This article is based on a speech given at the Insurance Internal Audit Group in London on 30 September 2005.
Until fairly recently, the management of credit risk was a topic that banks were supposed to be experts in. The traditional view for others, such as insurers and fund managers, was that credit risk was primarily related to the evaluation of market or investment risk (as this is usually dictated within the investment guidelines prescribed by the policy holders).
Today, the need for insurers to improve the management of credit exposures has come into sharper focus because there have been a number of regulatory papers looking at the way the industry manages credit, which suggests that there are still potential weaknesses in the way credit is managed in insurance companies. The scope of what people commonly refer to when they talk about credit risk is their exposure to:
- Counterparty risks to other financial institutions.
- Pre- and post-settlement risks.
- Liquidity risks in unwinding positions taken on default.
Nowadays, policyholders’ funds permit increasing flexibility in the use of complex derivatives and hybrid securities. This has encouraged the need to improve the level of sophistication in the way in which credit exposures are measured and reviewed. Examples include the growing importance of CDOs, credit swaps and long/short-term strategies employed by absolute return funds where pressure is being put on policyholders to experiment and invest seed capital in such vehicles.
Why is Management of Credit Risk Important?
Often, the management of investment risk is undertaken at arm’s length by asset management divisions of the insurer or indeed third party fund managers. In the case of the asset management arms, the need for credit policies, committees and independent credit analysts has, historically, been open to debate for two reasons.
First, the asset manager manages investment risk largely for the policyholders and not for the life company’s proprietary account. Secondly, the ability to measure and restrict credit exposure by, for example, using credit limits, is not a straightforward matter, as holdings of one line of stock will be spread over dozens, if not hundreds of third party funds.
The justification for continuing to use a streamlined or light-touch credit process has been reconsidered in some cases. The introduction of complex financial instruments tends to cause audit committees and policyholders to question the efficiency of the underlying credit risk management process. Typical issues include the following:
- How often do you obtain accurate and timely information about policyholders’ largest credit exposures?
- When the rumours start about a particular issuer, how quickly can you assimilate the information you require to gauge the aggregate exposure?
- Do you really have an accurate and comprehensive report or system that lists your exposure to one issuer – for all types of instrument, including the market risk component of a credit derivative?
- Can you segregate your own proprietary exposures that are for the company itself with those of your clients or policy holders?
Internal Audit versus Risk Management Relationship – Conflict or Cohesion?
Nowadays there is a demand for a commercial approach to risk management and audit. This tends to work best where both credit risk manager and audit know exactly where they stand in relation to each other. The challenge is to make the business understand the difference between the credit risk function, if it exists, and internal audit.
The traditional approach to credit risk is changing as risk managers realise that there now has to be a more transparent demonstration of objective credit assessment and monitoring. For example, many no longer consider it to be common practice to rely on the ratings assigned by the major rating agencies without some evidence of discretionary judgement about a potential counterparty.
This doesn’t mean, however, that the industry has to impose a cumbersome layer of bureaucracy in introducing new committees, lengthy policy documents and so forth. But it does mean that management has to show greater evidence that it is acting in the best interests of policyholders by saying ‘no’ to credit risk when the right circumstances dictate.
What Does a Risk Manager Do?
The risk manager’s role is to clarify, communicate and prevent something that shouldn’t happen from happening. This is the measure of success. No one will give credit to a risk manager for giving them a long list of all the risks they face (some of which may not even exist) if in the end there is no proof that the risk controls work or that if they didn’t the same error would occur anyway.
For a credit risk manager to work effectively, they have to have a solid commercial understanding to evaluate credit risks from a front office perspective but not go too far over the line of impartiality to the point where they accept risks that are not within the tolerance of the organisation.
This is effectively a model that has applied for a number of years in the banking world, notably in treasury and capital markets. One of the obvious examples of having a treasury risk management team is having them actually located on the trading floor. This way the risk team is close to the pulse of what’s happening. Credit markets now move very fast and you cannot afford to monitor them from a distance. They need to understand and explain the credit products, they need to get on the right side of the traders and salesmen and be trusted by those with the power of sanction and approval. The relationship between dealer/fund manager and credit approval body can be somewhat hostile and contradictory.
Common Weaknesses
First there is often an absence of a clear independent dividing line between the credit monitoring process on a daily basis and the actual management of the investment portfolio. Typically, the rule has been to follow the policy-holder investment guidelines as prescribed in the mandate. Assuming that the mandate is up to date, there are unforeseen gaps in the specifics of what type of instrument can be traded and with which counterparty. In some cases, this discretion is left to the investment function, which exercises this discretion in the correct manner. There can be instances where a lack of clarity in the mandate has given rise to uncertainty about what is and what is not allowed by the policyholder fund.
A credit committee that meets only occasionally (if it exists) can only review what has happened in retrospect and decide how and whether to change policy. What many are now finding is that an active overseer has to be on the floor or at the front end to check that the right decisions are being made. This offers the advantage of allowing the investment professional to refer to a source if there is any uncertainty.
Another common weakness is that the information systems available do not often permit a timely picture of the exposure to any one counterparty. This is required not only to be aware of potential errors that could prove costly but is also usually a corporate requirement in managing treasury policy effectively. A treasury policy will normally specify tolerance limits for particular counterparties, depending on rating, maturity and instrument type.
Even the banks now tend to outsource their technology requirements for credit exposure management to large vendors as these large scale implementations are often too costly or cannot be maintained effectively to warrant building aggregate exposure management systems in house.
A third weakness lies in the process – the policy and the credit committee. Credit policies, if they exist, are often lengthy wordy documents with wholesome statements on being conservative about credit risk without actually specifying how the risk is monitored. To be effective, a credit policy should be clear and succinct and used as an active source of reference, not just in case there is a visit from the regulators.
A credit committee should have representation from key areas of the business and not just the supervisory functions, such as legal, compliance, audit and risk. This ensures that there is a balance of commercial understanding as well as deep-rooted technical understanding in the forum.
Credit Risk Action Points
- Involve those who make the investment decision and avoid a ‘them and us’ culture where decision-making results in arguments.
- A pre-emptive approval process needs to be able to react quickly – investment decisions cannot wait until the next committee meeting a week later.
- The evaluation of credit risk must include the efficacy and integrity of the legal documentation that underpins the instrument involved and the relationship with the counterparty.
- Review limits regularly so that they are realistic and not excessive in relation to the exposures concerned.
- Don’t get over-influenced by the strength of the commercial relationship with the counterparty.
- Diversify the research you receive and don’t just rely on one supplier – opinions often differ.
- Don’t just rely on the written page, speak to the analyst and ask the counterparty direct questions.
- Implement an effective monitoring function but don’t prevent business.