Risk Management Common Sense or Rocket Science. Jenni Sparks

Transcription

1 Risk Management Common Sense or Rocket Science Jenni Sparks

2 Background What is my experience in Risk Management? AMP Chief Underwriter GE ERC Frankona Country Manager, Life Reinsurance, Japan Manulife CFO and CRO, Japan AIG Regional CFO (Life), Japan and Korea Hartford CEO Japan Why this Topic? Theory over practice Monitoring rather than managing Standardisation versus customisation Perfect rather than timely Not my job

3 Risk Culture Why is it Important? Culture, more than rule books, determines how an organisation behaves (Warren Buffet, Berkshire Hathaway) Any system/process can fail if people want it to fail. Conversely, with the right attitude, even a mediocre system/process can still be quite effective (Anton Kapel, Towers Watson) One person, or a small group of people, cannot be everywhere at once. To really understand and manage risk, you need constant risk awareness in all parts of the organization. Risk Culture is how people think, feel and act with regard to risk and risk management AKA Awareness, Knowledge and Attitude

4 Risk Culture How do you Build it? Tone from the top a necessary but not sufficient condition Share real life stories horror stories and success stories Focus on the practical don t make it too technical Document and explain the Risk Management Framework Communicate the limits and walk away if Risk Appetite exceeded Don t kill the messenger encourage the identification of risk Brainstorming; Active learning from mistakes Reward the right behavior Keep the focus culture needs constant reviving

5 Risk Appetite Means many different things to many different people Majority view that it is very important to set a Risk Appetite Beacon to find your way through the fog and guide strategic decisions Helps to drive Risk Culture by articulating the attitude to risk Needs to cover all identified material risks impacting the entity More straightforward for financial risks, but also necessary for other risks Non-financial risk may be only qualitative but can often be supported by simple measure Zero tolerance for certain risks is sometimes cited but not realistic Developed through an iterative cycle and needs regular review

6 Common Sense or Rocket Science? Need to deliver the right information to the right people at the right time Models can add value but need to be fit for purpose do not over-engineer Managers need to own the risk complexity can create a lack of ownership Quantifying can mask the uncertainty inherent in the quantification itself Scenario testing is often useful in setting bounds and prioritizing risk Even if a risk cannot be quantified numerically, it needs to be managed Focus on action rather than measurement itself Not a choice it has to be a balance, judgement is always needed A challenge for actuaries is to step away from the sole prism of objective quantification via (complex) models and take a broader approach. Partial quantification, at least to the point of assessing major/minor can always be done, just that the method may involve more judgement and less modeling. (Jules Gribble, Enterprise Metrics)

7 One Size Fits All? It is essential that the approach.can and should be tailored to the needs and maturity of the organization - it is not a one size fits all approach (IRM Risk Appetite & Tolerance Guidance paper) Regulators have reduced risk managers to box checkers, making sure they take every measure of risk and report it dutifully on extensive forms (NY Times Article 3 April 2013) Regulators should set minimum acceptable standards for risk management while allowing significant flexibility to companies in how they implement taking into account each company s unique circumstances. There is a fundamental tension between the objective of using an independent risk management function to focus and drive risk management, and the concept that people that manage the day-to-day business (i.e. the business units) need to own risk.

8 Most Important Tools Good people Strong risk culture Open communication A good brain/common sense Business knowledge Clear risk management framework Robust models, with effective interpretation Scenario testing/ Scenario generators Effective, easy to understand risk scoring matrix

9 Risk Management Key Dos Do something! Be practical and use common sense Communicate early and often Ensure that bad news is communicated as fast, or faster than, good news Make risk management everyone s responsibility Keep it simple it needs to be understood and embraced Set the tone from the top Measure things that are easily measured and on which you will take action Think outside the box Adapt the approach to suit your reality Make Risk Management part of normal business conversations

10 Risk Management Key Don ts Don t wait to find the perfect solution Don t relegate Risk Management to a box ticking exercise Don t treat Risk Management as a one-off or periodic exercise Don t build the Risk Department into an empire Don t engage in group think Don t ignore the need for documentation Don t rely solely on models but don t ignore them Don t ignore the risks that you can t measure Don t lose sight of the wood for the trees Don t forget that people are key