Regulators Should Push Insurers On ERM

o ERM affords regulators a deeper view into company solvency.

During my tenure as superintendent of the New York Insurance Department, I was often struck by my perception that many insurers had a better grasp of their policyholders' risks than their own.

Insurance companies face myriad risks–credit risk, market risk, underwriting risk, operational risk, strategic risk–that could threaten their financial strength.

Insurance regulators face risks, too–the primary one is the aforementioned risks facing their regulated companies could result in one being so harmed as to result in insolvency, ultimately impacting consumers.

A comprehensive ERM program provides companies with a deeper understanding of risk by giving a more holistic view. Another way to think about ERM is that it demonstrates the integrated impact of multiple risks occurring.

This is important, since multiple risks exacerbating each other represent a significant danger. Deloitte Research's "Disarming the Value Killers" study, published in February 2006, revealed that over 80 percent of the worst financial losses to companies were the result of two or more risks interacting.

ERM also focuses management on operational and strategic risks–which, if ignored, frequently account for insolvencies.

There are emerging techniques that allow risk management professionals to quantify the impact of these risks on financial strength.

Among the emerging techniques is value-based management–a process by which risk is managed in a coordinated fashion across the enterprise. This method creates more robust risk awareness and risk-based performance measures that facilitate intelligent risk decision-making with the goal of creating enhanced value.

The old model for managing enterprise risk is to place the risks in silos, without considering the potential interactive impact.

In addition, not all risks are quantified with a consistent set of metrics.

Today, senior management needs a methodology to measure all of their enterprise risks in a consistent, integrated and aggregated way. An ERM program gives companies and decision-makers insights to guide their enterprises in ways that were not possible before.

These new insights will result in enhanced financial stability.

As New York superintendent, I often focused on issues relating to the solvency of insurers domiciled in New York. The worst-case scenario for any regulator is an insolvent domiciled company on their watch.

Focus as they might during their examinations, no regulator can gain as keen an insight into an insurer's risks as a company can using its own comprehensive ERM program.

Therefore, one of the first things the regulators should be looking at is the ERM program itself. If an insurer does not have an ERM program in place, the regulator should press the company to develop one, and move the industry in the direction of ERM as a standard best business practice.

With regard to the new methodologies inherent in ERM processses, regulators have taken a back seat up until now, while the rating agencies have led the way.

It often is said that rating agencies are the "de facto" regulators. But it is the insurance regulators who have the most leverage to drive more companies to develop ERM programs–providing a more holistic view of risk exposures, enhancing risk management practices and capturing deeper insights into the financial strength of the industry.

That is to the benefit of the industry, the regulators, the rating agencies and, ultimately, the consumers. In the ERM game, everybody can win.