INSTITUTE OF ACTUARIES OF INDIA

EXAMINATIONS

23rd November 2024

SP9 - Enterprise Risk Management
Time allowed: 3 Hours 15 Minutes
Total Marks: 100
IAI SP9-1124

Q. 1) You are a CRO of a large-sized capital-management listed company. The company

manages capital and investments for retail investors and businesses and invests in
multiple risk-weighted instruments to meet the returns for its customers. The
company has various functional departments, including marketing, sales,
investments, research, operations, etc. All these departments have a head
responsible for the respective deliverables, and all heads report directly to the CEO.
Additionally, there are some service departments, such as information technology,
finance, and human resources, whose heads also report to the CEO. All heads
have a dotted reporting line to the CRO, who reports to the CEO.

The company has adopted the approach of acquiring multiple companies. It is

moving towards becoming more tech-powered, with its products driven by the latest
technology in its design, distribution, and operations. In line with this aspiration, the
company has acquired a three-year-old start-up that works in Artificial Intelligence
and Machine Learning-based innovative tech solutions.

A week after integrating the company's IT systems with the acquired start-up, a
cyber-attack impacted the company’s business operations for four days. The
incident was reported on social media, and the company’s share dipped by 10%
the following day after this news.

You are entrusted with handling this cyber crisis and taking immediate steps to
curtail and take other necessary steps.

The CEO convened a meeting with the respective heads of the departments and
the CRO. In your presentation, apart from aspects related to the cyber incident, you
proposed establishing an ERM framework. The CEO responded, 'ERM is not an
imminent need for the company; it is the cyber incident that should be handled now,
and such a one-off incident should not lead us to a big-bang reform like ERM.’
Nevertheless, the CEO has asked for a more comprehensive need analysis of ERM
within ten days.

(i) Outline points for response to the CEO citing the importance of ERM and comparing
it with conventional risk management. (7)

(ii) Describe the key risks to which the company is exposed, pre- and post-integration
with the acquired start-up. (10)

Following the cyber incident, the CEO has decided to employ a Head of Information
Security who will report to the IT Head. The CEO has also asked you for further
recommendations for handling such cyber events.

(iii)
(a) Analyse this step taken by the CEO because of the risk governance (comments
around reporting structure are required). (2)

(b) List the recommendations sought by the CEO for proactively handling cyber-
attacks. (2)

Given the anticipated high volatility in the medium term, one of the company's
investment portfolios—which supports customers for approximately one year, is
exposed to significant credit and market risks. To safeguard against potential
adverse outcomes, it is essential to establish precise risk limits and implement
robust controls for these risks.

(iv)
Page 2 of 4
IAI SP9-1124

(a) What methods can be employed to measure credit and market risks within the
company’s investment portfolio, especially in anticipation of high volatility in the
medium term? (4)

(b) How can adequate limits be set to manage the portfolio's identified credit and
market risks? (3)

(c) If these established risk limits are breached, what steps can be taken to address
and resolve the situation effectively? (4)

(v) Who are the key stakeholders in the company’s Enterprise Risk Management
(ERM) implementation, and what are their respective perspectives and interests in
this process? (7)
[39 Marks]

Q. 2) You are the Chief Actuary working for an insurance company. The insurer has
decided to implement internal capital modelling. This exercise aims to internally
review and present the capital adequacy level and optimum capital utilization to the
Board. You are considering various options for risk measures and methods of
capital allocation. Assume that currently, there is no regulatory or internal
prescription of principles on the measurement of risk or the confidence interval
level.

(i)
(a) Define risk measures. (1)

(b) State on what basis the time horizon of a risk measure is decided. (2)

(c) Define Value at Risk (VaR) and Tail-Var (TVaR). (2)

(d) Discuss the advantages and disadvantages of Tail-Var. (2)

(ii) The insurer is considering investing INR 1,50,000 each in two assets in a portfolio.
1-year volatility for each asset is 2%. The correlation coefficient between these two
is 0.37. Calculate a 5-year 97% VaR for the portfolio. State assumption(s) made
and any related limitation of the same, if any. (5)

The insurer has significant long-term liabilities and has backed these obligations
with a portfolio of corporate bonds. However, the insurer is re-evaluating its risk
management strategies due to rising concerns over increased credit default risks,
particularly amid economic uncertainty and market volatility. The insurer is
considering implementing an internal capital model to assess and manage credit
default risk within its bond portfolio.

(iii) What are the key reasons for developing an internal credit default risk model to
manage the insurer's exposure to potential defaults within its corporate bond
portfolio? (6)

You are working on capital allocation on two lines of businesses (LoBs) – A and B
in a portfolio. These independent LoBs have the following loss scenario:
A: 20% chance of INR 99 Cr losses, zero otherwise
B: 5% chances of INR 100 Cr losses, zero otherwise

(iv)
(a) Calculate the Value at Risk (VaR) at a 99% confidence level. (6)

Page 3 of 4
IAI SP9-1124

(b) State various considerations in capital allocation methods for these LoBs. (9)
[33 Marks]

Q. 3) A large supply chain company has been prospering and growing with its cutting-
edge practices. The company initially thrived by shifting its focus from supplying
raw materials and resources to facilitating transactions between producers and
consumers. Moreover, creating a groundbreaking B2B supply-chain management
platform significantly strengthened its revenue streams.

In a rush to scale up operations due to increased competition in the market, key

personnel of the company resorted to unfair financial transactions and practices,
failing to maintain transparency in records and information to mask declining profits.

Two years after a reputable audit firm failed to detect these irregularities, regulatory
authorities initiated an inquiry into the company’s operations, ultimately exposing
widespread misconduct. The key personnel involved and several others faced
allegations of fraud and conspiracy.

The company's approach was near bankruptcy, and business operations were
halted, as ordered by the regulatory authority. This had far-reaching effects,
particularly devastating the retirement savings of employees and investors alike.

(i) How could the company have effectively identified and quantified the operational
risks of key personnel engaging in unfair financial practices? (7)

(ii) What measures could the company implement to mitigate or transfer the
operational risks associated with key personnel engaging in unfair financial
practices? (11)

The company faces a difficult financial situation now, and the future of employees'
retirement savings has caused widespread concern and uncertainty among the
workforce due to the company’s near-bankruptcy. Many company employees
contributed to their pension plans expecting a secure retirement, but they fear
reduced or delayed pension benefits.
Moreover, the company faces the risk of a reputation as an employer among job
seekers, which might affect the interest of the new workforce. This further
complicates stakeholders’ confidence in the company and its sustainability.

(iii) What actions should the company take to protect pension funds, reassure
employees about their financial security, and rebuild trust with potential job
seekers? (10)
[28 Marks]

******************

Page 4 of 4