Effective Risk Reporting

Sunder Krishnan
Chief Risk Officer
Reliance Life Insurance Company
2007 Global crisis

• One of the most significant lessons learned from the global financial
crisis that began in 2007.

• Information technology (IT) and data architectures were inadequate to

support the broad management of financial risks.

• Weak risk data aggregation capabilities and risk reporting practices.

• Severe consequences on the stability of the financial system as a

whole.

• As a result, the Basel Committee has issued supplemental Pillar 2

(supervisory review process) to enhance ability to identify and manage
risks

Confidential Slide
 The Anthem case – Hackers stole massive data
 Tens of Millions of Anthem Inc. Customers in a massive data breach
 Largest in Corporate History
 Personal Information compromised - Name, Birthdays, Medical IDs, Social
Security Numbers, Street Addresses, e-mail addresses, employment information,
Income data
 Damage is being assessed – not yet known whether credit card data is
compromised – FBI is investigating
 Very Sophisticated external cyber attack
 Largest in the series of companies to suffer severe data breaches
 Very swiftly informed the authorities
 Personal Apology by CEO to all the customers / members
 Everyone urged to change their passwords – all customers would receive some
Identity Fraud Protection ???
 Last year hackers obtained credit card data of 40 Million Target Shoppers as well
as personal information of 70 Million Customers

Confidential Slide 3
Risks - Traditional
Insurance
 Lower Persistency than expected – Morbidity & Mortality
 Expenses / costs – underestimated Risks for Life &
 Customers / agents / advisors not adequately identified claims & pricing for
Non-life
 Inadequate distribution or product roll out
 Inappropriate selling practices
 Morbidity & Mortality estimations deviate from actual
 New Businesses lower than expected Financial /
Reporting reliability
 Inferior return on investment Risk
 Solvency / fund crunch issues
 Compliance issues with Agents exams & training
 Infrastructure not geared up for new businesses
 Inadequate investigation of death / accident claims
 Inadequate underwriting guidelines – lack of tie ups with adequate number of
quality medical centers, inadequate documentation & information obtained from
policy holders

Legal / Regulatory / Operational

Reputation Investments Ethics / fraud – People, Technology
Risk Risk Risk & Process Risk

Confidential Slide 4
Emerging Risks
 Unforeseen risks from technology – hacking, malfunction, not meeting requirements
 International terrorism
 New diseases
 Untested areas of insurance
 High competition and thin margins – leading to inferior risk basket of proposals (wrong end of
the cycle)
 Need for scale – expectations of high volumes and market versus reality
 Need for Intermediation – banks, MF, Distributors…..support infrastructure
 Not adequately geared yet
 Infrastructure issues – not adequately supporting micro Insurance
 Thinning talent pool of updated insurance professionals compared with the demand
 High attrition rates
 Changing technology – necessitating constant upgrading – funds guzzler
 Increasing customer awareness and expectations
 Risks on processes, technology and people – leverage required to grab opportunities and
meet severe competition
 Outsourcing risks
 Innovations – face regulatory risks
 Alliance risks
 Corporate Governance Risks
 Marketing – Hype risks

Confidential Slide 5
Need for Effective Risk Reporting

• Enhance the infrastructure for reporting key information, particularly that used
by the board and senior management to identify, monitor and manage risks
• Improve the decision-making process throughout the organisation;
• Enhance the management of information across legal entities, while facilitating
a comprehensive assessment of risk exposures at the global consolidated level;
• Reduce the probability and severity of losses resulting from risk management
weaknesses;
• Improve the speed at which information is available and hence decisions can
be made;
• Improve the organisation’s quality of strategic planning and the ability to
manage the risk of new products and services.

