Case Study Operational Risk 4d26t
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report r6l17
Overview 4q3b3c
& View Case Study Operational Risk as PDF for free.
More details 26j3b
- Words: 2,893
- Pages: 27
Quantifying Operational Risk In General Insurance Companies
Introduction Due to a number of recent business failures and the unpredictable events, Insurance companies are to improve their approaches to operational risk( Actuarial Approach). Operational risk can be described as “the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or external events”.
Categories of operational risk
Cause: critical elements / internal deficiency that help the event to take place. The detrimental event “exploits the risk factor” in of greater frequency and/or severity.
Event (actual or potential): is the single detrimental occurrence that can resolve directly in one or more damaging happening for the bank (later “effect”) and at the same time provoke subsequent single correlated events.
Effect: is the single damaging happening coming from a detrimental occurrence (event). The effect marks every single consequence in a unique event time-space context; the effect amount is the incurred operational loss.
Causes • Process
• • •
• Systems
•
• People
• External events • •
•
• • • • • • •
Events Internal Fraud External Fraud Employment Practices and Workplace Safety Clients, Products & Business Practices Damage to Physical Assets Business Disruption and System Failures Execution, Delivery and Process Management
Effects Direct Actual Losses only Gross Losses Failed Recoveries Potential Actual Losses Indirect Losses (Reputation etc) Near Misses Gains Operational risk
3
Four levels of operational risk
People risk-Risks due to human errors, lack of expertise and fraud. Processes risk-This risk emerges as a result of malfunction in the information system and can be external or internal, includes inadequate procedures and controls for reporting, monitoring and decision making, errors in the recording processes of
transactions. Technical risk-The third level of operational risk relates to model errors, implementation and the absence of adequate tools for measuring. A technical risk can also be the risk of loss of electricity at a crucial time or the incorrect installment of certain software, or an outdated computer. Technology risk-This relates to deficiencies of the information system and system failure. It is more advanced and more complex. Some examples of specific loss scenarios of technology risks include system maintenance and external disruption such as failures of exchanges, Software problems, System outdated etc. Further it has been pointed out that not having the right processes to manage Operational risk is itself operational risk. Ultimately to mitigate and manage operational and strategic risk the following is need:
Design: The right controls, people and processes
Implementation: To make sure controls are implemented with trained and motivated people (To avoid Human errors)
Review: Processes to ensure a continual rethink and refresh of the whole system.
The pull of business benefits is seen as the main driver towards the effective operational risk management. Measurement of risk is become an essential tool of effective business management.
4
General Background
This article originates from a General Insurance Research Organization (GIRO) working group on operational risk, its application is much wider covering life assurance, fund management, pension funds, other forms of security business and banking.
Any organization using analytic approaches to risk identification, management and measurement, including stochastic risk analysis modeling techniques are covered. In 2001 an operational risk working group was set up that reported at the 2002 GIRO
conference in Paris. A good start had been made, but there was more to do, especially in desire to be able to quantify operational risks and understand both their magnitude and correlation with other risks. Adding value to business management often requires measurement and quantification. Management decisions are better informed by a well considered understanding of the scale of investments and returns. Quantification requires data. The initial reaction is often that operational risk is difficult to quantify and losses are hard to categorize.
The Actuarial Contribution
Typically, one of the actuary’s tasks is to assist with the quantification of capital and risk, preparing analyses and reporting to the Board.
Quantification Techniques The quantitative methods that are applicable to the problems of understanding and quantifying operational risk: Statistical/curve fitting-This covers the following: Empirical studies, Maximum loss approach, Theoretical probability distribution functions (PDFs) and Regression analysis Frequency/Severity analysis-This includes Extreme value theorem (EVT)-which is a advanced version of frequency/severity analysis and Stochastic differential equations. Statistical (Bayesian) - This includes systems (dynamic) models, influence diagrams, Bayesian belief networks and Bayesian casual models, process maps and assessments. Expert-which include, fuzzy logic, direct assessment of likelihood/preference among bets, capital asset pricing models (CAMP)market view less insurance/asset risk values, and RAMP Practical- Gives the practical approaches of stress testing and scenario analysis, business/industry scenarios, dynamic financial analysis and market beta comparison for individual companies within market sectors.
Paper Overview
Description of a hypothetical case study of an insurance company, named Middle England Life & General plc.
Background to the quantification of operational risk.
Stress testing and scenario analysis are discussed.
Frequency/severity modeling and casual/Bayesian approaches to risk.
Case Study The main objective is to examine the applicability of various methods for quantifying operational risk and quantification requires data. An attempt has been done to ensure that the case study is:
Based in reality
Practical
Easy for readers to relate to their circumstances.
The case study is based on U.K insurance company called: Middle England Life & General plc (MELG)
The case study only discusses the general insurance aspects of the business. The director of the group has been charged with producing a report that: Reviews a wide risk management practices for MELG plc Ensures that MELG plc takes steps to establish and maintain appropriate risk management practices. Inform the group risk committee about past and current wide risk management issues
Historical Beginnings of MELG plc
Originated in the U.K, early 1900s based in Midlands. Launch of direct operation in 1993 Acquired a commercial insurance company in 1995. In 1997 MELG restructured into three separate business units-Commercial, personal intermediary and
personal direct. In 1998 MELG became the target of a hostile takeover bid. In 1999 the company became the U.K subsidiary of a large multinational company with its parent Megacentral Insurance Corporation Inc (MICI) based in New York, United States of America.
Current Operations of MELG
Currently operates through three major sites with ten local offices. 2600 general insurance staff. The organization is now considered as three main strategic businesses:
Commercial Insurance
Personal intermediary insurance
Personal direct insurance
MICI imposes Investment and Business Strategy
MICI set an aspect of policy for MELG that was on group investment objectives. It appears that the MELG plc balance sheet was used to make strategic investments for the parent company. A group management decision to aim for 70% personal lines
and 30% commercial lines business mix was taken.
Management Changes The MELG management decision-making process changed during 1999, following its acquisition by MICI. Prior to that time it operated a more consensus, delegated decision-making style.
Some Major Historical Actions and Incidents 1.
Launch of direct writing.
The projected cost at that time was £30m to P & L, based on a new marketing budget of £10m per annum, extra staff costs and a £5m investment in systems, all offset by growth of business and eventual profit.
A retrospective analysis undertaken suggested that the actual cost was in the region of £70m, partly due to expense overruns and lower than business growth
2. Outsourcing of claims handling The commercial insurance business was self contained and largely staffed by people from the acquired commercial company. The personal direct business was now given autonomy for all aspects of its business It decided to outsource its claims handling to
the personal intermediary business
3. External supplier fraud External fraud had led to a loss of £5m ,the fraud involved a third-party supplier selected by the U.K company to provide services to insurance clients. This due to a lack of confidence in whistle-blowing procedures (Indicative signs of risk)
4. Reinsurance failure to respond Group management also overrode local management with respect to reinsurance policy. This led to a gross loss of £100m and only £10m was recovered. The group internal audit blamed both parties for their evident lack of communication. The overall result was an unexpected loss of £40m 5. Block loss A key corporate relationship for MELG plc collapsed as a result of the group initiated management changes at MELG plc.As a result, this £100m ‘block ’ was lost, with an assumed profit value of £20m.
6. Loan default investment loss
The parent company had, in effect, set an aspect of investment policy that had a detrimental effect on MELG plc because it put group objectives before the prudent management of the U.K insurance firm. Local management either lost autonomy or
they did not properly check the suitability of the investments being made, such a strategic investment loan defaulted costing £75m.
6. Stop loss reinsurance loss The result was an unexpected loss of £25m.
7. Systems overspend loss System development often lead to overspends due to being behind schedule or when there is no effective co-ordination. Consequences-This could be seen as the situation where the reputational risk easily blow up into a full scale crisis.
Basic Risk Management Control Cycle
OPERATIONAL RISK MANAGEMENT MATURITY MODEL
Introduction
There has been several attempts to describe the evolution of risk management. MELG has been relying on traditional measures To control operational risk
Internal Control
Internal audit
Quality of its staff
But these measures are insensitive to the quality of the organization’s system of management We must construct a model that measures objectively the quality level of the organization’s management system (O.R.M.M.M.)
Risk Management Maturity Model
The procedure consists of evaluating an organization’s management system with respect to five levels of maturity:
Risk Management Maturity Model (cont)
•
•
•
1st. Traditional:
–
Organizations whose management simply follows “Traditional House Style”.
