The Bumpy Road Ahead for Insurers


Published on

According to Accenture’s 2013 Global Risk Management Study, there is a gap between insurers’ current and future need for strategic risk capabilities.

Most risks faced by insurers are expected to rise over the next two years. Are you prepared?

Published in: Economy & Finance, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The Bumpy Road Ahead for Insurers

  1. 1. Accenture 2013 Global Risk Management Study Focus on findings for the Insurance sector
  2. 2. 2
  3. 3. Contents About the research 4 Executive summary 5 Key findings 7 Section 1 Managing current risk pressures in insurance 10 Section 2 Current risk management initiatives 14 Section 3 Risk capability goals for 2015 22 Section 4 Three things to do differently 24 Research and interviews were conducted by Accenture and Oxford Economics, who collaborated to write this report. 3
  4. 4. About the research This report on insurance firms is a sector-specific supplement to the Accenture 2013 Global Risk Management Study.1 It is based on a quantitative survey of executives from 98 organizations in the insurance industry. Respondents were C-level executives involved in risk management decisions. Organizations were split among Europe (31%), North America (50%), Latin America (1%), and Asia Pacific (18%). Forty-eight percent of the companies had annual revenues between $1 billion and $5 billion, and 52% had annual revenues over $5 billion. Respondents included Chief Risk Officers (CROs, 23%), Chief Executive Officers (CEOs, 23%), Chief Financial Officers (CFOs, 30%), and Chief Compliance Officers (CCOs, 23%). We also conducted in-depth interviews with senior leaders at 15 insurance sector organizations across regions. These provide supporting insights for our data-driven research, while presenting useful perspectives from companies in the sector. 4
  5. 5. Executive summary As the 2013 Global Risk Management survey results indicate, the current market environment seemingly demands that insurers do more than just comply with new regulatory requirements. Although an extended timeline for Solvency II may allow insurers with European operations more room for compliance,2 insurers around the world are also apparently facing greater risk and complexity from regulations targeting Global Systemically Important Insurers. In times where: • The future of the life insurance business model is potentially at risk in several countries; • The increase in the frequency and severity of natural disasters can put the P&C industry under enormous pressure; • Financial market instability can challenge investment strategies; and • Profitable growth opportunities may be limited without taking more risks, Risk management could be expected to contribute much more than just enabling regulatory requirements. According to survey respondents, most risks faced by the insurance industry are expected to rise over the next two years (see graphic 1 on page 7). There is a measurable gap between the selfassessed maturity of current capabilities and the future need for strategic risk capabilities, meaning insurers may have their work cut out for them (see graphic 3 on page 7). One need not be an alarmist to see the increasing volatility, complexity, and interdependencies the insurance industry must actively confront. The evidence is also visible every day in the media: • Supply-chain vulnerability to acts of terror remains underestimated. Of $35 billion in (original value) insured losses from the September 11 attacks, one-third were payable for business interruption losses.3 • Fire at the Evonik factory in Germany impacted global production of PA-12 resin (9 months downtime) and thus global car production.4 • Hurricane Sandy created an estimated $50 billion in economic losses.5 • Japanese economic losses due to the March 2011 earthquake, tsunami and nuclear accident are estimated at over $200 billion, with about $40 billion in insured losses.6 • Damage from IT attacks is increasing, like the Stuxnet malware that targeted Siemens industrial control systems in 2010 or the 2012 cyberattack on Aramco that corrupted 30,000 computers.7 As these and many other developments indicate, risk managers may now be expected to deliver effective risk/return management of the overall portfolio across areas including assets and investments, liabilities and underwriting, and reinsurance to help enable riskadjusted capital allocation across their groups. Group diversification efforts, investment strategies, and reinsurance strategies should be considered as much as local entities’ regulatory capital requirements and accounting rules. Risk management may also be expected to support the organization’s growth agenda in this challenging environment by keeping profitability, sustainability, and risk/return expectations in balance. Risk managers’ contribution is sought when dealing with strategic questions such as: Where to invest, how to make uninsured risk insurable, how to shape new products, how to steer sales agents, how to balance the portfolio mix of new and old products, how to consider demographic changes, how to evolve an existing business model to address new opportunities, or how to increase transparency to understand the growing complexity and interdependencies. Most insurance companies, however, are spending significant amounts of their limited resources dealing with regulatory challenges. Only a small number of insurers are preparing to manage the increased volatility and uncertainty facing the industry. Yet, 74% of survey respondents (higher than the overall average) highlighted the importance of the risk organization to managing the increased volatility found in the economic and financial environment. Survey respondents confirm that the integration of risk management into corporate processes (such as budgeting and forecasting, strategic planning, and financing) has made significant progress over the last two years. However, the impact of risk management on operations and steering (e.g., performance management, product development, underwriting, claims and benefit management) is much weaker—see graphics 2 and 4 on page 7. The challenge is evidently much broader than simply adding actuaries to deal with more and more sophisticated models. 5
