Tag Archives: essert

Changing Business Models, ‘New’ ERM

Significant social, technological, economic, environmental and political forces are reshaping the needs and expectations of insurance buyers, as well as the business environment in which insurance providers operate.

Even a partial list of these forces is daunting: aging populations in developed markets; different needs and purchasing behavior of younger buyers of insurance; self-driving vehicles; telematics; artificial intelligence; the internet of things; and persistent low interest rates. With so many forces in play, it’s difficult to determine the exact landscape of the new insurance world.

But it’s not too early for insurers to prepare.

Regardless of exactly how they plan to address a rapidly changing and more unstable world, one capability that will remain critical to all insurers’ success is enterprise risk management. We describe below three key developments that insurers should incorporate into their ERM evolution.

Insurers’ business models are changing and ERM needs to keep pace.

Stress testing will join economic capital as the main risk decision tool.

VAR-based economic capital measures originated in banking and asset portfolio management more than 40 years ago. Over the last couple of decades, the insurance industry has widely adopted the concept.

This is particularly true for insurers’ credit and market risk taking, areas where the VAR concept is endemic. For some aspects of insurance risk, like statistical variability around a stable mean, the concept also fits well. In an insurance world where credit, market and insurance are insurers’ main risks, economic capital is effective. But what if the world changes to one where other risks join these at center stage?

Life insurance in a persistent low-interest-rate environment with rapidly evolving distribution models provides a clear example of recent change and its implications for ERM. The bulk of many life insurers’ liabilities and supporting assets are composed of permanent type products they wrote when asset returns were markedly higher. These higher returns supported the stable distribution model of a sales force based on up-front commissions. In turn, this fit the products’ complex features that needed such a model to explain and sell them. Delivering on these guarantees necessitated focus on the credit and market risks they created. And VAR was developed to manage these risks.

See also: Minding the Gap: Investment Risk Management in a Low-Yield Environment  

However, now that asset returns are much lower, supporting this distribution model will be difficult. Fortunately, other less costly models are available and probably preferable to younger buyers of insurance. This demographic group has shown a preference for a more t-to-purpose protection model that is less permanent and less complex. As a result, credit and market risks cease to be ERM’s overwhelming focus. Instead, strategic and operational challenges created by transitioning to and maintaining the new business model take center stage, as do the risk tools that can address these challenges. Among these, stress testing figures most prominently.

Trends in the property and casualty sector also point to a shift in risk focus and risk management tools. Impending and actual changes in the nature of driving and vehicle ownership will radically and permanently alter the auto insurance landscape. Developing an understanding of the implications of these changes and their risks to an insurance enterprise needs a tool like stress testing. Similarly, an increased emphasis on assisting customers with mitigating and managing their own risks, rather than just insuring them, moves more of an insurer’s risk profile out of the traditional risk-taker role and into a service provider model. VAR is a good risk tool for a risk taker, but stress testing is the tool best suited to the service provider model.

Lastly, we note that rapidly emerging technologies, often cited for their role in shaping customer preferences, also shape insurers’ own capabilities. Insurers have begun to modernize their back offices, and computing power continues its exponential growth. Operational challenges and resource demands to implement new and improved risk tools, like stress testing, will diminish significantly. With benefits going up and costs going down, it seems clear that stress testing is on its way to a prominent ERM role.

Customer analytics decision platforms will become the key focus of model risk management efforts

Model risk management (MRM) is receiving extensive ERM focus at present. Much of the original impetus may have come from European companies seeking to validate their Solvency II internal models. In the U.S. and Canada, due in part to direct or indirect regulatory encouragement, the scope goes beyond economic capital and solvency models, and most insurers seek to apply their efforts to all models.

The early priority for validation has skewed toward economic capital and complex liability valuation models. Insurers with advanced MRM capabilities have begun to focus more attention outside of risk and financial reporting models. This is to be expected to some degree, as insurers model validation activities work their way through their inventory of models. In addition, as they develop a working experience of risk rating their models, many are reconsidering the irrecoverable nature of product pricing decisions and the importance of getting those models right. In other words, while small errors in financial and risk reporting models can be rectified once errors are uncovered, losses from inadequate premium charges are permanent.

