Articles - Operational Risk Management

“Operational Risk doesn’t really matter….it is calibrated to just [x-y] % of our Solvency Capital Requirement…” - Sound familiar? Hopefully not.
The insurance sector has adopted many things from the banking industry whilst broadly retaining its right, in my view, to be considered and looked upon with the individuality it so deserves. For example, Solvency II may look a lot like the Basel II and III Accords with its three-pronged spheres of capital, risk management and disclosure requirements, but the application and methodologies are often different.

 By Vivek Syal, Director, Insurance, PwC
 A similar set of circumstances often arises when considering operational risk – one of the more neglected risk areas. Many insurers today adopt Basel definitions (e.g. controls, IT, fraud etc.) but do they really apply in the same way? The nature of operational risk in the Banking sector varies considerably from that in the Insurance sector and understanding the drivers of operational risk is often poorly accounted for. For example, deep understanding on whether there exists a positive correlation between operational risk and premium income or the number, type and geography of products underwritten, or whether insurers are exposed to significant correlated cyber risk across common systems and applications.
 Currently, on the insurance side, operational risk data restrictions mean that its true loss distribution isn’t really known and whilst scenario assessment can provide additional evidence to support the quantification of these risks, I would argue that these do not provide a true and necessarily fair view of your risk profile. Consequently, this raises challenges when considering dependencies. For Internal Model Approval Process (IMAP) firms, how dependency assumptions and diversification benefit is justified given the scarcity of information and the degree of expert judgement applied is likely to become a contentious area of regulatory focus.
 However, that in itself doesn’t mean that calibrating to x% of SCR ought to do it either or indeed isolating it from your regulatory or economic view of risk. Unquantified uncertainty around operational risks may be unknown, but that doesn’t mean it can’t be appropriately catered for just as is the case with other risk categories which tend to be more transactional than something as fundamentally inherent as operational risk. There are a number of short-term measures insurers should consider, some of which I’ve summarised below.
  1.   Risk Definition/Identification: This is an essential area where we must as an industry get better. A sizeable proportion of losses attributable to insurance, market, credit or liquidity risk are often better placed in the operational risk category but restrictive definitions and/or understanding doesn’t support this.
  3.   IMAP Firms: Justification of operational risk diversification is likely to be a tough win with the regulators and so be explicit and ensure you appropriately evidence any diversification either between operational loss types or between operational risk and other risk categories.
  5.   Drivers: Really understand what the drivers of your operational risk profile are. Actuaries and Risk Managers have a very significant role to play in ensuring that the frequency and severity of risk are well documented and appropriately understood.
  7.   Start collecting the data you require: There are numerous sources of internal and external (including industry) information available – all of which will, over time, enable the effective construction of your organisations’ unique operational loss distribution. The more internal intelligence you gain on operational risk performance, the more weight you can credibly assign to it.
  9.   Risk Framework: Challenge it and ensure it is regularly reviewed. The Board should set the tone here to support deep and broad operational risk understanding and management.
 I think it is fair to say that operational risk – both its definition and modelling – has presented some fascinating challenges for the insurance industry and for actuaries/risk professionals alike. For now, I sense that a sort of short-term equilibrium point has been reached which will clearly develop as enhancements are made to assessment techniques and we, as an industry (including regulatory/oversight bodies), turn attention to this increasingly important area.

Back to Index

Similar News to this Story

Murder on the LPI floor
DB schemes, by and large, are in a far healthier position than they have been for over a decade. This is good news, but it also changes the challenges
Pension scheme cyber attacks are you prepared
The cyber threat to pension schemes specifically is increasing. The Capita data breach in 2023 is set to cost the organisation an estimated £107 milli
Is AI the new ESG
Over the past few years, ESG was all the rage. Proponents, opponents, and everyone in between seemed to be talking about this topic on an endless loop

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS


Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.