Topic 2 Flashcards
1
Q
Regulatory Actions levels for Health RBC Ratios
A
Actions are based on the Health RBC Ratio (defined separate list)
- Company Action Level (ration between 150% and 200%) - requires that a company submit a corrective action plan
- Regulatory Action Level (ratio between 100% and 150%) - allows the commissioner to examine the company and issue an order specifying corrective actions
- Authorized Control Level (ratio between 70% and 100%) - Allows the commissioner to pl ace the company under regulatory control if deemed to be in the best interest of policyholders and creditors
- Mandatory Control Level (Ratio less than 70%) - requires the commissioner to take regulatory control of the company
Due to a trend test, insurers who have an RBC ratio between 200% and 300% and a combined ratio greater than 105% could trigger a company action level event
Skwire, Chapter 39, Page 679
2
Q
Formula for Health RBC after Covariance
A
- RBCAC = H(0) + [ H(1)^2 + H(2)^2 + H(3)^2 + H(4)^2 ] ^ (1/2)
a) H(0) is the asset risk for affiliates - the risk that a stock investment in an affiliate may lose value
b) H(1) is the Asset Risk for Other Assets - the risk that investments may default or decrease in value
c) H(2) is the Underwriting Risk - THe risk of having inadequate premiums in the future
d) H(3) is the Credit Risk - the risk of not recovering the amounts owed to the insurer
e) H(4) is the Business Risk - includes several miscellaneous types of risk, such as administrative expense risk and excessive growth risk - Authorized control level capital = RBCAC / 2
- Health RBC Ratio = total adjusted capital / authorized control level capital
Skwire Chapter 39, Page 682
3
Q
Formulas for the H(2) (Underwriting risk) component of Health RBC
A
- Underwriting Risk = Claim Experience Fluctuation Risk + Other Underwriting Risk
- Claim Experience Fluctuation Risk is the sum of risk charges f or five product groupings (comprehensive, Med Sup, Dental/Vision, Medicare Part D, and other)
a) For each grouping, the risk charge = premium * ratio of incurred claims to premium * risk factor * managed care risk adj factor
b) The last two components of this formula are pulled from tables o f factors (separate list) - Other Underwriting Risk includes:
a) Coverages not included in claim experience fluctuation risk, such as:
i) Disability income (separate list for calcs)
ii) LTC (separate list for calcs)
iii) Miscellaneous coverage types, such as stop loss, hospital indemnity, and AD&D
b) Adjustments for rate guarantees and premium stabilization reserves
Skwire Chapter 39, Page 683
4
Q
Calculation of Risk Factors (Part of Claim Fluctuation Risk Charge)
A
Risk Factors are part of the formula for claim experience fluctuation risk charge
- The factor is based on the type of coverage and the amount of annual underwriting revenue
- For each coverage type, a weighted average of the following factors is calculated based on the amount of revenue in each tier
Coverage Type: Comp Med/Hospital
$00 - 03M - 15%;
$03 - 25M - 15%;
$25M+ - 9%
Medicare Supp
$00 - 03M - 10.5%
$03 - 25M - 6.7%
$25M+ - 6.7%
Dental/Vision
$00 - 03M - 12.0%
$03 - 25M - 7.6%
$25M+ - 7.6%
Medicare Part D
$00 - 03M - 25.1%
$03 - 25M - 25.1%
$25M+ - 15.1%
Other
$00 - 03M - 13.0%
$03 - 25M - 13.0%
$25M+ - 13.0%
Skwire Chapter 39, Page 684
5
Q
Calculation of manged care risk adjustment factors
A
Manged care risk adjustment factors are part of the formula for claim experience fluctuation risk charge
- The managed care risk adjustment factors are 1 - Discount Factor shown below
- All claims paid over the previous 12 months are assigned to the following categories, and a weighted average fo the factors in the table below is calculated
- The overall adjustment factor is applied to all product groupings except Medicare Part D and Other
Category/Description & Discount Factor:
0 - Arrangements not included below - 0%
1 - Contractual Fee payments (FS, PerDiem) - 15%
2 - Bonus/Withhold - Varies (.08% to 15%)
3 - Capitation - 60%
4 - Non-contingent expenses - 75%
Skwire Chapter 39, Page 684
6
Q
Calculation of risk charge for disability income
A
The Risk Charge is the sum of:
- A factor multiplied by earned premium. The factors vary by coverage:
Non-Cancelable Individual
0-50M: 35%
50M+: 15%
Other Individual
0-50M: 25%
50M+: 7%
Group Long-Term
0-50M: 15%
50M+: 3%
Group Short-Term
0-50M: 5%
50M+: 3%
a) In applying factors, both individual products are combined, and both group products are combined, but the individual and group products are not combined with one another
b) For each of individual and group, the largest factor is applied first
- 5% of Claim reserves
Skwire Chapter 39, Page 685
7
Q
Calculation of Risk Charge for LTC
A
The risk charge is the sum of:
- For earned premium, 10% of the first $50M, 3% of the excess, and an additional 10% for non-cancelable premiums
- For incurred claims, one factor (usually 25%) for the first $35 million, and another factor (usually 8%) for the excess
- 5% of the claim reserves
Skwire Chapter 39, Page 686
8
Q
Procedures and uses of the simplified RBC Estimations
A
This RBC is referred to as RBCAC in Skwire 39
- For health insurance, if h2 is the dominant risk:
i) At the limit, as the other risks go to zero, the RBC will be equal to h2
2. A result of this is: When H2 is dominant and the other risks are negligible: RBC Ratio(New) ~= RBC Ratio (prior) * ( Prior H2 / New H2) i) While not precise, one can quickly determine the outer limits of any changes to future RBC ratios with the use of simplified assumptions
- Midyear estimates of RBC Changes can be easily made
- Estimation can be used to quantify (or reconcile) various changes
a) Material emerging information
b) Asset mix changes
c) Customer portfolio changes
d) Income gains and losses
e) Unmet assumptions
GHS-128-19, Page 1
9
Q
Categories of Risk faced by Organizations
A
- Market Risk - Risk inherent from exposures to capital markets (e.g. fluctuations in value of assets held)
- Economic Risk - E.g. Price and salary inflation
- Interest rate risk - the risk arising from unanticipated changes in the overall level of interest rates or in the shape of the yield curve
- Foreign exchange risk - the risk when cash flows received are in a currency different from the cash flues due
- Credit risk - default risk (e.g. default on loans or a reinsurer failure)
- Liquidity risk - the risk that a firm cannot easily trade its assets or that it cannot raise additional financing when required
- System risk - the risk of failure of a financial system
- Demographic Risk
a) Mortality Risk - Risk that a portfolio will suffer from mortality being greater than expected (negatively affects life insurance)
b) Longevity risk - the risk that a portfolio will suffer from mortality being less than expected (negatively affects pension and annuity business) - Non-life insurance risk - the risk related to the incidence of claims and their intensity
- Environmental risk - the risk that a firm’s activities will have an adverse effect on the environment
- Operational Risk - The risk of loss resulting form inadequate or failed processes, people, and systems, or from external events (separate list)
- Residual risks - risks that remain once action has been taken to treat a risk - for example, if an interest rate swap is used to reduce exposure to changes in interest rates, the residual risk is that the bank will not be able to make its payments on the swap
- Basis risk - e.g., the risk of an imperfect hedge in an interest rate swap
Sweeting Chapter 7, Page 103
10
Q
Types of Systemic Risks
A
(F)inancial Infrastructure - e.g., a bank unable to pay back loans from other banks
(L)iquidity Risk - Can become Systemic if a run on bank occurs
Common (m)arket positions - feedback risk is the risk that a change in an investment’s price will result in further changes in the same direction. This could then impact all investors who have common investment positions
Exposure to a (c)ommon counter-party - the risk that a relatively small failure will cascade through several layers of investors.
Market CLiFf (M CLF)
Sweeting Chapter 7, Page 107
11
Q
Types of demographic (mortality or longevity) and non-life insurance risk
A
- (L)evel Risk (for life insurance) or (U)nderwriting Risk (for non-life insurance - Risk that the average level of claims of a particular population will differ from what was assumed
- (V)olatility Risk - the risk of claims differing from assumed due to volatility in a small population
- (C)atastrophic risk - the risk of large losses due to some significant event (such as a natural disaster)
- (T)rend Risk - The risk that claims rates will change unexpectedly from current levels
TLUVC (Tender LUV & Care)
Sweeting Chapter 7, Page 110
12
Q
Basel Committee definitions of types of operation risk
A
(I)nternal Fraud - acts which involve at least on internal party and that are intended to defraud, misappropriate property, or circumvent the law
(E)xternal fraud - acts by a third party that are intended to defraud, misappropriate property, or circumvent law
(E)mployment practices and workplace safety - the risk related to employee relations, workplace safety, and diversity and discrimination
(C)lients, products, and business practices - losses may arise from a failure to meet a professional obligation to specific clients. The firm must ensure that products sold are suitable for the clients to whom they are sold
(D)amage to Physical Assets - the risk that an organization will suffer financial losses due to some form of physical damage to its property
Business (D)isruption and system failures - the risk that an external event will affect the physical ability of a firm to carry on business at its normal place of work
(E)xecution, delivery, and process management - the risk of a failure in a process. This might lead at best to embarrassment, and at worst to litigation
E DECIDE (External DECIDEs, since basil is external)
Sweeting Chapter 7, Page 1 13
13
Q
Other Definitions of Operational Risks
A
Crime Risk - This results from the dishonest behavior of individuals (theft, fraud, hacking, arson)
Technology risk - risk of a technology failure, including loss or disclosure of confidential information, data corruption, and computer system failure
Cyber Risk - The failure of information technology systems, typically where there is online activity (e.g., theft of client lists)
Regulatory risk - risk that an organization will be negatively impacted by a change in legislation or regulation, or that it will fail to comply with current legislation or regulation
People Risk (separate list)
Legal Risk - risk arrising from poorly-drafted legal documents
Model Risk - Risk that financial models used to assess risk or otherwise help make financial decisions are flawed
Data risk - the risk of using poor data
Reputational risk - the failures related to other risks can lead to a loss of confidence in the organization and subsequent loss of business
Project risk - refers to all of various operational risks in the context of a particular project
Strategic risk - the risk that the organization will not make a conscious decision of what its strategy is and how it intends to implement it.
Sweeting Chapter 7, Page 117
14
Q
Types of people risk
A
- Indirect employment-related risks - the risk that the wrong people are employed, retained, or promoted
- Adverse selection - the risk that the demand for insurance will be positively correlated with the risk of loss
- Moral hazard - the risk that people who are insured will be less likely to avoid risk
- Agency risk - the risk that a party that is appointed to act on behalf of another will instead act on its own behalf
- Bias - a type of systemic risk
a) Deliberate bias can arise if key risks are intentionally omitted or downplayed
b) Unintentional bias may occur due to overconfidence in one’s ability to complete a difficult task
Sweeting Chapter 7, Page 119
15
Q
Broad Areas in the risk identification Process
A
- Risk Identification Tools (separate List)
- Risk identification techniques (separate list)
- Assessment of the Nature of the risks
a) Quantifiable risks can be modeled
b) Unqquantifiable risks can often be analyzed by the groupings that identify them - Recording risks in a risk register - the register details all of the risks faced by the organization. It should be constantly updated to reflect the changing nature of risks and the evolving environment
Sweeting Chapter 8, Page 126
16
Q
Risk Identification Tools
A
S - (S)WOT Analysis - Identifies the organizations:
a) Strengths (e.g. market dominance, economies of scale, effective leadership)
b) Weaknesses (e.g. high costs, lack of direction, financial weakness)
c) Opportunities (e.g., innovation, additional defand, cheap funding)
d) Threats (e.g., new competitors, price pressure, falling liquidity, increased regulation)
C - Risk (C)hecklists - lists that are used as a reference for identifying risks in a particular organization or situation
P - Risk (P)rompt lists - similar to checklists, but rather than seeking to pre-identify every risk, they simply identify categories of risk that should be considered
T - Risk (T)axonomy - More detailed than a prompt list, containing a description and categorization of all risks that might be faced
T - Risk (T)rigger questions - lists of situations or areas in an organization that can lead to risk
C - (C)ase studies - can suggest specific risks to consider particularly if there are similarities to the organization in the case study
P - Risk-focused (P)rocess analysis - involves constructing flow charts for every process used by the organization and analyzing the points at which risks can occur
Mnemonic: PC CPT ST (PC/ComPuTer Shows Tools)
Sweeting Chapter 8, page 126
17
Q
Risk Identification Techniques
A
B - (B)rainstorming - this is unrestrained or unstructured group discussion. Drawback could be freeriders, logistics, and convergent thinking
I - (I)ndependent group analysis - without collaboration, all participants write down ideas on risks that might arise. These ideas are aggregated and there is a discussion. Risks are then anonymously ranked. Could be biased based on group makeup.
S - (S)urveys - participants are given a list of questions about different aspects of the organization to try to draw out the risks faced. Drawback could be low response rate
G - (G)ap Analysis - consists of a survey that asks two types of questions: The desired level of risk exposure and the actual level of exposure
D - (D)elphi technique - begin with an initial survey of experts who comment on risks anonymously and independently. Is followed by subsequent surveys that are based on earlier responses. Continues until there is a consensus or stalemate
I - (I)nterviews - individuals are interviewed independently to identify the organization’s risks. High potential for framing questions and time consuming
W - (W)orking groups - comprised of a small number of individuals who have familiarity with the risks identified. They investigate more fully the risks which have been identified already
Mnemonic - BID SWIG (BID for a SWIG of alcohol, then start brainstorming!)
Sweeting Chapter 8, Page 129
18
Q
Information to include for reach entry in the risk register
A
I - A Unique Identfier
C - The Category within which the risks falls within the risk falls
D - The date of assessment for the risk
D - A clear description of the risk
Q - Whether the risk is quantifiable
L - Information on the likelihood of the risk
S - Information on the severity of the risk
P - The period of exposure o the risk
S - The current status of the risk
S - Details of scenarios where the risk is likely to occur
O - Details of other risks to which this risk is linked
R - The risk responses implemented
C - The cost of the responses
R - Details of residual risks
T - The timetable and process for review of the risk
O - The risk owner
A - The entry author
Mnemonic - CO SPORTS CAR SLID DQ (COmpany SPORTS CAR SLID, resulting in DQ)
Sweeting Chapter 8, Page 133
19
Q
Processes of an internal economic capital model
A
A - To determine how much capital a firm should hold to protect it against (A)dverse e vents
S - Better Understanding of Financial Implications of Current (S)trategy
P - To (p)rice new products
A - Decide how to allocate capital across business lines
D - To assess the amount of economic capital that should be held as products (D)evelop over time
I - To assess the impact of changes in (I)nvestment strategy and capital structure
O - Optimal Mixes of assets and funding sources
E - To look at how an organization copes in the face of (E)xtreme events
P - To help measure performance
D - To carry out due diligence for corporate transactions
R - To provide information on the financial state of the organization to the regulator
Mnemonic - DOES I AP A PDR (DOES It APpear A PDR is needed)
Sweeting Chapter 18, Page 482
20
Q
Considerations for designing an economic capital model
A
F - Must agree on what the model will be used (F)or
R - Must agree on what (R)isks will be modeled
A,T,D,S - Must decide which (A)pproach to use
a) Factor (T)able - requires a certain amount of capital to be held for each unit of a particular strategy
b) (D)eterministic approach - stress test that considers the amount a firm would lose under different scenarios
c) (S)tochastic approach - use a stochastic, parametric, or empirical model to produce a large number of simulated results
E - Decide whether the model will be run on an (E)nterprise-wide basis, or whether individual models will be run for each business line with the results being combined later
- Consider what (O)utput is required from the model
Mnemonic - Design a model FOR DATES
Sweeting Chapter 18, Page 482
21
Q
Economic Capital and risk optimization measures
A
Definition of Economic Capital - The additional values of funds needed to cover potential outgoings, falls in asset values, and rises in liabilities at some given risk tolerance over a specified time horizon
- Risk-adjusted return on capital (Ra) = Risk-adjusted return / economic capital. Is well suited for comparing different lines of business within a firm.
- Economic Income Created (EIC) = (Ra - Rh) * EC, where Rh is the hurdle rate of return and EC is the economic capital. Is the rate of return that each unit of a product sold must earn to cover the additional amount of risk it generates.
- Shareholder Value (SV) = EC * (Ra - Rg) / (Rh - Rg) where Rg is the rate of growth of the cash flows. Represents the discounted present value of all future cash flows.