The impetus for higher attention to pricing and risk selection models is further amplified when insurers implement newer, non-traditional approaches. Without a long history of successful use, newer customer analytic models put a higher priority on their timely and thorough validation. Additionally, we have observed insurers further enhancing their level of attention when these models move to autonomous execution mode. In this mode, the model makes decisions in an automated fashion without manual intervention or deliberation. Deploying more models of this sort is a common feature of most visions of the near-term future of insurance. As their use expands, so too should ERM’s focus on effective risk management of these models. In an environment in which these types of customer analytics decision platforms become an insurer’s key business engine they also will need to become the key focus of MRM efforts.

Small errors in financial and risk reporting models can be remedied; however, losses from inadequate premium charges are permanent.

Risk diversification measurement will become the single most important element in economic capital calculations

There is a continuing focus on the effectiveness of economic capital modeling, especially in connection with IAIS and regulatory efforts outside of the U.S. In the U.S. as well, insurers continue to look at how they can improve their calculations. However, one area we believe attracts insufficient attention is diversification.

Not only is an effective understanding and quantification of diversification an important goal in the current insurance environment, it will likely become even more critical in the future. As the new risk profile moves away from a credit/market nexus to a more diverse insurance, business and strategic risk set, managing the interaction between and among them will be especially important. If customers move to a more holistic view of insurance and blur the distinctions between life, property and casualty and health, just quantifying the diversification across all insurance risks will be a key task on its own.

See also: Developing A Safe Work Environment Through Safety Committees  


If they haven’t done so already, CROs should start to sketch out a few versions of what their company might look like in the future and consider what might be required of their ERM capabilities. They can adjust and clarify this high-level road map as the future becomes clearer.

Considerations CROs should keep in mind while creating this roadmap include:

  • On the life side in particular, credit and market risks will cease to be ERM’s overwhelming focus, but stress testing will figure more prominently in new business models.
  • Assisting customers with mitigating and managing their risks instead of just insuring them will move more of an insurer’s risk profile out of the traditional risk-taker role and into a service provider model. VAR is a good risk tool for a risk taker, but stress testing — which is becoming cheaper and easier to do — is better suited to the service provider model.
  • As advanced customer analytics decision platforms become an insurer’s key business engine, they will need to become the key focus of model risk management efforts.
  • As insurance becomes more holistic for customers, quantifying diversification across all insurance risks will be a key task for insurers.

ERM Is Ignoring 4 Key Tasks

Over the last decade, economic capital has captured the risk management spotlight. Recognizing its merits, insurers have deployed economic capital for many uses. Regulators now rely on it, too — especially internationally — and have put it at the center of their prudential regulatory agenda.

Economic capital (defined as value at risk over a year) has two unique and extremely useful characteristics. First, the concept can be applied to any event with an uncertain outcome where a probability distribution of the outcomes can be postulated. Thus, insurers can value, in a consistent and comparable manner, very different risky events — such as mortality claims, credit losses and catastrophic property damages. Second, economic capital calculated for a portfolio of risks can be readily subdivided into the economic capital attributable to each risk in that portfolio. Or, alternatively, economic capital calculated at the individual risk level can be aggregated to economic capital at the portfolio level and beyond, across portfolios to the enterprise level.

However, there are four critical enterprise risk management (ERM) tasks for which economic capital is not an effective tool; unfortunately, because of this, we have observed a tendency for risk managers to de-emphasize those tasks and sometimes ignore them altogether. We believe this should change.

See also: How to Improve Stress Testing  

In response to these shortcomings, insurers should take full advantage of stress testing, a valuable risk management tool that is on par with economic capital in terms of its potential to help solve problems and improve performance. And, because stress testing enables insurers to tackle many of the important tasks that economic capital cannot, it gives insurers the opportunity to double the size of their risk management tool kit and thereby double their ERM output.


By design, economic capital assumes assets and liabilities can be monetized at their formulaic values — that is, at the values derived from the probability distributions’ assumptions. But, as we saw in the credit crisis of 2008-09, credit markets can seize up under extreme stress. When that happens, many assets — regardless of their formulaic value — cannot be sold at any price. Because of this, economic capital is not an effective tool to understand and manage liquidity risk.

To address the risks posed by insufficient liquidity, insurers need to play out meaningful stress events and postulate how they might affect both the ability to monetize assets and the asset’s price if they can be monetized, as well as critically assess the ability to actually access pre-arranged credit in the event these stress events unfold. Then, with an understanding of the likely challenges these stresses may impose, insurers can test the effectiveness of the potential mitigating strategies that they can deploy immediately or when stress events begin to unfold. Selecting and documenting the most effective options can become the insurer’s liquidity risk management game plan.


Diversification is a cornerstone of effective insurance underwriting and risk management. The industry acknowledges the benefit of diversification across similar, independent risks and is able to apply considerable mathematical rigor to measuring this benefit. However, matters become less certain when attempting to quantify diversification across dissimilar risks such as mortality, credit and catastrophe. Extending the benefits of economic capital across risks requires that the capital amounts assigned to different risk types be combined.

Recognizing that extreme outcomes for each risk type are not likely to occur simultaneously, the combined capital requirement is typically calculated as the sum across risk types, with a credit given for diversification.

Deciding how much credit should be assigned for diversification is a critical question in establishing the enterprise’s total required capital. Unfortunately, historical information about the precise interaction of disparate extreme events is sparse.

Empirically, establishing diversification credits is difficult at best and is largely impossible for some combinations. For enterprise risk capital, a best guess may have to suffice. But, just because such a guess is sufficient for the purpose of ascribing required capital, it does not follow that it is sufficient for other purposes — particularly for charting a course of action across all risk types in the event of an extreme risk occurrence.

Stress testing is useful for this purpose. Playing out the series of interactions and events that could follow from a catastrophe such as an epidemic will yield much more actionable information than guessing the magnitude of the diversification credit. Constructing a future scenario that thoughtfully considers how an extreme event in one risk type will have an impact on others is key. These impacts occasionally are asymmetric and not easily accommodated in a standard diversification credit matrix. For example, we can be fairly certain that an extreme drop in equity values will not have significant impact on mortality rates. Conversely, it would seem imprudent to assume that an extreme pandemic would not have any impact on equity values.

Business risks

In a survey of insurance company board members and CROs that PwC conducted in June, the area where board members felt more attention would be most beneficial was “searching for, understanding and finding ways to address new risks” — meaning risks outside of traditional insurance, credit and market. Upon further discussion with the survey respondents, it became clear that they are not as interested in esoteric dialogues on black swans or unknown unknowns as they are in addressing more practical questions about currently evident business risks. In particular, survey respondents want to understand how those risks could materialize in ways that have an impact on their companies and how to mitigate those impacts.

Using stress testing to map out the impact of these business risks will help insurers assess how serious the risks are. The stress projection can measure the impact on their future financial condition after a risk event. And if the impact is significant, they can further deploy stress testing to map out potential management actions to reduce the risk’s likelihood of impact or mitigate damage if the impact occurs. Having an effective course of action is far better than hoping black swans won’t materialize.

Excessive capital

If insurers use only the economic capital tool, then there is a real risk that it will become a hammer, rendering everything in its path a nail. On discovering a new risk, the most likely reaction will be to call for more required capital. However, in the case of, for example, liquidity and business risk, a more effective approach is to use stress testing to create a plan for reducing or eliminating the risk’s impact.

Likewise, seeing economic capital as the sole means of addressing insurer insolvency can lead to an overly restrictive regulatory agenda that focuses only on the economic capital formula. This unfortunately appears to be the case in the development of some required capital standards. We think a more productive approach would be to recognize that no economic capital formula will ever be perfect, nor can one formula fit all business and regulatory needs around the world. Instead, a simpler formula augmented with stress testing can form a more effective, globally consistent solvency management framework.

Moving to the next level

In the paper we published earlier this year about the results of our stress testing survey, we noted that stress testing is well established in the insurance industry. Insurers use it for many purposes, and it has had significant impact. In fact, 36% of survey respondents indicated they have made key decisions markedly differently than prior to or without stress testing. A further 29% indicate stress testing has had a measurable influence (though no single key decision came to mind). The paper also identifies areas where only a little more effort can yield substantial benefit: through a clear definition of stress testing, through more thoughtful stress construction and through building a more robust stress testing platform.

See also: Risk Management: Off the Rails?  

To get the most advantage from stress testing, we have two further suggestions: 1) Insurers should apply a governance framework commensurate with stress testing’s status, and 2) insurers should advocate its use in new areas.

A good governance framework should include policies and procedures, documentation, model validation and independent review, as well as review by internal audit. Board and senior management oversight is also important. While our survey report notes that boards usually receive stress testing results from management, we recommend that management engage the board more in the stress selection process.

