Enterprise Risk Management

Stephen P. D’ArcyFellow of the Casualty Actuarial Society

Professor of FinanceUniversity of Illinois

UNSW Actuarial Studies Research Seminar3 July 2007

Sydney, Australia

What is ERM?ERM is the application of the basic risk management principles to all risks facing an organization

Other names for ERM

Enterprise-wide risk management

Holistic risk management

Integrated risk management

Strategic risk management

Global risk management

Genealogy of ERM

• Risk Management – 1960s

• Financial Risk Management – 1980s

• Enterprise Risk Management – 1990s

Basic Risk Management Principles

1. Identifying loss exposures

2. Measuring loss exposures

3. Evaluating the different methods for handling risk

• Risk assumption • Risk transfer• Risk reduction • Hedging

4. Selecting a method

5. Monitoring results

Why Manage Risk?Diversifiable risk argument• Shareholders are diversified investors• They will not pay a premium to reduce unsystematic risk

How risk management can add value• Decreasing taxes• Decreasing the cost of financial distress

– Customers– Employees– Suppliers

• Facilitating optimal investment

Helpful ReferenceERM: Theory and Practice by René Stulz and Brian Noccohttp://papers.ssrn.com/sol3/papers.cfm?abstract_id=921402

Traditional Risk Management• Formally developed as a field in the 1960s

– Pioneers were two insurance professors at the University of Illinois

• Bob Mehr and Bob Hedges• Risk Management in the Business Enterprise, 1963

• Focused on “pure” risks – Loss/no loss situation

• Often could be insured• Managing risk involved reducing frequency or

severity of losses

New Elements of Risk – 1970s

Foreign exchange riskEnd of Bretton Woods agreement in 1972

Commodity price riskOil price fluctuations of the 1970s

Equity riskDevelopment of option markets - 1973

Interest rate risk U. S. Federal Reserve Board policy shift – 1979Similar changes worldwide

Failure to Manage Financial Risk • Foreign exchange risk

– Laker Airlines – 1970s• Borrowing in dollars• Revenue in pounds

• Interest rate risk– U. S. Savings and Loans – 1980s

• Borrowing short• Lending long

• Commodity price risk– Continental Airlines – 1990

• Fuel costs not hedged• Oil price doubled with Gulf War

The “New” Risk Management -1980s

Financial risk management

Dealt with financial risk

Foreign exchange risk

Interest rate risk

Equity risk

Commodity price risk

Use derivatives to hedge financial risk

Financial Risk Management Toolbox

• Forwards

• Futures

• Options

• Swaps

New Elements of Risk – 1990s

• Failure to manage derivatives appropriately

• Financial model failures

• Improper accounting for derivatives

• Operational risk failures

Mismanagement of Financial Risk• Mismanagement of derivatives

– Proctor and Gamble– Barings Bank– Orange County

• Model failure– Long Term Capital Management

• Accounting improprieties– Enron and Arthur Andersen

• Foreign exchange rates– East Asia currency crisis

The “New” Risk Management - 1990s and beyond

• Enterprise Risk Management– Initial focus on avoiding derivative disasters– History of managing risk, not managing performance– Slowly developing into optimizing firm value

• Chief Risk Officer

• Sarbanes-Oxley Act – 2002

• Basel II

• Solvency II

• Increased focus on risk models

The Problem With “Risk Management”• Risk Management

– Focus was on pure risk (insurable, hazard)• Financial Risk Management

– Value-at-Risk – measure of certain percentile loss• Enterprise Risk Management

– Incorporates all risks facing an organization– Name suggests focus still on managing downside risk

Need for New Emphasis(and Perhaps a New Name)

• ERM is not just managing downside risk

• More on the lines of risk-return tradeoff

• Incorporate portfolio theory

• Combine risk reduction (insuring, traditional risk management) with investing for expected gain

• Need consistent approach for addressing both aspects of financial decision making

