When we talk to board members of insurance companies, we often hear that risk appetite frameworks are too far removed from the day-to-day reality of conducting business and their only purpose is to satisfy regulatory or rating-agency requirements. But if the frameworks also accurately reflect the risks a business faces and are aligned with key business objectives, they become more than tick-box exercises.
Whatever misgivings boards may hold, the adoption of risk appetite frameworks among insurers is growing, with 76% of the 261 insurance executives who participated in our 2017/2018 Global Reinsurance and Risk Appetite Survey saying they have formal risk appetite statements, a 12% increase from 2015, and 99% saying they expect to by 2020.
So why does it seem that companies are investing – or planning to invest – in an initiative they don’t believe will work?
The disconnect between policy and practice
It often comes down to what prompted companies to define risk appetite in the first place. In many cases over the last decade, companies have defined risk in response to external regulatory or rating agency requirements that focused on insolvency risk. Broader internal business requirements weren’t addressed, so while the business itself was benchmarked against its competitors, there was little thought given as to what the implications might be for the future. This lead to risk appetite frameworks being seen as a tick-box exercise.
It’s only when regulators ask companies to explain their risk appetite statements and specific risk management needs that the linkages between policy and business practice are exposed, which might explain the sour aftertaste now being experienced by some boards.
So, how can companies forge a stronger bond between the two? The solution is to make sure there’s strong linkage between qualitative and quantitative approaches to risk that satisfy regulators, but also make relevant and insightful statements about the business.
Getting risk appetite right
Any risk appetite framework will be high level, taking in the exposure of the business as a whole. But to be able to effectively monitor it, provide and set risk tolerances and link operational risk limits for frontline employees, companies need to be able to understand and quantify risks at a detailed level. And they need to communicate that information to the people who need it, when they need it and in a way they can understand.
What makes this easier is that modeling practices have evolved considerably. Improvements in pre-built vendor modeling solutions, computer processing speed, the availability of cloud computing and modeling techniques such as proxy functions and clustering enable insurers to analyze portfolios in a much more granular way. They can identify how each portfolio responds to specific risks and how those risks contribute to the capital requirement aggregate.
Willis Towers Watson put this to the test by carrying out a review of risk appetite frameworks with a major insurer, looking at them as part of a case study of capital model uses. A key outcome was that the ideal framework for risk appetite will seek to align its metrics to directly measure performance against the objectives of the business.
In the case study, the insurer used a single calculation metric to address both earnings protection and insolvency risk. However, these risks were measured and quantified using different calculations and the appropriate risk mitigating actions varied. As a result, the calculation wasn’t actionable because the metric attempted to quantify two objectives in one calculation, so its relevance was severely limited.
More productive steps might include redefining the risk and recalibrating the metric to align more closely with business objectives and mission statements, revising governance procedures around risk-related activities and pushing more granular, detailed information into equally detailed and practical operational risk limits.
Such moves are likely to become more common among insurers seeking to redress the balance between risk appetite frameworks that serve regulatory purposes and those that support business value creation, efforts which will no doubt be welcome news for insurance boards.
Jason Abril and Mark Mennemeyer are senior Enterprise Risk Management practitioners in Willis Towers Watson’s Insurance Consulting and Technology business.