Hostname: page-component-745bb68f8f-s22k5 Total loading time: 0 Render date: 2025-02-11T11:01:07.285Z Has data issue: false hasContentIssue false
  • English
  • Français

A common risk classification system for the Actuarial Profession

Published online by Cambridge University Press:  19 October 2012

P. O. J. Kelliher ,
D. Wilmot ,
J. Vij  and
P. J. M. Klumpes
Rights & Permissions [Opens in a new window]

Abstract

Risk terminology varies from organisation to organisation, and actuaries working in different organisations may use different terms to refer to the same risk, or use the same nomenclature for completely different risks. This paper sets out a classification system developed by the Risk Classification Working Party for the Profession that can be used as a common reference point for discussing risk. Actuaries will not be required to use this system, but it is hoped that common terminology will reduce the possibility of confusion in discussing risks.

Keywords

Risk ClassificationMarket RiskActual Inflation RiskCredit RiskProbability of Default (PD)Loss Given Default (LGD)Exposure at Default (EAD)Insurance and Demographic RiskPersistency RiskOption Take-Up RiskProcess RiskHeterogeneity RiskCatastrophe RiskLiquidity RiskOperational RiskGoodwillStrategy RiskFrictional RiskTax RiskAggregation and Diversification RiskLinnaean rank-based classificationcladistic classification.
Type
Sessional meetings: papers and abstracts of discussions
Information
British Actuarial Journal , Volume 18 , Issue 1 , March 2013 , pp. 91 - 121
Copyright
Copyright © Institute and Faculty of Actuaries 2012, The Institute and Faculty of Actuaries, with whom the copyright of this classification resides, permits re-use of parts without the need to request a specific licence on condition that the source is fully acknowledged. 2012 

1. Introduction

1.1 Risk classification relates to how an organisation defines the risks it faces. Coherent classification is essential to Enterprise Risk Management (ERM), as ambiguity will lead to confused reporting and management of risk (see Section 2.7 of the International Actuarial Associations Practice Note on Enterprise Risk Management for capital and solvency purposes in the insurance industry).

1.2 However while firms may have a coherent system for classifying risks that meets their own requirements, such systems are unlikely to be identical between firms. Each system represents a risk “language” bespoke to the firm, with firms using different terminology for the same risks, or the same terminology for completely different risks. The different risk languages used by actuaries in their day to day work can cause confusion when actuaries from different firms come together to discuss risk.

1.3 The Risk Classification Working Party was set up at the end of 2009 under the auspices of the Research and Thought Leadership sub-committee of the Profession's ERM Practice Executive Committee to develop a common risk classification system for the profession and, in doing so, establish a common risk “language” for actuaries to use when discussing risk. Note we are not seeking to develop a definitive, “one size fits all” classification. Firms will have their own classifications systems which meet their own requirements and we do not seek to supplant these – merely to provide a common basis for discussion between actuaries of different firms.

1.4 It follows that actuaries are not obliged to adopt the common classification system but it is hoped they will find this common reference point helpful in discussing risk with their peers in other organisations. The Working Party also hope that a common risk classification system could be of use in further research into risk.

1.5 Note that we are not dealing specifically with cost of capital, risk measurement or reporting issues but we do touch on these where they relate to classification. We would also note the paper has a bias towards financial services e.g. Market Risk relates to financial markets and not the market for a firm's own goods and services.

1.6 The authors would like to thank all those who commented on the draft discussion paper and in particular Marjorie Ngwenya, Feifei Zhang, Chris Lewin, Bernhard Bergman and Malcolm Kemp.

2. The Problem: Differences in Risk Classification

2.1 Even at a high level, significant differences can exist between how different organisations classify risks. Appendix A considers four different high level classifications used by various regulatory bodies and insurance companies:

  1. a) FSA Prudential Sourcebook;

  2. b) German regulator BaFin;

  3. c) Lloyds Banking Group; and

  4. d) Prudential plc.

2.2 Taking just these limited examples, while there are some common categories (e.g. Market Risk, Operational Risk), there are also significant differences in terminology, even at a high level. This is particularly true of strategy-related risks.

Moreover, as one drills down to sub-categories, further confusion is possible. For instance one organisation may class failure of a project as Operational Risk, while another may class it as Strategy Risk. Some other areas of doubt are:

  1. a) Is non-disclosure of material underwriting information an Insurance/Underwriting Risk or Operational (Fraud) Risk?

  2. b) Is spread widening of Corporate Bonds a Credit or a Market Risk?

  3. c) Is a shortage of buyers in a market a Liquidity or a Market Risk?

2.3 This list is by no means exhaustive: the further one drills down into sub-categories, the greater the potential for overlap with other categories and for confused classification. The Working Party has sought as far as possible to parse risk types into sub-components to identify where there may be overlaps, and to suggest how risk categories may be demarcated.

3. Working Party View of Risk

3.1 Risk and Economic Value

3.1.1 Risk may be defined as: ‘The possibility of events, or combinations of events, occurring which have an adverse impact on the economic value of an enterprise as well as the uncertainty over the outcome of past events’.

3.1.2 It follows that any risk classification system should start by considering what is the ‘economic value’ of an enterprise. The Working Party considered the following definition of economic value:

  1. 1) Embedded Value comprising:

    1. a) Shareholder net assets (assets less liabilities) plus

    2. b) Value In-Force (VIF) – the value of existing business relating to future income less costs, including the cost of capital (covering both regulatory and other capital requirements as well as economic capital) and the impact of taxes.

  2. 2) plus Goodwill relating to (a) the value of future new business, plus (b) future initiatives to:

    1. a) drive down costs,

    2. b) improve persistency and

    3. c) improve the risk : reward profile

  3. 3) plus/minus various other frictional and structural items such as Agency Costs.

3.2 Risks to Embedded Value

3.2.1 Considering Embedded Value, the adverse events which affect its value are:

  1. a) market movements which reduce net assets and/or reduce the VIF of future income (e.g. where they reduce the value of future fund-related charges);

  2. b) counterparty defaults reducing net assets, or downgrades increasing the risk of such defaults;

  3. c) for insurers, insured perils may reduce net assets, while for companies in general, there is a threat to VIF from poor persistency levels; and

  4. d) operational loss events which deplete net assets (e.g. misselling compensation) and/or reduce VIF (e.g. regulatory challenges to charge income).

3.2.2 From this, we arrive at the following high level risk categories:

  1. a) Market Risk – the risk that as a result of market movements, a firm may be exposed to fluctuations in the value of its assets, the amount of its liabilities, or the income from its assets;

  2. b) Credit Risk – the risk of loss a firm is exposed to if a counterparty fails to perform its contractual obligations (including failure to perform them in a timely manner). This also includes losses from downgrades and other adverse changes to the likelihood of counterparty failure;

  3. c) Insurance and Demographic Risk – the risk of adverse variation in life and general insurer and pension fund claim experience as well as more general exposure to adverse persistency and other demographic experience including adverse changes to assumptions as to future experience; and

  4. d) Operational Risk – the risk of loss, resulting from inadequate or failed internal processes, people and systems, or from external events.

3.2.3 It will be noted that Market, Credit and Operational Risk categories feature in the four high level classification systems considered in Section 2, and are also categories considered under Basel II.

3.2.4 Insurance Risk was also common (though BaFin termed this Underwriting Risk) but the Working Party considered the term too narrow, as it implies risk relating to insurance companies only. The reference to Demographic Risk makes it clear that this is a broader category – Persistency Risk, in particular, is key for many firms outside the insurance industry and beyond financial services.

