Risk management takes centre stage

According to Rodney Nelsestuen, research
director of Financial Strategies and IT Investments at TowerGroup
and author of Risk Governance for Life Insurers: The Self-Help
Plan for a Recovering Industry, TowerGroup expects “four R’s”
– risk, revenue, regulation, and retirement – to shape the
insurance industry in 2009.

Risk and regulation will be at the forefront
as insurance carriers pump money and resources into initiatives
designed to optimise risk management and meet new regulatory
mandates. Increased costs and decreased revenues will lead to
further industry consolidation and redistribution of assets. As a
large number of experienced insurance workers reach retirement, the
strain on insurers will increase as decades of knowledge walk out
the door. However, in regard to the life and annuity insurance
business, the retirement demographic of consumers presents a great
opportunity to offer new products and services.

“The life insurance industry has not been
immune to the ravages of the credit crisis affecting most of the
global financial services industry,” said Nelsestuen. “First, life
insurers have heightened exposure to sensitive debt and equity
markets through massive investment portfolios. Second, many of the
popular variable products carry investment risk to both consumers
and insurers. These and other elements of risk require a more
robust approach to risk management, from both technology and
governance perspectives.”

The entire company may be at risk unless a
sound governance process exists that provides transparency into
business unit actions and aggregates risk from across the
enterprise.

Nelsestuen cites the example of AIG, which was
brought to its knees by a small London-based business unit, AIG
Financial Products. This business unit was not an insurance company
and therefore not subject to insurance regulations. AIG Financial
Products issued billions of dollars of credit default swaps,
insurance against defaults on collateralised debt obligations. When
the underlying securities collapsed, AIG was on the hook for the
default. In the aftermath, poor risk management and oversight by
AIG leadership was identified as a main cause of the collapse.

“Although the decentralised nature of business
units may improve business results overall, executives of the
governance structures in AIG failed to grasp the reputational risk
at stake by neglecting risk at an enterprise governance level,”
Nelsestuen stressed.

To avoid such runaway risk, Nelsestuen said
that risk governance must become an enterprise activity involving
top executives as well as be an element of responsibility in each
employee’s job. Companies need key principles to guide them in
administering the risk function on a dynamic basis.

Governing risk

Among the ingredients of effective
risk governance, the report said, are sound policy limits for total
risk exposure at any given time. Companies need to place a new
emphasis on counterparty risk as well as manage the risk inherent
in internal business processes. They must understand each risk
category’s effect on liquidity and capital, continuously model the
variability of these risks, and consider new scenarios as market
conditions change.

Insurers must increase transparency into each
area of risk, no matter where it resides in the company. These
elements include the ability to aggregate risks, understand
interdependencies as well as their dependencies, and simulate
various situations with a number of variables in motion at one
time.

“The dynamic nature of this analysis will
allow management to take timely action in heading off unacceptable
risk positions,” Nelsestuen said.

An often undervalued component of risk
management, he continued, is human resource training. As the credit
crisis of 2008 unfolded, many managers understood the risks they
were taking, and although they may not have been comfortable with
them, did nothing to change the company’s direction.

Insurers must also encourage a corporate
culture that raises the likelihood that potential risks are brought
into the open. Many companies do not encourage people in key roles
to raise concerns. Executive privilege and historic cultures that
put top executives out of the reach of employees must be driven
from the corporate mindset.

“The unfortunate and now obvious failings of
management hubris in the financial services industry should help
the leaders of tomorrow to take a new approach,” Nelsestuen
said.

Finally, risk governance must have a form or
structure. If an organisation is highly decentralised, that
structure may need to be very different from that in an
organisation whose decisions are centralised.

“Risk management has become job one for many
insurers. The method of risk governance used across the insurer
will have an impact not only on the way it manages unwanted risk
but also on the way it identifies and prioritises business
opportunities, most of which include risk across the financial
services industry,” noted Nelsestuen.

Overall, the industry remains well capitalised
and will be positioned to take advantage of new opportunities for
products and services, and sound risk governance can ensure that
these opportunities can be brought to fruition. In the short term,
profit pressures will cause life insurers to pull back on non-core
initiatives, although risk-weighted customer-facing projects,
product development, and overall risk management will continue to
garner full funding and support.

How well they manage these initiatives,
however, will determine whether they fail or succeed. Driving
profitable risk-managed growth through expansion and
diversification requires insurers to reconsider existing business
models and organisational infrastructures. The ability of separate
business units to operate autonomously allows faster growth and
agility by placing decision-making responsibilities closer to the
business, but at the same time, risk increases when business units
are allowed to run unchecked.