Understanding and articulating risk appetite effectively can enable:
- The aligning of day-to-day business decisions to strategy and objectives.
- Improved capital efficiency through enhancing the risk-reward profile.
- Greater business agility through a unifying clarity of purpose and encouragement of consistent behaviour.
- An ability to set business-relevant flags should the actual risk profile approach pre-agreed appetite levels, thereby protecting earnings and the balance sheet.
While the theoretical potential benefits are difficult to dispute, our experience with clients tells us that typically many insurers struggle to introduce an effective framework for their risk appetite and risk limits in detail.
Even where the need to do so is recognised as a priority, practical challenges to successfully embedding the framework and approach can be difficult to overcome. This is especially tricky for large, complex, often multi-national, businesses where cultural, regulatory and logistical control challenges are significant.
A potential difficulty for all insurers is the integration of business processes with coherent enterprise-level metrics and group-wide strategic goals.
A good risk appetite framework should contain consistent statements, mandates, limits as well as both quantitative (e.g. earnings volatility) and qualitative (e.g. customer impact) measures that are closely linked to the organisation’s strategy. These should be complemented by robust governance processes setting out roles and responsibilities, decision-making authorities and escalation procedures, and monitored using tailored management information.
The ‘tone from the top’ – not only board level and executive management but also departmental managers and supervisors – is critical in supporting the framework and seeing that it is adopted and adhered to.
Individual, team and departmental performance objectives, along with remuneration bases, should be designed to provide strong incentives to ensure that the actual risk profile of the organisation is well controlled and maintained within the approved risk appetite.
Care should be taken, however, to avoid the risk appetite being excessively complex, as this can inhibit understanding among those charged with managing risk on a day-to-day basis. It is important to distil any necessary complexities into metrics (e.g. exposure to a particular market sector) that can be introduced and tracked with relative ease.
Even with a well-articulated risk appetite, unless it is clearly and demonstrably linked to the business strategy, attempts to embed it are most likely to fail.
We would recommend a two-stage process, where firstly the risk appetite is incorporated within the business strategy and risk profile, and secondly minimum and maximum targets for day-to-day risk taking (e.g. in sales, operations) are set as part of normal business planning.
Prior to ‘going live’, the risk profile should be run through a hypothesised set of enterprise-level risk appetite metrics. For instance, the earnings volatility metric could be derived from the implied distribution of earnings outcomes. Other applicable metrics may include capital volatility and liquidity buffers. Additional, qualitative criteria such as reputational risk considerations may be added.
There are likely to be several iterations, involving adjustments to strategic and risk appetite criteria, until consistency is achieved. Key to an effective process is a sufficiently open executive culture that encourages robust and constructive debate between, for example, the organisation’s strategy, risk, actuarial and finance functions, as well as active support by the CEO.
Many other and varied considerations must be taken into account at group level. In an environment of constrained resources, it is critical to avoid trapping capital and liquidity in legal entities where they may not be used by other parts of the group.
Group strategy and approach must also be reconciled with local circumstances such as local board or Non-Executive considerations and the positions of local regulators. This might also affect group’s ability to aggregate or diversify business units in any given jurisdiction(s).
Finally, it is imperative to bridge strategic and tactical differences. While group may typically be less concerned with ‘fine print’ such as the precise wording of insurance policy terms and conditions, for instance, the risks inherent in such matters at operating level need to be recognised and a group-wide view formulated.
Compliance with regulatory and legal requirements should not preclude optimising a commercial approach. Although it can undoubtedly be an immensely challenging task, a well-articulated and well-applied risk appetite framework can cover off the compliance issues at the same time as helping to improve overall management and performance. Taking a holistic view of risk appetite is a fundamental step in this process, seeing it from a ‘business improvement’ viewpoint to balance the strategic and the operational to deliver true value.