  6. 6. Risk management can benefit from people with strong business acumen, and a deep understanding of the broader insurance business and its dependencies to help interpret the results from modeling work, impact and root-cause analysis. While the risk models needed for compliance are in development, risk management is becoming more and more of a people game. There appears to be a need for skilled people, and arguably in greater numbers, to make the most out of the investment in compliance. Where quantitative models have their limits, human judgment is important to addressing, at a broad level, the seemingly relentless number of new risks faced by insurance firms. In parallel, many insurers still confront data quality issues that can stand in the way of obtaining reliable insights to guide their decision-making. Many insurance firms also appear to be working to develop the technology to embed actuarial tools into an integrated risk and finance architecture, one of the prerequisites for deep-dive analytics and the delivery of reliable, relevant information. In view of these challenges and expectations, it becomes increasingly evident that risk management will likely have to evolve beyond its core focus and join with other drivers of the business to set a new destination. 6 We explore these themes and more in the next few sections, starting with Section 1, “Managing current risk pressures in insurance,” and Section 2, “Current risk management initiatives.” We then present survey respondents’ capability goals for 2015 in Section 3. Looking ahead, we believe insurance companies should consider the following three areas, and these are discussed in greater detail in Section 4 of the report: • Manage compliance through a transformational lens—centralized management in line with business objectives that can also deliver on regulatory requirements • Develop a risk-adjusted operating model—infuse risk-adjusted behavior into business and operational processes • Treat risk management as a people game—explore the addition of risk specialists and strive to meet key staffing challenges through well developed recruitment, training and retention programs
  7. 7. Key findings Top external pressures… Emerging Operational 37% … are causing insurance firms to integrate risk management into decision-making Legal Market 57% 47% 86% 86% 46% 38% 39% Strategic planning Business Organization 39% Reputation Credit 41% 40% 44% Strategic Financing Performance management 85% 61% Budgeting and forecasting New product development 89% 54% Regulatory Underwriting What risks do executives see rising most over the next two years? Extent that risk management is integrated within other business functions But there is still room for improvement in managing risk Risk management is embedded into core insurance functions Compliance 28% Reputation 27% Risk culture 27% Reduce losses 24% Enabling growth 23% Product development 16% Managing volatility 99% 16% 94% 68% 68% 81% 54% 74% Current capability for managing risk activities Importance of risk organization as means of achieving Insurers still need to fix significant issues to achieve compliance with major sector regulatory reform ImplementingDeveloping an an adequate IT architecture integrated model 58% 57% Developing an integrated internal model 57% Implementing a meaningful use test 43% Documentation of risk governance 36% 53% Underwriting Reinsurance and financing 54% 53% Risk analysis and corporate strategy Claims and benefits management To what extent is risk management embedded into the following functions within your organization? But expect benefits to risk management capabilities beyond compliance 51% Documentation of risk processes 57% 65% Say internal reporting will improve 60% Expect better risk-adjusted performance management 61% 60% Say public communications will improve See better integration of finance and risk Share of insurers that must fix particular issues to achieve compliance For more information, please visit: 7
  8. 8. 8
  9. 9. 9
  10. 10. Section 1 Managing current risk pressures in insurance Like banking and capital markets, the insurance industry has been caught up in the market instability and uncertainty following the global financial and Eurozone crises. Insurers also face a “perfect storm” of simultaneous regulatory pressures, such as Solvency II; International Association of Insurance Supervisors (IAIS) Insurance Core Principles (ICP); the Solvency Modernization Initiative (SMI) from the National Association of Insurance Commissioners (NAIC); European Market Infrastructure Regulation (EMIR); Financial Stability Board (FSB) identification of Global Systemically Important Insurers (G-SIIs); client data protection requirements; and new accounting codes—in particular IFRS 9 (assets) and IFRS 4 Phase II (insurance liabilities).8 At the same time, insurers face unprecedented non-financial risk trends. For instance, news reports suggest a significant increase in the frequency of natural disasters, notes Philippe Trainar, Group Chief Risk Officer of SCOR. Our risk heat map groups risks into general and technical risk categories. Green circles indicate a risk/sector combination for which 33% or less of respondents expect risks to rise, and beige circles show that 34% to 66% expect rising risks (see Figure 1). Figure 1. Heat map of rising risks by insurance subsectors How do you expect the following risks to change over the next 2 years? (Proportion saying “significantly rise” or “rise somewhat”) Risks rising most over next two years General risks Legal risks Business risks Strategic risks Regulatory requirements Reputational and brand risks Emerging risks Political risks Liquidity risks Technical risks Market risks Underwriting risks Credit risks Operational risks 33% or less of respondents expect rising risk 34% to 66% of respondents expect rising risk Source: Accenture 2013 Global Risk Management Study 10 Life P&C