ERM Risk CategoriesCommon risk allocation• Hazard risk• Financial risk• Operational risk• Strategic riskBank view – New Basel Accord• Credit risk

– Loan and counterparty risk

• Market risk (financial risk)• Operational risk

Hazard Risk

• “Pure” loss situations

• Property

• Liability

• Employee related

• Independence of separate risks

• Risks can generally be handled by– Insurance, including self insurance– Avoidance– Transfer

Financial Risk

• Components– Foreign exchange rate– Equity– Interest rate– Commodity price

• Correlations among different risks

• Use of hedges, not insurance or risk transfer

• Securitization

Operational Risk Definition

• Per Basel II:– “Operational risk is defined as the risk of loss resulting

from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk.”

• S&P 2005 “Insurance Criteria” document:– Operational risk includes “Distribution, process and

people, fraud and internal control, outsourcing, reputational, information technology, human resources, regulatory and compliance, change management, and business continuity”

Operational Risk Definition. (cont.)

• Per Casualty Actuarial Society:

• Risks from– Business operations– Empowerment (leadership, preparation for change)– Information technology– Information / business reporting

Operational Risk Examples• HIH Insurance

– Under pricing and under reserving– Unfamiliar with new markets

• Backdated options– over 130 public companies– options with exercise prices below market value

• Meijer price discount (May 2007)– 50% discount meant to apply to one item– applied to everything sold in every store for 1 hour– estimated loss $750,000

Operational Risk References

• “The Market Value Impact of Operational Risk Events for U.S. Banks and Insurers” by Cummins, Lewis and Weihttp://papers.ssrn.com/sol3/papers.cfm?abstract_id=640061

• “Introduction to Operational Risk” by Mango and Venterhttp://www.actuaries.org/ASTIN/Colloquia/Orlando/Papers/Mango3.pdf

Strategic Risk Definitions• A strategic risk is a risk a company takes to fulfill its

objectives– www.harperrisk.com

• Risks that arise in pursuit of business objectives – Emblemsvag and Kjelstad (2002)

• Stategic objectives ... relating to high level goals– COSO Integrated Framework (2004)

• Helpful reference– Mango (2007)– http://www.actuaries.org/ASTIN/Colloquia/Orlando/Papers/Mango1.pdf

Strategic Risk Examples

• Competition

• Regulation

• Technological innovation

• Political impediments

Examples of ERM - 1

Michelin – contingent capital• Issued by Swiss Re New Markets and Societe Generale• Option to draw on subordinated long-term bank credit

facility• Option to issue subordinated debt at fixed spread

– This option can only be exercised if GDP growth falls below a trigger (1.5% 2001-03, 2.0% 2004-05)

Examples of ERM - 2

United Grain Growers – risk integration• Issued by Swiss Re• Grain volume coverage• Integrated with other property/liability coverages• Three year policy• Annual aggregate retention• $35 million annual limit• $80 million policy limit

Examples of ERM - 3

RLI Corporation – Cat-E-Puts

• Arranged by Aon, issued by Centre Re

• Three year term

• Provided an option to issue $50 million in convertible preferred shares

• Trigger was major California earthquake

• Subject to minimum capital requirements

Examples of ERM - 4

• Honeywell – 1997

• Old approach– Separate annual insurance policies for each hazard– Options used to hedge FX risk

• New approach– Multiyear combined hazard and FX risk policy– $30 million annual retention based on simulation

model

Current Status of ERM

• Starting to put ERM framework together

• Forming committees to deal with risk consistently

• Starting to integrate risk management across silos

• Developing lists of top risks (downside) the organization faces

• Often rating agency driven

Future of ERM• ERM will continue as risk consolidation and

aggregation

• Process increases value of risk management skills

• Management is concerned with risk control issues

• Chief Risk Officer will be a visible figure in an organization

• Need for consulting help to get process started

• ERM’s role in optimization has a long way to go

• Potential benefit is worth pursuing for pioneers