IRM and ORIC International publish guidance notes targeting operational risk for insurance sector

The IRM’s Internal Model Industry Forum is launching two guidance booklets for risk professionals operating in the insurance sector

The IRM’s Internal Model Industry Forum is launching two guidance booklets for risk professionals operating in the insurance sector

The Institute of Risk Management’s (IRM) Internal Model Industry Forum (IMIF) has launched two guidance booklets: Operational Risk Modelling: Common Practices and Future Development (created by ORIC International and the IRM) and Diversification Benefit: Understanding its Drivers and Building Trust in Numbers (created by the IRM).

Capital requirements in respect of operational risk could range from 5% to over 30% of the overall funds an insurer must hold, amounting to hundreds of millions of pounds for major insurers. Unsurprisingly, a more sophisticated measurement of operational risk within risk-based capital models is moving up the agenda. However, defining a robust and value-adding process to arrive at a credible capital requirement for operational risk is no easy task.

While most of the technical aspects of capital models for insurers are now relatively well developed, industry players, regulators and Boards of Directors alike recognise that areas of vulnerability remain, including the modelling  of operational risks. Until now, the industry’s lack of consistency and definition in this area has run the risk of delivering inaccurate capital requirements.

Devised by the IRM and ORIC International, the guidance entitled Operational Risk Modelling: Common Practices and Future Development aims to change that situation. It approaches operational risk in the context of insurers’ internal risk models, duly examining how to validate and communicate the assumptions and techniques involved to produce an end result that’s understood and trusted by both organisations and regulators.

Major points for recognition and action

Key points to note for practising risk professionals are as follows:

*There’s no ‘one size fits all’ approach to modelling operational risk and model design choices need to be carefully selected

*If the model can also be used for a wider range of purposes – including as a viable tool for supporting decision-making across the entire company – then the business case for development, maintenance and evolution of the model is far more compelling

*The most vital learnings from the experience of other industries are without doubt around the importance of making modelling an element of the overall risk management framework and focusing on the use of the model by senior management and decision-makers

*In order to calculate their capital figure for operational risk, most firms are using – in varying combinations and to varying extents – some form of hybrid modelling approach alongside scenarios and loss data

*Correlations appears to be an area where collaboration could help to derive industry Best Practice and perhaps even reach a consensus on an accepted approach to generate these correlations in future

*Firms modelling by frequency and severity separately also appear more willing to use multiple types of distribution depending on the operational risk being modelled and the availability of meaningful loss data

*One area of clear convergence is the technique to derive the aggregated loss outputs, with 78% of those surveyed using Monte Carlo simulation

Jose Morago: chairman of the IRM

Jose Morago: chairman of the IRM

*There is perhaps more focus on the validation of expert judgement in operational risk due to its pervasiveness throughout the whole operational risk model, particularly so in those firms relying heavily on scenario assessment

*The level of independence and oversight provided by executive ownership could be a very powerful validation tool for those companies in a position to follow that path

*The stability of the model and robustness of its underlying assumptions will be an important area of focus for the technical validation process

*A company can have a first class approach to modelling operational risk but must properly document its actions in order for its internal model to receive approval

*It will be vitally important to use feedback received constructively and employ it as a means of effective engagement with the regulator

Diversification Benefit: the potential for diversification credit

Jose Morago, the IRM’s chairman and founder of the IMIF, explained: “The Solvency II legislation recognises that the overall risk exposure of insurers can be reduced by the diversity of their business. This is because the adverse outcome from one set of risks can be offset by a more positive outcome from a different, uncorrelated set.”

Morago continued: “The amount of money at stake is significant: this ‘diversification benefit’ could potentially reduce the capital that an insurer is required to hold by up to 50%, which could amount to billions of pounds for a major multiline insurer.”

However, understanding and calculating the drivers of diversity within the internal model, working out the appropriate level of diversification benefits and making sure that this results in a credible number for the business and the regulator are not easy tasks.

The guidance booklet entitled Diversification Benefit: Understanding its Drivers and Building Trust in Numbers addresses this industry problem by looking at how insurers’ internal risk models should take account of the potential for diversification credit. It also examines how the assumptions involved can be properly validated and communicated in order to produce a result that the organisation and the regulators may both understand and trust.

Michael Sicsic, chairman of ORIC International, commented: “Operational risk management is still a relatively new discipline and quantification appears to be the cornerstone of raising the bar for operational risk practitioners and, more importantly, senior management when it comes to their decision-making processes. Indeed, the quantification of operational risk is a critical milestone in the journey of achieving the same maturity level in managing operational risk as is regarded to be the case in the other more established areas of enterprise risk management, such as credit, market and insurance risk.”

Sicsic added: “Preparation for Solvency II has prompted significant progress within the industry in the last two years in order to better quantify operational risk. Quantification is now regarded as a key tool for the management of operational risk so this represents a huge step forward compared to approaches under the previous ICA regime.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts