Section 1. Purpose, Scope, Cross References, and Effective Date

1.1 Purpose

This actuarial standard of practice (ASOP) provides guidance to actuaries when performing professional services with respect to risk evaluation systems, including designing, implementing, using, and reviewing those systems.

1.2 Scope

This standard applies to actuaries when performing risk evaluation professional services for the purposes of enterprise risk management (ERM).

Risk evaluation is often performed as one part of an ERM control cycle. Within a typical ERM control cycle, risks are identified, risks are evaluated, risk appetites are chosen, risk limits are set, risks are taken, risk mitigation activities are performed, and actions are taken when risk limits are breached. Risks are monitored and reported as they are taken and as long as they remain an exposure to the organization.

This standard focuses on five aspects of risk evaluation: risk evaluation models, economic capital, stress testing, emerging risks, and other risk evaluations. Guidance for activities related to risk treatment is addressed in proposed ASOP, Risk Treatment in Enterprise Risk Management.

This standard does not apply to actuaries when performing risk evaluation professional services that are not for the purposes of ERM. Examples of risk evaluation services that may be performed for purposes other than ERM include pricing of insurance products, and the evaluation of liabilities of insurers and pension plans.

If the actuary departs from the guidance set forth in this standard in order to comply with applicable law (statutes, regulations, and other legally binding authority), or for any other reason the actuary deems appropriate, the actuary should refer to section 4.

1.3 Cross References

When this standard refers to the provisions of other documents, the reference includes the referenced documents as they may be amended or restated in the future, and any successor to them, by whatever name called. If any amended or restated document differs materially from the originally referenced document, the actuary should consider the guidance in this standard to the extent it is applicable and appropriate.

1.4 Effective Date

This standard is effective for work performed on or after four months after adoption by the Actuarial Standards Board.

Section 2. Definitions

The terms below are defined for use in this actuarial standard of practice.

2.1 Counterparty Risk

The risk that the party providing a risk offset or accepting a risk transfer does not fulfill its obligations.

2.2 Economic Capital

The amount of capital needed for an organization to survive or to meet a business objective over a specified period of time at a selected confidence level, given its risk profile.

2.3 Emerging Risk

New or evolving risks that may be difficult to manage since their likelihood, impact, or timing are highly uncertain.

2.4 Enterprise Risk Management

The discipline by which an organization in any industry assesses, controls, exploits, finances and monitors risks from all sources for the purpose of increasing the organization’s short- and long-term value to its stakeholders.

2.5 Enterprise Risk Management Control Cycle

The continuing process by which risks are identified, risks are evaluated, risk appetites are chosen, risk limits are set, risks are taken, risk mitigation activities are performed, and actions are taken when risk limits are breached.

2.6 Organization

The entity for which ERM is being performed. Examples include public or private companies, government entities, and associations, whether for profit or not for profit.

2.7 Risk

The potential of future losses or shortfalls from expectations due to deviation of actual results from expected results.

2.8 Risk Appetite

The level of aggregate risk that an organization chooses to take in pursuit of its objectives.

2.9 Risk Evaluation System

A combination of practices, tools, and methodologies within a risk management system used to measure the potential impacts of risk events on the performance metrics of an organization.

2.10 Risk Limit

A threshold used to monitor the actual risk exposure of a specific unit or units of the organization to ensure that the level of aggregate risk remains within the risk tolerance.

2.11 Risk Management System

A combination of practices, tools, and methodologies that an organization uses to identify, assess, measure, mitigate, and manage the risks it faces during the course of conducting its business.

2.12 Risk Mitigation

Action that reduces the frequency or severity of a risk.

2.13 Risk Profile

The risks to which an organization is exposed over a specified period of time.

2.14 Risk Tolerance

The aggregate risk-taking capacity of an organization.

2.15 Scenario Test

A process for assessing the impact of several simultaneously occurring possible events on an organization’s financial position.

2.16 Stress Test

A process for measuring the impact of adverse changes in one or relatively few factors affecting an organization’s financial position.

