Sonjai Kumar is currently working in Aviva Life Insurance Company India Ltd as Vice President (Business risk) in the Risk Management Department for over five years. He is providing oversight risk management in the areas of Insurance and Financial risk. His role also includes providing oversight risk management in the area of operational risk in the financial area.Sonjai.Kumar@avivaindia.com...
The risk management function is set to become increasingly important over the next decade where shareholders will look to add value to their business and protect customers
This article covers the current risk management
position in India and looks into the future from
an opportunities’ point of view in the area of risk
management. Key points discussed in the article
are drivers of risk management, current corporate
governance practices, challenges in the implementation of
risk management and emerging future opportunities. The
article looks into the present risk management position and
advocates that there are plenty of opportunities in this field
in time to come.
Corporate Governance Guidelines
Human existence is fraught with future uncertainties and
managing the same in your own way is not something
new, however, in recent times, with successive failure
of businesses across the globe, there is greater focus
on management of risk. The series of changes made to
corporate governance guidelines across the globe is a
testimony of the seriousness shown by different regulatory
authorities. Some of the recent changes brought up by
regulatory authorities across the globe are risk-based
capital provision in the banking and insurance sector. The
focus of different regulatory bodies has increased on setting
up of Risk Management Committees and strengthening the
role of these committees in providing risk oversight. It
has been realized that risks cannot be eliminated but can
only be managed, so their identification is a key step in
the process of risk management. The recent changes in
corporate governance guidelines made in Indian financial
institutions are as follows:
- IRDA (Insurance Regulatory and Development
Authority)
- 2016 Corporate Governance Guidelinesare sharper and have described the objectives of risk
management committee. The guidelines also state
that certain positions cannot be helped by the same
individual due to conflict of interest.
- Reserve Bank of India - governs the risk management
activities for Indian Banks.
- SEBI (Security Exchange Board of India) - 2015
Corporate Governance Guidelines for listing companies.
In 2017, SEBI has issued a circular on Board evaluation.
- Company Laws - 2013 Company law requires having
risk management assessment by the Board.
What is risk management?
Risk management is a proactive step of identification of
risks, assessing their impact, and preparing an action plan
should such risks occur in reality. Risk management is not
just about identifying the risks; management action is an
integral part of the process. Stressing the same point, the
Chinese President quoted while addressing the National
Financial Conference that “Failure to detect financial risk is
a breach of duty; spotting risks without addressing them, a
refusal to perform the duty”.
It is important to understand that risk management
through a silo approach is no longer sufficient where risk
management is performed by a few departments only. In
the Enterprise Risk Management (ERM) concept, risk
management is performed across the organization where
every employee is a risk manager. The silo approach to risk
management does not work as risks are highly correlated
and cannot be segmented and managed independently.
There is also a higher cost of management of risk if handled
independently as the benefit of diversification does not
come into force.
What does risk management do?
In business, risk identification not only helps in proactive
action but also helps in giving risk diversification, better risk
transfer to the third party, better allocation of capital, and
enhancing the value of the Company including stabilization
of flow of income.
- Diversification effect - Many risks are correlated, so,
managing one risk also helps in reducing another risk. In
the insurance sector, when the lapse risks (policyholder
leaving the portfolio earlier than expected) are reduced,
this helps in reducing the claim risks as well.
- Better risk transfer - Identification of risks helps in
identifying those risks which the Company may not
manage and need transfer to the third party. Example,
derivative products.
- Better allocation of capital - Risk management helps
in the better deployment of capital based on the riskreturn
ratio.
- Impact on the valuation of the Company - For listed
Companies, risk management helps in improving the
share price and overall valuation of the Company.
- Reduce earnings’ volatility - Reducing earnings’
volatility helps in stabilizing the steady flow of income.
It is imperative that risk management facilitates benefits to
organizations which practice it; however, it has been seen
that there are practical challenges in the Indian market in
its implementation.
