In the insurance technology space we continue to quibble about definitions of “big data,” but changes within the industry show that insurers are moving inexorably in the direction of becoming “digital enterprises,” whether they like it or not. The evolution of risk management represents a prime example of the transition, as revealed in a recent conversation with Ernst & Young’s Bill Spinard, executive director, financial services.
Ernst & Young's recent survey of insurance chief risk officers (CROs) "Increasing urgency and evidence of opportunity," acknowledges a backdrop of newer risk management drivers, such as the fallout from the economic crisis of 2007-08, new regulatory requirements and difficult global macroeconomic conditions. These forces resonate within a longer-standing trend of intensifying calls for transparency that date back to Enron and the emergence of Sarbanes-Oxley. But the expectations of regulators are conditioned not merely by the reassurances they demand about companies' risk management and solvency positions but also by the ability of technology to create a more accurate and full picture of an institution's risk profile.
That confluence of forces has resulted in the rising prominence of CROs, which is the first of four overarching themes emerged from the survey, conducted in 2012. These challenging circumstances have pushed CROs into the limelight, where they enjoy an unprecedented opportunity to demonstrate their value, according to Spinard. For example, CROs are working more directly with operational areas such as IT and product development to leverage new tools and technologies aimed at a more accurate and timely risk picture.
The second trend Ernst & Young identified related to what the survey calls CROs and the risk "journey." Spinard notes that diverse regulatory requirements, the varying effects of economic circumstances, different company culture and a "new breed" of CROs combine to create a somewhat erratic response. "The survey showed a wide discrepancy in reporting relationships, responsibilities, analytical techniques used, and in the ultimate responsibilities of CROs," he says. "That was probably the biggest surprise of the survey: the wide variation in responsibilities."
Some of that variation is a direct reflection that companies face different regulatory challenges and compliance priorities, which emerges as the third of the overarching themes identified by the Ernst & Young survey. Some larger companies are focused on Solvency II or the potential to be regarded as a systemically significant financial institution under Dodd-Frank. Others are more concerned about the NAIC's Own Risk and Solvency Assessment (ORSA) requirements, due in 2015, according to Spinard.
"Very large organizations will have to develop much more sophisticated risk management programs, which if done right will give them added value," Spinard says. "Those not subject to Solvency II will still have to do some sort of advanced risk management techniques, particularly around capital needs and solvency requirements."
[Related: Big Data Boosts Enterprise Risk Management.]
Spinard notes that the larger and more sophisticated organizations will set the stage for requirements that smaller companies will eventually face, from both a compliance and competitive business point of view. "History shows that good techniques that add value from a management perspective or simply show that they're good practices, will eventually flow to other organizations, whether they're required by regulators to do them or not," he comments. "Stress testing and economic capital [based reporting] provides a perfect example: five years ago we didn't see much of it, but the survey shows that all companies are now embracing it."
The final theme is what Ernst & Young is calls the risk quantification imperative. Quantification is becoming increasingly important and more companies are devoting added resources to economic capital, capital optimization and the measurement of market, credit and operational risks, according to the survey. Insurers need to quantify risk in order to better understand product, to accurately gauge profitability, to identify growth opportunities and to project future revenue in volatile interest rate and economic environments.
"It all comes back to the the same issue: how good is the data that we have, how consistently are we managing it, and what sort of governance and change management programs do we have around it," Spinard observes.