Section 3. Analysis of Issues and Recommended Practices

3.1 Risk Evaluation

An actuary may be called upon to evaluate risk in many contexts, using various tools such as economic capital models, stress and scenario tests, etc. In performing services related to risk evaluation, the actuary should consider, or may rely on others who have considered, the following:

a. information about the financial strength and risk context of the organization that is appropriate to the assignment. Such information may include the following:

1. the financial strength of the organization;

2. the organization’s risk profile, and the nature, scale, and complexity of the risks faced by the organization;

3. the current and long-term risk environments. The actuary may rely on management’s opinions of the risk environment, may form an independent opinion of the risk environment, may rely on a third party’s evaluation of the risk environment, or may infer a risk environment from current conditions (such as market prices and political climate, among others);

4. the organization’s strategic goals, including goals for the level and volatility of profits, both short term and long term;

5. the interests, including the risk/reward expectations, of relevant stakeholders. These stakeholders may include some or all of the following: the owners, the board of directors, the management, the customers, the partners, the employees, and others potentially impacted by the organization’s management of risk;

6. regulatory or rating agency criteria for risk levels and the implications of potential risk levels on the continuation of business operations as reflected in ratings or other external measures of security;

7. the degree to which the organization’s different risks interact with one another; actual and perceived diversification benefits; and dependencies or correlations of the different risks;

8. limitations to the fungibility of capital across the organization; and

9. the extent to which the organization’s exposure to risks may differ from its competition.

b. information about the organization’s own risk management system as appropriate to the assignment. Such information may include the following:

1. the risk tolerance of the organization;

2. the risk appetite of the organization. This may be explicit or inferred from objectives of the organization including those related to solvency, market confidence, earnings expectations, or other non-financial objectives;

3. the components of the organization’s enterprise risk management control cycle;

4. the knowledge and experience of the management and the board of directors regarding risk assessment and risk management; and

5. the actual execution of the organization’s enterprise risk management control cycle including how unexpected outcomes are acted upon.

c. the relationship between the financial strength and risk context as identified in (a) above, and the risk management system as identified in (b) above of the organization. If in the actuary’s professional judgment, as appropriate to the assignment, a significant inconsistency exists, then that inconsistency should be reflected in the risk evaluation.

d. the intended purpose and uses of the actuarial work product.

3.2 Considerations Related to Risk Evaluation Models

In developing, reviewing, or maintaining models used in risk evaluation, the actuary should consider, or may rely on others who have considered, the following:

a. whether the models are fit for the purpose. In making that determination, the actuary may consider the following:

1. the degree to which the models need to be reproducible and adaptable to new risks;

2. the sophistication of the models in proportion to the materiality of the risks they cover;

3. the practical considerations for the models, including usability, reliability, timeliness, process effectiveness, technological capabilities, and cost efficiency;

4. the inherent statistical and theoretical limitations of the models;

5. the quality, accuracy, appropriateness, and completeness of data underlying the models;

6. the appropriateness of the methodologies used for model validation, calibration, and sensitivity testing;

7. the appropriateness of the methodologies used for modeling dependencies and interactions among risks; and

8. the appropriateness of the cash flow and discounting methodologies used in the models.

b. whether the model assumptions are appropriate. In making that determination, the actuary should consider the following:

1. whether the assumptions are supportable, appropriately documented, and allow for deviations from the expected;

2. whether the assumptions are regularly revisited to determine their appropriateness; and

3. whether the assumptions that explicitly reflect anticipated management actions in response to future events are supportable and appropriately documented.

3.3 Economic Capital

Within ERM programs actuaries are often called upon for assistance in determining the economic capital of the organization.

3.3.1 Considerations Relating to an Economic Capital Model

In performing actuarial tasks relating to the design, construction, and review of an economic capital model, the actuary should consider the following, if appropriate to the assignment:

a. the appropriateness of the selected time frame, basis of measuring loss (for example, solvency, regulatory standards, earnings loss, reputation damage, etc.) and confidence level underlying the organization’s definition of economic capital relative to how it is used to support strategic decisions;

b. the degree to which the economic capital model reflects significant risks of the organization in a consistent and comprehensive manner; and

c. the appropriateness of the method used to model each risk. Some risks are more appropriately modeled stochastically while others may be more appropriately modeled using stress tests.

3.3.2 Reliance on Accounting Framework

References to and reliance on accounting frameworks in an economic capital model should be consistent throughout the model and appropriate for the model’s intended use.

3.3.3 Methods

In determining economic capital, the actuary should select a method or combination of methods where the input to the method(s) and the results of the method(s) are consistent with the tasks and considerations listed in sections 3.1, 3.2, and 3.3.1. Examples of methods include the following:

a. Stress Tests—A specific degree of adversity is assumed and the financial impact of that adverse experience upon the organization is estimated by the actuary.

b. Stochastic Models—A distribution of possible future outcomes is determined either directly or through a model that calculates the impact of a risk assumption on the financial outcomes.

c. Reference to Standard Measures—Regulatory and rating agency capital models are standard measures of risk of organizations. Definitions of economic capital sometimes make reference to required regulatory and rating agency capital.

3.3.4 Assumptions

The actuary’s selection of assumptions will heavily rely on judgment since economic capital models often focus on remote, highly unlikely losses that might be experienced by the organization. In forming that judgment, the actuary should consider the following, if appropriate:

a. historical data available;

b. prices in the marketplace;

c. opinions of other experts;

d. fit of the assumed distribution to the available data in terms of expected value, variance, and extreme values;

e. sensitivity of results to changes in baseline assumptions;

f. internal consistency of the assumptions; and

g. consistency in the application of assumptions.

The actuary should document the significant assumptions underlying the economic capital model including supporting rationale for the assumptions.

3.3.5 Validation of Economic Capital

Economic capital is often determined based on the results of stochastic models that produce a large number of outcomes. The actuary should devise appropriate tests of the distribution of outcomes calculated by the model (for example, in comparison to the range of results in similar models or to historical outcomes over time) and the sensitivity of those distributions to changes in the assumptions and parameters. The actuary should also perform validation tests to determine whether the model reasonably reproduces relevant items of the underlying balance sheet and income statements of the organization.

3.4 Stress and Scenario Testing

Stress and scenario testing have long been used for many risk management and regulatory purposes. These tests are now emerging as a key tool for solvency assessment by regulators.

3.4.1 Considerations Relating to Stress and Scenario Tests

In performing actuarial professional services regarding stress and scenario tests, the actuary should consider the following, if appropriate to the assignment:

a. the degree to which various stress tests reflect a similar degree of adversity and are therefore comparable;

b. any items in the organization’s business plan that describe how the organization will function during a catastrophic event(s) as well as any historical organizational examples;

c. that an extreme event scenario may be a single catastrophic event or a series of events that, taken together, have catastrophic results;

d. how actions and reactions of various stakeholders and markets during extreme events differ from those during “normal” times;

e. whether the assumed interdependencies are appropriate under the stress or scenario testing assumptions due to the possibility of unanticipated consequences when risks interact in ways not seen historically;

f. how to define situations that result in a non-quantifiable risk and how to show plausible financial effects on the organization; and

g. that some stress and scenario tests will be hypothetical situations for which the actuary will not need to validate the degree to which the scenario is realistic. In these situations, the actuary should document the assumptions and methodology used.

3.4.2 Methods

A basic requirement for a stress or scenario test is a forecasting process or system. The actuary should consider whether the objectives of the stress or scenario test will be accomplished based on the forecasting process or system used. Approaches that may be used for stress and scenario testing include the following:

a. Models of Single Subsystems of the Organization—Some very simple stress tests can be performed with forecasts of a single element that is being stressed. However, in most cases, even the simplest stress test requires the consideration of contagion effects throughout the organization. The results from various sub-models may be consolidated manually under the supervision of an actuary.

b. Fully Integrated and Automated Forecasting Model— Economic capital models or business forecasting models may already be designed to reflect the interdependency of various elements or assumptions.

3.4.3 Assumptions for Stress Tests

The type and degree of stress for the stress test may be specified by others. Alternatively, the actuary may be called upon to identify the stresses that are important to the organization and to set assumptions regarding the degree of stress to be tested. In either case, the actuary should form a perspective regarding the ways that the defined stress impacts upon various elements of the organization, including consideration of the following:

a. Effect on Other Assumptions—Many assumptions may differ significantly from their baseline values because of the defined stress.

b. Management Responses—During a catastrophic event, management may delay decisions or make quick decisions that are inconsistent with prior practice.

c. Regulatory and Legislative Reactions—Insurance risk based capital limits may be changed and an insurer may have an immediate need for additional surplus.

d. Risk Mitigation— Risk mitigation alternatives and mechanisms to utilize those alternatives may or may not be present.

e. Time Element—Some secondary effects under a scenario might occur in a later time period than the stress itself.

3.4.4 Constructing Scenarios

Many different types of scenario tests are possible. In some cases, the broad outline of a scenario might be specified by others and the actuary would make assumptions for many details. In other cases, the actuary is responsible for determining appropriate scenarios to be tested.

a. In all cases, the actuary should consider whether the scenarios need to be developed with consideration of the many different elements of the broad environment that might change from the baseline simultaneous with the main event under consideration.

b. In addition, the actuary should consider the other effects upon the organization as described in items (a) through (e) of section 3.4.3.

3.5 Emerging Risks

In performing actuarial professional services regarding the evaluation of emerging risks, the actuary should consider the following:

a. the potential impact of emerging risks across various time horizons; and

b. the potential secondary effects from an organization’s assumed actions in light of the onset of an emerging risk. These secondary effects may also arise from actions taken by individuals or entities not affiliated with the organization whose risks are being evaluated.

3.6 Other Risk Evaluations

In the course of managing risks in an ERM program, there are many situations where specific risk evaluations are performed to facilitate the monitoring and mitigation of key risks. These evaluations are used in risk treatment programs such as hedging, asset liability management, or reinsurance. The actuary should apply the guidance in sections 3.1 and 3.2 to these evaluations.

3.7 Specific Circumstances

Certain risk evaluations may be performed under significant time constraints and for use over a limited period of time. While the guidance in sections 3.1 and 3.2 applies, the actuary should use judgment as to the appropriate level of detail and the frequency of evaluation in consideration of this guidance.

3.8 Reliance on Data or Other Information Supplied by Others

When relying on data or other information supplied by others, the actuary should refer to ASOP No. 23, Data Quality, and ASOP No. 41, Actuarial Communications, for guidance.

3.9 Documentation

The actuary should prepare and retain documentation in compliance with the requirements of ASOP No. 41. The actuary should also prepare and retain documentation to demonstrate compliance with the disclosure requirements of section 4.

Section 4. Communications and Disclosures

4.1 Actuarial Communication

When issuing an actuarial communication subject to this standard, the actuary should consider the intended purpose or use of the risk evaluation and refer to ASOP Nos. 23, 38, Using Models Outside the Actuary’s Area of Expertise (Property and Casualty), and 41. In particular, consistent with the intended use or purpose, the actuary should disclose the following, as appropriate

4.1.1 Economic Capital and Economic Capital Models

The actuary should document and communicate the results of the economic capital model and their intended use. The actuary should also disclose any known limitations of the economic capital model including an assessment of the potential impact of these limitations on model results and their use. The actuary should also disclose the time frame, basis of measuring loss, and confidence level.

4.1.2 Stress and Scenario Tests

The actuary should document and communicate the results of the stress and scenario tests and their intended use. The actuary should also disclose any known limitations of the stress and scenario tests including an assessment of the potential impact of these limitations on results.

4.1.3 Emerging Risks

The actuary should disclose the methodologies and sources of information for identifying and evaluating emerging risks.

4.1.4 Changes in System/Process

The actuary should disclose any material changes in the system, process, methodology, or assumptions from those previously used for the same type of measurement. The general effects of any such changes should be disclosed in words or by numerical data, as appropriate.

4.1.5 Assumptions

The actuary should disclose the significant assumptions used in the risk evaluation such as accounting constructs, economic values, stand-alone or portfolio views of risk. The actuary should disclose the time frame, basis of measuring loss, and confidence level used in the evaluation, interdependencies among risks, and statistical distribution assumptions. The actuary should disclose any other significant assumptions used in the analysis, including anticipated future actions by management to manage or mitigate risks identified by the actuary.

4.1.6 Risks Included

The actuary should disclose the risks included in the risk evaluation and their relative significance. The actuary should also disclose known risks not included and the rationale for not including those risks in the risk evaluation.

4.1.7 Model Validation

The actuary should disclose whether and how the modeled future economic conditions have been reviewed and tested for reasonableness. Items such as the sensitivity of the results to significant changes in the assumptions, time frame, basis of measuring loss, and confidence level may be disclosed.

4.2 Deviation from Guidance in the Standard

If the actuary departs from the guidance set forth in this standard, the actuary should include the following where applicable:

a. the disclosure in ASOP No. 41, section 4.2, if any material assumption or method was prescribed by applicable law (statutes, regulations, and other legally binding authority);

b. the disclosure in ASOP No. 41, section 4.3, if the actuary disclaims responsibility for any material assumption or method in any situation not covered under section 4.2.1 above; and

c. the disclosure in ASOP No. 41, section 4.4, if the actuary otherwise deviated materially from the guidance of this ASOP.

Appendix – Background and Current Practices

Note:  This appendix is provided for informational purposes, but is not part of the standard of practice.

Background

Enterprise Risk Management (ERM) has been a developing area of practice for actuaries for over 10 years. In 2001, the Casualty Actuarial Society (CAS) Advisory Committee on Enterprise Risk Management produced a report that recommended areas of research and education that were needed by actuaries entering this emerging field. In 2002, the Society of Actuaries (SOA) formed a Risk Management Task Force that wrote guides to Economic Capital and Enterprise Risk Management practice as well as initiating several research projects. In 2004, the task force evolved into a new Risk Management Section of the Society of Actuaries and became the first and largest joint activity in 2005 when it became the Joint Risk Management Section co-sponsored by the SOA, CAS, and Canadian Institute of Actuaries (CIA).

The Joint Risk Management Section has been tightly linked with an annual ERM Symposium event that started as a joint activity of the SOA, CAS, and PRMIA, a non-actuarial risk management organization. The Joint Risk Management Section now has approximately 2,500 members, which would be almost 15 percent of all Academy members (if all of the members of the section were Academy members).

Enterprise Risk Management is also becoming a standard practice of many organizations that employ actuaries and its use has been steadily spreading. Poor ERM practice has been blamed by many for some or all of the ills of the Global Financial Crisis. The G20 heads of state have called for significant improvements to risk management practices in the financial sector and have charged the Financial Stability Board and the International Monetary Fund to take steps to promote and sometimes require better risk management practices from financial sector firms. The International Association of Insurance Supervisors has responded to that by promulgating an Insurance Core Principle paper on Enterprise Risk Management requiring insurance regulators to promote ERM practice and self assessment of solvency needs by insurers globally. The National Association of Insurance Commissioners has developed a new requirement for an Own Risk and Solvency Assessment process that includes an assessment of risk management practices for larger insurers and the New York State Insurance Department has recently (December 2011) published a requirement that all insurers domiciled in the state must adopt an Enterprise Risk Management regime.

At the most fundamental level Enterprise Risk Management can be understood as a control cycle. Within a typical risk management control cycle, risks are identified, risks are evaluated, risk appetites are chosen, risk limits are set, risks are taken, risk mitigation activities are performed to prevent limit breaches, and actions are taken when limits are breached. Risks are monitored and reported as they are taken and as long as they remain an exposure to the organization. This cycle can be applied to specific risks within a part of an organization or to an aggregation of all risks at the enterprise level.

Risk evaluation has long been a part of actuarial practice. Actuarial risk evaluations were long used by insurers to assess their capital needs and pricing for risks. Actuarial risk evaluations have also long been used and continue to be the objective functions in risk mitigation activities such as reinsurance, asset liability management, and hedging within risk treatment programs. Risk evaluation is a key activity of the new ERM practice. An economic capital model has become a new standard tool for ERM programs. Stress tests are another risk evaluation process that has long been used by actuaries that has recently reemerged as a primary tool for ERM. The risk evaluation activities of actuaries in all of these situations are the subject of this standard. Actuarial services relating to risk treatment activities, specifically risk appetites, tolerances and limits as well as risk mitigation activities are considered in another standard on risk treatment in ERM.

Current Practices

Actuaries build, operate, and maintain complex internal models for determination of economic risk capital using stochastic techniques to analyze long-term contingent liabilities and the associated value at risk or conditional tail expectation and develop and implement schemes to allocate the capital in a way that supports corporate goals for risk adjusted return. Actuaries have a central role and in many cases are the sole professionals involved in the preparation of these risk evaluations. Actuaries are also called upon to review economic capital models prepared by actuaries or by other professionals, provide or review the assumptions underlying an economic capital model, document an organization’s economic capital model, analyze the impact of a strategic decision on an organization’s economic capital, recommend allocations of economic capital to units with an organization, and opine on the appropriateness of an organization’s economic capital model relative to the organization’s risk profile, risk tolerance, risk appetite, or risk limits.

Actuaries also perform stress tests and other risk assessments for financial and other entities for the purposes of assessing the resiliency of the entity, for determining the effectiveness of risk mitigation activities and for reporting to regulators. Stress tests are increasingly important to prudential supervision of insurers as regulators find them to be a good way to ensure some consistency in risk evaluation and to better communicate a very complex topic. Actuaries may be asked to give opinions about the appropriateness of an organization’s actual level of capital based upon stress tests.

Stress tests performed by actuaries are also used by organizations as a component of or to validate economic capital models, to set risk limits, and as an aid in forming and communicating organization strategy.