Mr A. N. Hitchcox, F.I.A. (introducing the paper): In my introduction, I am going to talk about managing risks across silos versus managing them together. I am going to talk about how risk changes in its behaviour, i.e. how it becomes transformed when you look at it at different levels. I am going to take you through a picture we have drawn of the investor's total risk and reward at portfolio level, and the issues that can drive that. Finally, I am going to refer to the end of the paper, where we made some suggestions about the governance of risk and risk reporting, again bearing the investor's point of view in mind.

First of all, I treat managing risk across silos. Folk wisdom has it that, in the past, risk was managed separately in silos. You can see the little bubbles from figure 1 of the paper. You can think of them as risk categories: e.g. insurance risk or market risk. You could also think of them as business units or separate companies in a big, multi-national group. The success of ERM is that they are now all being managed holistically.

So, two classic lessons: if you know the risk of the whole unit or the whole group, you will probably take better risk-based decisions than you would if you were looking only at the risks of one of the separate business units or risk categories; and, secondly, the information flows you need to send up to the top of the group will be better and much more efficient if you design them with the whole group in mind. That is the success of ERM.

In our paper, we did not go into ERM at all. We found a very good document, the practice note written by the International Association of Actuaries, to which there is a reference in the paper. I found it very readable, and very informative. We are taking the current state of ERM in insurance companies as read from that paper.

Then we said, “What if we take this thinking and apply it to the investor's point of view?” An investor he has lots of single shares in his portfolio. One of them is our company. We are managers of XYZ Insurance Company, and we know all about the risks to that company. But when you look from an investor's point of view, we are only one of the bubbles at the bottom of figure 1. He has also shares in, say, British Petroleum and Glaxo, and probably has some corporate bonds, and so on. Just as with ERM leads to managing risk better, treating all risks together instead of taking the risks in silos, we said to ourselves: “What happens if you start from this top-down point of view for the investor? What more might we learn about our activities as the managers of the risks of the insurance company?” That was one of our strands of thinking.

The next strand of our thinking came from the observation that, when you model risk all day long, as I do in my job, you notice that it behaves differently at different levels. The customer, say, has one asset: a house or a factory. He has one policy for property damage, one for liability, and maybe one for life insurance. As we all know, he lays off that risk onto us, the insurance company. Let us say that we, the insurance company, operate in a single territory in a few lines of business and write one million policies. The reason we accept his risks is because the fire risk and the liability risk diversify. But, in the very act of those one million policyholders laying off that risk to us, we accumulate a different risk. Suddenly the law of large numbers is not the most important thing. We now get a concentrated risk of natural catastrophe exposures. Also, we get a concentrated risk if court awards change for the liability policies and we get a concentrated risk of secular mortality change or longevity risk on the life insurance side.

The very act of customers packaging it and sending it to us transforms the nature of the risk, and the most important things you need to know about the risk also change.

From the insurance company's viewpoint, one of their methods of managing the risks that have accumulated in the insurance company in a single territory is to try to spread it across many territories – hence the big, multinational groups. But then exactly the same thing happens again. The insurance group owns, say, 20 companies in 20 territories. In the course of that development it diversifies certain risks, so any territory-specific risks should normally diversify unless they are huge, but then it may accumulate a different set of risks. The example I have here is the insurance pricing cycle. The insurance pricing cycle is well-understood, modelled and managed in an insurance group, but let us think about it from the viewpoint of the investor.

We have been a bit vague in the paper about what we mean by an investor. We mean current investors and potential investors. Generally, we are thinking of institutional investors or, in any event, somebody who owns a diversified portfolio of, say, 100 different shares, some of them insurance companies, some of them not. Why has the investor bought 100 shares? Again, it is the same story. He has bought 100 shares to diversify the individual risks. So he has diversified the risks to the insurance industry, and he has diversified the risk to the oil industry, and he has diversified the risk to the pharmaceutical industry. But, as we all know, in that very act he has accumulated different risks. He has accumulated the risk to the general economy, recession, inflation, interest rates, and exchange rates, and so on.

I will touch lightly on the topic of systematic risk and non-systematic risk. His portfolio of shares can move together in value.

So the investor, as with the insurance groups I have worked for, has paid great attention to where different risks arise. The same thought process, applied in insurance companies, can be applied from an investor's point of view. At what level are risks reported? At what level are they modelled? Where do they accumulate? Where do they diversify?

At the bottom of figure 2 in the paper, I have summarised the transformation of risk at the various stages. So local insurance company management is essentially underwriting management. When you get to a large multinational group, you are interested in capital management, and finally, when you are adding the investor's point of view to what the insurance group is doing, maybe you could call this enterprise risk management. That was another thought process that we had in writing the paper.

Then, building on that, we now try to draw a picture of the insurance company inside the investor's portfolio, which is figure 3 in the paper. Once we had this picture in place, it motivated the structure of the rest of our paper. We spent section 1 in the paper building up to this diagram and then sections 2–7 drill into certain bits of this diagram, explaining them in more detail.

Consider XYZ Insurance Company in figure 3 in the paper. The green block arrows that you can see in figure 3 are different sources of risk assessed at the risk category type level. The purple boxes are the things that the investor sees in the company: the franchise value; the required capital; regulatory and rating agency requirements; and any additional capital held for economic capital modelling reasons.

When we, as management, are thinking to ourselves, “How shall we manage those risks and how should we report on them?”, the paper argues that the answer is: “Look at what the investor needs to understand.” He is going to put those risks inside a portfolio, and, when they all interact, he obtains his residual overall risk. We need to be thinking from this level, from the level of his stockholdings, to drive what we do in risk management and reporting inside our company.

The investor's total risk experience is a mixture of all these other companies’ risks together with the insurance company's risks.

