The most widely used definition of insurance describes it as a form of risk management, primarily used to hedge against the risk of loss. However, insurance organizations themselves are exposed to varied risks, which they often manage with Enterprise Risk Management (ERM) frameworks.
However, this approach focuses on maintaining regulatory compliance rather than creating value while insurers should be doing both – ensuring regulatory compliance and creating value. In effect, ERMs remain somewhat misunderstood and under-utilized by insurers.
A brief history of ERM
ERM emerged in the early 1990s to help manage total risk exposure through one integrated and comprehensive tool. After the Committee of Sponsoring Organizations or COSO's launch of the ERM Integrated Framework in 2004, the latter's adoption increased. It was not until 2017 that the COSO framework was updated to place greater emphasis on strategy. The updated version also emphasizes not only capabilities, techniques and tools, but on important cultural aspects of the COSO ERM framework as well.
The strategic and value-driven approach to ERM made it an attractive proposition. Several organizations are restructuring their Risk Function as Enterprise Risk & Opportunities Management (EROM). EROM refers to the initiatives by organizations to manage risks and maximize opportunities. EROM must minimize risk and maximize gain. NASA has been adopting EROM frameworks to help ensure its continued success as its mission becomes more complex. They have multiple publications around its frameworks and how it can be adopted by commercial enterprises.
ERM in insurance
The digital revolution or Industry 4.0 is changing the nature of risks to be managed. Coupled with other factors such as a big pipeline of regulations, low interest rates, volatile markets and rapidly evolving customer needs and technological innovations, the risk environment for insurers remains complex. Insurers will soon have to deal with more risk-based solvency, tighter data protection regulations and adherence to complex accounting standards
Insurers have been using ERM to manage strict regulatory expectations. Research from McKinsey indicated that the better their ERM systems, the better the insurers performed during the financial crisis of 2008. However, the focus has continued to be on compliance and not on value creation.
Interestingly, ERM methods and techniques that most insurers practice were developed before the turn of the century. While insurers have undertaken a myriad of digital transformations in recent years, they have mainly focused on customer facing initiatives. Digitizing ERM essentially is yet to be prioritized – leading to ERM frameworks not benefitting from digital transformation-led innovation.
Here are the value drivers for digitizing risk management:
Provides comprehensive capabillity to manage risk and opportunities
Enhances resilience, effectiveness and efficiency and instills confidence to move at speed that's necessary to meet the modern consumer's needs
Guides business decisions that can impact a company’s financial and non-financial performance
Digitization of ERM for insurers
Digital risk management encompasses the use of all digital approaches to increase the effectiveness and efficiency of ERM by leveraging process automation, decision automation, digitized monitoring and early warning. However, like any other digital transformation initiative, digitizing ERM won’t also be just about technology adoption. Providing a new technology platform won’t be enough to address digital risk management. It requires that such platforms be equipped with configurations and data so that companies can use them immediately with adequate effort and people using such platforms are empowered to act on the insights provided.
Four dimensions of change can be identified: processes, data, culture and value.
Processes - companies must ensure that systems, processes and behaviors are adapted to their purpose. In many organizations, silos still exist, which is why an isolated risk assessment is often carried out. Process flows are not always rational and efficient. Operational structures and processes must be redesigned before automation and decision support can be activated.
Data - highly fragmented IT and data architecture cannot provide an efficient or effective framework for digital risk management. Therefore, a clear institutional commitment is needed to define a data vision, update risk data, establish robust data management, improve data quality and metadata while also building the right data architecture. Fortunately, today’s processes and analytical techniques can support these goals with advanced technology in several key areas, including large data platforms, the cloud, machine learning, AI and Natural Language Processing (NLP). AI can be used to reduce risk in key areas. For example, machine learning can support more informed predictions about the probability of a person or company being fraudulently insured and it can be used to build variable investment forecasting models.
Culture - the business and operating model require new capabilities to drive rapid digitization. Risk practitioners need to create a solid culture of innovation. It means deploying the right talent and fostering an innovative 'test-and-learn' mentality. Governance processes must enable rapid responses to a changing technological and regulatory environment. The risk-adequate management of this innovation culture represents a central challenge for the digitized ERM function. Effective ERM should strive to reduce the intuition-based input and increment the rational or insight-based input into decision-making processes.
Value - the digitization of ERM should only be undertaken with a focus on value creation through improved decision making.
Given the potential value and dangers of delay, insurers must start taking measured steps to build digital ERM. Most insurers might have the groundwork ready in the form of risk and compliance management functions to get started. These building blocks should be used for ERM’s digital transformation.
Additionally, such initiatives should be centered around value realization and would eventually convince the skeptics on enterprise wide digitisation of risk management.
Disclaimer: The statements and opinions expressed in this article are those of the author(s) and do not necessarily reflect the positions of Thoughtworks.