11
WHITE PAPER Data Management for Risk The importance of data for effective risk management
WHITE PAPER
Data Management for RiskThe importance of data for effective risk management
i
Data ManageMent foR Risk
Table of Contents
Introduction .....................................................................................................1Planning a data management project ............................................................2
Data sources ................................................................................................3Unified data model and data repository ......................................................4ETL and data quality ....................................................................................4Auditability/governance ...............................................................................5
Implementing a data management strategy ..................................................6Conclusion .......................................................................................................7References .......................................................................................................7
Data ManageMent foR Risk
ii
Content for this white paper was provided by Stuart Rose, Global Insurance Marketing Manager at SAS.
Data ManageMent foR Risk
Introduction
Even before the recent financial crisis, risk management and Solvency II were considered the next big things for insurers. The events over the past few months have only re-emphasized this.
Rating agencies are recommending that insurers implement an enterprise risk approach to ensure an excellent rating standard. Although the Solvency II implementation date has been delayed until 2013 as insurers and regulators disagree about how to regulate group supervision, insurers should not wait to start risk management projects.
As insurers begin risk management initiatives, one of the major challenges that they face is data management. Data is very much the lifeline of insurance companies; however, insurance companies struggle with analyzing the huge volume of available data. According to a 2008 report from the Economist Intelligence Unit (EIU)1, lack of relevant data is hampering financial services firms’ approaches to risk management. Nearly half of executives questioned (44 percent) in this survey considered the quality of information as one of the three major challenges in implementing enterprise risk management. The need for a comprehensive data infrastructure increases with the complexity of the risks and the size of the organization. The EIU report also highlighted that over one-half of the respondents (56 percent) agreed that it is essential to have an enterprise data warehouse in place.
1
Embedding risk management within company culture
Difficulty in quantifying risks
Timeliness and quality of information
Difficulty integrating risk management with other business processes
Lack of necessary knowledge and skills within the organization
Corporate priorities are often conflicting
Availability of information
It’s not clear who is responsible for managing risk
Other, please specify
33
13
1
Figure 1: Main challenges in adopting an ERM strategy
What are the three main challenges of adopting an ERM strategy?(% respondents)
47
45
44
39
37
33
Data ManageMent foR Risk
Insurance companies can ascertain a lot from banks on the lessons they learned implementing Basel II legislation. One of the biggest issues the banks faced in Basel II was data management, not modeling. The banks concentrated on the modeling side and considered themselves well-equipped for risk modeling. What they found was that the data required was not available in a consistent or reliable form to populate their sophisticated models. Without the right data, the old adage applies: Garbage in, garbage out. Banks also tended to use a silo-based approach to risk, which resulted in problems with the aggregation of data and risk models to provide regulators with the required information.
A successful Solvency II or ERM project must begin by integrating risk management as a key corporate initiative with an executive, typically a chief risk officer (CRO), responsible and accountable for the overall risk strategy of the insurance company. Only once this organizational structure is in place should an insurer begin the process of defining and identifying the data sources and processes required to assess firmwide risk. The final part of the puzzle is determining the solutions and applications required to support an insurer’s ERM project. These systems must be flexible enough to accommodate future risk and data management requirements.
Planning a data management project
For any insurer, risk models are going to rely on someone putting together a lot of data in different, typically incompatible, IT systems distributed throughout the entire company, with different names for the same things, discrepancies in data, the same clients known by different names and so on.
Ideally, there should be an enterprise data warehouse for the whole company that integrates all relevant information from internal IT systems and external sources, and that serves as a uniform and reliable source for all kinds of analytical tasks, including risk analysis. In this way, you can be sure that the same source data that is used for balance sheet reporting is also taken into account for risk codes, which is extremely important for the validity, transparency and acceptance of analysis and reports.
Fortunately, one of the most important assets an insurance company has is its data, but this often is underutilized. One reason why this data is underutilized is because up to three-quarters of the data is considered unstructured data – e.g., e-mails, adjuster notes, financial reports, etc. Hence, insurers must implement both data and text mining techniques to gain maximum benefits from their risk management applications.
