The document discusses key changes in revised Guidance Note 10 (GN10) relating to corporate governance of authorized insurers in Hong Kong, including establishing a mandatory Board-level Risk Committee separate from the Audit Committee. Setting up this Risk Committee is one of the major changes in GN10. The Risk Committee is responsible for overseeing risk management systems and the risk appetite framework. It will be important for insurers to define their risk appetite and establish proper risk management processes to support the Risk Committee's functions.
Financial regulators have issued an advisory to remind institutions to remind institutions of supervisory expectations regarding sound practices for managing interest rate risk. BankRisk from TriNovus can assisit financial institutions with this requirement. www.trinovus.com
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
Financial regulators have issued an advisory to remind institutions to remind institutions of supervisory expectations regarding sound practices for managing interest rate risk. BankRisk from TriNovus can assisit financial institutions with this requirement. www.trinovus.com
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
Presented at the MENA-OECD Business Integrity Training, 22-25 April, Kuwait. Organised by the MENA-OECD Investment Programme in cooperation with the IMF-Middle East Center for Economics and Finance
Deloitte’s risk management philosophy – Risk Intelligence (RI), focuses on maintaining the right balance between risk and reward. Asking the right questions and finding effective answers to them is critical to developing the right risk management capabilities. Most organizations already have a multitude of Enterprise Risk Management (ERM) practices and processes to address risks but the lack of a strategic view to an ERM program, can expose risk management gaps and redundancies and prevent sufficient insight into key risk interdependencies
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
Enterprise Risk Management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings.
Enterprise Risk Management expands the process to include not just risks associated with accidental losses, but also financial, strategic, operational, and other risks.
In recent years, external factors have fueled a heightened interest by organizations in ERM.
Industry and government regulatory bodies, as well as investors, have begun to scrutinize companies' risk-management policies and procedures.
In an increasing number of industries, boards of directors are required to review and report on the adequacy of risk-management processes in the organizations they administer.
Since they thrive on the business of risk, financial institutions are good examples of companies that can benefit from effective ERM.
Their success depends on striking a balance between enhancing profits and managing risk.
In order for any enterprise to properly, effectively, and prudently manage their future growth, Business Strategy needs to be sustained by modern Enterprise Risk Management (ERM) principles and practices.
The Enterprise Risk Management discipline is not anymore a separate management profession or kinky management way, but rather it is a core competency that all organizations and executives must have in this Global Age. It should be a way of life for all.
This presentation reviews a recent emerging risks survey, including results and how they might be used. The presenter also discusses how an emerging risk strategy is being developed at an existing firm.
Resumen de textos sobre la Estructura Urbana . Autores: Alumnos de la Clase de Estudios Urbanos I UCV. Facultad de Arquitectura y Urbanismo. Escuela de Arquitectura Carlos Raul Villanueva. Unidad Docente Extramuros. Sede Barquisimeto. 2014
Presented at the MENA-OECD Business Integrity Training, 22-25 April, Kuwait. Organised by the MENA-OECD Investment Programme in cooperation with the IMF-Middle East Center for Economics and Finance
Deloitte’s risk management philosophy – Risk Intelligence (RI), focuses on maintaining the right balance between risk and reward. Asking the right questions and finding effective answers to them is critical to developing the right risk management capabilities. Most organizations already have a multitude of Enterprise Risk Management (ERM) practices and processes to address risks but the lack of a strategic view to an ERM program, can expose risk management gaps and redundancies and prevent sufficient insight into key risk interdependencies
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
Enterprise Risk Management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings.
Enterprise Risk Management expands the process to include not just risks associated with accidental losses, but also financial, strategic, operational, and other risks.
In recent years, external factors have fueled a heightened interest by organizations in ERM.
Industry and government regulatory bodies, as well as investors, have begun to scrutinize companies' risk-management policies and procedures.
In an increasing number of industries, boards of directors are required to review and report on the adequacy of risk-management processes in the organizations they administer.
Since they thrive on the business of risk, financial institutions are good examples of companies that can benefit from effective ERM.
Their success depends on striking a balance between enhancing profits and managing risk.
In order for any enterprise to properly, effectively, and prudently manage their future growth, Business Strategy needs to be sustained by modern Enterprise Risk Management (ERM) principles and practices.
The Enterprise Risk Management discipline is not anymore a separate management profession or kinky management way, but rather it is a core competency that all organizations and executives must have in this Global Age. It should be a way of life for all.
This presentation reviews a recent emerging risks survey, including results and how they might be used. The presenter also discusses how an emerging risk strategy is being developed at an existing firm.
Resumen de textos sobre la Estructura Urbana . Autores: Alumnos de la Clase de Estudios Urbanos I UCV. Facultad de Arquitectura y Urbanismo. Escuela de Arquitectura Carlos Raul Villanueva. Unidad Docente Extramuros. Sede Barquisimeto. 2014
New Insights And Practical Techniques For Measuring, Managing And Embedding Strategic, Credit, Market, Liquidity And Operational Risks. Providing regional practitioners with critical updates on the latest risk management landscape, up-to-date coverage of regional and international regulations,
as well as strategic insight and practical techniques to help improve risk design, management and implementation capabilities in financial institutions.
http://risk2014.iirme.com/en/Site-Root/
WhatsApp ha asumido un papel protagónico en la mensajería, a pesar de ser multiplaforma, no está disponible para PC…o eso creías hasta hoy.
No todas las personas disponen de un smartphone o simplemente no cuenten con un plan de datos, así que la PC será una solución excelente.
This white paper explains the concepts, legal requirements, strategies, and global framework for the implementation of risk management. It also deals with fraud and reputation risk management and how the negative reputation of an entity may harm the operations and profitability.
This white paper may be useful in performing the advisory role in Risk Management and Risk Governance.
“Today’s fast-paced business environment encounters a complex and ever-changing risk landscape that may negatively impact organizational value. The only way to respond to it is by having a dynamic and holistic perspective of the risk management approach to ensure business continuity.”
– Jack Zahran, President, Pinkerton
2017 coso-erm-integrating-with-strategy-and-performance-executive-summaryVALUES & SENSE
This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. The updated document, titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance.
APRA’s view is that
a sound risk culture is a core element of an
effective risk management framework. Risk
culture refers to ‘the norms of behaviour for
individuals and groups within an organisation
that determine the collective ability to
identify, understand, openly discuss and act
on the organisation’s current and future risk’
The GARP Buy Side Risk Managers Forum published Risk Principles for Asset Managers, a statement of best-practices guidelines prepared by senior risk management executives of leading investment firms. The Risk Principles document is updated and enhanced from a previous version published in 2008.
All organisations, whatever their size or market, face a range of risks affecting the achievement of their objectives. While “risk” is commonly regarded as negative, risk management is as much about exploiting potential opportunities as preventing potential problems.
Risk management comprises a framework and process that enable organisations to manage uncertainty in an effective, efficient and systematic way from strategic, programme, project and operational perspectives, as well as supporting continual improvement. Risk management applies at all levels of an organisation and to all activities.
In this A to Z, I’d like to cover some of the key areas of Risk Management and Treatment and give you a better understanding of this broad topic that underpins multiple quality and ISO standards.
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadAlexei Sidorenko, CRMP
Risk appetite refers to an individual or organization’s willingness to take on risks in pursuit of potential returns. It is an important consideration for businesses, as it can determine the types of investments and strategic decisions they make. A high risk appetite may lead to a focus on high-growth, speculative investments, while a low risk appetite may result in a preference for more conservative, steady returns. It is important for businesses to carefully assess and manage their risk appetite in order to make informed decisions and achieve their financial goals.
But before beginning the conversation about risk appetite, it is important to remember that most non financial organizations have already documented their appetites for different common decisions or business activities. Segregation of duties, financing and deal limits, vendor selection criteria, credit limits, treasury limits on banks, investment criteria, zero tolerance to fraud or safety risks – are all examples of how organizations set risk appetite.
What is risk appetite:
10% of the time risk appetite is imposed by laws and regulations, not set – Often risk appetite is imposed by government, regulators, markets, not set by management. Examples include zero-tolerances or limits on safety, bribery and corruption, AML, pollution, sanctions, privacy.
10% of the time risk appetite is the gentlemen’s agreement between Board and management – Boards have an important oversight role and help them set the direction and boundaries for management decision making. Those management decision making boundaries is risk appetite. Examples include deal approvals only by Board above a certain limit, limits on holding percentage of cash in certain pre-approved banks, market risk limits, credit risk limits, insurance thresholds, rules on credit limits for certain types of customers, limits on investments in different countries, etc.
80% of the time risk appetite is the risk reward trade-off for a specific decision – The key is making uncertainty around decisions presented to the Board transparent to allow decision makers choose the alternative which offers the most appropriate risk reward balance according to their individual appetites.
Download the full guide to read about documenting risk appetite, reviewing risk appetite, case studies and examples and addition video resources: Guide to risk appetite 2023
1. Risk Committee — Guidance
Note on Corporate Governance
GN 10 (Guidance Note on the Corporate Governance of Authorised Insurers) aims at
strengthening corporate governance within the Hong Kong insurance industry.
On 7 October 2016, the Office of the Commissioner of Insurance (OCI) issued a revised
GN10 in light of the recent developments in the Hong Kong insurance industry and
taking into account the best practices adopted in other jurisdictions.
1) An insurer is required to have a Board level Risk Committee, which should be
separated from the Audit Committee.
2) The minimum proportion of independent non-executive directors (INEDs) on the
Board has increased from one-fifth to one-third.
3) The Audit Committee should be chaired by an INED.
4) The Chairman should not be the chief executive or the appointed actuary.
5) Senior management is accountable for carrying out day-to-day operations and
implementing systems and controls.
6) An authorised insurer should establish a prudent and effective remuneration policy
which should not induce inappropriate or excessive risk taking. The revised GN10
states that sound remuneration practices are an important element to sound
corporate governance.
7) Insurers must have policies and procedures to identify, prevent, detect and mitigate
cyber threats.
8) An insurer should maintain business continuity policy and business continuity plans.
9) GN10 now applies to all overseas incorporated insurers which have total annual
gross premium income pertaining to Hong Kong insurance business in excess of
50%, (previously 75%).
10)For the requirements on the minimum number of INEDs, the establishment of a
Risk Committee and the requirements on remuneration matters, this Guidance
Note shall take effect from 1 January 2018. For the rest of the requirements, the
commencement date will be 1 January 2017.
One of the key changes is the mandatory requirement for insurers to
establish a Board level Risk Committee. It will be important for an insurer
to define its risk appetite and establish a proper risk management system,
which are necessary for the proper functioning of the Risk Committee.
Background
Key changes to note
Risk Committee
Highlights
The establishment 0f
a Risk Committee is
mandatory in the
revised Guidance
Note on the
Corporate
Governance of
Authorised Insurers
(“GN 10”).
While the Board
retains the ultimate
responsibility for risk
oversight, the Risk
Committee should
oversee the
establishment and
operation of the risk
management system
independently, as
well as the
implementation of
the appropriate risk
appetite.
2. 1. Responsibilities
The Risk Committee should be
established by the Board to provide
focused support and advice on risk
management, and is responsible for:
• Independently overseeing the
establishment and operation of risk
management systems;
• Advising the Board on the current
and future risk appetite;
• Overseeing senior management’s
implementation of the risk appetite
statement;
• Reviewing the adequacy and
effectiveness of the risk
management policies for material
risks (such as pricing, capital
management, market, liquidity,
operation and compliance);
• Ensuring sufficient resources are in
place for risk management; and
• Overseeing the roles and
responsibilities of the Chief Risk
Officer (“CRO”).
The risk management function should
have a direct reporting line to the
Board/Risk Committee to ensure its
independent assessment and prompt
reporting of risks.
