Category Archives: enterprise risk management

New ERM ASOPs kick in on May 1

New ERM standards for actuaries coming May 1. (ASOP’s 46 and 47, if you are keeping score.) Willis’ ERM guru, Dave Ingram, summarizes:

Broadly, the standards require that actuaries keep at least one eye on the big picture context at all times when doing ERM work.


The standards . . . discuss a number of specific considerations that actuaries should consider when doing economic capital modeling, stress testing, emerging risk evaluation, work on risk appetites, tolerances and limits, as well as risk mitigation.


The list of all ASOPs is here, with links to the new ERM standards at the bottom of the page.


Morgan’s mess

JPMorgan’s $2B trading loss is pretty big news, but some other big news, if you are interested in ERM, came early in the conference call. (You’ll have to sign up to listen.)

“We’d shown average VaR at $67” million for the chief investment office, CEO Jamie Dimon said. “it will now be $129” million. (Educational aside: VaR is Value at Risk, the amount a company believes is the most it is likely to lose on a bad day in a normal trading environment.)

Morgan had switched VaR models last quarter. Upon further review, the company has concluded, the new one sucks. So it has returned to the prior version; hence the leap in perceived risk.

It sounds like trading strategies that looked solid under the new model were really crappy. In the conference call, Dimon self-flagellates regarding the planning and execution of a flawed trading strategy, which he doesn’t describe but is elsewhere linked to “hedging” by the London Whale, a famous-turned-notorious trader.

“In hindsight, the new strategy was flawed, complex, poorly reviewed, poorly executed and poorly monitored,” he said.

The fact that he doesn’t describe it is ominous. That and other information in the call make me think the trades haven’t been unwound, and if Dimon tipped off what they were, aggressive traders (read: Goldman) would grind the position into dirt.

And Dimon’s applying some sugar-coating, to a banking novice like me.

First, the VaR he cites is a one-day window. (Insurers generally use a one-year window.) That’s standard for banking, so OK.

But not OK: The VaR is a 95% confidence level. Insurers prefer a 99.5% level, or 99.5%. And it takes a lot more capital to support a 99% VaR than a 95% – up to 50% more, based on my back-of-the-envelope playing around with z-tables.

Worse still, the revised VaR is the average for the quarter. But the risky position was built up at the end of the quarter. Quarter-end VaR for CIO was $186M, or about 50% higher than quarter average. Max for the quarter was only $1M higher.

Worse still: Emphasizing CIO’s VaR makes it sound like investments around the rest of the company correlate away CIO’s risk. They do, but not to the degree you might think.

For the whole enterprise, VaR doubled from last quarter, to $170M from $88M. And the company ended Q1 with VaR of $201M. Looking at the ratio of enterprise VaR to CIO VaR at various points in time, it doesn’t look like the hedging strategy really was hedging, but what do I know?

Above, for your enjoyment, I’ve enclosed a screen shot (click to enlarge) of the relevant page from the 10-Q (pdf).

None of this is to suggest the Morgan is imperiled. To my untrained eye, shareholders’ equity is about $190B, seemingly enough to absorb a whole lot of goofy trades and lousy capital models, but not enough to prevent me from reiterating the Agnes Rule: Banks can’t sell anything but money.

As far as the multiple ERM mistakes here, I leave that to the reader as an exercise.

Added bonus: Here JP Morgan explains Value at Risk to the great unwashed.


ORSA: The heart of ERM

I’ve stolen and paraphrased Gideon Benari at Solvency II Wire, as he calls the Own Risk and Solvency Assessment “the heart of Solvency II.” But ORSAs are coming to the United States, with the NAIC developing guidelines for large companies to report on their ORSAs.

With the Europeans building the ORSA portion of Pillar II, Gideon has outlined some of the challenges of ORSA.

Tagged ,

Fortune favors an actuary

Via Claire Wilkinson at the III blog, a young actuary makes good. Really good:

As I was sitting in the doctor’s waiting room the other day leafing through the latest issue of Fortune magazine, I couldn’t help but notice Fortune’s 40 under 40.

This annual ranking highlights the hottest young stars in business across the globe. Think technology – Facebook’s Mark Zuckerberg tops the list, while Twitter’s Jack Dorsey is ranked eighth – movies, music, athletic wear, oh, and finance.