Finally, there is the topic of the management's judgment. As you have probably seen when you read the paper, the topics of model risk, agency risk, remuneration policy, and the unknown unknowns, are all becoming more and more important topics. In my personal opinion, that is going to be one of our big areas going forward in the practice of ERM: how to bring out the model risk relating to management's judgment. It is one of those double-edged swords. You build a model. You think it is great. And then, in the next breath, you explain to your user what is wrong with it. You have to handle that dynamic very delicately, because you do not want to sacrifice the credibility that you have just built up in the model. But, you have to keep the user aware of its limitations.

Working on that boundary between model risk and model confidence is quite tricky. I have certainly been trying hard this year with my Board and my shareholders, and it is quite interesting. I see it as one of our big challenges going forward, as actuaries.

That is where we started from. All those pictures and ideas came together in section 1. We then spent many sections explaining them in more detail to clarify them. We decided not to come up with a recipe for a perfect risk report, rather indicate the issues involved. In sections 7 and 8, we indicate the sorts of things that the investor might want to know. The reason I call it governance of risk is that this is what needs to come out of the top of the company when the Board is thinking to itself, “How do I deliver on my duty to my shareholders? I have to report what is going on in this company, including the risks, and these are the sorts of things that the investor might need or want to know about.” So we should consider the systematic risk of the assets, in other words, the correlation of the asset holdings in the company with the financial markets and the impact of the cost of capital on the firm. Then we should consider the systematic risk in the liabilities.

I have certainly seen things written down in papers which say: “Insurances diversify for the stock market. Therefore it has a low cost of capital.” But I know when I look in my firm, I see lots of correlations inside my liabilities, either my current liabilities on the balance sheet today, or my future earnings, where they correlate with the financial markets.

One interesting point that we tried to bring out in the paper is that the topic of the replicating portfolio is becoming very popular these days for modelling reasons. Swiss Re has published a very good document on the economics of insurance, and we give the reference in the paper. They point out how the replicating tool is a very useful management tool to split the risk in the company between the investment risk that is inherent to the products and the bit of investment risk that you introduce voluntarily into the company. In their opinion, that has a big impact on how you assign reward to the investment department versus the underwriting department and has a big impact on understanding the cost of capital.

Then we consider large parameter and trend risks. We explained earlier on that a customer, an insurance company or an insurance group, will try and diversify its parameter risks using the law of large numbers or something like that. But there are some parameter risks which are so big they are really quite hard to diversify, it seems to me. So if we consider longevity risk hitting equities, or if we consider US hurricane or earthquake risk – as you know, people underwrite such risks all around the world because it is such a big risk that it needs to be diversified across many territories and capital providers – you need to tell your investors how much you have of that type of risk, what the trends in it are, and how hedged or unhedged it is. In particular, and this is a dynamic that I always find very interesting, many of the financial economic theories focus on mean-variance type risk, whereas we think of large parameter and trend risk to do with the tail risk.

There is a dynamic going on where, to our investors, we are talking about risk and sometimes are not using the word in the same way they are. We have to be very careful when we are communicating about risk that we make that clear to them.

We also have to discuss, with the investors, our economic capital, and why we, as management, recommend holding a given level – there is the classic phrase: “buffer capital”. What do you hold in excess of rating agency requirements or regulatory requirements? There is a very subtle discussion about the trade-off between protecting franchise value versus diluting the return on equity. To put it very crudely, if you hold the minimum capital possible, your return on equity looks good this year, but if your market share plummets because people will not do business with you, then that is no good for the long-term and, vice-versa, you could hold tons of buffer capital, that means the future earnings value of the firm is really safe against shocks because you are less likely to go bust, but then, of course, you are diluting the return on equity over the long-term. That is a very subtle equation to get across to investors.

Then there is the franchise value of the risks. As you know, the market capitalisation of a firm is sometimes 50% higher than the economic capital held inside the firm. We have just spent lots of time, as actuaries, modelling and managing the risk to the economic capital, but the investor says: “Hang on, a third of my risk, or maybe more, is to do with these franchise values. I need to know more about the risks to that, too.” So, it can correlate with macroeconomic features and also, given the structure of a firm and the way tax and investment works, there are frictional costs which dilute return on equity which, in an ideal world, need to be well-explained to investors.

Then we need to think about better governance of risks. You might say: “Well, the solutions to that are better modelling, better information and better descriptions of what we are doing.” These last two get into a more qualitative area.

So on to model risk and future unknowns. As those of you who have read the Walker Report know, it is recommending, certainly for banks, and I assume it will come to us in insurance companies one day, that boards and risk committees should spend lots of time measuring the known risk against the appetite, making sure the firm is within its risk appetite constraints. But they should also spend more time, and focus, looking forward to the unknown: the unmodelled risks; the model breakdown type risks; and management's judgment. As we all know, a big part of the recent financial crisis was that models that were assumed to work failed completely in certain circumstances and caused big financial losses. We now have to say in our publications to investors whether that could possibly happen to us in the future without diluting their confidence in our current models.

Then there is the classic agency risk. Agency risk has always been known, and it has always been in the textbooks. But how do you report on it? How do you show how you are improving it? That is quite a tough one. It is to do with the behaviour of management. We all know the debates that are going on about remuneration policy in banks at the moment. We can guess that some of that reporting will come our way in insurance companies in the future.

That is a summary of the paper. We have said ERM has been very successful in that it pulls together all the risks in the company. It means that you manage them better, take better decisions and you better design your information flows. Then we have said, “If you apply the same thinking from the point of view of the investor, what ideas do you come up with?” These are the sort of ideas that we have come up. One suggestion for future activity is to focus on these sort of questions, thereby learning how to report differently or better.

Mr J. P. Ryan, F.I.A. (opening the discussion): I should like to thank the authors very much for a very interesting paper with many interesting ideas.

The first thing I should like to say is that it does omit Modigliani & Miller, which is the issue of the franchise value versus the tail risk. Modigliani & Miller basically state that the financing of a firm has no impact on the value of the firm because if you put more debt into it and thereby increase the risk to the shareholder, there will be a higher risk and so everybody wants a higher return. Except for tax, that is generally accepted to be true.

