A growing area of consulting for actuaries is enterprise risk management or ERM. ERM is the subject of the two newest actuarial standards of practice, ASOP 46-Risk Evaluation in Enterprise Risk Management and ASOP 47- Risk Treatment in Enterprise Risk Management.
I recently gave a presentation on legal risk management for actuarial consultants who are practicing in this area. What follows is a summary of some recommended steps to control exposure to legal risk.
The first step to understand the scope of the two ASOPs and when they apply:
ASOP 46: 1.2 Scope—This standard applies to actuaries when performing risk evaluation professional services for the purposes of enterprise risk management (ERM)....This standard does not apply to actuaries when performing risk evaluation professional services that are not for the purposes of ERM. Examples of risk evaluation services that may be performed for purposes other than ERM include pricing of insurance products, and the evaluation of liabilities of insurers and pension plans.
ASOP 47: 1.2 Scope —This standard applies to actuaries when performing professional services with respect to risk treatment for the purposes of enterprise risk management (ERM). ...This standard does not apply to actuaries when performing professional services with respect to risk treatment that are not for the purposes of ERM. Examples of risk treatment services that may be performed for purposes other than ERM include designing a health insurance program and executing a product-specific reinsurance or hedging program.
The two actuarial standards should then guide the work which falls within that scope. In doing work in this area:
- Pay attention to the use of the word "should" in the ASOPs for what considerations must be included.
- Use text of the ASOPs themselves or create a checklist of the mandatory items to be considered.
- Best practice will include documenting in the file what the actuary considered. While failure to put the consideration in writing is not necessarily negligent, it makes it harder to prove that you complied with the standard.
Protecting yourself will include contractual protections to manage the legal risk surrounding ERM assignments:
- To limit first party risk to the client — use limits of liability and alternate dispute resolution.
- Specify client responsibilities for data, assumptions, scenario identification, access to information, etc.
- Do not over-promise what the results of the ERM exercise will deliver for the entity.
- Disclaim the obligation to comply with ASOP 46 and 47 if the work will fall outside of the scope of those provisions, especially if it is a close call.
- Consider use of management representation letters and use of management sign off on assumptions.
Carefully limit distribution of the report.
- Avoid having legal exposure to more parties than your client by prohibiting disclosure to third parties. When work is done for regulatory purposes, restrict disclosure to just the regulator.
- It is particularly important to prohibit disclosure to investors, lenders, buyers, reinsurers, etc. who might claim they made financial decisions in reliance on the work product.
- Their access to your report can be conditioned on executing a release agreement not to bring a legal action.
Manage the legal risk by how you write your reports:
- ASOPs 46 and 47 have certain mandatory items for reports within their scope contained in section 4 of each standard.
- Any intended variance from ASOP 46 or 47 must be noted.
- In addition, any report must comply with ASOP 41 regarding actuarial communications.
- Reports should restate any limitation on distribution contained in the contract with the client.
- Careful attention should be given to writing the limitations section of the report, explaining such items as uncertainty, dependencies on data, dependencies on modeling by others, etc.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.