  11. 11. Market and underwriting risks are the top category among technical types of risk, of concern to both P&C and life respondents. In the technical risk areas, however, life insurance respondents expect rising risks across the board, while P&C insurers are most likely to expect rising market and underwriting risks. In the general risk areas as well, life insurers report a broader set of exposures. The forecast rise in business risks may relate to the slower growth in advanced economies. “We have entered an insurance market where financial products return less profit, in a context of sustained economic slowdown in Europe, which is a ‘new paradigm,’” says Hélène N’diaye, CRO of Generali. Managing emerging risks In an environment of rising risk across multiple risk types, insurers are not leaving their fate to chance. Relative to other industries we surveyed, both P&C and life insurer respondents report significant progress in taking steps to develop capabilities to manage emerging risks (see Figure 2). More than 90% of surveyed insurers are either currently developing emerging risk management capabilities or intend to do so. That said, specific emerging risks of greatest concern vary widely. “A key issue is the possibility that inflation patterns could change fundamentally if governments decide to inflate their debt away,” contends SCOR’s Mr. Trainar. “Climate change is receiving increasing attention, and we recently opened a briefing file on the issue,” says Manulife Financial’s CRO, Rahim Hirji. Figure 2. The vast majority of insurance respondents are developing—or plan to develop—emerging risk management capabilities For which of the following risks are you intending to enhance your corporate risk management capabilities?—Emerging risks (Proportion saying “currently working to enhance capabilities” or “enhancements planned in next two years”) Capital markets 100% Government administration 96% P&C insurers 91% Life insurers 90% Life sciences 86% Healthcare 85% Banking 84% Postal 83% Utilities 80% Energy 73% Source: Accenture 2013 Global Risk Management Study 11
  12. 12. Specific approaches to developing emerging-risk capabilities vary from company to company. Our findings suggest insurers, particularly in the P&C area, face a diverse range of impediments here. For P&C respondents, all impediments we surveyed were reported by more than 30%, but none were reported by a majority (see Figure 3). Life insurance respondents are more affected by a lack of early-warning capabilities, reported by 62%. To remedy such impediments, many insurers have developed new intelligencegathering processes. “To proactively identify and manage new risks, we have put in place a monthly risk group,” says Grégory Erphelin, CFO of Crédit Agricole Assurances. This group meets with each business unit to review bottomup risk information and assess each warning. Information providing early warning on new risks is then presented to the Executive Committee. Other insurers are developing the analytical capabilities of the risk function itself. “The company is adding specialized expertise to the central risk team,” notes the CRO of a global insurance player. Even for insurers with specialized capabilities, managing emerging risks remains a challenge. There is a difficult balance to strike between “thinking outside the box” and unproductive speculation. “On the one hand, not every risk can be quantified and managed through pre-existing structures and systems,” explains SCOR’s Mr. Trainar. “On the other hand, raising repeated false alarms regarding ‘black swans’ wastes senior management time.” 12 Figure 3. Impediments to the effective management of emerging risks To what extent do each of the following challenges impede the effectiveness of your organization’s management of emerging risks? (Proportion saying “to a great extent” or “to some extent”) Inadequate early warning capabilities 62% 40% Lack of integrated response to emerging risks by business units or senior management 51% 37% Inherent unmanageability of black swan risks 40% 40% Not being able to adopt best practices from other industries 37% 34% Life P&C Source: Accenture 2013 Global Risk Management Study
  13. 13. 13
  14. 14. Section 2 Current risk management initiatives Benchmarking compliance progress Insurers have made tremendous investments in developing their risk functions in recent years. They are now seeking benefits beyond compliance, with a desire to leverage newly developed risk capabilities to achieve broader business goals. “Solvency II forced us to make progress at a ‘forced march’ pace with a feeling of saturation,” notes Ronan Davit, the CRO of Euler Hermes. “It is now important to take time to reposition ourselves, and to be less regulation driven and more focused on business.” These investments include some cost overruns. Investments in compliance with major sector regulation, such as Solvency II, are already moderately higher than budgeted for 49% of respondents. This is a figure that varies little between life and non-life insurers. While compliance with such regulatory packages is mostly a work in progress, for many insurers, much of the investment required has already taken place. “We made heavy IT investments for prudential reporting and data-quality infrastructure,” says Crédit Agricole Assurances’ Mr. Erphelin. “Now these investments are decreasing, as we work on stabilizing our risk management capabilities.” 14 Figure 4. Confidence in meeting compliance deadlines Do you think that you will be able to meet the expected compliance deadline for Solvency II (or other primary regulation in your region)? Definitely—on track and confident 25% 6% Probably—improvements are required 62% 83% Probably—although some major tasks are not currently complete 11% 9% Don't know 2% 3% Life P&C Source: Accenture 2013 Global Risk Management Study Even for regulators in advanced economies, regulation remains a work in progress. Some deadlines have been pushed back like the ones pertaining to Solvency II.9 According to most surveyed insurers, key investments have already been made, but many key compliance tasks are not yet completed. Only 25% of life and 6% of P&C insurers report they are “on track and confident” in meeting compliance deadlines (see Figure 4).
