Sue Copeman: To set the scene, I’d like to ask each of you to briefly summarise what enterprise risk management (ERM) means to your organisation. Before the start of this discussion, Tom suggested that ERM means different things to different people so it would be helpful to get this clear. Would you like to kick off, Oskar?

Oskar Buchauer: For us, ERM at the end of the day is setting up a framework for risk management which is not only a question of quantitative issues – calculating risk capital and economic values and things like that. ERM is a broader thing which we believe should combine a quantitative and qualitative approach. There are definitely certain areas in the ERM framework which could not be covered by just using financial tools but have to be managed through qualitative approaches.

Ferdia Byrne: I would echo that. ERM is about much more than quantitative approaches. There is a lot of focus around risk based capital and Solvency II, and over the next couple of years there will be a big challenge for firms that have not got advanced quantification tools in place to build all the tools they need.

But ERM is much more around process, adding value to the business, helping to support strategic decisions. It is about the culture of the organisation and how it views risk, and it needs to be built into the DNA of the operations across the board. That is how we see it maturing in the future although we recognise that there is a path that firms will be going along in the next couple of years to get there.

John Redmond: ERM to us involves the development of a dynamic process, which is shaped by existing and pending legislation such as SOX and Solvency II, and such a process focuses on the integration of business plans, technology platforms/solutions and risk evaluation. Ultimately we seek to benefit from a truly dynamic risk management process by identifying opportunities that allow for the attraction and absorption of more risk.

Tom Wilson: I don’t necessarily have a working definition of ERM. But I take my role as a chief risk officer (CRO) to encompass the answering of four questions. First, is every product that we put on our books structured, priced, underwritten and managed appropriately, and are those risks that we don’t want to take, such as sales practices and regulatory compliance, mitigated appropriately? Second, is our risk profile transparent and within delegated authorities? Third, are the authorities consistent with an overall risk reward strategy for the group? And then four, is this entire framework clearly and transparently communicated to the external stakeholders to ensure that our capital position and the market valuation are appropriate?

Giovanni Gentile: ERM obviously includes the enterprise wide management of risks, and should at least include two aspects. First, it should include senior management responsibility, allocate resources to manage risk and develop a risk governance system which sets up risk owners, risk takers and risk controllers in order to facilitate proper management and control framework for all risks. This should then be combined with quantitative integrated risk modelling that takes all the risks of the enterprise into consideration, to produce an aggregated analysis which is reported to management and upon which they act.

Jonathan Titman: To me, ERM is about having a deep understanding of the entire risk portfolio of a company, and assessing, first, what capital is needed to support those risks and then, second and more importantly, how to generate value from this understanding of risk and capital deployment. It is all about value creation.

Olly Reeves: At Lloyd’s centrally we are in an unusual position in that we run a market; as a corporation we don’t underwrite any business. We have to try and control the market, for example by setting limits, so my view of ERM is that it builds on all those existing control activities to achieve a fully integrated and enterprise-wide picture.

Ole Hesselager: I agree with what the others have said. It is very much an issue of adding to the narrow risk measurement that everybody has been doing for many years, including a more holistic perspective that takes in the types of risks that traditionally were not so dominant in the total risk picture, and controlling the processes. The low key practical aspects of that are that we are looking much more at the interplay between various risk silos and taking this into account when considering things like diversification and hedging various types of risk. And this should enable us to take more risk in a profitable way.

Sue Copeman: Thank you very much indeed. Perhaps we could start our discussion by looking at allocating capital. Does anybody have any views on this?

Giovanni Gentile: If you want to have proper product pricing, you need to be aware of what risks influence that product, and you cannot look at that product in isolation and only determine what its specific risks are. You have to do that but it is also as important to look at the interdependencies of different kinds of risk. Only by taking this aggregated view will you be able to see what the total risk for the company looks like. Once you have aggregated the risks, respecting correlation assumptions or interdependencies, and have the total picture, you can try as best as possible to reallocate this total diversified capital to your products. This may also enable you to steer your risks because it will turn out that you will have more of some risks and less of others. So taking additional risks in those parts where you already have enough should maybe be given a higher capital charge than those risks which basically represent good diversification in your portfolio.

Sue Copeman: Would anybody like to add, expand or challenge that?

Tom Wilson: I think that capital allocation is one tool towards a broader set of objectives. Capital allocation works under the premise that by allocating capital and getting people to concentrate on the return on that capital you can change behaviour appropriately. In addition, capital can be used as a constraint, as a hard boundary or a limit on certain types of activities. There are other tools within the risk management tool chest to accomplish similar objectives, specifically limit structures such as natural catastrophe limits. So, in addition to allocating capital and having a market based mechanism within a firm, you should also consider limits and other management practices.

Allocating capital is a tricky business where the risk function has a role to contribute, but clearly, if it is to be a hard boundary and steer the strategy of the group, it has to be embedded in the strategic planning process. This is typically a process that is owned and managed by the CFO as opposed to the risk function. In any business there is a risk/return trade-off, for example whether you offer a specific type of withdrawal benefit or a dollar-for-dollar benefit on an income benefit in the US. It’s a trade-off between how much return you want to take and sales growth versus how much tail risk you want to take. From a risk perspective we can make the risk and the trade-offs transparent but ultimately we have to work within an institution in order to understand where we have attractive business opportunities, where we have the expenses and the distribution capabilities in order to succeed, and it is a more complicated problem.

Oskar Buchauer: In respect of allocating capital, the real challenge is that the deeper you try to go in the organisation and the processes, the more difficult it becomes. You hear that this is an issue for pricing, this is an issue for day to day management, this is an issue for asset liability management, all that kind of stuff. So the deeper you go, the more you have to take approximations on how you allocate capital. You face the challenge of convincing people that they must not just think about their own block of business but also about diversification benefits or trade-offs with other blocks of business. It is a learning process for all the organisation.

Jonathan Titman: I agree. A lot of companies have developed economic capital models that can quantify capital need on a high level basis. I think the problem is then looking at it on the more granular basis that is needed for pricing. Getting the level of information on a by product or a by distribution channel or even a by market segmented basis is a very difficult challenge. If that can be done, then the benefits for enhanced pricing and value creation from enhanced risk based pricing are very prevalent. But at the moment companies are at the stage where they are still trying to move their top down picture of capital needs down to a more granular level and that is the big challenge.

Giovanni Gentile: And of course this risk based pricing only works if you look at all the risks your company has. Your allocation will only be as good as your total collection, identification and aggregation of risks.