–
Management is unaware of the need to manage O.R.
2nd. Awareness:
–
Awareness of the benefits of O.R. Management exists, but with no implementation of systematic controls.
–
Concern is limited to the management of I.O. , And to making procedure manuals and job descriptions available.
3rd. Monitoring:
–
Control systems, in the main processes.
–
Indicators established, even though qualitative, of the evolution of O.R. Including reporting elements.
•
•
4th. Quantification: –
Quantitative indicators in the main processes, allowing quantitative objectives to be established
–
Risk management by means of application of the calculation routines of S.C.R. of QIS3.
5th. Integration: –
Annual valuation of the O.R. of all the organization’s processes
–
Active use of the O.R. Information to improve the firm’s organizational processes with the AIM of gaining competitive advantage.
STRATEGIC INDICATORS OF OPERATIONAL RISK •
These are references allowing from a qualitative to a precise quantitative valuation to be made.
•
There exist three types of indicators: –
Those relative to exposing the risk (E): •
Such as volume of s or technical provisions (QIS3).
•
Indicative of the volume of processes with the possibility of operational failure.
•
They do not detect changes in the ratio of losses, and must be accompanied by such indicators.
–
–
Those relative to losses (l):
•
E.G., Nº of complaining clients.
•
They measure events with incurred losses, and are thus not predictive, allowing only reactive action.
•
They are typical of ex-post contexts, a necessary complement of every analysis.
Those relative to causes (C):
•
E.G., The rotation of staff.
•
They measure factors related to causes of failures, and are thus predictive indicators, allowing pro-active action.
•
They are the hardest to identify, it being necessary to establish the causal relationship between indicator and loss.
•
Very valuable, being predictive.
•
Additional examples of the different kinds of indicators: –
–
Those relative to exposing the risk (E):
•
Number of claims processed
•
Growth of sales
•
Number of important claims
•
Number of it projects underway
•
Size of outsourced contracts
•
% Of the business corresponding to each supplier
Those relative to losses (l):
•
Number of claim complaints
•
Number of budget overruns
–
Those relative to causes (C):
•
Number of "severe" audit incidences unresolved in 2 years
•
Employee turnover
•
Number of employees, by category, needing training
•
Hours of training per employee
•
Overtime per employee
•
Number of different P.C. Configurations in use
STRATEGIC INDICATORS OF O.R (Cont)
Capital requirements- Stress and Scenario Testing
Stress testing and scenario analysis are part of best practice in the overall management of a non-life insurance company Stress testing and scenario analyses, being based on an analysis of the impact of unlikely, but not impossible events, enable a company to gain a better understanding of the risks that it faces under extreme conditions. Stress testing is the process of evaluating a number of statistically defined possibilities to determine the most damaging combination of events, and the loss that they would produce Scenario analysis is the process of evaluating the impact of specified scenarios on the financial position of a company. The emphasis here is on specifying the scenarios and following through their implications.
Case Study Application
•
For each of these sources of operational risk, ,appropriate separate tests, are carried out:
•
istration risk: •
In order to set up stress tests and scenario
•
analyses for istration risk
•
istrative deficiencies, taking of both the actual losses recorded in the exception reports and the results of the Delphi analysis (see {2.7.8).
•
Other relevant factors include the nature and extent of centralised and decentralised functions and the segregation of duties between staff.
•
Compliance risk: •
Principal compliance risk to arise from the risk of non-adherence to legislative and internal company requirements.
•
An investigation into compliance over the last five years found no history of non-compliance with policy and control systems, nor had there been any reported areas of non-compliance with legislation or other requirements
Case Study Application (cont)
•
Event risk: •
Event risk is the risk associated with the potential impact of significant events on the company's operations.
•
The risks are those that are directly related to the products and services offered, and not to events impacting other business risk areas, e.g. non-life insurance business, credit exposure or market risk.
•
•
Fraud risk: • •
•
No additional capital was required for this type of risk.
In assessing fraud risk, a major incident that involved fraudulent activity in relation to an external supplier which resulted in a loss of R5m was used After allowing for the improvements in controls that resulted from this incident, the scenario analysis produced a range of estimates for the amount of capital Required to cover future fraud.