3.3 Liquidity Risk

3.3.1 The high level categories in Section 3.2 cover threats to the quantum of embedded value i.e. threats to the amount of realistic assets in excess of realistic liabilities. However, solvency is based not just on the amount of assets relative to liabilities but also to how liquid these assets are. If assets are not sufficiently liquid, they may have to be sold at a discount to market value to meet liabilities as they fall due and/or a firm may have to borrow to cover the shortfall in liquid funds, giving rise to interest costs. In extremis, a firm may find itself unable to meet liabilities as they fall due.

3.3.2 There is, therefore, the need to consider liquidity as well as the amount of assets relative to liabilities and thus we need to add a high level category for Liquidity Risk which is defined as: ‘The risk that a firm, although solvent, either does not have available sufficient financial resources to enable it to meet its obligations as they fall due, or can secure such resources only at excessive cost’.

3.4 Risk to Goodwill – Strategy Risk

3.4.1 The categories considered so far relate to existing assets and liabilities and the embedded value arising from these, but a large component of a firm's economic value relates to goodwill in respect of future new business and initiatives to extract greater value from the existing book of business.

3.4.2 Thus, a separate Strategy Risk category has been added to cover threats to the realisation of the goodwill of a firm in relation to future new business as well as future projects/initiatives to:

  1. a) reduce costs;

  2. b) improve persistency; and

  3. c) optimise risk profile.

This will cover:

  1. a) risks leading to actual strategic outcomes differing adversely to expectations;

  2. b) risks which may inhibit strategy and strategic choices; and

  3. c) the risk that the strategy chosen is sub-optimal.

3.4.3 The risk that strategy is sub-optimal includes Agency Risk where the interests of management are not aligned with the owners of a firm. Inter alia, Strategy Risks include threats which may compromise the value of the firm's brand and its ability to leverage this to write profitable new business.

3.4.4 Note there is a body of opinion that suggests such strategic risks should not be considered as a separate category but as manifestations of other risks e.g. Market Risk may cover the impact of falling stock-markets on equity-related product sales. However the Working Party has chosen to separate out strategic risks in the common risk classification system on the basis that the controls required to manage strategic risks are different from those required to manage embedded value – the impact of market falls on embedded value may be hedged using derivatives, but for new business, managing the impact is more about offering a diversified product range and not being overly reliant on, say, equity funds.

3.5 Frictional Risk

3.5.1 The definition of economic value in Section 3.1 includes a deduction for the cost of capital. The amount and, hence, cost of capital is not determined solely by the economic risks faced by a firm, but also by regulatory, accounting and rating agency requirements. The excess of these requirements over economic capital required may be termed “frictional capital”. Frictional capital requirements may increase in the absence of any change in economic risk profile with the cost of this extra capital having an adverse impact on economic value.

3.5.2 The common risk classification system has a Frictional Risk category to cover such impacts. This category also covers problems caused by operating structure such as the fungibility of capital tied up in subsidiaries.

3.5.3 The category also covers tax risks such as changes to the corporation tax regime and portfolio specific impacts such as deferral of tax relief due to an adverse mix of business.

3.5.4 Finally the category covers any increase in economic capital requirements arising in the absence of any change of economic risk profile e.g. due to an increase in the confidence level required.

3.6 Aggregation and Diversification Risk

3.6.1 It is important in considering risk to look not just at the individual components but also how they come together as a whole. Risks may be super-additive, with the combined impact greater than the sum of the individual parts. More often than not, risks are sub-additive, with risks unlikely to crystallise to the same extent simultaneously.

3.6.2 Firms allow for this diversification benefit in assessing capital requirements, but there is a risk that the combined impact may be greater than expected i.e. that the diversification benefit is less than expected.

3.6.3 Thus the common risk classification system has a final, over-arching high-level category for Aggregation and Diversification Risk which is defined as: ‘The risk that the aggregate of risks across individual categories is greater than the sum of the individual parts and/or that anticipated diversification benefits are not fully realised’.

3.6.4 Note that aggregation and diversification is also considered as a sub-set of each high-level category e.g. Market Risk will include an Aggregation and Diversification Risk category to address the combined impact of individual market risks such as equities and property. However, this high-level category will consider impact across the other high-level categories e.g. between Market and Operational Risks.

3.7 Summary

3.7.1 To summarise, based on the view of risk outlined above, the common risk classification system has high-level categories for:

  1. a) Market Risk;

  2. b) Credit Risk;

  3. c) Insurance and Demographic Risk;

  4. d) Operational Risk;

  5. e) Liquidity Risk;

  6. f) Strategy Risk;

  7. g) Frictional Risk; and

  8. h) Aggregation and Diversification Risk.

3.7.2 Appendix B summaries how these risks interact with the economic value of a firm, while Appendix C highlights key demarcation issues between these categories.

4. Key Principles of the Common Risk Classification System

4.1 Key Principles

Aside from the view of economic value in Section 3, the other principles on which the common risk classification system is based are:

  1. a) It is an event-based classification as opposed to cause-based classification;

  2. b) The focus is on gross risk and generally excludes control failures;

  3. c) In particular, it treats Asset Liability Management (ALM) as a control and focuses more on the underlying exposures liabilities and assets each have;

  4. d) Governance is seen as a control and while weak governance is a serious issue for firms, it is Market, Credit and other risks that give rise to losses not weak governance per se;

  5. e) Reputation risk is classed under Strategy Risk – reputation damage may also lead to mass withdrawals but this is assumed to come under Persistency Risk and Liquidity Risk categories; and

  6. f) Risk impacts include regulatory capital and accounting impacts as well as the economic impact but, as noted in Section 3.5, the impact of rule changes is covered under Frictional Risk.

4.2 Event v Cause-based Classification

4.2.1 As noted in 4.1.a) above, the approach adopted has been to seek to classify risks by event i.e. by what has just occurred which has given rise to an adverse impact. The alternative to such event-based classification would be to seek to classify risk by what has given rise to the event, or cause-based classification.

4.2.2. To take the example of Northern Rock, the event would be the “run on the bank” it experienced in September 2007, and the common risk classification system would class this as a Liquidity Risk (event). However a cause-based classification may consider the bank's “originate and distribute” model that ran into problems in 2007 as the cause of the run and the bank's failure, and may class this as a Strategy Risk.

4.2.3 While such causal analysis is essential to understanding risk, a problem with cause-based classification is that multiple causes can be identified as leading up to the single event. There is often the question of how far back does one go in causal analysis. For instance, in the Northern Rock example above, it may be argued that the flaws in model were in turn down to poor governance, which might be classed as an Operational Risk.

4.2.4 Because of such complications, the Working Party opted for event-based classification. However we would stress that our purpose is limited to creating a common risk “language” for use between actuaries, and that risk management requires that the causes of events be rigorously analysed and understood.

4.3 Systematic and Idiosyncratic Risk

4.3.1 Modern Portfolio Theory makes the distinction between idiosyncratic risk relating to individual stocks or sectors, and which can be largely diversified, and systematic risk relating to the aggregate market movements. This distinction has been reflected in Market Risk sub-components (see Section 5.2).

4.3.2 For Credit Risk, distinction is made between Process Risk relating to individual exposures; regional and other sub-portfolio impacts; and portfolio-wide shocks (split domestic/overseas), which may be considered analogous to the idiosyncratic/systematic risk split used for Market Risk. Similarly, a distinction is made in the Insurance and Demographic Risk category which is split between Process Risk and portfolio wide shocks.

4.4 Entity Level

4.4.1 No distinction is made in the classification for the entity level at which the risk arises i.e. an interest rate swap exposure in an insurance sub-fund is not classed any differently from, say, a similar swap at holding company level or an exposure to interest rate movements in a firm's defined benefit pension scheme.