However, I do not think that it applies in the area of financial institutions or, indeed, in insurance companies. The reason for this is that you have two dimensions involved. One is the risk dynamics from the shareholder perspective and the risks for the companies involved. You also have to take into account regulatory capital, the stakeholder's and the policyholder's risk metric curves. Those two are very different. In my view, it is perhaps the most important issue that ERM can make when you are looking at it solely from a shareholder's perspective.

In general, but not necessarily, the policyholder's capital will be greater than the shareholder's capital. So there will be a difference and therefore the financing of that difference is quite important. You can incorporate debt as one option. It can be quite complicated because you have to make sure it meets regulatory and statutory requirements, but that, in general, can be achieved. So, putting that in has a major impact on the value of the firm.

ERM can make a major contribution to how companies can optimise the financing of the firm, and it deals with a lot of the issues surrounding mean-variance risk versus tail risk.

The authors spend some time treating what risk the insurance company should hedge from an investor's perspective. I used to be an investment analyst many years ago, admittedly when there were slightly fewer constraints over insider trading, so it was much easier for management to give information to investment analysts than it is today and therefore you could keep the market informed in ways that are not quite so easy now.

Disclosure of the risk is a much better way of operating, in my view, than insurance companies hedging the risk. There are very few risks that are necessary for insurance companies to hedge. If private individuals, never mind pension funds, can do these things all relatively cheaply in this day and age, I do not think that is really an issue.

But disclosure is important. The example used in the paper, of a very large shareholding in BP, perhaps because they are the largest customer of the insurance company, shows it is very important that such a fact be disclosed. Then the investor can decide whether to take any necessary action or not rather than the company doing that on the investor's behalf, unless, of course, there are sound reasons why the insurance company would wish to act.

One other point, on currency hedging, the second major issue in the seventies and potentially now, is there is a Companies Act requirement that can create all sorts of problems if the value of the company's assets falls below the book value of the issued share capital which will, for a UK company, usually be based in sterling. So, if you hedge heavily against a depreciation in sterling, which clever people obviously would have done earlier this year, and if you overdo it, you can get caught on the bounce going back, which can create problems. It is well worth considering the issue of currency hedging when you are looking at it from the investor's point of view.

The authors have an interesting discussion on the value that ERM provides to shareholders. They suggest that this is an area for further research. I would point out that the Institute of Risk Management has done a lot of work in this area and on risk management in general, not ERM in particular.

The other question they raise is whether ERM should reduce the volatility of earnings, and there is an implication that it might reasonably be expected to do so.

That is not necessarily the case. It might easily increase the volatility of earnings on the basis that, with a more sophisticated modelling system, one can reduce capital requirements. Reducing capital requirements, and still being perfectly safe from a solvency point of view, might increase the volatility of earnings. That is an issue where there may be a trade-off between the shareholder's interest in the regulatory capital and other issues. The authors also quote the PWC report on the value of insurance companies, believing that they are undervalued, which it puts down to opaqueness of information.

I think another major issue is the cyclicality and the volatility of earnings and volatility of other factors with which investors are not familiar. There may be trade-offs in this area that need to be considered.

I think one of the issues for non-life insurance companies in particular, and also I think this applies to life companies, is that there is not enough disclosure of key issues to allow the investor to form other opinions. In the non-life area, particularly in respect of claims and claims reserving, the accountants sign it off, but there is no information, or very little information, from an investor's point of view to ascertain whether it is correct or not, or how conservative it is, or what are the risks involved. So greater disclosure there would, in my view, add significantly to the value of insurance shares in the market as a whole.

Finally, there is a short point at the end of the paper about conflicts between actuaries and other professionals.

In many cases, the conflict is not so much with other professionals because many of the insurance analysts are indeed actuaries or would have certainly had significant actuarial input. It is the different perspective of in-house actuaries versus those from other organisations, which I think is the key point.

I would commend Modigliani & Miller to anybody who is looking at this topic from an investor's point of view.

Mr B. Bergman, F.I.A.: As the authors mention in paragraph 1.2.1, the key contribution of ERM to date has been to bring together all the risks of the insurer to be managed in a holistic manner – no more management of risks within silos. However, most of the enterprise-wide risk management attention to date has focused on matters internal to the enterprise, and in most cases, on matters of most concern to policyholders, e.g. avoiding going bust. Why is this?

In my opinion, this is because the origins of ERM within insurance companies can be traced back to the development of internal (or “economic”) capital models to model the firm's risk-bearing-capital requirements in a far more holistic and risk-sensitive manner than the then existing regulatory and rating regimes.

Now, risk-bearing capital, be it as specified by regulators, rating agencies or the firm's own management, exists primarily for the purposes of protecting policyholders, i.e. for giving a firm's policyholders a measure of comfort that even if the firm suffers a really adverse experience, there is enough slack – the risk-bearing capital – within the firm to absorb the adversity and still meet its contractual obligations to policyholders.

When considering this policyholder perspective, a shareholder asset such as the franchise value is largely irrelevant. If a firm were to suffer such adversity that it loses its risk-bearing capital, any franchise that the firm might have had is likely to evaporate and will have little sale-value to policyholders to help meet their claims.

Hence, I would suggest, that because of its origins in the modelling of the firm's risk-bearing capital requirements, ERM has tended to focus on matters around protecting the capital and maximising the return on this capital.

Regulators and rating agencies, whose key interest is the protection of policyholders rather than shareholders, have encouraged firms to embed their risk-bearing-capital models into the business and to use them – the ‘Use Test’ – in matters relating to the steering of the firm, for example, for capital allocation and pricing, for reinsurance optimisation, for management incentivisation, etc. With stakeholders of such gravitas plugging policyholder-focused risk management and steering, it is perhaps no wonder that management have committed so much of their ERM effort to this rather narrower, inwards-looking, focus.

Can ERM reasonably be expected to broaden its scope to embrace matters that are mainly of interest to shareholders? I think there is a “yes, but…” answer to this question.