- Shareholder value added (SVA) = EC * [(Ra - Rg) / (Rh - Rg) - 1] = SV - EC
Sweeting Chapter 18, Page 386
22
Q
Options for allocated the benefits of diversification
A
- Allocating the full stand-alone capital requirement to each line and retaining the diversification benefit centrally
- Giving the full benefit of diversification to the new line of business that triggers the benefit
- Allocate the benefit in proportion to the stand-alone capital requirements by line of business
- Euler capital allocation principle - consider the marginal contribution of each additional unit of business to the overall capital required. For example, if the required economic capital is proportional to the standard deviation of a loss, then allocate risk capital for a given line of business in proportion to the following ratio:
a) The covariance between the loss in that line and the total loss
b) Divided by the standard deviation of the total loss - Book goes into VAR and TAIL Var - Maybe take a quick look
Sweeting Chapter 18, Page 488
23
Q
S&P Approach for Assessing Insurance Companies ERM Practices
A
- The S&P Analysis Examines whether insurers execute risk management practices in a systematic, consistent, and strategic manner across the enterprise in order to limit future losses within an optimal risk reward framework
- The analysis is tailored to each insurer’s risk profile
- Five man areas (sub factors) are scored as positive, neutral, or negative (separate list)
- Then the insurer’s ERM is scored based on the assessments of the five subfactors. The guidelines for the different overall scores are:
a) 1 - Very Strong - positive score for all subfactors and economic capital model is assessed as good or superior
b) 2 - Strong - the risk management culture, risk controls, and strategic risk management subfactors are scored positive, one or both of the other two subfactors is scored neutral, and no subfactor is scored negative.
c) 3 - Adequate with strong risk control - the risk controls subfactor is scored positive, the strategic risk management subfactor is scored neutral, and no subfactor is scored negative.
d) 4. Adequate - the risk controls and risk management subfactors are all scored at least neutral, but overall the insurer doesn’t satisfy the requirement for adequate with strong risk control
e) 5 - Weak - one or both of the risk control and risk management culture subfactors are scored negative.
GHS-121-18, Page 3
24
Q
Subfactors scored in S&P analysis of an insurer’s ERM
A
- Risk management culture - the analysis of this subfactor focuses on the importance of ERM in all key aspects of the insurer’s business operations and corporate decision-making
- Risk Controls - this subfactor analyzes the processes and procedures insurers employ to manage their key risk exposures within certain general categories (separate list for scoring this subfactor)
- Emerging Risk management - this subfactor analyzes how the insurer addresses risks that are not a current threat to creditworthiness, but could become a threat in the future. It also assesses the insurer’s level of preparedness if those emerging risks materialize
- Risk Models - the analysis of this subfactor focuses on assessing the robustness, consistency, and completeness of the insurer’s risk models
- Strategic Risk Management - this subfactor assesses the insurer’s program to optimize risk-adjusted returns and to evaluate and prioritize strategic options on a level playing field
GHS-121-18, Page 4
25
Examples of Criteria that indicate positive scores for ERM subfactors
(S&P uses various criteria to determine scores. The following is just one example for each subfactor)
Risk management culture - ERM is well entrenched in the organization with a formal ERM framework, an independent and well-staffed ERM department, and active Board participation
Risk Controls - The insurer has identified all material risks from all sources and frequently monitors its risk exposures with multiple metrics
Emerging risk management - the insurer has well-established processes for identifying and monitoring emerging risks, analyzing their significance, and preparing for and/or mitigating them
Risk models - the insurer's models capture all material risk and risk interrelations in aggregating exposures
Strategic Risk Management - the insurer has a track record of consistently using a risk vs. reward decision-making framework to optimize risk-adjusted returns to an enterprise level
GHS-121-18, Page 6
26
Examples of criteria that indicate negative scores for ERM subfactors
(S&P uses various criteria to determine scores. The following is just once example for reach subfactor)
Risk Management Culture - ERM is not practiced, or is practiced inconsistently across the enterprise with limited board participation
Risk Controls - the insurer does not consistently identify and monitor its key risk exposures
Emerging Risk Management - the insurer doesn't have processes for identifying and evaluating emerging risks
Risk Models - the insurer doesn't use risk models or the risk models fail to capture major risks
Strategic Risk Management - the insurer does not optimize risk-adjusted returns, and risk/reward analysis is not adequately reflected in decision making
GHS-121-18, Page 6
27
Key Areas of an Insurer's Risk Management Culture (S&P Analysis)
(S&P analysis of this subfactor focuses on indicators in these key areas)
Risk Governance and Organization Structure - a positive risk management culture is typically characterized by a well-defined and independent ERM governance structure that supports effective risk management at an enterprise level
Risk appetite framework - insurers should have a well-defined risk appetite framework that supports the effective selection of risks. Insurers must have the ability to limit their risk exposure within their chosen risk tolerances
Risk reporting and communication - a positive score typically is consistent with extensive and clear communications around the insurer's risk exposures and ERM practice
Incentive compensation structures - a positive score is associated with a compensation structure that is aligned with metrics that encourage long-term goals, rather than incentivizing excessive risk taking
GHS-121-18, Page 8
28
S&P Approach for Scoring an Insurer's Risk Controls Subfcactor
Risk Controls of each of the insurer's material risks are scored first (see separate list for examples of criteria used). The major risks, which each receive an individual risk control score, are the following general categories:
a) Credit Risk
b) Interest Rate Risk
c) Market Risk
d) Insurance Risk
e) Operational Risk
The individual risk controls scores then determine the overall risk controls score, as follows:
a) Positive - risk controls of material risks are predominantly scored positive, and no risk controls of an individual risk is scored negative
b) Negative - one or more risk controls of material risks is scored negative
c) Neutral - all other combinations
Each Risk's relative importance to the insurer's overall risk profile determines its weight in the overall score
GHS-121-18, Page 10
29
Definitions related to risk used in the S&P analysis of ERM
1. Risk Appetite - the framework that establishes the risks that the insurer wishes to acquire, avoid, retain, and/or reduce
2. Risk preferences - qualitative risk appetite statements that guide the insurer in the selection of risks
3. Risk tolerances - quantitative risk appetite statements that guides the insurer in the selection of risks. These statements typically specify maximum acceptable losses and are often probabilistic in nature
4. Risk limits - quantitative boundaries that constrain specific risk-taking activities
GHS-121-18, Page 14
30
Examples of favorable indicators when determining individual risk control scores for major risks
(one example is shown here for each aspect of the risk control process)
Risk Identification - insurer has a comprehensive process of identifying all risk exposures
Risk measurement and monitoring - insurer monitors all significant risks on a regular basis, using multiple measures
Risk standards and limits - insurer has clearly documented comprehensive risk limits, risk standards, and early warning systems for risk taking and risk management
Risk management - insurer has formal programs in place and uses multiple strategies to proactively manage the risks within tolerances
Risk limit enforcement - insurer has clear processes to correct a breach of risk limits and to respond to early warning limits within a prescribed time limit
Risk Learning - insurer has a defined process to analyze and learn from pas losses, near-mistakes, and successes
GHS-121-18, page 15
31
Examples of major risks that get an individual risk control score
Examples of major risks that get an individual risk control score
Credit Risk - Exposures from incurring economic losses caused by default of another company on that company's obligations, or losses from preceived/actual deterioration in another company's creditworthiness
Interest Rate Risk - Most significant in cases where asses/liabilities are long term, or product profitability sensitive to asset performance
Market Risk - mostly focused on exposure to equity, real estate, and foreign exchange risk
32
Life & Health Insurance - Key Risks
Life Insurers Main Risks
a) Policyholder Behavior Risks
b) Mortality Risk
c) Longevity Risk
d) Morbidity Risk
Health Insurer Main Risk
a) Morbidity Risk
TIA Video on GHS-121
33
P&C Risks - Reserve and Claims Management Risks
| Add Pricing, Cycle Management, Underwriting, Catastrophe
Reserve Risks
a) Loss Reserves - Estimate of funds needed to fulfill claims from prior policies; Largest source of uncertainty for P&C insuerers
b) Reserving Risk
i) Level needed to meet all liabilities
ii) Timing of liabilities
Claims Management Risks - When claims paid deviate from expected due to:
a) Irregularities in claim mgmt process
b) Insufficient rigors to claims process
c) unexpected legislative/regulatory/judicial intervention
Risk Control Assessment Focus - How well does insurer manage uncertainty around loss reserves and claims mgmt:
a) Process
b) Controls
c) Reviews used
TIA Video on GHS-121
34
Health Insurance - Risk Assessments
Risk Control #1 - Underwriting
Positive - Disciplined Process, Defined limits
Neutral - not as comprehensive
Negative - limits/process blurry
Risk Control #2 - Pricing
Positive - Active monitoring of experience; Feedback; Prompt adjustments and staggered renewals
Neutral - Mainly reactive
Negative - Assumptions updated infrequently
Risk Control #3 - Trend Analysis
Positive - ongoing review, mitigation strategies, multiple forecasting techniques
Neutral - Not very sophisiticated
Negative - no system to identify trends / developments
Risk Control #4 - Reinsurance and Risk Limits
Positive - Carefully select to balance retention and transfer
Neutral - cost-benefit analysis not robust
Negative - Reinsurance not considered, large risk concentration
Risk Control #5 - Providers
Positive - multiple providers in portfolio. Effective communication with regulators.
