by ~ Adam Doherty (Email) (Web Site)
MReBA was delighted to present Melissa Salton as the Keynote Speaker at its fourth annual Reinsurance Symposium. Ms. Salton is currently Chief Risk Officer and Senior Vice President of Munich Reinsurance America, Inc. (“Munich Re”) and a member of its Risk Management Committee. In her position at Munich Re, Ms. Salton is responsible for the company’s risk identification and modeling, risk governance, risk reporting, risk control, and business continuity planning functions.
Ms. Salton provided the audience with an overview of the current regulatory environment and Munich Re’s approach to Enterprise Risk Management (ERM), which Ms. Salton defined as “an enterprise-wide discipline by which risks from all potential sources are identified, measured, exploited, controlled, and monitored for the purpose of achieving [the company’s] risk management objectives.”
As described by Ms. Salton, risk management should be designed to align with a company’s business objectives and also be guided by certain principles deduced from regulatory requirements. These principles include, among others: risk transparency, which enables senior management to understand the risks and adequately balance them against business goals; risk management convergence, which avoids overlaps and inconsistencies by standardizing risk management procedures across groups of companies; and proportionality, focusing risk management on those significant risks that could potentially have a more sustained negative impact on the company. With these principles in mind, Ms. Salton outlined Munich Re’s approach to identifying and managing risk, segregating its risk taking and control activities and implementing the company’s strategic risk management framework.
Identifying and Managing Risk
As Ms. Salton explained, a first step in risk management is to be concerned with all possible future deviations from the company’s goals, whether positive (i.e. opportunities) or negative (i.e. risks). Insurance and reinsurance companies are faced with diverse risks, which include underwriting risk, market risk, credit risk, operational risk, liquidity risk, and risks concerning company strategy and the company’s reputation in the industry. To manage these risks, companies may establish risk management components that balance regulatory requirements with the company’s business objectives and culture.
The first step in Munich Re’s risk management process, for example, is to identify the risk, whether it be an emerging risk or the accumulation of risk that deviates from the company’s normal practices. Once the risk is identified, it can be measured; and a risk strategy can be developed to control the company’s exposure. For example, if the company is underwriting a new risk, it develops underwriting guidelines and sets budgets for the accumulation of that risk at both a group and business unit level. The final step in Munich Re’s risk management process, and perhaps the most important step, is to ensure that these protocols are followed so that risks are learned and reported early on in the process, and the company is in a position to manage the risk and ultimately minimize its exposures.
Segregation of Risk Taking and Control Activities
Insurance and reinsurance regulations may require companies to segregate their risk-taking activities from their control activities. Munich Re achieves segregation with three separate layers of risk management under its Board of Directors (which delegates its risk management responsibilities to the Risk Committee). The Board of Directors, through the Risk Committee, sets business targets and risk strategy, defines risk limits based on the company’s (or business unit’s) risk-bearing capacity, and monitors the company’s business and risk profile. The “first line of defense” is composed of the risk-takers themselves. All risk-takers are required to develop business plans that identify and evaluate risks, to take steps to mitigate all risks associated with their business, and to promptly report exposures to their independent risk functions so all members of the business unit understand all risks.
The company’s independent risk management functions form the “second line of defense.” The risk-management functions are tasked with independently analyzing, quantifying and monitoring risk, challenging the business units, and providing valuable input for risk strategy and designing and implementing risk control processes.
The last “line of defense” is the company’s internal audit team, which independently verifies that effective controls are in place and functioning properly. With this three-tiered approach, Munich Re employs robust protocols in its effort to ensure that risk management is embedded at appropriate levels of its business.
Strategic Risk Management
Finally, Ms. Salton noted that Munich Re implements its risk strategy by developing risk limits and triggers. After identifying generally acceptable risk types, the company determines its tolerance for each risk type – i.e. how much of the risk is desirable at both group and segment levels. Munich Re then establishes a budget to reflect how much of the risk is acceptable within each business unit, and develops early warning triggers to minimize the probability of breaching a pre-defined risk limit. Most importantly, the risk strategy is explained to the entire company so that each business unit understands its roles and responsibilities, the processes for managing risks, the frequency at which risks are measured, and the times at which risk exposures must be reported.
Ms. Salton stressed the importance of internal risk reporting, which should be designed to create discipline and transparency. By implementing a comprehensive risk management program and encouraging early reporting, companies like Munich Re maximize their ability to control and mitigate their risk exposures.
It is clear from Ms. Salton’s comments that Munich Re has devoted extensive time and resources to developing its sophisticated Enterprise Risk Management programs. MReBA is grateful to Ms. Salton for providing the audience with such an in-depth and thought-provoking presentation on a topic critical to industry insiders.
Mr. Doherty is an associate at Prince Lobel Tye LLP in Boston. He may be reached at email@example.com.
© 2012 Prince Lobel Tye LLP. All rights reserved.
« Back to Articles