Motivation is defined as the process that propels, directs, and maintains goal-oriented behaviors. It is the driving force causing us to act. Most of our pursuits in life—everything from continuing our education so we can get a better job, to running or exercising to improve our health—are a result of the complex mix of emotional, social and intellectual forces that guide our behavior and professional achievement.
Motivation can be extrinsic, derived from anticipated rewards such as bonuses, social recognition, and professional degrees, or it can be intrinsic, driven from within, by such factors as the satisfaction one gets from acting ethically, or a sense of accomplishment from solving complex problems.
NAIC's ORSA Model Act 505
These factors may well be on the mind of many risk management professionals faced with the challenge of establishing an enterprise risk management program. There is only one year to go until the effective deadline date provided for NAIC's Risk Management and Own Risk Solvency (ORSA) Model Act 505. The Model Act requires that subject insurers build a solid ERM program, perform a risk-based solvency and capital assessment, and provide specific reporting about their efforts to their supervisory states. States already adopting the Model Act include California, Iowa, Maine, New Hampshire, Pennsylvania, Rhode Island and Vermont.
However, key participants may not yet be convinced that the time and effort to thoroughly evaluate risks and controls is worth the time and effort being asked of them. Board of directors and senior managers, already focused on SEC reporting disclosures, Sarbanes-Oxley rules, and other regulatory mandates, may give lip service to implementing an enterprise risk management (ERM) process, but many are not yet fully engaged.
What might risk professionals do to motivate colleagues to truly embrace ERM and drive ORSA-related initiatives?
External regulatory, peer, and social forces play a big role; however, penalties and incentives are a primary driver. It may sound cliché, but studies show motivating individuals often requires either an incentive “carrot,” or penalizing “stick.” In the world of ERM and ORSA compliance, both a “carrot and stick” approach may be most effective in elevating ERM adoption to the next level.
The Sticks
We'll start with the “sticks.” Historically, regulators have incented companies and individuals to conform to desired behaviors with threats of heavy fines. Specific form, rate, disclosure, and financial filing requirements carry serious penalties for non-compliance. State Financial Examinations or audits uncovering regulatory breaches typically carry severe fines by type of violation at issue. In some extreme cases, the company's licensing status may be at risk.
On the federal level, laws affecting the financial services industry focusing on corporate governance and ethics often establish personal liability against board members for any wrongdoing. Companies doing business globally may also face the threat of international sanctions. All of this offers strong incentive to the Board and senior management to commit time, energy and resources to other compliance efforts.
But what are the equivalent “teeth” behind ORSA? For better or worse, unlike past U.S. insurance regulatory mandates, the NAIC's ORSA reporting requirements provide no concrete standards or minimum requirements that companies must implement to have an “acceptable” or a “strong” ERM program. Instead, the NAIC has set broad principles-based reporting requirements that give companies flexibility in creating their own unique risk program.
This may result in a perception at some enterprises that there may be little bite to the ORSA bark. Neither the NAIC nor the states have outlined any specific dollar penalties, fines or fees for failure to file an ORSA report or conduct risk-based capital analysis for any reason. There are also capitalization thresholds for ORSA reporting that do not require “smaller” companies to provide an ORSA report to their home state regulator. To counter this, state regulators have said that companies without a strong ERM program may be more likely to be examined, and face more market conduct scrutiny.
At the end of the day, is this enough of an incentive to divert company resources from perceived “higher penalty” compliance efforts, like conducting SOX audits? Lack of standards can be a real challenge for chief risk officers and others trying to push ERM initiatives forward in companies of all sizes.
At this point in time, companies may be more motivated by a stick waved by a different source —rating agencies. Major rating agencies have factored enterprise risk management review processes into their rating methodologies. Failure to implement robust ERM programs may result in ratings downgrades. A lack of sufficient risk review protocols, and/or failure of management to take into consideration major corporate risks across the organization, might result in negative narratives or publication of deficiencies in governance structure, with a significant impact to the company's ability to write desired lines of business, or attract investors. Would your company prefer to have a reputation as a risk management leader, or be known as a company that does not follow developing industry best practices?
Many Carrots
On the flip side, many studies of business and personal targets suggest that it may be incentives (“carrots”) and not the stick that drive human actions more successfully. While the threat of penalties may be effective in increasing ERM efforts, perhaps even greater results will be achieved by showing individuals and organizations how specific actions will benefit them.
When an organization sits down to explore why to implement strong ERM and ORSA practices, it may end up asking the question, “What's in it for me?”
Fortunately, there are many concrete benefits of ERM, and companies who have well-developed risk and capital assessment programs are discovering new advantages every day. Implementations of ERM programs ideally lead to improvements in risk management efficacy, operations, and capital allocation, all with quantifiable dollar impact.
