Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Strengthening governance, risk and compliance in the insurance industry

1,366
views

Published on

Strengthening governance, risk and compliance in the insurance industry is an Economist Intelligence Unit report sponsored by SAP. The Economist Intelligence Unit bears sole responsibility for this …

Strengthening governance, risk and compliance in the insurance industry is an Economist Intelligence Unit report sponsored by SAP. The Economist Intelligence Unit bears sole responsibility for this report. The Economist Intelligence Unit’s editorial team conducted the interviews and wrote the report. The findings and views expressed in this report do not necessarily reflect the views of the sponsor. Dan Armstrong was the editor of the report and Mike Kenny was responsible for layout and design. Our thanks are due to all of the survey respondents and interviewees for their time and insights.

Published in: Business, Economy & Finance

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,366
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Strengthening governance, risk andcompliance in the insurance industryAn Economist Intelligence Unit reportSponsored by SAP
  • 2. © Economist Intelligence Unit Limited 2009 Strengthening governance, risk and compliance in the insurance industry Preface Strengthening governance, risk and compliance in the insurance industry is an Economist Intelligence Unit report sponsored by SAP. The Economist Intelligence Unit bears sole responsibility for this report. The Economist Intelligence Unit’s editorial team conducted the interviews and wrote the report. The findings and views expressed in this report do not necessarily reflect the views of the sponsor. Dan Armstrong was the editor of the report and Mike Kenny was responsible for layout and design. Our thanks are due to all of the survey respondents and interviewees for their time and insights. February 2009 1
  • 3. Strengthening governance, risk and © Economist Intelligence Unit Limited 2009 compliance in the insurance industry Strengthening governance, risk and compliance in the insurance industry I nsurance companies have long struggled to gain greater efficiency and transparency in their financial processes through automation and process redesign. Their efforts have generally been focused on the negative goals of controlling costs, reducing sudden financial shocks and avoiding regulatory sanctions. However, some companies are discovering that a more integrated approach to managing financial processes can be a source not only of efficiency but also of strategic advantage. Many companies are aiming at achieving that added value through governance, risk and compliance (GRC) initiatives, which embed rules, processes and controls in keeping with a carrier’s operating policies and strategic objectives. These measures provide greater transparency into day-to-day operations, help to identify potential risk exposures, and enable companies to react in a timely fashion to emerging risks. GRC is characterised by efficiency and accuracy, but can also add the dimension of providing a synoptic picture of risk to support strategic decision-making. That sort of insight has become suddenly much more important in 2009, in the wake of a financial crisis that could just as accurately be termed a risk management crisis. While strict solvency requirements helped the insurance industry to weather the crisis better than their counterparts in banking and securities, some insurers did encounter unforeseen exposures in their investment portfolios, the consequences of which are yet to be fully realised. There is little question that many insurers lacked the capability to develop a comprehensive picture of risk exposure at a corporate level, comprising credit, market and operational risk. Moreover, insurers operating in the European Union face challenges stemming from the updated set of regulatory requirements known as Solvency II. The Supervisory Review Process of Solvency II aims to identify institutions with financial, organisational or other features that result in a higher risk profile. Because the authorities will review financial processes as well as governance and capital reserves, it will be necessary to know who know who participates in each process, what the person does, and the results of the process. The problem with autonomy Achieving a unified enterprise view of financial process remains an almost quixotic goal in much of the insurance industry because of the operational autonomy of business units. Even in companies that enjoy a high degree of process automation, consistent use of practices and tools across the enterprise2
