My Gratitude Towards Lombard International Assurance
- Pages: 20
- Word count: 4823
- Category: Gratitude
A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteedOrder Now
My gratitude towards Lombard International Assurance…
My time at Lombard International Assurance as a Risk Trainee was a great opportunity for learning and professional development. I deeply consider myself as a very lucky individual as I was provided with a possibility to be a part of it. I am also grateful for having a chance to meet so many amazing people and professionals who led me through, and supported me throughout this internship period.
Bearing in mind previous, I am seizing this moment to express my deepest gratitude and special thanks to the Risk Function of Lombard International Assurance who, in spite of being extraordinarily busy with their duties, took time out to hear, support, guide and keep me on the right path and allowing me to carry out my projects at their esteemed organization.
I express my deepest thanks to Henrik Hutz, Xavier Krikorian, and Gabriel Tammaro, Senior Risk Specialists for giving necessary advices and guidance. I choose this moment to acknowledge their contribution gratefully.
It is my radiant sentiment to place on record my best regards, deepest sense of gratitude to Mr. Erhard, Chief Risk Officer, Ms. Gomez, Head of Risk, Ms. Valverde Vaquero, Senior Risk Specialist and Ms. Urban, Risk Analyst for their careful and precious guidance which was extremely valuable for my study both theoretically and practically.
I perceive this internship as a big milestone in my career development as it helped me to discover the financial industry from a brand-new standpoint. I will strive to use gained skills and knowledge in the best possible way, and I will continue to work on their improvement, in order to attain desired career objectives. Hope to continue cooperation with all of you in the future, Sincerely,Victor
Lombard International Assurance: Company Presentation
While the world is watching the United-Kingdom and waiting for the final draft of the BREXIT agreement, Luxembourg is growing fast and steadily. With an open economy, a high growth potential based on balanced macroeconomic foundations (GDP real growth rate: 2,7% in 2014, approximatively 3% in 2018), the Capital of the European Union (one of the three, alongside with Brussels and Strasbourg) is a first-rate financial marketplace and the leader of the European Investment Funds industry. In 2014, 150 banks operated in Luxembourg, according to the Luxembourgish government. In 2016 the national insurance sector broke a record year, increasing the net profits after tax to €1,808 billion, a considerable rise of 45.7% compared to the previous financial year.
What makes Luxembourg so special lies into its highly advantageous regulatory environment. Today, Luxembourg life assurance contracts offer lots of advantages such as a unique level of investor protection, a high flexibility in contract design and asset allocation (alongside with fiscal neutrality and confidentiality guaranteed by law – GDPR –). Most Life Insurance Companies (LIC) in Luxembourg are specialized in Unit Linked life insurance contracts. It enables investors to combine insurance cover with the potential for capital growth. As mentioned a little before, one of the main strength of the Luxembourg life assurance contract is that the law stipulates that assets matching an insurer’s liabilities must be deposited with a bank (namely a Custodian Bank) approved by the Commissariat Aux Assurances (CAA). Each life assurance company has to sign a depositary agreement with one or several custodian banks have it approved by the CAA – this is what is called the Triangle of Security. Thanks to this mechanism, the assets are clearly and legally separated from the company’s assets and lodged in a separate bank account.
The Unit-Linked Life Assurances
Lombard International Assurance (LIA) has been leading the unit-linked life insurance industry for years now. Since its acquisition by BlackStone Group LP. the company has outperformed the market continuously. With over 25 years of experience in partnering with the advisors of ultra-high net worth individuals and institutions, the company has now more that 70 billion of assets under administration and converted more than 3 billion in premium income for the third time in a row in 2018. Last year, the company converted 3,2 billion euros of premium income. It is more than any of its competitors – almost 1 billion more than the second biggest Life Insurance in Luxembourg according to the Luxembourg Insurance and Reinsurance Association. As of today, LIA is operating in more than 20 countries and its main offices are based in Philadelphia and Luxembourg. Its strategic locations are widely spread over Europe and the Americas; Brussels, Paris, Milan, Rome, Geneva, Lugano, Zurich, Miami, New-York, Mexico, Singapore and Hong-Kong.
