Enterprise risk management is fundamentally changing the way companies think about, measure and manage risk.

A powerful trend is moving risk management to a higher level: enterprise risk management (ERM). This trend affects both the processes by which companies measure and manage risk, as well as the markets in which risks are traded. Within a company, ERM has meant a holistic risk program that integrates the management activities for market risk, credit risk and operational risk, often under the leadership of a chief risk officer (CRO). Within the capital markets, ERM has meant the convergence of financial and insurance products, resulting in a whole new class of innovative risk transfer solutions such as credit derivatives, insurance-linked securities and other alternative risk transfer (ART) products.

A new standard
ERM has gained worldwide acceptance and momentum over the past several years. A trend that began in the US financial services industry has extended into other countries in Europe and Asia, as well as to other industries such as energy companies and non-financial corporations. This strong movement towards ERM, including the appointment of over 100 CROs at leading institutions, is supported by four key factors:

1. Risks are highly interrelated, and thus require an integrated approach. There is a growing recognition that managing risk by silos simply doesn't work because risks, by their nature, are highly interdependent and cannot be isolated and managed by independent units. For example, hedging with derivatives involves market (basis risk), credit (counterparty risk) and operational (documentation risk) exposures. Further, disasters are often caused by a confluence of risk events. The downfall of Barings resulted from unauthorised trading and a significant drop in the Nikkei stock market. Power Company of America (PCA) was bankrupted by a simultaneous spike in energy prices and a default by a key supplier. Thus an integrated approach is required for the effective measurement and management of interrelated risks.

2. Key stakeholders are demanding risk transparency and accountability. The business world is ever increasing its standards for managing all types of risk. Investors are punishing companies with negative earnings surprises. At the same time, the SEC has cracked down on ‘earnings management' practices that are based on creative accounting. Industry groups have published guidelines (for example, Turnbull Report in the UK, Dey Report in Canada, and Treadway Report in the US) that put the onus for enterprise-wide risk management squarely on the shoulders of the board and management. The Basel Committee on Banking Supervision is setting capital requirements based on credit, market and operational risks. In this environment, companies must manage the underlying risks that they face.

3. ERM has produced superior business results. History has clearly demonstrated the failings of the traditional approach of managing risk by silos. Infamous disasters such as Barings and PCA provide strong reminders that key risks can escape management attention in a fragmented approach. Meanwhile, companies that have implemented ERM programs have reported significant improvements, including lower losses and higher market valuation. These companies have applied ERM to control downside risks, as well as support business profitability and growth. Well-publicised success stories include Chase, CIBC, Enron, Goldman Sachs and Royal Bank of Scotland, and their experiences will only encourage others to pursue ERM. Unlike management fads such as reengineering, nearly every company that has implemented ERM is continuing to invest in their programs.

4. The CRO represents a great career track for risk professionals. Years ago, risk professionals could only hope to advance to head a specific risk function, like asset/liability management or insurance purchasing. These positions were generally considered middle management and offered compensation that was a fraction of what other executives made. Today, companies looking to establish ERM programs are offering their CROs million-dollar packages and a seat at the executive management table. In a recent internet conference conducted by ERisk, 68% of the 174 participants said they aspired to become a CRO. ERM provides risk professionals the opportunity to think more broadly about their businesses, add more value to their companies and thus advance their careers. As with other growth professions, the war for talent is real in risk management. Companies without an ERM program or a CRO career track are at a clear disadvantage.

Companies that have implemented ERM programs have realised significant benefits with respect to financial performance and organisational effectiveness. To these companies, ERM represents a key component of their competitive advantage. One of the clear benefits of ERM is a much more integrated and rationalised approach to risk transfer.

Implications for risk transfer
As discussed above, the silo approach to risk management is fundamentally flawed when it comes to how a company organises its internal processes to deal with interdependent risks. By extension, the silo approach is also flawed when it comes to risk transfer.

Traditionally, risk transfer has been viewed by end-users as a way to solve specific ‘micro risk' issues. Within a company, for example, the treasurer would use financial futures and swaps to hedge interest rate and foreign exchange risk exposures, while the insurance manager would purchase product liability and property/casualty insurance to protect against certain business and operational risks. Both the treasurer and the insurance manager have specific risk problems they seek to address through risk transfer. They will evaluate various proposals from product providers and then make a decision based on the best structure and price. However, even in a risk silo the cost of risk transfer can be greatly reduced when individual positions are grouped into portfolios. For example, the treasurer can reduce hedging costs for interest rate risk by ‘macro-hedging' the overall balance sheet as opposed to ‘micro-hedging' individual assets and liabilities. Similarly, insurance managers have realised significant premium savings by taking advantage of internal diversification and transferring the residual risks using multi-risk, multi-year insurance policies.