The “yes” bit would involve management broadening its scope from today's popular policyholder-focused considerations to other aspects of the enterprise that are of interest to shareholders and which management can directly influence. This would include the protection and growth of the entity's franchise. Matters of steering that are principally of interest to shareholders such as pricing, risk transfer, the firm's excess capitalisation level and its debt-equity mix should take an outside-in (i.e. shareholder) perspective rather than the current inwards-looking perspective. These topics are relevant to the enterprise itself and under the direct influence of management, and hence the ‘E’ of enterprise risk management could quite properly cover such aspects.

The “but” part of the answer to the question that I raised previously relates to some of the portfolio-level disclosures that the authors suggest, in order to allow shareholders to better assess how Insurer XYZ fits into their broader investment portfolios. Management may view these items as being only indirectly relevant to the entity itself. I have nothing against such disclosures in principle. The trouble is that such disclosures may come back and bite management if they turn out to be inaccurate with the benefit of hindsight, or they could compromise the firm's own competitive position or strategy, which could be to the detriment of its shareholders. Perhaps such disclosures go beyond the letter ‘E’ in ERM. On the other hand, lack of transparency is probably a big drag on a firm's market valuation, and so ultimately the benefits of such disclosure may outweigh the possible dangers.

Finally, I will make a few comments on buffer capital. In section 5, the authors talk about buffer capital (or excess capital) that is held specifically to reduce the risks to the franchise value, rather than to meet policyholder financial-strength demands.

In paragraph 5.7, the example is given of a firm that holds capital to a 1-in-10,000-year default level, not because it wants to survive such an extreme event, but rather so that it can keep on operating after the first 1-in-100-year loss at an appropriately capitalised level.

My experience has been that shareholders do not allow firms to run such levels of excess capital. They know that excess capital is particularly costly from a shareholder perspective (agency costs) and there is hence intense pressure on management to return as much excess capital as possible.

Some people may be aware of a major European player that previously specified a default tolerance of two 1-in-100-year losses (which may have been broadly equivalent to a 1-in-10,000 loss). However, my understanding is that the second 1-in-100-year loss was not viewed as a quantum of buffer capital but rather as part of the policyholder-demanded risk-bearing capital itself.

In truth, the entity concerned wanted to hold capital sufficient to survive around a 1-in-10,000-year loss. But who can reliably model a 1-in-10,000 event? In order to leave the realms of fairyland, the entity concerned approximated this by two 1-in-100-year losses. After the first 100-year loss, the remaining risk-capital sufficient to absorb a second 100-year loss would probably only have supported a BB rating, which is hardly sufficient to continue writing uncollateralised insurance business.

Mr O. J. Lockwood, F.I.A.: I believe the paper's focus on incorporating the investor's perspective into an ERM programme is much to be welcomed. I feel this will make an important contribution towards enabling ERM to fulfil its potential of adding value to a business rather than being seen purely as a compliance exercise.

I would like to consider a possible viewpoint of an investor who has just studied a sensitivity analysis published by an insurance company, let us say it is a life insurance company, with the aim of gaining a greater understanding of the risks to their investment. The sensitivity analysis might include the impact of, say, a 1% rise and a 1% fall in interest rates, and the investor might be able to place a reasonable assessment on the likelihood of different interest rate changes and hence, provided there are no significant non-linearity effects, on the company's exposure to interest rate risk.

The analysis might also include the impact of, say, a 25% rise and a 25% fall in persistency, but this is likely to be less useful to the investor as the likelihood of persistency changes of this magnitude depends heavily on company-specific factors and typically there will be limited information the investor can use to assess these factors. There are also likely to be significant risks, particularly operational risks, which are again highly company-specific and about which the sensitivity analysis provides no information at all.

This raises the question of how insurance companies can provide information which would assist investors in assessing these company-specific factors. An obvious way of proceeding here would be to provide information about the types of risk and their magnitudes that the company has experienced in the past, together with any business changes that have occurred that make the company likely to experience different types of risk in the future.

There is much work already done by actuaries which could be leveraged to achieve this. The industry has well developed processes for analysing the changes in value metrics, such as embedded value between successive valuations.

The key area where further work is likely to be required is in achieving a clearer correspondence between the items in such an analysis and the underlying risks the company faces.

With the exception of the expected return on the opening result, every change in a value metric corresponds to a risk faced by the company, which the company should have identified in its ICA and which it will be required to disclose under Solvency II. Companies with strong risk management processes will be able to identify which risks have given rise to most of the movements, and disclose this information to investors. Companies with weaker risk management will be forced to leave significant movements unexplained, and I would then argue that these movements should, almost by definition, be treated as operational risks as they indicate inadequacies in the company's understanding of its risks. A firm which is forced to disclose that a large part of the movement in its results is due to operational risk is unlikely to be an attractive proposition to investors because of the difficulty for investors in understanding the operational risk and the fat-tailed nature of many operational risks. This should therefore encourage companies both to identify further sources of risk which may not currently be allowed for in the ICA and to improve their procedures for quantifying the impact of known risks on their results.

Over time, a picture would build up of the actual impact of each risk factor over each period and where these impacts lie on the assumed loss distributions, which would be disclosed by the firm. It would be valuable to carry out such an exercise for the last few years, including, in particular, the extreme events of 2008, as well as for future years. We are never likely to be in a position to satisfy ourselves that the particular distributional forms assumed by the firm are the most appropriate, but it will soon become clear if the impacts are either consistently positive or consistently negative, suggesting a need to reconsider the experience assumptions. Incorporating the events of 2008 would also help to reveal whether the assumed loss distributions make sufficient allowance for extreme events.

Mr D. M. Pike, F.F.A.: Without trying to devalue at all from the work the authors have done, I should like to step back a little from their argument, taking their starting point in paragraph 1.5.3, which states that there are concerns currently about the under-valuation of shares in the insurance sector. The authors then go on, in paragraph 1.5.4, to argue that this is caused by lack of understanding of risks borne by insurance companies and how the market risks interrelate with similar risks that investors bear through other holdings.