4.4.2 Similarly, it does not distinguish between the level at which a risk may be managed (e.g. as “business as usual” or warranting Board consideration). This will vary from firm to firm depending on their circumstances. The only explicit account taken of corporate structure in the classification relates to fungibility of capital issues covered under Frictional Risk, and this would be more of an issue for a holding company than a particular subsidiary.

4.4.3 However, the Working Party would note that corporate structure is an important consideration in ERM and risk governance arrangements.

4.5 Risk and Reward

4.5.1 The common risk classification system looks at risks in terms of adverse impact to economic value, but there will usually be a reward related to accepting a risk (though certain idiosyncratic risks may not be rewarded). The common risk classification system does not address the nature of reward relating to each risk, which often varies depending on the type of firm exposed to the risk. However the Working Party would note that for wider ERM purposes, risks cannot be considered in isolation to reward.

4.6 Risk and Uncertainty

4.6.1 Finally, it is worthwhile making a distinction between risk and uncertainty. Uncertainty is a shortfall of knowledge or information about what kinds of outcome may occur, the factors which may influence future outcomes, and the likelihood or impact of various outcomes. These possible outcomes can be divided into unfavourable, expected or favourable, according to present perceptions (which may change in future). Risk in the context of this paper is exposure to unfavourable outcomes, but it worth noting there may be upside risk in terms of exposure to favourable outcomes e.g. better than expected lapse rates.

5. Market Risk

5.1 Market Risk categories

5.1.1 The definition of Market Risk is based on the Financial Service Authority's definition in INSPRU 3.1.5G which also notes that: “Sources of general market risk include movements in interest rates, equities, exchange rates and real estate prices”.

5.1.2 This gives rise to Equity, Interest Rate, Foreign Exchange and Property Risk sub-categories of Market Risk. In addition:

  1. a) Interest Rate Risk is further split out with a separate Real Interest Rate Risk category covering movements in real yields and hence implied inflation;

  2. b) There is also a separate Inflation Risk category to cover adverse movements in actual (as opposed to implied) inflation rates and in rates of earnings inflation;

  3. c) A Swap Spread Risk category covers movements between Gilt and swap rates, while a Bond Spread Risk category covers the widening of corporate bond spreads over the risk-free rate;

  4. d) A Commodity Risk category covers adverse movements in commodity prices; and

  5. e) There is an Alternative Investments category to cover the risks associated with Infrastructure and other alternative investments.

5.2 Sub-components of Market Risk

5.2.1 The categories of Market Risk above can be further broken down into:

  1. a) Specific risk (or “Alpha”) relating to an individual share, bond or property;

  2. b) Sector impacts e.g. telecom shares, regional office property markets;

  3. c) General market impacts (or “Beta”) – split domestic and overseas markets;

  4. d) Income risk relating to dividend and rent variability;

  5. e) Implied volatility of options for that particular asset class;

  6. f) Model Risk relating to changes in the value of derivatives for a particular asset class due to changing models of that asset class; and

  7. g) Basis Risk relating to differences between exposures hedged and hedge assets.

5.2.2 This split is based in part on Modern Portfolio Theory with its distinction between systematic risk related to general market movements (Beta above) and idiosyncratic risks (the specific and sector components above).

5.2.3 Further details of Market Risk categories can be found in Appendix D.

5.3 Demarcation and other issues

5.3.1 In their work on Market Risk classification, the Working Party identified the following issues, including potential areas of overlap with other risks:

  1. a) Movements in equity and other futures and forward prices may be driven in part by interest rate changes but we would propose that equity, commodity etc. futures and forward price changes be considered under Equity Risk, Commodity Risk etc.

  2. b) Should Private Equity be included under Equity Risk or as a stand alone category? The common risk classification system assumes the former on the basis that exit values will ultimately be related to the wider equity market, but an argument can be made for the latter given the infrequency and subjectivity of valuations.

  3. c) Interest Rate Risk relates to movements in the risk-free rate – but what is this? Gilts? Swaps? The Working Party opted for swap rates as the regulatory definition of risk free rates may be based on swap rates under Solvency II. Also while Gilts may be considered risk-free in a United Kingdom context, the same may not be said of Euro-zone sovereign bond yields.

  4. d) Movements in bond spreads need to be split between general changes in spreads (Market Risk) and widening spreads as a result of the default or downgrade of individual bonds (which should come under Credit Risk). A possible demarcation approach may be to consider bonds downgraded/defaulting separately from other bonds. However a complication is that the market may anticipate bond defaults and downgrades and may have already priced these in prior to default/downgrade.

  5. e) There is a need to distinguish between liquidity effects – the balance of buyers versus sellers – in terms of their impact on markets, and Liquidity Risk, which relates to how easy it is to sell. The following demarcation has been adopted:

    • Changes in mid-market prices of assets come under Market Risk, while

    • Liquidity Risk covers lower bid-prices relative to mid-market price and falls in the deal size at which one can trade without affecting the price.

  6. f) Note while rogue trading and similar trading losses are market related, these are still classed as Operational Risk as these are conditional on operational failings.

  7. g) Finally, as noted under Section 3.4, the impact of falling markets and economic downturns on new business comes under Strategy Risk

6. Credit Risk

6.1 Credit Risk categories

6.1.1 Twenty-eight categories of Credit Risk have been identified, broadly by source of Credit Risk. Details of these Credit Risk categories can be found in Appendix E.

6.2 Credit Risk variables

6.2.1 For each Credit Risk, the following variables are generally considered:

  1. a) Probability of Default (PD);

  2. b) Exposure at Default (EAD) – e.g. balance outstanding for credit card defaults;

  3. c) Loss Given Default (LGD – allowing for collateral & other recoveries; and

  4. d) Migration Risk – adverse variances in transitions between credit ratings e.g. higher than expected downgrades for bonds, or for personal loans, greater than expected transition to lower internal credit ratings requiring an increase in bad debt provisions.

6.3 Credit Risk sub-categories

6.3.1 Credit Risks may be broken down further by variable or by category as follows:

  1. a) Model Risk e.g. increase in bad debt provisions due to change in LGD models;

  2. b) Process Risk due to random fluctuations including concentrations of exposure to a single counterparty for that category of Credit Risk;

  3. c) Parameter Estimation Risk relating to statistical estimation error;

  4. d) Regional/Sub-portfolio impacts e.g. the impact of a regional downturn in property prices on that part of a mortgage portfolio exposed to that region;

  5. e) Domestic Shocks e.g. general economic downturn, or a change in rating agency practice leading to mass downgrades; and

  6. f) Overseas Shocks e.g. currency restrictions preventing repayment, or an adverse change of government.

6.4 Demarcation and other issues

6.4.1 In their work on Credit Risk classification, the Working Party identified the following issues including potential areas of overlap with other risks:

  1. a) As noted in Section 5.3, for bonds there is the issue of how might one distinguish between defaults and downgrades (Credit Risk) and general spread movements (Market Risk), particularly where the market may already have factored in defaults and downgrades to the price.

  2. b) Market movements will affect collateral values and hence LGD so there is an overlap between Market and Credit Risk. We would propose this impact is still considered under Credit Risk as it is contingent on default.

  3. c) Outsourcing is generally considered an Operational Risk but should failure of the outsourcing counterparty come into Credit Risk? For the common risk classification system, we propose only accruals should come under Credit Risk with losses in respect of services not yet paid for (and which will need to be sourced elsewhere) coming under Operational Risk.

