The Bumpy Road Ahead for Insurers

Accenture 2013 Global Risk Management Study

Focus on findings for the Insurance sector

3

About the research 4

Executive summary 5

Key findings 7

Section 1 10 Managing current risk pressures in insurance

Section 2 14 Current risk management initiatives

Section 3 22 Risk capability goals for 2015

Section 4 24 Three things to do differently

Contents

Research and interviews were conducted by Accenture and Oxford Economics, who collaborated to write this report.

4

This report on insurance firms is a sector-specific supplement to the Accenture 2013 Global Risk Management Study.1

It is based on a quantitative survey of executives from 98 organizations in the insurance industry. Respondents were C-level executives involved in risk management decisions. Organizations were split among Europe (31%), North America (50%), Latin America (1%), and Asia Pacific (18%). Forty-eight percent of the companies had annual revenues between $1 billion and $5 billion, and 52% had annual revenues over $5 billion. Respondents included Chief Risk Officers (CROs, 23%), Chief Executive Officers (CEOs, 23%), Chief Financial Officers (CFOs, 30%), and Chief Compliance Officers (CCOs, 23%).

We also conducted in-depth interviews with senior leaders at 15 insurance sector organizations across regions. These provide supporting insights for our data-driven research, while presenting useful perspectives from companies in the sector.

About the research

5

As the 2013 Global Risk Management survey results indicate, the current market environment seemingly demands that insurers do more than just comply with new regulatory requirements. Although an extended timeline for Solvency II may allow insurers with European operations more room for compliance,2 insurers around the world are also apparently facing greater risk and complexity from regulations targeting Global Systemically Important Insurers.

In times where:

• The future of the life insurance business model is potentially at risk in several countries;

• The increase in the frequency and severity of natural disasters can put the P&C industry under enormous pressure;

• Financial market instability can challenge investment strategies; and

• Profitable growth opportunities may be limited without taking more risks,

Risk management could be expected to contribute much more than just enabling regulatory requirements.

According to survey respondents, most risks faced by the insurance industry are expected to rise over the next two years (see graphic 1 on page 7). There is a measurable gap between the self-assessed maturity of current capabilities and the future need for strategic risk capabilities, meaning insurers may have their work cut out for them (see graphic 3 on page 7).

One need not be an alarmist to see the increasing volatility, complexity, and interdependencies the insurance industry must actively confront. The evidence is also visible every day in the media:

• Supply-chain vulnerability to acts of terror remains underestimated. Of $35 billion in (original value) insured losses from the September 11 attacks, one-third were payable for business interruption losses.3

• Fire at the Evonik factory in Germany impacted global production of PA-12 resin (9 months downtime) and thus global car production.4

• Hurricane Sandy created an estimated $50 billion in economic losses.5

• Japanese economic losses due to the March 2011 earthquake, tsunami and nuclear accident are estimated at over $200 billion, with about $40 billion in insured losses.6

• Damage from IT attacks is increasing, like the Stuxnet malware that targeted Siemens industrial control systems in 2010 or the 2012 cyberattack on Aramco that corrupted 30,000 computers.7

As these and many other developments indicate, risk managers may now be expected to deliver effective risk/return management of the overall portfolio across areas including assets and investments, liabilities and underwriting, and reinsurance to help enable risk-adjusted capital allocation across their groups. Group diversification efforts, investment strategies, and reinsurance strategies should be considered as much as local entities’ regulatory capital requirements and accounting rules.

Risk management may also be expected to support the organization’s growth agenda in this challenging environment by keeping profitability, sustainability, and risk/return expectations in balance.

Risk managers’ contribution is sought when dealing with strategic questions such as: Where to invest, how to make uninsured risk insurable, how to shape new products, how to steer sales agents, how to balance the portfolio mix of new and old products, how to consider demographic changes, how to evolve an existing business model to address new opportunities, or how to increase transparency to understand the growing complexity and interdependencies.

Most insurance companies, however, are spending significant amounts of their limited resources dealing with regulatory challenges. Only a small number of insurers are preparing to manage the increased volatility and uncertainty facing the industry. Yet, 74% of survey respondents (higher than the overall average) highlighted the importance of the risk organization to managing the increased volatility found in the economic and financial environment.

Survey respondents confirm that the integration of risk management into corporate processes (such as budgeting and forecasting, strategic planning, and financing) has made significant progress over the last two years. However, the impact of risk management on operations and steering (e.g., performance management, product development, underwriting, claims and benefit management) is much weaker—see graphics 2 and 4 on page 7.

The challenge is evidently much broader than simply adding actuaries to deal with more and more sophisticated models.

Executive summary

6

Risk management can benefit from people with strong business acumen, and a deep understanding of the broader insurance business and its dependencies to help interpret the results from modeling work, impact and root-cause analysis.

