Newsletter Sign-up

It always seems so obvious after the fact.

Of course, the housing market couldn't stay hot forever, and some borrowers would have trouble making their mortgage payments.

Hindsight, as they, say is 20/20.

For insurance company risk managers, however, the trick is to decide as early as possible which risks to take on and which to avoid and then to get out of the way before a small, manageable loss escalates out of control.

Avoiding risk entirely is not an option for any company, but for insurance companies, even less so. Insurance companies are in the business of taking risk; there's just no way around it. It is their bread and butter, and they can either take on risk or pack up their bags, close shop and go home.

Even though insurance companies live and breathe risk, it is still all too easy for their risk managers to miss something significant and find themselves stuck with unexpected, painful losses.

To get a better grip on their exposure to risk and potential for losses, more and more insurers have been implementing enterprise risk management programs and have been trying to enhance their ERM capabilities.

CNA, for instance, recently hired a new chief risk officer as part of its effort to enhance ERM capabilities, which are currently rated "adequate" by Standard & Poor's.

"Certainly, we would want, to the extent that we can, to continue to improve our processes and improve that rating from S&P. That would be something that would be good for us and, at the same time, even more importantly, the more we improve the processes the better the company will perform," says CNA's new CRO John Beckman.

Beckman, who joined CNA in mid-January, will take over from Executive Vice President Mike Fusco, who had the dual roles of chief risk officer and chief actuary. Fusco will continue as executive vice president and chief actuary.

While ERM is supposed to help insurers gain a better understanding of their company's risk, getting it right has been no easy task.

In just the last few months, several major insurers, including Swiss Re, Beneficial and IPC Re, have made announcements that led ratings agencies to question their enterprise risk management capabilities, to place their ratings under review, and to issue negative outlooks or rating downgrades.

Swiss Re in November 2007 announced a 1.2 billion Swiss Franc ($1.1 billion) loss, arising from its exposure to two credit default swaps written by its Credit Solutions unit. Its ratings were placed under review with negative implications.

Beneficial last year recognized about $206 million in asset impairments on both a statutory and GAAP basis following a review of the company's mortgage-backed securities portfolio. As a result, A.M. Best Co. Inc. affirmed Beneficial's financial strength rating of "A" (Excellent), but assigned a negative outlook.

A.M. Best also revised the outlook for IPC Re's ratings to negative from stable, reflecting IPC Re's lack of progress in implementing enterprise risk management. IPC Re has made reductions in its risk exposure, though its progress on ERM has lagged the rest of the industry, according to A.M. Best.

The latest negative industry news came from XL Capital, which announced in late January that it expected charges of $1.5 billion to $1.7 billion for the fourth quarter of 2007 for credit-related investments, including the company's exposure to the operations of Security Capital Assurance.

A.M. Best and Fitch both downgraded XL's financial strength ratings, saying they believed the announcement reflected poorly on XL's enterprise risk management capabilities and decreased their confidence in the company's ability to deliver consistent earnings.

Although these insurers have been in the news because of their struggles with implementing ERM, the industry in general has been making slow progress on ERM, according to S&P.

The ratings house has been evaluating insurers' ERM capabilities since 2005, and has completed a second round of evaluations for 85 percent to 90 percent of insurers globally. In the first evaluation, about 80 percent of insurers were rated no better than "adequate." After the second evaluation, that figure remained about the same.

Indeed, four insurers in North America received lower ERM ratings in their second evaluation.

"We had expected some significant improvements from some of the larger companies that we had thrown into the 'adequate' category," says David Ingram, director of enterprise risk management at Standard & Poor's. "We're seeing some of that, but not quite as much as we had expected."

"There are really two big steps those companies needed to do," he says. "They needed to create a system to measure their risk that went companywide." And they needed "to get actual management buy-in so that the results of that system are useful," he says.

"For some companies, that step takes even longer than the step of creating the numbers and the models in the first place," Ingram says.

CNA SEEKS TO ENHANCE ERM

Management buy-in does not seem to be a problem at CNA.

In its statement announcing the hiring of Beckman, CNA noted that by separating the roles of chief risk officer and chief actuary and by adding Beckman to the leadership team, it was taking a more focused and aggressive approach to enterprise risk management.

Beckman has only just been issued his company ID, and the ink on his new business cards is barely dry.

Asked about his plans for the next 100 days, he says with a laugh, "My first goal at CNA is to establish what my goals for the first 100 days ought to be."

"From my standpoint, I was excited about this position because CNA has a strong framework in place and a strong, committed management team," he adds. "At this point, my goals would be to move it forward and continue to improve the group," he says.

While it may be a bit early for Beckman to have formed any concrete plans for CNA's risk management program--and they probably would have been proprietary anyway--Beckman did give a general outline of his views on ERM.

"From a philosophical standpoint, enterprise risk management is really about creating a framework for risk evaluation, whether it's identifying risk, quantifying risk, analyzing it; and then eventually making strategic decisions about risk and reward," he says.

Then, "when you make those decisions, you have to do it within the boundaries of the framework and risk tolerance that you've established," he says. Beckman previously served as president of ReAdvisory, a consulting service for specialty reinsurance broker Carvill. Prior to joining Carvill, Beckman was with CNA from 1990 to 2003.