  4. d) Similarly, we would propose that failure of an asset manager (including an OEIC manager) be treated as outsourcing failure (Operational Risk) with the exception of (re)insured fund links which we would cover under Credit Risk due to broader exposure to insolvency – as funds are co-mingled with other policies, the investor is exposed not only to insurer operational failings affecting their investment but also failings affecting other policies, and to the wider market, insurance, credit and operational risks of the insurer.

6.4.2 Finally, we propose that Credit Risk losses should include the loss on Credit Default Swaps (CDSs) and other credit derivatives due to a counterparty default, even if a firm is not otherwise exposed to that counterparty. It also should include losses from lower than expected defaults under CDSs. However, an insurer's loss under Creditor Insurance should come under Insurance and Demographic Risk.

7. Insurance and Demographic Risk

7.1 Insurance and Demographic Risk categories

7.1.1 Twenty-eight categories of Insurance and Demographic Risk have been identified, broadly based on Solvency II categories in Life and Non-Life Underwriting Risk Modules. Details of these categories can be found in Appendix F.

7.2 Insurance and Demographic Risk variables

7.2.1 For life insurance, the key risk relates to claim frequency as the severity of the claim will usually be known. However, for general insurance, the situation is complicated by (a) uncertainty of claim severity and (b) the long-tail between occurrence, reporting and settlement that can exist in many classes of business. Thus for general insurance, the following variables are generally considered:

  1. a) Claim Frequency, Prospective – relating to uncertainty over the number of claims yet to occur;

  2. b) Claim Frequency, IBNR – relating to uncertainty over the number of claims that have been incurred but have yet to be reported;

  3. c) Claim Severity, Prospective – relating to uncertainty over the severity of claims yet to occur;

  4. d) Claims Severity, Claims reported but not settled – relating to uncertainty over the severity of claims reported but which have still to be settled (i.e. their number is known but not their ultimate severity); and

  5. e) Claim Severity, IBNR – relating to uncertainty over the severity of claims that have been incurred but which have yet to be reported.

7.3 Insurance and Demographic Risk sub-categories

7.3.1 Insurance and Demographic Risks may be broken down further by variable, or by category, as follows:

  1. a) Model Risk – e.g. increases in reserves due to new models of severity;

  2. b) Process Risk – due to random fluctuations including concentration risk to an individual exposure (e.g. a pension scheme's exposure to a CEO's longevity);

  3. c) Parameter Risk – arising from statistical estimation errors;

  4. d) Heterogeneity Risk – relating to heterogeneity within risk groups used to set expectations, with variations in the profile of each risk group distorting experience (e.g. where mortality rates are split only by age and sex, variations in the proportion of smokers within each age and sex band);

  5. e) Trend Risk – relating to the rate of change being different from expected;

  6. f) Endogenous Shocks – risk of step-changes in experience due to internal changes e.g. changes in underwriting standards;

  7. g) Exogenous Shocks – risk of step-changes in experience due to external factors e.g. changes in non-disclosure law, or an adverse legal ruling; and

  8. h) Catastrophe – risk of catastrophic claim events e.g. multiple death claims from a flu pandemic; or multiple property and motor claims from a windstorm. This compromises two areas of uncertainty: the frequency of catastrophic events and how many excess claims each event generates.

7.4 Demarcation and other issues

7.4.1 In their work on Insurance and Demographic Risks classification, the Working Party identified the following issues including potential areas of overlap with other risks:

  1. a) Perils such as fire will have a direct impact on businesses affected as well on an insurance company, but this direct impact is covered under Damage to Physical Assets under Operational Risk. Similarly non-insurer own firm exposure to product liability, environmental damage, health and safety and other insurable losses is also covered under Operational Risk.

  2. b) Non-disclosure – this may be viewed as a form of fraud (Operational Risk) but could also be due to say poor wording of underwriting questions. We would include non-disclosure under Insurance and Demographic Risk as unless detected, it will be implicit in claims experience.

  3. c) Option take-up rates and costs will vary with market conditions, but we would propose that variations in rates from expected should come under Insurance and Demographic Risk even if the variation is due to market conditions (expectations should probably be dynamic).

  4. d) Expense and Property re-build costs will be linked to inflation, but we would propose that inflation of these comes under Insurance and Demographic Risk as opposed to Market Risk as they will be affected by other factors such as the rate of change of the portfolio and specific construction industry factors.

8. Operational Risk

8.1 Definition of Operational Loss

8.1.1 In defining Operational Risks, a considerable area of uncertainty relates to what exactly constitutes an operational loss. The Working Party has worked on the basis that operational losses include overtime and temporary staff recruited to solve a problem but not the cost of existing of staff who may be switched to problem solving i.e. marginal costs only.

8.1.2 Operational losses would also include lost future income e.g. from regulatory challenges to charges, which might impair embedded value.

8.2 Operational Risk categories

8.2.1 Twenty-three Operational Risk categories have been identified based for the most part categories used by the ABI Operational Risk Consortium (ORIC – see www.abioric.com), which are in turn based on Basel II categories. The twenty-three categories are detailed in Appendix G.

8.3 Demarcation and other issues

8.3.1 In their work on Operational Risk classification, the Working Party identified the following issues including potential areas of overlap with other risks:

  1. a) External parties may collude with staff to defraud a firm – propose this is considered under Internal Fraud as opposed to External Fraud.

  2. b) Operational loss events can give rise to reputation damage, but it is proposed this is covered under Strategy Risk as the former does not necessarily have to give rise to the latter, and public relations management can limit any reputational impact.

8.3.2 Finally, the Working Party would propose that IT errors relating to e.g. transaction processing should come under the category for transaction processing etc. rather than under a generic IT category as these errors may be more about specification and testing than coding.

8.4 ABI ORIC decision trees issues

8.4.1 Operational risk covers a wide range of events which complicates the task of a common nomenclature for these events. ABI ORIC uses a Basel II decision tree (see http://www.abioric.com/oric-standards/risk-event-categories.aspx) to allocate events to categories. The Working Party considered whether this tree should be adopted for the proposed common risk classification system. However it was noted the decision tree is not perfect.

8.4.2 To use the example of the Client Products and Business Practices tree set out in Appendix H, if there is a regulatory breach, the decision tree would allocate misselling events to Suitability, Disclosure and Fiduciary category rather than Advisory Activities & Misselling. As misselling events generally involve regulatory breaches, this would result in nothing being allocated to the latter category.

8.4.3 The common risk classification system seeks to avoid this problem by delving into operational risk in extensive detail rather than relying on a decision tree. To this end it has identified in excess of 340 sub-categories of operational risk events, reflecting the wide range of operational risks that can affect firms.

9. Liquidity Risk

9.1 Liquidity Risk losses

9.1.1 To define what constitutes Liquidity Risk, there is a need to consider the adverse consequences of having insufficient liquidity. Aside from not being able to meet liabilities as they fall due, Liquidity Risk can give rise to losses in respect of:

  1. a) Assets realised for less than balance sheet value in order to meet liabilities, possibly at “fire sale” prices; and

  2. b) Interest on borrowing to tide over liquidity shortfalls.

9.1.2 There is a question as to what extent borrowing costs should constitute liquidity losses, given that borrowing defers the due date of payment, and there will be a time value benefit. The Working Party argue that only the excess interest over base rates on borrowings (net of tax relief) should count towards liquidity losses.

