Note: This is the seventh in a series of blogs on insurance transformation by Majesco and PwC. Today’s blog is a continuation of 2022-04-29 included the podcast Enterprise Risk Management between Denise Garth, Chief Strategy Officer at Majesco, and Melissa Card from PwC’s Insurance Risk and Regulation practice.
Denise Garth: Thanks again for your time on the podcast. You provided a lot of details about Enterprise Risk Management (ERM). I would like to take some time to further explore the two risk management segments you mentioned: Financial risks; Non-financial risks. Can you provide further details on how a company structures its ERM framework and where the two risks fit in?
Melissa card: When we think of insurance companies and how they differ from other types of companies (eg car manufacturers, technology / digital, hospitality, etc.) it is about how an insurance company manages its capital / surplus. To confirm that the insurance companies use their capital in an appropriate way in a way that can give their stakeholders the greatest return. When it comes to ERM, it is to look at the different levels of an insurer and build an informative risk profile to determine how much risk an organization faces to determine the best use of capital. The key is, from a forward-looking perspective, to determine what headwind comes in the organization̵7;s path from an internal or external perspective. Usually we see at the top of the house specific roles and responsibilities for all parties associated with risk / risk management. Then at the top of the house are Risk Appetite Statements (RAS), which clearly formulate the level of risk that the organization is willing to take, based on current risks that the organization faces (ie financial risk and non-financial risk). Risk from internal or external sources). This requires a complete understanding of all the risks that an organization faces at a given time, and indicates the most critical or emerging risks. This is done through various processes, which provides an understanding of risks at lower levels and aggregates them to the top of the organization. Under RAS, there are measures to measure the specific risk areas called Risk Appetite Metrics (RAM). RAM is the high level of risk measurement in an organization, in the event that a RAM limit is triggered, this will inform the organization that they have exceeded their risk tolerance. Beneath the RAMs and throughout the organization’s structure are Key Risk Indicators (KRIs), which are usually linked to RAMs to provide “early warning indications” of risk events. This should enable the organization to measure the level of risk they face and use capital in a way that gives stakeholders the greatest return. The two risks clearly define, financially how do we manage risks from a business point of view, and non-financially, how do we support the business?
Denise Garth: On the subject of risk, you mentioned that the threats to insurance companies’ technology and data are developing. Can you give us more details?
Melissa card: Regulators are focused on consumer protection. As the distribution channels develop, more data will become available. For example, what we see in passenger cars, where cars collect data based on usage and car companies provide insurance directly to consumers, it would not be shocking if most insurance companies have the ability to engage technicians to allow them to collect this information for to provide a driver’s most comprehensive risk profile. Insurance companies need to adapt their ERM efforts to evolving technology to better protect consumer data from falling into the hands of unauthorized persons. By automating data flows and setting up proper automation to track data users’ location, access privileges, etc., it can help provide data integrity and also inform management if there is a potential breach of data management, before the problem spreads.
Denise Garth: I hope we have answered your questions about how to start thinking about Enterprise Risk Management and the risks that insurance companies potentially face. Do you have questions about risk management or do you want to know more? Just drop it in the comments section below.