Primary navigation:

QFINANCE Quick Links
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Financial Risk Management Best Practice > ERM for Emerging Risks in General Insurance

Financial Risk Management Best Practice

ERM for Emerging Risks in General Insurance

by George C. Orros

This Chapter Covers

  • An enterprise risk management (ERM) framework model;

  • ERM is now accepted as being a part of any general insurer’s modus operandi;

  • Three case studies are presented: American International Group (AIG), Long Term Capital Management (LTCM), and the Bhopal pesticide plant, India, owned by a subsidiary of Union Carbide;

  • With hindsight, many of the mistakes made by the case study companies were predictable. In practice the situation is not clear cut and responses are inevitably based on imperfect information;

  • Conclusions from the case studies.


This article focuses on the practical application of enterprise risk management (ERM) principles for general insurance undertakings in our world of “unknown unknowns” and the emergence of unexpected risks over time. Consideration is given to how the chief risk officer (CRO) can focus within an ERM risk and opportunity management framework, balancing risks against opportunities, while being resilient in the face of “unknown unknowns” and their emergence over time to become what are commonly referred to as the “known unknowns” and the “known knowns.”

ERM has been around for many years and yet it has had a chequered history, only recently starting to be fully adopted by companies in the UK insurance and financial service markets and elsewhere around the world. Elements of ERM have also been applied throughout the UK public sector agencies, including the National Health Service and other government departments.

Continued development of the regulatory environment and the sophistication of risk analysis techniques have changed the approaches adopted by general insurance undertakings in the United Kingdom and internationally. ERM is now commonly accepted as being a necessary part of any successful general insurer’s modus operandi, even if what “good ERM” means is not generally understood. ERM appears to be here to stay.

The empirical research used in this article is anchored in three well-documented case studies. These are the general insurance-related features of AIG (American International Group), LTCM (Long Term Capital Management), and Union Carbide. The results underlie the best-practice indications recommended for ERM practitioners.

Consideration has been given to the lessons learned and the early warning indicators that could (and perhaps should) have been used to detect the emerging risks in a timely manner and which could have influenced the CRO to have taken appropriate remedial action. It is recognized that, with the benefit of hindsight, many of the mistakes made by the case study companies appear predictable. In practice, however, in the heat of emerging reality, the situation is not so clear cut and responses are inevitably based on imperfect data and information.

Readers may find it useful to ask themselves the following questions while considering the material presented in this chapter.

  • Which key risk indicators and early warning indicators would you have used, why would you have used them, and how would they have informed your decisions?

  • How quickly would you have spotted the emergence of the unexpected event, and what would you have done about it?

  • What evidence would you have needed to convince the CEO to take the appropriate remedial action before it was too late?

ERM Framework Model

This article assesses the case study experience with reference to an ERM framework model and associated concepts of risk and opportunity management. The reader can make reference to this section to help them to analyze the case study experience and to build their own response to each of the three questions.

Literature reviews of ERM characterize the process as essentially one of risk and opportunity management, as a cycle which involves the main board functions, namely policy formulation, strategic thinking, supervisory management and accountability, and their control cycles. This is shown in Figure 1.

The control cycle can be further developed to form an ERM corporate governance model with the following elements:

  • corporate governance—board oversight;

  • internal control—a sound system of internal control;

  • implementation—appointment of external support;

  • risk management process—incremental phases of a six-stage iterative process;

  • identification of sources of risk—internal and external.

Figure 2 provides an overview of the ERM corporate governance model, which includes feedback loops to allow for iterations at each stage, the rationale being that it is futile to continue the process if the foundation stages are found to be flawed as a result of subsequent research and review stages.

The ERM process is a six-stage iterative process, as illustrated in Figure 3.

Each of the six risk management processes has inputs, outputs, controls, and mechanisms. The modes of data connectivity can be charted using the integrated definition for function modeling (IDEFO) process mapping technique, as illustrated in Figure 4.

Sources of risk exist both internally and externally to the business (Figure 5) and interact to generate new risks. Internal risk has its origin within and may (potentially) be controlled by an organization. An example is financial risk, the exposure to adverse events that can adversely affect profitability and may trigger closure of a business.

External sources of risk are sources of risk that occur at subnational, national, regional, and global/international levels. These sources are largely exogenous to the insurer, such as demographic trends; however, some factors may be influenced by the insurer or its peers (e.g. regulation which addresses market and consumer issues). External sources of risk include the economic, natural/physical, political, legal and regulatory environments, market structures and conditions, legislation, and sociodemographic and cultural factors.

Elucidating a firm’s risk appetite requires a consideration of “downside” and “upside” risks. Viewing risk appetite as the firm’s efficient risk frontier is a useful way of helping participants to map out the upside and downside risks in order to develop a more robust, realistic view of the likely dimensions of their risk appetite. The risk and opportunity management (ROM) matrix approach in respect of a general insurance undertaking visualizes the “risk-efficient frontier” concept using graphics to help the board and senior management to develop an approach which is both coherent and internally consistent. This is shown in Figure 6.

The emerging indicators and lessons for the future for each of the case study enterprises should also be considered. Risk and opportunity management involves a living organism (Figure 7). The processes and their feedback loops need to be constantly monitored and scrutinized.

The ERM processes need to be sequential and iterative, with active feedback loops; otherwise, as in an onion, a rotten inner core will not lead to a sound onion fit for human consumption. In the ERM utopia, with your real-time risk dashboard to help with real-time decision-making it is vital that you have total confidence in each of the early warning indicators.

Back to Table of contents

Further reading


  • Orros, George C. (2010), “ERM for Emerging Risks in General Insurance”, GIRO Conference and Exhibition, Newport, UK, October 12-15, 2010. Online at:
  • Orros, George C. (2011), “ERM for Emerging Risks in General Insurance”, Momentum Conference, November 30-December 2, 2011. Online at:

Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share