Enterprise Risk Management: Risk Governance guideline formalises the ERM Framework in Malaysia



Similar documents
Issued on: 1 March Risk Governance

GUIDELINES ON DIFFERENTIAL LEVY SYSTEMS FRAMEWORK FOR INSURANCE COMPANIES

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

Preparing for ORSA - Some practical issues

Insurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive

RISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012)

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

Regulatory Solvency Assessment of Property/Casualty Insurance Companies in the United States

Guidelines on Investment in Shares, Interest-in-Shares and Collective Investment Schemes for Islamic Banks

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

Life Insurance Corporation (Singapore)Pte Ltd UEN E MANAGEMENT REPORT 31/12/2014

Life Insurance Corporation (Singapore)Pte Ltd UEN E MANAGEMENT REPORT 31/12/2013

Guidance Note: Stress Testing Class 2 Credit Unions. November, Ce document est également disponible en français

Enterprise Risk Management A View. Clive Kelly CRO Zurich Insurance plc/zfs Europe (GI)

Risk Management. Trends for Insurance Companies. Jeffrey Lovern Genworth Financial VP, Enterprise Risk Management Global Mortgage Insurance

Deriving Value from ORSA. Board Perspective

CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012.

Solvency II Own Risk and Solvency Assessment (ORSA)

Transforming risk management into a competitive advantage kpmg.com

Own Risk and Solvency Assessment

EIOPACP 13/09. Guidelines on Forward Looking assessment of own risks (based on the ORSA principles)

Guidelines on Investment in Shares, Interest-in-Shares and Collective Investment Schemes

Insurance Core Principles

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)

System of Governance

Principles for An. Effective Risk Appetite Framework

Approach to Regulating and Supervising Financial Groups

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

This section outlines the Solvency II requirements for a syndicate s own risk and solvency assessment (ORSA).

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

EBA Guidelines on Internal Governance (GL 44)

Scenario Analysis Principles and Practices in the Insurance Industry

High level principles for risk management

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

RISK MANAGEMENT AND COMPLIANCE

NAIC OWN RISK AND SOLVENCY ASSESSMENT (ORSA) GUIDANCE MANUAL

ORSA - The heart of Solvency II

PwC s 2012 U.S. Insurance ERM & ORSA Readiness Survey

CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS

FINANCIAL SERVICES FLASH REPORT

Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference

ENTERPRISE RISK MANAGEMENT BENCHMARK REVIEW: 2013 UPDATE

CEIOPS Advice for Level 2 Implementing Measures on Solvency II: Articles 120 to 126. Tests and Standards for Internal Model Approval

Bermuda s Insurance Solvency Framework. The Roadmap to Regulatory Equivalence


Central Bank of Ireland Guidelines on Preparing for Solvency II Pre-application for Internal Models

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Tel (03) Fax (03) ACIIA ADVOCACY PROJECT ASIAN STOCK EXCHANGE PERSPECTIVES ON INTERNAL AUDIT

Key functions in the system of governance Responsibilities, interfaces and outsourcing under Solvency II

The validation of internal rating systems for capital adequacy purposes

FINANCIAL ASSESSMENT CRITERIA (The Assessment Criteria should be read in conjunction with OSFI s Supervisory Framework)

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

Part 1 of Schedule 1 of IFSA

ORSA for Dummies. Institute of Risk Management Solvency II Group April 17th Peter Taylor

The role and function of insurance company board of directors risk committees

EIOPA-CP-11/008 7 November Consultation Paper On the Proposal for Guidelines on Own Risk and Solvency Assessment

Solvency II Detailed guidance notes

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

APPENDIX 50. Enterprise risk management - Risk management overview

Solvency II benchmarking survey

NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES 11 NYCRR 82 (INSURANCE REGULATION 203) ENTERPRISE RISK MANAGEMENT AND OWN RISK AND SOLVENCY ASSESSMENT

