The Society of Actuaries in Ireland (SAI) Risk Management Perspectives Conference took place on 25th October at the Intercontinental Hotel, Ballsbridge, featuring a variety of speakers and thought-provoking sessions.
Maurice Whyms, the president of the SAI chaired the conference. He kicked off the day by introducing the speakers and thanking everyone who selected “risk” on their SAI profile for responding to the ERM survey issued earlier in the year. These survey results are invaluable when selecting the topics for the conference and other learning events. He also highlighted the vast resources which can be found in the SAI’s ERM Research Database.
In the first session of the day, attendees were given a political view on Brexit from Senator Neale Richmond (former Chair of the Seanad Brexit Committee). The session highlighted the highly volatile state of affairs regarding Brexit and the crucial nature of the Brexit deal terms, including the possibility that these would need to be put to the UK public for a vote.
Lisa O’Mahony from the Central Bank of Ireland (CBI) then gave some insights from the CBI on the recent operational risk assessments which took place, including the “Dear CRO” letter issued in June 2017. This included the need for thorough Operational Risk Identification frameworks to include scenario analysis, Risk and Control Self-Assessment (RCSA), loss event data, blank page assessments and boundary loss meetings. Lisa reminded the audience not to gain false comfort from Solvency Capital Requirement (SCR) numbers for operational risk and to start with identifying the correct risks. The full speech is available on the SAI website.
Michael Daughton from KPMG took the audience through some useful aspects of a cyber risk framework, including the need to fully understand critical assets, or what companies are trying to protect, in the first instance. He referenced the 13 expectations of the CBI as outlined in their 2016 Guidelines for management of cyber security risk. One quote Michael mentioned which caught the audience’s attention is that there are two types of companies – those who have been hacked and those who will be. For further reading, he referenced the UK national cyber security centre who have issued guidance as well as the Ireland National cyber security centre which is currently developing guidelines in this area.
Similar to previous years, Jim Power gave an interesting and entertaining macroeconomic update. The update highlighted the relatively weak sterling against the euro, the recent fall in London property prices and recent falls in consumer spending given inflation levels in and around 3% compared to relatively little salary growth. He noted the growing tension regarding the taxation bill for large corporations in Ireland and how this may impact on the economy going forward.
Billy Galavan, CRO of Zurich Life Assurance, illustrated key aspects of risk appetite statements and he presented a useful “cheat sheet” for companies preparing a risk appetite statement. He added useful references to supporting material such as the FSB 2013 Principles of Risk Appetite Statements and the SAI’s Working Party paper issued in 2011.
The first of the afternoon sessions, conducted by Caroline Gregoire, was an interactive session including thought-provoking communication exercises with the audience, which highlighted the need to consider the listening pattern of your audience. For example, she noted the difference between a procedural or step-by-step communication style, compared to a style which presents the alternatives or options available and the criteria which led to the results. She concluded with a reminder that we can also choose our mindset when we are communicating, such as adopting a positive, calm, constructive, enthusiastic and open approach.
The next session was a panel discussion on the Solvency and Financial Condition Report (SFCR), which (re)insurance companies are required to publicly disclose annually. The discussion included the contribution from risk functions and an investor’s view. Lukas Ziewer (Metlife), David Warren (Zurich), Francis Coll (New Ireland) and Gerard Davis (Irish Life) all participated in an interesting discussion including a number of questions/comments from the floor. They questioned whether solvency cover is now being seen as the only measure of risk, and whether the SFCR should be the only public communication from the risk function. The panel also discussed the possible need for more sensitivities in the SFCR in order to give a true picture of risk, as well as the likelihood that it will only be in times of stress when the SFCR will really start to have an impact on analyst and policyholder views, as has been seen in Greece.
In the next session Monika Smatralova (Permanent TSB) delivered practical insights into the banking recovery and resolution regime including what lessons the (re)insurance industry can learn from our banking counterparts. She outlined the key building blocks of recovery plans as well as how recovery triggers can be integrated into the Business As Usual (BAU) risk limits which companies may have. She outlined a useful shopping list of possible recovery options as well as taking the audience through recent case studies of the Bank Recovery and Resolution Directive (BRRD) in action.
Finally, Paul Lavery (McCann Fitzgerald) gave a thorough overview of the General Data Protection Regulation (GDPR), which comes into force on 25th May 2018. He outlined possible impacts on insurers including the need to formalise the company’s record retention policy and ensure a data protection officer is in place which will function similarly to internal audit with regards to data protection issues.
Slides and podcasts are available on the SAI website. The ERM Committee would once again like to thank all the speakers and organisers who made the conference such a great success, and look forward to building upon this for next year.
Bridget MacDonnell is a consulting actuary with Milliman Ltd and a member of the SAI's Enterprise Risk Management Committee.
The views of this article do not necessarily reflect the views of the Society of Actuaries in Ireland, the Enterprise Risk Management Committee, or the author’s employer. The article was edited by the Communications Subgroup of the Enterprise Risk Management Committee.