To ensure a successful data management project, an insurer must focus on the core basic elements: defined data sources, data exchange or ETL (extract, transform and load) processes, data quality, a unified data model and repository, and governance.
2
Data ManageMent foR Risk
Data sources
One of the most difficult parts of a data management project is determining which data sources will need to be accessed. A risk management system should be able to process and integrate information from a variety of sources, including front- and back-office applications.
Of course mergers, acquisitions and expansion into new lines of business complicate the task of data integration. Because of these activities, insurance companies are notorious for having multiple legacy systems. These legacy systems, which cover such functional areas as policy administration, billing, claims, HR and rating, often result in multiple data silos. The non-traditional data sources required for risk analysis add even more complexity; insurance companies must now integrate data about company assets, market quotes for traded securities and economic risk factors.
Another data challenge facing insurance companies is the wide variety of formats. Data may be stored in relational databases, flat files, outdated database formats, XML or other formats. Additionally, some of the relevant data may be unstructured, free-form text. Once the data has been identified, insurers must decide how to extract the data and where to store it.
Figure 2: Flow of data for an ERM strategy
3
MARKET
RISK
CREDIT
RISK
Data Source
RISK
ACTUARIAL
RISKData
Source
OPERATIONAL
RISK
Quality Consistency TransparencySource
FIRMWIDE
RISK
Data Source
Copyright © 2007, SAS Institute Inc. All rights reserved.
Data ManageMent foR Risk
Unified data model and data repository
A data warehouse is essentially a large relational database that consolidates data from core data sources of various applications. Sometimes a data warehouse will have one or more data marts, which are smaller, subsidiary databases populated from the main data warehouse.
When implementing a data warehouse, it is imperative to use a data model. The data model is a “single version of truth” that stores comprehensive, accurate, consolidated and historical information related to the insurance industry. The model should be consistently modified to reflect the evolving entities and business issues that affect the ERM platform. According to Celent, “Insurers should consider purchasing a predefined data model, preferably one that is compatible with ACORD XML standards, from a systems integrator or technology vendor with deep experience in data mastery for insurance.”2
ETL and data quality
Data mapping and cleansing are by far the most challenging parts of any data management project. It is generally recognized that 70 percent to 80 percent of the implementation effort for a risk management project is associated with data management. The use of ETL tools designed specifically for the insurance industry can provide significant efficiencies.
Data quality is paramount for any system that operates for the sole purpose of producing valuable business information. No insurance company can ever be sure that its economic and/or regulatory capital calculations are accurate and reliable if the supporting data is not cleansed and validated according to defined business rules.
Consolidating data from different transactional systems, different product lines and divergent geographies can expose data quality problems. In many cases, the level of data quality in source systems is unknown. Data warehouses or data marts created to support Solvency II or risk management can fall short if they are populated with questionable or low-quality data.
These data quality issues include a multitude of sins, such as:
• Dataentryerrors
• Missingdata
• Misappliedbusinessrules
• Duplicaterecords
• Out-of-rangevalues
4
Data ManageMent foR Risk
For example, a simple description or abbreviation can have multiple meanings. Let’s consider different types of policy coverage. Within auto insurance, the abbreviation BI stands for “bodily injury,” while for business owner policy (BOP) insurance, BI represents “business interruption.” These discrepancies are only exaggerated as insurers implement a cross-border data warehouse. Another basic example of data inconsistency is that some systems might record vehicle details in a single field, while others may use separate fields for make, model and year.
To resolve data quality issues, insurance companies are beginning to assign a “data steward,” who is responsible for the reliability, availability and utilization of data throughout the organization. This allows the data quality to be addressed at an enterprise level rather than at a business process or departmental level.
