Insurers have five key opportunities to enhance their capital frameworks and improve their approach to risk.
1) The target operating model and risk framework
Too often, insurers have established risk environments whereby risk and control frameworks are unaligned or not embedded across the business. Ambiguity regarding ownership combined with poor communication and ineffective linkages between risk and other critical business result in costly inefficiencies.
2) Governance and people
Many insurers suffer from a lack of clarity regarding ownership and management of risks undertaken by front or ‘first-line’ operations. Risk roles are often unclear, with many risk functions in the business being inexperienced and under-resourced to manage more multiple risk categories (often focusing on a narrow remit of operational risk and compliance monitoring). There is also at times a general level of confusion with the roles and function performed by the second line risk structures that many insurers have established. This confusion leads to less effective performance and duplication of effort.
3) Risk-related processes
Many insurers struggle to establish clearly and communicate internally the links between their strategic planning, their business decisions, their measurement of key performance outcomes and their definition and articulation of their appetite for risk.
4) Risk-oriented business systems and technology
Many risk systems currently in use by insurers are not quite fit for purpose for the business model or structure employed. This arises for a number of reasons, mainly:
- technological limitations whereby many insurers continue to be burdened with legacy systems operating in isolation
- under-investment in efficient IT platforms capable of delivering fast and reliable risk data and information for analysis
- an overwhelming volume of key risk indicator material, causing difficulty in producing, measuring and then using reliable risk reports for better business decisions.
5) Reporting mechanisms
Similar to the operating risk systems, reporting mechanisms – both for internal and external purposes – are presently underperforming for many insurers. For example, there is often a lack of clarity regarding risk-related management information data and feedback loops to aid risk reporting between the business and second line review functions. In addition, these controls are often unaligned – leading to reporting processes that invariably impact the efficiency of the own risk self assessment (ORSA) review and in producing other capital and financial metrics.
Implications for insurers:
- In the future, Risk functions are going to have to justify the cost of risk management from both a commercial and compliance perspective
- While capabilities will remain the same, a change in attitude and therefore culture will be required. Embedding an efficient and coherent risk framework will be fundamental to this.
- Perhaps the biggest challenge, will be working out how to measure cost and value so as to demonstrate this to stakeholders.