  • 4. © Economist Intelligence Unit Limited 2009 Strengthening governance, risk and compliance in the insurance industryFigure 1: Insurers struggle with complexity, inconsistency and incompatibilityWhat are the biggest problems with your current financial processes? Select up to three.(% respondents)Complex procedures which are difficult to model or automate 36Inconsistent methodologies around the organisation 36Incompatible technology (eg, customised spreadsheets, databases and commercial products) 33The need to reconcile inconsistent or redundant data from multiple sources 33Boundaries between departments, with departmental managers trying to hold on to authority 29Too many manual processes 29Controls which are too numerous or restrictive 21Portions of the process depend on individuals who are not always available 19Lack of visibility and accountability 16The need to document audit trails 12Other 5 Source: Economist Intelligence Unit survey, 2009.is rare. As Figure 1 shows, insurers struggle with complex procedures, inconsistent methodologies andincompatible technology. In order to produce a complete financial picture on which to base decisions,survey respondents report the need to reconcile inconsistent or redundant data from disparate sources. To some degree insurers are more concerned about the risks of improving their processes than therisks those processes can reveal, as illustrated by Figure 2. Nearly half of the respondents cited highcost as a barrier to standardising and automating financial processes. They also reported difficultiescaused by the complexity of modeling financial process and the incommensurability of regulatoryregimes within different lines of business. Responses also showed that the siloed organisationalstructure of insurance companies made securing buy-in from line-of-business managers more difficultthan corporate-level leadership. Securian Financial, a $2.8 billion US life insurer based in Minnesota, eased its transition to aneconomic capital-based approach to risk management by enlisting business managers into working About the survey these insurance executives upon which this paper is based. Of these respondents, 30% hailed from Europe, 25% from North America and 20% from the Asia/Pacific In 2008 and early 2009, on behalf of SAP, the region. Over half worked for companies with annual Economist Intelligence Unit surveyed 446 senior revenues in excess of $1bn. One-third have positions executives from ten industries about their views on in the C-suite and another 24% came from the VP level their financial processes and their attempts to improve or higher. Most respondents served in the finance, them. Of this total, 58 came from the insurance risk management, strategy, business development or industry (both life and property and casualty). It is operations functions. 3
  • 5. Strengthening governance, risk and © Economist Intelligence Unit Limited 2009 compliance in the insurance industry Figure 2: Insurers want to improve data integrity and cut back on manual processes What would be the biggest benefits of an initiative to standardise and automate your financial processes? Select up to three. (% respondents) Enhancing data integrity 50 Cutting back on manual processes, decreasing risk of error 48 Freeing staff from routine number-crunching, redeploying into higher-value activities 43 Meeting compressed deadlines/improve response time 34 Reducing costs 24 Better visibility into origin of numbers and how they are calculated 17 Standardisation of methodologies around the enterprise 16 Higher productivity 16 Able to set risk thresholds, data access and other controls centrally 12 Better compliance with regulatory requirements 10 Able to identify and resolve bottlenecks 9 Fewer opportunities for fraud 3 Other 2 Source: Economist Intelligence Unit survey, 2009. groups on key topics. “Our approach was to work with them to achieve ‘quick wins’ demonstrating the advantages of the new way of measuring risk and value,” says Vice President and Chief Actuary Leslie Chapman. “For example, we formed an asset/liability management group. We have found that by having every business line actively engaging in dialogue has help drive buy-in.” Chapman credits a combination of corporate risk management culture and the power of automation in enabling Securian to more precisely measure and project risk exposure. By building a platform allowing a view of risk from an economic capital perspective, the company is able to see the impact of decisions from multiple perspectives, which simultaneously enables more secure and more opportunistic management of risk. “We have enhanced our financial processes and reporting over the years so that we can spend less time quantifying and more time analysing,” comments Chapman. “We couldn’t do this at all without automation. But the value is multiplied as we get faster, enabling us to spend more time on decision- making, which results in higher-quality decisions.” Securian is clearly not alone in its appreciation of the potential benefits of more automated financial processes as demonstrated by survey respondents’ reports of the benefits their companies have enjoyed (Fig. 3). Respondents say that higher levels of automation have yielded faster processes with fewer errors while at the same time requiring less staff to manage them. By embedding risk assessments into financial processes, two-thirds of respondents’ enjoyed greater efficiency and over 80% reported higher-quality decisions.4