Lombard’s expertise globally lies into its capacity to tailor its wealth solutions by using the unit-linked life insurances. The company has four main assets: its wealth planning knowledge and expertise, its deep technical knowledge across multiple jurisdictions allowing cross-border portability, and its willingness to on-board non-traditional assets (Real Estate, Private Equity).
Unit-linked life assurance is a proven, internationally recognized instrument. James Chen once described unit-linked life assurances as “investment options” that are structured “similar to a mutual fund”. The vehicle calculates a daily net asset value and is market-linked and appreciates with increasing share value. When an investor purchases units in a unit-linked life plan, he/she is purchasing units along with a larger number of investors, just like an investor would purchase units in a mutual fund.
Since Risks can come and arise in many forms (from regulatory and jurisdictional responsibilities, to market currency exposure, etc), it becomes more and more difficult to protect the assets of the policyholders. Fortunately for Lombard’s clients, the Grand duchy of Luxembourg has developed a security system allowing high quality “macro” risk management.
The Luxembourg Advantage
Lombard being based in Luxembourg, it is subject to the Grand Duchy’s unique policyholder protection system. As mentioned earlier, this is called the triangle of security. For one policyholder, the triangle of security could be depicted as follows;
- Triangle of Security
- Approved Custodian Bank
- Lombard International Assurance
- Commissariat aux Assurances
The robustness of the triangle of security is based on several factors. The CAA is responsible for supervising the industry as a whole. It usually approves the appointment of a custodian bank, and almost every kind of partnership a LIC would like to settle. It obviously carries out regular monitoring of policyholder asset and the way they are invested. Last but not least, it monitors the insurance companies’ solvency. As per Solvency II, any insurance company is obliged to submit an Own Risk and Solvency Assessment – the idea being to make sure that these companies have enough capital to thrive in times of crisis.
The custodian banks are entirely dependent from the CAA and Lombard. The assets being hold off the balance sheet of the custodian, if the bank fails, these securities remain in segregated client accounts.
The mix between these three vertices of the Triangle of Security allow a highly performant Risk Management. Either of the three could fail, the assets of the policyholders would remain protected.
On daily basis, the company is still facing many risks. The CAA cannot manage the company’s strategic and operational risks. However, it is monitoring the management of these risks. One of the most important aspect of Lombard’s strength is also its willingness to invest in and stick to a strong risk management framework. This includes the management of Operational, Financial, and Strategic Risks.
Operational Risk: Origins
Operational Risk could commonly be defined as the risks a company undertakes daily, when attempting to operate within a given area. Historically, according to Russel Walker, “The origins and notions behind the word “risk” have a heritage rooted in operational risk and specifically the perils and uncertainty of sea commerce in Mediterranean culture.” The losses from sea transit were deemed as a risk and linked to the unpredictable, unreadable nature of the sea. The word “risk” first appeared in the English language as part of the insurance terms. In the financial services industry, the Basel accords (II, III) define operational risk as what’s coming from “inadequate or failed internal processes, people and systems, or from external events”. This does not give us any hint on the sources of operational risk except the fact these risks or even the way to predict or avoid it. In contradiction with the most common sources of risk, the operational risks are not derived from the Company’s investment activities, but rather from its operations themselves. It is often said, “to be the cost of doing business”.
As mentioned earlier, it could be defined as the risks undertaken while attempting to operate within an area; it is not severable from doing business.
As it is tied to “a failure that results in a cost to the firm”, there is a challenge in managing operational risk since, for numerous firms, the measurement of the means is less important than the measurements of the ends. To manage operational risk, a company needs revealing the risks embedded in business decisions. Indeed, it requires a thorough understanding of the means and the path to the outcome (i.e. the way of doing business).
