|
Captive Resource Center
Businesses and Associations
Research & Information
|
ERM & Captives
By Conor Jennings
October 2009
 What's
this enterprise risk management (ERM) all about then? It's certainly not
new; the risk management community has been using ERM methodologies for
years, so why all the excitement?
Very briefly, ERM is the latest wrap-around term to describe a top-down,
dynamic and holistic risk management framework or process. It's the natural
evolution of other frameworks from around the world and is a further raising
of the risk management bar. There are many definitions of ERM, but the
shortest and most succinct that I've found is “the methodical management
of all material risks.”
Another definition which is probably easier to relate to is that "ERM
is the process of planning, organizing, leading, and controlling the activities
of an organization in order to minimize the effects of risk on that organization's
capital and earnings." ERM expands the older processes to include
not just risks associated with accidental losses, but also financial,
strategic, operational, and other risks.
The current financial crisis has made everybody far more
risk adverse, and highlighted the importance of ERM, which explains why
it’s now a standard agenda item of all organizations.
As businesses have become more complex over the ages,
so too have the number and nature of risks in which those businesses are
involved. Remember when banking used to mean borrowing and lending money?
Things have moved on enormously over the past twenty years, and risk management
associations world wide have constantly been widening and redefining their
terms of risk reference to try to keep up to date. Furthermore, in recent
years, external factors have fueled a heightened interest by organizations
to clearly demonstrate that they know what they are doing, understand
the risks inherent to their business and know how best to manage and control
them. Industry and government regulatory bodies, as well as investors,
have begun to scrutinize companies' risk-management policies and procedures.
In an increasing number of industries, boards of directors are required
to review and report on the adequacy of risk-management processes in the
organizations they administer. The answer to meeting all these demands
is for organizations to adopt and implement full ERM programs.
The US Committee of Sponsoring Organizations of Treadway
Commission (COSO) divides the ERM process into eight components:
- Internal Environment
- Objective Setting
- Event Identification
- Risk Assessment
- Risk Response
- Control Activities
- Information and Communication
- Monitoring
An important new element of ERM is that although it is
primarily a defensive process, it can also be used offensively. By identifying
and proactively addressing risks and opportunities, business enterprises
protect and create value for their stakeholders, including owners, employees,
customers, regulators, and society overall. ERM is evolving to address
the needs of various stakeholders, who want to understand the broad spectrum
of risks facing complex organizations to ensure they are appropriately
managed. Regulators and debt-rating agencies have increased their scrutiny
on the risk management processes of companies.
There is a significant need for ERM if organizations are to improve governance,
risk/return, and revenue growth, as well as realize the myriad other benefits.
Standard & Poor's (S&P) has reinforced this importance with its
recent initiative to assess non-financial firms on their ERM implementation
in its company ratings, which began in 2009. Other rating agencies are
implementing similar rating processes.
Although at the moment there is no S&P rating advantage for financial
institutions implementing ERM, because they thrive on the business of
risk; they are excellent examples of companies that can benefit hugely
from effective ERM. Their success depends on striking a balance between
enhancing profits and managing risk.
It is a challenge to identify best practices for implementing ERM, because
until recently these have not existed. However, some ERM best practices
are beginning to emerge. It is paramount that the board drive the implementation
exercise. Everyone in the organization must be responsible for managing
some aspect of risk. Everybody in the organization must be involved; there
can be no exceptions. All individuals must be trained in basic risk management
skills, a risk framework must be adapted to the organization's needs,
and risk tolerances must be set by the board. Internal auditors can help
the implementation effort by learning all they can about ERM, as well
as by networking with risk professionals. They also need to challenge
the external auditors to get appropriate support for this initiative.
Finally, internal auditors and risk managers must do more to educate their
board about ERM to ensure the right outcomes.
As a result of this increased awareness of risk and the need to try to
control and finance it, there exists an excellent opportunity for the
insurance market to cater to these needs. In other words, 'new' risks
which hadn't really been appreciated before may need to be transferred
by organizations to the traditional or alternative insurance markets.
Historically, captives have thrived at times when the traditional market
has not understood the underlying risks or has set its premiums too high.
Examples have been in the 1950s when the large petro-chem companies realized
that insurers didn't fully understand their specialized risks and that
they were bigger than the insurance companies anyway, so why not do it
themselves by setting up their own captive insurance companies. Another
example of when captives do well is immediately after every major catastrophe
when insurers hike up their rates resulting in a hard market, and those
companies with good claims experience start exploring the alternative
captive options.
The conclusion is that ERM is good news for captive insurance.
When the ever-increasing number of companies that have implemented full
ERM programs realise that their risk footprints have changed, they will
have to reassess their current risk financing strategies. ERM is likely
to identify that a company's real concerns are not fire or explosions
but more 'modern' risks such as loss of reputation, regulatory involvement
and IT network problems.
Alternative market brokers, consultants, captive managers and regulators
need to sit up and take notice of what's going on out there. ERM is becoming
an integral part of all major organizations and is unearthing a whole
host of new risks which will need to be managed. Specialist markets such
as Lloyd's in London have for years been insuring those out-of-the-ordinary
risks which nobody else understands or wants. So much of the expertise
is out there already, it's just now time for captive consultants and managers
to be more creative and to explore the many ways their captives can be
utilized to insure these new risks. In addition to participating in these
risks, properly structured and resourced captives can be used as the focal
point for a company's ERM program, and help the directors provide a profit
center which can be used to help fund further ERM initiatives.
The silver lining of the economic crisis is that ERM will become more
and more important to organizations, and the opportunities resulting from
this for the alternative risk financing market, are exciting indeed.
|
Conor Jennings is a Fellow of the Chartered Insurance Institute
and a Fellow of the Institute of Risk Management.
He has worked in a number of different countries around
in the insurance, risk management and captive arenas.
He is currently a captive insurance manager in the
Cayman Islands with Caledonian Insurance Services www.caledonian.com |
 |
|