While the risk models needed for compliance are in development, risk management is becoming more and more of a people game. There appears to be a need for skilled people, and arguably in greater numbers, to make the most out of the investment in compliance.

Where quantitative models have their limits, human judgment is important to addressing, at a broad level, the seemingly relentless number of new risks faced by insurance firms. In parallel, many insurers still confront data quality issues that can stand in the way of obtaining reliable insights to guide their decision-making.

Many insurance firms also appear to be working to develop the technology to embed actuarial tools into an integrated risk and finance architecture, one of the prerequisites for deep-dive analytics and the delivery of reliable, relevant information.

In view of these challenges and expectations, it becomes increasingly evident that risk management will likely have to evolve beyond its core focus and join with other drivers of the business to set a new destination.

We explore these themes and more in the next few sections, starting with Section 1, “Managing current risk pressures in insurance,” and Section 2, “Current risk management initiatives.” We then present survey respondents’ capability goals for 2015 in Section 3.

Looking ahead, we believe insurance companies should consider the following three areas, and these are discussed in greater detail in Section 4 of the report:

• Manage compliance through a transformational lens—centralized management in line with business objectives that can also deliver on regulatory requirements

• Develop a risk-adjusted operating model—infuse risk-adjusted behavior into business and operational processes

• Treat risk management as a people game—explore the addition of risk specialists and strive to meet key staffing challenges through well developed recruitment, training and retention programs

7

Key findings

Insurers still need to fix significant issues to achieve compliance with major sector regulatory reform

Share of insurers that must fix particular issues to achieve compliance

Developing an integrated model 57%Implementing an adequate

IT architecture

57%Implementing a meaningful use test 51%

43%Documentation of risk governance 36%

58%Developing an integrated internal model

Documentation of risk processes

But expect benefits to risk management capabilities beyond compliance

Say internalreporting willimprove

65%Say publiccommunications will improve

61%

Expect better risk-adjusted performancemanagement

60%See betterintegration of finance and risk

60%

… are causing insurance firms to integrate risk management into decision-making

Extent that risk management is integrated within other business functions

Budgeting and forecasting

New product development

Strategic planning

Performance management

Financing

54%

61%61%85%86%

86%

89%

Top external pressures…

What risks do executives see rising most over the next two years?

Market

Business

Strategic

UnderwritingCredit

Reputation

Emerging Legal

Operational

Regulatory

46%

44%

47%

41%

38%

39%

57%

40%39%

37%

Organization

Risk management is embedded into core insurance functions

To what extent is risk management embedded into the following functions within your organization?

57%

Underwriting Reinsurance and financing

Risk analysis and corporate strategy Claims and benefits management

54%

53%

53%

But there is still room for improvement in managing risk

Current capability for managing risk activities

Importance of risk organization as means of achieving

16% 74%Managing volatility

16% 54%Product development

23% 81%Enabling growth

24% 68%Reduce losses

27% 68%Risk culture

27% 94%Reputation

28% 99%Compliance

For more information, please visit: www.accenture.com/globalriskmanagementresearch2013

10

Like banking and capital markets, the insurance industry has been caught up in the market instability and uncertainty following the global financial and Eurozone crises. Insurers also face a “perfect storm” of simultaneous regulatory pressures, such as Solvency II; International Association of Insurance Supervisors (IAIS) Insurance Core Principles (ICP); the Solvency Modernization Initiative (SMI) from the National Association of Insurance Commissioners (NAIC); European Market Infrastructure Regulation (EMIR); Financial Stability Board (FSB) identification of Global Systemically Important Insurers (G-SIIs); client data protection requirements; and new accounting codes—in particular IFRS 9 (assets) and IFRS 4 Phase II (insurance liabilities).8 At the same time, insurers face unprecedented non-financial risk trends. For instance, news reports suggest a significant increase in the frequency of natural disasters, notes Philippe Trainar, Group Chief Risk Officer of SCOR.

Our risk heat map groups risks into general and technical risk categories. Green circles indicate a risk/sector combination for which 33% or less of respondents expect risks to rise, and beige circles show that 34% to 66% expect rising risks (see Figure 1).

Section 1 Managing current risk pressures in insurance

Figure 1. Heat map of rising risks by insurance subsectors

How do you expect the following risks to change over the next 2 years? (Proportion saying “significantly rise” or “rise somewhat”)

Source: Accenture 2013 Global Risk Management Study

Life P&C

Reputational and brand risks

Emerging risks

Political risks

Liquidity risks

Risks rising most over next two years

33% or less of respondents expect rising risk34% to 66% of respondents expect rising risk

Legal risks

Business risks

Strategic risks

Regulatory requirements

General risks

Market risks

Underwriting risks

Credit risks

Operational risks

Technical risks

11

Figure 2. The vast majority of insurance respondents are developing—or plan to develop—emerging risk management capabilities

For which of the following risks are you intending to enhance your corporate risk management capabilities?—Emerging risks (Proportion saying “currently working to enhance capabilities” or “enhancements planned in next two years”)