I am not convinced, at this stage, that a better understanding of risks would have an immediate effect on the valuation of shares, because I think that there is another step that needs to be taken first. That step relates to the way in which capital is used in insurance, particularly in long term insurers, concerning which there is still not enough information given for investors to be adequately informed. Use of capital is touched on in the paper in paragraph 8.5.

The problem, of course, is that insurers use not just risk capital but also a lot of capital tied up in prudent reserves for existing business, often for long terms, because the pattern of premium income does not necessarily match the pattern of outgo on claims and expenses and also because of the incidence of commission and other expenses, and so on.

In a mature life insurer, capital is being generated by the existing business at the same time as capital is being consumed by new business. I believe that more information needs to be given on how capital generation compares with consumption, and that investors, as providers of capital, need to understand this better before they are ready to make use of the sort of risk information that this paper proposes. I am sure that actuaries have an important role to play in this capital generation information as well as in risk information.

Mr C. N. Critchlow, F.I.A.: It is pleasing to see risk management taking an ever-increasing profile within discussions at board meetings, and the issues highlighted within the paper provide an excellent contribution to the disclosures that firms could consider making.

I would like to make two fairly high-level observations.

The key to effective risk management is not so much in quantifying the capital that firms need to hold, but is very much focusing on what actions firms need to take to mitigate those risks. This can be a difficult area to document and indeed I can foresee firms being quite reluctant to disclose what actions they are proposing to take in those situations. But it is fundamental to understanding the context in which the numbers are calculated and presented for people to gain any confidence in the numbers that are given to them.

The second point I would like to make is that we do live in a competitive world and there is huge pressure when trying to report to the outside world, who are essentially our prospective investors. Fortunately, there are lots of very clever actuaries out there and they all find good ways of enhancing the numbers that they study. So it is only by reducing the opportunities to vary the underlying methodology and assumptions that I think investors are really going to gain any long-term credibility in any ERM information that is supplied to them.

Mr M. G. White, F.I.A.: So many ideas occur as one reads the paper that there is too much to say. I will limit myself to two things.

First, I refer to the work by Mr Smithers cited in paragraph 6.19. I read his book recently, “Wall Street Revalued”, and cannot commend it highly enough to this audience. I believe it contains insights which are relevant to almost everything we do. He puts forward a concept of a true or correct value of the equity market which helps one judge whether it is high or low on a prospective basis, considering here periods of decades rather than just individual years. Whether or not you believe exactly what he says, it is still very thought-provoking.

The sad conclusion is the market is either too high or too low, sometimes materially so for long periods, and if you are part of the lucky generation who own equities during the years of low prices and good returns on reinvested dividends you do well. But if markets are high, and this can occur, for example, when interest rates are low, you can expect your prospective returns to be low. Looking at the past in this way brings home how challenging it is to advise on a sensible investment strategy.

I think what the paper says in paragraph 6.19 is not quite in line with what Mr Smithers says, though. He says Tobin's q and cyclically adjusted p/e are a good way of valuing the market as a whole, but they do not work for individual companies. I understand that part of the reason is that some companies create value and some destroy it. Some have a positive franchise value, to use the language of the paper, and some have a negative franchise value.

Now to my second point: shareholder value. What is it? Do we all agree what it is? Well, as you will have guessed, I am going to point out that shareholder value is many times used in arguments within the paper but at no point is it defined. I will tell you what I think shareholder value creation is not. It is not dividends during a short period plus share price movement over that same short period. But I have a horrible feeling that is what people think it means. At many points during the paper the argument, “If you do this, the share price will be higher” is used as a potentially persuasive argument for ERM and other related initiatives. This makes me ask how deeply “rising share prices is a good thing” is embedded into our culture as actuaries. I know it is embedded into wider society but I believe we should know better. We all know too well that management actions which are motivated by share price movements do sometimes verge towards the egregious. The paper mentions governance of risk models. I think that risk models need to pay a lot of attention to what I view as the most dangerous risk of all which is improper motivation of top management.

Mr T. Béhar (Président, Institut des Actuaires): Thank you Mr President for your invitation which gives me the opportunity to study this very interesting paper. I will make some initial comments about it and then speak about the French work on ERM.

First, risk is value and value is risk. To deliver both risk and value, you need a time-framework. This time development could be further taken into account in this paper.

Second, in Solvency II, we do not have only the one-year term perspective, but also the own risk assessment which gives a greater period to consider. We have to consider the same thing from the investor's point of view. The investor should produce his own risk assessment to consider if the investment in insurance with value and risk perspective fits with his own liabilities and solvency risks.

In France, Institut des Actuaires recognised two years ago that risk management was a very important topic for the profession. As you know, in the Solvency II directive, there are two major functions which can be held by actuaries. There is the actuarial function and the risk management function. We chose in 2008 to enter the risk management area because we considered that we have to prove actively that actuaries are best placed not only to measure the liability side, the technical reserves, but also the solvency capital requirements. It is quite natural for actuaries to advise on technical provisions but some people inside Europe thought, and think, that it is not obvious for us to be involved with solvency capital requirement evaluations. That's why we entered and signed the Enterprise Risk Management CERA treaty in 2009 and that we began with a one-year 150 hours CPD formation. We delivered the first “Actuaires expert ERM” diploma at the end of 2009. We have limited the course to actuaries with at least five years of professional experience.

As a conclusion, the Institut des Actuaires is proud to help demonstrate that our profession is well-equipped on not only the liability side but also on the risk management side.

The President: I must commend the work that Mr Béhar and the Institut des Actuaires are undertaking. I think it shows that this is indeed a European initiative and I am also hoping that the paper receives some exposure across Europe.

I will make a few short comments of my own, more as a user and as somebody who has been deeply involved in trying to make an ERM model practical.

My overall reaction to the paper is that it is very comprehensive but I am struck that it still places reliance on models, notably models of how risks are correlated and models of how investors look at issues. We should be sceptical of too much reliance on models in quantifying extreme risks. One of the model aspects that I found most difficult is how to embed operational risk, which in my own particular organisation was quantified by a completely separate non-actuarial strand into an ERM model. It was difficult to make sure that the scenarios that they were testing were not overlapping with either market risk, elements of persistency risk, or new business risk.