9.2 Liquidity Risk categories

9.2.1 The Working Party has identified seven categories of Liquidity Risk, namely:

  1. a) Non-discretionary Liability Related Outflows e.g. maturities;

  2. b) Discretionary Liability Related Outflows e.g. surrenders;

  3. c) Asset related outflows e.g. margin calls on derivatives;

  4. d) Corporate Outflows e.g. dividend payments;

  5. e) Impairment of Liquid Resources e.g. reduced marketability of listed securities or suspension of money market funds where liquid funds are held;

  6. f) Frictional Strains – risk that a firm, while having adequate liquidity overall, experiences a liquidity shortage in particular currency, subsidiary or fund (e.g. open-ended property fund); and

  7. g) Aggregation of Strains – reflecting the fact that, while a firm may be able to withstand individual strains, the combination of strains can prove too much.

9.2.2 With regard to this last category, a firm may be able to withstand margin calls under derivatives; or a surge in surrenders/redemptions; or its bank refusing to renew a line of credit. However a downgrade of its rating might trigger all these events and it may find itself with insufficient liquidity to meet liabilities as they fall due.

9.3 Demarcation and other issues

9.3.1 The Working Party identified the following issues with Liquidity Risk including potential areas of overlap with other risks:

  1. a) The definition of Credit Risk as failure of a counterparty to honour obligations could be interpreted as including the failure of a lender to honour a line-of-credit, but the common risk classification system treats this as a Liquidity Risk.

  2. b) Default of a deposit counterparty would be counted as Credit Risk but any additional cost in seeking to replace these liquid funds (e.g. through borrowing) should come under Liquidity Risk.

10. Strategy Risk

10.1 Strategy Risk categories

10.1.1 Strategy Risk categories identified by the Working Party are set out in Appendix I, but these can be broadly split out into:

  1. a) Exogenous factors relating to external threats to strategy and the realisation of goodwill, and which would include:

    1. i) Impact of markets and economic conditions on sales;

    2. ii) Tax and Regulatory impacts such as Capital Gains Tax changes and the Retail Distribution Review (RDR); and

    3. iii) Actions of competitors

  2. b) Endogenous factors relating to internal constraints and failings and including:

    1. i) Quality of products and services offered; and

    2. ii) Project failures e.g. failure to launch new product

10.1.2 Endogenous factors include Brand and Reputation Risk relating not only to reputation impacts (e.g. perception of poor financial strength, reputation damage of misselling and other operational events) but also whether our brand supports our strategy. It should be noted that reputation damage may be self-inflicted (e.g. Ratners) without any underlying operational failing.

10.1.3 Also, while a brand may be associated with positive values, this may not necessarily support strategy. For instance a firm may be perceived as safe and trustworthy, but this may not help it target niches seeking more “exciting” propositions.

10.2 Demarcation and other issues

10.2.1 While the common risk classification system looks at Strategy Risk as a separate risk, there is an alternative argument that strategy impacts should be looked at as part of other risk categories:

  1. a) Impact of equity and other market movements in sales should be considered under Market Risk;

  2. b) Reductions in projected new business profitability due to adverse claims, expense or persistency experience should come under Insurance Risk;

  3. c) Reputation impacts from operational loss events should come under Operational Risk; and

  4. d) Market, Credit and other risks would include the damage to (perceived) financial strength and its impact on new business.

10.2.2 Similarly, there is an argument that Project Risk should be a high level category in its own right.

10.2.3 In terms of demarcation, one issue identified is where project benefits, such as reductions in expenses or customer loyalty initiatives, are allowed for in embedded value assumptions. The Working Party would consider a failure of these projects under Insurance and Demographic Risk – as an Endogenous shock under Expense or Persistency Risks – rather than as a Strategy Risk as the failure would impact first on embedded value rather than on goodwill.

10.3 Defective Strategy

10.3.1 Perhaps the most important Strategy Risk is that which is most difficult to define or properly classify: the risk that a firm's strategy is fundamentally unsound. It is difficult to define what makes a strategy unsound, but generally it will relate to a failure to properly understand the risks to which the firm is exposing itself as a result of its chosen strategy, and consequently to underestimate its probability of ruin and hence accept a greater level of risk than its stakeholders would accept.

11. Frictional Risk

11.1 From Section 3.5, this would include categories for:

  1. a) Regulatory capital rule changes which increase capital requirements and hence the economic cost of capital borne by a firm;

  2. b) Accounting rule changes having the same effect as a) and/or restricting the ability to pay dividends to shareholders;

  3. c) Changes in rating agency requirements having the same effect as a) – where the firm wishes to maintain its rating;

  4. d) Problems caused by operating structure, including:

    1. i. lack of fungibility of capital in subsidiaries e.g. cannot transfer excess capital in one subsidiary to cover a shortfall in another;

    2. ii. changes in corporate structure adversely affect capital requirements;

    3. iii. problems in a subsidiary having a “knock on” impact on other subsidiaries for which it provides services;

  5. e) Tax changes, including the impact on embedded value of changes to corporation and income tax and VAT, as well as own portfolio impacts affecting the rate of tax paid (e.g. life insurer moving into an “excess E” position); and

  6. f) Increases in economic capital requirements.

12. Aggregation and Diversification

12.1 For aggregation and diversification, the Working Party considered events which may lead to anticipated diversification benefits not being realised, or worse, that the aggregate may exceed the sum of the parts.

12.2 An example of such an event might be a flu pandemic. While a low correlation may be assumed between Mortality and Market Risks, a pandemic may depress markets as well as leading to mortality losses on assurances, and the diversification benefits anticipated between Market and Mortality Risks may not be realised. It may also depress economic activity leading to higher unemployment, and hence lapses and creditor claims, leading to further losses.

12.3 This and other events (/risks) identified are set out in Appendix J, and are based in part on a recent paper on systemic risk in financial services (Besar et al., Reference Besar, Booth, Chan, Milne and Pickles2009), which identified four interconnections in financial services that can be subject to systemic risk. These are:

  1. a) payments systems and other financial infrastructure such as systems of clearing and settlement;

  2. b) short term funding markets;

  3. c) common exposures in collateral, securities and derivatives markets; and

  4. d) counterparty exposure to other financial market participants, especially in over-the-counter markets.

13. Alternative Classification Systems

13.1 The common risk classification system has been developed with the relatively limited aim of providing a common basis for discussion of risks. The Working Party would draw actuaries’ attention to the following alternative systems of risk classification which may be more appropriate, depending on the purpose of the classification.

13.2 Cladistic Risk Classification

13.2.1 The common risk classification system can be described as a conventional, rank-based “Linnaean” taxonomy of risks. The Working Party would draw actuaries’ attention to the alternative “cladistic” system of classification. Cladistics is a method of classification which groups items hierarchically into discrete clusters which share common characteristics. Typically, classification systems require a prior hierarchy to be determined and data is subsequently allocated to the relevant branch of that framework. Cladistic classification makes no prior judgement about the nature of the hierarchical structure but rather tries to organise the data based on an evolutionary framework. Risk is an emergent property created largely through the interaction of people and their environment. So, it is reasonable to consider it to be an evolutionary phenomenon and, therefore, a cladistic approach to seeking similarity between risks is well grounded. For risks the best evolutionary criteria is that the final grouping is the “simplest” one in evolutionary terms.

13.2.2 The cladistic method looks at the characteristics of the phenomena being studied and attempts to organise them into a hierarchy which satisfies a stated evolutionary criteria, e.g. maximum parsimony. Risks can be characterised using a taxonomy such as the one in this paper but where any item in the list may be used to describe it rather than just one. Using this list of characteristics for each risk, the cladistic method will search across all possible hierarchies to identify the one which most effectively describes the “simplest” evolution of the risk profile. This “model-free” description of risk evolution is appealing as it provides useful management information about the nature of risks faced by the organisation (i.e. what are the primary characteristics they share), how it has changed over history and also provides information about the potential future evolution.