100%Capital markets

96%Government administration

91%P&C insurers

90%Life insurers

86%Life sciences

85%Healthcare

84%Banking

83%Postal

80%Utilities

73%Energy

Market and underwriting risks are the top category among technical types of risk, of concern to both P&C and life respondents. In the technical risk areas, however, life insurance respondents expect rising risks across the board, while P&C insurers are most likely to expect rising market and underwriting risks. In the general risk areas as well, life insurers report a broader set of exposures. The forecast rise in business risks may relate to the slower growth in advanced economies. “We have entered an insurance market where financial products return less profit, in a context of sustained economic slowdown in Europe, which is a ‘new paradigm,’” says Hélène N’diaye, CRO of Generali.

Managing emerging risksIn an environment of rising risk across multiple risk types, insurers are not leaving their fate to chance. Relative to other industries we surveyed, both P&C and life insurer respondents report significant progress in taking steps to develop capabilities to manage emerging risks (see Figure 2). More than 90% of surveyed insurers are either currently developing emerging risk management capabilities or intend to do so.

That said, specific emerging risks of greatest concern vary widely. “A key issue is the possibility that inflation patterns could change fundamentally if governments decide to inflate their debt away,” contends SCOR’s Mr. Trainar. “Climate change is receiving increasing attention, and we recently opened a briefing file on the issue,” says Manulife Financial’s CRO, Rahim Hirji.

12

Specific approaches to developing emerging-risk capabilities vary from company to company. Our findings suggest insurers, particularly in the P&C area, face a diverse range of impediments here. For P&C respondents, all impediments we surveyed were reported by more than 30%, but none were reported by a majority (see Figure 3). Life insurance respondents are more affected by a lack of early-warning capabilities, reported by 62%.

To remedy such impediments, many insurers have developed new intelligence-gathering processes. “To proactively identify and manage new risks, we have put in place a monthly risk group,” says Grégory Erphelin, CFO of Crédit Agricole Assurances. This group meets with each business unit to review bottom-up risk information and assess each warning. Information providing early warning on new risks is then presented to the Executive Committee. Other insurers are developing the analytical capabilities of the risk function itself. “The company is adding specialized expertise to the central risk team,” notes the CRO of a global insurance player.

Even for insurers with specialized capabilities, managing emerging risks remains a challenge. There is a difficult balance to strike between “thinking outside the box” and unproductive speculation. “On the one hand, not every risk can be quantified and managed through pre-existing structures and systems,” explains SCOR’s Mr. Trainar. “On the other hand, raising repeated false alarms regarding ‘black swans’ wastes senior management time.”

Figure 3. Impediments to the effective management of emerging risks

To what extent do each of the following challenges impede the effectiveness of your organization’s management of emerging risks? (Proportion saying “to a great extent” or “to some extent”)


Life P&C

62%40%

Inadequate early warning capabilities

51%37%

Lack of integrated response to emerging risks by business units or senior management

40%40%

Inherent unmanageability of black swan risks

37%34%

Not being able to adopt best practices from other industries

14

Benchmarking compliance progressInsurers have made tremendous investments in developing their risk functions in recent years. They are now seeking benefits beyond compliance, with a desire to leverage newly developed risk capabilities to achieve broader business goals. “Solvency II forced us to make progress at a ‘forced march’ pace with a feeling of saturation,” notes Ronan Davit, the CRO of Euler Hermes. “It is now important to take time to reposition ourselves, and to be less regulation driven and more focused on business.”

These investments include some cost overruns. Investments in compliance with major sector regulation, such as Solvency II, are already moderately higher than budgeted for 49% of respondents. This is a figure that varies little between life and non-life insurers.

While compliance with such regulatory packages is mostly a work in progress, for many insurers, much of the investment required has already taken place. “We made heavy IT investments for prudential reporting and data-quality infrastructure,” says Crédit Agricole Assurances’ Mr. Erphelin. “Now these investments are decreasing, as we work on stabilizing our risk management capabilities.”

Section 2Current risk management initiatives

Figure 4. Confidence in meeting compliance deadlines

Do you think that you will be able to meet the expected compliance deadline for Solvency II (or other primary regulation in your region)?


Life P&C

25%6%

Definitely—on track and confident

62%83%

Probably—improvements are required

11%9%

Probably—although some major tasks are not currently complete

2%3%

Don't know

Even for regulators in advanced economies, regulation remains a work in progress. Some deadlines have been pushed back like the ones pertaining to Solvency II.9 According to most surveyed insurers, key investments have already been made, but many key compliance tasks are not yet completed. Only 25% of life and 6% of P&C insurers report they are “on track and confident” in meeting compliance deadlines (see Figure 4).

15

Figure 5. Issues remaining before compliance is achieved

For your organization, which of the following significant issues are still to be fixed to achieve compliance with Solvency II (or other primary regulation in your region)?