So while I agree entirely with the sentiment that we must communicate the risks of the model from an investor's perspective as well, I am concerned that we do not oversell what we can reliably communicate at the moment.

Replicating portfolios were mentioned earlier, and that was one of the areas on which we spent the most time. One of the positive issues, and perhaps one which is not brought out enough about replicating portfolios, is that it is a very good way of communicating to investors and the outside world about the shape of the liabilities and the risks inherent in the liabilities. If you spell out the replicating portfolios to investors, and that is done in reasonable detail, then the stresses and strains of market movements can get picked up and can be communicated in a reasonably concise and believable way.

So, I am in favour of replicating portfolios. But, equally, I believe replicating portfolios are only as good as the optimisation techniques, the residual values and the diligence and time you put into fitting them. Again, I think the model risk should not be understated.

One of the areas in this paper with which I strongly agree are the wise words of caution about model risk, and maybe I can ask the closing author to talk more about how he sees model risk being communicated. It is vitally important, but it is also most difficult.

Mr Bergman: I am prompted to respond to a comment the President made on the replicating portfolio, namely, that the replicating portfolio is a useful tool to give the investor an indication of the market risk that the firm is running.

One of the things that we stumbled upon was that, because the replicating portfolio, in the context of economic capital models, is mainly used to quantify the amount of market risk from a policyholder perspective, certain complications can be introduced from a shareholder perspective when a firm issues sub-debt.

When one designs the replicating portfolio looking at the firm's obligations from a policyholder's perspective, the sub-debt should be ignored because the servicing and repayment of the sub-debt is not a risk from the policyholder's point of view.

Now, if the entity has raised the sub-debt on fixed-rate terms, that means that market risk has increased from a shareholder's point of view. Management may be tempted to reduce this market risk by taking out a swap. However, the swap will need to be reflected in the replicating portfolio as it poses a risk to policyholders, i.e. it increases market risk for policyholders. So one can end up with the perverse situation that by attempting to reduce market risk from a shareholder perspective, policyholder risk, and hence economic capital requirements, increases!

Let us move on now to, perhaps, a more provocative point on risk-adjusted returns and value creation. The question is: risk-adjusted from whose perspective? Is it the entity's or the investor's perspective? The paper uses the term risk-adjusted returns and value-creation on several occasions.

In certain cases it is clear that the risk-adjustment is from the perspective of the shareholder, such as in paragraph 2.5, where the authors clearly say that ‘Risk adjustment here is from the point of view of the individual shareholder’.

However, in other parts of the paper, e.g. paragraph 2.6(3), which is in a section dealing with management actions that create value for shareholders, it states: “If the insurer is able to reduce its capital requirements by transferring risk to other parties for a cost which is less than the risk-adjusted capital cost of retaining the risk, then such mitigation will create shareholder value”. This sounds to me that it is risk adjustment from the entity's perspective.

Much of current ERM is focused on risk management and steering from an introspective point of view, as if the firm is the only investment in the investor's portfolio. Management allocate capital to insurance products and make risk transfer decisions based on risk-adjusted returns on capital, invariably RoRaC-style measures.

From a shareholder point of view, the pure profit and loss profile from a given risk, to the first order, is the same irrespective of the entity in which these profits and losses arise. A one million earthquake Japan loss, whether it occurs in Company A or Company B, is a one million earthquake Japan loss! The loss and profit profile from that risk is exactly the same, to the first order. The market-demanded reward or the market-demanded risk-adjusted return, will not be affected by the entity in which the risk is written. This suggests that pricing should start with a charge for the expected loss and an estimated market-demanded reward for taking the risk, all of which are independent of the entity carrying the risk. This is the starting point. I am thinking here mainly in terms of the pricing of insurance risks.

To this should then be factored in the entity-specific costs to the shareholders of carrying or “producing” the risk within a specific insurance entity. This brings in the various frictional costs and benefits such as financial distress costs, the put-option effect, double taxation on risk-bearing capital, etc, as depicted in figures 7 and 8 of the paper.

If management want to prove that they are creating genuine shareholder value, i.e. growing the franchise value, they have to demonstrate to shareholders that the business placed on the books is done at a price that covers off both:

1. (a) an estimate of the market demanded entity-independent cost of the risk, i.e. the expected loss plus a market-demanded risk premium, and,

2. (b) the entity-specific frictional costs to shareholders of writing the risk within the specific insurer.

We need to consider both of these aspects in our pricing bases. I believe that this approach is very different from current capital-centric approaches to pricing.

The President: I do take that last point seriously. I know we looked at one point at the cost of persistency risk and whether we could sell that or diversify it away and, yes, you could with some of it. But people still wanted quite a lot of money for the privilege. It is interesting how diversifiable or not these things really are.

Mr Ryan: I will just say a little about model risk, which is very important. The authors do discuss this risk. In paragraph 7.2 they give two examples: one is guaranteed annuity options and the other one is the LMX spiral, both of which were risks that were known in the marketplace, and effectively managed in the marketplace, but there were significant companies that missed them. Therefore, in a sense, that is a model risk that arises out of incompetence, to use an impolite word, and that type of risk is almost an operational risk and can be modelled.

One of the major contributors to the banking crisis was the use of VaR instead of coherent risk measures because VaR understates skew risk and mis-ranks it. By and large, the credit crisis we have had over the last few years or so would be regarded as skew risk; at least by my understanding of the word “skew”. The banks use VaR pretty universally and Basel imposed it on them: that is an example of regulators, in this case the banking regulators, effectively imposing model risks on a firm.

I think the President's point about operational risk, and the way it has worked there, is quite important. I think actuaries can play a role in the modelling of operational risk. There are a number of techniques you can use, as well as studying individual risks involved, that approximate distributions. Then you can relate some of the key drivers to market and other factors, provided you have within the organisation an acceptance that information will be passed from one to the other and that people will listen to it. That is a fairly big operational risk in its own right. Model risk is very important.