Neutral - Network not as diversified
Negative - Highly concentrated, limited service offerings
Risk control #6 - Negotiation Power
Positive - Pricing power to negotiate favorable terms
Neutral - Same power, but lacks ability
Negative - Very little pricing power
Risk Control #7 - Policy Provisions
Positive - standard, consistent
Neutral - Sometimes exceptions
Negative - inconsistent terms
Risk Control #8 - Claims Management
Positive - Judicious reviews/audits of claims mgmt
Neutral - Feedback loop not very effective
Negative - Reviews/audits infrequent. Past issues not identified; longer than expected claism prcoess
Risk Control #9 - Compensation
Positive - Incentive structure balances risks/rewards from performance targets
Neutral - No incentives to chase top-line results
Negative - compensation flawed/outdated and not aligned with incentives.
TIA Video on GHS-121
35
Operational Risk - Definition and Common Controls
Operational Risk
a) Inadequate or failed internal processes, people, and systems or from external events
b) Includes:
- Information Technology
- Business Continuity Process
- Environmental Issues
- Regulation
- Compliance
- Fraud
- Terrorism
- Human Resources
- Change Management
- Distribution
- Outsourcing
Key Elements Essential to Operational Risk Controls
a) Procedures in place to identify, monitor, assess, and mitigate operational risks
b) Sound BCP (Business Continuity Plan) that has been drilled
- BCP - Process and procedures insurer would follow to limit the adverse impact of an event
Risk Control Assessment
a) Risk Control #1 - Risk Identification (Systematic Focus)
b) Risk Control #2 - Business Continuity and Disaster Recovery (plan In place and tested)
c) Risk Control #3 - Operational Losses (Major Losses and learning from them)
d) Risk Control #4 - Risk Monitoring and Risk Limits (Owners, mitigation action/Monitoring)
e) Risk Control #5 - Documentation and Compliance (Comprehensive, clear, and internal audit)
TIA Video on GHS-121
36
Definition and key principles of Enterprise Risk Management (ERM)
Definition - ERM is a structured analytical process that focuses on identifying and eliminating the financial impact and volatility of a portfolio of risks, rather than focusing on risk avoidance alone. It is integrated risk management.
Essential principles of ERM
1. ERM Recognizes a broad range of risks confronted by the organization and acknowledges that those risks represent either sources of capital or potential for losses
2. A comprehensive or "holistic" approach is critical for managing diverse risks. An enterprise-wide view recognizes all of the potential threats to the organization's objectives and recognizes that risks are not isolated
GHS-123-18, Page 1
37
Domains of risk recognized by ERM
1. (O)perational - risk related to the organization's core business, including its systems and practices. Examples include clinical services and outpatient care
2. (F)inancial - risks related to the organization's ability to earn, raise, or access capital, as well as costs associated with its transfer of risk. Examples include bonds and insurance premiums.
3. (H)uman - Risks related to recruiting, retaining, and managing workforce. Examples include Worker's comp, turnover, unionization, and discrimination
4. (S)trategic - risks related to the ability of the organization to grow and expand. Examples include join ventures and customer satisfaction
5. (L)egal or regulatory - risks related to health care statutory and regulatory compliance, licensure, and accreditation. Examples include HIPAA compliance and OSHA regulations.
6. (T)echnological - risk associated with biomedical and information technologies, equipment, devices, and telemedicine. Examples include clinical information systems and off-site monitoring of critical care units.
Mnemonic - H F LOST (He Felt LOST looking at domains)
GHS-123-18, Page 2
38
How ERM differs from Traditional Risk Management
1. Traditional health care risk management examines risks individually
a) This approach maintains that risks are best manged within functional silos and that sharedholder value is maximized through risk transfer
b) But this approach fails to appreciate relationships among risks. And it lacks the optimization of collective risk management through an enterprise approach.
2. ERM uses common metrics across risk domains to determine the effectiveness of risk management approaches. With an integrated, enterprise-wide view of risk, the risk manager focuses on opportunities as well as risks
GHS-123-18, Page 2
39
Phases of the ERM process
(May also be referred to as steps or components of an ERM Process)
1. (A)ssessment - educated all appropriate staff about the ERM concept and why it is the right approach
2. Define the organization's (G)oals and objectives
3. Define the organization's risk (T)olerance, which is the amount of risk exposure the organization is willing to bear
4. (E)vent identification - identify all events that could affect the achievement of goals. Differentiate between risks (with potential for a negative impact) and opportunities (may have a positive impact)
a) Causes of risk can include people, processes in place, and management decisions
b) Risk events include a loss of assets, business interruption, and fraud/abuse
5. (R)isk Assessment - evaluate all potential events to determine their impact and likelihood of occurrence. Prioritize risks based on their potential impact
6. Risk (R)esponse - identify, evaluate, and develop options to deal with risk. The categories of risk handling solutions are risk avoidance, acceptance, reduction, and sharing.
7. Take a (P)ortfolio view of risk. This allows leadership to catalog all risks and look at the totality of organizational risk. It also involves understanding how corporate objectives and risks interrelate and affect the achievement of goals.
AGTER RP (AfTER RP you go back and fix the G)
GHS-123-18, Page 4
40
Roles and Responsibilities in the ERM Framework
1. Chief Risk officer (CRO) - Separate list
2. Board of Directors - should provide oversight of ERM, regularly discussing organizational risks and risk responses with senior management
3. Chief executive officer (CEO) or president - mold the corporate culture and make sure that ERM functions effectively, including:
a) Assess the organization's ERM capabilities
b) Communicate the organization's risk philosophy and risk tolerances
c) Communicate regularly with the CRO and CFO to track the implementation and success of the ERM model
d) Report on ERM to the board of directors
e) Continuously reevaluate risks facing the organization and modify strategy accordingly
4. Chief Financial Officer (CFO) -
a) Provide the analytical insight to determine the organization's risk appetite
b) View the prioritized list of risks and determine what resources and financing options are available to address them
c) Communicate with the CRO as new risks become apparent
5. Health Care Risk Manager - Focus on daily operations, developing strategies in line with business goals and objectives
6. Middle managers and other employees - manage risks within the entity's approved risk tolerances
GHS-123-18, Page 5
41
Responsibilities of the CRO
1. (I)dentifying and quantifying risks
2. Managing the ERM (P)rocess
3. (A)nalyzing risk strategically
4. Facilitating the (A)ctivities of the risk management team
5. Being a (L)iaison for the CEO, CFO, senior management, and middle management
6. Developing organizational (P)olicies and procedures
7. Working on (C)oncept development and implementation
8. Tracking (K)ey risks
9. Facilitating continuous risk (A)ssessment
LACK A PAPI (Risk Papi)
GHS-123-18, Page 5
42
Key processes for transitioning to ERM
1. Setting management objectives - these should relate to organizational strategy, operations, reporting, and compliance
2. Achieving structure and organization - the risk committee should be formed, responsibilities should be defined, and performance metrics should be established
3. Employing Methods, information, and reports - this includes the event identification process and enhancement of risk response decisions
4. Establishing the informational technology infrastructure to ensure prompt communication throughout the organization
5. Recognizing roles and responsibilities - determining who is responsible for responding to risks, mitigating risk, and carrying out the strategic plan
6. Monitoring - this ongoing activity is undertaking at all levels of the organization to ensure early identification of risk
OOM! need ERM to manage
GHS-123-18, page 7
43
Steps for developing a risk map
This is a visual aid to depict the frequency of occurrence and possible severity of an organization's risks
1. Identify the risks to be analyzed and their correlation to all other risks
2. Develop the threshold of acceptable exposure - this often varies based on the specific risk. And it relates to risk appetite
3. Evaluate the severity of impact if a risk event occurred and identify what percentage of the organization would be impacted
GHS-123-18, Page 7
44
Characteristics and Skills of a CRO
1. CROs come from various disciplines, including legal, auditing, strategic planning, investor relations, line-operation management, and hazard risk management
2. For insurance organizations, insurance, actuarial, and accounting backgrounds are assets
3. Excellent communication skills are important
4. Key background skills center on math, statistics, finance, and accounting
5. A recent survey related the ability to understand business issues as the most important skill
6. A broad health care and business background is also important
GHS-123-18, Page 11
45
Key Tasks of the CRO
1. (C)oordinate all risk management activities
2. Introduce an (I)ntegrated framework
3. Improves risk (C)ommunication with internal and external partners
4. Chairs the ERM (C)ommittee
5. Develops a (F)ramework for the organization's risk mgmt activities
6. Ensures that the organization is in full (C)ompliance with regulations
7. (P)olicy assessments
8. Assures business (C)ontinuity through risk assessment, planning, financing, and risk transfer
9. identifies and monitors (E)mergent risks
10. Extends risk principles into the wider business (S)trategy
11. Develops the (D)ata strategy required to build an accurate picture of operational risk
12. Educates the (I)nvestment community on the organization's risk mgmt strategy
13. (D)isclosures (Internal and external)
14. Informs the (B)oard of significant risk issues
15. Delivers an integrated (P)icture of risk across the enterprise
16. Determines the organization's (T)olerance for risk
17. Evaluates (I)nsurance coverage
18. Develops (A)lternative risk strategies
19. (T)rains and communicates with the workforce on risk mgmt policies and structures
PAPI SID I"D BET 5 C's
GHS-123-18, Pages 11 and 12
46
Groups in which the CRO should participate
1. The board or a board risk review committee - the board expects the CRO to identify and review the major areas of risk. The CRO will usually report directly to the board or a committee
2. Executive risk committee - may be chaired by the CRO, and includes the CEO and CFO. It provides oversight of risk, reviews compliance with risk policies, and monitors breaches of risk tolerance limits.