13.2 “Top Down” Approaches to Categorising Risks

13.2.1 The common risk classification system seeks to parse risk types to a fine level, looking to categorise by the types of events that can happen as opposed to the causes (see Section 4.1) or the impacts these events can cause. An alternative means to classify risks may be to take a “top down” approach and group risks according to:

  1. a) Risks for which we might not expect to be rewarded (e.g. idiosyncratic Market Risk);

  2. b) Risks for which we should be rewarded (e.g. systematic Market Risk) split between those (i) where we are currently being rewarded and (ii) where we feel we are not amply rewarded at present; and

  3. c) Risks which are an inevitable consequence of doing business (e.g. Tax Risk).

13.3 RAMP, StratRisk and the ERM Guide

13.3.1 Building on the success of RAMP and StratRisk, the profession is currently involved in developing an ERM Guide. This Guide uses a more high level risk classification than that described here. The Guide provides a framework for managing the overall risks facing the enterprise in an holistic way, with an emphasis on making the business robust and flexible, whilst acquiring as much knowledge as possible to minimise uncertainty.

13.3.2 The framework distinguishes between:

  1. a) Strategic Risks covering the most important threats and opportunities to the ultimate achievement of strategic goals as well as to the solvency of the enterprise, and which should be considered at Board level;

  2. b) Project Risks covering the various opportunities and threats which arise within the projects that the organisation undertakes from time to time; and

  3. c) Operational Risks covering the various opportunities and threats which arise routinely in an ongoing business (e.g. in health and safety, or in finance) as well as the risks which arise when the business is changing.

13.3.3 There are significant differences, in particular with Strategic Risk which is broader in scope than the Strategy Risk outlined here. We would note, however, that the ERM Guide is seeking to provide a generic framework applicable to all companies and risk professionals, whether inside or outside the financial sector, whereas the common risk classification in this paper is aimed first and foremost at facilitating communication between actuaries and has a bias towards financial services.

14. Conclusion

14.1 This paper describes a common risk “language” that actuaries can use when discussing risk. The Working Party also hope that a common risk classification system could be of use in further research into risk, and for actuaries in day-to-day risk management work. We would, however, caveat that the primary focus of the common risk classification system is to facilitate communication between actuaries. As noted in Section 13, different approaches to risk classification may be more appropriate depending on the purpose of the classification.

14.2 We would also note that risk classification is only a starting point in Enterprise Risk Management, which ultimately needs to consider how the individual strands represented by the individual risk categories interact, both in aggregate and at each entity level, as well as the rewards available.

14.3 Finally, the common risk classification system is not mandatory, but it is hoped actuaries will find the common reference point this system provides to be of use in discussing risk with their peers in other organisations.

14.4 Given the differing terminologies in existence and the potential scope for confusion, the authors would urge actuaries to either use the definitions outlined in this paper or to define in detail any risk term used when corresponding with their peers in other organisations.

Appendix A: Sample Differences in High Level Classification

A.1.1 Even at a high level, significant differences can exist between how different organisations classify risks:

A.2: FSA Prudential Sourcebook Risk Categories

A.2.1 The FSA's Systems and Controls handbook (SYSC) and its Prudential Sourcebook for Insurer's (INSPRU) have sections covering the following risk types:

  1. a) Market;

  2. b) Credit;

  3. c) Insurance – including Persistency and Expense Risks;

  4. d) Liquidity;

  5. e) Operational; and

  6. f) Group Risk – relating to exposures to other parts of the financial services group to which a firm belongs.

A.2.2 Note there is no explicit section in SYSC or INSPRU dealing with strategy or reputation risks (though these would be covered as part of the ARROW process).

A.3: Risk Categories Used by the German Regulator BaFin

A.3.1 The German regulator expects to see firms’ risk frameworks covering at a minimum:

  1. a) Market;

  2. b) Credit;

  3. c) Underwriting – broadly akin to the FSA's Insurance Risk;

  4. d) Liquidity;

  5. e) Operational;

  6. f) Concentration risk – relating to concentrations of exposure to individual counterparties;

  7. g) Strategy; and

  8. h) Reputation.

A.3.2 It is worth noting the differences in how BaFin categorise risks relative to the FSA e.g. Concentration Risk is considered separately from Credit Risk.

A.4: Lloyds Banking Group's high level risk categories

A.4.1 From its 31st December 2009 Report and Accounts (p63), Lloyd's Banking Group considered the following primary risk drivers:

  1. a) Market;

  2. b) Credit;

  3. c) Insurance – including Persistency and Expense Risks (insofar as they affect Insurance business)

  4. d) Operational;

  5. e) Financial Soundness – including Liquidity Risk as well as tax, accounting and regulatory capital issues; and

  6. f) Business – broadly covering strategy-related risks

A.5: Prudential's high level risk categories

A.5.1 From its 31st December 2009 Report and Accounts (p41), Prudential's Enterprise Risk Management framework considered the following broad categories:

  1. a) Market;

  2. b) Credit;

  3. c) Insurance – including Persistency and Expense Risks;

  4. d) Liquidity Risk;

  5. e) Operational;

  6. f) Business Environment Risk – relating to exposure to forces in the external environment that could significantly change the fundamentals that drive the business's overall objectives and strategy; and

  7. g) Strategy – ineffective, inefficient or inadequate senior management processes for development and implementation of business strategy

Appendix B: Working Party View Of Risk Summary

The following diagram summarises the view of risk outlined in Section 3:

Appendix C: High Level Cateory Summary

C.1.1 The following table defines the high level categories, comments on what they comprise and demarcation adopted to address overlaps:

Appendix D: Market Risk Categories

D.1 Market Risk categories:

  1. 1. Equity Risk – including Private Equity

  2. 2. Property Risk – including Residential Property (/House Price Index) Risk

  3. 3. Nominal Interest Rate Risk – covering movements in risk-free rates

  4. 4. Real Interest Rate Risk – covering changes in real risk-free rates and implied inflation

  5. 5. Swap Spread Risk – relating to the spread of swaps over Gilts

  6. 6. Bond Spread Risk – relating to the spread of Corporate and other bonds over risk-free rates

  7. 7. Commodity Risk

  8. 8. Foreign Exchange Risk

  9. 9. Actual Inflation Risk (as distinct from implied inflation)

  10. 10. Alternative Investments (e.g. infrastructure)

  11. 11. Intra-market risk aggregation and diversification – including the risk from changes in market implied correlations

With regard to 11, this relates to anticipated diversification benefits between Market Risks not being realised – diversification between Market and other risks (e.g. Operational Risk) are covered under the Aggregation and Diversification category.

Appendix E: Credit Risk Categories

E.1.1 28 categories of Credit Risk have been identified, broadly by source of Credit Risk:

  1. a) Bonds, split:

    1. i) Corporate Bonds;

    2. ii) Structured Bonds including RMBS, CMBS, ABS and CDOs;

    3. iii) Quasi-Government Bonds including Municipal and Supra-National; and

    4. iv) Sovereign Bonds.

  2. b) Retail Lending, split:

    1. i) Retail Mortgages;

    2. ii) Other Secured Retail Lending;

    3. iii) Credit Cards and Overdrafts; and

    4. iv) Other Unsecured Retail Lending.

  3. c) Corporate Lending, split:

    1. i) Commercial Mortgages;

    2. ii) Other Secured Commercial Lending (e.g. asset finance, trade finance);

    3. iii) Small-and-Medium Enterprise (SME) Unsecured Lending; and

    4. iv) Wholesale (non-SME) Unsecured Lending including syndicated loans.