The other issue, encapsulated in Donald Rumsfeld's coining of the words “unknown unknowns”, is clearly also a very major aspect of potential model risk. Certainly all the analysis I have done of insurance companies over many years in different perspectives fingers the unknown unknowns as are a major aspect of model risk.

Mrs K. A. Morgan, F.I.A.: As people may or may not know, I work for the FSA and represent the UK in the CEIOPS internal models expert group. This paper has been really helpful in giving some more thinking about how firms can look at correlations and model risk in their models, which is all very good for the work that I do. In particular it has given us another useful perspective – within CEIOPS, within Solvency II, we look at everything very much from the policyholder protection perspective. It is very useful to look at it from a shareholder perspective.

That is not to say that we are going to change our perspective, but it does give more insight. So thank you very much for that.

There are some comments in the paper, and contributors have made some comments about Solvency II and about the use of internal models in insurers. I thought it would be useful just to have a quick look at the advice that CEIOPS gave to the Commission in CP 56, which I assume everybody has read.

There is a list of example uses in that paper. CEIOPS does not discuss shareholders in particular in the paper, but does talk about measurement of material risk, and similar issues. I make no apology for the fact that there is no mention of shareholder specific concerns because, as I said, the aim of Solvency II is policyholder protection.

If people have internal models that they use to measure their risk and use them as part of their ERM system, there is no reason why they cannot add shareholder perspective uses onto the internal model. The uses in the cited paper are just examples.

However, this paper is mainly about reporting ERM. Within Solvency II, the way that insurance companies are going to have to report things is still open for debate – that is going to be Level 3 guidance from CEIOPS. I encourage everyone to engage with that debate. It is going to affect every insurance company in the UK. We are going to stop FSA returns and replace them with the new returns. There will be a lot more qualitative information. So, if the Actuarial Profession feels that it is important to get better information for shareholders, while Solvency II is from a policyholder perspective, this is an opportunity to improve the quality of reporting.

I would also say that, as a profession, we should be working with the Accounting Profession. I was encouraged to see that Mr Klumpes, who is an accountant and an honorary actuary, was one of the co-authors of the paper. I think that is a good example of the actuarial and the accounting professions working together.

Solvency II has given the UK insurance industry lots of ways of engaging with improving the way that insurance companies are run and the way that information is reported. I think if we are to improve reporting for shareholders, that kind of pressure needs to come from somewhere, either from the Actuarial Profession, from the Accounting Profession, from both working together, or by using Solvency II as the lever to improve that reporting.

Mr N. C. Dexter, F.I.A. (closing the discussion): This is a very timely paper, given the ever-increasing interest in ERM, not just in Europe because of Solvency II, but because companies, regulators, and analysts globally are recognising the importance of adopting ERM techniques.

I know the authors have deliberately tried to avoid setting the paper in the context of Solvency II itself, because of topics that are relevant to companies generally, not just to those within the EEA.

The authors did say that an effective ERM framework will recognise that it is the investor who is the ultimate consumer. We know analysts are putting a lot of emphasis on quality of risk management. But, as risk-based reporting becomes more sophisticated and more established, the quality of the reporting of how well companies have managed their risks will, likewise, become more developed.

Hopefully, over time it will not just be the corporate investors who will want to know this information but also the advisers to individual investors, and these include policyholders, who will be interested.

I was struck by a couple of speakers tonight, the opener and Mr White talked about the fact that introducing ERM does not necessarily have an impact on share prices. But clearly it is a factor that companies take into account. One of the problems a lot of companies have had, and we have had as advisers, has been “selling” Solvency II. In the early days, when it was not so clear that it was an imperative, the response from senior management was often, “What's in it for us? Why should we do this?” So one of the challenges was how to demonstrate to management there was possibly some value in it, other than the obvious one of better managing risk.

I often become involved, in my job, in commenting on insurance companies’ disclosures. I think a theme of the paper is the quality of disclosures. We often have the debate about how much should a company disclose and how much of that is commercially sensitive. I think there is a change in mood around disclosures, and in particular we are seeing better quality disclosures round risk.

The authors note in paragraph 1.5.3 that the discount at which insurance company shares typically trade may be down to the lack of transparency of their results. I think that this is, or is seen to be, a problem – albeit that I do not necessarily think that bank disclosures have been much better yet their shares have traded at better prices. But that is another debate.

One of the speakers earlier mentioned the issue of remuneration of management. Clearly, the “Use Test” under Solvency II will probably drive firms down implementing remuneration structures that are dependent on risks. I know one of my clients has already said that this year they will have 20% of their management's long-term remuneration risk-related, which has to be a step in the right direction.

I think that the difficulty, as noted by the authors in paragraph 6.3, is there is no certainty about risk management. I certainly agree with this point. The authors say it is a harsh discipline and the company needs to be able to explain why they had not mitigated a particular risk, and/or why they had underestimated the impact or probability, and what action had been taken.

I think that the difficulty of this, particularly if you are talking about long-term insurance, is being able to say whether or not decisions which will have been taken quite a few years ago were reasonable. Identifying retrospectively what the information was at the point the decision was taken is really a challenge. Of course, it just puts the emphasis now on collecting that sort of information.

One of the other thorny issues that I was surprised speakers did not comment on, and I will talk about anyway, is the issue of disclosing and reporting on risk-based decisions, for example where the pricing basis has already allowed for a certain extent the best estimate of a risk, or a value of risk in excess of best estimate.

Clearly, the obvious example is annuities, where we capitalise some of the liquidity risk upfront. The same is true of other elements where the basis on which risks are priced is not necessarily the best estimate.

How should risk generally be disclosed? Mr Lockwood mentioned specifically that part of the problem of disclosure is quite often that generic sensitivities are laid down and quite often the results are company-specific. I always think of MCEV disclosures, where we routinely disclose sensitivities but there is no information at all on the probability for any individual company of that sensitivity occurring.