  15. 15. The following figures look at specific issues still to be fixed before compliance with Solvency II (or other primary insurance regulation) is achieved. In general, life insurance respondents are farther ahead in many areas. They are less likely to report that issues relating to IT architecture, risk culture, and risk-finance alignment (among others) have not yet been fixed. P&C respondents are more likely to report they still have issues to be fixed in these areas. However, P&C insurers have made more progress than life insurers on integrating data (see Figure 5). Top current focus areas are implementing an adequate IT architecture, developing an integrated internal model, model documentation, and implementation of a meaningful use test. These issues are seen as significant and yet to be addressed by more than 50% of insurance respondents, averaging across the life and non-life subsectors. At the same time, major regulatory packages are at different stages in different geographies. In China, for instance, an initiative to change the solvency regime is just beginning.10 Figure 5. Issues remaining before compliance is achieved For your organization, which of the following significant issues are still to be fixed to achieve compliance with Solvency II (or other primary regulation in your region)? Defining and implementing an adequate IT architecture 51% 71% Developing an integrated internal model 57% 57% Documentation of models already in use and/or integration 51% 51% Implementing a meaningful use test 44% 63% Setting up overall data management and data integration 54% 37% Supervisory review preparation 48% 40% Implementing required education and training 43% 49% Documentation of risk processes 37% 54% Change management and infusing a risk culture 40% 49% Compliance with requirements to align risk and finance 32% 49% Documentation of risk governance 32% 43% Models sign-off by the supervisor 2% 17% Life P&C Source: Accenture 2013 Global Risk Management Study 15
  16. 16. The only area where more than 20% of surveyed insurers say they are completely prepared to comply with regulatory targets is data availability and quality, with regard to risk governance (see Figure 6). This may reflect the degree of value-added from good-quality data, including the reduction of manual data reconciliations and scrubbing, better quality in modeling, and more accurate calculations. This can provide benefits beyond compliance, such as optimized pricing and improved fraud detection. Insurers are less prepared overall for compliance with regulatory targets in the area of risk modeling and quantitative capabilities than for compliance with targets on risk governance issues (see Figure 7). These findings underscore that compliance with Solvency II or other major regulatory reforms remain a work in progress across the sector.11 That said, the proportion of respondents saying either “completed” or “slight improvements required” exceeds 40% for nearly every area, so it is also clear that a substantial minority of respondents have already made a great deal of progress toward meeting regulatory reform deadlines. With regard to the split between non-life and life insurers, levels of preparedness are broadly similar. Life insurers report themselves as more advanced (compared with their non-life counterparts) in meeting targets related to risk modeling (notably, data quality, risk model implementation, and risk model concepts). For instance, 16% of life insurers report that work on risk model concepts is completed, against only 3% of P&C insurers. For targets related to risk governance, there is less variance among the subsectors, although life insurance respondents reported themselves as advanced in meeting targets. While much work remains to be done, some insurers are already considering how to turn newly developed capabilities to the benefit of the broader business. This is the topic to which we turn to in the following section. Figure 6. Benchmarking compliance progress on risk governance issues With specific regard to risk management governance and organization, how prepared is your organization to comply with regulatory targets in the following areas? Data availability and quality 24% 26% 47% 2%1% Developing a prospective view of risks and solvency, and the relationship between risk and strategic objectives 10% 37% 44% Reviewing and agreeing risk governance and monitoring approach with supervisor and audit 13% 33% 27% 22% 5% Internal control requirements 13% 33% Tool selection 12% 34% 37% 15% 1%1% 41% Documentation for supervisor of processes and internal model 14% 31% Risk governance 10% 28% Outsourcing policies 13% Use test 6% 22% 30% 20% 10% 2% 1% 47% 7%1% 44% 10% 22% 44% Completed Started but still significant effort required 7% 1% 11% 1% 27% 2% 1% Slight improvements required Not yet started Work in progress Don't know Source: Accenture 2013 Global Risk Management Study Figure 7. Benchmarking compliance progress on risk modeling issues With specific regard to risk modeling and quantitative capabilities, how prepared is your organization to comply with regulatory targets in the following areas? Risk model data management and data integration 14% 35% 38% 9% 3% 1% Data availability and quality 14% 42% 12%1%1% Risk model tool selection 9% 32% 35% 45% Risk model concepts and methodology development 11% 32% Risk model implementation 8% 21% 46% 55% Exchange with the supervisor and audit to review the model 5% 22% 40% Slight improvements required Not yet started Source: Accenture 2013 Global Risk Management Study 10% 0% 1% 49% 6%1% 1% Risk model documentation for supervisor and audit 12% 30% Completed Started but still significant effort required 16 7% 1%1% 10% 2% 13% 2% 29% 4% Work in progress Don't know