ERM takes diversification one step further by integrating the risk silos into a firm-wide portfolio of risk. The benefits of diversification, or internal hedges, can then be maximised by incorporating the correlation and volatility of all of a company's risk exposures. As such, the company can integrate its risk transfer activities and focus on its net risk exposures. Taking an ERM approach to risk transfer produces four key benefits:

  • incorporating the full impact of diversification and thereby reducing the notional amount of coverage and cost of risk transfer;

  • rationalising various risk transfer strategies to avoid the over- and under-hedging of different risks;

  • optimising the limits and attachment points for insurance/reinsurance policies, as well as the hedging structures for derivative transactions; and

  • minimising the cost of risk transfer by arbitrating between traditional and alternative risk transfer products, as well as between product providers.

    It is important to note that while ART products can be highly effective, their use is not required in ERM to achieve the above benefits. A company can gain efficiency simply by taking an ERM perspective in assessing its portfolio of risks before executing traditional derivative or insurance transactions. For example, ERisk recently identified over $30m in annual reinsurance savings for a large insurer through the application of its ERM analytics – and without affecting the level of protection enjoyed by the company.

    One of the most effective tools in ERM is the application of Economic Capital and risk-adjusted return on capital (RAROC). Economic Capital represents the amount of capital required to protect against loss volatility at a consistent probability level. RAROC measures the return on Economic Capital. Together, Economic Capital and RAROC provide a common framework for measuring risk exposure and risk/return performance across all types of risks and business activities. Leading companies have adopted this framework not only for risk management purposes, but also to support business growth and profitability by executing new business initiatives and M&A transactions that offer the highest risk-adjusted return.

    The Economic Capital and RAROC framework is also a useful tool for evaluating the impact of different risk transfer strategies. For example, in executing any risk transfer strategy, the economic benefits include lower expected losses and reduced loss volatility, while the economic costs include insurance premium or hedging costs, as well as higher counterparty credit and operational risk exposures. In a sense, the company is both ceding risk and ceding return, resulting in a ‘ceded RAROC'. By comparing the ceded RAROCs of various risk transfer strategies, a company can compare different structures, prices and counterparties on an apples-to-apples basis and select the most optimal transaction(s). It is easy to see how useful this can be when it comes to ART and other structured risk transfer products whose custom features can make comparison difficult.

    A key tenet of ERM is that risk is risk. A corollary of that precept is that risk transfer is risk transfer. As ERM empowers companies to measure and manage all sources of risk uniformly and to evaluate all types of risk transfer, it will drive product providers to adopt their business models. Insurance and reinsurance companies, commercial and investment banks, and brokers must evolve from being ‘product specialists' to ‘trusted advisors'. They can no longer simply tout the ‘product of the month' and expect their clients to place their orders. They must work harder to understand the client's needs, and apply their risk structuring capabilities to create an optimal risk transfer solution. This involves three steps:

    (1) understanding the client's risk management objectives, such as regulatory capital relief, tax savings, or risk/return optimisation;

    (2) incorporating the client's constraints, such as legal and regulatory requirements, tax status, and loan and debt covenants; and

    (3) structuring a risk transfer solution that optimises the client's objectives and constraints.

    Finally, the role of intermediaries (i.e. brokers) will need to go beyond facilitating price discovery and processing and servicing transactions. Companies leveraging the internet and B2B exchanges, including pure-plays and multi-company networks, will perform these functions faster, cheaper and better. Rather, brokers and other intermediaries must serve as an independent and trusted advisor and offer their clients value-added advice and analytical support.

    Conclusion
    In summary, enterprise risk management is fundamentally changing the way companies think about, measure and manage risk. In the past, companies analysed their risks at the transaction and risk silo level. Product-providers pushed their risk transfer products designed for specific risks, and brokers acted as an intermediary by facilitating pricing, processing and servicing. ERM is changing the game. In the future, companies will analyse their risks at the enterprise portfolio level, and seek to transfer only their net risks (and only at the right price as determined by RAROC analysis). Product-providers will be differentiated less by the range of products they offer and more by their risk structuring and distribution skills. Brokers will become their clients' trusted advisers or they will simply be out of business.

    Some see ERM as a threat to how the risk management business is conducted, and their roles in that process. Others view ERM as an unprecedented opportunity for risk professionals to add maximum value to their companies, and move risk management from a function that prevents losses to one that also plays a key role in business growth and profitability. As a risk professional of nearly 20 years, I subscribe to the latter view. From my perspective, there has never been a better time to be in the risk management business.