While stress testing certainly can add additional insight to insurance, credit and market risk analysis, economic capital already provides a good foundation in these areas. We recommend that insurers use stress testing, in particular, to tackle business risks where economic capital is not an effective tool. This includes new threats like cyberterrorism and their reputational impact. Stress testing can also be useful for understanding the risk of missed business opportunities, such as the failure to address how emerging trends in technology and customer behavior may have an impact on future sales and earnings potential.

We believe that the scope for the application of stress testing is as significant as for economic capital. And as with economic capital, once an effective tool comes into use, many more useful risk and business management applications will ensue.

How to Improve Stress Testing

In spring 2016, PwC investigated the current state and future direction of stress testing. We surveyed 55 insurers operating in the US about their stress testing framework and the specific stresses that they test. We also engaged in more detailed dialogue with a number of insurers in the US and globally, as well as with some North American insurance regulators. Our principal conclusion is that stress testing, though well established, would benefit significantly from a modest amount of additional effort. Borrowing terminology from the Pareto principle, we think less than 20 percent more effort would yield 80 percent more value.

A brief history

Thanks to the requirements of the Dodd Frank Act of 2010, we expect that stress testing is the most widely recognized and understood risk management tool. The basic concept is relatively simple and most people in business and government readily accept the notion that if a specified future unfolded –say a repeat of the last economic crisis –it would be good to know ahead of time if banks would remain financially viable. After its initial introduction, stress testing continues to maintain a high level of attention via the ongoing publication of results from the Federal Reserve Board’s Comprehensive Capital Analysis and Review (CCAR) which the media, financial commentators, and the banks themselves eagerly anticipate.

It is easy to see how stress testing concepts in the Dodd Frank Act could apply to insurers. And, indeed the insurance industry (more specifically, its actuaries) has widely used stress testing and scenario analysis for decades.

More recently, 2013 was especially noteworthy for insurance stress testing, with publications on the subject by the North American CRO Council, the CRO Forum and the International Actuarial Association. From a regulatory perspective, the National Association of Insurance Commissioner’s (NAIC’s) Own Risk and Solvency Assessment (ORSA) calls for a prospective solvency assessment to ascertain that the insurer has the necessary available capital to meet current and projected risk capital requirements under both normal and stressed environments. In Canada, the Office of the Superintendent of Financial Institutions (OSFI) has provided clear direction on stress testing governance and methodology in its 2009 publication on Sound Business and Financial Practices (Guideline E-18). It also is noteworthy that, in Europe, despite all of the attention lavished on Solvency II and internal capital models, the European Insurance and Occupational Pensions Authority (EIOPA) launched a Europe-wide stress test for the insurance sector in May 2016.

Equally as important as the regulatory initiatives are the business applications and benefits of stress testing. As we address in more detail below, survey results show that insurers make good use of this risk management tool and are looking to expand its application even further.

A little more effort

We see three areas where only a little more effort can yield substantial benefit: 1) a clearer definition of stress testing, 2) more thoughtful stress construction, and 3) a more robust stress testing platform.

As a start, it will be useful to clarify what we mean by stress testing. As we use the term here, we mean a projection of income statements, balance sheets and –most importantly –projected available and required capital over a multiyear business planning timeframe (including new business over the planning timeframe). Typically the test is done for the entire enterprise and includes a base case and a number of stressed future states. This definition of stress testing is consistent with how both insurance (ORSA Guidance Manual) and banking (FRB CCAR) regulators use the term. It contrasts with risk-specific stress testing. Risk-specific stress testing typically looks at a single risk, often only for the part of the enterprise susceptible to that risk. And, it frequently assesses the impact over a range of stochastically determined scenarios. Distinguishing between stress testing and risk-specific stress testing needs little effort but can help companies avoid considerable confusion as they enhance and apply stress testing capabilities. Only with clear definitions can an insurer evaluate whether or not it has deployed the tool effectively. A vague notion of stress testing taking place somewhere in the organization typically means that there is unawareness of potential gaps in the enterprise risk management (ERM) framework.

