Could another credit crisis like the one that nearly bankrupted American International Group in 2008 happen today?
Perhaps not, if authorities overseeing the industry have anything to say about it.
Bankrupt-proof financial institutions are, more to the point, what lawmakers and regulators hope to create by requiring that insurers and big banks have enough assets in reserve should the unthinkable happen. In the wake of the near-meltdown of industry behemoths during the Great Recession, state and federal regulators have thought long and hard about processes, controls and capital requirements strong enough to guard insurers — and their policyholders — against a financially catastrophic event.
Related: Icahn named special Trump adviser to roll back regulations
Whether they’re now sufficiently well insulated is an open question. This much is clear: There’s been a lot of speculation as to how insurers are grappling with an increasingly stringent regulatory environment, and the impact this regime has on their competitive positioning and financials.
The prognosticating has been especially pronounced since the National Association of Insurance Commissioners’ Risk Management and Own Risk and Solvency Assessment (ORSA) Model Act took effect on January 1, 2015. Guidelines for establishing an “enterprise risk management framework,” a process by which insurers’ determine their current and future solvency under “normal and severe stress scenarios,” ORSA now governs large and mid-size insurers in about a dozen states that have adopted the model law (#505 in the NAIC’s numbering system).
Though the most frequently cited concern, ORSA is not the only regulatory issue that’s front-and-center for insurers. Many also are contending with federal regulations imposed by the Federal Reserve; overseas regulations of the International Association of Insurance Supervisors (IAIS) and the European Union’s Solvency II law; and, most recently, the Department of Labor’s conflict of interest or fiduciary rule.
How well are insurers adapting to the regulatory overhang? One result of ORSA’s enactment, according to a new study from Ernst & Young, has been a “formalizing” of risk management assessments at life and property & casualty (P&C) insurers. That shift has enhanced the power and authority of a key executive in the C-suite: the chief risk officer.
A common perception of the CRO — a lower-rung executive on the leadership hierarchy who “checks the boxes” of compliance forms and functions as a naysayer in management meetings — is today far from reality. Thanks in part to ORSA, CROs are now at many insurers co-equal with their C-level piers: a top-tier exec fully involved in major corporate initiatives, their role focusing on how proposed actions might impact the insurer from a risk perspective.
Related: NAFA vows to continue DOL rule fight
By enabling carriers to make “better and more informed” decisions, the CRO can help produce superior outcomes —greater revenues and profits, reduced costs, better managed and more financially resilient organizations. (Photo: Thinkstock)
More power to the CRO
By enabling carriers to make “better and more informed” decisions, says Chad Runchey, a principal of insurance advisory services at Ernst & Young and a contributing author of the survey, the CRO can help produce superior outcomes — greater revenues and profits, reduced costs, better managed and more financially resilient organizations.
That conclusion aligns with a recent report from the Deloitte Center for Financial Services, which asked insurers’ chief compliance officers to rate their companies’ “maturity” on key ethics, compliance and spending parameters. The Deloitte report’s conclusion, as reported by LifeHealthPro in a December 15 feature, is that well-designed compliance architecture is “an asset” to carriers. Investments in processes and controls to ensure adherence to regulators’ rules of the road yield “increased top and bottom lines, as well as a lowered danger of reputational and other risk.”
Related: How more regulation can help the insurance industry
It’s no surprise, then, that insurers are increasingly empowering their CCOs. Ditto in respect to CROs, to whom the former generally report. As the Ernst & Young study reveals, half of CROs say their companies have given them new responsibilities during the prior 12 months; and some anticipate taking on more tasks “in the next few years.” Between 5 in 10 and 8 in 10 of the CROs surveyed say they “own” (as opposed to having a limited responsibility for) the following functions:
Stress and scenario design (80 percent);
Model validation (75 percent);
Risk appetite-setting (71 percent);
Model governance (71 percent); and
Risk tolerance and limits-setting (56 percent).
The CROs also play a role (albeit less influential) in insurers’ other risk-related functions. These range from risk mitigation, reinsurance and capital deployment to business strategy, product approval, investments, valuation/reserving and strategic decisions, such as whether acquire or merge with a competitor.
To learn more about the chief risk officer’s evolving role at life and P&C insurers (CROs at these carriers represent 35 and 55 percent, respectively, of the survey’s respondents, the remaining 10 percent being a “composite”), LifeHealthPro interviewed Ernst & Young’s Runchey during an insights-filled 45-minute phone conversation. The following are excerpts.