Life P&C

51%71%

Defining and implementing an adequate IT architecture

57%57%

Developing an integrated internal model

51%51%

Documentation of models already in use and/or integration

44%63%

Implementing a meaningful use test

54%37%

Setting up overall data management and data integration

48%40%

Supervisory review preparation

43%49%

Implementing required education and training

37%54%

Documentation of risk processes

40%49%

Change management and infusing a risk culture

32%49%

Compliance with requirements to align risk and finance

32%43%

Documentation of risk governance

2%17%

Models sign-off by the supervisor

The following figures look at specific issues still to be fixed before compliance with Solvency II (or other primary insurance regulation) is achieved. In general, life insurance respondents are farther ahead in many areas. They are less likely to report that issues relating to IT architecture, risk culture, and risk-finance alignment (among others) have not yet been fixed. P&C respondents are more likely to report they still have issues to be fixed in these areas. However, P&C insurers have made more progress than life insurers on integrating data (see Figure 5).

Top current focus areas are implementing an adequate IT architecture, developing an integrated internal model, model documentation, and implementation of a meaningful use test. These issues are seen as significant and yet to be addressed by more than 50% of insurance respondents, averaging across the life and non-life subsectors. At the same time, major regulatory packages are at different stages in different geographies. In China, for instance, an initiative to change the solvency regime is just beginning.10

16

Figure 6. Benchmarking compliance progress on risk governance issues

With specific regard to risk management governance and organization, how prepared is your organization to comply with regulatory targets in the following areas?

Figure 7. Benchmarking compliance progress on risk modeling issues

With specific regard to risk modeling and quantitative capabilities, how prepared is your organization to comply with regulatory targets in the following areas?



Completed Slight improvements required Work in progressStarted but still significant effort required Not yet started

Data availability and quality1%2%26%24% 47%

1%

Developing a prospective view of risks and solvency, and the relationship between risk and strategic objectives

1%37% 44%10% 7%

Reviewing and agreeing risk governance and monitoring approach with supervisor and audit5%27%33%13% 22%

1%Internal control requirements

1%37%33%13% 15%

10%Tool selection

34% 2% 1%12% 41%

Documentation for supervisor of processes and internal model31% 47% 1%14% 7%

Don't know

1%Risk governance

7%44%28%10% 10%

22%Outsourcing policies

22% 11% 1%13% 30%

1%Use test

20% 44% 2%6% 27%

Completed Slight improvements required Work in progressStarted but still significant effort required Not yet started

1%Data availability and quality

1%42%32%14% 12%

10%Risk model tool selection

35% 0% 1%9% 45%

1%Risk model concepts and methodology development

32% 49% 1%11% 6%

Don't know

Risk model documentation for supervisor and audit2%46%30%12% 10%

13%Risk model implementation

21% 2%8% 55%

Exchange with the supervisor and audit to review the model22% 40% 4%5% 29%

1%Risk model data management and data integration

38%35%14% 9% 3%

The only area where more than 20% of surveyed insurers say they are completely prepared to comply with regulatory targets is data availability and quality, with regard to risk governance (see Figure 6). This may reflect the degree of value-added from good-quality data, including the reduction of manual data reconciliations and scrubbing, better quality in modeling, and more accurate calculations. This can provide benefits beyond compliance, such as optimized pricing and improved fraud detection.

Insurers are less prepared overall for compliance with regulatory targets in the area of risk modeling and quantitative capabilities than for compliance with targets on risk governance issues (see Figure 7). These findings underscore that compliance with Solvency II or other major regulatory reforms remain a work in progress across the sector.11 That said, the proportion of respondents saying either “completed” or “slight improvements required” exceeds 40% for nearly every area, so it is also clear that a substantial minority of respondents have already made a great deal of progress toward meeting regulatory reform deadlines.

With regard to the split between non-life and life insurers, levels of preparedness are broadly similar. Life insurers report themselves as more advanced (compared with their non-life counterparts) in meeting targets related to risk modeling (notably, data quality, risk model implementation, and risk model concepts). For instance, 16% of life insurers report that work on risk model concepts is completed, against only 3% of P&C insurers. For targets related to risk governance, there is less variance among the subsectors, although life insurance respondents reported themselves as advanced in meeting targets.

While much work remains to be done, some insurers are already considering how to turn newly developed capabilities to the benefit of the broader business. This is the topic to which we turn to in the following section.

17

Figure 8. Benefits beyond compliance

Beyond regulatory compliance, what are the key areas of improvement for your risk management capabilities that will come from new regulatory requirements?


