Paul Harwood, Member of the Risk Management Board, shares his thoughts.
Solvency II’s insistence that we consider ‘all risks, actual or potential, that are or may affect a firm’ can be a bit daunting.
For ORSA purposes, I tend to fall back on the fact that we always test lower sales, higher claims and greater expenses, which are the obvious outcomes from all manner of unthought-of risks.
For those who want something a little more formal, the 2011 discussion paper ‘A common risk classification system for the actuarial profession’ is well worth another look.
I caught up with one of the authors and asked him how he thought it stood ten years later. He reflected “…the paper and the associated spreadsheets are still relevant…The one major thing … missing … is pension scheme counterparty exposure to the sponsor and the risk that the sponsor may be unable or unwilling to meet agreed contributions.”
[If we were to re-do the exercise] “I might … like to review the detailed operational risk categories and perhaps add some more on cyber and information risk, particularly around ransomware, cyber vandalism, DDOS and cyber mining which were yet to come to prominence back then.”
Overall though “…I don’t think much has changed in the risks we face (e.g. risk of adverse insurance claims due to storms, more just the frequency and severity of these.”
A candidate for adding to the profession’s canon of risk management materials? What do you think?