Risk Assessment Software

LS&A Risk Assessment Software
“RATE” (Risk Assessment, Tests and Evaluations)

Over the last number of years, LS&A has been working with emerging market countries to develop relatively simple and straightforward models for assessing risk in insurers, using those ratings as a basis for the allocation of supervisory resources.  The basic premise of risk based supervision is clear:  determine which insurers within the jurisdiction have the highest risk of solvency failure, take account of the systemic impact of failure and prioritize supervisory attention on the basis of those parameters:  easy to say, but not so easy to do.

The simple system previously favoured by LS&A and many emerging market supervisory agencies was based on risk assessment according to the CARAMELS acronym: Capital adequacy, Asset quality, Reinsurance, Actuarial and Adequacy of claim provisions,Management, Earnings, Liquidity and Self-dealing.  An assessment is made under each category, usually based partly on financial ratios and partly on observations from on-site inspections.  The assessment framework should be formalized, consistent and as objective as possible.  While the CARAMELS approach has been found to yield a reasonable basis for supervisory prioritization, it was adopted by supervisors well before the emergence of modern risk management theory.

Over the past few years a number of developed countries have put in place much more complex assessment systems that are in line with risk management theory.  The Canadian risk assessment framework is one such example, an overview of which can be found at http://www.osfi-bsif.gc.ca/app/DocRepository/1/eng/practices/supervisory/framew_e.pdf.  However these types of approaches typically require experienced personnel and significant resources.  Systems such as these are generally not practical in emerging market countries.

The challenge for LS&A has therefore been to come up with a much simpler system – but one which at a high level is entirely congruent with the approach that has been adopted by OSFI and many other developed country supervisory agencies.  An overview of the approach is shown in the diagram below:

Click to enlarge

The scheme illustrated above is based on modern risk management theory.  When risk management professionals assess risk in financial institutions, they first consider a number of inherent risk areas.  These risk areas arise simply as a matter of doing business, with no consideration as to how well the risks are being managed

For example, we know that Liability Insurance is more volatile and unpredictable (and hence more risky) than Homeowners’ Insurance.  Similarly, we know that a portfolio of common stocks has inherently greater risk than a portfolio of government bonds.  So in the first part of the risk assessment process we evaluate the main inherent risks being faced by the insurer.  (Although there are many possible ways of categorizing both inherent risks and risk management processes, the categories shown above seem to us to be generally useful for insurers.  However, individual supervisors may wish to use somewhat different descriptors and either more or fewer distinct categories – details such as these do not alter the fundamental approach.)

After making an assessment with regard to the inherent risk level of an insurer we can turn our attention to considering how well the business risks are mitigated by the company’s processes of risk management, corporate governance, internal controls and operational management.  The result, as shown below, is to arrive at the Net Risk level for the insurer.

Click to enlarge

But we also have to take account of the current financial strength of the insurer, i.e. its actual capital position relative to its obligations.  This is because the process we have described so far looks only at the riskiness of the insurer’s business and the extent to which it is able to effectively mitigate its level of inherent risk through sound risk management process.  No consideration has been given to the financial strength of the insurers themselves, i.e. their ability to bear risk.  Clearly, if two insurers have the same degree of net risk, but one is financially strong and the other is weak, the stronger insurer has the capacity to absorb more significant financial shocks than the weaker insurer.  Consequently the weaker insurer should receive a higher level of supervisory attention than the stronger insurer.  In a related way, an insurer with a strong earnings history is likely to be able to take on somewhat more risk than an insurer with a record of weak or unreliable earnings.

In summary then, we have as follows:

Business Risk – Effectiveness of Risk Mitigation =


NET RISK modified by the strength of the company’s capital
resources and quality of its earnings =


The Composite Risk Rating is the final risk assessment for the insurer, resulting from a consistent and formalized series of steps where we consider the inherent risks faced by the company as a result of its business profile, the extent and quality of the risk management processes that it has put in place and finally, the current financial strength of the insurer.

At a high level, the foregoing approach describes the methodology being used in many developed countries in respect of both banking and insurance.

In tailoring the approach for use in emerging market countries, however, LS&A has developed a series of benchmarks that are incorporated into an Excel format software program named RATE[1] (Risk Assessment, Tests and Evaluation).  This makes the entire rating process very user friendly and at the same time provides consistency of application, objectivity and ease of comparability between company risk assessment levels.  The software permits various weightings to be easily assigned to different parameters in the rating process, corresponding to the individual supervisor’s views as to the importance of different factors within his or her business environment.  RATE also takes account of situations where one or two extremely high risk situations could outweigh the entire remaining set of benchmark variables. 

RATE does not replace common sense and careful judgement: the human ability to detect highly unusual developments which could not be foreseen and taken account of by a pre-recorded set of benchmarks.  RATE does, however, provide a highly useful first review with regard to an insurer’s risk level, which in most cases will be confirmed by subsequent analysis.

LS&A fine tunes RATE for use in the actual operational environment of each jurisdiction in which it is to be employed.

[1] ©Lawrie Savage & Associates Inc. 2009