Defining Risk Appetite ERM Symposium Thursday, March 29, 2007 Chicago, Illinois Sim Segal, FSA, MAAA Deloitte Consulting LLP Risk appetite often defined as function of capital “The level of risk that results in no more than a 0.1% chance of failure over a one-year time horizon, where failure is defined as losing 100% of GAAP capital” Probability • Large financial services companies often define risk appetite as a function of Economic Capital (EC), e.g., Target Target Rating Rating Loss Rate Confidence level 99.9% • Understandable, since EC is available in many ERM programs – Reminiscent of industry use of RBC-multiple capital allocation Copyright © 2007 Deloitte Development LLC All rights reserved Shortcomings of capital-centric approach This traditional capital-centric approach to defining risk appetite: 1) Does not fully capture all risks of the enterprise 2) Does not necessarily result in optimal level of risk Copyright © 2007 Deloitte Development LLC All rights reserved 1) Not capturing all risks • ERM goal: Determine integrated impact of all key risks • EC models work well for risks primarily related to current balance sheet (market, credit, liquidity, insurance, etc.)… • … but less effective for risk primarily impacting future revenues, expenses, WACC, etc Strategic Market (operational and strategic risks) • As a result, EC models usually Credit either ignore operational and Operational strategic risks or “address” via a static 15% add-on to capital Insurance Copyright © 2007 Deloitte Development LLC All rights reserved Defining Optimal Level of Risk Optimal level of risk may be defined as that which: a) Best serves primary stakeholder – shareholders b) Satisfies constraints of other stakeholders (rating agencies, regulators, etc.), but only to appropriate degree Therefore, optimal level of risk may be defined as that which maximizes shareholder value, since satisfies both conditions: a) Clearly, shareholders best served when shareholder value maximized b) Allows measuring the trade-off to value of satisfying other stakeholders to varying degrees, e.g.: Too much capital ẻ favorable rating but fallow capital Ỵ value drops Too little capital Ỵ higher cost of capital and failure risk Ỵ value drops Somewhere in between will maximize value Copyright © 2007 Deloitte Development LLC All rights reserved 2) Not necessarily optimal Capital-centric approach does not necessarily result in the optimal level of risk that maximizes shareholder value • Focus is on solvency, not on maximizing value • Process: Step 1: Assumption that a desired rating (e.g., AA) is optimal Step 2: Assumption that a target risk level will produce desired rating Step 3: EC is calculated Step 4: Risk appetite defined consistent with EC • Ignores possibility that lower/higher level of risk may enhance shareholder value Copyright © 2007 Deloitte Development LLC All rights reserved Value-Based ERM Concept Value-Based ERM is a synthesis of ERM and value-based management Enterprise Risk Management Value-based Management • MARKET RISK – Interest Rate Risk – Foreign Exchange Risk • CREDIT RISK ENTERPRISE VALUE • LIQUIDITY RISK • INSURANCE RISK – Pricing – Underwriting – Reserving Value-Based ERM • OPERATIONAL RISK – Human Resources Risk – System Risk – Business Continuity – Compliance Risk – Privacy Risk – Litigation Risk – Etc • STRATEGIC RISK – Strategy Risk – Execution Risk – Competitor Risk – Disaster Risk – Etc Revenue Growth Claims and Expenses Debt Service Taxes Enterprise value defined as present value of management-projected distributable earnings, discounted at Weighted Average Cost of Capital Copyright © 2007 Deloitte Development LLC All rights reserved Required Capital Cost of Capital Value-Based ERM Framework Value-based ERM allows management to make strategic and tactical decisions with consistent information about risk-to-value trade-offs Risk Identification Risk Measurement Subset of Risks ∆ Enterprise Value All Risks Key Risks Qualitative Surveys Enterprise Risk Exposure Risk Appetite ERM Committee Risk Response (Mitigate or Exploit) Strategy: Products, Channels & Markets Copyright © 2007 Deloitte Development LLC All rights reserved Tactics: ERM Activities & Culture Management Decision(s) The value-based approach fully captures all risks… A single value-based metric, change in Enterprise Value, captures all risks – those impacting the balance sheet, income statement, required capital and WACC IntEVaR™ Model Value-Based ERM Model ∆ Net Sales ∆ Premium Year n Year 3n Year Year Year23 Year ∆ CGS Year ∆ Inv Income Year ∆ R&D ∆ Claims ∆∆Free Cash Distributable Earnings Flow ∆Expenses SG&A ∆ ∆∆ Debt Service Taxes ∆ Taxes ∆ Working Capital Discount@ WACC Discount@ WACC ∆ Required Capital ∆ Long Term Assets ∆ Cost of Capital ∆ Cost of Capital Copyright © 2007 Deloitte Development LLC All rights reserved ∆ Value ∆ Enterprise Value …and produces an optimal level of risk The value-based approach facilitates finding an optimal level of risk – that which maximizes shareholder value Process: Step 1: Quantify enterprise risk exposure in terms of value volatility and produce supporting metrics P rob ab ility Before ERM Activities Enterprise Value Step 2: Develop consensus on level of comfort with volatility, defining risk appetite P robability Step Identify optimal strategy / tactics that manage enterprise risk exposure to within risk appetite After ERM Activities Enterprise Value Copyright © 2007 Deloitte Development LLC All rights reserved It also addresses S&P criteria S&P EXCERPT IMPLICATIONS FOR VALUE-BASED ERM • “Clearly articulated risk tolerance is a key factor …” • Everyone understands value • “We would … view an insurer favorably that knows how it will interpret its priorities among its constituencies” • Quantifies trade-offs between priorities of shareholders and other stakeholders • “For … Strategic Risk Management (of) Strong or Excellent … a process for choosing and rejecting potential options that have higher or lower risk-adjusted returns” • Change in Enterprise Value is the most robust quantitative business case one can make in support of a decision Copyright â 2007 Deloitte Development LLC All rights reserved Better than a disparate set of metrics 10 How many companies satisfy these S&P criteria? Poll reveals that very few companies are fully satisfying these S&P criteria In a recent poll of 190 risk executives in the financial services sector, we asked how well their ERM approach satisfied three key S&P criteria: •Clearly articulates risk tolerance •Ability to interpret priorities among constituents •Provides basis for decision-making reflecting risk vs return trade-offs Responses revealed most companies have much room for improvement: 3% Completely satisfies all three 15% Satisfies all three to some extent 28% Satisfies one or two, but not all three 10% Does not satisfy any of these 45% Don’t know or Not Applicable Copyright © 2007 Deloitte Development LLC All rights reserved 11 Contact information Sim Segal Deloitte Consulting LLP Mobile: 917 699 3373 simsegal@deloitte.com Copyright © 2007 Deloitte Development LLC All rights reserved 12 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms and their respective subsidiaries and affiliates Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in nearly 150 countries With access to the deep intellectual capital of 120,000 people worldwide, Deloitte delivers services in four professional areas, audit, tax, consulting and financial advisory services, and serves more than one-half of the world’s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global growth companies Services are not provided by the Deloitte Touche Tohmatsu Verein and, for regulatory and other reasons, certain member firms not provide services in all four professional areas As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions Each of the member firms is a separate and independent legal entity operating under the names “Deloitte,” “Deloitte & Touche,” “Deloitte Touche Tohmatsu,” or other related names In the US, Deloitte & Touche USA LLP is the US member firm of Deloitte Touche Tohmatsu and services are provided by the subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte Tax LLP and their subsidiaries), and not by Deloitte & Touche USA LLP The subsidiaries of the US member firm are among the nation's leading professional services firms, providing audit, tax, consulting and financial advisory services through nearly 30,000 people in more than 80 cities Known as employers of choice for innovative human resources programs, they are dedicated to helping their clients and their people excel For more information, please visit the US member firm’s web site at www.deloitte.com/us Copyright © 2006 Deloitte Development LLC All rights reserved  ... OPERATIONAL RISK – Human Resources Risk – System Risk – Business Continuity – Compliance Risk – Privacy Risk – Litigation Risk – Etc • STRATEGIC RISK – Strategy Risk – Execution Risk – Competitor Risk. .. risk- to-value trade-offs Risk Identification Risk Measurement Subset of Risks ∆ Enterprise Value All Risks Key Risks Qualitative Surveys Enterprise Risk Exposure Risk Appetite ERM Committee Risk. .. management Enterprise Risk Management Value-based Management • MARKET RISK – Interest Rate Risk – Foreign Exchange Risk • CREDIT RISK ENTERPRISE VALUE • LIQUIDITY RISK • INSURANCE RISK – Pricing –