1. What are the top five risks affecting insurance companies?
The under mentioned key risks impacting the Insurance businesses could be because of the inherent nature of business and due to the prevailing macro economic conditions as applicable to the industry.
Expenses ratio & claim ratio risk
Cyber Security & Data Risks
Regulatory changes and operating effectiveness to change
Investment exposure risk due to stress in NBFC sector
Operational Risk around Technology scalability & errors and omissions in processes.
2.How do you manage such risks?
The risk management process would involve identification of action plans to meet the risk mitigation objectives. The action plans would involve corrective and preventive actions to ensure that the objectives as defined in the plan are met. The risk assessment exercise is conducted by the risk management team post the identification of risk. The risk assessment involves identification of operating controls, control gaps and measuring the residual risk. The risk mitigation plan is provided by the function and basis of the residual risk ,informed discussions are taken on accepting the risk, transferring the risk or mitigating the risk. The Risk mitigation strategies for the identified risks are supported by the action plans with due dates.
The Organization has a documented risk management strategy which is part of the Risk management framework and is approved by the board. The elements of the risk management framework namely; Strategic Risk Assessment, Risk and Control Self Assessment, Risk Strategy & Appetite; Risk reporting and Risk Framework Design and effectiveness review form the annual plan. The governance with Function heads and the CEO is through the Management Risk Committee (MRC) which meets quarterly. The management risk committee convenes every quarter to review on the progress made on the action plans for the identified critical and high risks. The risk management team tables the breaches around delay in the implementation of timelines of action plans, the High rated residual risks and breach from the enterprise risk appetite are discussed to review the risk mitigation plans.
3.What are the key challenges you have faced in implementation of Risk Management?
Risk management supports value creation by enabling management to respond in a manner that reduces the likelihood of downside outcomes and increases the upside. To achieve this the early indicators of risk with the limit and thresholds needs to be measured. The risk appetite statements at the strategic level and the key risk indicators at the operating level enables to reduce the likelihood of downside outcomes. The ability to identify the early indicators at the process level which rolls up to the enterprise risk appetite statements is critical to provide an enterprise view of risk from the operating level. The 1st line of management alignment to the strategic risk register derived from the annual operating plan and the emerging risks which may have a major impact on future business is required. The challenge of orchestrating the management team around the mitigation of the operating risks and strategic & emerging risk become critical for the measure of success.
Further, risk management is most successful when it becomes fully integrated with 1st line of management. Like all good management practices, it should be driven from top down and be recognized as the responsibility of everyone. Executives and Senior Managers have a particular responsibility in demonstrating commitment to the implementation and use of the risk management process and the information it generates. The Key challenge around the implementation crops up when the mentioned buy-in from the executives is not available.
4. What are the top three emerging risks from your industry point of view?
The key emerging risk from the point of view of the industry are as follows:
Impending data protection bill creating new risks around data protection & privacy : The Draft Bill is under discussion and is being discussed to take shape of Law in the immediate future. Organizations will have to embed Privacy by design in the entire data life cycle – collection, processing and use, storage, transmission, archival and disposal.
Technology scalability and change management : The ease of scalability and low cost change management is critical for operational efficiency of the organization. IT updating requires a constant and expensive effort to keep up. But, if information technology systems are not up to par, insurers run the risk of not being able to satisfy customer service expectations, presenting both an operational risk and a strategic risk.
Digital disruption : Emerging competition due to digital disruption ecosystems which may create NEW affinity/distribution channels- No one knows what it will be, but many survey respondents are sure that someone, maybe Alphabet or Amazon, is quietly developing the insurance company killer app. This strategic risk is a fear that’s tied very closely to the next risk.
5. Any lessons or any thoughts that you would like to share with our readers.
The first line managers are the ambassadors for implementation of effective risk management in an organization. The second line of defense works as a consultant to the 1st line for improving the Risk & control posture of the business. The risk management process does not encourage managers to be risk averse. In fact, it is designed to provide managers with a degree of confidence to be able to manage risk up to an acceptable level and to take risk commensurate with the opportunity. A culture which is risk averse will create inflexibility in the business and erect barriers to achievement of organization’s goals. Alternatively, the acceptance of disproportionately high risk can have adverse impact on the business.