Personal tools
You are here: Home Resource centre News Practical issues in implementing Solvency II for Lloyd’s Managing Agents: Risk Appetite
Column header image

Resource centre

 

Practical issues in implementing Solvency II for Lloyd’s Managing Agents: Risk Appetite

On 12th October 2010 avantage held the third in its series of roundtable discussions on the practical challenges of implementing Solvency II in the Lloyd’s market.

The topic of discussion at this roundtable was Risk Appetite.  Solvency II places risk appetite firmly and squarely in the spotlight. It requires that insurers align their risk to an approved risk appetite.  


Paul Sahota, Head of Solvency II at avantage opened the discussion on how to set and cascade Risk Appetite throughout an organisation. He highlighted the importance of having a clear strategy, and the need to prioritise the practical challenges of Pillar I. 


It is the duty of the Board and senior management of an insurance firm firstly to define the risk appetite in a manner that considers long-term performance over the business / insurance cycle and to set clear incentives across the firm to control risk exposures and concentrations in accordance with the stated risk appetite.


While setting and communicating risk appetite can be fairly straight forward for those firms who use their existing performance and underwriting objectives as a basis for the exercise, the major challenge is to develop a dynamic process to ensure controls and incentives are properly aligned. To aid this, a robust governance with respect to setting and cascading of risk appetite is essential.


Paul noted that the key to how a firm might approach cascading risk appetite down to BU level risk limits is to deploy a consultative approach i.e. facilitate discussions between group, business units and underwriting. Also, care needs to be taken that the right language and taxonomy is used and to appreciate that there is a difference in a top-down view (where the focus is on allocating appetite) and a bottom-up view (where the focus on validating limits). 


Our guest speaker Mark White, Head of Risk at Mitsui Sumitomo Insurance Group then went on to discuss the practicalities of Risk Appetite definition and implementation.


Mark began by pointing out that the terms ‘appetite’, ‘tolerance’ etc have different meanings to different people with no “right” or “wrong” definition. However the key is to pick a definition that works for the organisation, to use it consistently, and to communicate it so that everyone in the organisation shares common understanding.

Ideally the risk appetite framework should cover the full range of key risks to which the business is exposed and will involve a number of layers of increasing granularity, cascaded throughout the organisation from high level statements covering the business as a whole (Board level), through to detailed elements which relate to very specific areas. (e.g. business units).  In practice a combination of a top-down and bottom-up approach is most useful, followed by an iterative review process A cross check against the risk register is a good measure to ensure that no major issue is missed.

Mark explained that breaking down the overall “universe” of risk appetite into subsets of increasing granularity can be done according to different taxonomies.  For example, you may opt to slice and dice according to the same structure as the risk register, or according to key business drivers and concerns (e.g. earnings, capital, liquidity, reputation).

It was stressed that it is important to be clear about the distinction between those things that you are aiming for (targets) and those that you want to steer well clear of.  Risk Appetite statements can become confusing where a mixture of the two is used interchangeably.

In some cases it is difficult to say whether something is a statement of appetite or simply an expression of a business /strategic objective because the boundary between these two concepts is blurred.  Expressions of “the sort of business we want to be” and “the way we do things here” typically fall into this grey area, as do fundamental decisions about the type of business activity undertaken.

Some risk appetite elements are much more easily quantifiable than others, and it is likely that most appetite frameworks will contain a combination of both qualitative and quantitative statements. However where there are subjective elements to the risk appetite it is necessary to conduct an iterative review to check that these make sense and to adjust accordingly.

Mark also had a word of caution when applying the words “zero appetite”.  This tag often applied to risk areas such as fraud, especially internal fraud.  The business ought to define what it means by such a statement, and the challenge to anyone using such a statement is whether or not management actions support this assertion.  e.g. if you say you have a zero appetite for fraud, do you mean.

(i)    that your business is unwilling to put itself in a position where fraud could possibly occur?  If so you must demonstrably putting in place every available control to prevent fraud, whatever the cost.

or do you mean


(ii)    you don’t want it to happen … but that it is probably unavoidable without inordinate effort and cost of controls (ie that are not be proportionate to the risks involved?).