  • 6. © Economist Intelligence Unit Limited 2009 Strengthening governance, risk and compliance in the insurance industryFigure 3: Insurers say automation yields greater speed, lower costs and better decisions Percentage reporting increase as a result of process automation Percentage reporting decrease as a result of process automation Number of poor-quality decisions Audit costs Control errors Time required Headcount -70 -60 -50 -40 -30 -20 -10 0 10 20 Source: Economist Intelligence Unit survey, 2009. Despite these successes, very few insurers have overcome either the cost and difficulty barriers toachieving enterprise GRC capability. Few companies have developed the discipline of balancing assetand liability risk and tend to manage these portfolios independently. Most insurers continue to manage“through the rear-view mirror,” attempting to predict the future solely on past performance, often onthe basis of stale reports. Few companies can produce accurate, near-real-time information to supportdecision-making, and fewer still have mastered scenario analysis and regular risk stress-testing. Whileinsurers have become very comfortable with many tools and technologies within operational silos, theindustry at large has not invested in the capabilities needed to correlate all of its risk exposures and tracktheir interdependencies.The value of aligned processesWhile manual processes present opportunities for error, slow the distribution of vital informationand keep executives from higher-value tasks, the dichotomy of good versus bad management is moreimportant than that of manual versus automated processes. Automation is key to competing at anaccelerated pace of business. But sound manual practices reveal the full potential of GRC. In any case,successful GRC initiatives will not mean the total abolition of manual processes. “I am less concerned about manual processes than having an aligned approach to risk managementacross the overall organisation,” observes Axel Lehman, chief risk officer of Zurich Financial Services,a $55 billion company that does business in more than 170 countries. “Whether I get risk reports fromJapan or South Africa, I want to know that like risks are reported in the same way.” That degree of uniformity is impossible without a commitment to risk management as a corporatepriority from top management. From the management level, risk culture must be instituted throughoutevery level of the organisation, in order to fully understand risk both at local and corporate levels. “Companies need risk aggregation capabilities in place that allow them to look at risk in an aggregated,enterprise-wide view,” comments Lehman. “One of the essential lessons of the financial crisis is the needfor a holistic view of risk.” Risk management begins at Zurich with a board risk committee, followed by the CEO, who is ultimately 5
  • 7. Strengthening governance, risk and © Economist Intelligence Unit Limited 2009 compliance in the insurance industry responsible for risk management. As chief risk officer, Lehman shares risk management with other members of the executive team, who in turn work with business unit leaders, who are responsible for observing risk management procedures and standards while retaining the independence they need to function as business managers. Zurich has implemented a Risk Modeling Platform with the ability to tap into other information systems and reconcile information. That gives the insurer the ability to understand local risks and aggregate them up through various levels of the organisation. Zurich has also instituted what it calls Total Risk Profiling, which identifies and records risk at all levels of the organisation, and it has implemented an economic capital framework to project return on risk-based capital in the company’s strategic decision-making. Too often insurers limit their risk management activities to the negative goals of protection, reducing earnings volatility, protecting the capital base and otherwise insulating the franchise from negative surprises, Lehman believes. He regards that approach as necessary but not sufficient. “Risk management in a well-managed company is used to support profitable risk-taking and growth,” he says. “It is not only about being aware of the risk exposure, but strategically shaping the risk/return profile of the organisation.6
  • 8. © Economist Intelligence Unit Limited 2009 Strengthening governance, risk and compliance in the insurance industryConclusionI nsurance companies were among the original adopters of information technology, and their actuaries, underwriters and accountants have demonstrated interest and even mastery in the use of a broadrange of technological tools in recent times. However, the traditional independence of business linesand the functions within them have contrived to render the insurance industry a laggard in processautomation even in the core functions of governance, risk management and compliance that have specialimportance in a highly regulated industry dedicated to the profitable transfer of risk. Moreover, wheninsurers have adopted technology to upgrade