The development of enterprise risk management (ERM) over the last two decades has brought forward the role of Chief Risk Officer (CRO) in the forefront. The various crisis such as the Enron scandal in 2001 led to the strengthening of corporate governance and the passing of the Sarbanes-Oxley Act in 2002.
The development of enterprise risk management (ERM) over the last two decades has brought forward the role of Chief Risk Officer (CRO) in the forefront. The various crisis such as the Enron scandal in 2001 led to the strengthening of corporate governance and the passing of the Sarbanes-Oxley Act in 2002. This helped improve ERM. The importance of the CRO role gained more prominence along with the accelerated development of ERM post-2008 economic crisis. Also, the application of risk-based capital in different developed markets led to an increased focus on ERM because ERM helps in optimizing the use of capital.
The prevailing COVID 19 pandemic has increased claims many folds under both the life and non-life insurance sector. Such increased claims have wiped out the profits of many reinsurance companies for the last many years. The banking sector is equally impacted on the recovery of their loans due to the various government-led initiatives to help the borrowers who could not repay the loan due to failure in business or loss in jobs.
Such economic and demographic turmoil have reinforced the importance of risk management and the role of CRO. This has made CROs more conscious of both existing and emerging risks.
The purpose of this article is to highlight the importance of a risk management information system for CRO to address any gaps in the risk information that can be catastrophic for the survival of the financial institutions. If hidden risks or correlated risks are not spotted at an appropriate time, then emerging risks may crystalize leading to an insolvency situation which has been seen during the 2008 economic crisis. Therefore, there is a need for CRO to use advanced technology to have automated risk information management including the predictive capability to take mitigating action.
The CRO in the organization is the custodian of all risks whereas the front-line managers are focusing on business development where risks are secondary in nature to them. This brings a great responsibility of risk management on the shoulders of CRO. None of the risks can be missed and hidden risks should be brought out in light along with the deducing correlation of risks. The classic example of COVID 19 caught many organizations napping during the initial period of December 2019 and early January 2020 when COVID was restricted to China. At that time risks were highly underestimated, and foresight was missing, many of the correlated risks were missed out.
Risk identification is the first step in the direction of the risk management process and subsequent steps cannot take place without a proper risk identification system. In most crises such as the 2008 global economic crisis, risk identification was missed out. One of the challenges in risk identification is it is based on a manual process having a risk of human interpretation. There are two ways to address this problem is either by improving the risk culture or bringing automation. Organizations are catching up with enhancing the risk culture, but the process is slow, and the first line of defence is not fully prepared to take the role of risk managers. Therefore, there is a need to have an automated system that correlates and bring forward the risks for CROs to take immediate action. The velocity of the risk is very crucial because it can beat the human thinking process to act leading to delays and massive losses. A threshold for the risk action taking must be defined that should popup risk like a sprinkler system to detect smoke for fire risk.
Many risks function faces the challenges of scattered data or data not available for the purpose of risk assessment. Such lack of data or not one view of risk data can lead to either missing some of the key risks or not drawing meaningful conclusions about risks in conjunction with other risks. For example, during the COVID 19 non-life claims, many insurance companies were dependent on the exclusion clause in the policy bond about the loss in the business event due to pandemic is not being covered. However, different governments and regulators ordered to pay such claims leading to many court cases. When such claims are paid which were not priced is a straight loss. So, the exclusion clause that was sitting in the policy bond was the hidden risk no one thought about.
Correlation of risks is another area that requires CRO’s attention. A big shock in a system sends ripples in different economic areas which have a direct impact on the financial institution. For example, in 2011, Japan’s Tsunami led to a 20% fall in prices in Tokyo’s Stock Market in the first two days of operation and a 30bps fall in Japan’s Sovereign Credit default swap. Also, the international equity market was equally impacted leading to falling in their prices and bond yields. Such shocks impact interest rate, inflation and liquidity concerning financial institutions’ cash flows and capital requirement. CRO need to re-assess the Company’s risk profile due to such events and raise the risks to the management and the Board for corrective action. Such re-assessment of risks is possible when CRO have an automated system that can re-calculate the risks in wake of such events.