Operational Risk: Sources
The current Basel framework enables companies to assess the needed economic capital for operational risk, across the business lines. Different types of Operational Risk arise while operating;
- Internal Fraud (Unauthorized transaction resulting in monetary loss, for example),
- External Fraud (Branch Robbery, Hacking Damage)
- Employment Practices and workplace safety (employee discrimination issues, inadequate employee safety issues),
- Clients, product, and business practices (Money Laundering, poor product execution),
- Damage to physical assets (natural disasters, terrorist activities)
- Business distribution and system failure,
- Execution, delivery and process management (data entry error, incomplete or missing legal documents) …
Since 2005, operational risk has significantly increased. Mainly tied up to the interactions with clients and execution of products, the concentration of the occurrence of Operational Risks differs amongst insures and banks.
With an increasingly complex environment, the development of new and untested products, the development of automation and digitization, the impact of operational risk is higher every year. To support its activities, Lombard has developed a strong Enterprise Risk Management framework (ERM). Commonly defined as the methods and processes used by companies to manage risks and seize opportunities related to the achievement of their objectives, a solid ERM Framework allows companies to hedge and manage their Strategic Risks. These Risks can be split out into three main categories, each of which can be split out into several well-known risks. Within the Life Insurance Industry, the Strategic Risks can be divided as follows:
- Insurance Risks: including Product Design and Pricing Risk, Underwriting and Claims Adjudication Risk, Insolvency Risk and Reinsurance Risk.
- Investment Risks (Financial Risks): Credit Risk (or default risk) and Market Risk. Even though Lombard was not directly affected by the market movements, most of the LIC are exposed to various kind of risks such as the Currency Risk, the Liquidity Risk, or the risk of a stock market downturn.
- Operational Risk: including all the risks associated with the execution of the Business Process (BP) and the Legal and Regulatory Compliance Risks.
Of course, companies have been managing risk for years. Indeed, most Life Insurance companies’ value depends (more or less) directly on its risk management policy. For example, a strong risk management policy reduces the probability of financial distress and as a consequence, affects the premiums potential customers would be willing to pay.
Lombard’s Operational Risk Framework
In this paper, we will essentially focus on Lombard’s Operational Risk Management Framework (ORMF). The ORMF includes factors within the organization such as an incident management tool, key risk indicators, control and control self-assessment, and loss of both external and internal data. An effective and strong ORMF is achieved through several processes involving governance structure, operational risk identification and assessment, measurement methodologies, policies, procedures and processes for mitigating, monitoring and reporting of operational risks.
The ORMF at Lombard is managed by a team of seven brilliant specialists, within the Risk Function. Their role, although extremely diverse due to their respective backgrounds, are focused on protecting the company by creating a common understanding of risks across the firm. As mentioned a little earlier, every and each member of the Risk Function possesses a different background. Some of them came from a more quantitative risk analysis background, whereas others came from an Audit or Legal background. This interesting combination of knowledges and understandings of the Life Insurance Industry yields in a department-oriented segregation of duties. Each Risk Analyst/Specialist was responsible for one or several departments amongst the many areas of the company. They played the role of Risk Single Point of Contact (Risk SPOC). As such, they were responsible for supporting Lombard’s department with their daily risk management activities.
The Risk Function rely on a couple of monitoring software, allowing them to manage all of the aspects of the ORMF. For example, the incident management software used at Lombard allowed them to monitor the incident logging within the company. An incident is the realization of a Risk Event, which is itself related to a broader Operational Risk.
My responsibilities at Lombard International Assurance
When I first arrived at Lombard International Assurance, my knowledge and understanding of the Life Insurance Industry was extremely limited and restricted to what I had learnt through my readings and personal development activities. Over the first few weeks within the Risk Function, I have had to fill the gap between a narrow theoretical and technical knowledge and the basic requirements for getting the job done.
As a Trainee within Lombard’s Risk Function, I was highly involved in supporting the Risk Specialists in their daily activities. I could easily divide my time at Lombard in several different types of activities; I was involved in supporting the internal control activities, helping in raising risk awareness across the company, in the update and maintenance of the control framework through the update of Lombard’s procedures, the process automation exercise, and the creation of key risk indicators and key performance indicators. For the sake of the research question I have developed and that will introduce later on this paper, we will mainly focus on the Key Risk Indicators and their impact on business decisions. I will quickly describe some of these tasks below.
