Standard & Poor’s specializes in rating companies on a variety of financial and non-financial measures. Since 2005, Standard & Poor’s has evaluated the effectiveness of enterprise risk management (ERM) in European insurance companies. Insurance companies have a strong need for a strong risk management strategy because of the high risk of loss in the industry if something goes awry. Overall, they find that 86% of rated European insurance companies have adequate ERM programs in place.
Elements of an adequate ERM program, as defined by Standard & Poor’s, include:
- Fully functioning risk control systems that cover all major risks
- Risk management process is classical, silo-based
- Lacks a clear vision of their overall risk profile
- Risk limits for various risks are set independently, no significant coordination between risk profiles
Traditional risk management is silo-based, but may still be managed in a highly sophisticated way. There is typically little focus on the interaction among different risks. Standard & Poor’s found that instead of the integrated risk control emphasized by an ERM approach, most insurance companies are still using silo-based risk management. Only one-third of the companies surveyed had an ERM-based risk management approach.
An important component of a strong risk management program is its ability to deal with new emerging risks on a continuous basis. Very few insurance companies in Europe stood out as dealing well with emerging risks. Generally, the companies who did well in this area were re-insurers or large and diversified groups. A majority of insurance companies did not address emerging risks at all or addressed them very inconsistently.
One of the benefits of ERM is the value derived from a strong risk management strategy. Companies who have a strong ERM strategy may have an economic competitive advantage. Standard & Poor’s found that very few insurance companies benefited from having a real value-added ERM program. This suggests, once again, that most insurance companies are still in a primitive state of implementation of ERM.
Overall, European insurance companies are making strides to implement ERM. However, most companies are in the embryonic stages of ERM implementation. The majority of companies tend to still employ a more traditional, silo-based risk management approach.