process that should be used in the implementation of the undertaking’s overall strategy.
There is a purpose, and tangible outcomes. The Solvency II framework aims at establishing high quality risk management standards that will be beneficial for insurance undertakings, shareholders and consumers. One of the main requirements of a risk-based regulatory regime is that risk and capital should not be considered separately. This approach will allow top management to ensure that the company does not take on more risks than its capital base allows. It is also an opportunity for the senior executives to anchor a risk culture in an insurer’s day-to-day operations; again, setting the tone from the top.
The Solvency II regime requires insurers and reinsurers to have in place an effective risk management system comprising strategies, processes and reporting procedures necessary to identify, measure, monitor, manage and report, on a continuous basis the risks, both at individual and aggregated levels, they are or could be exposed, and their interdependencies. Nothing new under the sun? Unfortunately, this is not the case.
One of the most innovative changes introduced by Solvency II is the requirement that insurance companies develop their Own Risk and Solvency Assessment (ORSA) as a tool of their overall risk management system. Insurers will need to properly assess their own short- and long-term risks as well as the amount of their own funds necessary to cover them to ensure on-going compliance with capital requirements. Quoting the lyrics of a song by The Velvet Underground, “I will be your mirror, reflect what you are, in case you don’t know it”.
I believe that the Solvency II approach to risk management will allow for an enhanced understanding of the nature and significance of the risks to which a company is exposed, including its sensitivity to those risks and its ability to mitigate them. This understanding will help companies to see their real opportunities and manage their business on that basis.Strong risk management will also be beneficial also for the customers of insurance companies. It will allow insurers to better meet their claims towards clients and, thus, to promote confidence in the insurance sector.
All in all, Solvency II should lead to a win-win situation and bring a risk-based regulatory framework to a business that deals with risk.
If you work in financial services, I would be keen to hear your thoughts about this perspective on the objective of risk management. If you don’t, I would be keen to know if these lessons resonate with your experience.
You can subscribe to future posts here.