The Control Self-Assessment
To achieve its Risk Management goals, a company needs to prepare and execute a Control Self-Assessments (CSA) on a regular basis. It is defined as one of the most effective approaches to identifying and managing areas of risk exposure, as well as highlighting potential opportunities.
A CSA could be led different ways, depending on the technological environment of the company. At Lombard, we used an in-house tool derived from the audit software from Morgan Kaï Insight. The first steps to prepare a CSA is to reduce the scope of controls to be assessed. Generally speaking, the Processing Controls Involving Senior Management, the Independent Controls, the Key Controls, and the ICFR Relevant controls are to be assessed.
Once the list set up, the Risk Function launches and supervises the CSA via its tool, MK Insight. It is about the department’s responsibility to provide a clear, accurate, and reliable assessment of the controls. A control, when assessed, can be labelled as Efficient or Inefficient. If the latter best describes the current state of the control, a description and a root cause need to be drafted. Amongst the different root causes, we can find some Design Issues, the width of the control’s scope, as well as the inaccuracy of the underlying process.
As mentioned earlier, an efficient ORMF includes a strong control environment, a proper implementation of these controls, and regular reviews of processes to ensure a continuous refreshment of the whole.
Updating the underlying procedures
Lombard has a strong inclination for clear and understandable process mapping. They have dozens of policies, describing macro processes, to which are related hundreds of procedures. It was my responsibility to make sure that these procedures were updated timely and properly. The aim was basically to ensure that the controls related to these procedures were still updated and in line with the details of the procedure.
Even though this task sounds like a monkey job, it was highly interesting and I received a broad exposure to all of the processes in the company.
Creation of Key Risk Indicators
To support the Risk Specialists on their daily analysis of risks, I was in charge of creating dynamic, precise, and accurate Key Risk Indicators and Dashboards. I have been given the responsibility of creating indicators for the company’s concentration and distribution risk.
To do so, I have to manipulate broad databases listing historical data from the company’s activities. Over time, various Incidents are logged in Lombard’s monitoring tools. These events are quite well known. They are being assigned likelihoods and impacts, so that any Analyst could deduct their materiality as easily as possible.
These indicators, once created and approved, were sent to the Audit and Risk Committee and the Risk Oversight Committee. This would allow the top management to make decisions based on historical data and past events.
But, what if the future was not limited to what happened in the past?
Operational Risk Management and Black Swans: can we protect the company from the highly improbable?
Regulators now require Life Insurance Companies to assess and measure their operational risk, as part of their indicators for solvency. As of today, many researchers have focused on operational risk and addressed the topic of quantification of these risks. Since measurement of risks has become an essential tool of business management, several quantification approaches have been developed and applied.
Quantifying Operational Risks
Most of the literature addressing operational risk focus on financial institution with a strong emphasis on banks and insurances. As I could not identify best practices in quantifying operational risks during my time at Lombard (mainly due to a lack of mathematical inclination), I decided to explore this field with a different stand-point. I will try to understand the way Risk Specialists can quantify and assess what we could qualify as a rather “qualitative” risk.
The first feeling could be that operational risks are difficult, if not impossible, to quantify. Even if it were not, “the range of incident (losses) would be hard to categorise, and hard to predict,” according to the Institute of Actuaries (2004). For an Operational Risk Event to be correctly assessed and quantified require data. With the latest advances in computer science and data analytics, the analysis of data has been eased significantly.
There a several quantitative methods that might be used to quantify the impact of operational risks. Even though these techniques have evolved over time, I listed a couple of them to give a first hint on this activity:
- Statistical/Curve fitting: it covers several aspects such as empirical studies, maximum loss approach, theoretical probability distribution functions and regression analysis.