3. ERM committee - consists of the CEO chief operating officer, chief nursing officer, CFO, CRO, chief medical officer, chair of the investment committee, and chair of the audit committee. Is responsible for ongoing identification and assessment of risk.
4. Organization Risk Leaders (such as risk mgmt, legal, and financial leaders) - the CRO is responsible for training and, in some organizations, supervision of some members of this group.
GHS-123-18, page 8 and 12
47
Reasons for reinsuring accident and health products
1. To transfer risk (primary reason)
2. To enable an insurer to offer products in a specific market in which it lacks expertise. This allows the insurer to provide a broad range of products
3. To share the financial load. This is sometimes done for products that require large amounts of capital, such as individual LTC
GHS-117-16, Page 487
48
Proportional reinsurance methods
1. coinsurance - the reinsurer accepts the ceding company's reinsurance premium and pays its share of benefits. The reinsurer pays a ceding allowance to cover a portion of the ceding company's commission and expenses. Approaches fore establishing risk sharing are:
a) Fixed or excess share - the ceding company retains a fixed, level amount of risk (which makes this a non-proportional method
b) Quota share - the ceding company retains a fixed percentage of each risk (Old exams have ceding allowance given back to company to account for expenses)
2. Modified coinsurances - works just like coinsurance, except the assets backing the reserves are held by the ceding company
3. Funds withheld coinsurance - reserves on reinsurer's book, but assets not. Ceeding company keeps assets and reinsurer gets credit for receivable
4. Risk premium coinsurance - annual premium based on anticipated costs given risk makeup (used for LTC)
GHS-117-16, Page 488
49
Nonproportional reinsurance methods
1. Extended Wait (aka extended elimination period or extended deductible) - reinsurance benefits begin only after the claims has reached a specified duration or amount
2. Excess Reinsurance or Stop Loss Reinsurance - provides coverage for claims in excess of a defined level
a) Individual Excess or Specific Stop Loss - provides payment if the total benefits of a single individual exceed a specified attachment point or deductible
b) Aggregate Stop Loss - provides a benefit if total retained claims on the entire group or portfolio exceed a specified attachment point. For medical insurance, the attachment point is typically as a percentage (such as 125%) of expected claims
3. Specified Benefits or Carve Out Benefits - for medical insurance, certain benefits may be carved out, such as premature births, organ transplants, and trauma. Disability income policies occasionally carve out accidental benefits.
4. Claim Takeover Reinsurance and Runoff Block - the reinsurer assumes the risk on future runoff of a known block of claims
5. Catastrophe Covers - provides coverage in the event of a catastrophe
GHS-117-16, Page 489
50
Decisions to Make When Setting Retention Limits for Disability Income Insurance
1. The method of determining the retention - the insurer may retain a maximum amount per month or it may set a limit on the total benefit paid for the entire benefit period
2. The amount of the maximum claim - the insurer might set limits for disability income that would produce present values for benefits approximately the same as the maximum retention for life insurance
GHS-117-16,, Page 492
51
Purchases of Medical Reinsurance
1. Traditional Insurers offering both first dollar insurance and excess of loss coverage
2. Employers providing self-insured benefits to employees
3. HMOs providing services
4. Certain providers that offer prepaid benefits
GHS-117-16, Page 499
52
Approaches for defining coverage periods for Health Reinsurance
1. "Losses occurring during" - claims are covered on if they occur during the agreement year, regardless of the effective date of the risks accepted by the reinsurer. Is used most commonly for excess arrangements
2. "Risk Attaching" - provides that the reinsurance period for reach underlying risk from the insurer coincides with the insurer's policy year. Is commonly used for proportional reinsurance.
GHS-117-16, Page 499
53
Primary Approaches for Reinsurance of Major Medical Policies
Coinsurance is rarely used today, but stop loss is very common
1. Quota share coinsurance - fixed percentage
2. Specific stop loss or excess - limit claims retained during a period to an attachment point
3. Aggregate stop loss or excess - reinsurance is usually not for 100% of the excess claims. The ceding company is required to keep a portion of claims to ensure appropriate claims handling
4. Combined specific and aggregate stop loss or excess
a) Ceding companies often purchase specific and aggregate stop loss as a single package
b) The cost of each coverage is affected by the other. for example, a lower specific attachment point will result in lower aggregate reinsurance claims.
5. Carve out Coverages
GHS-117-16, Page 500
54
Uses of reinsurance for medical coverages other than major medical
1. Fixed benefits medical and surgical products - reinsurance is rarely purchased for claims protection, but quota share coinsurance may be purchased to support growth
2. Specific or dread disease products - reinsurance is rarely used since most insurers retain all the risk on these policies
3. Accident and AD&D coverages - except for very large coverages, reinsurance is rarely used. Some reinsurers offer coverage for accidents on a portfolio basis, similar to catastrophe reinsurance
4. Medicare Supplement - reinsurance is attractive for an insurer that no longer wants to retain the risk or manage the product. Quota share coinsurance is sometimes used because this product is relatively capital intensive. Fronting is also used.
5. Critical Illness - coinsurance has been used, with reinsurers providing expertise and product design advice
6. Dental and vision coverages - many group insurance plans offer these coverages and then use coinsurance to transfer the risk to reinsurers that specialize in these coverages
7. Other uses of reinsurance include captive reinsurers for employee benefits, stop loss for providers, securitizations of health insurances, and capital relief provided by a portfolio reinsurance agreement
GHS-117-16, Page 504
55
Impacts of the ACA on the reinsurance market
1. Annual and lifetime benefit limits for major medical plans were removed. Reinsurance solutions to this lack of limits are:
a) An insurer may purchase separate layers of stop loss reinsurance. Each layer other than the top layer would have limits
b) The insurer could retain the excess risk (have no unlimited layer)
c) A reinsurer may accept the unlimited risk, but then purchase unlimited retrocession coverage
2. The requirement for unlimited benefits and the inclusion of certain mandatory benefits led to cost adjustments
3. Reinsurance of limited benefit medical policies is now seldom needed
4. Reinsurance has been provided to plans on the ACA exchanges
5. There has been little effect on the reinsurance of medical benefits, other than to increase demand
GHS-117-16, Page 507
56
Long-Term Care Insurance Reinsurance
Social Environment
a) Future of LTC intertwined with the social environment (nursing homes, ALFs, Home Health)
Reinsurance Methods
a) Mostly on coinsurance basis
b) Quota share and extended wait coverage are common
Other considerations
a) Differences in group and individual, retention limits, recapture issue and reserve computation are similar to disability coverage
b) Many insurers have exited the LTC market, and few reinsurers are available
TIA VIdeo - GHS-117-16
57
Key Questions regarding the source of business for Medical Reinsurance
Is it coming from HMO?
