Q1. What are the top five risk in your Organization?
- External Market (perception risk) –Credit / Liquidity Crisis Impacting one of the JV Shareholder – creating negative perception – hopefully should not last more than a year once the Company demonstrates Resilience and / or with FDI in insurance announcement by the Government being awaited – the fructification of the expectation would significantly change affairs in favour of the Company.
- Expenses overrun – need more economies of scale – more than 700 offices and 12000 employees – matching new business (WRP) and Persistency (renewal premium) incrementally required – may not last more than two years as the Company Is on a steady growth path.
- Concentration risk on Non-PAR products – Interest Rate risk – EV of the Company would fall if interest rates were to fall – may not last more than three years as the Company is steadily decreasing the concentration on non-PAR.
- Credit melt down in the market – Investments risk – impacting both quality of assets as well benchmark returns – short term phenomenon.
- Transformation Risk – Resources need reorganisation in light of Reliance Group meltdown, IT dependencies and on the positive side Digital Transformation this is under process – men (high attrition and skill sets), material (office and other resources ; Method (Digital processes instead of static processes) ; and Money – (Investments required) – require reorientation – may not last more than three years as the Company is on a digital transformation journey with the assistance of global consultants – EY on business aspects and Cognizant on the Technology aspects.
Q2. How do you manage those risks?
Every identified risk is analysed and classified into severity and impact buckets to gauge how critical, high, medium the risks are.
Every risk has a risk owner, action plans with deadlines and tracking / monitoring of the risk mitigation action plans.
To supplement the above, there are risk action plan projects, Risk Alerts, Risk Dashboards, Risk Monitoring and independent risk reviews.
Please find attached three slides to succinctly describe the Enterprise Risk Management processes.
Q3. What are the key challenges you have faced in implementation of Risk Management?
Challenges are always welcome. There is always resistance to changes.
Challenges / criticisms from stakeholders are of following types:
- Too many pressing activities that I am unable to focus on risk management
- Do not have adequate staff to attend to risk management activities – BAU is inundating
- Have resource constraints
- Systems are slower and ideally the action plans calls for Systems Based controls
- Key risks we think are not given the adequate attention that they deserve and instead a lot of time is spent on non-key risks, in our opinion
Resource constraints – availability of skilled staff
Processes are not well laid out – needs a BPR, documentation and Certification
Technologies are challenged
All Risk Management activities are not automated
Data in the enterprise is not organised or structured well enough to facilitated Analytics, AI, ML andRPA
Data resides in numerous systems not necessarily all integrated and at times information elicited from multiple systems may not reconcile and be consistent requiring manual intervention
Business and Digital Transformation activities are given more attention and importance – that traditional risk management activities are not relatively given the due attention or transformative priority
Q4. What are the top three emerging risks from your industry point of view?
- Industry is going through a perception issue (trust deficit)– on the path to establishing its credentials with all the stakeholders such as Government, Regulators and Public at large. There was a trust deficit and now the industry is going through transformation.
- Regulatory compliance has become a nightmare – tasks are climbing up while business, financial investments required to achieve compliance and cost constraints are challenges – cost of compliance is raising. Regulators are getting more savvy and demanding
- Far too many disruptions – Digital Transformation, Regulations, Product changes, public expectations, taxation, government policies and stakeholder demands
Q5. Any lessons or any thoughts that you would like to share with our readers.
A risk manager should never compromise on processes, communication / articulation of risks and highlighting some key risks that may emanate out of proven risk management processes such as:
- Risks Identification Processes through – risk monitoring, dashboards, self-risk assessments, RCSAs, KRIs, Internal audits etc.
- Risks Classification, measurement and Assessment processes through Analytics, Dashboards, Segmentation, Business Transformation and Risk Automation
- Risks Mitigation Processes through various projects, automation, training, processes accreditations, Systems development or procurement and various other actions
Risks not adequately attended on time and not mitigated on time haunt you later with greater velocity and in immense proportions.
Risk Management of a challenged enterprise requires a lot of patience in terms of assessing risks / challenges in complex situations and tenacity in following up short run and long-range action plans.
The AQ (Adversity Quotient) levels of risk managers need to be higher.
Disclaimer: The views expressed by the author as above are purely personal in nature and does not represent the views of RNLIC (Employer organisation’s views)