See also: The Key Role for Stress Tests in ERM

Another area where we believe a little more attention would pay major benefits is the development of comprehensive stress scenarios. When describing future states, insurers have many factors to consider in order to articulate the risks that can impact their business. As an indication of the range of these factors, the section of our survey that addressed stresses had 32 questions, many with sub-parts, each covering a different risk. However, rather than starting with an effort to combine all of these risks, stress testing benefits from starting instead with a narrative that articulates a potential future and then addresses how that future would impact the insurer through various risk factors. For example, a stress narrative could be based on a prognosis of an ongoing steady decline in the price of oil and other commodities, then a postulation of the resulting impact on economic growth, interest rates, equity valuation, employment rate, etc. The narrative then could move to an analysis of the impact of these factors on the insurer’s risks, leading to a projection of how the company’s income statement, balance sheet, available and required capital would fare if this future, in fact, unfolded.

Lastly, we note that despite the considerable attention and utilization of stress testing as a management tool, it appears that, for many insurers, the infrastructure that produces results is ad hoc and likely inefficient. Our survey indicates that only 10% of respondents have built a bespoke platform for stress testing. 78% of them use spreadsheets alone or spreadsheets combined with actuarial/projection software. In terms of how long it takes to conduct stress tests, 42% of respondents indicate the process takes between one and two months. A further 35% report that it takes more than two months, and sometimes longer than three months.

While systems infrastructure updates do not normally result in major improvements from little effort, many insurers, particularly in the life sector, have already embarked on a process of modernization. As they are looking to address their risk, actuarial, and financial reporting needs in a comprehensive manner, we recommend that stress testing capabilities receive high priority. With a modest amount of extra effort, insurers should be able to incorporate significant enhancement to their stress testing platform as part of this modernization. This in turn will yield the benefit of more timely, accurate and insightful stress testing results.

A lot more value

Insurers already use their stress testing for many purposes. Survey results show that respondents currently utilize their stress testing for an average of almost five different uses. Additionally, respondents indicated they each had plans to add almost four new uses in the future. More than half of the respondents reported using their stress testing work for strategic planning, calibrating their risk tolerances and limits, assisting with dividend, share-repurchase and similar capital planning, and regulatory impact assessments. These are critical business decisions and further highlight the value of stress testing.

Furthermore, stress testing usage has had a positive impact at a significant majority of respondents’ companies. 36% reported instances where key decisions have been made very differently compared to the process prior to stress testing. An additional 29% reported that the results of stress testing has a measureable influence on decision making, though no specific decisions were cited.  

See also: New Approach to Risk and Infrastructure?

More benefits

We see a few additional areas where better articulated stress testing processes and procedures could result in significant benefits.

  • Recognize that stress testing is a separate tool in the risk manager’s tool kit–Frequently, publications and discussions on insurance stress testing describe it as something that supplements other risk management tools. We believe that relegating stress testing to supplementary status undervalues its benefits and contribution. It would be more productive to recognize stress testing for what it truly is: a separate tool with different strengths and applicability compared to VAR-based economic capital.

Some risks –for example, liquidity risk –can be addressed only via a stress test. Adding more required capital does not effectively address the problem; liquidity risk needs to be addressed by developing a preplanned course of action, including accessing prearranged liquid funds. Likewise, reputational risk –and in particular the reputational impact of a cyber event –is better addressed via the stress test tool than via the economic capital route (and the potential addition of more required capital).

Similarly, for some risks where economic capital looks like a satisfactory tool, it can give misleading information. Often pertinent risks only reveal themselves fully via stress testing. New business is a good example. Economic capital can include one or more years of new business, typically by assuming new business premium, claims, expenses, etc. are a replica of previous years’ values. But this fails to provide a platform to study how external factors could impact the insurer’s fundamental business model, leading to little or no sales of any new business that resembles prior years’ business.

Lastly, we note that most other measures, especially traditional economic capital, concern themselves primarily with very extreme, “in the tail” events. Stress testing is useful not only for high impact, low probability events. More likely events warrant attention –in fact, they may warrant more attention because they often represent more tangible and practical problems that management needs to address immediately.

  • Use stress testing to “war game” management action and prepare in advance for risk crises –In our survey, we asked insurers if stress testing incorporates management actions. In other words, as stress events unfold, presumably management would take some form of corrective action in response, and that corrective action would impact future financial results. Almost half said they do not incorporate management actions. We believe this is a significant oversight.

Stress testing provides a ready platform to prepare in advance for risk crises. Insurers can use the tool to test different responses and select the one that yields the most effective resolution. They then can put in place a contingency plan and pre-event corrections appropriate to the event.