Does plan include PPO networks?
How do benefits vary inside/outside Network?
How are R&C limits applied?
What employers targeted? Occupational hazards?
What are self-insured groups retention requirements?
TIA VIdeo - GHS-117-16
58
Description of Consumer Operated and Oriented Plan (CO-OP) Program
1. This program was created by the ACA with the intent of increasing competition among health plans and giving consumers the option of a nonprofit insurer
2. The ACA requires that a majority of each CO-OP's board be composed of plan members. And profits must be reinvested to the benefit of members.
3. The ACA created the following loan programs, which were critical for those start-up plans to compete with established insurers:
a) Start-up loans to help CO-OPs create the infrastructure needed to operate
b) Solvency loans to help CO-OPs establish sufficient capital to meet state solvency standards
GHS-122-18, Page 9
59
Policy barriers that make it difficult for CO-OPs to compete in the health insurance market
ACA Provisions:
1. CO-OPs are prohibited from using federal funds for marketing
2. "Substantially all" business must be derived from the individual and small-group markets. This makes it harder for CO-OPs to enter the large employer market, which tends to be a bigger and more stable source of revenue.
Decisions made by federal policymakers during the implementation of the program:
1. Budget agreements with Congress slashed the program's $6 billion allotment down to $2.4 billion
2. States were allowed to permit individuals and small employers to remain enrolled, for a transitional period, in their pre-ACA policies. As health enrollees stayed on their plans, a sicker risk pool was left for insurers selling on the marketplaces
3. Another budget agreement late in 2014 disabled the ACA's risk corridor program by requiring it to be budget neutral. As a result, payouts to insurers with losses were only 12.6% ow what had been expected.
GHS-122-18, Page 9
60
Reasons that CO-OPs failed
1. Some were unable to sign up a sufficient number of customers to enable them to cover their fixed costs
2. For most CO-OPs, enrollment was relatively strong but revenue was insufficient to offset higher-than-expected claim costs
3. For CO-OPs with very high enrollment, they lacked the capacity to provide good services and they had cash flow problems. They had to rely on federal solvency loans to pay claims, but these loans were limited after Congress slashed program funding
4. Payments from the ACA premium stabilization programs came much later than when costs were incurred. The payments for the 2014 plan year didn't come until September 2015, which was too long to wait for one CO-OP that therefore went insolvent
5. The lower-than-expected payments from the risk corridor program was the breaking point for one CO-OP
GHS-122-18, Page 10, 16, and 19
61
Additional challenges faced by CO-OPs when they began operation
(these are in addition to the challenges created by the policy barriers listed earlier)
1. To meet regulatory requirements on short deadlines, CO-OPs had to outsource critical functions such as claims adjudication, customer call centers, and provider networks
2. CO-OPs had to decide whether to offer platinum-level coverage, which has lower cost sharing and therefore attracts customers with significant health needs. Half of the CO-OPs studied offered these plans initially, but later reversed this decision.
3. CO-OPs were at a pricing disadvantage since they did not have historical claims data with which to price. And many of them did not have experienced actuaries on staff.
4. CO-OPs may also be at a disadvantage in the risk adjustment program. To be successful with risk adjustment, an insurer must record every diagnosis of every member, but this is a challenge for CO-OPs who have not yet built the data capacity needed.
challenges CROP up (Claims data, Risk Adj data, Outsourcing, Platnium coverage)
GHS-122-18, Page 12, 17
62
3 R's - Risk Corridor, Reinsurance, Risk Adjustment
Risk Corridor - Govt partially offsets large losses and shares in large profits. Above/below a certain point, forced sharing. 3 Year temporary program to stabilize premiums for inadequate pricing.
Reinsurance - Partially compensate insurers who have catastrophically high claims. Temporary 3 year program to offset catastrophic claims in the individual market
Risk adjustment - those with larger share of high-risk enrollees receive payments from those with low-risk enrollment. Permanent program to help insurers with disproportionately sicker than average population
GHS-122-18, TIA Video
63
LTC Pricing Assumptions that missed the mark and lead to the insolvency of insurer Peen Treaty
1. Lapse Rates: When the policyholder voluntarily stops paying premiums, rates were lower than expected
a) Lapse-rate assumptions for LTC insurance was mostly based on history of lapses on annuities which turned out to be too high
2. Mortality: Death either before or during receipt of LTC benefits. Mortality was lower than expected
a) Assumptions were based on general population data, and not adjusted for the healthier people that were choosing to purchase the insurance (antiselection)
3. interest Rates: Premiums invested and accumulate interest. Interest rates have been low since the 2008 financial crisis.
a) Assets that were intended to coincide with the lapse and mortality assumptions matured too early relative to the intended risk they would cover. This also led to lower rates.
4. Claim incidence: Likelihood that a policyholder will require LTC
5. Benefit utilization: What percentage of the daily limit does the insured use while receiving LTC
6. Claim termination: Likelihood of recovery for a policyholder already receiving LTC benefits
(these last 3 assumptions led to claim costs that were significantly higher than expected)
GHS-127-19, Page 6
64
The implications to consumers when an LTC insurer under-prices their products
For many insurers that wrote LTC insurance, initial assumptions turned out to be incorrect
1. Policyholders face the risk of their insurer becoming insolvent.
a) This risk becomes greater with long term products with little historical data
2. Consumers should consider both price and capital strength when purchasing such products
3. Policyholders should be aware that guaranty funds may be short should an insurer fail
GHS-127-19, Page 6
65
What is Long-Term Care
Definition - Extended period of benefits providing care (Nursing home, ALF) for people unable to complete activities of daily living or cognitive impairment
How it works
1. Reimbursed care subject to limits
2. Maximum benefit amount (may have inflation protection) for a benefit period
3. Prefunded (Early premiums pay for large claims in later years) - investment returns very important.
Susceptible to mispricing:
1. Relatively new product (little experience)
2. Limited actuarial data
3. Potential payments far in the future (up to 50 years)
GHS-127-19, TIA Video
66
Rehabilitation and Guaranty Funds
Rehabilitation Process - First State of receivership. Company continues to operate. Benefits partially protected by guaranty funds.Policyholder has 2 options.
a) Terminate policy (uninsured, lose of value, replacement policy coasts more)
b) Keep paying premiums (hope insurer emerges from rehabilitation)
Guaranty Funds - Help pay policyholders (subject to cap) if insurer goes insolvent and can't pay
a) Losses funded after by levies/assessments after an insurer is liquidated.
b) Assets dissipated during rehabilitation can lead to even fewer dollars to cover liabilities
GHS-127-19, TIA Video
67
ORSA includes ongoing processes to support:
1. Risk (I)dentification and prioritization
2. Risk (M)easurement
3. Articulation of Risk (A)ppetite and tolerances
4. Implementation of risk (L)imits and controls
5. Development of risk (M)itigation strategies
6. Capital (A)dequacy assessment
7. (G)overnance and risk reporting
Mnemonic: MAIL MAG (MAIL a MAGazine along with your ORSA summary)
ORSA, Page 35
68
Definition, requirements, and goals of an Own Risk and Solvency Assessment (ORSA)
1. Definition - a confidential internal self assessment of the risks associated with an insurer's current business plan and the sufficiency of capital resources to support those risks
2. Requirements for an insurer subject to ORSA:
a) Conduct an ORSA at least annually to assess the adequacy of its risk management framework and solvency position
b) Internally document the process and results of the assessment
c) Provide a confidential high-level ORSA Summary Report annually to the lead state commissioner if the insurer is a member of an insurance group and, upon request, to the domiciliary state regulator
3. Primary goals of ORSA:
a) Foster an effective level of ERM at all insurers, through which each insurer identifies, assesses, monitors, prioritizes, and reports on its material and relevant risks, using appropriate techniques and in a manner that is adequate to support risk and capital decisions
b) Provide a group-level perspective on risk and capital as a supplement to the existing legal entity view
GHS-116-19, Page 1
69
Major Sections of an ORSA Summary Report
Section 1 - Description of the insurer's risk management framework. This section should:
1. High Level overview of (P)rinciples
2. Describe how the insurer identifies, (C)ategorizes, and manages risks
3. Describe risk-monitoring processes and methods, provide risk (A)ppetite statements, and explain the relationship between risk tolerances and risk capital
4. Identify assessment (T)ools used to monitor and respond to any changes in risk profile
5. Describe how the insurer incorporates (N)ew risk information in order to monitor and respond to changes in risk profile
Mnemonic - CAPTN (CAPTaiN steering a ship called ORSA-1)
Section 2 - Insurer's Assessment of risk exposure. This section should:
1. Provide a high-level summary of the quantitative and/or qualitative assessments of risk exposure in both normal and stressed environments for each material risk category in Section 1
2. Include descriptions of risk-mitigation activities and outcomes of any plausible adverse scenarios assessed
Section 3 - Group Assessment of risk capital and prospective solvency assessment
1. Group assessment of risk capital - the goal is to provide an overall determination of risk capital needs and to compare that to available capital to asses capital adequacy (see separate l st for considerations in quantifying available capital and risk capital)
2. Prospective Solvency Assessment - should demonstrate that the insurer has the financial resources necessary to meet regulatory capital requirements and execute its multi-year business plan in both normal and stressed environments. If the insurer does not have the necessary available capital, then describe management actions to remedy this situation.