  17. 17. Achieving benefits beyond compliance For some insurers, a great deal of the compliance burden has been met, and there is a shift from project mode to business as usual. “We have been spending 80% of our time in project mode and 20% in utilization,” says Euler Hermes’s Mr. Davit. “Today the switch is to about 60% on utilization and 40% on projects.” This means insurance respondents are starting to focus more on achieving a return on their investment. The majority of surveyed companies expect to achieve benefits beyond compliance from meeting their regulatory requirements (see Figure 8). These include improved internal reporting, public communication, risk-adjusted performance management, and risk-finance integration—in each case reported by roughly 60% of life insurers. P&C firms expect benefits beyond compliance in two further areas: convergence of accounting and insurance reporting and reduced financial risk. Broadly speaking, “Solvency II fosters strong links between the regulatory and business change agendas,” notes Mr. Erphelin of Crédit Agricole Assurances. Figure 8. Benefits beyond compliance Beyond regulatory compliance, what are the key areas of improvement for your risk management capabilities that will come from new regulatory requirements? Improved internal reporting capabilities 63% 69% Improved communication to the public 59% 66% Improved risk-adjusted performance management 60% 60% Better integration of finance and risk 62% 57% Reduced costs through joint compliance to accounting standards and insurance regulation 49% 63% Reduced financial risk 48% 63% Improved external reporting capabilities for supervisors and regulators 52% 40% Stronger integration of risk in rewards and incentives for employees 43% 46% Exploitation of synergies in data sourcing and management, model development and asset valuation 35% 26% Life P&C Source: Accenture 2013 Global Risk Management Study 17
  18. 18. An even more serious concern expressed by interviewees is that some risk regulation may have unforeseen consequences. “Regulatory requirements put a very strong—perhaps too strong— emphasis on model results,” notes the Group CRO of a European-based insurer with widespread global operations. Euler Hermes’s Mr. Davit concurs: “It is now important in 2013 and 2014 to work back in order to have a business approach to risk management and less of a financial approach,” he says. “This is, in a sense, going ‘back’ because we already had a strong risk management culture.” Regulatory pressures and the rising importance placed on risk management in the wake of the global financial crisis clearly have transformed risk governance in the insurance sector (see Figure 9). Comparing results from our 2011 Global Risk Management Study with 2013 survey findings illustrates the final stages of this transformation. Having the risk management owner report to the CEO is now almost universal, rising from 88% of insurance respondents in 2011 to 98% in 2013. The trend toward having a senior manager in a CRO role follows a similar pattern. And fully 80% of insurance respondents now require the risk management owner to report regularly on risk to the board—an item we added to our set of survey questions in 2013. Toward a risk-adjusted operating model Looking toward the next stages of achievement beyond compliance, insurers report a variety of aims. One of the key goals is development of a “risk-adjusted operating model,” which gives the risk function increasing inputs into everything from strategy to capital optimization. In particular, risk is now better equipped to provide insights the front office can use to produce better business results. Most insurers have not linked risk and adequate pricing with sales, but those that do can exploit risk-related information to support sales activities with a better perspective on potential risks and rewards. Figure 9. Risk ownership within the organization Who owns risk management in your organization? Does the risk management owner report directly to the Chief Executive Officer? Does your organization have a Chief Risk Officer? Is the risk management owner required to report on and discuss risk issues regularly with the board? Risk management owner reports to CEO 88% 98% Senior executive in CRO role (with or without CRO title) 81% 96% CRO with title 36% 55% Risk management owner reports regularly on risk to board 80% 2011 2013 Source: Accenture 2013 Global Risk Management Study Figure 10. Risk bodies currently in place What are the risk-oriented bodies currently in place within your organization? Underwriting committee 79% 94% Financial risk committee 83% 77% Operational risk committee 60% 54% Compliance committee 52% 63% ALM (asset liability management) committee or ALCO (asset liability committee) 51% 43% Technical risk committee 41% 37% New product committee 40% 31% Reinsurance committee 27% 37% Life P&C Source: Accenture 2013 Global Risk Management Study 18
  19. 19. A key hurdle to achieving such benefits is the need to integrate risk more closely with core functions, however. “We are working to deepen the direct presence of risk in core areas such as claims, underwriting, and distribution,” says the CRO of a global insurance player. This integration can be achieved on many fronts, including models, human resources, and business processes. Technology architecture is also crucial, including consideration of implications for data and IT systems, such as enhancement of existing core-insurance software, data flows, and reporting capabilities. Our review of risk committees that are currently in place among insurers suggests risk management is increasingly integrated in areas such as underwriting and financial risk management, but less so for operational risk management (see Figure 10). SCOR’s Mr. Trainar says that “the next step is to integrate risk at the operational level, by defining and consistently implementing risk standards relevant and applicable to operational processes.