Risk management

Nick Furlonge, Director of risk management

The risk management team is now equipped to operate in a Solvency II environment, providing challenge to the business and reporting to the board on the risk landscape and how it is changing over time.

 

Year in review

Beazley has made significant progress during 2010 in preparing for Solvency II, an important element of which has been the enhancement of its risk management framework. The board has supported this preparation by investing time and resource to review and develop the global assurance functions so that Solvency II creates an opportunity rather than becoming a regulatory burden. The board has reaffirmed its risk appetite within each of the eight risk categories and has cascaded this appetite to the underlying 54 risk events to help the business operate within the required tolerances. The board has also overseen a full review of the control environment to confirm that the controls have been established with reference to risk appetite. Finally, the risk management team have expanded the risk reporting to the relevant committees and boards to further support decision making in the group. 

The main outcomes from the review of the risk management framework have been to:

  1. Maintain consistency across the group: The operational requirements of the underwriting and claims teams have been restated as minimum standards to ensure a consistent level of risk mitigation across the group.
  2. Provide clarity of approach: The minimum standards and revised control articulation provide greater clarity to the teams about senior management’s expectations of performance. 
  3. Document: There has been increased focus on ensuring that the documentation of processes is appropriate and in line with Solvency II requirements.
  4. Evidence: In a Solvency II environment, evidencing of the control environment is an important principle. Strengthening the evidencing requirement allows the board to ensure that the business is managing risk within the approved risk appetite.

Beazley has also invested in people during the year, completing the development of a global risk management team with an appropriate level of resource and the required mix of skill. The risk management team is now structured to assess the technical (or financial) risk, the process (or operational) risk and provide a more extensive programme of risk reporting. The team has been led by Andrew Pryde since 1 January 2011 when he took on a newly created executive role of chief risk officer.  Andrew was previously Beazley’s group actuary. We have also taken the opportunity to recruit risk managers from other industries to supplement the deep insurance knowledge already within the risk management team.

The risk management team is now equipped to operate in a Solvency II environment, providing challenge to the business and reporting to the board on the risk landscape and how it is changing over time.

Looking forward

From 2011, we are establishing a risk and regulatory committee. This committee will meet on a monthly basis and is comprised of members of the executive committee. The committee will benefit from quarterly attendance of non executive directors to provide independent challenge. The introduction of this committee emphasises our commitment to effective risk management.

Beazley continues to transfer the capital model used under the current individual capital assessment (ICA) framework across to a Solvency II compliant internal model. We have experienced that having both risk assessment and risk quantification skills within the risk management team helps to provide a more consistent and holistic view of risk.

The board has identified Beazley’s top three risks as; the risk of systematically mispricing business (market cycle risk), claims from catastrophe events (catastrophe risk) and earnings volatility arising from our investments (asset risk). Beazley continues to focus on the active management of the insurance cycle in light of softening rates and navigating the investment challenges given the current asset markets. Catastrophe risk has always been closely monitored and this will continue to be the case. It is important that these risks are appropriately managed and exploited such that they positively contribute to Beazley’s earnings.

We also continue to closely monitor the reserving risk to maintain a consistent and appropriate reserve strength. This is made possible by the use of tools and management information that was developed internally and has been used since 2004. 

The risk management framework at Beazley

The risk management framework can be illustrated by the following diagram.

The dark blue box illustrates the risk management framework which describes the entirety of Beazley’s approach to risk and is the same across the whole of the group. It is at this level that Beazley identifies risks and the board sets risk appetite. The group then decides how to treat these risks to remain in line with the board’s risk appetite, i.e. accept, avoid, mitigate, transfer or exploit.

The light blue box illustrates the control environment within the risk management framework. It is at this level that Beazley identifies and reports on the controls within the Beazley Risk Register. Controls are set with reference to risk appetite and the inherent risk that these pose to the group.

We operate under the “three lines of defence” concept which is illustrated as follows:  

Line of defence

Responsibility

Activity

First Line

The Business

Management of risk

Second Line

Risk management function

Risk oversight

Third Line

Internal Audit function

Risk assurance

Ensuring that the business fulfils the first line of defence means that the management of risk occurs at or before the point of risk taking. In its role as second line of defence, the risk management team performs ad hoc reviews of the business activities and reports the risk landscape to the board.  Independent risk assurance is provided by Internal Audit as part of their formal reviews performed throughout the year. Operating this multi level review and challenge process ensures robust management of risk at Beazley.

Risk appetite

We currently have 54 risk events within the Beazley risk register.  The main focus of our work in 2010 has been to express Beazley’s risk appetite as the earnings volatility at 1 in 10 likelihood for each risk event. This can be thought of as the risks arising under the board’s “watch”. Having established this, the risk management team, in conjunction with the identified Risk Owners, assesses the residual risk (risk remaining after the application of controls) and compares this against the risk appetite to determine whether the group is operating within appetite.

These expressions of risk appetite complement the existing risk appetite stated at the tail of the distribution (for example 1 in 200 likelihood) as estimated by the capital model.

Risk governance and reporting

Beazley’s reporting structure is designed and driven from the risk management framework and enables senior management to view how the risk environment has changed over the course of time and whether risks are being managed in line with the Beazley’s risk appetite as determined by the Board. Risk management produce a consolidated assurance report on a monthly basis to bring together the views of the first, second and third lines of defence.

The Beazley risk register is used to capture the risk statuses by way of control sign off by the business to indicate how well the controls are performing. Extracts from this software are used to populate the consolidated assurance report for reporting to the relevant committees and boards. 

Procedures are documented with a clear and consistent understanding of the trigger points that will result in issue escalation.  Confidentiality, integrity and availability of information are maintained, in particular for those processes that are critical to business success.

Own Risk and Solvency Assessment ("ORSA")  

The Solvency II Directive indicates that the ORSA is “the entirety of the processes and procedures employed to identify, assess, monitor, manage, and report the short and long-term risks a company faces or may face and to determine the own funds necessary to ensure that the undertaking’s overall solvency needs are met at all times”.

The ORSA is the consolidation of a collection of processes that already exist at Beazley resulting in the production of a quarterly report to provide the Board with sufficient information to enable an assessment of the short term and long term risks faced by the group and the capital required to support these risks.

Eight categories of risk  

Beazley tracks risk in the following eight risk categories, across which a total of 54 risk events have been identified. Each risk event is reported to a specific oversight committee to assist them perform their first line of defence obligations.  All risks events are reported to the risk and regulatory committee, the audit committees and boards.

Risk Category

Risk Definition

Committee

Insurance Risk

The risk arising from the inherent uncertainties about the occurrence, amount and timing of insurance premium and claim liabilities.

Underwriting committee

Asset Risk

The risk arising from adverse financial market movements of values of investments, interest rates, exchange rates, or external market forces.

Investment committee

Operational Risk

The risk arising from inadequate or failed internal or external processes, people and systems.

Underwriting, Investment, Beazley shared services and Executive  committees

Credit Risk

Failure of another party to perform its financial or contractual obligations to the group in a timely manner.

Underwriting committee

Group Risk

The contagion risk that an action or inaction of one part of the group will adversely affect another part or parts.  In addition, the risk of dilution of culture and negative impact on brand.

Executive committee

Regulatory and legal Risk

The risk arising from not complying with regulatory and legal requirements.

Executive committee

Liquidity Risk

The risk from not having available (or access to) the correct level of financial resources to meet obligations.

Investment committee

Strategic Risk

The risk of ineffective strategic direction.

Executive committee