Coming in at number 10 and leaping off the page to this insurance blogger is 34-year-old Sid Sankaran, chief risk officer at AIG.

Here’s what Fortune has to say:

The financial crisis proved that AIG had no clothes – or at least no controls. Now it’s up to Sankaran, a Canadian math hotshot (his degree from the University of Waterloo was in actuarial sciences) and former partner at consultancy Oliver Wyman, to make sure it doesn’t happen again. Sankaran declined AIG at first; today, as chief risk officer, he oversees the billions flowing among disparate insurance operations and reports to CEO Robert Benmosche if something suspicious rears its head.”

Chief risk officer is the capstone job in enterprise risk management and is perfect for an actuary with strong interpersonal skills.

Tagged ,

Solvency II thumbs up (mostly) for Bermuda, Switzerland, Japan

I was hoping someone else would slog through today’s reports by EIOPA, the EU’s uber-quasi-regulator. Thanks, Reuters!

LONDON, Oct 26 (Reuters) – European insurance watchdog EIOPA has said Bermuda’s regulatory regime for big insurers mostly complies with its own strict Solvency II rules, easing fears of a mismatch that could have hindered Bermudian players’ access to the European market.

“EIOPA’s advice is that Bermuda meets the criteria set out in EIOPA’s methodology for equivalent assessments under Solvency II,” EIOPA said on Wednesday in a submission to the European Commission.

EIOPA also said Switzerland and Japan’s regulatory regimes mostly complied with Solvency II, a set of rules aimed at bolstering European insurers’ capital expected to come into force in 2014.

The reports themselves are written in classic Euro-gook, but if you want, here’s:

Tagged ,

Hank Greenberg, Chief Risk Officer

One of the points I tried to make in my Contingencies article about AIG was that Hank Greenberg, the CEO who built the company, was the ultimate risk manager. When he was forced out, no one else could control the enterprise.

Now Risk and Insurance has a whole article around the idea, including an interview with Greenberg himself:

At the center of Greenberg’s 40-year tenure was an “obsession with risk,” as one colleague said, with Greenberg defining his role in his own words as “the chief risk officer” of an “enterprise risk company.”

But Hank is a bit skeptical of enterprise risk management as a discipline:

Greenberg is skeptical about enterprise risk and the insurance community. “For a CEO, I’m not sure that half of them understand enterprise risk.

“You have to understand the risk. For example, if you’re writing something in the energy field, you have to understand that business. If it’s a construction area, who is the contractor? What kind of workers are there? What are the plans?”

At bottom, he said, “you can’t substitute for good management and good judgment. You can talk about that a thousand different ways. If you have a CEO that doesn’t live up to the job, don’t blame everything else. It’s his job.”

And, Greenberg added, “You need the judgment of the CEO. He’s the chief risk officer.”


CAS joins the CERA party

CAS Recognized as CERA Award Signatory.

As announced in August, the CAS requirements to qualify for the CERA designation include CAS Associateship requirements plus credit for CAS Exams 7 and 9, or attainment of the CAS Fellowship designation, plus participation in a rigorous three-day seminar and successful completion of the U.K. ST-9 Enterprise Risk Management Specialist Technical Exam (ST-9 exam).

The three-day seminar will cover the ERM learning objectives tested in the ST-9 exam, and is intended to prepare candidates for successful completion of the exam. We expect to offer the seminar for the first time in March 2012, in advance of the April 2012 ST-9 exam sitting. More details will be announced as soon as they are available.

Last week’s announcement is a big deal in ERM. The U.S. Society of Actuaries already offers the CERA designation. (It invented it.) Several international organizatins offer it as well. I wrote about the issue previously here.

Tagged , ,

The AIG saga: ERM lessons

I reviewed Fatal Risk: A Cautionary Tale of AIG’s Corporate Suicide for Contingencies magazine this month. To quote myself:

Boyd, a veteran Wall Street journalist, writes that AIG’s demise was a suicide, though AIG’s behavior was no more suicidal than a chain smoker’s—a series of unforced errors compounding. Though he doesn’t emphasize it, Boyd’s story also shows how enterprise risk management should, and should not, be practiced.