GHS-116-19, Page 3
70
Key information to include in an ORSA Summary Report
1. The (B)asis of accounting and the date or (T)ime period that the numerical information represents
2. The (S)cope of the ORSA conducted (i.e. which insurers are included)
3. A short summary of material (C)hanges to the ORSA from the prior year
(Commissioner may also request and review conditial reporting materials, such as underwriting, investments, claims, ALM, reinsurance policies)
Mnemonic - S T B C (Summary Tells Basic Conclusions)
GHS-116-19, Page 3
71
Key Principles of an effective ERM Framework (ORSA Version)
1. Risk culture and (G)overnance
a) A governance structure that clearly defines roles, responsibilities, and accountabilities
b) And a risk culture that supports accountability in risk-based decision-making
2. Risk (I)dentification and prioritization process - the risk management function is responsible for ensuring that the process is appropriate and functioning properly at all organizational levels
3. A formal risk (A)ppetite statement and associated risk tolerances and limits - understanding of the risk appetite statement ensures alignment with risk strategy by the board of directors
4. Risk (M)anagement and controls - managing risk is an ongoing ERM activity, operating at many levels within the organization
5. Risk (R)eporting and communication - provides key constituents with transparency into the risk-management processes. Facilitates active, informal decisions on risk-taking and management
Mnemonic I GRAM (frame the framework in an InstaGRAM)
GHS-116-19, Page 6
72
Considerations in quantifying available capital and risk capital (ORSA)
1. How the insurer defines (S)olvency for the purpose of determining risk capital and liquidity requirements
2. The accounting or (V)aluation basis for measuring risk capital requirements and available capital
3. The subset of (B)usiness included in the analysis of capital
4. The (T)ime horizon over which risks were modeled and measured
5. The risks (M)odeled in the measurement of risk capital
6. The (M)ethod used to quantify the risk exposure (e.g., stress tests)
7. The risk capital (M)etric used in determining aggregate risk capital (eg value-at-risk)
8. The defined (S)ecurity standard used in determining risk capital requirements
9. The method of (A)ggregation of risks and any diversification benefits considered
SAV BST M M M (SAVe the BeST Models, Methods, Metrics)
GHS-116-19, Page 11
73
Maintenance Process for ORSA
1. Group solvency Issues "Working Group" - deals with proposed changes
2. Procedures for Working Group for changes to ORSA Manual:
a) Proposals for changes - considered at any conference call, interim, or national meeting throughout the year
b) Considered at next regularly scheduled group meeting
c) Working Group publishes formal submission form/instructions (alternate format if concise and complete)
d) Proposals effective Jan 1 of following year
e) Reviewed in next scheduled meeting and need 30 day public comments period
f) NAIC support staff send agenda and changes to Working Group and interested parties 5-10 days before meeting
g) Exceptions - if approved by 2/3 majority of Working Group. Still need public comment time period
h) NAIC support staff publishes manual around Dec 15 each year
GHS-116-19, TIA Video
74
ASOP #23 - Actuarial Standards for use of Data
1. Data that is completely accurate, appropriate, and comprehensive is frequently not available, so the actuary should use available data that allows the actuary to perform the analysis
2. Considerations in selecting data (separate list)
3. Review of data - the actuary should review the data for reasonableness, unless such a review is not necessary or practical
4. The actuary should use appropriate data (separate list)
5. Reliance on data and other information supplied by others - the accuracy of this information is the responsibility of those who supply it. The actuary may rely on this information, but should disclose this reliance.
6. Confidentiality - Actuary should handle data containing confidential information consistent with precept 9 of the Code of Professional Conduct
7. Limitation of the actuary's responsibility - the actuary is not required to audit the data or determine whether data supplied by others is interntionally
75
ASOP #23 - Considerations in selecting data to use in an actuarial analysis
```
D - consider Desired data elements
A - consider Alternative data elements
A - Appropriateness for intended purpose
C - sufficiently Current
R - Reasonableness and comprehensiveness
C - internal and external Consistency
L - material Limitations
F - cost and Feasibility of alternative data and time required
B - Benefit to be gained from alternative data
S - Sampling methods to collect the data
```
Mnemonic - FR BAD CALCS (FoR preventing BAD CALCS, focus on data)
ASOP #23, Page 2
76
ASOP #23 - Categories of appropriateness of data used in an actuarial analysis
1. Data is of acceptable quality to perform analysis
2. Data requires enhancement before the analysis can be performed, and it is practical to obtain additional/corrected data
3. Judgmental adjustments or assumptions can be applied to the data (or analysis results) to allow the actuary to perform the analysis
4. Data is likely to have significant defects
5. Data is so inadequate that it cannot be used to satisfy the purpose of the assignment
ASOP #23, Page 4
77
ASOP #23 - Required Documentation related to Data quality
S - (S)ource of data
R - Whether actuary (R)eviewed, and if not then disclose limitations
R - (R)eliance on data and other information
A - material (A)djustments or assumptions applied to data
L - (L)imitations on work due to data quality
C - Unresolved (C)oncerns
U - Highly (U)ncertain results or bias due to data quality including potential magnitude and nature
C - conflicts from complying with (L)aws and regulations
Mnemonic - SUR CALL R (SURe can CALL it Reasonable)
78
ASOP #41 - Recommended practices for actuarial communications
Actuarial Communications should meet the following requirements
a) Scope of work: Methods, assumptions, data, etc
b) Form and content of the communication must be appropriate for the given circumstances
c) Communication should be clear
d) Should be issued within a reasonable time period
e) All actuaries responsible for the communication should
2. The actuary should complete an actuarial report if the actuary intends the findings to be relied upon by any intended user
3. Some circumstances (such as regulations) may constrain the content of an actuarial report. In these cases, the actuary should follow the guidance of this standard to the extent reasonably possible.
4. The actuary should recognize the risk of unintended users misusing an actuarial document, and should take reasonable steps to ensure it is clear and presented fairly
ASOP #41, Page 3
79
ASOP #41 - Disclosures required in an actuarial report
This report states the actuarial findings and identifies the methods, procedures, assumptions, and data used
1. Intended (U)sers of the report
2. (S)cope and intended purpose of the assignment
3. Acknowledgement of (Q)ualification as specified in the Qualification Standards
4. Any cautions about(R)isk and uncertainty
5. Any (L)imitations or constraints on the use or applicability of the findings
6. Any (C)onflict of interest
7. Any information on which the actuary (R)elied that has a material impact on the findings and for which the actuary does not assume responsibility
8. The (I)nformation date (i.e. data, etc)
9. (S)ubsequent events (may have material effect on findings
10. If appropriate, the (D)ocuments comprising the actuarial report
Mnemonic - RQ DISCLSUR (ReQuired DISCLoSURe items)
ASOP #41, Page 7
80
ASOP #41 - Disclosure Requirements for Assumptions and methods used in an Actuarial Report
1. Communication should identify the party responsible for each material assumption and method
2. If the assumption or method is prescribed by law, disclose the applicable law, the assumptions or methods affected, and that the report was prepared in accordance with the law
3. If a material assumption or method is selected by another party, the actuary has three choices:
a) If it does not conflict the with actuaries professional judgement, no disclosure needed
b) If it significantly conflicts with the actuary's judgement, then disclose this fact
c) if the actuary is unable or not qualified to judge reasonableness, then disclose this fact
(Disclose the affected assumption or method, the party who set it, and the reason it was set by this party, rather than by the actuary)
ASOP #41, Page 5 and 8
81
ASOP #46 - ASOP Definition of Enterprise Risk Managemetn
ERM is the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders
ASOP #46, Page 2
82
ASOP #46 - Processes included in the ERM Control Cycle
1. Risks are identified
2. Risk are evaluated
3. Risks appetites are chosen
4. Risk limits are set
5. Risks are accepted or avoided
6. Risk mitigation activities are performed
7. Actions are taken when risk limits are breached
ASOP #46, Page 2
83
ASOP #46 - Considerations when performing services related to risk evaluation
1. Information about the financial strength, risk profile, and risk environment of the organization. For example, the nature and complexity of the risks faced by the organization's different risks interact with one another.