“ “Oversight of operational risk will increase over time as we embed risk management in operational areas such as claims, underwriting, benefits management, and so on,” says Joseph Celentano, Chief Risk Officer of Pacific Life Insurance Company. Our survey findings show that the risk function is most integrated with the core insurance functions of underwriting, corporate strategy, and risk financing (Figure 11). Even in these areas, however, only about 50% of life insurers report that the risk function is embedded “to a great extent” or “to some extent.” For most areas, reported levels of integration are notably higher for P&C insurers. Overall, there appears to be a strong trend toward rising integration. “The risk function is increasingly embedded within the organization through the monthly steering committees, strategic planning, strategic-asset allocation studies, and the update of underwriting policies,” says Generali’s Ms. N’diaye. Figure 11. Integration of risk with core insurance functions To what extent is risk management embedded into the following core insurance functions within your organization? (Proportion saying “to a great extent” or “to some extent”) Underwriting 52% 66% Risk profile analysis and corporate strategy 52% 57% Reinsurance and risk financing decision-making 46% 66% Claims and benefits management 49% 60% Asset allocation management 48% 54% Policy administration 43% 63% Capital management 43% 54% Product pricing 40% 34% Distribution and sales 40% 17% Product development 33% 26% Life P&C Source: Accenture 2013 Global Risk Management Study One aspect of a “risk-adjusted operating model” is to embed the risk function in areas such as performance management. Ms. N’diaye notes that other areas of the business beyond strategic planning are increasingly asking the advice of the risk function on key decision-making processes, including underwriting, reinsurance, and asset and liability management. to budget forecasting and performance management,” says Mr. Erphelin of Crédit Agricole Assurances. “This is not the case yet, however,” he adds. While risk management has been primarily a compliance-driven function that seeks to protect the value of the enterprise, it is increasingly strategy-driven, with a focus on maximizing and not just protecting enterprise value. For many insurers, regulatory requirements will likely be a lever used to effect this transformation. “In the Solvency II context, the scope of risk function intervention will be extended   19
  20. 20. From risk development to risk culture at The Hartford At The Hartford, the pace of development of centralized risk capabilities has been intense and managing that development is itself a challenge. “Organizational priorities are established for risk that span multiple years, with annual initiatives developed to support these priorities,” reports Sarah Williams, VP Risk Analytics & Governance at The Hartford. This can, of course, create challenges related to human resources. At the suggestion of the company’s CEO, a risk leadership development program was created, which rotates high-potential staff through three one-year placements within the various risk teams. The first group will complete the program in 2014. But developing the risk function itself is not enough: to produce results, risk management must be embedded in the business. For instance, to address emerging risks, such as cyber risk, climate risk, natural catastrophe risk, and security 20 risk (among others), emerging risk councils have been created that include both business representatives and risk staff. These councils report their findings up to the risk committee of the board. The Hartford also endeavors to enhance the risk culture of the organization. “We have an ERM training module that is available across the enterprise to educate employees; an ERM forum held on an annual basis; monthly risk-themed events; and weekly bulletins,” says Ms. Williams. Already, these risk capability investments are beginning to produce tangible results. “During 2012, the risk team changed and expanded the scope of hedging for the company’s variable annuity exposures which produced program savings and greater protection from loss,” says Ms. Williams.
  21. 21. 21
  22. 22. Section 3 Risk capability goals for 2015 We asked our survey respondents to identify their current level of risk capabilities, and their capability goals for 2015. Comparing these results, we can identify the top risk capability goals for the insurance sector in the years ahead (see Figure 12). Firstly, it is clear that ambitions are comprehensive in the sector. For every area surveyed, at least 30% of insurance respondents are seeking to move from a moderate level of capability today to a high level by 2015. This contrasts with the more moderate ambitions of the banking sector, where much development work has already been undertaken. “Organizational priorities are established for risk that span multiple years, with annual initiatives developed to support these priorities,” reports The Hartford’s Ms. Williams. Figure 12. Risk capability development goals for 2015: Insurance vs. banking firms Proportion indicating a “two-year target” rating at “4” or “5” on a 5-point capability development scale, less the proportion indicating a “current” rating at this level, for risk management function performance by capability Risk talent 41% Risk technology and data management 2 39% 22% Performance management and reporting 38% 22% Compliance efficiency 35% 19% Risk and finance integration 32% 10% Risk analytics 32% 13% Emerging risks 32% 19% Risk management processes 31% 11% Risk policy, appetite, and culture 31% 11% Risk organization and governance 31% 21% Insurance Banking 1 Insurers' top 3 capability development goals for 2015 Source: Accenture 2013 Global Risk Management Study 22 1 35% 3
