Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:45 PM
Vincent Oliva, Financial Services Research Leader, Industry Advisory Services, Gartner
Vincent Oliva, Financial Services Research Leader, Industry Advisory Services, Gartner
Connect Directly

Take Risk Management and Compliance to the Next Level

As insurers face increasingly onerous regulatory compliance demands, they should make enterprise risk management a high priority and consider appointing chief risk officers.

Aseemingly never-ending wave of new compliance directives is perplexing insurance companies around the world, sowing confusion among insurers about how they should respond. These new requirements include Solvency II in Europe, new regulations for annuities in the U.S. (from the National Association of Securities Dealers), and the National Provider Identifier (NPI) and Medicare Part D mandates, affecting healthcare payers in the United States. And U.S. insurers also face the onerous task of complying with ongoing regulation, such as Sarbanes-Oxley, HIPAA and the USA Patriot Act.

The aim behind these mandates is greater transparency, fueled by the spate of corporate accounting scandals in the early 2000s and the insidiousness of global terrorism. Investors and regulators are seeking greater transparency into company operations and increased accountability from senior management. However, most financial services firms take a piecemeal approach within individual business units to managing risk and compliance activities.

But information that is captured and maintained in silos impedes the timely access to data essential to make critical operational decisions. And it hinders detection of potential risk events early enough to prevent them. Silo structures also inhibit the sharing of knowledge related to best practices and create redundant and incompatible data, which complicates technology decisions.

The silo approach deters exploiting common data across all business and support functions. This inhibition increases enterprise risk by impairing operational and financial performance. Further, risk management structures designed solely to meet regulatory requirements are ineffective.

An Enterprise Approach

The appropriate corrective course of action for insurers is to adopt an enterprise approach to risk management. Here's why:

  • Insurers benefit from developing a risk and compliance technical architecture. Knowledge gained during the architecture project identifies the company's internal business environment and provides a decision-making blueprint for future initiatives.,
  • Previous technology investments can be readily exploited. Much of the data and foundational technology are shared by various enterprise data initiatives, including risk management, compliance, corporate performance management (CPM) and customer relationship management (CRM).,
  • Operational risk metrics can be tightly integrated with overall enterprise performance measurement to develop key risk indicators that map against performance goals and risk limits. This also provides early warning signals, and engenders timely and detailed companywide data reporting.,
  • The vast range of information to know your customer and to ensure the control required by regulatory mandates illustrates the inseparable connection among risk management, compliance, CPM and CRM.,
Building on a common data warehouse, for example, removes redundancy and more easily integrates these initiatives. Interconnectivity is key to achieving the overarching benefits of enterprise risk management (ERM) -- capital allocation, risk-adjusted performance management, aggregation of risk measured against established levels of risk tolerance and product pricing.

Because insurance is founded on the need to manage risk, one would expect the industry to be ahead of others in initiating enterprise risk management. However, few insurers have hired or appointed chief risk officers (CROs), and few are instituting strategies and technologies to manage risk on a companywide basis.

ERM is a competitive strategy that must exceed mere compliance. An ERM initiative should explicitly align to insurers' capital allocation and growth goals. Critical success factors include:

  • Identifying, measuring, monitoring, mitigating and financing all aspects of risk.,
  • Instituting procedures for handling risk.,
  • Computing and allocating capital based on risk tolerances.,
Companies that welcome risk management and take it to the enterprise level will gain a competitive advantage, especially if they tie ERM to the allocation of capital to business and geographical units. In addition, insurers should step up their hiring of CROs.

Register for Insurance & Technology Newsletters