ERM and the Financial Crisis: A Failure of
Theory or Practice?
Sim Segal, FSA, CERA, MAAA
President
SimErgy Consulting LLC
Federated Press 3rd Board Risk Management Conference
E t bli hi and
Establishing
d Maintaining
M i t i i Effective
Eff ti ERM Practices
P
ti
April 12, 2010
Defining ERM 3 ways
ERM 10 key criteria
ERM process cycle
Value-based
V l b
d ERM fframework
k
2
Copyright © SimErgy. All rights reserved.
ERM 10 key criteria
1) Enterprise-wide – all areas in scope
2) All risk categories – financial, operational & strategic
3) Key risks only – not hundreds of risks
4)) Integrated – captures interactivity off 2+ risks
5) Aggregated – enterprise-level risk exposure/appetite
6) Decision-making
Decision making – not just risk reporting
7) Risk-return mgmt – mitigation plus risk exploitation
8) Risk disclosures – integrates ERM information
9) Value impacts – includes enterprise value metrics
10) Primary stakeholder – not rating agency-driven
3
Copyright © SimErgy. All rights reserved.
ERM 10 key criteria – banking scorecard
X 1)
X 2)
Enterprise-wide – “golden boys” out of scope
All risk categories – overly-focused on financial
3) Key risks only
“
management / measurement
X 4)) Integrated – “silo”
X 5) Aggregated – no aggregate enterprise-level metrics
6) Decision-making
Decision making
X 7) Risk-return mgmt – metrics only support mitigation
post-event
event
X 8) Risk disclosures – inappropriate even post
X 9) Value impacts – only capital metrics
X 10) Primary stakeholder – focus on ratings / regulators
4
Copyright © SimErgy. All rights reserved.
ERM process cycle
Risk
Identification
Risk
Quantification
Risk
Messaging
Risk
Ri
k
DecisionMaking
5
Copyright © SimErgy. All rights reserved.
ERM process cycle – banking scorecard
Risk
Identification
X
Lack of focus on
non-financial risks
Incentive compensation
does not adjust for
risk exposure
X
Risk
Quantification
Risk
Messaging
X
Poor performance
X
Risk
Ri
k
DecisionMaking
Poor risk exposure
metrics and poor
d l assumptions
ti
model
6
Copyright © SimErgy. All rights reserved.
Value-Based ERM Framework
Risk Appetite
Strategy
Qualitative
Assessment
Risk
Mgmt
Tactics
ERM
Committee
Scenario
Development
Value Impact
Enterprise Risk
Exposure
24
32
22
21
17
18
5
15
26
12
3
25
34
1
16
35 27
2
31
19
28
6
23
30
13
11
4
8
20
All
Risks
14
10
9
7
Likelihood
Key Risk
Scenarios
Correlation
Likelihood
Severitty
33
29
Mostly Objective
X
Enterprise Value
FINANCIAL
Market
Credit
…
STRATEGIC
Key
Risks
Strategy
1+ events / sim
1 event / sim
Mostly Subjective
Execution
…
ERM
Model
Baseline
Value
▪ ΔValue
OPERATIONAL
HR
“Pain Point”
Likelihood
ΔValue ≤ -10%
15%
ΔValue ≤ -20%
3%
Individual Risk
Exposures
Enterprise Value Impact
IT Risk 1
Legislatiion Risk
Process
Loss of Critical EEs
…
M&A Risk
Execution Risk
International Risk 1
Loss of Keyy Supplier
pp
Loss of Key Distributor
IT Risk 2
International Risk 2
Union Negotiations
Competitor Risk 1
Consumer Relations Risk
0.0% -5.0% -10.0% -15.0% -20.0% -25.0%
Identification
Quantification
Decision-Making
Copyright © SimErgy. All rights reserved.
Value-Based ERM Framework – banking scorecard
10
Strategy
Qualitative
Assessment
1) Risks not defined
by source
Risk
Mgmt
Tactics
22
5
15
26
12
3
25
34
1
19
28
6
13
11
4
Key Risk
Scenarios
20
14
10
9
7
Likelihood
Credit
…
STRATEGIC
Correlation
5
Mostly Objective
3
FINANCIAL
Market
3)Key
Not analyzing multiple
risks occurring together
Risks
Strategy
1+ events / sim
…
HR
X
Enterprise Value
Likelihood
ΔValue ≤ -20%
3%
Enterprise Value Impact
IT Risk 1
Legislatiion Risk
Process
Identification
“Pain Point”
8) VaR metric hides
ΔValue ≤ -10%
15%
exposure beyond tail
Baseline
Individual Risk
6) Poor Value
model assumptions
Exposures
▪ ΔValue
2
OPERATIONAL
ERM
Model
6
8
1 event / sim
Mostly Subjective
Execution
…
Enterprise Risk
Exposure
23
30
8
All
Risks
9
16
35 27
2
31
Value Impact
Likelihood
Severitty
1
17
18
33
ERM
Committee
9) N
No calculation
l l ti off
enterprise risk exposure
5) Overly complex
correlations
24
32
21
10) No definition
of risk appetite
Scenario
Development
29
Risk Appetite
2) Not using discrete
scenarios for nonfinancial risks
Quantification
Decision-Making
4
7) Lack of enterprise
value metrics
Loss of Critical EEs
M&A Risk
7
Execution Risk
International Risk 1
Loss of Keyy Supplier
pp
Loss of Key Distributor
IT Risk 2
International Risk 2
Union Negotiations
4) Not measuring/reporting
risk on pre-mitigation basis
Competitor Risk 1
Consumer Relations Risk
0.0% -5.0% -10.0% -15.0% -20.0% -25.0%
Copyright © SimErgy. All rights reserved.
Some actions to prevent another crisis
Require companies to implement ERM, in a robust manner
Require incentive compensation plans to reflect risk exposure (SEC rule)
Require enhanced risk disclosures, including free cash flow projection
– Baseline scenario (strategic plan) / key risk scenarios (defined by management )/
standard
t d d risk
i k scenarios
i (d
(defined
fi d b
by regulators)
l t )
– Investors apply their own discount rates, and compare scenarios cross-sector
Replace capital requirements with pooled risk charges
– Capital not there when needed anyway (must replace or be downgraded)
– Government guarantee protects rating during rehab period to rebuild capital
Employ ERM principles at the country level (e.g., concentration risks)
– Firms “too
too large to fail”
fail (e.g., banks, auto companies) / supplier concentration
(e.g., energy) / oligopolies (e.g., rating agencies, monoline insurers)
Employ ERM principles at the retail level (e.g., financial planning)
– Holistic view of risks and solutions for individuals/families
9
Copyright © SimErgy. All rights reserved.
Contact
Co
tact information
o at o
Sim Segal, FSA, CERA, MAAA
President
SimErgy Consulting LLC
Chrysler Building
405 Lexington Ave., 26th Flr
New York, NY 10174
(917) 699-3373 Mobile
(646) 862-6134 Office
((347)) 342-0346 Fax
www.simergy.com
10
Copyright © SimErgy. All rights reserved.