  23. 23. Many insurance respondents clearly envision a transformation of their risk capabilities in the coming years. Of the development goals surveyed, the top three are in risk talent, risk technology and data management, and performance management and reporting. Risk talent can be central to the achievement of most risk capability goals, which is perhaps why it tops the list. It is also an obvious challenge in a sector where risk functions are growing rapidly. “It is estimated that the central risk function will double in size over the next three years,” says the CRO of a global insurance player. To address these challenges, insurance respondents are deploying new training and retention programs. Some insurers report that embedding the risk function within the rest of the business will help retain the right talent. “The main challenge is to make the risk function interesting so as to attract resources with business acumen,” says Mr. Davit of Euler Hermes. Others are focusing on rotation programs. “We commonly will move people in and out of the risk function into the business which helps increase the commercial awareness of the risk function,” says Legal & General’s CRO, Simon Gadd. The third most frequently reported goal is in performance management. Some organizations are leveraging the enhanced capabilities of the risk function to serve the business in many areas, from assessing the impacts of strategic choices to managing operational risks. Risk technology can also play a role here. Risk analytics can be used to track the impact of contract clauses and incentives on client behaviors or to mitigate fraud risks, enhancing the value-added that the risk function brings to the broader business. The expansion of risk’s role in performance management may require attention to the interface between risk and the rest of the organization: “We have worked with each member of the board concerning Solvency II results comprehension, and definition of specific key indicators in relation to their area of responsibilities,” notes Euler Hermes’s Mr. Davit. Others focus on resolving possible conflicts of interest. “We have tight controls to make sure an individual cannot be rewarded by doing something that is not good from a risk management perspective,” reports Mr. Gadd. The second most frequently reported goal is in risk technology. Risk technology and data are also, of course, central to achieving many other risk capability goals. “We have developed a central source for a lot of our risk data,” notes Mr. Gadd. “There is no point in having a good model if the data going into it are not robust.” It is perhaps no surprise that risk technology and data ranks so high on the list, given the focus of regulators on this area. 23
  24. 24. Section 4 Three things to do differently Many insurers have reported great progress in developing and enhancing their risk management capabilities. Insurers are leveraging the gains from their enhanced risk capabilities to achieve broader business goals. Companies that wish to reach their risk capability goals for 2015 should consider the following actions. 1. Manage compliance through a transformational lens Compliance requirements can be used as a lever to transform the risk function. As regulatory requirements escalate, a great deal of investment may be needed. Some insurers develop a long-term plan for the risk function, and manage compliance from a centralized perspective. This combination enables companies to leverage the compliance demands of regulators to create the new risk function capabilities current market pressures demand. At the same time, companies are seeking to become increasingly efficient in addressing compliance requirements. 2. Develop a risk-adjusted operating model Forward-thinking organizations report leveraging the expanded modeling and analytical capabilities of the risk function to achieve broader business goals. They use risk function inputs on an ex ante basis, to improve strategic decisionmaking and operational effectiveness. “Model results are considered as a factual basis for management discussion,” says the Group CRO of a European-based insurer with global operations. Insurers 24 are increasingly integrating the risk function with strategy, performance management, and capital optimization. Embedding the risk function in this way requires strong cooperation between risk and finance, with timely and reliable data, often integrated across the risk function and business units. The benefits to enhancing the operating model in this way include a greater contribution of risk management capabilities to value-generating processes; improved business decision-making through alignment of overall risk appetite and business strategy; and enhanced operational efficiency through an integrated and robust IT landscape. 3. Treat risk management as a people game When addressing issues related to risk, especially those related to risk technology, it is tempting to focus investment on technical solutions. When addressing emerging risks, companies often—justifiably—focus on process enhancements. But there is also an argument to be made for treating risk as a people game. Adding emergingrisk expertise to the risk function can help increase the value-added of risk to the rest of the business. And adding specialists in risk data analysis and risk modeling can be as important as adding systems in these areas. Some companies respond to these staffing challenges through well-developed recruitment and retention programs. Training often involves rotation of risk staff into other business areas. This also helps companies focus on the broader “risk culture” of the organization, as a way to embed risk management across the business. Conclusion Insurers face a number of current challenges, from market volatility to major regulatory initiatives such as Solvency II. That said, the insurers we surveyed and interviewed show no sign of taking their eyes off the road ahead. Ninety-one percent are either currently developing or planning to develop capabilities to manage emerging risks, and many are already using innovative processes and tools to address these risks. Our survey data indicate that insurers are also intending to move beyond compliance, leveraging compliance activity to achieve benefits for the broader business (internal reporting, public communication, and riskadjusted performance management are the most frequently reported). Many report they are integrating the risk function as part of a “risk-adjusted operating model.” To this end, insurers report ambitious development goals for the next two years, including in risk talent and risk technology.