governance, risk and compliance processes, the focus hasbeen on reducing costs and increasing efficiency rather than providing an integrated picture of risk tosupport better decisions. Cost reduction is still a compelling argument for moving forward, especially in astagnant economy. But the less heralded benefits—which ultimately may be more important—have to dowith improving the quality of decisions. Companies have managed to be profitable despite their dependence on manual processes, but as thepace of business accelerates, the speed and efficiency afforded by automation becomes more important.Even more important is the need to have an enterprise-wide picture of risk and the ability to identifyand react to emerging risks. Risk is opportunity for insurers, but they need a tighter grip on their overallportfolio of risk with the emergence of new and imperfectly understood risks, such as those associatedwith the financial markets, rapid change in laws and regulations, information security vulnerability,climate change, political instability and terrorism. An example of how financial process integration can generate returns rather than simply reduce costsmight be the effort by property and casualty insurers to target home and auto insurance policies bylocation. Underwriting guidelines have long distinguished among risks in different postal codes. Addingprecise elevation data by latitude and longitude allows insurers to go further and target, for instance,high-elevation addresses in a postal code dominated by a flood plain. Similarly, a life insurance companymight be able to quickly model and price the actuarial effects of, for instance, a widespread outbreak ofavian flu. Companies that integrate risk, pricing, location and sales activities should be able to “cherrypick” high-margin, low-risk underwriting opportunities. Ultimately risk management is about management, not modeling. In the end, technology suppliesinput for decision-making, not the decisions themselves. Nevertheless, with a holistic implementationof GRC, governance risk and compliance are consistently defined, closely linked and embeddedthroughout the organisation through end-to-end processes and controls. Well-designed automatedprocesses efficiently integrate financial reporting, compliance and risk monitoring into daily operations.Furthermore, they afford greater ease of modification, giving insurers the ability to react to changes inthe marketplace. Finally, they not only reinforce the protective aspects of risk management but they alsoprovide the basis for strategic risk management as an engine of profitability. 7
  • 9. Appendix Strengthening governance, risk and Economist Intelligence Unit 2009Survey results: Insurance compliance in the insurance industryrespondents only Appendix Survey results: Insurance respondents only What are the biggest problems with your current financial What would be the biggest benefits of an initiative to processes? Select up to three. standardise and automate your financial processes? (% respondents) Select up to three. (% respondents) Complex procedures which are difficult to model or automate 36 Enhancing data integrity Inconsistent methodologies around the organisation 50 36 Cutting back on manual processes, decreasing risk of error Incompatible technology (eg, customised spreadsheets, 48 databases and commercial products) Freeing staff from routine number-crunching, redeploying 33 into higher-value activities The need to reconcile inconsistent or redundant data from multiple sources 43 33 Meeting compressed deadlines/improve response time Boundaries between departments, with departmental managers 34 trying to hold on to authority Reducing costs 29 24 Too many manual processes Better visibility into origin of numbers and how they are calculated 29 17 Controls which are too numerous or restrictive Standardisation of methodologies around the enterprise 21 16 Portions of the process depend on individuals who are not always available Higher productivity 19 16 Lack of visibility and accountability Able to set risk thresholds, data access and other controls centrally 16 12 The need to document audit trails Better compliance with regulatory requirements 12 10 Other Able to identify and resolve bottlenecks 5 9 Fewer opportunities for fraud 3 Other What would be the biggest drawbacks of an initiative to 2 standardise and automate financial processes? Select up to two. (% respondents) High level of investment required 47 Difficulty of getting buy-in from business lines/regions 28 Difficulty of modeling complex financial processes 26 Multiple regulatory regimes make compliance rules unique by business and/or region 24 Difficulty of getting buy-in from senior management 21 Organisation is too diverse in its business lines 17 Business model and operations are unique 14 Financial processes are sufficiently fast, efficient and accurate now 78
