Many conversations around risk and capital modelling highlight the need to 'industrialise' processes. But is this 18th century concept appropriate for insurers in the 21st century? European experts discuss this and other risk management questions in the second part of this InsuranceERM and SunGard roundtable
Participants
Dominic Rau, head of risk aggregation and analytics, Swiss Re
Stuart Shepley, chief actuary, Zurich Insurance Company
Ruslana Strunden, risk actuarial principal, SunGard
Michel Dacorogna, scientific advisor, Scor
William Diffey, director of GI business practice, SunGard
Patricio Verdieri, chief risk officer, Zurich Life Switzerland
Chaired by Christopher Cundy, contributing editor, InsuranceERM
Agile modelling
Patricio Verdieri: I am a bit sceptical of this big integration, because of the complexity of our systems. I would sometimes prefer a simple, probably not that exact, solution that we can use in a much quicker and more dynamic way. Our modelling engine requires a lot of power to get a very precise calculation, whereas sometimes it would probably be better to play through towards three variances of the scenario and get a result in a minute.
Chris Cundy: But then there are some CEOs who do want everything at their fingertips.
Stuart Shepley: It might be a bit of a trivial comparison, but if you go into a web browser, type in your few search words, hit 'enter', and it takes three minutes before it comes back, you are not going to use it very often. Get an answer in point two of a second, you are going to ask five questions and within two or three minutes you are going to feel you understand. Somehow, we have got to make use of the capital model in a similar way.
Now, there are going to be some big decisions, which are actually going to require hard yards and they will take longer to look at but, most of the time, you are really just trying to influence decisions in a small way to make them slightly better than they could otherwise have been.
It is really about signal over noise. You have to be very careful. The CEO who has got at their fingertips the ability to refresh it all instantaneously: they are going to have to be very mature not to react to some changes otherwise they are going to be micromanaging things that are actually just noise.
Michel Dacorogna: It is exactly my fear, but I think systems like this do exist. I can give you an experience I had. When we were discussing buying Transamerica Re, I was asked to give an answer the next day. I gave one, and then we ran the big model 70 times until the deal was done. At the end, once the deal was made and we got the data, we noticed that the number was 5% to 10% off the first estimate. Sometime you have to accept, as you say, some dirty or quick work.
Stuart Shepley: Proxy, I think, is the technical term!
William Diffey: There is certainly a great demand in the market for far faster models. Then people can run them for a few optimised scenarios and use them to inform decision-making more on a real-time basis. This is needed for Solvency II/ORSA/FLAOR and accelerated closes. Boards need to understand the limitations of such nimble modelling through validation and P&L attribution.
Dividing up diversification benefit
William Diffey: In a big group, how do you allocate the diversification benefit - often the biggest risk-based capital number - across business units so that the CEOs of each business unit can make well-informed decisions from an ROE [return on equity] perspective?
Michel Dacorogna: That is why I am reluctant to have a model that is too real-time, because the diversification benefit changes with time. We have a one-year perspective, but it is much too short. The real experience is that when you buy a big company, for example, the diversification benefit suddenly changes completely. Should you use that in your business decisions right away?
Dominic Rau: Where in the planning process do you want to bring in your forecasts on changes of diversification due to portfolio development or improved information about the outside world? You might want to calibrate your costing and valuation parameters based on this but don't want to change the rules of the game in the middle of it for your underwriters. You start, actually, to get locked-in to certain points in time when you can change these things.
Michel Dacorogna: Yes, and you also have to think more than one step ahead. Should you give all the diversification benefit you achieve now on the portfolio to your underwriter next year, or should you give it only partially? Those are business questions. It is not any more a model question. That is where, as I was saying at the beginning, the chief risk officer has to be an optimiser; a person that thinks about how to do the business, and that is where, also, this question of quickly changing the wrong decision is important. You cannot wait for the model to work for a month before you know the answer.
Stuart Shepley: It is recognised that the diversification benefit businesses get from being part of a large group are significant compared to smaller local competitors, but you do have to have that ability for them to debate what is the right level of profitability that they need to be generating. This gets you into – and this is good news for us around the table – not just the return, but the return over equity (ROE) perspective, and how much does a local business influence the E-piece, not just the R-piece? Most local businesses focus more on the R and leave the holding company to deal with the E.
Dominic Rau: How do you lead this discussion?
Stuart Shepley: We pretty much have a three-year strategy. Obviously, it gets revisited, particularly when there is fundamental change. The discussion is facilitated and led by the finance area, initially, informed by risk and treasury, and then gets input and direction from the board and wider business.
Dominic Rau: How do you get the market reality into that?
Stuart Shepley: It's a big challenge, and an area which we continuously seek to understand.
Michel Dacorogna: Risk management has to educate the business about this planning. You not only have to plan how much premium you are going to write, you also have to plan how much risk you are going to write, and for that you have to understand how this risk integrates in the group portfolio, not only the risk standalone.
Model risk
Stuart Shepley: How do we as an industry manage model risk? Sometimes it feels like an arms race to have the most important and sophisticated model. On behalf of the customer, there is perhaps a mistaken belief that focussing on this is going to make their policyholder benefits more secure, when in fact that is not necessarily the case. Better to augment modelling with 'real world' scenarios to ensure a balanced understanding is achieved.