Auditability/governance
A vital component of any risk management system is the ability to reproduce the results from a regulatory and governance perspective. One of the challenges facing insurers with their Solvency II initiatives is the disclosure requirements related to this legislation. Changes made by the rating agencies as they react to the financial crisis are only going to complicate this issue. According to a global survey3 by PricewaterhouseCoopers, just over one-third of insurance companies have clearly defined roles, responsibilities and accountability for risk management within their organizations.
To address this issue, a data management system is critical. The system should generate audit trails and trace information throughout the flow of data, from the point of extraction within the source systems all the way to report generation. This way, regulators and internal auditors can validate the path of the data, and internal developers can use this log information to iteratively improve process capacity. Additionally, a data management system should maintain historical data, which is vital for back-testing, historical simulations and comparison of calculations/analysis results between time frames.
5
Data ManageMent foR Risk
Implementing a data management strategy
In general, a risk management system should capture and analyze information across all lines of business (e.g., homeowners, auto, term assurance, etc.) on multiple risks (e.g., market, underwriting, credit, operational, etc.). In addition, the system should provide analytic capabilities (e.g., concentration analysis, stress testing, VaR calculations, etc.) and produce reports for a variety of users. To accomplish this, insurance companies must take a closer look at their data management process across the enterprise, not only from back office to front office, but also between countries.
Figure 3: Enterprise risk management architecture
The onus is on the insurance companies to provide transparency within their risk management procedures. Some insurers may consider a best-of-breed approach to risk management, and although this may mitigate the problem in the short term, this limited approach fails to achieve transparency when risk and data are aggregated at an enterprise level. To resolve the issue and ensure true transparency, an insurance company must implement an end-to-end enterprise risk management solution. Figure 3 above highlights a robust architecture that ensures a repeatable, transparent process that is able to adjust and ultimately optimize an insurer’s response to risk management over the next decade and beyond.
6
Risk Reporting Portal
Risk Analytical Engine
Property & Casualty
y g
Life Market Credit Operational Firmwide Casualty Insurance
Risk
Insurance Risk
Market Risk
Credit Risk
Operational Risk
Firmwide Risk
Data Warehouse / Insurance Data Model
Copyright © 2007, SAS Institute Inc. All rights reserved.
Operational Data Sources
Policy Claims UnderwritingReinsurance
Investment Commision Products Assets/ Liabilities
General Ledger
Data ManageMent foR Risk
7
Conclusion
To survive and emerge stronger from this current financial crisis, it is essential that insurance companies implement an enterprise risk management strategy. Fundamental to this initiative is a holistic, unified approach to data management – one that ensures a smooth flow of information throughout the organization.
Although Solvency II is not due to be implemented until 2013, from both a business perspective and a change management perspective, it would be advisable to start early with the design of a data management system that is flexible enough to anticipate Solvency II requirements.
Using SAS® for data management enables decision makers at all levels to see a complete picture of enterprise risk. SAS data management supports the needs of multiple risk management functions and applications by providing:
• Ascalable,openplatform.
• Aunifieddatamodelthatisbothflexibleandextensible.
• Commonmetadataandsecurityframeworks.
• Acommonsetofnativeaccessengines.
• Embeddeddataqualitycapabilities.
SAS integrates quality control and automates the entire data management process – from data collection and aggregation to data validation and cleansing – to ensure data accuracy and consistency in a unified, quantitative risk management framework.
Using SAS to manage risk at the enterprise level enables decision makers to glean key insights from data and then combine those insights with information from other functions (e.g., marketing, finance, claims) to facilitate true enterprisewide risk-based performance management.
References
1 “The Bigger Picture: Enterprise Risk Management in Financial Services Organizations,” report by the Economist Intelligence Unit, September 2008.
2 “Insurance Data Mastery Strategies,” Celent, November 2008.
3 “Does ERM Matter? Enterprise Risk Management in the Insurance Industry,” global survey by PricewaterhouseCoopers, June 2008.
SAS Institute Inc. World Headquarters +1 919 677 8000 To contact your local SAS office, please visit: www.sas.com/offices
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright © 2009, SAS Institute Inc. All rights reserved. 103790_489470.0109