Life P&C

63%69%

Improved internal reporting capabilities

59%66%

Improved communication to the public

60%60%

Improved risk-adjusted performance management

62%57%

Better integration of finance and risk

49%63%

Reduced costs through joint compliance to accounting standards and insurance regulation

48%63%

Reduced financial risk

52%40%

Improved external reporting capabilities for supervisors and regulators

43%46%

Stronger integration of risk in rewards and incentives for employees

35%26%

Exploitation of synergies in data sourcing and management, model development and asset valuation

Achieving benefits beyond complianceFor some insurers, a great deal of the compliance burden has been met, and there is a shift from project mode to business as usual. “We have been spending 80% of our time in project mode and 20% in utilization,” says Euler Hermes’s Mr. Davit. “Today the switch is to about 60% on utilization and 40% on projects.”

This means insurance respondents are starting to focus more on achieving a return on their investment. The majority of surveyed companies expect to achieve benefits beyond compliance from meeting their regulatory requirements (see Figure 8). These include improved internal reporting, public communication, risk-adjusted performance management, and risk-finance integration—in each case reported by roughly 60% of life insurers. P&C firms expect benefits beyond compliance in two further areas: convergence of accounting and insurance reporting and reduced financial risk. Broadly speaking, “Solvency II fosters strong links between the regulatory and business change agendas,” notes Mr. Erphelin of Crédit Agricole Assurances.

18

Figure 9. Risk ownership within the organization

Who owns risk management in your organization? Does the risk management owner report directly to the Chief Executive Officer? Does your organization have a Chief Risk Officer? Is the risk management owner required to report on and discuss risk issues regularly with the board?

Figure 10. Risk bodies currently in place

What are the risk-oriented bodies currently in place within your organization?


2011 2013

88%98%

Risk management owner reports to CEO

81%96%

Senior executive in CRO role (with or without CRO title)

36%55%

CRO with title

80%

Risk management owner reports regularly on risk to board


Life P&C

79%94%

Underwriting committee

83%77%

Financial risk committee

60%54%

Operational risk committee

52%63%

Compliance committee

51%43%

ALM (asset liability management) committee or ALCO (asset liability committee)

41%37%

Technical risk committee

40%31%

New product committee

27%37%

Reinsurance committee

An even more serious concern expressed by interviewees is that some risk regulation may have unforeseen consequences. “Regulatory requirements put a very strong—perhaps too strong—emphasis on model results,” notes the Group CRO of a European-based insurer with widespread global operations. Euler Hermes’s Mr. Davit concurs: “It is now important in 2013 and 2014 to work back in order to have a business approach to risk management and less of a financial approach,” he says. “This is, in a sense, going ‘back’ because we already had a strong risk management culture.”

Regulatory pressures and the rising importance placed on risk management in the wake of the global financial crisis clearly have transformed risk governance in the insurance sector (see Figure 9). Comparing results from our 2011 Global Risk Management Study with 2013 survey findings illustrates the final stages of this transformation. Having the risk management owner report to the CEO is now almost universal, rising from 88% of insurance respondents in 2011 to 98% in 2013. The trend toward having a senior manager in a CRO role follows a similar pattern. And fully 80% of insurance respondents now require the risk management owner to report regularly on risk to the board—an item we added to our set of survey questions in 2013.

Toward a risk-adjusted operating modelLooking toward the next stages of achievement beyond compliance, insurers report a variety of aims. One of the key goals is development of a “risk-adjusted operating model,” which gives the risk function increasing inputs into everything from strategy to capital optimization. In particular, risk is now better equipped to provide insights the front office can use to produce better business results. Most insurers have not linked risk and adequate pricing with sales, but those that do can exploit risk-related information to support sales activities with a better perspective on potential risks and rewards.

19

Figure 11. Integration of risk with core insurance functions

To what extent is risk management embedded into the following core insurance functions within your organization? (Proportion saying “to a great extent” or “to some extent”)


Life P&C

52%66%

Underwriting

52%57%

Risk profile analysis and corporate strategy

46%66%

Reinsurance and risk financing decision-making

49%60%

Claims and benefits management

48%54%

Asset allocation management

43%63%

Policy administration

43%54%

Capital management

40%34%

Product pricing

40%17%

Distribution and sales

33%26%

Product development

A key hurdle to achieving such benefits is the need to integrate risk more closely with core functions, however. “We are working to deepen the direct presence of risk in core areas such as claims, underwriting, and distribution,” says the CRO of a global insurance player. This integration can be achieved on many fronts, including models, human resources, and business processes. Technology architecture is also crucial, including consideration of implications for data and IT systems, such as enhancement of existing core-insurance software, data flows, and reporting capabilities.

Our review of risk committees that are currently in place among insurers suggests risk management is increasingly integrated in areas such as underwriting and financial risk management, but less so for operational risk management (see Figure 10). SCOR’s Mr. Trainar says that “the next step is to integrate risk at the operational level, by defining and consistently implementing risk standards relevant and applicable to operational processes.“ “Oversight of operational risk will increase over time as we embed risk management in operational areas such as claims, underwriting, benefits management, and so on,” says Joseph Celentano, Chief Risk Officer of Pacific Life Insurance Company.