Other points made during Mark’s presentation include:

  • Difficulties in accounting for conflicting views of varied key stakeholders (Board and capital providers/parent undertakings, the regulator(s), ratings agencies, the public, and employees). If there is a conflict between the needs of the various stakeholders these should be escalated to the Board so that it can make an appropriate decision.
  • Need to provide for a periodic review of the risk appetite statement as elements of it will require refreshing from time to time for a number of reasons (e.g. change to the firm’s underlying business plans, changes to the regulatory and economic environment).
  • The nature and scope of a risk appetite framework, and the way that it interacts with the business, will affect whether, and what type, of IT solution is required.  Early involvement of IT Department should be encouraged, while remembering that it is the problem that drives the solution and not the other way around.
  • Importance of Documentation - not just for the sake of keeping the regulator happy, but as a necessary precursor to getting formal sign off and approval and for communicating the firm’s risk appetite to internal and external audiences.
  • Risk appetite should be used to drive decision making across the business and at all levels.  Consideration should be given to “communication” of the framework, and alignment with existing risk practices and reporting.
  • A risk appetite framework should include how it will be governed. - not just for “who owns the content”, but also who is responsible for developing, updating, comparing actual levels of risk against appetite, reporting, escalating, communicating, linking the qualitative and quantitative elements, etc.


Roundtable Key Points

Following the speaker presentations various questions were posed to our guests and alively discussion followed. Some of the interesting questions discussed are summarised below.

How is Risk Appetite different from Strategy?

  • The participants agreed that risk appetite is a sub-set of strategy and flows from the latter.  Having said this it was acknowledged that the process of formulating the risk appetite from strategy is a looped rather than a sequential process – devising risk appetite may highlight unacceptable risks which in turn may warrant revision to the original strategy.
  • Up to now risk appetite setting has mostly been an implicit part of strategy formulation, for example during a SWOT analysis.  However, as firms are being asked to explicitly document their risk appetite the concept is gaining more weight and is forcing firms to better articulate the risks they are facing and their corresponding appetite to them.
  • As firms start to incorporate upside risk into their risk appetite formulation process we will start seeing a closer interaction and a blurred line between strategy and risk appetite.
  • Who are the stakeholders that you must work with in order to set a risk appetite?
  • Although the board is ultimately responsible for setting the risk appetite for the firm, in practice mid-management will hold the key role in drafting the risk appetite statement and then socialising this with various internal stakeholders in an iterative process that ultimately results in the risk appetite statement.

In the process the insurer should bear in mind the various external stakeholders which will include:

  • Rating Agencies;
  • FSA;
  • Lloyd’s Corporation;
  • Other government and trade bodies;
  • Capital providers;
  • Investors and shareholders.

Surprisingly the shareholders were mentioned last, despite a wide acceptance that they should be the most important stakeholder. Shareholders need to understand the risks that the firm faces in order for them to make decisions regarding investing in the firm.  This highlighted the need for shareholder ambassadors to get involved in the setting of risk appetite.  This may already be happening in some instances for example where an activist hedge-fund investor is taking a keen interest in the management of the firm.


What areas require a zero tolerance approach to risk? Is this feasible?


Some of the risks that usually fall under the category of zero tolerance include:

  • Fraud;
  • Reputation;
  • Death or personal injury (operational);
  • Regulatory (licence withdrawal), etc.

Due to sensitivities involved in all of these risks, boards often feel obliged to set the appetite for these risks at zero level.


Whilst it was widely accepted that in practice zero tolerance was unrealistic, a properly articulated statement of risk appetite could do the job of cascading the right message to the business, for example by use of “aim to”, rather than “we will not”. 


How do you bring risk appetite into business as usual? Is the culture of the firm ready for risk appetite?


Picking up the point made by the presenters, a number of people from the roundtable said that talking in a language the business understands rather than “risk speak” was a key factor. 

  • Other points that will be key to the success of establishing a risk appetite included:
  • Early engagement of the key stakeholders;
  • mportance of Executive sponsorship;
  • Development of a communication and education plan and alignment with existing risk practices and reporting;
  • Consideration of the upside as well as regulatory issues;
  • Focusing the Board on what “could happen on their watch”;
  • Providing practical examples using mocked up MI;
  • Building elements of risk appetite into people’s objectives and performance contract;
  • Thinking about what needs to change. 


You can download a copy of the speaker presentations here.