  25. 25. References 1 2 3 4 5 Accenture, “Global Risk Management Study 2013: Risk management for an era of greater uncertainty.” September 2013. Accessed at: globalriskmanagementresearch2013 “Solvency II Deadline Pushed Back: Insurers Forge Ahead on Compliance Efforts Despite New Delays,” January 1, 2012, Solvency II News. Accessed at: europe/solvency-ii-deadline-pushedback-insurers-forge-ahead-oncompliance-efforts-despite-new-delays “The Economics of Security Externalities­­—Assessing, Managing and Benefiting from Global Interdependent Risks,” Howard Kunreuther and Erwann Michel-Kerjan, Wharton Risk Management and Decision Processes Center, August 2007. Accessed at: annual_mtg_papers/2008/2008_175. pdf. “Terrorism Risk: A Reemergent Threat—Impacts for Property/Casualty Insurers,” Insurance Information Institute, April 2010. Accessed at: http://insurancemarketreport. com/Portals/131/ TerrorismThreat_042010.pdf “Fire in small German town could curb world car production,” Stephen Evans, BBC News, April 19, 2012. Accessed at: “Sandy’s cost to economy: Up to $50 billion,” Chris Isidore, CNN Money, November 2, 2012. Accessed at: http://money.cnn. com/2012/11/02/news/economy/ sandy-economic-impact/index.html “Review of natural catastrophes in 2011: Earthquakes result in record loss year,” Munich Re press release, January 4, 2012. Accessed at: http://www. press_releases/2012/2012_01_04_ press_release.aspx 6 “Siemens Distributes Sysclean to Fight Stuxnet Malware,” Brian Prince, eWeek, July 22, 2010. Accessed at: Siemens-Distributes-Security-Toolfor-Stuxnet-Malware-252337/. Baker Institute Policy Report, Number 53, September 2012. Accessed at: http:// IT-pub-PolicyReport53.pdf for IFRS 4 Phase II, see http:// iasb-projects/insurance-contracts/ Pages/insurance-contracts.aspx 9 7 For Solvency II, see https://eiopa. solvency-ii/index.html; “Solvency II Deadline Pushed Back: Insurers Forge Ahead on Compliance Efforts Despite New Delays,” January 1, 2012, Solvency II News. Accessed at: europe/solvency-ii-deadline-pushedback-insurers-forge-ahead-oncompliance-efforts-despite-new-delays 10 “China: Subordinated ‘II generation’ Solvency Standards to be Introduced within Few Years,” July 8, 2013, Solvency II News. Accessed at: http:// 11 “Less than a quarter of EU insurers ready for Solvency II,” July 30, 2013, Global Insurance. Accessed at: http:// 8 for IAIS, see http://www.iaisweb. org/Insurance-Core-Principlesmaterial-adopted-in-2011-795; for NAIC, see http://www.; for EMIR, see http://www.esma.; for FSB, see http://www. press/pr_130718.htm; for IFRS 9, see http://www.ifrs. org/current-projects/iasb-projects/ financial-instruments-a-replacementof-ias-39-financial-instrumentsrecognitio/Pages/financial-instrumentsreplacement-of-ias-39.aspx; 25
  26. 26. 26
  27. 27. Acknowledgements We would like to thank the senior executives with global organizations who took part in our qualitative interview discussions and participated in our survey. We are grateful for the inputs of senior staff at each of these organizations: • BNP Paribas Cardif • Crédit Agricole Assurances • Euler Hermes • Generali • Great-West Life • The Hartford • Legal & General • Liberty Mutual • Manulife Financial • Pacific Life • Predica • SCOR We would like to thank the following senior leaders from Accenture who provided expert direction on the research, and insight on the issues covered: • Sander van ‘t Noordende, Group Chief Executive, Management Consulting at Accenture • Steve Culp, Managing Director, Accenture Risk Management Thanks to the following Accenture executives, who also contributed ideas and guidance on this effort: • Eva Dewor • Gerald Roop • Eric Jeanne • Ferko Spits • Isabelle Pelletier • Prasanna Varadan 27
  28. 28. About Accenture Management Consulting Accenture is a leading provider of management consulting services worldwide. Drawing on the extensive experience of its 16,000 management consultants globally, Accenture Management Consulting works with companies and governments to achieve high performance by combining broad and deep industry knowledge with functional capabilities to provide services in Strategy, Analytics, Customer Relationship Management, Finance & Enterprise Performance, Operations, Risk Management, Sustainability, and Talent and Organization. About Accenture Accenture is a global management consulting, technology services and outsourcing company, with approximately 266,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the world’s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US$27.9 billion for the fiscal year ended Aug. 31, 2012. Its home page is About Accenture Risk Management Accenture Risk Management consulting services work with clients to create and implement integrated risk management capabilities designed to gain higher economic returns, improve shareholder value, and increase stakeholder confidence. For more information on the Accenture 2013 Global Risk Management Study please visit globalriskmanagementresearch2013 This document is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this document and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals. Copyright © 2013 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. 13-2954