Related: Broker-dealers on DOL fiduciary rule: Expect advisors to walk
Ernst & Young has observed a marked shift in reporting lines: Many CROs now report directly to the CEO and the board of directors. That’s a big change from EY’s 2010 survey. (Photo: Thinkstock)
Evolution of the field
LHP: How have your research findings changed since Ernst & Young’s first survey of CROs in 2010?
Runchey (pictured at right): CROs in 2010 were relatively new so we wanted to do a high-level survey, focusing on their responsibilities, the key issues they face and the position’s changing scope. The field has significantly evolved. Insurers today have more formalized approaches to risk management than they did 6 years ago.
LHP: Did this year’s survey findings align with your expectations?
Runchey: They generally did. To the extent they departed from prior years, the results reflected in part an expanded number of participants. In 2016, we had a lot more small and regional insurers; so there was a greater diversity of CROs.
Related: Trump takes on state insurance regulators
Many of them are further down on the maturity scale in terms of capabilities. While risk management is becoming more embedded at the carriers, business practices vary widely, mirroring the size, complexity and risk profile of the insurer.
One factor driving insurers to adopt more formalized risk management practices is the NAIC’s 2015 model act, ORSA, which requires insurers to document their risk management framework, taking account of current and future risks to the companies.
ORSA is driving a convergence of the industry’s disparate processes and controls. The changes are particularly notable among small and regional carriers that have less mature risk management practices. The ORSA self-assessments must include: (1) an overview of the company’s risk management framework; (2) an assessment of risk exposures; plus (3) a group capital assessment and a forward-looking assessment of solvency.
Related: Insurance regulators respond to ongoing low interest rates
LHP: In light of the new regulatory requirements, how you do see the CRO position evolving?
Runchey: In corporate C-suites, CROs are increasingly being brought to the table to discuss key decisions, whether it’s about products, risk mitigation strategies, capital deployment or investments. The unique perspective CROs bring in assessing risk exposure and the potential business impact of decisions is very valuable to senior management.
As a result, we’ve seen a marked shift in reporting lines: Many CROs now report directly to the CEO and the board of directors. That’s a big change from our first survey.
In senior management meetings, they’re not just imposing a veto from the sidelines. They’re playing a meaningful role by indicating how a proposed action will affect the insurer’s risk profile. The CRO is now a full partner in executive-levels decisions; it’s no longer just about providing a compliance check on the decisions of others.
Related: 4 DOL fiduciary rule compliance considerations
Nearly 8 in 10 (78 percent) of the CROs Ernst & Young surveyed say they use stress testing and modeling in business planning. (Photo: iStock)
Variables, tools & methodologies
LHP: Regulation aside, what business or economic factors are more prominent than in past years in a CROs’ risk analysis?
Runchey: What the CRO has helped to accelerate within insurers is stress-testing: looking at the company’s results under adverse conditions; and understanding how risks will manifest themselves in the future. Two stress scenarios commonly examined are the impact of sustained low interest rates and a repeat of the stock market crash of 1929.
Related: 5 things to know about selling annuities under the DOL fiduciary rule
Based on the risk assessment, the CRO will help the executive team navigate key questions. For example, “Are we comfortable with the stress test results or do we want a better outcome? Are we holding too much capital in reserve or too little? Can we achieve them same objectives with a different strategy or time horizon that entails less risk to the business?”
By raising these questions, the CRO adds value to executive-level conversations. They bring to the table what-if scenarios, quantify their potential impact and suggest alternatives when the strategy in question is deemed outside certain risk limits. At a P&C insurer, for example, these limits may apply to exposures, risk retention and PMLs — probable maximum losses — resulting from a natural or man-made catastrophe.
LHP: What tools and methodologies are available to the CRO to assess risk?
Runchey: Most insurers are able to forecast their financials, such as changes to the balance sheet, the income statement or the cash flow statement in light of their strategic plans, the economic outlook, the business environment and competitive factors. What we’re seeing now is the overlay of stress tests onto these forecasts.
Nearly 8 in 10 — 78 percent — of the CROs we surveyed say they use stress testing and modeling in business planning. These risk quantification techniques are also used, albeit among fewer than half of our respondents, in ORSA reporting, capital and liquidity management, reinsurance program optimization, asset-liability matching, equity allocation and return on equity [ROE] reporting. The industry has also developed advanced economic capital modeling; this comes in various forms, as there’s no standard definition of economic capital.