Our survey findings show that the risk function is most integrated with the core insurance functions of underwriting, corporate strategy, and risk financing (Figure 11).

Even in these areas, however, only about 50% of life insurers report that the risk function is embedded “to a great extent” or “to some extent.” For most areas, reported levels of integration are notably higher for P&C insurers.

Overall, there appears to be a strong trend toward rising integration. “The risk function is increasingly embedded within the organization through the monthly steering committees, strategic planning, strategic-asset allocation studies, and the update of underwriting policies,” says Generali’s Ms. N’diaye.

One aspect of a “risk-adjusted operating model” is to embed the risk function in areas such as performance management. Ms. N’diaye notes that other areas of the business beyond strategic planning are increasingly asking the advice of the risk function on key decision-making processes, including underwriting, reinsurance, and asset and liability management.

For many insurers, regulatory requirements will likely be a lever used to effect this transformation. “In the Solvency II context, the scope of risk function intervention will be extended

to budget forecasting and performance management,” says Mr. Erphelin of Crédit Agricole Assurances. “This is not the case yet, however,” he adds. While risk management has been primarily a compliance-driven function that seeks to protect the value of the enterprise, it is increasingly strategy-driven, with a focus on maximizing and not just protecting enterprise value.

20

At The Hartford, the pace of development of centralized risk capabilities has been intense and managing that development is itself a challenge. “Organizational priorities are established for risk that span multiple years, with annual initiatives developed to support these priorities,” reports Sarah Williams, VP Risk Analytics & Governance at The Hartford.

This can, of course, create challenges related to human resources. At the suggestion of the company’s CEO, a risk leadership development program was created, which rotates high-potential staff through three one-year placements within the various risk teams. The first group will complete the program in 2014.

But developing the risk function itself is not enough: to produce results, risk management must be embedded in the business. For instance, to address emerging risks, such as cyber risk, climate risk, natural catastrophe risk, and security

risk (among others), emerging risk councils have been created that include both business representatives and risk staff. These councils report their findings up to the risk committee of the board.

The Hartford also endeavors to enhance the risk culture of the organization. “We have an ERM training module that is available across the enterprise to educate employees; an ERM forum held on an annual basis; monthly risk-themed events; and weekly bulletins,” says Ms. Williams.

Already, these risk capability investments are beginning to produce tangible results. “During 2012, the risk team changed and expanded the scope of hedging for the company’s variable annuity exposures which produced program savings and greater protection from loss,” says Ms. Williams.

From risk development to risk culture at The Hartford

22

We asked our survey respondents to identify their current level of risk capabilities, and their capability goals for 2015. Comparing these results, we can identify the top risk capability goals for the insurance sector in the years ahead (see Figure 12). Firstly, it is clear that ambitions are comprehensive in the sector. For every area surveyed, at least 30% of insurance respondents are seeking to move from a moderate level of capability today to a high level by 2015. This contrasts with the more moderate ambitions of the banking sector, where much development work has already been undertaken. “Organizational priorities are established for risk that span multiple years, with annual initiatives developed to support these priorities,” reports The Hartford’s Ms. Williams.

Section 3Risk capability goals for 2015

Figure 12. Risk capability development goals for 2015: Insurance vs. banking firms

Proportion indicating a “two-year target” rating at “4” or “5” on a 5-point capability development scale, less the proportion indicating a “current” rating at this level, for risk management function performance by capability


Insurance Banking

41%35%

39%22%

38%22%

35%19%

32%10%

32%13%

32%19%

31%11%

31%11%

31%21%

Risk talent

Risk technology and data management

Performance management and reporting

Compliance efficiency

Risk and finance integration

Risk analytics

Emerging risks

Risk management processes

Risk policy, appetite, and culture

Risk organization and governance

1

1 Insurers' top 3 capability development goals for 2015

2

3

23

Many insurance respondents clearly envision a transformation of their risk capabilities in the coming years. Of the development goals surveyed, the top three are in risk talent, risk technology and data management, and performance management and reporting.

Risk talent can be central to the achievement of most risk capability goals, which is perhaps why it tops the list. It is also an obvious challenge in a sector where risk functions are growing rapidly. “It is estimated that the central risk function will double in size over the next three years,” says the CRO of a global insurance player.

To address these challenges, insurance respondents are deploying new training and retention programs. Some insurers report that embedding the risk function within the rest of the business will help retain the right talent. “The main challenge is to make the risk function interesting so as to attract resources with business acumen,” says Mr. Davit of Euler Hermes. Others are focusing on rotation programs. “We commonly will move people in and out of the risk function into the business which helps increase the commercial awareness of the risk function,” says Legal & General’s CRO, Simon Gadd.