- Frequency/Severity Analysis: this approach, quite similar to the one used at Lombard, covers the frequency/intensity of the risk events, the extreme value theory and stochastic differential equations.
There are plenty other ways of quantifying operational risks. But we could quite easily notice some patterns among these two approaches; both include potential scenarios.
In order to assess the severity of risk, several factors are to be taken into account.
- First of all, the frequency of its related risk events. Ranging from very low to very high, operational risk events are given a first stamp based on the likelihood for them to happen over a certain period of time.
- Second of all, the potential financial impact of the risk has to be assessed. Ranging the financial impact of a risk event from a very low to very high, and combining this impact together with the likelihood of the event, the company has a first grasp on the potential capital required to achieve compliance with the regulatory requirements.
Even though past performance cannot be taken as a fully accurate indicium for future performance, the amount of data gathered by the Risk Function concerning the operational risk events would allow better and more accurate quantification of the potential impact of the risk events.
The theory of the Black Swans
As such, a strong scenario analysis of the operational risk events identified by the company can help it to remain solvent by saving the minimum capital requirement to thrive.
However, I have always been curious to understand to which extend can the ORMF protect a company. We can easily think that the “too big to fail” bank and financial institutions had broad Risk Departments and strong Risk Management practices before the global crisis of 2008. Yet, they failed. How come? This raises the question of the accuracy of a forecast of potential losses based on past events. To some extent, companies remain completely vulnerable and defenceless against the impact of the highly improbable.
Nassim Taleb introduced the metaphor of “Black Swan” to describe extreme outlier events that come as a surprise to observer, with an unprecedented impact on the current state of the world (or the company). This metaphor is based on the assumption that there is a real difference between the following two statements: “evidence of no black swan” and “no evidence of black swans”. Most people think they know black swan events – they should think again. Black swan events are, by definition, impossible to predict. Once they have occurred, the observer usually rationalises that he could have predicted it. In reality, this is absolutely impossible.
Let’s take a concrete example. My grandmother has always raised chickens. From my very own stand point, the chickens are supposed to end up in one’s plate. Why? Because, based on historical data, 100% of chickens at my grandmother’s house ended up in one’s plate for Christmas. From the chicken’s standpoint, there is no evidence of such event. Since it was born, it has always been fed and my grandmother took good care of it. From day 1 to day 99, the chicken has lived a peaceful and agreeable life; on day 100, it got killed.
There is no way the chicken even thinks about such event. Probably because it is a chicken. But mainly because there is no evidence of such event in historical data, from its standpoint. There is no way for the chicken to predict such event.
This example is clearly over simplified, but depicts accurately the impact of the event on the state of the world (or the company, the chicken…).
We could also take the example of the following experiment, explained in Nicolas Taleb’s book. Let’ assume that, every day, we randomly add one individual and randomly remove one individual from of set of 100 individuals. Every day, we calculate the mean salary of the set. Theoretically, the mean should variate slightly over a period of 99 days. As you remove and add new individuals, you would impact the mean salary – however, it should still remain quite constant. On day 99, if you look back in the past and try to predict what would be the average salary tomorrow, you would probably pick a number close to what is it. Even if the individual removed had a below average salary and the individual added has an above average salary, the mean of the set should not be completely skewed.
Now, on day 100 what if you randomly pick Bill Gates? The mean salary would literally blow up. Your predictions for day 100 in day 99 were completely false. There was no evidence of such possibility in historical data.
[bookmark: _Toc879303]Managing Black Swan events
These events, based on Lombard’s risk events assessment model, could be classified as extremely low likelihood (that small that one would not even think about it), extremely high impact (that big that one would probably not survive it). But as mentioned earlier, these events could be defined as outliers. They are completely unknown to the scientific environment. Therefore, they cannot appear on the list of known events that could affect a company. Or, at best, they are judged to have negligible probability of occurrence – thus not trusted to occur. Black Swan events can be divided into three categories; those unknown by the scientific community (meaning that they cannot be foreseen by the analyst), those not captured by the relevant risk assessment (either because they are unknown, or because of a lack of consideration – meaning that they would probably not be foreseen by the analyst, but could have been) and those known but actually neglected because of their extremely low likelihood (they are known but not believed to occur).
