Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Management Strategies

03:55 PM
Connect Directly

ERM Capabilities A New Consideration For Rating Agency Assessments

As insurers develop more-sophisticated enterprise risk management capabilities, rating agencies are beginning to consider companies' ERM capabilities as a factor in their assessments.

In an era of fluctuating markets, terrorist attacks, tsunamis and back-to-back record Atlantic hurricane seasons, excellence in risk management is an increasingly important quality of insurance companies. As insurers themselves develop more-sophisticated risk-management processes and technology -- in areas such as catastrophe modeling among P&C companies and capital requirements modeling for variable annuities on the life side -- the industry's rating agencies are beginning to raise enterprise risk management (ERM) expectations for insurers.

"The agencies are all very focused today on the interplay of risk management and capital management at companies -- as a result, they've all essentially taken on initiatives around assessing companies' enterprise risk management capabilities," observes John Giamalis, corporate treasurer, The Hartford (Hartford, Conn.; $27.1 billion 2005 revenue). "It's clear that to properly manage equity market risks, a significant investment in technology is going to be required, and companies that do make the investments in both technology and people, and are able to appropriately manage those risks, will be given better recognition in the rating process than those that don't and can't."

Standard & Poor's (S&P; New York), for example, has begun to consider ERM as a distinct category in rating insurers. Last fall S&P began classifying insurers' ERM capabilities as excellent, strong, adequate or weak, according to the criteria of risk management culture, risk control, extreme event management, risk and capital models, and strategic risk management.

So far, S&P has applied these criteria in the rating of only 20 of the hundreds of companies it rates, according to David Ingram, S&P credit analyst and ERM specialist in insurance ratings. "At this point, we're looking mainly to see whether a company's risk assessment capabilities are broadly consistent with the risk they have and that they have the capabilities to actually operate their assessment process in a way that gives them actionable information," Ingram says. "We expect sometime later this year to start doing more-intense assessments of risk modeling capabilities for the largest and most complex companies."

Ingram notes that a small number of insurers have progressed very far in the development of their risk modeling capabilities, for which they have asked to be given credit by rating agencies. "The framework we've developed gives us a systematic way of doing that and of distinguishing the best companies from those whose risk practice is more average," Ingram explains.

Watershed Moment

But the rating agencies' new requirements present a serious challenge to the industry as a whole, according to Alex Korogodsky, senior manager, insurance and actuarial advisory services, Ernst & Young (New York). "S&P criteria, as well as other rating agency efforts, will serve as a watershed for ERM," he comments. "They are expecting [ERM] to be done on an enterprise level, and many companies don't have that capability."

Focusing on merely improving the software one's company uses for ERM is a mistake, Korogodsky cautions. Successful implementation of ERM requires a cross-functional approach that joins senior business officers, including the CFO, chief actuary, CIO and their teams, as well as trusted advisers from the outside, he asserts. "Companies need to reevaluate their technology capability from four major perspectives: strategy, organization, technology and tools, and process," Korogodsky contends.

Technology officers need to better understand their role within a larger process, Korogodsky adds. "They need to enable the business and, if need be, think about the flexibility of technology tools and infrastructure standards," he says. "They shouldn't think, 'ERM is ours to implement.'"

Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio

Register for Insurance & Technology Newsletters