  • 10. Economist Intelligence Unit 2009 Strengthening governance, risk and Appendix compliance in the insurance industry Survey results: Insurance respondents onlyIn the past five years, which of the following tasks has your organisation attempted to address by improvingits financial processes? Select all that apply.(% respondents)Increase level of automation for processes in general 76Prioritise controls based on risk assessments 50Increase level of automation for internal controls 48Realign segregation of duties 43Reduce redundancies 34Other 3We have not attempted to improve our financial processes 2What improvements, if any, have resulted from these attempts? Increase level of automation for processes in general(% respondents) Much higher Higher No change Lower Much lower Don’t knowHeadcount 7 11 32 48 2Time required 2 11 14 57 14 2Control errors 7 7 16 56 9 5Audit costs 5 9 43 25 5 14Number of poor-quality decisions 2 7 25 45 7 14What improvements, if any, have resulted from these attempts? Increase level of automation for internal controls(% respondents) Much higher Higher No change Lower Much lower Don’t knowHeadcount 4 19 31 42 4Time required 19 19 48 15 0Control errors 19 11 44 22 4Audit costs 4 11 44 22 7 11Number of poor-quality decisions 8 20 48 8 16What improvements, if any, have resulted from these attempts? Reduce redundancies(% respondents) Much higher Higher No change Lower Much lower Don’t knowHeadcount 11 11 21 53 5 0Time required 11 11 11 53 11 5Control errors 6 11 17 56 6 6Audit costs 6 11 50 17 17Number of poor-quality decisions 6 28 39 6 22 9
  • 11. Appendix Strengthening governance, risk and Economist Intelligence Unit 2009Survey results: Insurance compliance in the insurance industryrespondents only What improvements, if any, have resulted from these attempts? Realign segregation of duties (% respondents) Much higher Higher No change Lower Much lower Don’t know Headcount 4 25 38 25 8 Time required 21 33 38 8 Control errors 22 30 39 4 4 Audit costs 22 57 17 4 Number of poor-quality decisions 5 55 32 5 5 What improvements, if any, have resulted from these attempts? Prioritise controls based on risk assessments (% respondents) Much higher Higher No change Lower Much lower Don’t know Headcount 21 59 14 7 Time required 28 28 41 3 0 Control errors 11 25 61 4 0 Audit costs 3 17 31 31 3 14 Number of poor-quality decisions 7 17 59 3 14 Does your organisation regularly include risk evaluations as part of its financial processes? (% respondents) Yes 79 No 17 Don’t know 3 What are the results of these risk evaluations? (% respondents) Much better Better No change Worse Much worse Don’t know Quality of decisions 11 72 17 Efficiency of processes 6 53 36 6 Prioritisation of controls 17 53 28 310
  • 12. Economist Intelligence Unit 2009 Strengthening governance, risk and Appendix compliance in the insurance industry Survey results: Insurance respondents onlyIn which country are you personally located? 4 In which region are you personally based?(% respondents) (% respondents) 4United States of America 20 2 Western Europe 30United Kingdom 9 2 North America 25South Korea Asia-Pacific 20 7 2Canada Middle East 5 2 and Africa 14Nigeria Latin America 7 5 2Brazil Eastern Europe 4 4 2China 4 2India 4 2Netherlands 4 2 What is your primary industry?Switzerland (% respondents) 4 2Australia 2 2 Financial services 100Belgium 2 2Croatia 2 2Czech Republic 2 2Denmark 2 2Germany 2 2Ghana 2 2Hong Kong 2 2 In which sub-sector of financial services does yourHungary organisation belong? 2 2 (% respondents)Israel 2 2Kenya Insurance 100 2Latvia 2Mexico 2Poland 2Puerto Rico 2South Africa 2Spain 2Thailand 2Turkey 2Zimbabwe 2 11
  • 13. Appendix Strengthening governance, risk and Economist Intelligence Unit 2009Survey results: Insurance compliance in the insurance industryrespondents only What are your organisation’s global annual revenues What are your main functional roles? in US dollars? Please choose no more than three functions. (% respondents) (% respondents) Finance 45 $500m or less 26 Risk $500m to $1bn 19 40 $1bn to $5bn 16 General management 34 $5bn to $10bn 19 Strategy and business development $10bn or more 19 29 Marketing and sales 16 Operations and production 14 Customer service 12 IT 7 Human resources Which of the following best describes your job title? 5 (% respondents) R&D 5 Board member Information and research 2 3 CEO/President/Managing director Legal 10 0 CFO/Treasurer/Comptroller Procurement 16 0 CIO/Technology director Supply-chain management 0 0 Other C-level executive Other 5 3 SVP/VP/Director 24 Head of Business Unit 12 Head of Department 14 Manager 12 Other 5 Whilst every effort has been taken to verify the accuracy of this information, neither The Economist Intelligence Unit Ltd. nor the sponsors of this report can accept any responsibility or liability for reliance by any person on this white paper or any of the information, opinions or conclusions set out in the white paper.12
  • 14. LONDON26 Red Lion SquareLondonWC1R 4HQUnited KingdomTel: (44.20) 7576 8000Fax: (44.20) 7576 8476E-mail: london@eiu.comNEW YORK111 West 57th StreetNew YorkNY 10019United StatesTel: (1.212) 554 0600Fax: (1.212) 586 1181/2E-mail: newyork@eiu.comHONG KONG6001, Central Plaza18 Harbour RoadWanchaiHong KongTel: (852) 2585 3888Fax: (852) 2802 7638E-mail: hongkong@eiu.com