Confidential Slide
Principles of Effective Risk Reporting
1. Governance
2. Data architecture and IT infrastructure
3. Accuracy and Integrity
4. Completeness
5. Timeliness
6. Adaptability
7. Accuracy
8. Comprehensiveness
9. Clarity and usefulness
10. Frequency
11. Distribution
12. Review
13. Remedial actions and supervisory measures
14. Home/host cooperation
Confidential Slide
Internal Financial Framework Overview
Clause 49, listing agreement Listed
•CEO/ CFO Certification
•Establish and maintain internal Control
•Evaluate effectiveness of the internal
control systems
•Deficiencies in design or operations of
internal controls
•Steps taken to rectify the deficiencies
Framework
Confidential
Listed /
Companies Act 2013, Unlisted
Sec 134: As per section 134 (5) (e) of the Companies Act
2013, directors need to make an assertion in Directors
Responsibility Statement that they have laid down internal
financial controls to be followed and that such IFCs are
adequate and operating effectively.
Section 177: Under section 177 (4) (vii), the duties of the
Audit Committee include evaluation of internal financial
controls.
Section 143: Under section 143 (3) (i), Statutory Auditors are
required to make a statement in their Auditors Report,
whether the company has adequate IFC system in place and
the operating effectiveness of such controls.
Schedule IV: The roles and functions codified in Schedule IV
of The Companies Act 2013 clearly state that independent
directors shall satisfy themselves on the integrity of financial
information and that financial controls and systems of risk
management are robust and defensible.
Adequate Operating Effectively
Slide
Internal Financial Framework Overview
Definition of Internal Financial Controls as per Companies Act, 2013

“policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to
company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the
accounting records, and the timely preparation of reliable financial information”

Controls to address
Financial Reporting
Financial Assertions
Controls
(includes Fraud and IT risk)

Fraud Implications
Operational
Controls
Efficiency / Service
Implications

Technical Controls Quality / Maintenance / etc

Confidential Slide
Enterprise wide Risk Management – The Building Blocks

Effective Risk Reporting is an important part of ERM governance

Confidential Slide
RISK MANAGEMENT WORKING STRUCTURE

Operational Risk Market & Credit Risk IT Risk & BCP Insurance Risk

1. BCP monitoring 1. ALM Monitoring &

1. Risk Investigation • Mid office -
& co-ordination co-ordination
2. Risk Projects Investments
2. DR follow-ups 2. Insurance risk
3. KRI Dashboard
• Market Risk MIS
3. IT risk review & measures
• Limit Monitoring
4. Risk Mate / Automation co-ordination
• Voice Call Tracking 3. Strategic risk
5. MIS and reporting 4. IT Risk 4. Underwriting Risk
• Personal Trading
• Credit Review Assessments 5. Actuarial Risk
• Investments concurrent 5. CAATs
1. Risk Review
audit co-ordination
2. Continuous Monitoring
3. Risk Assessments
4. Risk & Control Self
Assessment
Both Reputation and
5. Risk based internal Financial impact of
audit Co-ordination
6. BCM audit monitoring each risk is
managed
Confidential Slide
 How an Organization could gear up for best practices in Risk Management

Strategy

Environment Rating
Investors Analysts Regulator
Agencies
Finance
Enterprise Risk Management

Risk Economic Risk Portfolio

Strategy Appetite Capital Diversification Optimization
Compliance

Risk Risk Risk RM

Process Modeling Mitigation Financing Framework

ORSA Data Reporting Operations

Infrastructure Mgmt
Modeling Risk Mgmt
Information
Projects

Stakeholder Solvency & Financial

Disclosure Accounts
Mgmt Condition reporting Business
Units

Confidential Slide 12
Effective Reporting at Reliance life

Confidential Slide
 Creating a Heat Map and Mitigation
12 36
6

Catastrophic

27

39 32 37
6 6
Major

I 10 21 11

M 28 26 25 35 38 23 22 3 24
P
6
Moderate 29 30 31
A
5 6 7 8 2 1
C 20 4
9 33
T
17 16

18 19
Minor
Plan of action for
14
Red Risks
34 15 13
Responsibility for
Insignificant action
Follow up and
Rare Unlikely Moderate Likely Almost Certain update
HEAT - MAP
L I K E L I H O O D
Confidential Slide
 Risk Management Framework & Committee

Broad objective of the Risk Management Committee is to ensure that risk

management processes are followed as per COSO guidelines.

Confidential Slide
 Export – Web
Send researches to an Intranet server and give users navigation and graphic tools

Trends and Customers'

Reports' Products Create Claims
Forecasting profile
generator management Pricing
Expense Mgt. - Reporting
-Portfolio - Buildnew pricings
- Taylor made - Claims' explorer
- Follow up in time segmentation - Profit and Loss . in Pure Premium
of profit centers Reporting
- Cross-selling areas . in % of value - Reserving
(Agents, Products…) Triangulations
- Expenses - Taylormade
-New policies' profiles - Review pricings - Frequency and Cost Stochastic models
Reporting follow up of entities
- Lapses' profiles modeling
- Trends and - Claims
- Define specific - Simulations
Budget - Scoring segmentation
indicators on new pricings
-Business simulations