William Diffey: Half the time it is very difficult to argue that sophistication does protect the policyholder because you cannot solve the fundamental issue that many P&C business lines are inherently risky, and it is the extremes and reinsurance programmes that matter.
Michel Dacorogna: I am also sceptical of relying only on models, because of this uncertainty that we will not, even with the best validation in the world, solve.
Ruslana Strunden: Each company sees risk differently; it is very much subjective. The model is a snapshot from today of how the company sees its future development. Everything is about personal judgement, so we have the probability of making mistakes.
Dominic Rau: Where could model risk materialise? It could be, for example, if we set a limit based on model results. If somebody hits the limit and does not do an attractive trade, when for a breach of 5% of the limit he could have done it, this would be materialisation of model risk. I think the materialisation of model risk always requires a person taking a wrong model-based decision, sometimes due to delegation of personal accountability to a model or just not switching on their brain and thinking critically.
Patricio Verdieri: If the pricing model is wrong, you set out a wrong price, and that is a real model risk. On the capital model side, I fully agree and I think the biggest model risk in capital models is if, as you said, you have hardwired decisions.
Big data
Chris Cundy: Let's turn to big data. Do you think that there is potentially useful risk information in there, and what is your strategy for dealing with that?
Patricio Verdieri: What I would like to have is the ability to search all our company information for risk indicators - as you might scan newspapers to count the number of times 'crisis' appears and that could be an indicator of a next crisis. Although we have to keep compliance considerations in mind.
Stuart Shepley: I think there are two aspects to this. There is the compliance risk, that if you collect data from people, and use it against them in due course, clearly, that is a specific regulatory risk that needs to be managed. I think there is also the business risk of not being sufficiently developed in this space and, as risk professionals, how do we make sure that we promote the business use?
There is information that will inform the risk process but as of yet we are not well developed in terms making use of that information. The challenge for me is bridging the enterprise's information with these new pots of information flows, such as social media. Just understanding trends in the wider sense does not really help you very much. You have got to be able to make the bridge back into where you are and how your data relates to the softer sources of data.
Dominic Rau: Some colleagues working on the product side have a couple of ideas of what could be done, but when I listen to them and try to apply it to risk management, I must admit, I am struggling a bit.
What about times when the whole industry takes a hit, as in Australia recently? Claims behaviour was changing in the market. At some point, we all found out and we stopped it. Was there a pattern in social media that we could have picked up? How would you find that pattern, and how would you link it to your claims development?
Michel Dacorogna: There is information in the data. To get it out though is the difficult bit.
Patricio Verdieri: It goes back to a related topic around risk indicators. Often it is not successful because we do not ask, or we are not sure about the question we are asking. We are just looking at data, and basically require the data to tell us the question and the answer, and that does not work. It is like Google - a search engine does not produce anything if you do not ask a question.
Ruslana Strunden: Before you put any data into your system, before you start modelling or doing something with the data, first you need to prepare it. That is a very subjective process, and is the first risk I have if I look at a big data set.
The second risk is that an insurer has different internal systems for reserving, pricing, capital modelling, accounting, underwriting and so on, and has to carry all this data from one system to another.
Industrialisation
Patricio Verdieri: The concept of industrialisation has been mentioned several times, but it is a concept of 18th or 19th century. We are in the 21st century and, if you look at the internet, what is the common denominator? It is the language. You do not have one set of data. The capability that has been developed, by companies like Google, is that you can search it. It is not that it is one system. If we want to bring everything on to one platform, is gets so complex that we cannot manage it any more.
Michel Dacorogna: The data should flow. It does not mean it has to be the same system. What you need is a dictionary, basically, from one system to another. And those dictionaries should work fast without losing information.
William Diffey: Quality control is a 20th century concept but needs to be applied to models. You probably do need something that can aggregate from other systems. For insurers, better dashboarding and systems technology will be crucial over the next five years.
Stuart Shepley: I think we are touching on a hugely exciting opportunity, actually. We are on the cusp of some structural, industry-wide change.
If you go back 20 years or so, people liked to have their own administration systems, because their products were different. Those products became ever more complicated, so much so that the cost of creating a bespoke administration system became prohibitive. The complexity was huge, and what really killed it was trying to migrate past products from other systems. So we moved more into reasonably standardised packages and customise as little as possible.
Actually, we have moved on from that again. It would be very dangerous for us as an industry to invest many hundreds of millions in some of these more 20th century IT solutions, the 'big box' solutions, when we have an expectation that we need to make use of big data to react faster.
We all have employees who in their personal lives are used to logging on to the app store and getting the latest app to exploit whatever the latest data feeds are. That is the challenge for the large, data-driven insurance groups, and by inference, the challenge for the IT community.
Dominic Rau: The technological limitation of our current environment is not the lack of data but the lack of its accessibility and putting data from different sources into relation. This is different for the WWW, where quite amazing searches can be achieved with a relatively poor data language (html). I think the key to our problem is to get our systems to talk to each other.
Michel Dacorogna: I have to confirm what Dominic was saying. We have all those systems that have very good capabilities but they do not talk to each other, and it is a big challenge to make them talk to each other.
William Diffey: The people, IT and systems need to talk to each other more.
Read part 1 of this roundtable here.