Governance risk: • Governance risk is the risk that the Board and/or senior management will not perform their respective roles effectively. • The existence and level of directors and officers insurance in place were investigated, and compared it to the known incidence of claims of this type. • The current level of corporate governance was considered, and an assessment made of the likelihood that its shortcomings might result in the Board and/or senior management not adequately undertaking their roles.
Case Study Application (cont)
•
Governance risk:
•
Governance risk is the risk that the Board and/or senior management will not perform their respective roles effectively.
•
The existence and level of directors and officers insurance in place were investigated, and compared it to the known incidence of claims of this type.
•
The current level of corporate governance was considered, and an assessment made of the likelihood that its shortcomings might result in the Board and/or senior management not adequately undertaking their roles.
• •
In addition, costs of altering or strengthening the current Board structure were analysed. Given the uncertainties involved, the risk director was unable to come up with a single point estimate of the capital required, and instead used a range of estimates.
Case Study Application (cont) •
Strategic risk: •
Strategic risk arises from an inability to implement appropriate business plans and strategies, make decisions,
allocate resources or adapt to changes in the business environment. •
MELG's risk director assessed the prudence and appropriateness of the future business strategy in the context of the competitive and economic environment.
•
forecasting and projections were assessed, considering the possibility of a fundamental market change due to higher numbers of competitors, changes in sales channels, new forms of insurance or changes in legislation.
•
Technology risk: •
MELG's risk director considered the risk of error or failure associated with the technological aspects (IT systems) of MELG's operations, including both hardware and software risk.
•
The risk director also considered the past reliability and future functionality of the information systems to be adequate.
•
Plans for business continuity management and disaster recovery are reviewed regularly and tested quarterly. There is a back-up site with full recovery capabilities. When performing the scenario analysis, the risk director allowed for the costs associated with utilising the site and the associated business interruption insurance.
Conclusion
•
Overall Assessment –
The analysis took into scenarios which might reasonably be linked, the difficulty with which capital might be
replaced if the scenarios occurred, and the changes in strategy which might need to be adopted if the scenarios occurred.
Introduction Due to a number of recent business failures and the unpredictable events, Insurance companies are to improve their approaches to operational risk( Actuarial Approach). Operational risk can be described as “the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or external events”.
Categories of operational risk
Cause: critical elements / internal deficiency that help the event to take place. The detrimental event “exploits the risk factor” in of greater frequency and/or severity.
Event (actual or potential): is the single detrimental occurrence that can resolve directly in one or more damaging happening for the bank (later “effect”) and at the same time provoke subsequent single correlated events.
Effect: is the single damaging happening coming from a detrimental occurrence (event). The effect marks every single consequence in a unique event time-space context; the effect amount is the incurred operational loss.
Causes • Process
• • •
• Systems
•
• People
• External events • •
•
• • • • • • •
Events Internal Fraud External Fraud Employment Practices and Workplace Safety Clients, Products & Business Practices Damage to Physical Assets Business Disruption and System Failures Execution, Delivery and Process Management
Effects Direct Actual Losses only Gross Losses Failed Recoveries Potential Actual Losses Indirect Losses (Reputation etc) Near Misses Gains Operational risk
3
Four levels of operational risk
People risk-Risks due to human errors, lack of expertise and fraud. Processes risk-This risk emerges as a result of malfunction in the information system and can be external or internal, includes inadequate procedures and controls for reporting, monitoring and decision making, errors in the recording processes of
transactions. Technical risk-The third level of operational risk relates to model errors, implementation and the absence of adequate tools for measuring. A technical risk can also be the risk of loss of electricity at a crucial time or the incorrect installment of certain software, or an outdated computer. Technology risk-This relates to deficiencies of the information system and system failure. It is more advanced and more complex. Some examples of specific loss scenarios of technology risks include system maintenance and external disruption such as failures of exchanges, Software problems, System outdated etc. Further it has been pointed out that not having the right processes to manage Operational risk is itself operational risk. Ultimately to mitigate and manage operational and strategic risk the following is need:
Design: The right controls, people and processes
Implementation: To make sure controls are implemented with trained and motivated people (To avoid Human errors)
Review: Processes to ensure a continual rethink and refresh of the whole system.
The pull of business benefits is seen as the main driver towards the effective operational risk management. Measurement of risk is become an essential tool of effective business management.
