How Insurers are Adapting to Face Today's Top Risks
- June 03, 2022
Traditionally, financial and market risk presented the most significant threat to an insurance company. Insurance companies were familiar with financial risks such as credit, liquidity, and capital and methods to accurately calculate potential losses and devise effective techniques to mitigate such risks. With perfected risk management strategies and methodologies based on historical data, including the financial crisis of 2008, the traditional risk and compliance function has effectively managed financial risks associated with financing, investment, credit, interest rate fluctuations, and market volatility.
In recent years, the insurance industry has experienced several internal and external environment changes, leading to the rise of non-financial risks. These non-financial risks can be summed up as operational and business or revenue risks with wide-ranging financial, reputational, brand, and trust impacts. The challenge is that traditional methods used to measure and quantify loss from financial risks and their mitigation approaches cannot be applied the same way to non-financial risks.
The top drivers transforming risk in insurance
Most insurance companies have undertaken rapid digital transformation, leveraging new Cloud, mobile, and AI technologies to support strategic business goals. As a result, digital transformation means new business models, customer channels, partners, technology, and data, leading to various risks from increased cyberattacks to operational resiliency. In response to digital transformation, cyberattacks and data breaches are identified as the top risks by insurance companies globally.
Throughout the pandemic, the insurance industry was impacted by “The Great Resignation.” Insurance faces talent wars with other sectors ahead of the digital curve; ‘Failure to attract or retain top talent’ and ‘workforce shortages’ are among the top 25% of insurance risks. Retaining and attracting talent in the digital space is an ongoing challenge that insurers must navigate to maintain competitiveness. As the private sector recovers from the pandemic or accepts it as an endemic, insurers must prioritize employee safety, leading to temporary and permanent operating model changes.
Another common phenomenon in the insurance industry is the exponential growth in the footprint of third parties. Third parties provide technology products and services, business operations, and growth-focused business objectives, such as market or product portfolio expansion. However, third parties also bring additional risks, such as operational resiliency and reputational risk, if the third parties fail to deliver on their commitment.
The industry is seeing increased regulatory pressure on data protection, data privacy, and third-party operations. Evolving societal expectations around ESG (Environmental Social Governance), data privacy and consumer protection, climate risk, and geopolitical tension present new operational and business risks. We have already started seeing the impact of geopolitical uncertainty on supply chain disruption.
Supply chain or distribution failure risk, climate change, damage to reputation, and the pandemic are classified as top risks affecting businesses. They are interconnected, evolving fast, have long-tail exposures, and limited risk transfer solutions. Based on the Innovation Index survey conducted by NTT DATA and Oxford Economics, less than 35% of the insurers think they are prepared to deal with the change and uncertainty due to the above factors.
The rise of non-financial risks and the need to evolve the risk function
Risk and compliance functions that traditionally focused on financial risks are now required to protect against a diverse range of complex non-financial risks. For example, Risk Managers may be asked to develop risk management frameworks that address climate risk or ESG. Regulators require institutions to demonstrate the adequacy of the risk and compliance function in managing non-financial risks.
Moreover, insurance companies are also expecting risk leaders to provide strategic advice to support new strategies for growth. At the same time, the risk function needs to perform its second line of defense function as the ultimate owner of risk for the business and the organization, ensuring that the business is operationally resilient and acting soundly. The scope of these demands poses a challenge for risk leadership. While there is no single solution, different insurance companies are adopting unique approaches to fulfill their stretched responsibilities.
Four elements risk leaders must consider to support the future of insurance
NTT DATA has identified several critical elements that risk leaders should consider as they get ready to support insurance organizations of the future:
- Include risk leadership to participate in the organizational and business strategic planning process. This activity allows leaders to discuss business priorities within the company’s risk management objectives. Risk leaders can also offer their perspectives regarding emerging trends that will enable them to see risks or opportunities that others might ignore.
- Re-organize the risk function to align with business units rather than organizational divisions or functions. Traditional risk functions were aligned to finance or operations, but aligning them to the lines of business, such as Personal lines within P&C or Life within L&A, gives business and risk the opportunity to bring risk perspective early on in business decisions. It also allows the risk function to get educated on business aspirations and their challenges in conducting the first line of defense responsibility. Future risk functions should be more business-focused, adding value as part of the profit center.
- Define clear roles and responsibilities within the first and second lines of defense. Despite the prevalence of the Three Lines of Defense model, there have been ongoing challenges with its implementation. Often there are challenges in establishing clearly defined roles and responsibilities within the three lines of defense. SLOD should aim to complement the FLOD instead of duplicating them.
- Invest in advanced technology and the right talent. Most risk functions still use manual processes and/or legacy systems that inhibit faster data processing, the key to effective risk management. Upgrading to new technologies allows insurers to automate manual tasks, process data faster, and generate key insights for evaluating exposures, responding to risks, and measuring the control performance. Shift the risk culture from just a reactive compliance checklist mindset to a more agile, proactive, and cross-functional setup leveraging the latest technologies for efficiency and effectiveness. If risk leaders are thinking of augmenting their teams, seek out talent with understanding and expertise in business, analytics, and nonfunctional risks such as ESG, climate, and cyber threats.
As most insurance companies undergo extensive transformation efforts, the risk function should partner with the business early during the transformation to understand organizational and business change. That way, they can be more effective as the second line of defense in identifying and managing new risks that may arise from the transformation.
Building the right approach to risk in insurance transformation
The approach to evolve will depend on the maturity of the existing risk management strategy and capability. Insurance companies that lack a complete second line of defense should consider investing and designing an agile, lean, and cross-functional risk strategy built on advanced technology foundations that enable them to support business objectives and regulatory requirements more effectively. Having a transparent governance model that allows the second line to provide oversight and complement the responsibilities of the first line in the risk and controls processes would increase the effectiveness and value generated by the risk function.
While building risk management capabilities, both human talent and advanced analytics are vitally important in the accurate measurement of non-financial risks and help reduce losses. Insurance companies that already have mature risk operations need to re-organize themselves to meet the risk demands of the future. For example, those that are more focused on financial risks or have a compliance mindset may need to realign their risk framework to address a new set of non-financial risks such as ESG and climate risk and re-organize to align more closely with the business.
Move it or lose it
Insurance risks are emerging quickly, and insurers must proactively move even faster to mitigate new threats. Building a risk-aware culture starts at the top. Before insurers can leverage human talent and advanced technologies to build risk management strategies, they must educate leaders about the importance of risk management and compliance efforts. Risk-aware leaders can then motivate and inspire teams to protect personal information, customers, and the business to enter the future of insurance confidently.
Learn more about our Risk and Compliance Consulting practice.
Learn more about related topics:
Blog: Strengthening Security Programs Through a Human-Centric Focus
Blog: Why Organizations With Slow-Moving Legacy Systems Are at the Highest Risk
Blog: 4 Lessons for Insurers Navigating the New Era of Interconnected Companies
Research Paper: Insurers Shift Their Digital Transformation into High Gear
To share your thoughts, connect with Nutan at: firstname.lastname@example.org