Hank Greenberg, of course, built the company. While he was there, Boyd writes, ERM consisted of Hank scouring every deal (and every dealmaker). If Hank liked the deal, it happened. If he didn’t, the deal didn’t.

This worked well while Hank was in charge. His successors, in Boyd’s account, lacked Hank’s savvy. Tragedy ensued.

The full article can be found here.

Tagged ,

On ERM credential, CAS hits the pause button

If you were a casualty actuary studying to become a certified ERM expert, you might want to put your books down.

Last night the Casualty Actuarial Society blogged that it was changing requirements to become a Chartered Enterprise Risk Analyst – before the original requirements were even in place.

The analyst designation, usually abbreviated CERA, was created by the Society of Actuaries a few years ago and has become the worldwide standard designation for actuarial ERM experts. Thirteen actuarial associations in 12 countries support the designation, including the CAS.

But each actuarial association must have its CERA syllabus approved by a joint organization. So far, the U.S. Society of Actuaries and actuarial societies in Australia, Canada, the Netherlands, South Africa and the UK have approved programs.

A CAS proposal went to the joint board a year ago. There would have been four ways to go, but at the heart of them was passing the CPCU 57, that organization’s key ERM exam.

Now that route – probably favored by current CAS fellows – has been withdrawn. The CAS post didn’t say its plan was rejected, but it seems like it had hit a roadblock, considering CERA proposals from Australia, the Netherlands and South Africa were all filed about the same time last year. Those three, plus Canada, have been approved.

So the CAS jettisoned the CPCU exam and submitted a new route – fellowship, a rigorous three-day workshop, plus the UK’s CERA exam ST9, whose syllabus can be downloaded here. The workshop would include test prep for ST9.

The route hasn’t been approved yet, but if ST9 is good enough for the UK and good enough for Australia, it will probably be good enough for the CAS.

Update: Core readings for ST9 can be purchased here. Past exams (pdf) here and here.

Tagged , ,

ERM challenge: Show the boss you can help

ERM guru Dave Ingram cites a business school analysis (pdf) of 18 corporate crises from 1999 to 2008. Seven causes emerged:

  1. Inadequate board skills and inability of board members to exercise control
  2. Blindness to inherent risks, such as risks to the business model or reputation
  3. Inadequate leadership on ethics and culture
  4. Defective internal communication and information flow
  5. Organizational complexity and change
  6. Inappropriate incentives, both implicit and explicit
  7. ‘Glass Ceiling’ effects that prevent risk managers from addressing risks emanating from top echelons

Ingram’s takeaways:

  • The top cause – inadequacy in the boardroom – is beyond the scope of any risk manager.
  • The issue the traditional risk manager addresses – insurable risks – played a small role.

On the latter, he writes:

This is a problem for their ideas of expanding from their current roles managing insurance programs to managing ERM programs.

ERM in most firms has not embraced the idea of managing Strategic Business Risk.  That is natural because CEO’s usually see that as their personal jobs.  Not likely to be delegated to a risk manager.

So ERM will usually be defined as managing ALL of the risks of the firm except the Strategic Risks.

My 2¢:

  • This survey also indicates that risk managers have done a good job at their traditional task. And that’s no small achievement. Go back a century, and I suspect companies were far more susceptible to fire and theft losses than they are today.
  • CROs and other risk managers need to assure CEOs that their role does not usurp that of their boss. Their job is not to make decisions. They are collecting information and providing tools that help the CEO make decisions.
    It’s analagous to how property/casualty companies decide how much to book for losses. Actuaries estimate how much needs to be booked. They explain their results to the CEO. But it is the best estimate of management that gets booked, not the actuarial estimate.
    Certainly the CEO needs to know what his/her trained expert on reserving thinks. That’s why the expert got hired. Ultimately, though, the decision rests with the boss, as it should.
    Bringing it back to ERM, the CRO presents a situation on some risk. He or she has collected disparate information and synthesized it, to let the boss focus on the decision, not the process of collecting the information. This makes the CEO more efficient.
    The challenge is assuring the CEO and the board that the risk management role doesn’t usurp their roles. It enhances them, the way a whetstone sharpens a knife.