4
General Background
This article originates from a General Insurance Research Organization (GIRO) working group on operational risk, its application is much wider covering life assurance, fund management, pension funds, other forms of security business and banking.
Any organization using analytic approaches to risk identification, management and measurement, including stochastic risk analysis modeling techniques are covered. In 2001 an operational risk working group was set up that reported at the 2002 GIRO
conference in Paris. A good start had been made, but there was more to do, especially in desire to be able to quantify operational risks and understand both their magnitude and correlation with other risks. Adding value to business management often requires measurement and quantification. Management decisions are better informed by a well considered understanding of the scale of investments and returns. Quantification requires data. The initial reaction is often that operational risk is difficult to quantify and losses are hard to categorize.
The Actuarial Contribution
Typically, one of the actuary’s tasks is to assist with the quantification of capital and risk, preparing analyses and reporting to the Board.
Quantification Techniques The quantitative methods that are applicable to the problems of understanding and quantifying operational risk: Statistical/curve fitting-This covers the following: Empirical studies, Maximum loss approach, Theoretical probability distribution functions (PDFs) and Regression analysis Frequency/Severity analysis-This includes Extreme value theorem (EVT)-which is a advanced version of frequency/severity analysis and Stochastic differential equations. Statistical (Bayesian) - This includes systems (dynamic) models, influence diagrams, Bayesian belief networks and Bayesian casual models, process maps and assessments. Expert-which include, fuzzy logic, direct assessment of likelihood/preference among bets, capital asset pricing models (CAMP)market view less insurance/asset risk values, and RAMP Practical- Gives the practical approaches of stress testing and scenario analysis, business/industry scenarios, dynamic financial analysis and market beta comparison for individual companies within market sectors.
Paper Overview
Description of a hypothetical case study of an insurance company, named Middle England Life & General plc.
Background to the quantification of operational risk.
Stress testing and scenario analysis are discussed.
Frequency/severity modeling and casual/Bayesian approaches to risk.
Case Study The main objective is to examine the applicability of various methods for quantifying operational risk and quantification requires data. An attempt has been done to ensure that the case study is:
Based in reality
Practical
Easy for readers to relate to their circumstances.
The case study is based on U.K insurance company called: Middle England Life & General plc (MELG)
The case study only discusses the general insurance aspects of the business. The director of the group has been charged with producing a report that: Reviews a wide risk management practices for MELG plc Ensures that MELG plc takes steps to establish and maintain appropriate risk management practices. Inform the group risk committee about past and current wide risk management issues
Historical Beginnings of MELG plc
Originated in the U.K, early 1900s based in Midlands. Launch of direct operation in 1993 Acquired a commercial insurance company in 1995. In 1997 MELG restructured into three separate business units-Commercial, personal intermediary and
personal direct. In 1998 MELG became the target of a hostile takeover bid. In 1999 the company became the U.K subsidiary of a large multinational company with its parent Megacentral Insurance Corporation Inc (MICI) based in New York, United States of America.
Current Operations of MELG
Currently operates through three major sites with ten local offices. 2600 general insurance staff. The organization is now considered as three main strategic businesses:
Commercial Insurance
Personal intermediary insurance
Personal direct insurance
MICI imposes Investment and Business Strategy
MICI set an aspect of policy for MELG that was on group investment objectives. It appears that the MELG plc balance sheet was used to make strategic investments for the parent company. A group management decision to aim for 70% personal lines
and 30% commercial lines business mix was taken.
Management Changes The MELG management decision-making process changed during 1999, following its acquisition by MICI. Prior to that time it operated a more consensus, delegated decision-making style.
Some Major Historical Actions and Incidents 1.
Launch of direct writing.
The projected cost at that time was £30m to P & L, based on a new marketing budget of £10m per annum, extra staff costs and a £5m investment in systems, all offset by growth of business and eventual profit.
