S&P initiated a great deal of the activity around enterpriserisk management (ERM) when it announced that it was going tospecifically rate insurers' ERM functions and that those ratingswould influence insurers' credit and financial-strength ratings. Atthe time, S&P offered specific ERM criteria from a variety ofperspectives, one of which was termed strategic risk management(SRM).

The word “strategic” is much used, but implicit in most uses isthe act of investment: allocating capital to a given product orline of business that is intended to generate a profitable return.The foundation of corporate investment is the business plan, whichfrequently contains a detailed description of the proposedinvestment, as well as pro forma results. Because a pro forma is aforecast and the future could develop unfavorably, some level ofrisk adjustment to that forecast is necessary. There are a numberof ways to accomplish this—one of which is through a model.

Capital models form the bedrock of some ERM functions, and theycan be valuable for the insights and measurement capabilities theyoffer. However, no model can provide a complete picture of thefuture, and thus no model should be exclusively relied on foreither risk adjustment or forecasting. For example, corporatestrategists frequently assess business plans using other forms ofqualitative and behavioral information that, together withquantitative input, form the basis for strategic decisions. As wedefine it, SRM effectively does the same thing for risk.

SRM leverages common ERM capabilities around accumulations andmodeling analyses, but it extends those analyses by seeking toidentify and track the “weak signals” of a developing ambiguousthreat that could trigger a concentrated loss. Successfullyaccomplishing this depends heavily on the efficient use of internaland external forms of quantitative, qualitative and behavioralinformation. This can be extremely demanding, but such informationis necessary to properly risk-adjust strategic decisions.

We note above that the term strategic implies an investment act.In a risk-management context, investment could entail a variety ofthings, such as:

• Finding economical ways to hedge a developing ambiguousthreat. For example, prior to the recent financial crisisa number of astute financial observers (including some insurancecompanies) purchased favorably priced credit-default swaps.These purchases resulted in significant levels of profitabilityduring the crisis—but more importantly, the purchases preserved theintegrity of the hedging enterprises during the most severefinancial episode since the Great Depression.
• Finding efficient methods of preserving the integrityof a business model. For example, and as history hasshown, insurance-policy terms and conditions can slip incrementallyover the duration of a soft market. Such incremental deviationsgenerate a number of risks—especially if the deviant activity isnot reflected in capital/risk models. However, if deterioratingmarket behavior is identified and tracked early on, thenstrategists can make product-mix and/or market-position decisionsto mitigate deterioration-related risks.
• Changes to the business strategy and business plan totake advantage of a perceived future market change whichcompetitors have not yet identified. For example, a smallnumber of insurers that correctly identified an impending financialcrisis rapidly exited lines of business such as Directors &Officers, Financial Institutions, Bankers Blanket Bonds, FidelityGuarantee and, to a lesser extent, Professional Liability.
• Pseudo risk-free, high-yielding investments.For example, following the partial nationalization of Royal Bank ofScotland and Lloyds Banking Group in the UK, a number of insurerspurchased high-coupon corporate bonds issued by these twoUK-government-backed banks because they were effectively risk-free.Conversely, insurers who were concerned about the potential for amajor subprime-mortgage event switched out of mortgage-backedsecurities once they realized that even some “AAA”-ratedinstruments included tranches of subprime exposures.

Many risk-mitigation solutions entail a blending of riskdistribution (e.g., reinsurance/retrocession and hedging) andbusiness-model-related activities. This is an important point, asmany risk-management functions have been built around externalcriteria and thus are documentation-oriented. SRM still requiressome level of documentation, of course, given the currentregulatory environment. However, the end result is notdocumentation; rather, it is strategic actions designed toeconomically and efficiently preserve the integrity of a businessmodel, even under—or especially during—conditions of extremedistress. Successfully doing this over time will go a long waytoward facilitating rating-agency and regulatory compliance, whichis important in an increasingly regulation-based globaleconomy.

PaulDelbridge also contributed to this article.