The second most frequently reported goal is in risk technology. Risk technology and data are also, of course, central to achieving many other risk capability goals. “We have developed a central source for a lot of our risk data,” notes Mr. Gadd. “There is no point in having a good model if the data going into it are not robust.” It is perhaps no surprise that risk technology and data ranks so high on the list, given the focus of regulators on this area.

The third most frequently reported goal is in performance management. Some organizations are leveraging the enhanced capabilities of the risk function to serve the business in many areas, from assessing the impacts of strategic choices to managing operational risks. Risk technology can also play a role here. Risk analytics can be used to track the impact of contract clauses and incentives on client behaviors or to mitigate fraud risks, enhancing the value-added that the risk function brings to the broader business.

The expansion of risk’s role in performance management may require attention to the interface between risk and the rest of the organization: “We have worked with each member of the board concerning Solvency II results comprehension, and definition of specific key indicators in relation to their area of responsibilities,” notes Euler Hermes’s Mr. Davit. Others focus on resolving possible conflicts of interest. “We have tight controls to make sure an individual cannot be rewarded by doing something that is not good from a risk management perspective,” reports Mr. Gadd.

24

Many insurers have reported great progress in developing and enhancing their risk management capabilities. Insurers are leveraging the gains from their enhanced risk capabilities to achieve broader business goals. Companies that wish to reach their risk capability goals for 2015 should consider the following actions.

1. Manage compliance through a transformational lensCompliance requirements can be used as a lever to transform the risk function. As regulatory requirements escalate, a great deal of investment may be needed. Some insurers develop a long-term plan for the risk function, and manage compliance from a centralized perspective. This combination enables companies to leverage the compliance demands of regulators to create the new risk function capabilities current market pressures demand. At the same time, companies are seeking to become increasingly efficient in addressing compliance requirements.

2. Develop a risk-adjusted operating modelForward-thinking organizations report leveraging the expanded modeling and analytical capabilities of the risk function to achieve broader business goals. They use risk function inputs on an ex ante basis, to improve strategic decision-making and operational effectiveness. “Model results are considered as a factual basis for management discussion,” says the Group CRO of a European-based insurer with global operations. Insurers

are increasingly integrating the risk function with strategy, performance management, and capital optimization. Embedding the risk function in this way requires strong cooperation between risk and finance, with timely and reliable data, often integrated across the risk function and business units. The benefits to enhancing the operating model in this way include a greater contribution of risk management capabilities to value-generating processes; improved business decision-making through alignment of overall risk appetite and business strategy; and enhanced operational efficiency through an integrated and robust IT landscape.

3. Treat risk management as a people gameWhen addressing issues related to risk, especially those related to risk technology, it is tempting to focus investment on technical solutions. When addressing emerging risks, companies often—justifiably—focus on process enhancements. But there is also an argument to be made for treating risk as a people game. Adding emerging-risk expertise to the risk function can help increase the value-added of risk to the rest of the business. And adding specialists in risk data analysis and risk modeling can be as important as adding systems in these areas. Some companies respond to these staffing challenges through well-developed recruitment and retention programs. Training often involves rotation of risk staff into other business areas. This also helps companies focus on the broader “risk culture” of the organization, as a way to embed risk management across the business.

ConclusionInsurers face a number of current challenges, from market volatility to major regulatory initiatives such as Solvency II. That said, the insurers we surveyed and interviewed show no sign of taking their eyes off the road ahead. Ninety-one percent are either currently developing or planning to develop capabilities to manage emerging risks, and many are already using innovative processes and tools to address these risks.

Our survey data indicate that insurers are also intending to move beyond compliance, leveraging compliance activity to achieve benefits for the broader business (internal reporting, public communication, and risk-adjusted performance management are the most frequently reported). Many report they are integrating the risk function as part of a “risk-adjusted operating model.” To this end, insurers report ambitious development goals for the next two years, including in risk talent and risk technology.

Section 4Three things to do differently

25

1 Accenture, “Global Risk Management Study 2013: Risk management for an era of greater uncertainty.” September 2013. Accessed at: http://www.accenture.com/globalriskmanagementresearch2013

2 “Solvency II Deadline Pushed Back: Insurers Forge Ahead on Compliance Efforts Despite New Delays,” January 1, 2012, Solvency II News. Accessed at: http://www.solvencyiinews.com/europe/solvency-ii-deadline-pushed-back-insurers-forge-ahead-on-compliance-efforts-despite-new-delays

3 “The Economics of Security Externalities —Assessing, Managing and Benefiting from Global Interdependent Risks,” Howard Kunreuther and Erwann Michel-Kerjan, Wharton Risk Management and Decision Processes Center, August 2007. Accessed at: http://www.aeaweb.org/annual_mtg_papers/2008/2008_175.pdf. “Terrorism Risk: A Reemergent Threat—Impacts for Property/Casualty Insurers,” Insurance Information Institute, April 2010. Accessed at: http://insurancemarketreport.com/Portals/131/TerrorismThreat_042010.pdf