  4. d) Deposit Counterparties;

  5. e) Money Market Counterparties (including Asset-Backed Commercial Paper);

  6. f) Tenant Default;

  7. g) Over-the-Counter (OTC) Counterparty Default;

  8. h) Derivative Exchanges and other Clearing House Counterparty Default Risk;

  9. i) Securities Lending Counterparty Default Risk;

  10. j) Dealing and Settlement Counterparty Default Risk (this will usually be mitigated through simultaneous delivery and payment or DVP settlement);

  11. k) Custodian Counterparty Default Risk (this should be mitigated by ring-fencing of assets from those of the custodian);

  12. l) (Re)insurer Default – Insurable Risks – relating to default of an insurer and resulting loss of cover (as distinct from any loss on investment products issued by that insurer). This also covers a reinsurers exposure to a cedant e.g. under financial reinsurance arrangements.

  13. m) Insurance and other Asset Management product exposure including guaranteed products and reinsured fund links;

  14. n) Business Related Loans – the risk of loss on default on loans which are advanced to support strategic objectives (as distinct from loans advanced as part of the normal business of the lending institution or as an investment);

  15. o) Accruals (amounts pre-paid for services);

  16. p) Trade Debtors;

  17. q) Indemnity Commission;

  18. r) Miscellaneous Credit Risk; and

  19. s) Aggregation and diversification of Credit Risk including aggregations of exposure to a single counterparty across categories.

E.1.2 Like Market Risk, this last category relates to anticipated diversification benefits between Credit Risks not being realised – diversification between Credit and other risks (e.g. Operational Risk) are covered under the Aggregation and Diversification category. (s) also covers concentrations across categories e.g. exposure to a bank may include exposure to the banks bonds and to amounts on deposit, OTC counterparty exposure and exposure to the bank as a tenant.

Appendix F: Insurance And Demographic Risk Categories

F.1 28 categories of Insurance and Demographic Risk have been identified, broadly based on Solvency II categories:

  1. a) Longevity;

  2. b) Mortality;

  3. c) Morbidity;

  4. d) Accident and Health, split:

    1. i) Health Insurance;

    2. ii) Workers Compensation including Employer Liability;

    3. iii) Personal Accident Cover (excluding Motor – see below); and

    4. iv) Other (including veterinary bills under Pet Insurance).

  5. e) Motor, split:

    1. i) 3rd Party Liability; and

    2. ii) Other (including Personal Accident benefit).

  6. f) Marine, Aviation and Transport (MAT);

  7. g) Fire and other Property Damage, split:

    1. i) Commercial; and

    2. ii) Residential.

  8. h) Personal Belongings (excluding property contents but including pets);

  9. i) Warranties;

  10. j) Third Party Liability, split:

    1. i) Product Liability;

    2. ii) Public Liability;

    3. iii) D&O and Professional Indemnity; and

    4. iv) Other Third Party Liability.

  11. k) Legal Expenses Cover;

  12. l) Creditor and Suretyship (including Unemployment Cover);

  13. m) Assistance (e.g. AA cover);

  14. n) Miscellaneous Non-Life Insurance Risk;

    1. i) Persistency split:

    2. ii) Withdrawal Rates (lapses etc.); and

  15. o) PUP Rates.

  16. p) Option Take-Up;

  17. q) Other Demographic (e.g. proportion married);

  18. r) Expense Risk; and

  19. s) Aggregation and diversification of Insurance and Demographic Risk

F.2 Like Market Risk, this last category relates only to anticipated diversification benefits between Insurance and Demographic Risks not being realised.

Appendix G: Operational Risk Categories

G.1 23 Operational Risk categories have been identified based on ABI ORIC/Basel II definitions:

  1. a) Internal Fraud, split:

    1. i) Unauthorised Activity e.g. rogue trading; and

    2. ii) Theft and Fraud.

  2. b) External Fraud, split:

    1. i) Theft and Fraud; and

    2. ii) Systems Security e.g. “phishing”.

  3. c) Employment Practices and Workplace Safety, split:

    1. i) Employee Relations e.g. strikes; constructive dismissal claims;

    2. ii) Health and Safety; and

    3. iii) Diversity and Discrimination.

  4. d) Clients, Products & Business Practices, split:

    1. i) Suitability, Disclosure & Fiduciary e.g. breach of faith;

    2. ii) Improper Business or Market Practices e.g. bribery; money-laundering;

    3. iii) Product Flaws;

    4. iv) Selection, Sponsorship & Exposure e.g. failure to vet client status; and

    5. v) Advisory Activities & Misselling.

  5. e) Damage to Physical Assets;

  6. f) Business disruption and system failures e.g. computer crashes;

  7. g) Execution, Delivery & Process Management, split:

    1. i) Customer Intake and Documentation – errors in setting up contracts;

    2. ii) Transaction Capture, Execution & Maintenance – errors in servicing of contracts as well as general transactions such as supplier payment;

    3. iii) Customer/Client Account Management – errors in claims etc.;

    4. iv) Monitoring and Reporting e.g. account misstatements;

    5. v) Trade Counterparties e.g. asset managers; reinsurers; and

    6. vi) Vendors & Suppliers e.g. outsourcers.

  8. h) Legal and Regulatory Risk relating to costs incurred from complying with changes in regulations; from new laws impacting on embedded value (including the seizure of assets), and from adverse variations in regulatory levies such as those for the Financial Services Compensation Scheme (FSCS);

  9. i) Operational Risk Capital – not covered in ABI ORIC but emerging loss experience can have a “knock on” impact on OR capital requirements, as may scenario analysis and model changes; and

  10. j) Aggregation and Diversification e.g. weak corporate governance leading to multiple losses across categories.

G.2 Like Market Risk, this last category relates only to anticipated diversification benefits between Operational Risks not being realised.

Appendix H: ABI ORIC Decision Tree Example

Appendix I: Strategy Risk Categories

I.1 Exogenous Risks:

  1. a) Market Risk Strategic Impacts including:

    1. i) Equity market falls reducing investment sales and pension transfer values, but increasing demand for other types of funds;

    2. ii) Base rate changes affecting how attractive deposits are to other savings products;

    3. iii) Medium term bond yield changes affecting structured product terms and fixed rate mortgage deals;

    4. iv) Equity volatility changes also affecting structured product terms; and

    5. v) Residential property prices and rents affecting the attractiveness of buy-to-let but with the former also affecting average mortgage protection case sizes.

  2. b) Macroeconomic Risk relating to wider macroeconomic impacts having an adverse impact on new business and general strategy. Includes:

    1. i) Change in mortgage lending volumes affecting the volume of mortgage protection business;

    2. ii) Unemployment affecting general demand and scheme membership for corporate pensions; and

    3. iii) Pay rises levels which affect corporate pension increment business.

  3. c) Credit Risk Strategic Impacts – relating to changes in credit experience affecting future new business profitability and general strategy (though re-pricing could mitigate this impact);

  4. d) Insurance Risk Strategic Impacts – relating to changes in persistency levels and other experience affecting future new business profitability and general strategy (ditto);

  5. e) Fiscal Risk relating to risks to strategy from changes to taxation and including:

    1. i) Changes in the tax on different products affecting demand for each; and

    2. ii) Overall tax burden affecting demand for products;

  6. f) Political Risk – risk of political uncertainty affecting demand;

  7. g) Regulatory Risk – to sales and goodwill including:

    1. i) Impact on distribution of products e.g. RDR;

    2. ii) Regulation of products themselves e.g. Stakeholder price cap; and

    3. iii) Knock-on impact of regulatory capital changes (e.g. Solvency II) on sales (though the primary impact on immediate capital requirements comes under Frictional Risk).