The Risk Committee’s work should
include oversight of the strategies for
capital and liquidity management as
well as for all relevant risks, including
operational and reputational risks.
The Board, with senior management
and the CRO, should establish the risk
appetite and oversee adherence to the
risk appetite statement, risk policy and
risk limits.
2. Composition
The Risk Committee should comprise
an appropriate number of directors
preferably with a majority of INEDs.
Members should collectively possess
adequate knowledge and experience in
risk management. In our experience a
Risk Committee generally needs a
minimum of three members; at least
one of whom should be an INED.
3. Industry Observations
Some of our observations in the
industry are as follows:
• Many insurers only have a
management level Risk Committee,
whereas some rely on the Group
Risk Committee.
• Some insurers agree that there is a
lack of independence on the
current risk management function.
• Some insurers have not yet
developed a risk appetite
statement, or such statement is not
regularly reviewed by the Board.
• A number of insurers, particularly
those small and medium size
general insurers agree that there is
room for improvement of their
current risk management systems.
• Some of the Bermuda incorporated
insurers are comparing GN 10 and
the new Bermuda regulation and
are seeking to establish an optimal
model that complies with both
regulations.
We expect some insurers will have to
establish a Board level Risk Committee
in the coming year in response to the
revised GN.
If reliance is placed on the Group Risk
Committee, an assessment has to be
made by the Board to ascertain that
the authorised insurer's risks have
already been thoroughly covered by the
Group Risk Committee. In essence, the
Board retains the ultimate
accountability for the risk oversight.
It is expected that many insurers will
review the effectiveness of their risk
management systems and the validity
of their risk appetite.
4. Risk management system
A proper risk management system
helps provide better governance of an
insurer. This helps to define clear risk
roles and responsibilities and enables
clear risk communication and risk
reporting. In addition, it is more likely
that any issues will be identified and
managed before they become serious
business problems.
3. PwC has observed that leading insurers’
risk management systems extend the
governance, processes, and analytics of
managing risk into how the business is
executed along multiple dimensions of
the business model.
A robust risk management system
should help towards improved
business performance, lowered cost,
enhanced levels of compliance, and
optimised risk exposure.
5. Risk Appetite
Risk appetite is the level of risk that an
insurance company’s senior
management and Board define as
acceptable in pursuit of the
organisation’s objectives. When used
effectively, risk appetite provides a
structure within which opportunities
can be pursued by setting out which,
why and how much risk the company is
willing to take.
In our view, a risk assessment exercise
should be conducted by insurers as
early as possible to enable them to
highlight risks threatening the
achievement of their objectives.In
addition, this should enable the insurer
to build appropriate and consistent
Risk Mitigation Plans aligned with its
risk appetite and objectives.
As with most journeys which involve
defining the risk appetite of an
organisation, PwC anticipates that
companies will go through the
following processes:
• A sound and reliable risk appetite
must be documented and aligned
with the company’s strategy and
agreed with senior management;
• Both qualitative and quantitative
measurement should be considered;
• Risk appetite must be cascaded
down through each objectives of all
business units; and
• Management expectations in terms
of risk exposures should be
validated by assessing the potential
mismatch level compared to the
current risk profile.
6. Typical areas where
assistance is required
Based on our experience in other
markets and jurisdictions, Boards
sometimes need assistance in dealing
with the following when setting up a
Risk Committee:
i) Assess and enhance the risk
management governance structures
(e.g. roles, policies and procedures,
charters and committees);
ii) Develop and establish a robust,
sustainable risk management
framework;
iii) Develop a risk appetite statement/
framework and identify the risks
involved in implementing/not
implementing strategies;
iv) Assess risks and level of risk taking,
develop risk responses and
implement action plans, design and
implement controls to address
these risks;
v) Develop key risk indicators (KRIs)
and key performance indicators
(KPIs). Develop risk reporting
dashboards and establish risk
monitoring and escalating
procedures;
vi) Providing support in developing
methodologies, policies and
procedures to help run risk
processes; and
vii)Supporting Risk Committees (at
management or Board levels)
including developing their terms of
reference.