The Internal Capital Adequacy Assessment Process (ICAAP) and the Supervisory Review and Evaluation Process (SREP)

Integrated Risk Management:

ORSA Implementation Challenges

BEST PRACTICES FOR THE MANAGEMENT OF CREDIT RISK

The Protection Gap Study in Malaysia. Farzana Ismail, FIA On behalf of Actuarial Society of Malaysia Actuarial Partners Consulting, Malaysia

Solvency II Own risk and solvency assessment (ORSA)

Guidance on Arrangements to Support Operational Continuity in Resolution. Consultative Document

Supervisory Policy Manual

DRAFT May Objective and key requirements of this Prudential Standard

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012

Actuarial Report. On the Proposed Transfer of the Life Insurance Business from. Asteron Life Limited. Suncorp Life & Superannuation Limited

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

Close Brothers Group plc

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

on Asset Management Management

NATIONAL BANK OF ETHIOPIA MICROFINANCE INSTITUIONS SUPERVISION DIRECTORATE. RISK MANAGEMENT GUIDLEIES for MICROFINANCE INSTITITTIONS (FINAL)

Operational Risk Management Program Version 1.0 October 2013

IAIS Insurance Core Principle 16

MSc Investment Banking and Islamic Finance. Full-time: 12 months

NORTHERN TRUST CORPORATION BUSINESS RISK COMMITTEE CHARTER

STRESS TESTING GUIDELINE

Industry Briefing on Central Bank Guidelines on Preparing for Solvency II

Transcription:

Enterprise Risk Management: Risk Governance guideline formalises the ERM Framework in Malaysia By Farzana Ismail and Lee Kin Hoe In March 2013, Bank Negara Malaysia (BNM) issued guidelines on Risk Governance (RG). The guideline is the final piece of the jigsaw in bringing together the other guidelines on risks (market, credit, operational, liquidity) into a cohesive framework. This article highlights some of the key principles underlying the RG guidelines. In addition, an ERM guideline for insurers was also issued by the Singapore regulator and this article will highlight some of the key similarities and differences between these two guidelines. Background The RG framework is principle-based and broadly descriptive, with the intention of having it applicable to all financial institutions 1. The emphasis on the RG framework is on the board and senior management s roles in formulating and driving a positive risk culture i.e. a topdown approach. It focuses on applying the principles of sound corporate governance to the assessment and management of risks to ensure that risk taking activities are aligned with an institution s capacity to absorb losses and its long-term viability. 1 The paragraphs where insurers or/and takaful operators are mentioned explicitly are in paragraphs 26, 33, 49 and 61. Page 1

Although the guideline does not elaborate on capacity to absorb losses in terms of capital, this is addressed in another guideline (Guidelines on Internal Capital Adequacy Assessment Process for Insurers or ICAAP ). Therefore, the RG needs to be read together with the ICAAP to represent the Enterprise Risk Management framework for insurers in Malaysia. Earlier this year, the Singapore regulatory authority, the Monetary Authority of Singapore (MAS) similarly issued a Consultation Paper on Enterprise Risk Management for Insurers. The finalised Enterprise Risk Management for Insurers (ERMI) guideline came out in April 2013 and is largely similar with the Consultation Paper. Both the RG and ERMI focus on Enterprise Risk Management (ERM). The following sections will highlight some of the key principles underlying the RG guidelines and list a few key similarities and differences between these two guidelines. BANK NEGARA MALAYSIA (BNM) February 2012: Issued ICAAP Guidelines; effective from 1 Sept 2012 November 2012: Issued a Consultation Paper on Risk Governance March 2013: Issued finalised guideline on Risk Governance (RG), effective immediately EVENT TIMELINE January 2013: Issued Consultation Paper on Enterprise Risk Management (ERM) for Insurers. April 2013: Issued Guideline on Enterprise Risk Management (ERM) for Insurers. MONETARY AUTHORITY OF SINGAPORE (MAS) Page 2