  8. h) Demographic and Social Changes Risk – the risk that general demographic and social changes (e.g. internet usage, or increases in the take up early retirement) differ from what was anticipated in strategy or that the trends are not identified in the first place; and

  9. i) Product Market Trends Risk – the risk of failure to properly anticipate product market trend (e.g. growth of “wrap” platforms differs from expected).

  10. j) Competitor Risks including:

    1. i) the impact on sales of competitor pricing;

    2. ii) competitors tying up of distribution channels; and

    3. iii) “poaching” of staff by competitors, undermining strategy.

  11. k) Distribution Risk – the risk to sales from contraction in volumes coming through distribution channels (e.g. reductions in adviser numbers at key distributors, or worse, distributor insolvency). Includes the risk of a deterioration in relationships with distributors; and

  12. l) Product Provider Risks – the risk posed by providers whose products underpin strategy e.g. the risk these are withdrawn or terms made less attractive. Includes insurers’ reliance on reinsurers and the risk that harsher reinsurance terms adversely impact on sales and/or margins.

I.2 Endogenous Risks:

  1. a) Product Risk – the risk that products are not attractive enough to meet the needs of the target market; or that the margins are insufficient to meet profitability goals;

  2. b) Service Risk – covering not only inadequate service to meet target market expectations but also inappropriate service models (e.g. offering a “Rolls Royce” service which is not justified by margins available);

  3. c) Brand and Reputation Risk – that poor reputation undermines strategy or that a firm's brand does not support strategic objectives. Includes:

    1. i) Reputational damage from operational failings such as misselling; or self-inflicted damage (e.g. Ratners);

    2. ii) Concerns over financial strength (from market and other events); and

    3. iii) Brand that does not support strategy;

  4. d) Project Risk – that projects fail, resulting in goodwill benefits not being realised. Includes failures of projects to:

    1. i) Enhance (/make good gaps) in product and service propositions;

    2. ii) Cut expenses and improve persistency; and

    3. iii) De-risk portfolios and improve risk : return profile.

  5. e) Pricing Capability Risk – relating to the inability to compete effectively due to not having:

    1. i) Sufficient expertise in pricing products; and/or

    2. ii) Data to effectively price products in the market.

  6. f) IT Systems Risk – that IT systems cannot support product development and other strategic goals; or that new business systems fail, compromising sales;

  7. g) Planning and Assumptions Risk – to strategy from poor planning including defective assumptions. Also includes adverse variance in the profile of those buying new products from anticipated;

  8. h) Initial Expenses Risk – that initial expenses are higher than anticipated, reducing the profitability of new business. (Higher than expected maintenance costs would come under Insurance and Demographic Risk – Expense Risk.);

  9. i) Cost Base Risk – that a firm's cost base makes it uncompetitive; and

  10. j) Capital Risk – that a firm does not have enough capital to execute its strategy, or that higher than expected new business volumes adversely affect financial strength.

I.3 General

  1. a) Strategic Partners Risk – that joint-venture, outsourcing and other partners are unable and/or unwilling to support a firm's strategy. For instance, failure of joint ventures, or outsourcing partners who cannot handle proposed new products;

  2. b) Mergers and Acquisitions Risk relating to:

    1. i) Failure to identify merger and acquisition (M&A) opportunities;

    2. ii) Overly aggressive M&A program places a strain on the business;

    3. iii) Planned mergers and acquisitions do not proceed e.g. due to competition authority objections; and

    4. iv) Completed mergers and acquisitions fail to deliver anticipated benefits (e.g. expected synergies and cost savings are not realised).

  3. c) Leadership Risk – of poor strategic direction leading to sub-optimal strategy. It also covers agency costs relating to the misalignment of management's interests with those of the firm; and

  4. d) Aggregation Risk – relating to the combined impact of all the Strategy Risks above being greater than the sum of the parts.

I.4 Finally, from section 10.3, there is the risk that the strategy selected is fundamentally unsound. In part, this would arise from a failure to properly understand the risks to which a given strategy will expose the firm, and hence the firm would take on a greater a higher level of risk and associated probability of ruin than stakeholders would be prepared to accept.

Appendix J: Aggregation and Diversification

J.1 From Section 12, the categories outlined below relate to events identified which could give rise to losses across multiple categories and which may lead to anticipated diversification benefits not being realised:

  1. a) Credit cycles – rapid expansion of credit may be followed by a credit “crunch” as lenders rein in unsustainable lending growth. This may depress markets and lead to recession with higher credit losses, lapses and creditor claims.

  2. b) Currency flows – similar to credit cycles would be the impact of volatile currency flows such as those seen in the 1997 Asian crisis. Rapid outflows following large inflows may de-stabilise markets, force a rise in interest rates to protect the currency and trigger a wider recession.

  3. c) Sovereign default crisis – that (fear of) a country defaulting depresses all assets linked to that country and wider economic activity.

  4. d) Common collateral exposures – even in the absence of a credit “boom”, falls in property prices and other collateral values across lending institutions could force lenders to hold higher capital and rein in lending. This, in turn, would lead to a wider credit crunch, depressing markets and the wider economy. Given a lower capital base, market makers may also increase bid/offer spreads or even cease making markets in some securities, leading to liquidity strains.

  5. e) Solvency strains – life insurers and/or pension funds may be forced into selling equities and other assets to meet solvency requirements (or, for pension funds, to protect the sponsor's balance sheet). As well as depressing markets, bank losses on these assets could force banks to rein in lending, giving rise to a wider credit crunch, and/or limit market making activities, affecting liquidity.

  6. f) Hedge funds may have to liquidate assets in one market to meet margin calls in another – as well as spreading the impact across markets, losses on positions may lead to banks rein in lending and thus spark a wider credit crunch.

  7. g) Counterparty default – as well as counterparty credit losses, the default of a large counterparty could depress markets and the wider economy. An example of this would be the impact on markets and economies of the Lehman's default.

  8. h) Short term funding markets – disruption to short-term funding markets (e.g. the seizing up of securitisation markets) could lead to liquidity strains for banks, forcing them to rein in lending and leading to a credit crunch, which may affect markets and the wider economy. In extremis, banks may face runs and this in turn may trigger counterparty defaults.

  9. i) Payments systems and other financial infrastructure such as systems of clearing and settlement – failure of these would de-stabilise markets as well as causing liquidity issues for financial institutions. These could lead to financial institutions defaulting.

  10. j) Flu pandemic – as well as mortality losses on assurances, this may depress markets and possibly economic activity, with the latter leading to higher unemployment, lapses and creditor claims.

  11. k) Natural catastrophes – as well as insured losses, these could amongst other things:

    1. i) Depress economic activity due to a combination of damage to business premises; reduced consumer spending due to damage to private property; and inaccessibility of shops and businesses;

    2. ii) Depress markets due to the economic downturn arising;

    3. iii) Increase credit losses due to depressed economic activity as well as damage to property and the reduction in collateral values resulting;

    4. iv) Increase lapses due to the economic downturn; and

    5. v) Give rise to operational losses such as damage to premises and business continuity costs.

  12. l) Geo-political shocks – e.g. 9/11, could lead to wider market and economic losses as well as initial insured losses.

J.2 Finally, there is a need to consider Model Risk – the risk that models of dependence have to be strengthened to remain demonstrably prudent, reducing diversification benefits and increasing economic capital requirements.

References

Besar, D., Booth, P., Chan, K.K., Milne, A.K.L., Pickles, J. (2009). Systemic risk in financial services. British Actuarial Journal, 16, 195300.CrossRefGoogle Scholar
Figure 0