2. Information about the organization's risk management system, including:
a) The risk tolerance of the organization
b) The risk appetite of the organization
c) Components of the organization's ERM control cycle
d) knowledge and experience of management and the board of directors regarding risk assessment and risk management
e) The actual execution of the organization's ERM control cycle
3. Relationship between organization's financial strength, risk profile, and risk environment and the organization's risk management system
4. The intended purpose and uses of the actuarial work product
ASOP #46, Page 3
84
ASOP #46 - Considerations when developing, reviewing, or maintaining Risk Evaluation Models
Whether the models are fit for the purpose, Review:
1 - (R)eproducible and adaptable to new risks
2 - (S)ophistication of the models in proportion to
materiality
3 - (P)ractical considerations for the models
4 - Inherent Statistical and theoretical (L)imitations
5 - Quality, accuracy, appropriateness, timeliness, and completeness of (D)ata
6 - The appropriateness of methodologies for (V)alidation/calibration
7 - The appropriateness of methodologies for modeling (D)ependencies among risks
8 - The appropriateness of Cash flow (D)iscounting methodologies
Mnemonic PLS DVD D R (PLeaSe DiViDe Detailed Risks)
Whether the assumptions are appropriate, consider:
1 - Whether the assumptions are (S)upportable and appropriately documented
2- Whether the assumptions are regularly (R)evisited to determine their appropriateness
3 - Whether the assumptions regarding anticipated Management (A)ctions are supportable and appropriately documented
ASOP #46, Page 4
85
ASOP #46 - Considerations when designing, developing, and reviewing an economic capital model
1. Appropriateness of the selected (T)ime frame, basis of measuring (L)oss, and (R)isk metric underlying the organization's definition of economic model
2. Degree to which the model reflects the (S)ignificant risks of the organization and their (I)nterdependencies
3. Appropriateness of the (M)ethod used to model each risk
TLR SIM (Total Loss Ratio SIMulation)
ASOP #46, Page 6
86
ASOP #46 - Considerations related to stress and scenario testing
1. Extent to which various stress tests reflect similar or different degrees of (A)dversity
2. Any items in the organization's business plan that describe how the organization will function during an (E)xtreme event
3. Extreme event (S)cenario may be a (S)ingle event or (S)eries of events
4. How various stakeholders and markets during extreme events may (R)eact
5. Whether assumed (I)nterdependencies are appropriate under the stress or scenario testing assumptions
6. How to define situations that result in a (N)on-quantifiable risk
7. Some stress and scenario tests will be (H)ypothetical situations for which the actuary will not need to determine whether the s scenario is realistic.
A SHRINE (so you can pray these events don't happen)
ASOP #46, Page 7
87
ASOP #46 - Considerations when performing services regarding the evaluation of emerging risks
1. The potential impact of emerging risks across various time horizons
2. The potential secondary effects from an organization's assumed actions in light of the onset of an emerging risk
ASOP #46, Page 9
88
ASOP #46 - Required Disclosures for communications subject to ASOP #46 on risk evaluations in ERM
1 - Economic (C)apital Model, their intended use, and any known limitations
2 - Results of the (S)tress and scenario tests, their intended use, and any known limitations of these tests
3 - Methodologies and sources of information for identifying and evaluating (E)merging risks
4 - Any material (C)hanges in the system, process, methodology, or assumptions from those previously used
5. Significant (A)ssumptions used in the risk evaluation and interdependencies among risks and statistical distributions
6. (R)isks included in the risk evaluation and their relative significance, as well as known material risks not included and the rationale for not including them
7. Whether and how the modeled future economic conditions have been (V)alidated
Mnemonic - CRAVE S C (CRAVE Simple Communications)
ASOP #46, Page 10
89
ASOP #47 - Definition and aspects of Risk Treatment
Definition of Risk Treatment - process of selecting and making decisions to transfer, retain, limit, and avoid risk
Aspects of Risk Treatment:
1. Determining Risk tolerance
2. Choosing Risk appetites
3. Setting risk limits
4. Performing risk mitigation activities
5. Optimizing organizational objectives relative to risk
ASOP #47, Page 3
90
ASOP #47 - Considerations when performing risk treatment activities
1. Information about the financial strength, risk profile, and risk environment of the organization. This includes various items, such as:
a) The financial flexibility of the organization
b) The nature, scale, and complexity of the risks faced by the organization
c) The organization's strategic goals
d) The degree to which the organization's different risks interact with one another
2. Information about the organization's own risk management system. This also includes various item, such as:
a) The risk tolerance and risk appetite of the organization
b) The components of and execution of the organization's ERM control cycle.
c) The knowledge and experience of management regarding risk assessment and risk management
3. The relationship between the organization's financial strength, risk profile, and risk environment and the organization's risk management system
4. The intended purpose and use of the actuarial work product
ASOP #47, Page 3
91
ASOP #47 - Considerations when reviewing or recommending parameters of risk tolerance, risk appetite, and risk limits
1. The financial and non-financial (B)enefits associated with each risk-taking activity
2. The degree of (C)oncentration of the risks of the organization
3. The opportunities available to mitigate (B)reaches of risk limits and risk tolerance, and the cost and effectiveness of such mitigation strategies
4. Regulatory or accounting (C)onstraints that may affect the risk environment
5. The (R)elationships between the risk tolerance, risk appetite, and risk limits
6. The historical (V)olatility of the organization's results in the context of its current risk profile
BBC CRaVes tolerance
ASOP # 47, Page 5
92
ASOP #47, - Considerations when reviewing or recommending a risk mitigation strategy
1. Information relating to qualitative aspects o the organization, such as:
a) The resilience of the organization under duress
b) The operational capabilities of the organization
c) The potential risk to the organization's reputation
2. Information relating to the cost of, effectiveness of, and constraints upon risk mitigation activities. This includes various items, such as;
a) The availability of risk mitigation instruments
b) The counter-party credit risk inherent in the risk mitigation instruments
c) The degree of confidence that the risk mitigation process can be maintained or repeated over time
d) The variability of outcomes after risk mitigation
e) Regulatory constraints on risk mitigation options
ASOP #47, Page 5
93
ASOP #55 - General Considerations when designing, performing, or reviewing a capital adequacy assessment
1. The insurer's risk (P)rofile and capital
2. Business and risk (D)rivers
3. Insurer's plans and (S)trategies (and likelihood of success.
4. (T)iming/variability of project cash flows
5. Existing or accessible (R)esources
6. Effect of (C)hanges in the risk profile
7. Correlation, concentration, (D)iversification, and interdependence of risks
8. Projects of (F)uture economic conditions
9. (P)arameter uncertainty
10. Methodology for capital adequacy (A)ssessment
11. Insurer's (S)pecifics regarding risks identified: Definition used, metrics used, identification process, risk appetite, risk tolerance
12. (P)rior assessments, group considerations, management actions
SPecial FAP ReCorDed, PTSD
ASOP #55, Page 3
94
ASOP #55 - Considerations when designing risk capital targets or risk capital thresholds
1. (V)aluation Basis
2. (P)rincipal's objectives for capital
3. Normal and adverse (E)nvironments
4. (T)ime horizon over which capital is assessed
5. Methods used to (A)ggregate results
6 (A)lignment with any existing risk appetite and risk tolerance
7. Approach used to determine (S)ufficient level of capital
8. Merits of using a (R)ange versus as single value for risk capital targets
9. (A)ccess to additional capital
SAVE And TRAP (capital)
ASOP #55, Page 5
95
ASOP #55 - Considerations when scenario and stress testing capital adequacy assessment
Types of Tests
- Deterministic
- Stochastic
- Combination (multiple events)
- Reverse (create adverse capital event)
Level of adversity (think normal curve)
- Periods of normal volatility
- Plausible adverse conditions
- And tail events
Sensitivity testing
- Determine the applicability of the results of scenario and stress tests under changing conditions