Here again stress testing can provide a different perspective than economic capital and similar measures. Economic capital works well as a tool to quantify the impact of taking certain types of action in the present. For example, it can help determine the reduction in required capital if a particular reinsurance treaty were implemented. On the other hand, faced with a multifactor, multiyear stress event (perhaps including changes in interest rates, inflation and equity values, with increases in unemployment and deteriorating buying patterns), stress testing would be a more effective tool in judging if and when to reconfigure the asset portfolio, alter products and prices, and the cost and manner of reconfiguring staffing models.

It is worth noting that, in our discussions with regulators about the merits of including the impact of management actions, their expectations are that, yes, insurers should include them. They recognize the benefit that stress testing can provide as an opportunity for planning ahead. However, they indicated that it would be appropriate to show the stressed result both before and after the application of management action. Showing both results can help promote thoughtfully developed post-management action results, not just a broad assumption that management will take appropriate actions.

  • Take advantage of the board’s and senior management’s broad business insights to construct more insightful stress narratives –Our survey shows that most boards receive the results of the stress test either directly or via the risk committee of the board. However, only 11% report asking either the board or board risk committee to approve the stresses the company uses. We believe this represents a missed opportunity to gain board members’ insights and benefit from their engagement in the stress testing process. Not all directors will necessarily have detailed knowledge of the range of potential outcomes of all of the risks that can impact an insurer or the potential stochastic distributions of those risks, but directors typically are experienced and knowledgeable, often with a high level of business and economic acumen. Utilizing their individual and collective skills to contribute ideas on the types of stresses that merit study seems like a good fit for their role and an effective complement to managements’ efforts.
  • Stress testing represents a potential avenue for global capital consistency –As a final potential benefit, we note again that stress testing seems to have a role in all major insurance and other financial services regulatory regimes. At the same time, the global insurance industry is challenged by the task of agreeing to a capital adequacy ratio, presumably based on an economic capital VAR-like foundation. A simpler capital formulation coupled with a robust stress testing regime may hold more promise for a globally agreeable approach.

See also: Key Regulatory Issues in 2016 (Part 2)

A bright future

Based on survey results and various discussions we had with insurers and other stakeholders, stress testing is universally accepted as a useful tool. We suspect that this is a consequence of its being directly related to the common business practice of preparing a financial plan. Including a few more future states or stresses and incorporating a measure of required and available capital in the financial plan are not major steps. Accordingly, the transition from planning to stress testing should be easy to accommodate. We note how sharply this contrasts with the introduction of economic capital, especially in the US insurance industry. Though its usage is growing, economic capital is not a uniformly accepted regulatory and business tool even after two decades. On the other hand, stress testing is already actively and universally used as a management and regulatory tool. With a little more effort, we believe it can yield very substantial benefits for all.

How to Manage ‘Model Risk’ (and Win)

One of the fastest-growing concerns on insurers’ enterprise risk agenda is managing model risk. From being a phrase that primarily actuaries and other modelers used, “model risk” has become a major focus of regulators and the subject of intense activity and debate at insurers. How model risk management has evolved from ad hoc efforts to its current stage is an interesting story. But more interesting still is what we believe could be its next stage – generating measurable business value.

Generating measurable business value is model risk management’s next developmental stage.

Ad Hoc

Organizing and using experience to predict future claims is core to the business of insurance. Recognizing the importance of models, insurers and industry professionals, particularly actuaries, have long incorporated model reviews into their work.

As new models were introduced or changes made to existing ones – especially if third-party systems were involved – insurers were careful to ensure consistency between old and new models. Additionally, internal and external auditors’ procedures recognized the risk that models entail and incorporated verification and testing in their processes.

See Also: Secret Sauce for New Business Models?

What distinguishes this earliest stage is not that model risk was ignored but rather that model risk management was dispersed and generally informal. Practices differed across the industry, across different types of professional organizations and across different parts and functions within an insurer. Standards for documentation, both of the models and the validation process, were largely absent. Typically, not all models were reviewed. Establishing a comprehensive inventory of all significant models was not the norm. Likewise, it was not common for insurers to follow consistent procedures to validate models across the enterprise.


Although a comprehensive guide to help banks mitigate potential risks arising from reliance on models was available as early as 2000, concerted attention to the issue in insurance can be dated to the Great Recession and its aftermath. In reaction to the events of 2008/2009, regulators and insurers themselves revisited their risk management processes and governance.

