Risk Appetite is an expression of the Firm’s preference to assume or constrain risk exposures in order to meet the Firm’s objectives. Risk Appetite creates a greater focus on risk-based monitoring and decision-making, which is formalised through enhanced governance and regulatory frameworks .
The Risk Appetite process is a top down approach, based on an overarching risk appetite statement aligned to the strategic objectives of the organisation. The risk appetite statement encapsulates the fundamental aim to ensure sufficient capital is held to protect stakeholder value, meet regulatory requirements and support the achievement of strategic business objectives. To do so, the statement is interpreted into quantitative and qualitative limits as well alert thresholds for each of the key risk exposures. These are monitored against pre-defined tolerances which enables risk based reporting, oversight and review to drive management actions and governance escalation when necessary. This approach ensures that the Firm does not assume risk exposures which would threaten the Firm's risk capacity or capital base and also protects stakeholder value.
These key objectives are established and governed through the Risk Appetite framework to produce a Risk Profile for the Firm which is reaffirmed and reported on an quarterly basis (as agreed and signed off by the Board).
Enterprise Risk Management is the holistic term that encapsulates both the Internal Control Framework and the Risk Management System.
The Internal Control System of the Firm Company aims to provide the business with a stable, robust and controlled platform to manage risk and facilitate the execution of business strategy. The Internal Control System is a combination of
- the processes and responsibilities which provide the operational control throughout the organisation; and
- the governance framework which establishes the segregation, review, reporting and independence.
The Internal Control System is implemented via the recognised '3 Lines of Defence' model which incorporates:
1) Management Oversight (operational implementation of all control activities outlined within operational policies and procedures);
2) Functions of Control (independent from business activity: Actuarial Function, Risk Management and Compliance) and;
3) Independent Assurance: Internal Audit and Director Oversight.
In addition, the 3 Lines of Defence model is supplemented by external audit and regulatory review/inspection. The aim of the Internal Control System is to provide assurance to the Board and senior management regarding the effectiveness of the Firm’s risk management and control processes. These three lines of defence clearly segregate responsibilities and ensure independent challenge and review from stakeholders and senior management.
The Risk Management System is the collection of processes used to identify, assess, monitor and manage both qualitative and quantitative risks across the full scope of the Firm. The Risk Universe includes the key categories of material risks, definitions and sub-risk categories and is then aligned with the primary internal risk identification and assessment toolkit. The risk universe of the Firm consists of five main categories, and is aligned with the European Solvency II requirements: investment risks, insurance risks, operational risks, credit risks and business risks. The Risk Management System combines a variety of processes proportionate to the nature, scale and operational complexity of the business model to drive an accurate Risk Profile of the organisation, compliant with European Solvency II Directive. The Risk Management System is formally governed through the Risk Governance Structure including quarterly sign off of the Risk Profile by the Board and subsequent regulatory reporting. In addition, the Risk Management System includes the annual Own Risk and Solvency Assessment (ORSA) Process which is a forward looking assessment of the Risk Profile and includes Stress Testing and Scenario Analysis to ensure management and Board have a collective understanding of all risks which face the organisation.
Underwriting risks refer to all insurance risk of loss arising from fluctuations in the timing, frequency and severity of claim payments (including expenses) compared to underlying assumptions made at the beginning of the policy. By the very nature of an insurance contract, this risk is fortuitous. The terms and conditions of the contracts set out the bases for the determination of the Company's liability should the insured event occur.
The Company manages these risks through an underwriting strategy. The contracts issued by the Company are issued with limits on event or aggregate liability towards the policy holder. Insurance risk is further protected through a reinsurance programme that limits individual losses, and protects against abnormal frequency of losses on an aggregate basis. The type of reinsurance cover, and the level of retention, is based on the Company's internal risk management assessment which takes into account the risk being covered. The Board approves each reinsurance programme on an annual basis.
An Actuary is utilised to establish claims reserves and is responsible for:
- Co-ordination of calculation of Technical Provisions;
- Appropriateness of methodology, models and assumptions used to calculate Technical Provisions;
- Sufficiency and quality of data used to calculate Technical Provisions;
- Comparing actual Technical Provisions against experience; and
- Informing the Board on the reliability and adequacy of Technical Provision calculations.
Technical Provisions comprise a number of separate components which are calculated as follows:
- Unearned premium: pro rata share of the premium for the unexpired period until the next renewal date.
- Outstanding Loss Reserves: open claims are reserved for on a case by case basis at face value of claim after application of expected acceptance rate.
- Incurred but not Reported Reserves: assessed based on development lag triangle using recognised actuarial techniques including Chain Ladder and Bornheutter Ferguson.
- Claim Expense Reserves: additional reserve held to cover expected claims administration costs, calculated as a percentage of OSLR plus IBNR.
- Future Policy Benefit Reserve: calculated as present value of future benefit payments (including expenses) less present value of future premiums. This reserve applies only to Global GIH policies.
- Experience Risk Reserves: certain clients participate in the experience of their business during the scheme year. An ERR is calculated as Premiums less Claims less Retention less Profit margin less deficits carried forward. Positive balances are held in reserve until payment is made to the client.
The Board's policy is to maintain liquid assets above the level of insurance liabilities at all times.
The Company holds assets in cash, cash equivalents, short term deposits, government bonds, and corporate bonds.