This definition of Black Swans raises a couple of question. From a Risk Management viewpoint, what are the basic approaches for managing risk and black swans? How can companies confront this type of risk?
According to Terje Aven (Reliability Engineering and System Safety), a strong “mix of alertness, quick detection, and early response”, the black swan events can be avoided.
[bookmark: _Toc879304]How could a company deal with fully unknown black swans?
We defined three types of black swans earlier on. One of these types could be defined, according to Alvin, as “unknown unknown type”. Meaning that they are completely unknown to the analyst and the scientific environment. Therefore, it is useless to precise that it is extremely tough to be prepared to face such events. An increased knowledge of the field of action of the company could help one analyst to have some hints on what form could take these black swans.
We will not get too much into the details on these types of black swans since they have been shaping the world for years now – they are almost impossible to predict, and can be defined as such only after they have occurred. One could expect the chicken to get killed in the future. But no chicken could ever expect to get killed in the future, based on past events (we do not even know if chickens are self-aware). These kinds of black swans are broad and difficult to define. Furthermore, the research around such black swans usually bases its study on terrible events, such as 9/11 and the World Trade Centre. We do not want to study such an extreme scenario in this paper.
[bookmark: _Toc879305]Terje Aven’s “unknown known” black swans
We defined these types of black swans as those known but not on the list of risk events of a company. It is not an unknown event. However, a company does not consider these events as relevant.
Yet, they could have a huge impact on a company’s operation and sustainability. The probability of picking Bill Gates was so low that you did not considered it as a relevant possibility. Yet, it has had an unprecedent impact on the set’s mean salary. According to Aven, there two main pillars to meet this type of black swan; a strong (improved) risk assessment to make sure that these events are identified, strong (improved) communication to transfer knowledge to relevant persons.
At Lombard International Assurance, I took part of the activities closely related to the identification of these types of risks. When I first arrived, I have directly been involved in the Control Self-Assessment (CSA) preparation and performance. The Control Self-Assessment is a useful tool to assess the efficiency of the control environment and stress test it robustness. This control environment has as main purpose they identification of risk events. On a quarterly basis, Lombard runs a CSA and attempts to strengthen its control environment to make sure that listed and identified risk events are correctly dealt with. I basically selected and filtered the relevant Controls to be assessed among a thousand of different controls. Based on a first analysis of the sope of the exercise, it has been decided that three types of controls would be assessed; the Processing Controls involving Senior Management, the Independent Controls, the Key Controls and the ICFR-relevant controls.
Let me provide you with some background. There are several types of controls at Lombard. Depending on when these controls are performed (before, during, after a process), they will be listed in different categories. Processing controls are performed during a process. Those involving senior management are usually more sensitive since the related risk event is usually more important. Independent controls are performed out of the process. They could be performed, for example, by the compliance function. Since the regulatory environment are changing rapidly, they need to be assessed on a regular basis, to make sure that they are still updated and well-designed.
All of the controls at Lombard are ticked as “Key” or “non-Key” based on their importance. Key Controls are obviously assessed regularly. Finally, ICFR-Relevant Controls are assessed based on the willingness of Lombard to be rewarded by its Auditor with a Certificate of Quality related to the quality of its financial statements (based on my limited understanding).
This exercise has some limits. First of all, it depends on the previously performed Risk Assessment from the departments. Now completely digitalized at Lombard, the Risk Assessment (/identification) ran on a quarterly basis aims at gathering expertise from the different departments to draft a solid assessment of existing risk events and involving people outside the Risk Function in the assessment and identification of risks.
We could think that identifying these risk events and controlling the processes to prevent them from occurring is enough to reduce the exposure of the company. This is actually not the case. There are always some incidents. Lombard created an in-house Incident Management software njava.lang.NoClassDefFoundError: Could not initialize class javax.imageio.ImageIO