Communication, understanding and transparency

Do you consider that risk management has increased in importance in the last two years – or is it simply that it always been important but top management are now more aware of its value?

I believe that both aspects are correct. Yes, risk management has increased in importance. In many people’s eyes, it is moving into the centre because we’ve seen too many companies who have failed in their risk management – even though they had the processes they didn’t execute risk management adequately. I think companies are becoming better at execution now.

Risk management existed and was expected by rating agencies who asked companies if their risk management is working. But some companies had huge confidence in the output of their models for calculating risk capital and believed that if they relied on that everything would be fine. They didn’t consider the need for professionally executing their risk management processes. Excellence reflects how much risk management becomes part of the daily work of the business.

What about risk management culture?

As an international group we have had a very strong risk management culture for many years. We have a group wide risk management standard which applies to all our subsidiaries. We also have a niche risk management function which focuses on those parts of the business which are dealing with the highest risk areas where risk management is even more of a core issue.

Allianz, being one of the largest financial institutions, is always potentially in the headlines of media. So we are naturally concerned that we are top class in risk management. Our desire and indeed our stated aim are to be the most trusted financial partner. We can only be trusted if we have complete transparency in measuring what we do and justifying that aim. After all, just trusting something would be bad risk management on the part of our partners!

When we tell our clients to trust us, the most important part is being able to prove that that trust is justified. This involves ensuring that properly documented processes are in place, that these influence our decision making processes and that our complete risk management thinking is all widely embedded.

How much impact does regulation have on your work?

When we looked into the regulators’ requirements, whether national or European as in Solvency II, we felt that they were all moving in the right direction. Basically they reflect what people believe good risk management is and this is catching up with what we believe risk management should be from our perspective. Other companies may have to invest a lot in risk management to meet those requirements but we are more developed than that and therefore well positioned to fulfil them. Our core belief is that risk management is our business. Our clients have to see that we are sustainable because we are taking on their risks. They need to know that they will be paid out if a loss occurs.

Solvency II imposes different regulations in respect of reporting but the principles are already in place and they shouldn’t present anything new for good risk managers.

“It’s important to let underwriters understand that they are risk owners and they must manage the risk.

What does your role involve?

Typically the chief risk officer’s role is to be involved in all important business decision processes from an independent perspective. There are areas where the main goal is to drive growth. The underwriting area is basically focused on maximising the underwriting result. These areas might be in conflict so you need an independent view in the shape of the CRO to try to make the business decision process transparent and help divisions to develop.

I believe that it’s important to let underwriters understand that they are risk owners and they must manage the risk. The CRO oversees that risk is being properly managed.

There is a wide range of instruments that we use for complex risks. For example, actuaries’ data needs to be collected to use as input for the risk capital calculation, we need a proper reserving process for longtail claims in particular, actuaries make sure the pricing rationale is appropriate, and where risk exceeds our appetite we have to have a process for making sure the excess is properly ceded to the reinsurance markets.

The CRO also has to consider the potential accumulation of risk, for example losses resulting from a catastrophe. And we need to make sure that we don’t lose focus on business that is not active and might otherwise fall off the radar such as run-off business.

What do you personally see as the risk management challenges in the next five years?

I think the main challenge is achieving the optimum combination of well developed models with actuarial excellence being built in, and business experience. You need to have a well functioning interface between the risk management models and the excellent knowledge of, for example, the underwriters. No model can perfectly reflect the real risk. You need the underwriting input to come up with the entire picture. Just blindly following a model is doomed to fail. Some companies have had a hard wake-up call because they may have relied too much on models. Sometimes it’s the data management that’s let them down, sometimes a blind spot in the models.

One of the challenges where I’m already seeing some progress is that you can only be good in risk management if you have transparency of risk. And that transparency comes with availability of data. Underwriters need to work closely with brokers and their clients to establish this data. It helps our risk management because we can better evaluate the risk, but it’s also better for the client’s risk manager. They also need to know about the risks and making the risk transparent makes it easier to transfer it to their partners at the proper price. Conversely, risks that are not transparent will be more expensive and difficult to place.

How do you think that risk managers should be tackling this issue?

Communication is key. The underwriters, the decision makers, the risk owners – all must really understand what the drivers of the risk, the portfolio and the exposures are. Also there has to be common understanding of how to measure risks and what information is needed to do this measurement. When you have that common understanding, the rest is relatively easy!