A retrospective analysis undertaken suggested that the actual cost was in the region of £70m, partly due to expense overruns and lower than business growth
2. Outsourcing of claims handling The commercial insurance business was self contained and largely staffed by people from the acquired commercial company. The personal direct business was now given autonomy for all aspects of its business It decided to outsource its claims handling to
the personal intermediary business
3. External supplier fraud External fraud had led to a loss of £5m ,the fraud involved a third-party supplier selected by the U.K company to provide services to insurance clients. This due to a lack of confidence in whistle-blowing procedures (Indicative signs of risk)
4. Reinsurance failure to respond Group management also overrode local management with respect to reinsurance policy. This led to a gross loss of £100m and only £10m was recovered. The group internal audit blamed both parties for their evident lack of communication. The overall result was an unexpected loss of £40m 5. Block loss A key corporate relationship for MELG plc collapsed as a result of the group initiated management changes at MELG plc.As a result, this £100m ‘block ’ was lost, with an assumed profit value of £20m.
6. Loan default investment loss
The parent company had, in effect, set an aspect of investment policy that had a detrimental effect on MELG plc because it put group objectives before the prudent management of the U.K insurance firm. Local management either lost autonomy or
they did not properly check the suitability of the investments being made, such a strategic investment loan defaulted costing £75m.
6. Stop loss reinsurance loss The result was an unexpected loss of £25m.
7. Systems overspend loss System development often lead to overspends due to being behind schedule or when there is no effective co-ordination. Consequences-This could be seen as the situation where the reputational risk easily blow up into a full scale crisis.
Basic Risk Management Control Cycle
OPERATIONAL RISK MANAGEMENT MATURITY MODEL
Introduction
There has been several attempts to describe the evolution of risk management. MELG has been relying on traditional measures To control operational risk
Internal Control
Internal audit
Quality of its staff
But these measures are insensitive to the quality of the organization’s system of management We must construct a model that measures objectively the quality level of the organization’s management system (O.R.M.M.M.)
Risk Management Maturity Model
The procedure consists of evaluating an organization’s management system with respect to five levels of maturity:
Risk Management Maturity Model (cont)
•
•
•
1st. Traditional:
–
Organizations whose management simply follows “Traditional House Style”.
–
Management is unaware of the need to manage O.R.
2nd. Awareness:
–
Awareness of the benefits of O.R. Management exists, but with no implementation of systematic controls.
–
Concern is limited to the management of I.O. , And to making procedure manuals and job descriptions available.
3rd. Monitoring:
–
Control systems, in the main processes.
–
Indicators established, even though qualitative, of the evolution of O.R. Including reporting elements.
•
•
4th. Quantification: –
Quantitative indicators in the main processes, allowing quantitative objectives to be established
–
Risk management by means of application of the calculation routines of S.C.R. of QIS3.
5th. Integration: –
Annual valuation of the O.R. of all the organization’s processes
–
Active use of the O.R. Information to improve the firm’s organizational processes with the AIM of gaining competitive advantage.
STRATEGIC INDICATORS OF OPERATIONAL RISK •
These are references allowing from a qualitative to a precise quantitative valuation to be made.
•
There exist three types of indicators: –
Those relative to exposing the risk (E): •
Such as volume of s or technical provisions (QIS3).
•
Indicative of the volume of processes with the possibility of operational failure.
•
They do not detect changes in the ratio of losses, and must be accompanied by such indicators.
–
–
Those relative to losses (l):
•
E.G., Nº of complaining clients.
•
They measure events with incurred losses, and are thus not predictive, allowing only reactive action.
•
They are typical of ex-post contexts, a necessary complement of every analysis.
Those relative to causes (C):
•
E.G., The rotation of staff.
•
They measure factors related to causes of failures, and are thus predictive indicators, allowing pro-active action.
•
They are the hardest to identify, it being necessary to establish the causal relationship between indicator and loss.
•
Very valuable, being predictive.
•
Additional examples of the different kinds of indicators: –
–
Those relative to exposing the risk (E):
•
Number of claims processed
•
Growth of sales
•
Number of important claims
•
Number of it projects underway
•
Size of outsourced contracts
•
% Of the business corresponding to each supplier
Those relative to losses (l):
•
Number of claim complaints
•
Number of budget overruns
–
Those relative to causes (C):
•
Number of "severe" audit incidences unresolved in 2 years
•
Employee turnover
•
Number of employees, by category, needing training
•
Hours of training per employee
•
Overtime per employee
•
Number of different P.C. Configurations in use
STRATEGIC INDICATORS OF O.R (Cont)
Capital requirements- Stress and Scenario Testing
Stress testing and scenario analysis are part of best practice in the overall management of a non-life insurance company Stress testing and scenario analyses, being based on an analysis of the impact of unlikely, but not impossible events, enable a company to gain a better understanding of the risks that it faces under extreme conditions. Stress testing is the process of evaluating a number of statistically defined possibilities to determine the most damaging combination of events, and the loss that they would produce Scenario analysis is the process of evaluating the impact of specified scenarios on the financial position of a company. The emphasis here is on specifying the scenarios and following through their implications.
