From July to September 2018, EY carried out a survey of Insurance Chief Risk Officers (CROs) across Ireland, the UK and Continental Europe. In particular, this survey was completed by 18 insurers based in Ireland, in addition to 23 in the UK and 27 across Continental Europe. The key themes explored in the Insurance CRO survey were: organisation and the role of risk; operational resilience; digital, and conduct risk. Download the survey from the link below, or keep reading for a summary of key findings.
The role of the CRO remains critical within each insurer as they support the implementation of strategic change in an increasingly uncertain economic and political environment.
When CROs were asked to reflect on their most important achievements for 2018, the key task of improving the overall risk management framework and the voice of risk in the organisation was the most common answer for CROs in Ireland and Continental Europe. The focus of attention of UK CROs appears to be more focussed on contribution to the bottom line of the organisation. It is not clear whether this reflects differing maturity profiles of risk organisations or a cultural difference in the role of CROs.
That said, looking into 2019 CROs priority areas across the participants surveyed still see there being a lot more to do to embed and enhance the operation of risk frameworks.
Again, there remains a distinction between UK CROs and the rest, with an unsurprising need to continue to focus on Brexit during this turbulent period. Note also the echo of the Brexit challenge in the priorities for Ireland based CROs dealing with both challenges for inbound and outbound business.
Operational resilience is one of the biggest challenges CROs are facing in the rapidly developing digital environment. It continues to be a key focus area for the regulators and so is a high priority area for all CROs. When we asked what IT areas require enhancement to have a more robust firm wide resiliency program, the key area is understanding a single point of failure in the financial ecosystem and the quality of data used/available. We see a general alignment in the key areas for all Irish and European CROs.
Technology has brought in so many interdependencies and multiple points of failure. The upshot is now that disruption will happen, and the focus now needs to be on what the response of any organisation is to that disruption as and when it happens.
There are many different interpretations of what digital is and how this is applied to an insurance company. Digitalisation is more than technology – it is a transformation. It is about becoming more innovative and agile and looking to adapt every part of the organisation, including strategy, KPIs, operating models etc.
From our survey results for UK and Continental Europe, we see that circa 75% of risk management functions are involved in ensuring that their organisation is adequately positioned in a digital age, e.g. through digital distribution. In Ireland, we see only circa 33% of risk management functions involved in supporting their entity on digital projects. We expect that this is a function of the companies surveyed in Ireland, where digital projects may be developed at a Group level before being rolled out locally. Automation of calculations and reporting processes is the key area that the risk function for CROs in Ireland are engaging in digital.
We would expect that best in class CROs will keep up with the pace of change to ensure that they can support the business with insight and knowledge about new risks and understand the technology that is being adopted.
Conduct risk has been a key regulatory focus over the last few years, and yet remains a significant concern for CROs with over 90% of all respondents (Ireland, UK and Continental Europe) stating that they planned to enhance elements of their Conduct Risk frameworks over the next 12 months. Two key areas for investment identified as part of the wider survey is on people and digital. Enhancing the understanding and capability of the people in the first line is one option to be considered while the utilisation of digital tools to standardise and streamline reviews was a key area referenced by respondents.
Finally, as part of any regulatory compliance exercises, it is important to consider how you can incorporate these into strategic change initiatives. This is an opportunity for the CRO to show that they can provide value to the organisation overall.
From the survey, it is clear to see the role of the CRO will remain pivotal in the management of insurance companies and all responsibilities will require engagement at Board level. The CRO will need to continue to adapt to understand both emerging risks and to continue to improve the management of existing risks, for example through the use of digital.
If you would like to discuss these findings in more detail, please get in touch.