High-Performance Risk Metrics – Key principles of effective KRIs

Elizabeth Baker from Risk Management Practice Committee (RMPC) and Daniel Cheng from TAL presented at the 2022 All-Actuaries Summit in Melbourne on High-Performance Risk Metrics.

The presentation focused on the challenges that many actuaries face in monitoring key business risks (both financial and non-financial) and the principles of designing appropriate risk metrics. The key message was to focus on identifying risks and fragile areas that are “business critical”, then take actions to manage them appropriately.

A common pitfall many financial services companies encounter is to rely heavily on the Risk Management Framework (RMF) set by APRA in CPS220. This may unintentionally constrain the development of their risk taxonomy and risk metrics. Therefore, it is important to review and refocus the RMF to broaden perspectives from the traditional actuarial focus area of financial risks and beyond the “CPS220 requirements”. This should include understanding and evaluating the uncertainty introduced through emerging risks, such as climate risk, socio-economic and cyber-security/information technology issues.

Another common “pain point” of risk management is the lack of signalling power of key risk metrics.  Having “too many” (and overlapping) risk indicators can encourage a “box-ticking” mindset and overwhelm risk managers. So too having many green-rated metrics can create a false sense of security. Hence, designing relevant and fit-for-purpose Key Risk Indicators (KRIs) that highlight genuine risks and areas of fragility is likely to be the most effective in signalling key risks and when .

The presentation covered 11 principles for designing high-“P-E-R-F-O-R-M-A-N-C-E” key risk metrics. They are:
  • Practical
  • Easy to use
  • Relevant and refreshed regularly
  • Forward-looking
  • Owned
  • Regulation
  • Measurable
  • Adequate
  • New
  • Complete and
  • Environment.

Risk metrics should be linked to specific actionable responses and relevant stakeholders, so that a risk mitigation strategy can be promptly prepared by the right group of people once the risk is identified. KRIs need to be quantifiable, comprehensive, and not overly complicated so that they can signal powerful warnings when things are going wrong. KRIs should be reviewed regularly, as the business and external environment change over time and focus on the most fragile areas. Lastly, actuaries should also consider including forward-looking elements/features on risk metrics, to stay ahead of risks and put in mitigating strategies before they develop into serious concerns.

Two case studies were also presented, the first was on claim management and the second was on customer complaints.

The claim management case demonstrated how actuaries could contribute to claim resourcing management by adding forward-looking components into the risk management practice. For example, income protection (or GSC) can be a difficult product to manage from a claim management perspective, as claimants need to go through various claim statuses before the end of the claim cycle. The following diagram illustrates the various paths of claim status conversion:

The variation in claim movement from different claim statuses makes it challenging to determine how many claim managers are needed.  If too few claim managers are available to assess new claims coming in through the system, more claims will be at the “Pending” status, creating, for example, operational risks. This may lead to reputational risk, given it will be harder for claimants to promptly receive compensation when they need it the most. An under-resourced claim team can also lead to financial losses, given less time could be dedicated to reviewing the ongoing eligibility of claimants on long-term benefit periods. Having actuaries to support the workload analysis using Markov Chain projection techniques (i.e. a more forward-looking approach) can help with claims resource management.

Similarly effective customer complaints risk metrics are also difficult to create. Many entities do not capture complaints data in a measurable format. Even when data can be made available for analysis, there is also friction in translating observations into actionable changes or improvements. Very often, there is a lag between risk events and our recognition of them, leading to the need for expensive remediation projects. Hence, once data have been collected, sorted and presented, forums/deep-dive sessions should be regularly scheduled for stakeholders to understand the learnings, as well as to discuss follow-up actions. 

In summary, effective risk management practice requires actuaries and risk managers collaborating to:

            1) Design risk metrics that are fit for purpose;

            2) Perform forward-looking modelling using appropriate data; and

            3) Promote discussions that generate actionable insights.

CPD: Actuaries Institute Members can claim two CPD points for every hour of reading articles on Actuaries Digital.