Case Study Application
•
For each of these sources of operational risk, ,appropriate separate tests, are carried out:
•
istration risk: •
In order to set up stress tests and scenario
•
analyses for istration risk
•
istrative deficiencies, taking of both the actual losses recorded in the exception reports and the results of the Delphi analysis (see {2.7.8).
•
Other relevant factors include the nature and extent of centralised and decentralised functions and the segregation of duties between staff.
•
Compliance risk: •
Principal compliance risk to arise from the risk of non-adherence to legislative and internal company requirements.
•
An investigation into compliance over the last five years found no history of non-compliance with policy and control systems, nor had there been any reported areas of non-compliance with legislation or other requirements
Case Study Application (cont)
•
Event risk: •
Event risk is the risk associated with the potential impact of significant events on the company's operations.
•
The risks are those that are directly related to the products and services offered, and not to events impacting other business risk areas, e.g. non-life insurance business, credit exposure or market risk.
•
•
Fraud risk: • •
•
No additional capital was required for this type of risk.
In assessing fraud risk, a major incident that involved fraudulent activity in relation to an external supplier which resulted in a loss of R5m was used After allowing for the improvements in controls that resulted from this incident, the scenario analysis produced a range of estimates for the amount of capital Required to cover future fraud.
Governance risk: • Governance risk is the risk that the Board and/or senior management will not perform their respective roles effectively. • The existence and level of directors and officers insurance in place were investigated, and compared it to the known incidence of claims of this type. • The current level of corporate governance was considered, and an assessment made of the likelihood that its shortcomings might result in the Board and/or senior management not adequately undertaking their roles.
Case Study Application (cont)
•
Governance risk:
•
Governance risk is the risk that the Board and/or senior management will not perform their respective roles effectively.
•
The existence and level of directors and officers insurance in place were investigated, and compared it to the known incidence of claims of this type.
•
The current level of corporate governance was considered, and an assessment made of the likelihood that its shortcomings might result in the Board and/or senior management not adequately undertaking their roles.
• •
In addition, costs of altering or strengthening the current Board structure were analysed. Given the uncertainties involved, the risk director was unable to come up with a single point estimate of the capital required, and instead used a range of estimates.
Case Study Application (cont) •
Strategic risk: •
Strategic risk arises from an inability to implement appropriate business plans and strategies, make decisions,
allocate resources or adapt to changes in the business environment. •
MELG's risk director assessed the prudence and appropriateness of the future business strategy in the context of the competitive and economic environment.
•
forecasting and projections were assessed, considering the possibility of a fundamental market change due to higher numbers of competitors, changes in sales channels, new forms of insurance or changes in legislation.
•
Technology risk: •
MELG's risk director considered the risk of error or failure associated with the technological aspects (IT systems) of MELG's operations, including both hardware and software risk.
•
The risk director also considered the past reliability and future functionality of the information systems to be adequate.
•
Plans for business continuity management and disaster recovery are reviewed regularly and tested quarterly. There is a back-up site with full recovery capabilities. When performing the scenario analysis, the risk director allowed for the costs associated with utilising the site and the associated business interruption insurance.
Conclusion
•
Overall Assessment –
The analysis took into scenarios which might reasonably be linked, the difficulty with which capital might be
replaced if the scenarios occurred, and the changes in strategy which might need to be adopted if the scenarios occurred.
Related Documents 171j1w
Case Study Operational Risk 4d26t
January 2022 0
Risk Management Case Study 3m284i
April 2020 25
Building Operational Risk Awareness 733bt
November 2021 0
Bank Risk Management Case Study 19p
October 2021 0
Operational Risk Management l2y61
August 2021 0
Basel Ii - Operational Risk - Ama 2ub5q
December 2019 45More Documents from "Dikankatla Selahle" 634p3m