18 February 2010

Published in: Risk governance, Regulation - supervision

Torus builds its risk management framework

Under new CRO Carl Groth, the framework is being closely integrated with the business and risk analytics are seen as an important driver that gives the company a competitive advantage.

Carl Groth is a relatively rare phenomenon in the insurance biosphere: a chief risk officer (CRO) who reports to the chief executive. But then Torus, the company whose risk he helps manage, is relatively new and entrepreneurial and lacks some of the legacy attitudes that might still inhibit other companies.

Although Groth's appointment as group CRO was announced on 1 February, Groth had actually started work at Torus last December, so he's already busy recruiting staff and building a risk management framework.

An economics graduate of the University of Washington and with an MBA from George Washington University, Groth previously led Deloitte's US insurance enterprise risk management practice, advising companies on Solvency II-related issues and readiness. His earlier career included periods at Willis Re and Liberty Mutual Group.

In his latest position, he sees his role as "combining both a top-down and bottom-up approach to managing risk."

He stresses that the board has the risk oversight role, and ratifies key issues related to risk management strategy, risk policies and risk appetite.

Below the board is a capital & risk committee, which includes CEO Clive Tobin, CFO Ian Campbell, Groth and other senior executives and which, with regular input from the business units, formulates and recommends on matters of risk governance to the board. "A lot of risk governance issues are heavily influenced by the business and the strategy," Groth notes.

Meeting monthly, "the committee aggregates information from the businesses and filters out what are the key risks and risk issues of the business," he explains. "My role is to build the risk management framework and infrastructure, and implement it within the businesses to enable each unit to achieve their objectives."

Carl Groth: "My role is to build the risk management framework and infrastructure, and implement it within the businesses to enable each unit to achieve their objectives."

Groth, based in New Jersey, works with a risk officer in the UK, as well as a person dedicated to Solvency II matters. Groth is recruiting a risk officer for the US as well as two other staff.

Groth explains that Torus's broader risk management capabilities are marshalled under a "three lines of defence" operating model. The businesses and supporting functions -- as risk owners -- are the first line of defence. ERM, risk analytics, compliance and the management committee form the second line of defence. Internal audit forms the third by providing assurance to management and the board that the risk management programme is sound.

Rob Mankievitz, Torus's head of compliance, had held the CRO role until Groth was recruited, and helped establish the foundation of this three lines of defence risk-governance operating model.

The risk management structure is completed by a Solvency II committee, chaired by CFO Campbell, and an internal model sub-committee, chaired by chief actuary Andrew Turnbull. This is logical because all the capital modelling is carried out by the risk analytics group under Turnbull, who also manages the company's reserving and pricing functions.

"We're well on way to building an internal model," says Groth. "We're in preliminary discussions with the FSA right now on pre-application." At present, Groth is concentrating "on assisting with the definition of the functional requirements of the internal model." Some of the functions that Groth expects the model to perform include: risk appetite and tolerance setting, monitoring aggregate risk against the risk appetite that was set, and business planning and capital allocation - by entity and by Torus's four major business segments.

Torus will also use the model for various risk management applications, according to Groth. Examples: how the company buys reinsurance and other types of outward cover such as industry loss warranties and cat bonds; and how to manage the business through the various market cycles.

"We're building the model to help the way the business is run," Groth stresses, so "the use test is right in the middle of our radar screen."

Groth says "we expect to have a very robust ERM programme that will satisfy Solvency II requirements."

Carl Groth: "We're building the model to help the way the business is run. The use test is right in the middle of our radar screen."

He doesn't have any particular issue with the directive. He's not concerned about reports that capital requirements may be higher than originally envisaged because of CEIOPS changing some calibrations. "Being a fairly new company, we've been conservative on our capital utilization," he says. And "other requirements of Solvency II are all in line with what we want to build for our enterprise risk management."

Model validation will be one of his roles, Groth explains, though he stresses his key role is making sure the risk management framework is built - the risk register, the processes, the analytical tools - and driving the risk monitoring and reporting. His group also acts in a risk advisory capacity, for example on emerging market opportunities and on dealing with rating agencies.

One virtue of Torus that attracted Groth to the company was that "risk analytics are an important driver of our business decisions", adding that "being an analytics-driven company can give us a competitive advantage. Making sure we understand data and risk analytics helps us identify where we want to increase risk-taking versus dialling it down."

Groth says "it has been relatively straightforward to create my vision for ERM" - for a couple of reasons. He started with a relatively clean slate because of the newness of the company. Also the tone at the top was right. "There was the recognition that risk management is really critical for the company's success," he emphasizes.

Back to top