Key principles in the Risk Governance guideline The key pertinent principles in the Risk Governance guideline are highlighted below. The role of a Chief Risk Officer (CRO) or independent senior risk executive has to be established with a distinct responsibility for risk management function. The person must have sufficient stature, authority and seniority to influence decisions from a risk perspective. Its independence and unimpeded access to the board and risk committee are strongly emphasized in the guideline. As such, the role has to be filled by someone with relevant qualifications, experienced in risk disciplines, understands the business and with strong communication skills. An independent risk management function has to be established, with sufficient resources and access to the board. The compliance function plays a role in the ERM framework as an independent auditor of the risk policies and procedures. In addition, the relationship between compliance, internal audit and risk management functions has to be clearly defined by appropriate structure and lines of reporting to ensure independence. Actuarial expertise is cited in supporting the risk management function. However, to ensure independence, actuarial expertise in risk management function is not allowed to be directly responsible for other actuarial functions such as product development and design, investment and pricing. It is important to note that the valuation function is not mentioned. Creation of special purpose structures or vehicles (SPV) is specified as a possible source of risk if its structure and purpose are not properly understood by board members and senior management. Executive remuneration should be prudent and not promote excessive risk-taking. Persons performing control functions should have input in setting remuneration policies for other business areas to promote the alignment of risks and rewards. Page 3

Key similarities between RG and ERMI guidelines There are significant similarities between the RG and ERMI guidelines. Both guidelines require the following key items: A sound risk strategy and effective risk management framework that encompasses risk appetite, risk tolerance and risk limits which are appropriate to the nature, scale and complexity of its activities/risks of the organisation. Requirements for stress testing and the resulting solvency position under stress scenarios. ERMI goes further by requiring that the insurer uses reverse stress to test business failure 2. Recognition that the insurer may leverage on the parent/holding company s ERM practices but subject to insurer s assessment of relevance and appropriateness in the local context and environment. This implies that the local board of a subsidiary should not automatically adopt the group ERM framework and assume it is sufficient to satisfy the RG requirements, but this needs to be tailored for the subsidiary environment. A risk measuring and monitoring system that is responsive and dynamic to changes in risk profile, business mix and external factors. ERMI calls it a feedback loop. The insurer, if it is part of a group of companies, has to consider how risks associated with the organisational structures and the intra-group relationships affect its ability to manage risks on a group-wide basis. The ERMI has something similar which is called group risk, defined as risk that the insurer may be adversely affected by an occurrence (financial or non-financial) in another entity of the group it belongs to. 2 Business failure is defined as: a) the insurer s solvency position falling below any regulatory capital requirement; b) the insurer being wound up for any other reason. Page 4

Key differences between the RG and ERMI guidelines Although the RG guideline is principle-based, it is also prescriptive. The guideline states the high level requirements for sound risk strategy in the organisation. However, it also prescribes in detail certain methodologies to achieve the ERM objectives. For example, specific positions need to be established (e.g. CRO and risk management function) and the responsibilities of the board, senior management, CRO, risk management and compliance with regards to risk management are well-defined. In summary, BNM has set a high expectation on financial institutions to have a robust ERM framework. In comparison, the ERMI guideline focuses on the output and practicality of ERM. This includes a requirement on annual reports to be submitted to the regulators and the need for proper documentation. The regulator s expectation on ERM standards and compliance are laid out clearly. Thus, it is more output-driven and emphasizes deliverables to the regulator to track its implementation and effectiveness. We have summarised the key differences between the two guidelines in terms of the Capital Management Plan (CMP), the review of the ERM framework by the regulators or independent parties, the risks that should be considered in the framework and the relationship between risk profile and capital, as shown in Appendix A. It is important to note that the current framework in Malaysia considers regulatory capital and there is no requirement to assess the economic capital. Conclusion ERM is becoming increasingly essential in managing businesses. Companies should note that ERM is not about the hardware (infrastructure, models or risk metrics), but more importantly it is a process which focuses on the culture and mindset of an organisation, specifically the board and senior management. Insurers need to understand that ERM is not only intended to minimize downside risks; it is also about exploiting risks and turning them into opportunities. Getting insurers to see ERM from this perspective is the first and possibly the most difficult challenge. Page 5

