A company’ risk strategy defines its position and point of view in dealing with various risks associated with business.
--BY CA SUJEEP SHRESTHA
Risks are events or conditions that may occur, and whose occurrence, if it takes place, has a harmful or negative impact on the achievement of the company’s business objectives. The exposure to the consequences of uncertainty constitutes a risk. Risk management is the process of systematically identifying, quantifying, and managing different kinds of risks and opportunities that can affect achievement of the company’s strategic and financial goals.
Insurance and Risk Management
Since insurance deals with the business of risk, it operates within ecosystem prone to various risks. Risk management refers to the process of systematically identifying, quantifying, and managing multitude of risks and opportunities that may affect realisation of a company’s strategic and financial goals.
The aim of risk identification is to generate a comprehensive list of risks based on events that might create, enhance, prevent, degrade, accelerate or delay the achievement of objectives. Comprehensive risk identification is critical, because any risk that goes unidentified will not be included in further analysis.
Risks can be classified broadly into five categories: Pure Insurance Risk, Credit Risk, Liquidity Risk, Market Risk and Operation Risk. Pure Insurance Risk can further be classified into six categories: Product Development, Pricing, Underwriting, Claims Handling, Reinsurance and Reserving.
The above risk exposure can be managed and mitigated largely by diversification across a large portfolio of insurance contracts and geographical areas. The risk strategy of the company defines its standpoint in dealing with various risks associated with the business. It includes the company’s decision on the risk tolerance levels, and acceptance, avoidance or transfer of risks faced by the company.
Risks and Mitigation Strategy
Pure Insurance Risk can be classified into six categories as outlined above. Product development is important for the success and growth of insurance companies. The process generally involves conducting environmental scans, understanding customers’ needs, developing and refining proposals, obtaining the requisite approvals, implementing the approved proposals, and conducting post-implementation reviews.
To mitigate this risk, one must examine the data gathered to discover new patterns and potential benefits or challenges they may bring. Similarly, one must ensure that the proposed product aligns with the company's risk management plan and guidelines, and also confirms that the ideas presented in the product proposal are accurate. Similarly, there is also a need to keep a thorough record of the product proposal, the individuals or group responsible for approving it, and any decisions made about it.
Pricing of an insurance product involves estimating costs, income, and risks. The process includes collecting data, determining assumptions and base rates, setting the final premium, and monitoring the appropriateness of pricing.
To excel in insurance product pricing, one must ensure that enough data is collected to confirm the accuracy of the assumptions used in pricing. Similarly, it is necessary to have enough resources to handle potential risks if actual results are worse than anticipated. Having proper documentation showing that the base rate has been approved by the appropriate authority is also of great significance. Likewise, having a system in place for regularly checking for new trends and potential risks that may necessitate a review of pricing is also very important.
Underwriting risk refers to the potential financial loss from underwriting activities in the insurance industry. This can be caused by an incorrect assessment of the risks associated with writing a policy or by external factors beyond the control of the underwriter.
To improve underwriting risk management, several steps can be taken. Firstly, training and development of underwriting staff can improve their knowledge and skills, which can help in making informed decisions. Secondly, keeping statistical data on clients who have resulted in losses can be used to make informed decisions on whether or not to insure them in the future. Thirdly, examining the profitability, pricing, and terms and conditions of different products can help identify areas for improvement. Fourthly, implementing financial authority limits for underwriting which dictate the amount that can be insured based on the amount and level of risk, and regularly monitoring compliance with these limits is important. Lastly, regularly reviewing and updating the proposal or application forms to ensure they are clear and relevant and having an efficient insurance information system in place that connects all important information related to underwriting, claims, and reinsurance is important.
Claims handling is an essential function of the insurance industry. It refers to the process by which an insurance company processes and pays claims according to the terms and conditions specified in the insurance contracts. The process generally comprises several steps: registering new claims, setting and revising reserves, obtaining essential information to assess, manage and settle the claim, making reinsurance and other recoveries, and reviewing and closing claim files. The goal of claims handling is to ensure that claims are handled efficiently and fairly, and that policyholders are provided with the appropriate level of benefits in a timely manner.
Claims handling can be facilitated by having different channels for customers to report their claims such as a call centre, emails, or written applications from clients or branch offices. Additionally, customers should be advised of the consequences of the inadequate sum insured and excesses. Before settling claims, it is also important to verify the status of the outstanding premium. To minimise errors and ensure accuracy, it is crucial to cross-check information from various sources and have a clear segregation of approval and payment duties. To ensure that reserves are adequate, an independent actuary can conduct an independent valuation on a yearly basis. Furthermore, significant outstanding claims should be subject to periodic reviews by management and the board-level claims committee.
Reinsurance is a way for an insurance company to transfer a portion of the risks it has assumed to other insurance companies. This can be done through traditional reinsurance or alternative risk transfer methods such as catastrophe bonds and securitization. The purpose of reinsurance is to ensure that the insurer has appropriate coverage for material and catastrophic risks through reinsurance treaties and facultative arrangements. The insurer must be able to show that these risks are effectively covered through these arrangements.
To ensure effective reinsurance, it is important to maintain a stable portfolio of reinsurance companies for reinsurance placements, and maintain a close and professional relationship with the reinsurer. In addition, provisions must be made for long outstanding reinsurance receivables, and these receivables should be reviewed on a quarterly basis to ensure that all dues are collected or set-off against payables on time. It is also important to ensure that reinsurance contracts cover all applicable lines of business and that the limits of coverage are adequate.
Reserving is the process of reviewing, and estimating unpaid claims. An insurance company should set aside appropriate reserves to cover technical expenses. Additionally, a life or insurance fund should be established, as per the valuation report, for policyholders' liabilities in life or general insurance, respectively.