Specifically regarding ORSA compliance, there are benefits to the NAIC's plan to allow insurers flexibility in how, and to what degree, to complete their risk-based capital and solvency review. Companies can tailor their program to their size, lines of business written, capitalization structure, and management philosophy towards risk-taking in general. The NAIC hopes that this flexibility will better enable companies to manage their own risk and capital/solvency position with terminology, methodology, and reporting that will be truly meaningful to the business over the long run.
Aside from the ORSA report itself, ERM implementation gives insurers a structured framework to review business challenges and opportunities in a new light, beyond a traditional evaluation of risk focused on the purchase of loss-mitigating insurance or reinsurance. Risks that affect multiple departments are being reviewed together and aggregated. Insurers are gaining a better understanding of, and appreciation for, the true organization-wide impact of large-loss events or disasters.
Thinking about risk limits and tolerances as part of an ERM program allows companies to define their risk appetite, and eventually the value drivers in their insurance, which can help strategic business planning. Using a risk-based analysis to assess capital helps maximize capital investments to the benefit of owners and shareholders, since the approach forces insurers to think about the potential risks and rewards of their strategy in their underwriting portfolios and operations.
There are other benefits from a practical, operational perspective as well. Employee morale generally will increases in alignment with their confidence in raising issues. Employee satisfaction has been tied also to a sense that the risks that most concern them personally will be given needed attention and resources.
Cost savings may be achieved, when controls are implemented for risks on the basis of their frequency and severity, in ways that may not have occurred to management in the past. Management may also have more control over expenses overall, with a visible impact to financial results.
What encourages your organization – the carrot or the stick?
Companies have definite personalities and culture, and the job of the Chief Risk Officer or risk champion is to identify whether key participants in the ERM process are either “stick people,” often defensive, and generally unwilling to take much regulatory scrutiny, or “carrot” people, focused on long term benefits and offensive, proactive solutions. Neither type is bad, they just may need information in different ways, and a program designed to account for different motivating factors aligned with their preferred perspective and approach.
“Stick” companies comply with all laws and regulations 100 percent regardless of the cost or effort, and may, for example, be unnecessarily duplicating control efforts, policies, procedures, attestations, and disclosures in order to avoid any fines, fees or penalties. Board of directors follow the letter of each regulatory requirement so as not to incur corporate or personal loss, but may miss important business or strategic issues getting too focused on specific details, being too “in the weeds” of items that have a regulatory bent.
Threat of loss, serious reputational impact, and rating agency downgrade could be motivating factors to jump start or accelerate ERM and ORSA efforts. For “stick” companies, helpful strategies might include:
- Outlining clearly for the Board and senior managers specific regulatory and non-regulatory drivers of ERM that can hurt the company, as noted above;
- Widely showcasing and circulating public examples of companies that have gotten penalized or hurt by large, poorly managed losses;
- Running scenarios and stress testing exercises regularly for the Board, managers and all staff involved in ERM efforts, to remind them of the “bad things that can happen” if risk is not properly managed;
- Setting firm deadlines and timeline for ERM initiatives and project stages, with penalties (such as visibility on a Board –level report) for individuals and departments who do not meet the deadlines;
- Making individual managers and staff personally accountable in their performance reviews for doing timely risk and control assessments, and managing their part of the ERM program.
Carrot organizations are different. They work off a different set of triggers. They're inspired to produce more when they can see their efforts will provide long term benefits, and may be more creative in interpreting laws.
They may look more to principle than the firm letter of the law and may appreciate having a broader range of (beneficial) reasons to support risk management initiatives.
For carrot companies, some strategies may include:
- Breaking down ERM plan objectives with small, easy to reach steps.
- Commemorating and celebrating success of individuals and departments in reaching milestones in the ERM program. A good example would be to show that a risk ranked as “high” in severity and frequency in one period has been reduced to a “medium” or “low” in a subsequent period due to the successful implementation of a revised plan of controls, policies or procedures.
- Allocating special time in, or outside of, Board meetings to do Scenario and stress testing – but with “positive” examples, such as an opportunity to open a new branch office or enter into a new line of business. The exercise can serve the same purpose as using a more “scary” example, such as a natural disaster or financial collapse, but the response may be more energetic and productive in embedding the risk assessment message.
- Congratulating people whenever they appear to be just “getting smarter about risk.”
Recognize the positive and negative motivational drivers that inspire your organization to take action. Using these factors to your advantage can significantly move your ERM and ORSA effort forward.
May you find success and reap the full benefits of enterprise risk assessment in 2014!
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.