Risk Appetite and Tolerance

tightrope walker

We all remember our school days. For some of us, the exams days are the worst memories. Multiple choice, matching and even short answer questions were not so bad. They were over quickly and even if you didn’t know the answer, it was often easy to guess or at least to create a reasonable bluff.

But the worst exams, the ones that ruined our entire day, were those full of essay questions. Especially when the teacher left an entire half page of space for the answer and we drew a blank as to the desired answer.

Insurers have been told for years that they need a clear statement of their risk tolerance to operate an enterprise risk management (ERM) program. And now, the AM Best Supplemental Rating Questionnaire (SRQ) opens with a question followed by almost a whole page of white space. That question is:

Please state any overall risk appetite and risk tolerance statement(s) that have been established or approved by a Board or senior management that apply to the rating unit and provide guidance in providing policyholder security and creating stakeholder value. The risk appetite and risk tolerance statements may be a mix of qualitative and quantitative statements. If no such statements have been formally approved by a Board or senior management, please answer “None”.

In 2012, when AM Best first asked a similar question, they reported that over 80% of the answers that they received were inadequate. From that, you may infer that “None” is probably not the right answer.

Risk Appetite is the Same as Risk Strategy

Although most insurers operate with a good risk appetite, in most cases, it is not articulated in a way that managers can connect to ERM terminology.

The National Association of Insurance Commissioners (NAIC) has provided some helpful definitions of risk appetite and tolerance that we can use to bridge the gap between company practice and ERM terminology.

In its ORSA Guidance Manual, NAIC defines risk appetite to:

Document the overall principles that a company follows with respect to risk taking, given its business strategy, financial soundness objectives and capital resources.

In other words, risk appetite is the risk-taking strategy statement.

Here are four suggestions for risk-taking strategy statements:

  • Grow Risk – increase risks faster than capital
  • Manage – balance risk growth and surplus growth
  • Grow Capacity – increase capital faster than risk
  • Diversify – Any growth will come from new types of risk

Many insurers can identify with one of those four strategies. If not, it is likely that their reasoning would itself constitute a statement of their strategy.

Risk Tolerance is Risk Budget

The NAIC definition for risk tolerance is also helpful. They define risk tolerance as:

The company’s qualitative and quantitative boundaries around risk taking, consistent with its risk appetite.

In other words, it is a risk budget – a statement of what risks the company will and will not take along with an expression of how much risk the company will take.

The NAIC says that risk tolerance should be consistent with risk appetite. To me, this means that if your strategy is to grow risk, then your risk tolerance should be significantly higher than your current situation. If your strategy is to grow capacity, then your risk tolerance should be pretty restrictive.

Different Ways to Develop the First Risk Tolerance Statement

The first part of risk tolerance should already be a part of your company strategy document – it is the list of the insurance businesses in which you will participate.

For the second part, we have four different suggestions for how to proceed to develop that first written risk tolerance statement.

1. Based upon what peers are doing.

When a primary consideration is the appearance of security to customers and distributors, an insurer’s risk appetite needs to be set with consideration of the levels of security of peer competitors. This requires some careful analysis of the risk levels of those firms. Usually an insurer will perform their risk analysis using non-public information. To perform the needed peer analysis with public information requires judgment informed by experience working with many insurers. That then needs to be couples with a target for standing within the peer group to get to a risk tolerance statement.

2. Based upon the Rating Target.

Many insurers have a clear target for capital in relation to risk based upon a rating agency capital standard (such as the AM Best BCAR). The risk tolerance statement can then be communicated in terms of a target BCAR score along with a minimum acceptable BCAR score. Since BCAR is actually a risk-adjusted view of required capital, this target and minimum acceptable BCAR scores are actually a clear risk tolerance statement. It is widely known that rating agencies do not favor the use of their calculation as a risk tolerance. But an insurer will get to better understand the concept of risk tolerance if they can actually use their de facto risk tolerance with a plan to modify it as their view of their risk matures. What this means is that eventually, an insurer will notice that BCAR is not the most accurate representation of their risk and will want to develop their own modified risk capital adequacy ratio as their risk tolerance.

3. Based upon Reinsurance purchasing.

The decisions that an insurer makes to decide on reinsurance retention are an expression of a risk tolerance. Based upon our analysis of your reinsurance purchase, we can tell you the likely loss that you have retained at any return period. For risk tolerance, you might consider an earnings based risk tolerance along with a capital based risk tolerance, linking the earnings risk tolerance you your retained potential loss at a 1 in 10 or 1 in 20 return period and your capital risk tolerance linked to your 1 in 100 or 1 in 200 return period loss. A risk tolerance statement based on reinsurance purchasing can be used in conjunction with or instead of a ratings-based risk tolerance statement. There is enough room on the page. Otherwise, if you want to keep it simple, just a statement of your retention can be added to the capital target from the ratings-based risk tolerance.

4. Based upon recent experience.

We sometimes call this the Empirical Risk Tolerance. In general, insurers operate at one of four broad levels of capital:

  1. Robust – enough capital to maintain a secure level of capital after a major loss.
  2. Secure – enough capital to satisfy sophisticated commercial buyers that you will pay claims in most situations by providing for maintaining a viable level of capital after a major loss event.
  3. Viable – enough capital to provide for a single major loss event and to avoid reaching minimal level with “normal” volatility. These companies generally operate comfortably in a market were customers are not focused on assessing their insurer’s financial strength. Sectors like personal auto and health insurance.
  4. Minimal – enough capital to survive under normal volatility. A major loss event would render these insurers insolvent. These insurers effectively use the regulator’s risk based capital authorized control level as their risk capital standard.

These capital levels are generally maintained for many years and are thought of as fundamental to the self-definition of the insurer. They are often then closely linked to rating targets and reinsurance purchasing. These four statements could be used or modified to state an insurer’s risk tolerance.

The main point here is that risk tolerance does not need to be a difficult puzzle that takes years to solve. Forming a risk tolerance takes a clear understanding of what is meant by this new terminology and a recognition that most insurers already have a risk tolerance that has driven prior actions and decisions – they just need to learn how to turn it into a formal risk tolerance statement.

 


 

Roberto Fortuño This post was written with Roberto Fortuño, Treaty Analyst with Willis Re, based in New York. Roberto joined Willis May 2014. He received a J.D. from the University of Puerto Rico and a B.S. from Georgetown University’s School of Foreign Service.

About Dave Ingram

Dave is an Executive Vice President of Willis Re, specialising in theory and practice of ERM for insurers. Based in…
Categories: Analytics, Reinsurance | Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *