Risk Management is defined as the process of identification, evaluation and economically effective mitigation of past, present or future events or their impact that cause a Company to deviate from its stated objectives whether positively or negatively. These events can impact both the asset and liability side of the Company’s balance sheet, the Company’s profit and loss account, its cash flows, its earning capacity, profitability, ability to continue as a going concern, reputation and its intellectual and technological capital.
Risk management should be well integrated into the organizational structure and decision making processes and should include the following:
a) A clear Risk Appetite set by the Board of Directors;
b) An entity-wide assessment of risks across all risk types, including emerging risks; and
c) Management information that is timely, consistent and accurate and used for internal and external reporting.
The nature and extent of the systems and controls which a Company needs to maintain will depend upon a variety of factors including:
a) The nature, size and complexity of its business;
b) The diversity of its operations, including geographical diversity;
c) Past experience and historical performance;
d) The volume and size of its transactions; and
e) The degree of risk associated with each area of its operations.
The Company shall regularly review its management of risk in the context of relevant internal and external factors and changes in these factors.
The risk management strategy shall cover not only the identification, assessment, control and monitoring of risks but also contingency plans to deal with risks should they materialize, or adverse developments in important areas of risk. This will be augmented by stress and scenario testing tailored to the risk characteristics of the Company including:
a) The Company shall have in place an effective risk management framework consisting of strategies, processes and reporting procedures necessary to identify, measure, monitor, manage and report the risks on a continuous basis, at an individual and at an aggregated level, to which they are or could be exposed, as well as their interdependencies. The risk management system shall be effective and well integrated into the organizational structure and in the decision-making processes of the Company with proper consideration of the persons who effectively run the Company or have other key functions.
b) The risk management system shall cover the risks to be included in the calculation of the Solvency Capital Requirement, namely:
1) Underwriting Risk;
2) Market and Liquidity (Investment) Risk;
3) Credit Risk; and
4) Operational Risk.
c) Moreover it shall cover the risks which are not or not fully included in the calculation thereof. The risk management system shall cover at least the following areas:
1) Underwriting and reserving;
2) Asset–liability management;
3) Investment, in particular derivatives and similar commitments;
4) Liquidity and concentration risk management;
5) Operational risk management; and
6) Reinsurance and other risk-mitigation techniques.
d) With regard to investment risk, the Company shall demonstrate that it complies with the “prudent person” principle in addition to adherence to Section (4) of these regulations (Determining the Company’s assets that meet the accrued insurance liabilities).
e) The Company shall establish a risk management function which shall be structured in such a way as to facilitate the implementation of the risk management system.