The U.S. Federal Reserve Board took the lead in promulgating new requirements for the banking sector, including supervisory guidance on model risk management issued in 2011. Many insurers, especially those designated as systematically important financial institutions (SIFIs), have been working to adopt these guidelines. In 2012, the North American CRO Council released its model validation principles for risk and capital models, which included eight core validation principles. For insurers operating in Europe, Solvency II provided the potential to use an internal model to establish their capital requirements. To take advantage of this opportunity, insurers needed to adhere to model validation expectations prescribed by regulators. In the U.S., the ORSA Guidance Manual requires insurers to describe their validation process.

Reacting to the 2008/2009 crisis and regulators’ demands, insurers began to establish the key elements of an enterprisewide model risk management program:

  • Governance and independence policies;
  • An inventory and risk assessment of all significant models; and
  • Documentation and validation standards.

Only after these basic building blocks had been put in place did insurers developed the practical experience to begin their transition to the next, active stage.


The reactive stage and the beginning of the active stage effectively started in 2014. In the early months of that year, PwC conducted a survey of 36 insurers operating in the U.S. The survey provided the opportunity for participants to assess their programs across 10 dimensions characterizing the key elements of a monitoring and reporting mechanism (MRM) process. Modal responses across these dimensions were typically “weak” or “developing.” Almost all insurers admitted they had work to do and indicated that they had plans in place to improve their processes.

In the intervening two years, we have observed a significant investment in MRM capabilities. In the absence of detailed insurance-focused regulatory guidelines, most insurers have shaped their developments to best fit their own circumstances. For example, while there has been a near-uniform increase in resources allocated to MRM, how insurers deploy these resources has differed significantly. Some have formed large centralized model management functions, and others have allocated most of the validation responsibility to business units. How the responsibilities are dispersed across risk, actuarial, compliance and audit functions vary considerably. We expect that most of these differences are attempts to fit the task to the insurer’s existing structure and culture.

Likewise, we have seen insurers, both individually and as a group, more actively develop procedures that better fit the unique circumstances of the insurance sector instead of banking or financial services in general. Three areas in which the insurance sector is increasing its attention are:

  1. Incorporating the unique aspects of actuarial models and the development of standards by actuarial professional organizations;
  2. Emphasizing the process of assumption setting and the governance of this process; and
  3. Emphasizing monitoring and benchmarking necessitated by the long time frame and the lack of market data to measure the performance of many insurance models.


Recent discussions with forward-thinking insurance company executives and board members leads us to think a fourth stage may be next. The common theme is recognition that an insurer’s key asset is the information it possesses and the models it has developed to turn this information into support for profit-generating decisions. Seen in this light, models are not inconveniences substituting for “real” data. Rather, they are the machinery that insurers use to turn their raw materials (data) into salable, profitable costumer solutions.

See Also: How to Remove Fear in Risk Management

Model risk management then becomes the mechanism to ensure this machinery is performing at its best. This includes the normal activities that one would associate with maintenance, like finding and correcting inadequate performance. But, it also provides a way to determine how better machinery can be developed and brought online.

In many respects, the transition to this stage mirrors the transition that has occurred in risk management in general. Not too long ago, risk management was seen as a strictly defensive activity. It was more about saying “no” than finding the right opportunities to say “yes.” Now, risk management is seen as an important strategic activity that plays a central role in an insurer’s deployment of capital and its selection of growth opportunities.

Putting models and the data that feeds them at the center of an insurer’s value creation engine, instead of at its periphery, provides a new perspective. And, by moving model risk management to the productive stage, insurers can better use this new perspective to address customer expectations in an information-rich environment.


  • Model risk management is no longer an ad hoc or reactive activity. An active approach is now a necessity to meet internal and external stakeholder demands.
  • Insurers are attempting to develop model risk management practices that fit the needs of their industry. They will need to continually communicate to regulators, standards setters and other stakeholders how the business of insurance has unique characteristics compared with elsewhere in financial services.
  • Models are among insurers’ greatest assets, and the machinery that they use to turn data into salable, profitable costumer solutions. Putting models and the data that feeds them at the center of value creation can provide new perspectives that better address customer expectations. Model risk management becomes the tool to keep this machinery productive.