Standard & Poor's Ratings Services has added an Enterprise Risk Management (ERM) criteria when rating insurance companies. S&P is basing its ERM ratings on five key metrics:
* Risk-Management Culture
Risk-management culture is the degree to which risk and risk management are considerations in the every day aspects of corporate decision-making. Standard & Poor's will look at the staffing and organizational structure of the people who are charged with executing the risk-management function in the insurer.
* Risk Controls
The agency will evaluate risk-control processes for each of the important risks of an insurer. Consistency between the overall corporate risk tolerances and the specific risk limits will be an important consideration. Summary descriptions of risk-control programs as well as examples of actual execution will be reviewed.
* Extreme Risk Management
Extreme-event risk management is concerned with the impact of low-frequency adverse events on the company. Low-frequency events cannot easily be managed via a control process because the monitoring is not expected to show any results in most periods. Common extreme-event risk-control practices include trend analysis, stress testing, contingency planning, problem post mortem, and risk transfer. Standard & Poor's will be looking for insurers to show that they are practicing extreme risk management in advance of problem events and will be looking for the results of effective extreme-event risk management during and after adverse events.
* Risk and Economic Capital Models
An insurer with effective risk capital models will be able to show that the models produce information needed to perform the basic risk-control functions to sustain losses to within their risk tolerances.
* Strategic Risk Management
Strategic risk management is the process that an insurer uses to incorporate the ideas of risk, risk management, and return for risk into the corporate strategic decision-making processes. Standard & Poor's analysis of strategic risk management will start with understanding the risk profile of the insurer and getting management explanations of the reasons for recent changes in the risk profile as well as expected changes.
The evaluations of each of these areas will be combined into a single classification--excellent, strong, adequate and weak--of quality of ERM.
May 1, 2006
Copyright 2006© LRP Publications