ERM Basics for Group Captives

You might wonder why this article zeroes in on group captives, knowing that the topic is also relevant to single-parent captives. The rationale is twofold: First, single-parent captives often serve as tools for their parent companies' enterprise risk management (ERM), which is widely written about across the internet. Second, single-parent captives usually operate within their parent organizations' risk management or finance departments, where ERM expertise is prevalent. In contrast, group captives may lack an ERM function entirely.

The inspiration for this article stems from an audit experience involving a group captive insurance company with a focus on cyber security within its ERM framework. The following outlines some essential ERM principles for group captives.

Who Should Lead the ERM Committee?

Determining the ERM committee's leadership is crucial. Given that captive board members have limited time to devote to the process, some group captives may choose to delegate this role to their captive manager due to their ERM expertise. It's also more cost-effective to outsource the function than to have the board handle the matter. However, captive boards should rethink the tendency to delegate ERM and instead consider it may be beneficial to establish a board risk subcommittee or involve the entire board in ERM.

An Internet search for "ERM committees" provides a number of position papers describing how to build an ERM committee, its role, and the necessary tools. The Committee of Sponsoring Organizations of the Treadway Commission (COSO), formed post-financial crisis, emphasizes the board's vital role in ERM oversight. Their report, Effective Enterprise Risk Oversight: The Role of the Board of Directors, states the following.

"An entity's board of directors plays a critical role in overseeing an enterprise-wide approach to risk management. Because management [editor's comment: in the case of most group captives, the captive manager] is accountable to the board of directors, the board's focus on effective risk oversight is critical to setting the tone and culture toward effective risk management through strategy setting, formulating high-level objectives, and approving broad-based solutions."

Roles of the ERM Committee

If the board takes on the ERM responsibility, the committee should oversee and approve the group captive's ERM framework, covering the following.

1. Risk appetite and tolerance.
2. Governance and practice-related policies and procedures.
3. Risk identification, ranking, and management systems for risks insured in the captive.
4. Compliance monitoring for the policies and procedures identified and developed in step 1.
5. Corrective measures for risks identified as part of step 3.

Developing a clear ERM committee charter is essential to define its responsibilities effectively and identify how the responsibilities will be carried out. The more precise the charter, the better able the committee will be able to carry out its proper oversight. A simple internet search produces an abundance of sample ERM committee charters.

Initial Steps for Enhancing Risk Governance

Once established, the ERM committee should do the following.

1. Inform professional vendors about the committee's formation and seek insights into their ERM approaches.
2. Establish benchmarking against peers, potentially facilitated by captive associations.
3. Consult with risk management experts and invite speakers for committee training.
4. Increase the board's focus on risk management.
5. Review the captive's ethical guidelines and code of conduct.

A future article will explore technical questions associated with ERM and how a group captive board can use these to effectively fulfill its ERM function.