Embed Size (px)
Citation preview
Risk Management Standards
and Guidelines
Chapter 2
What is the purpose of Regulation?
• In general?
• In the financial sector?
• In the insurance sector specifically?
• How is the insurance industry unique?
What is a Risk Management Standard?
• A RM standard defines the RM process together with the framework that will be applied in the process;
• A document published by a recognized authority that includes principles, criteria, and best practices guidelines;
• The framework supports the organization’s objectives and strategies; provides the scaffold that an organization uses to construct and maintain its risk management process.
What is the purpose of Standards in RM?
• Standards help the organization assess and manage risk
• Provide a process for both RM and internal financial controls.
• Standards allow auditors to evaluate financial statements and internal financial control;
ISO 31000 vs. COSO Standards
• ISO – International Standards Organization 31000 definition of risk is “the effect of uncertainty on objectives.” This is the traditional approach to risk that considers only adverse or negative outcomes.
• COSO – Committee of Sponsoring Organizations’ defines risk as “the possibility that an event will occur and adversely affect the achievement of objectives.” This definition is more aligned with contemporary RM theory which includes the possibility for positive as well as adverse results.
Considerations when selecting standards
• Alignment with organizational objectives
• Adherence to controls
• Need to meet regulatory requirements (compliance)
• Risk governance
Risk Management
• An ongoing process of identifying and monitoring all of an organization’s risk;
• Requires an organization to conduct periodic self-assessments using an objective and consistent measurement tool with best practices elements and standards
• RIMS has developed a Risk maturity Model (RMM) (not a standard) that focuses on seven attributes including ARM-based approach and process management, risk appetite management, and performance management.
Risk Governance
• The integration of the management principles governing the organization with the risk management process.
International Standards Organization
• A nongovernmental international entity with members from 163countries from both the public and the private sector.
• ISO 31000 was published in 2009;
• Developed from the Australian and New Zealand RM Standard;
• Contains principles, a framework, and a process to manage risk
• Can be applied to all operations and most activities of the organization and to any type of risk, including hazard, operational, financial, and strategic.
COSO• Committee of Sponsoring Organizations is a private, voluntary
organization, which includes members from associations such as the American Accounting Association, the American Institute of Certified Public Accountants (AICPA), and the Institute of Internal Auditors.
• COSO facilitates and integrated framework and the COSO framework does not address the root cause analysis; Four categories of objectives:
• Strategic – high-level goals, consistent with mission
• Operations – efficient use of resources
• Reporting – reliability of reporting
• Compliance – with regulations
Solvency II and Basel Standards
• The goal of both of these is to provide RM standards for financial organizations, in addition to regulatory requirements for capital adequacy and other measurements of financial performance
• The goal of regulatory standards is a global financial system that is sustainable, resilient, and transparent.
Solvency II
• New regulatory standards for insurers in the European Union;
• Solvency I was adopted by the member countries of the EU and UK in the early 1970s to provide consist went insurance regulation across Europe. Focused on capital adequacy but did not require standards or corporate governance within firms.
• Solvency II will be passed by all 27 EU member states plus the three European Economic Area Countries
FYI – What countries are in the EU?
Austria (1995)Belgium (1952)*Bulgaria (2007)Croatia (2013)Cyprus (2004)Czech Republic (2004)Denmark (1973)
Italy (1952)*Latvia (2004)Lithuania (2004)Luxembourg (1952)*Malta (2004)Netherlands (1952)*Poland (2004)
Estonia (2004)Finland (1995)France (1952)*Germany (1952)*Greece (1981)Hungary (2004)Ireland (1973)
Portugal (1986)Romania (2007)Slovakia (2004)Slovenia (2004)Spain (1986)Sweden (1995)United Kingdom (1973)
* Six founders
Basel II and Basel III
• Regulatory standards that many countries’ governments have adopted for financial organizations;
• Basel primarily is the new regulatory standard for the global banking industry that sets out risk management principles designed to prevent systemic risk from creating another financial crisis similar to the one that occurred in 2007.
• Basel Committee states that RM should encompass the traditional RM process: • Identify risks to a bank
• Measure exposures to those risks where possible
• Ensure that an effective capital planning and monitoring program is in place
• Monitor risk and capital needs regularly
• Take steps to control and mitigate risk exposures
• Basel II has 11 principles
U.S. Solvency Standards
• Solvency Standards have greatest impact on U.S. Insurers with subsidiaries in Europe;
• May be equivalency status under Solvency II even if no European subsidiaries;
• It is likely that the NAIC will promote guidelines from Solvency II, such as methods for regulators to review insurers’ internal models.