4 “Fire in small German town could curb world car production,” Stephen Evans, BBC News, April 19, 2012. Accessed at: http://www.bbc.co.uk/news/business-17769466

5 “Sandy’s cost to economy: Up to $50 billion,” Chris Isidore, CNN Money, November 2, 2012. Accessed at: http://money.cnn.com/2012/11/02/news/economy/sandy-economic-impact/index.html

6 “Review of natural catastrophes in 2011: Earthquakes result in record loss year,” Munich Re press release, January 4, 2012. Accessed at: http://www.munichre.com/en/media_relations/press_releases/2012/2012_01_04_press_release.aspx

7 “Siemens Distributes Sysclean to Fight Stuxnet Malware,” Brian Prince, eWeek, July 22, 2010. Accessed at: http://www.eweek.com/c/a/Security/Siemens-Distributes-Security-Tool-for-Stuxnet-Malware-252337/. Baker Institute Policy Report, Number 53, September 2012. Accessed at: http://www.bakerinstitute.org/publications/IT-pub-PolicyReport53.pdf

8 For Solvency II, see https://eiopa.europa.eu/activities/insurance/solvency-ii/index.html;

for IAIS, see http://www.iaisweb.org/Insurance-Core-Principles-material-adopted-in-2011-795;

for NAIC, see http://www.naic.org/index_smi.htm;

for EMIR, see http://www.esma.europa.eu/page/European-Market-Infrastructure-Regulation-EMIR;

for FSB, see http://www.financialstabilityboard.org/press/pr_130718.htm;

for IFRS 9, see http://www.ifrs.org/current-projects/iasb-projects/financial-instruments-a-replacement-of-ias-39-financial-instruments-recognitio/Pages/financial-instruments-replacement-of-ias-39.aspx;

for IFRS 4 Phase II, see http://www.ifrs.org/current-projects/iasb-projects/insurance-contracts/Pages/insurance-contracts.aspx

9 “Solvency II Deadline Pushed Back: Insurers Forge Ahead on Compliance Efforts Despite New Delays,” January 1, 2012, Solvency II News. Accessed at: http://www.solvencyiinews.com/europe/solvency-ii-deadline-pushed-back-insurers-forge-ahead-on-compliance-efforts-despite-new-delays

10 “China: Subordinated ‘II generation’ Solvency Standards to be Introduced within Few Years,” July 8, 2013, Solvency II News. Accessed at: http://www.solvencyiinews.com/tag/china

11 “Less than a quarter of EU insurers ready for Solvency II,” July 30, 2013, Global Insurance. Accessed at: http://www.globalreinsurance.com/less-than-a-quarter-of-eu-insurers-ready-for-solvency-ii/1403764.article

References

27

We would like to thank the senior executives with global organizations who took part in our qualitative interview discussions and participated in our survey. We are grateful for the inputs of senior staff at each of these organizations:

Acknowledgements

• BNP Paribas Cardif • Crédit Agricole Assurances• Euler Hermes• Generali• Great-West Life• The Hartford

• Legal & General• Liberty Mutual• Manulife Financial• Pacific Life• Predica• SCOR

We would like to thank the following senior leaders from Accenture who provided expert direction on the research, and insight on the issues covered:

• Sander van ‘t Noordende, Group Chief Executive, Management Consulting at Accenture

• Steve Culp, Managing Director, Accenture Risk Management

Thanks to the following Accenture executives, who also contributed ideas and guidance on this effort:

• Eva Dewor

• Eric Jeanne

• Isabelle Pelletier

• Gerald Roop

• Ferko Spits

• Prasanna Varadan

Copyright © 2013 Accenture All rights reserved.

Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

13-2954

This document is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this document and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.

About Accenture Management Consulting

Accenture is a leading provider of management consulting services worldwide. Drawing on the extensive experience of its 16,000 management consultants globally, Accenture Management Consulting works with companies and governments to achieve high performance by combining broad and deep industry knowledge with functional capabilities to provide services in Strategy, Analytics, Customer Relationship Management, Finance & Enterprise Performance, Operations, Risk Management, Sustainability, and Talent and Organization.

About Accenture Risk ManagementAccenture Risk Management consulting services work with clients to create and implement integrated risk management capabilities designed to gain higher economic returns, improve shareholder value, and increase stakeholder confidence.

About AccentureAccenture is a global management consulting, technology services and outsourcing company, with approximately 266,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the world’s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US$27.9 billion for the fiscal year ended Aug. 31, 2012. Its home page is www.accenture.com.

For more information on the Accenture 2013 Global Risk Management Study please visit www.accenture.com/globalriskmanagementresearch2013

http://www.accenture.com/globalriskmanagementresearch2013

http://www.accenture.com/globalriskmanagementresearch2013

The Bumpy Road Ahead for Insurers

Economy & Finance

Transcript of The Bumpy Road Ahead for Insurers