Challenges in the Indian Market
The ERM in India is a relatively new concept where its
implementation in some sectors has been made to meet
minimum regulatory requirements. There are challenges in
fully implementing ERM across different financial sectors;
some of those challenges are discussed below:
- Risk culture is not mature in India to fully implement
the ERM; the behavior towards acceptance of risk has
an element of reluctance; this may be driven by the
attitude of not accepting the existence of risk. Such
attitude could further be the output of audit mindset
where audit findings are considered as a gap in the
process. More research is needed in this area to find
out the real reasons. The point to understand is that
risk identification is not a gap because identifying the
risks only help in locating the pitfalls that may come in
the way of achievement of the business objective. Risk
management is not a deterrent but an enabler.
- The current business culture in India focuses on rewards
based on year-on-year growth of the business; western
markets, on the contrary, have elements of effectiveness
of risk management as well as the growth factor in
the reward structure. Such inclusion of controls will
not only help in boosting the bottom line but also in
creating the right risk culture within the organization.
- Very few business organizations in India are using
statistical models to project future scenarios and apply
stress testing to look into the anticipated future and
preempt the risks. Scenario and Stress Testing (SST) is
becoming a very strong tool to assess the resilience of
the business against various economic and demographic
variables.
- Currently, in many organizations, strategy and risk
management are not integrated which results in strategy
failing. Strategic risk management helps in keeping the
strategy agile based on emerging market conditions.
- Apart from these technical gaps, there are also shortages
of qualified risk professionals; this is further aggravated
by lack of quality risk management institutions to
deliver risk education. Many B-Schools in India are
yet to include risk management courses in their core
curriculum. This however, is prevalent globally.
- Most of the corporate governance guidelines issued in
recent years have strengthened the role of the Board
in providing risk management oversight. The 2008
economic crisis highlighted many gaps in providing
risk oversight at the Board level that may be used as a
reference point.
Future Opportunities
The application of risk management in India is likely to
rise due to regulatory requirements by different financial
regulators and requirement under Company law, where the
Board is to report development and implementation of risk
management policies.
Risk management in India is new, but it is going to stay
because all financial regulators have recommended setting
up a Risk Management Committee as part of the corporate
governance process. This includes the establishment of
separate risk management function within the Company
headed by the Chief Risk Officer. The role of risk management
function is a part of the three lines of defense model, where
the first line of defense is the function which runs the
business and does the operational management within the
Company including owning the risk and its management.
The second line of defense is the risk management function
that provides the oversight and challenge on the risks
identified by the first line of defense. The third line of
defense is the Audit function that provides the assurance
on the effectiveness of the risk management process and
controls.
The SEBI has a listing requirement that top 100 listed
companies must have a risk management committee,
the 100 listed entities are determined on the basis of
market capitalization at the end of the immediate previous
financial year. On all the listed companies, the risk
management practice of oversight is likely to increase
because any adverse news about the Company may impact
share price.
The Reserve Bank of India issued guidelines on Basel-
III reforms on capital regulation in May 2012, to the
extent applicable to banks operating in India. The
Basel-III capital regulations have been implemented
from April 1, 2013 in India in phases and will be
fully implemented by March 2019. The Basel reform is
based on a capital calculation based on the risks that
banks undertake, so any bank taking undue risks will
have a higher capital requirement. If risks are managed
well, the bank will be benefited through optimal capital
requirement; and that is where risk management will
add value. It can be concluded that the application of risk
management in the banking sector is likely to increase
manifold.
Similarly, to make the insurance sector in India more
resilient to internal and external changes, the insurance
regulator, IRDA has set up a committee on risk-based
capital which has given its report. Further communication
from the insurance regulator in this regard is expected in
the future. Post implementation of the risk-based capital
regime in India, the application of risk management will rise
as this will directly impact the shareholders’ optimization
of capital.
Apart from these highly regulated financial industries
in India, the requirement of risk management under
Company law 2013 will further increase application of risk
management across different sectors.
It is evident that risk management in the next decade will
be a tool that shareholders will look into to add value to
their business and protection of customers.
Disclaimer – The views expressed in this article are the personal views of the author and are purely informative in nature.