In recent years, insurance companies have changed their focus in terms of how they want to be both profitable and competitive in the marketplace.
“It used to be all about driving premium growth,” says Frank Petersmark, CIO advocate for X By 2, a consulting firm specializing in enterprise and application architecture for the insurance industry. “Before the economic downturn, carriers began to think long term about enterprise risk management to develop a strong book. Today, being profitable is more about risk control—managing pricing and making money off underwriting.”
Petersmark believes there are significant reasons for carriers to work harder on ERM. When he served as CIO at Amerisure, Petersmark explains the carrier looked mainly at the financial elements.
“It’s a fine way to start,” he says. “The ERM platform allows you to evaluate and model. The key word is enterprise. If you think about it across the enterprise, there is an opportunity to connect people in ways they’ve never been connected before. To do ERM well you need input and data points from all over the company.”
“Everyone has a deeper understanding of the importance of a good risk management strategy,” says Tainsky. “Whether it is having your systems located in a secure hosting facility with redundancy; having the right succession plan in place for key personnel; or making sure you have redundancies if one of your processes fail risk management is something that is peace of mind for PURE. As a company that focuses on managing risk for our members, we are attuned to the need to focus on risk management in our own environment as well.”
Security falls under risk management for some carriers, points out Petersmark.
From the standpoint of new software licensing or deployment models such as SaaS or managed services, Carney believes a primary concern insurers have about these models is the exposure to greater threats.
As for regulatory compliance, Carney recently attended the PIMA conference where a speaker discussed the regulatory compliance landscape.
“You could argue that the CIOs with most carriers probably engage in risk more than other business executives to the point where they often are in the position of managing large portfolios of existing systems and applications that the company depends upon to run their business,” says Petersmark. “Balance that with the fact these applications have a certain run rate, there is so much investment in resources, and now you have to modernize it. There are huge risks in disrupting current business processes and practices to better those processes and practices.”
There’s also the human element, according to Petersmark.