Enterprise Risk Management

Stephen P. DArcy
Fellow of the Casualty Actuarial Society
Professor of Finance
University of Illinois
UNSW Actuarial Studies Research Seminar
3 July 2007
Sydney, Australia

What is ERM?
ERM is the application of the basic risk management
principles to all risks facing an organization
Other names for ERM
Enterprise-wide risk management
Holistic risk management
Integrated risk management
Strategic risk management
Global risk management

Genealogy of ERM
Risk Management 1960s
Financial Risk Management 1980s
Enterprise Risk Management 1990s

Basic Risk Management Principles

1. Identifying loss exposures
2. Measuring loss exposures
3. Evaluating the different methods for
handling risk

Risk assumption
Risk reduction

4. Selecting a method
5. Monitoring results

Risk transfer
Hedging

Why Manage Risk?

Diversifiable risk argument
Shareholders are diversified investors
They will not pay a premium to reduce unsystematic risk

How risk management can add value

Decreasing taxes
Decreasing the cost of financial distress
Customers
Employees
Suppliers

Facilitating optimal investment

Helpful Reference
ERM: Theory and Practice by Ren Stulz and Brian Nocco
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=921402

Traditional Risk Management

Formally developed as a field in the 1960s
Pioneers were two insurance professors at the University of
Illinois
Bob Mehr and Bob Hedges
Risk Management in the Business Enterprise, 1963

Focused on pure risks

Loss/no loss situation

Often could be insured

Managing risk involved reducing frequency or
severity of losses

New Elements of Risk 1970s

Foreign exchange risk
End of Bretton Woods agreement in 1972
Commodity price risk
Oil price fluctuations of the 1970s
Equity risk
Development of option markets - 1973
Interest rate risk
U. S. Federal Reserve Board policy shift 1979
Similar changes worldwide

Failure to Manage Financial Risk

Foreign exchange risk
Laker Airlines 1970s
Borrowing in dollars
Revenue in pounds

Interest rate risk

U. S. Savings and Loans 1980s
Borrowing short
Lending long

Commodity price risk

Continental Airlines 1990
Fuel costs not hedged
Oil price doubled with Gulf War

The New Risk Management -1980s

Financial risk management
Dealt with financial risk
Foreign exchange risk
Interest rate risk
Equity risk
Commodity price risk
Use derivatives to hedge financial risk

Financial Risk Management

Toolbox

Forwards
Futures
Options
Swaps

New Elements of Risk 1990s

Failure to manage derivatives appropriately

Financial model failures
Improper accounting for derivatives
Operational risk failures

Mismanagement of Financial Risk

Mismanagement of derivatives
Proctor and Gamble
Barings Bank
Orange County

Model failure
Long Term Capital Management

Accounting improprieties
Enron and Arthur Andersen

Foreign exchange rates

East Asia currency crisis

The New Risk Management - 1990s

and beyond
Enterprise Risk Management
Initial focus on avoiding derivative disasters
History of managing risk, not managing performance
Slowly developing into optimizing firm value

Chief Risk Officer

Sarbanes-Oxley Act 2002
Basel II
Solvency II
Increased focus on risk models

The Problem With Risk Management

Risk Management
Focus was on pure risk (insurable, hazard)

Financial Risk Management

Value-at-Risk measure of certain percentile loss

Enterprise Risk Management

Incorporates all risks facing an organization
Name suggests focus still on managing downside risk

Need for New Emphasis

(and Perhaps a New Name)

ERM is not just managing downside risk

More on the lines of risk-return tradeoff
Incorporate portfolio theory
Combine risk reduction (insuring, traditional
risk management) with investing for expected
gain
Need consistent approach for addressing both
aspects of financial decision making

ERM Risk Categories

Common risk allocation
Hazard risk
Financial risk
Operational risk
Strategic risk
Bank view New Basel Accord
Credit risk
Loan and counterparty risk

Market risk (financial risk)

Operational risk

Hazard Risk

Pure loss situations

Property
Liability
Employee related
Independence of separate risks
Risks can generally be handled by
Insurance, including self insurance
Avoidance
Transfer

Financial Risk
Components

Foreign exchange rate

Equity
Interest rate
Commodity price

Correlations among different risks

Use of hedges, not insurance or risk transfer
Securitization

Operational Risk Definition

Per Basel II:
Operational risk is defined as the risk of loss resulting
from inadequate or failed internal processes, people and
systems or from external events. This definition includes
legal risk, but excludes strategic and reputational risk.

S&P 2005 Insurance Criteria document:

Operational risk includes Distribution, process and
people, fraud and internal control, outsourcing,
reputational, information technology, human resources,
regulatory and compliance, change management, and
business continuity

Operational Risk Definition.

(cont.)
Per Casualty Actuarial Society:
Risks from

Business operations
Empowerment (leadership, preparation for change)
Information technology
Information / business reporting

Operational Risk Examples

HIH Insurance
Under pricing and under reserving
Unfamiliar with new markets

Backdated options
over 130 public companies
options with exercise prices below market value

Meijer price discount (May 2007)

50% discount meant to apply to one item
applied to everything sold in every store for 1 hour
estimated loss $750,000

Operational Risk References

The Market Value Impact of Operational Risk
Events for U.S. Banks and Insurers by Cummins,
Lewis and Wei
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=640061

Introduction to Operational Risk by Mango and

Venter
http://www.actuaries.org/ASTIN/Colloquia/Orlando/Papers/Mango3.pdf

Strategic Risk Definitions

A strategic risk is a risk a company takes to fulfill its
objectives
www.harperrisk.com

Risks that arise in pursuit of business objectives

Emblemsvag and Kjelstad (2002)

Stategic objectives ... relating to high level goals

COSO Integrated Framework (2004)

Helpful reference
Mango (2007)
http://www.actuaries.org/ASTIN/Colloquia/Orlando/Papers/Mango1.pdf

Strategic Risk Examples

Competition
Regulation
Technological innovation
Political impediments

Examples of ERM - 1
Michelin contingent capital
Issued by Swiss Re New Markets and Societe Generale
Option to draw on subordinated long-term bank credit
facility
Option to issue subordinated debt at fixed spread
This option can only be exercised if GDP growth falls below a
trigger (1.5% 2001-03, 2.0% 2004-05)

Examples of ERM - 2
United Grain Growers risk integration
Issued by Swiss Re
Grain volume coverage
Integrated with other property/liability coverages
Three year policy
Annual aggregate retention
$35 million annual limit
$80 million policy limit

Examples of ERM - 3
RLI Corporation Cat-E-Puts
Arranged by Aon, issued by Centre Re
Three year term
Provided an option to issue $50 million in
convertible preferred shares
Trigger was major California earthquake
Subject to minimum capital requirements

Examples of ERM - 4
Honeywell 1997
Old approach
Separate annual insurance policies for each hazard
Options used to hedge FX risk

New approach
Multiyear combined hazard and FX risk policy
$30 million annual retention based on simulation
model

Current Status of ERM

Starting to put ERM framework together
Forming committees to deal with risk
consistently
Starting to integrate risk management across
silos
Developing lists of top risks (downside) the
organization faces
Often rating agency driven

Future of ERM
ERM will continue as risk consolidation and
aggregation
Process increases value of risk management skills
Management is concerned with risk control issues
Chief Risk Officer will be a visible figure in an
organization
Need for consulting help to get process started
ERMs role in optimization has a long way to go
Potential benefit is worth pursuing for pioneers