No speaker mentioned TASs tonight, even though there are members of BAS here. Reading the TASs recently, I did note that there was a link in TAS R to risk-based reporting, which I thought might come up. Indeed, in TAS M the references to neutral and non-neutral estimates may drive some companies to think more about the risks, or at least the management of the risks, which might be covered in some of the reports.

There has been some discussion about replicating portfolios. Probably going back 18 months I was less familiar with the tool, but since then I have been very impressed with the information that can be derived from it. The analysis in paragraph 3.19, which has been referred to, is really the way forward. We do need to split out the results of profits and losses better between the different reasons for those profits or losses arising. That is clearly going to be really important going forward in doing a profit attribution analysis and validating internal models.

Sections 7 and 8 both talk about some ways of how we, as professionals, need to work better with other members of the Profession, and other professionals. In some cases, as the President says, operational risk is a really good example where a risk is seen differently by different professions. It is, somehow, not linked up. At a time when a lot of operational risk is not recorded as operational risk, it comes through in claims analyses and expense analyses. We do need to get a better understanding of that area.

I do not think that we should be thinking that we, as actuaries, are uniquely talented in some of these areas, so we should consider the views of other professionals. But I think that at the same time we should not be frightened of developing our techniques and getting involved in that wider debate, otherwise others will steal that ground.

The issue of model risk is touched on towards the end in paragraph 10.2, and the President also mentioned model risk. I do think that there is an onus on us in the brave new world to make sure that the quality of information is enhanced – not only what we give to investors but also what we provide to senior management and the Board is also really important. Quite often we have had a tendency in the past to think the Board would not understand certain issues so we dumb reports down a bit, or we do not share with them all the information. Clearly, that is not going to be tenable going forward.

The senior management, the Board, has to understand a lot of this stuff and we need to work with them to understand better the risk and issues with the modelling that we are doing and with the decisions that are being taken.

In summary, I found the paper brought together a number of thoughts which I have had for some time but I had probably struggled to articulate in such a coherent and comprehensive way as the authors. They should be congratulated for that. In a number of areas the paper is thought-provoking and should give readers the opportunity to challenge their own companies and their approach to disclosure and ERM generally.

I should like to thank the authors again for the paper that they have written.

Mr A. D. Smith (student) (responding): Thank you to all of the contributors for the remarks they have made. We appreciate the thought that you have given to the paper that we have written.

I will pick up on a few aspects. Firstly, consider the contrast or the tension between shareholder and policyholder perspective. If you have not read Mr Bergman's SIAS paper on the subject from a couple of years ago, you probably should do. I think we pretty much agree with everything that he said.

There is a danger that metrics that are designed to protect policyholders are automatically assumed to be the right way for enhancing the wealth of shareholders. The growth in risk-adjusted return on capital, or return on risk-adjusted capital, all of these masquerading as measures of shareholder value, certainly deserves to have some challenge. The allowance for franchise value, as several people mentioned, is part of a balancing item. As a consequence of that, not only looking at the perspective of shareholders, but also the perspective of regulation, a lot of the uses laid out in CP 56 do seem to suppose that the use of the regulatory returns are of great benefit to shareholders. If there is as much of a divergence as Mr Bergman has suggested, then that “Use Test” could be potentially forcing insurers to do some wrong things by shareholders in order to comply with a regulatory test. I suspect we will hear more about that. I do not think that there is enough awareness at the moment as to the tensions which can arise, and how those could be resolved.

My second cluster of remarks is around replicating portfolios, mentioned by a number of speakers. It is nice to have some recent converts as well as some long-standing enthusiasts to the cause. The President and Mr Lockwood, in particular, raised some of those points. I did think that Mr Lockwood's idea of disclosing analysis of change by risk and then disclosing what percentile the outcome was, and what you thought, seems to me to be an absolutely splendid idea. I am not sure that companies would want to go public on it immediately but we would certainly get some interesting observations.

One example: some of you here may have filled out QIS 4, a test from CEIOPS. One of their tests was a suggestion that a 1 in 200 credit stress on AA bonds might be a 25 basis points widening. What happened in the six months prior to that being published was a 200 basis point widening, that is, eight times bigger than a 1 in 200 event. I am not wanting to pour scorn on a particular metric because I am sure that many other models put together at that time would have had the same degree of repudiation in the face of statistics. But that sort of analysis can be really very helpful.

Talking, lastly, on model risk which a number of people raised – the President and Mr Critchlow, particularly – Mr Lockwood's idea might help with some of the concerns.

There were some mentions of known unknowns and unknown unknowns. It seems to me that we can learn quite a bit from other fields here. It is not only actuaries and insurance companies that put probabilities on extreme events. There is a set of tools called Probabilistic Risk Analysis which, so far as I know, has not touched the financial field. But it is well-known from chemical and nuclear engineering and aviation.

A book I was recently reading on that pointed out that there were some estimates prior to the space shuttle failure in 1986 of the probability of that particular component failing. One of those estimates, for the US Air Force I think, estimated this particular component as a 1 in 35 probability of failing per launch. At that point NASA reportedly used its own judgment to replace the 1 in 35 by 1 in 100,000! From your reactions, perhaps this may be an effect that is also familiar from the insurance industry.

The reason I raised that example is because this is not a case of a model being completely unforeseeably wrong; this is a case of selective presentation of things which some people knew well. It does seem to me that this is one of the biggest challenges we have within our insurance industry. If you are particularly good at seeing things that have could go wrong – suppose in 2006 you had seen this financial crisis coming and decided to stand up and say, “The insurance investment strategy of our annuity writers is completely doomed. They are in corporate bonds and this is all going to go horribly wrong” – that would probably be a way not to get hired to calculate the ICA for that kind of business.

I do think that we do need to work out how, in governance terms, we can address some of that survivorship bias. We could put it into the “statistically too hard” box, but it does not seem to me that fundamentally it is a statistical problem, it is a human behaviour problem.

Thank you once again for your comments and your contributions.

The President: My thanks to Mr Smith and to all of the authors here, and indeed to Mr Klumpes, who has added the accounting dimension.