Import Clean data Make Analyze the Real Time Portfolio

files Create insurance Risk Premium and processing explorer
variables calculations stratify values

System 1 System 2 System N-1 System N

(example: Auto Company A) (example: Auto Company B) (example: Fire) (example: product p)

Periodic
Confidential update (copy) of the information – Policies, Expenses and Claims Slide
 Evaluating Risk Appetite
• Risk return expectation of the bank
• Risk grade of the portfolio
• Define vision
• Design/Review target 2. Evaluate Risk
portfolio by Assessment
– Industry
– Geography 1. Strategic 3. Set Target
– Product type Planning Returns
• Distinguish between • Competitive
– Corporate positioning
– Retail (personal, • Strategic aspirations
Ongoing Planning
SME) • Risk/return profile
and Performance
– Treasury of SBU’s
Measurement Process

6. Monitoring And
Performance Reporting 4. Allocate
Capital
• Risk position • Capital allocation
• Comparison of actual v/s 5. Business Unit
Transactions
• Risk weighted return
target portfolio
measurement
• Risk adjusted performance • Risk incurring
measures
transactions
• Financial performance • Risk mitigation tactics

Confidential Slide
Reporting requirements

Monthly Risk meeting on Risk practices and implementation

Quarterly CRO meeting on review o f Status
Reliance Capital
(Group Quarterly Group Conglomerate meeting on aggregation of risk practices
Company) Monthly reporting on Risk trending, indicators, market risk and operation
risk

Annually reporting of all policies procedure and practices

Nippon Life Risk Inspection of risk management and audit practices annually
Reporting

Conducting various audits and submitting reports to stakeholders and

regulators
Audit
Internal audit, IFC review, Statutory audits and concurrent audits

Confidential Slide
Reporting requirements
Monthly Risk meeting on Risk practices and implementation
IRDA reporting Quarterly CRO meeting on review o f Status
Quarterly Group Conglomerate meeting on aggregation of risk practices
and other
Monthly reporting on Risk trending, indicators, market risk and operation
regulatory risk
reporting Collation of various reports of risks, frauds, investments and market risk

Quarterly reporting to Board for the following activities

Financials
Risk Dashboard
Key risk indicators
Quarterly audit report of financials and key regulations by auditors
Internal audit report
Investments
Board and ALM Report (Asset Liability Management)
Executive Compliance update – circulars and reporting deadlines
Management Monthly reporting to Executive Management
Risk Dashboard to Risk Committee
Key ratios and key risk issues
Compliance Update
Dashboard of various service TATs
Investment committee
ALM committee

Confidential Slide
Expectations from Actuarial for Effective Risk Reporting

Adequate Statutory reserving

Effective disclosure on Business /Product Assumptions
Expectations Monitoring of Assumptions vs actual of insurance risks such as
from Actuarial for claims, mortality, persistency, expenses and new business

Effective Risk Business parameters

Reporting Channel wise monitoring

Product wise monitoring

Confidential Slide
 Risk Management Framework
 Risk Management framework with independent reporting line to CEO / CRO / Group – matrix
reporting to Audit committee and Board
 Governance – Policies and processes
 Identification – Risk Assessment, Stipulation of risks along processes and projects
 Measurement – Quantification and Qualification of risks and losses / impact – Financial and Reputation – risks not measurable are qualified
 Monitoring – Identification, tracking and control of risk events and resolution thereof
 Mitigation – Proactive management of risks
 Quarterly review of the framework – efficiency and effectiveness
 Appointed Actuary a part of the Risk Committee / Framework
 Risk Management operational framework – few key areas: 

 Operational risks, Product / Pricing risks, Risk Transfer to Reinsurance,

Underwriting policies….  Awareness  Vulnerability  Assessment
 Fraud prevention framework, Mis-selling, Investigations,
 Risk Control and monitoring
 ALM risk or a separate ALM / ALCO with AA as a member
 Insider Trading Policy
 Information Systems Risk  Responsibilities  Policy  Controls
 Risk Management processes – key processes: Control Self Assessments,
Root Cause Analysis, Risk Assessments and Risk Reviews