First, he says, you have to have a clear definition of your risk appetite. That definition has to be clear and easy for people throughout the organization to understand.

"Enterprise risk management, to be successful, needs to be cross-functional because most of the time our risks involve multiple parts of the company," he explains.

Insurers will take different approaches to determining their risk appetite, but usually the size of the organization will be an important factor, Beckman adds.

Small organizations tend to base decisions about risk tolerance on questions such as probability of ruin or probability of a ratings downgrade. Larger organizations may focus more on earnings stability and the need to protect shareholder value.

After determining how much risk they are willing to take, risk managers then have to identify the organization's risks and quantify them.

One way to start identifying the risks, Beckman says, is for the senior risk executive to have a conversation with the heads of various departments.

"You ask people what they are worried about," he says. While that may seem obvious, ERM is about creating a consistent process throughout an organization for risk management decisions.

"A lot of things within enterprise risk management are done and can be done intuitively," he says. "But the bigger you are and the more complicated your business, the more you want to create a discipline and a framework about how you evaluate that to make sure you do it in the best manner for the entire group.

"What we're trying to do here is move it one level up within the group so that the entire organization addresses it together in the same way," Beckman says.

That risk management culture starts at the top, he says, "by having a senior group of people who are committed to the benefits from enterprise risk management, and then you live it every day, more and more you can establish what you want to do. But then the proof is in the pudding and you live it every day, and it affects the way you operate and then people start to buy in."

KEY CHALLENGES FOR 2008

By creating a strong risk management culture and by having good risk identification process, companies can go a long way to managing their risks and keeping losses under control and avoid the kinds of losses that have given the industry so much trouble in the past.

Over the past decade, for instance, the industry has been hit by a number of big losses. There were the larger-than-expected hurricane losses in 2004 and 2005 and the unexpected losses on directors' and officers' claims following a series of corporate governance scandals. Big declines in the equity markets back in 2001 and 2002, meanwhile, pushed some European life insurers close to insolvency on a mark-to-market basis.

Looking ahead, the main concern is management of the cycle and pricing risk.

"I think the risk that a lot of the companies are talking about now, and are trying to make sure they deal with is the management of the cycle and the pricing risk," Beckman says.

Insurers have had a bad habit of putting far too much emphasis on top-line growth. To gain market share and show good growth, insurers often compete on price, cutting rates too low, eventually leading to large losses.

"ERM may change how the industry reacts to the next soft cycle," Ingram says. "We certainly see and hear much more self-aware dialogue," he says.

"Part of their ERM program, the kind of information systems they've set up to prove their ERM, should also be giving signals about cycle, and we hear a number of companies paying really close attention to those signals," he says.

Insurers are planning to manage the situation in a number of different ways, adds the S&P director.

"Many, many companies are saying we don't have a top-line target in a soft cycle. They start by saying we're not going to pressure underwriters to write a certain amount of business," he says. "We hear other insurers say they are using ERM-related data flows where they expect to try to cherry-pick the very best business to try to hold on to as the business softens."

Others with more flexible strategies, like reinsurers, are watching market by market and are expecting to be nimble to try to avoid writing as much business when trends are unfavorable.

Companies may not be able to avoid the cycle completely, says Ingram, but by paying close attention to the trends and signals, they may be able to avoid the worst of it.

Catastrophic risk is always a concern, but many insurers have already reduced their exposure to catastrophe losses.

"CAT risk is not a key concern because we saw an awful lot of people reduce their concentrations," Ingram says. But if after a few quiet years, insurers increase their exposures, CAT risk could once again become a major concern.

For life insurance companies, Ingram says, the key challenges are related to asset liability management, especially for interest sensitive and equity-related products.

But then there are always those losses that no one could have predicted.

Beckman recalls the remarks of former Defense Secretary Donald Rumsfeld, who famously quipped: "As we know, there are the known knowns; there are things we know we know. We also know there are known unknowns; that is to say, we know there are some things we do not know. But there are also unknown unknowns--the ones we don't know we don't know."

It's those unknown unknowns that can create the biggest problems.

The key, Beckman says, is vigilance and having a process in place to identify potential problems, That process should include watching claims trends, for instance, and staying on top of the legal environment and the tort system.

"You want to have a process in place to catch it as early as you can," he says.

Mistakes are bound to happen, and insurers will almost always have to face the prospect of unexpected losses. But with a good enterprise risk management program, those losses can be nipped in the bud.

"We're not expecting anybody to be perfect at anticipating the next thing," Ingram says.

"The kind of expectations we would have from a really good emerging risk program would be that the people, through their monitoring of what's going on, might get a small jump on their competitors in reacting to it, and when the actual adverse event hits, they would be a little more practiced and ready for it and so they take a little bit less of a loss," Ingram says.

"Because they've got a good system in place, they will take what happened to them and they'll turn it into things they have learned that they'll use to improve all their practices," he says.

PATRICIA VOWINKEL lives in New Jersey.

March 1, 2008

Copyright 2008© LRP Publications