The questions that should be posed to the industry in response to the RG guidelines are: Does the market have a sufficient supply of non-actuarial and actuarial candidates with risk management expertise? Actuarial expertise is cited in supporting the risk management function, specifically for insurance companies. Would this limit or exclude the role of actuarial expertise in other financial institutions? Actuaries have valuable skills and experience that would be applicable to risk management, even in non-insurance financial institutions. Economic capital is usually one of the key metrics that reflects the risks of a financial institution on a market-consistent basis. Currently, the RG and ICAAP guidelines only consider regulatory capital (ITCL) and not the economic capital. Should insurers compute economic capital in addition to the regulatory capital? In addition, how should insurers approach and use economic capital as part of their ERM framework? If you have any queries on the article above or ERM in general, please do not hesitate to contact the authors of this article or your usual Actuarial Partners consultants. Email: farzana.ismail@actuarialpartners.com kinhoe.lee@actuarialpartners.com Office Address: Actuarial Partners Consulting Sdn Bhd 17.02 Kenanga International Jalan Sultan Ismail 50250 Kuala Lumpur Malaysia Tel: +603 2161 0433 Fax: +603 2161 3595 Page 6

Appendix A: Key differences between RG and ERMI guidelines The key differences between the ERM framework in Malaysia and Singapore are highlighted below. Capital Management Plan (CMP) RG and ICAAP guidelines in Malaysia Insurers are required to have a formal CMP which lists thresholds that will act as triggers for management to take action to ensure that appropriate capital levels are maintained at all times. The CMP must also state corrective actions that are triggered at each threshold. ERMI guideline in Singapore No mention of a capital management plan or policy. However, it is inferred under Own Risk and Solvency Assessment (ORSA), where the insurer shall assess the quality and adequacy of its capital resources to meet regulatory and economic capital requirements and in supporting its business strategy (in particular, new business plans) and enabling it to continue its operations. Review by regulators or independent parties There is no requirement for insurers to submit ICAAP report, but insurers are subject to audit review and evaluation by the regulator. ICAAP Guidelines requires scheduled independent review and states that comprehensive reviews every 3 years would be reasonable if there are no changes to the usual business/operating environment. Insurers have to submit annual Own Risk and Solvency Assessment (ORSA) report and the minutes of Board of Directors deliberation of ORSA to MAS. A sample format and suggested content of ORSA report are also specified. Risks to be considered No minimum risks specified, but the guideline is intended to complement other guidelines on credit, market, operational and liquidity risks. Specifies the minimum risks to be considered i.e. credit, market, insurance, operational, liquidity and group (if applicable). Relationship between Risk Profile and Capital There is a disconnect between risk profile and the capital (ITCL) required to cover those risks, where the former closely resembles economic capital while the latter is calculated based on regulatory capital. ICAAP 3 calls for a comprehensive risk assessment; however the ITCL is derived through an iterative process of stress tests performed on a range of financial positions and corresponding capital adequacy ratios (CAR). It is noted that the ITCL is based purely on regulatory capital. The ERM guideline states that insurers base its risk management actions on consideration of its economic capital, regulatory capital requirements and financial resources. It further says that the insurer, based on its nature, scale and complexity, may justify adopting its regulatory capital, whether in entirety as, or to form the basis of, its economic capital. In short, there is a link between the insurer s risk profile and capital. 3 According to Guidelines on ICAAP for Insurers, risk assessment should capture insurer s specific risk profile and should include risks which are not explicitly captured under the RBC Framework, such as liquidity and catastrophe risks. Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information