 Whistle blowing  Measurement  Detection

Confidential Slide
 Solvency II Architecture
Three Pillars

1. Quantitative 2. Qualitative 3. Disclosure &

Requirements Requirements Reporting

•Market Consistent Valuation

•MCR & SCR
•Formula to calculate SCR is
likely to be based on Tail Value
at Risk VaR 99.5% 1-Year
•MCR-relation to SCR to set up
•Internal models for SCR
•Recognition of Credit Risk
mitigation
•Recognition of Credit for
diversification
•Emphasis on good governance •New requirements for
disclosure to harness market
•Own Risk & Solvency Ass. discipline in support of
achieving regulatory objectives
•Supervisory Review Process
•New requirements for
•More developed than in Basel transparency

Third pillar of Solvency II Architecture requires Effective Disclosure and reporting

Confidential Slide
 Integration of ORSA with Internal Solvency II
Model
Fit & Proper Risk
Management
Systems
Pillar I – Quantative
Pillar II - Qualitative General
Own Risk and
Solvency Assessment
Governance Internal Audit
Operational Risk
Market Risk
Actuarial
Underwriting Risk Outsourcing
Function
Default Risk

Good Repute Internal

Control

Confidential Slide
 Integrating Risks to Solvency II Model
 Counter Party Default Risk

 Using Exposure, Probability of Default and Loss Given Default

 Type I Exposures:
 Reinsurance arrangements, Derivatives, Securitizations, Deposits with
ceding institutions, letters of credit and cash at bank. =>99.5th percentile of
the variance of the combined exposure

 Type 2 Exposures (More diversified but unrated):

 Receivables from intermediaries, policyholder debtors and deposits with
ceding institutions (if numbers of counterparties are below a certain
threshold) => Sum of the [Exposure multiplied by a (generic) Risk Factor]

 Credit derivatives: credit risk transferred goes to (market) credit spread risk

Confidential Slide
 Integrating Risks to Solvency II Model – Continued…

 Market Risk

 Interest Rate Risk: Increase in the volatility of Interest Rates

 Currency Risk: Most Onerous result for each individual foreign

currency and the aggregate

 Stress Risk: Credit Stress vary by duration

 Property Risk: Consider differential shocks to commercial, retail and

other types of property

 Concentration Risk: Thresholds 1-2% (from 3-5%)

Confidential Slide
 Integrating Risks to Solvency II Model – Contd…

 Life & Health Underwriting Risk:

 Mortality Stress: 15% permanent increase in Rates (from 10%)
 Morbidity/disability Stress:
 20% permanent decrease in recovery rates
 Inception rates 50% increase (from 35%) in inception rates in year one followed by 25%
increase for all subsequent years

 Lapse Stress: The greater of

 50% increase in lapses
 50% decrease in lapses
 Sum of 30% of surrender strains of policies where the surrender strain is positive

 CAT Risk:
 A 2.5 per mile mortality catastrophe test (from 1.5 per mile in QIS 4)
 Morbidity CAT stress moved to health risk – a number of pan – European catastrophes will
be developed

Confidential Slide
 Integrating Risks to Solvency II Model –
Contd…
 Operational Risks

 Additional elements:
 Risks arising from any external management of investments:
 0.5% of highest amount held with a single 3rd party management company
 Risks associated with increased business activity:
 Additional capital if the technical provisions/earned premium are expected to
increase by more than 10% over the year
 Risk associated with the use of management actions in calculating life provisions:
 An increase in the loading applied to life technical provisions
 Substantial increases in the capital factors:
 Still no credit for diversification between operational and other risks

Confidential Slide
 Risk Appetite
 Environment risk
 Country Risk and Macro Indicators
 Nature of business, regulations and Impact
 Industry trends
 Profitability
 Asset base and solvency
 Stake holders expectations
– Owners
– Regulators
– Government
– Customers
Confidential Slide
Risk Management Strategy
Risk Management Framework

 Enhancement and Extension of risk framework across

 Support to Risk Based Capital

 Rating for ERM (Enterprise Risk Management)

Self Risk Management

 Self Risk assessment across functions and decentralization

 Facilitation process

 Corroborative Risk Management

Automated Risk Management

Quantitative Risk Management tool

Embedding risk management in process, technology and trainings

Confidential Slide
 Improvement in risk management practices
Need to integrate these practices into the management process
Possible change in organization structure
Greater volatility in balance sheet
Possible move to less volatile asset classes
Greater diversification of assets and use of risk mitigation
Increased capital requirements for higher risks
More innovative risk management
Industry consolidation
Changes to product design
Revision of product diversification

Confidential Slide
 Expected Impact on Insurers

Confidential Slide
 Some Key statistics

Confidential Slide
Thank you