To ensure compliance, it is important to adopt the directives, circulars, guidelines and other forms of legislation issued by the Insurance Regulator. Additionally, it is important to ensure that reserves adequately reflect the extent of the insurance company's obligations to policyholders. This includes establishing assumptions for the parameters that will affect the value of the obligations, and ensuring that the policy and claims data used in the calculation of reserves is as complete and accurate as possible. By following these guidelines, an insurance company can ensure that it is in compliance with regulations and that it is properly managing its policyholder's obligations.
Credit risk refers to the potential financial loss for a company if a customer or counterparty fails to fulfil their contractual obligations as outlined in the terms. This risk can arise from a variety of sources such as premium receivables, reinsurance receivables, investments in debt securities and deposits with financial institutions such as time deposits, demand deposits, etc.
To mitigate credit risk, the company should follow certain guidelines such as prohibiting the provision of credit facilities against issued policy documents as per regulatory restrictions. Additionally, it is important to choose reinsurers with high credibility and to periodically review their financial standing. Before making any investment decisions, the credit ratings of the investee and/or respective issue of financial investments should be evaluated and regularly monitored. To ensure liquidity, cash and cash equivalents should be maintained at banks and finance companies with high credit ratings. Lastly, each and every investment should be thoroughly reviewed by the management and the board level investment committee and obtaining necessary approvals from the insurance regulator as required.
Liquidity risk is the risk that a company may have difficulty meeting its financial obligations that are settled by delivering cash or other financial assets. This risk can be particularly pronounced in the case of catastrophic events, where there may be a discrepancy between the timing of significant cash outflows and expected reinsurance recoveries.
To mitigate liquidity risk, the company should take several steps such as ensuring that there are adequate funds available to meet claim payments to policyholders and to pay operational expenses when they are due. Additionally, maintaining a portfolio of readily marketable securities can help strengthen the company's liquidity position. Another way to manage liquidity risk is by diversifying investment duration based on cash flow needs and regularly reviewing maturity periods. Before making any investments, cash flow analysis should be done. Having a stand-by overdraft facility with highly rated financial institutions, to be used only in case of emergencies, can also help in managing liquidity risk. Additionally, the company should determine the maturity profiles of insurance contract liabilities and reinsurance assets based on the estimated timing of net cash outflows from recognized insurance liabilities. Lastly, large cash outflows should be planned for in advance and necessary arrangements should be made to ensure the availability of funds to meet such outflows.
Market risk refers to the potential loss that an insurance company may incur due to changes in market prices that negatively impact the value of its on- and off-balance sheet positions. This risk is caused by fluctuations in market variables such as interest rates, foreign exchange rates, and equity prices, which can affect the fair value or future cash flows of financial instruments. Market risk is a combination of different types of risk, including interest rate risk, currency risk, and equity price risk.
To manage market risks, companies should take several steps such as forecasting and monitoring future cash inflows and outflows when formulating investment strategies. Additionally, the relative amounts of each portfolio can be determined by the company's liquidity position, availability of market values, and individual securities' risk/return profiles. Another way to manage market risk is by outsourcing portfolio management to an independent portfolio management service provider with proven experience in the capital market, with an objective of profit maximisation and risk minimization, along with regular review/reporting of their performance. To ensure effective risk management, robust governance arrangements, including a clear organisational structure with well-defined, transparent, and consistent lines of responsibility, adequate internal controls, and an appropriate management information system (MIS) in place for accurate and timely identification, aggregation, monitoring, controlling, and reporting of market risk are needed.
Operational risk refers to the risk of loss that can occur due to systems failure, human error, fraud or external events. It can result in damage to reputation, legal or regulatory implications or financial loss. This type of risk is inherent to the insurance industry, present in all of the company's activities, such as underwriting, claims and investment departments. Each department has its own unique set of risks.
Effective management of operational risk requires a multi-faceted approach. One such approach is the development of three lines of defence: i. Business Line Management, ii. An independent Risk Management Function, and iii. Internal Audit. To mitigate cyber risk, an effective control and response framework should be established and promoted cyber security awareness among all employees. An annual Information System Audit conducted by independent Information System Auditors should be conducted. Additionally, effective segregation of duties, access controls, authorization and reconciliation procedures, staff education and assessment process should be implemented. Business risks such as changes in environment, technology, and the industry should be monitored through the company's strategic planning and budgeting process. An appropriate management information system (MIS) should be in place for accurate and timely identification, aggregation, monitoring, controlling, and reporting of operational risk. Regular business and operations meetings should be conducted to obtain a preview of ongoing activities, identify any operational risks and manage those risks by assigning the related tasks to the concerned authority for timely solutions.
Monitoring risk mitigation functions
To ensure that risk management is effective and continues to support the company's performance, processes should be established to measure risk management performance against key risk indicators, which are periodically reviewed for appropriateness. Additionally, progress against and deviation from the risk management plan should be measured periodically. The risk management framework, policy, and plan should also be periodically reviewed to determine if they are still appropriate given the organisation's external and internal context. Regular reports on risk, progress with the risk management plan, and the level of compliance with the risk management policy should be produced. The effectiveness of the risk management framework should also be reviewed periodically to identify areas for improvement.
Communication with those charged with governance
Effective communication and consultation are crucial for ensuring that the risk management process and its outcomes are well understood and effectively managed. The risk management process and its outcomes should be documented and reported through appropriate mechanisms to ensure that those responsible for governance are aware of the associated risks and can make informed decisions. The communication and consultation process aims to: communicate risk management activities and outcomes across the organisation, provide information for decision-making, improve risk management activities, and assist interaction with stakeholders, including those with responsibility and accountability for risk management activities and strategic decision-making in advance.
(Shrestha is the Chief Financial Officer of Reliance Life Insurance)