News Releases

Research Report Sponsored by ACE Reveals 10 Practical Ways to Improve Risk Management
May 30, 2009

NEW YORK--(BUSINESS WIRE)--In the search for what precipitated the global financial crisis and what can be done to prevent a repeat, the risk management function has emerged as both a potential cause and an area of opportunity.

The function has been thrust into the spotlight by the failures of financial services companies caught by the dramatic unraveling of financial markets that were underpinned by the leveraged accumulation of exposure to the housing sector.

“If you were a leader or risk officer at any financial services company over the past year, you learned painful lessons about the importance of protecting both sides of the balance sheet,” noted Sean Ringsted, ACE Group’s Chief Risk Officer and Chief Actuary. “A successful response to these lessons will help set the financial sector and the global economy on a more stable future course.”

While the function’s shortcomings may have contributed to the financial turmoil, with proper refocusing from lessons learned in the crisis, risk management may now hold the key to helping avoid similar problems in the future.

In a research report by the Economist Intelligence Unit that was sponsored by the ACE Group, interviews with financial sector participants, senior risk professionals and independent experts combined with study of current academic and industry thinking on risk management revealed 10 practical ways to address current weaknesses in risk management.

The steps outlined in the report include:

1. Senior executives must lead risk management from the top. Leadership and tone from the most senior level are essential. There should be appropriate board oversight of risk, usually through the audit committee or a risk committee. And the chief executive, as the “owner” of risk, must be seen to elevate the authority of risk management and build a pervasive risk culture.

2. Risk management must be given greater authority. Even if risk managers have the right tools, information and expertise at their disposal, this counts for nothing if they do not have sufficient authority to escalate concerns and curb excessive risk-taking. To address this problem, senior executives should ensure that risk managers have appropriate stature within the organization, and that this is thoroughly understood by the lines of business.

3. Institutions need to review the level of risk expertise in their organization, particularly at the highest levels. Financial institutions must be confident that they have sufficient risk expertise at the most senior level. Both Board-level executives and non-executives should have the tools and information at their disposal to understand the institution’s risk appetite and positions.

4. Institutions should pay more attention to the data that populates risk models, and must combine this output with human judgment. No matter how sophisticated, models are limited by the quality of the data feeding them. Even with the best available data, no risk management tool should be used in isolation, and quantitative methods should always be backed up with qualitative approaches and the vital inputs of human judgment and dialogue.

5. Stress testing and scenario planning can arm executives with an appropriate response to events. Stress testing must be integrated with the firm’s overall risk management processes, and mechanisms developed to ensure that the results are communicated to senior management in such a way that it is possible for them to formulate a clear response.

6. Incentive systems must be constructed so that they reward long-term stability, not short-term profit.Certain aspects of the bonus culture and remuneration models for senior financial services executives may need to be overhauled, with some of the rewards being withheld to match the maturity of the underlying business.

7. Risk factors should be consolidated across all the institution’s operations. Conversations about risk appetite and risk capacity should not be restricted to the risk function, but should take place throughout the organization. Equally, risk management should be tightly integrated into operations, and lines of communication should be clear enough that changes in risk levels can be escalated to the correct layer of authority before mitigation becomes impossible.

8. Institutions should ensure that they do not rely too heavily on data from external providers. Financial institutions must address their over-dependence on credit ratings, and supplement ratings with their own analysis, which should be continuously updated over the entire period of the investment.

9. A careful balance must be struck between the centralization and decentralization of risk. A central risk function, determined at a senior level, is essential in order to set risk appetite, implement and monitor controls and provide oversight of the firm’s risk position. But this must also be combined with an approach whereby risk is embedded in the regional office or business unit, such that each profit center has ownership of its own risks.

10. Risk management systems should be adaptive rather than static. The scale and unique nature of the problems that befell the financial markets in late 2008 illustrates the need to conduct continuous observations of the real world and feed these back into the risk management system on a regular basis. This enables the system to correct its inherent weaknesses and respond to changing business conditions.

Managing risk in perilous times:Practical steps to accelerate recovery
is available free to download through ACE’s website

About the research

The research for this report is based on a series of in-depth interviews with senior risk professionals and independent experts, combined with a process of desk research that comprised a review of current literature on risk management. Interviews and research were conducted by the Economist Intelligence Unit.

The ACE Group is a global leader in insurance and reinsurance serving a diverse group of clients. Headed by ACE Limited (NYSE:ACE), the ACE Group conducts its business on a worldwide basis with operating subsidiaries in more than 50 countries. Additional information can be found at: www.acelimited.com.

Contact:

The ACE Group
Stephen M. Wasdick, 212-827-4444
stephen.wasdick@acegroup.com