The role of insurance is to bring some predictability,manageability and stability to a chaotic and uncertain world. Inessence, it is a risk mitigation tool.

Despite this fact, the role of the chief risk officer (CRO) hasoften been neglected by insurance companies. But this ischanging. 

For the past 30 years, businesses in this industry have beenbombarded with new and increasingly diverse regulations, alldesigned to ensure that insurers are financially stable. But inrecent years, insurance has also increasingly become global andmore multifaceted, and many of the earlier regulations put in placecan't address these new industry complexities.

Insurance companies around the world face a host of newregulations that go beyond simple compliance. At the heart of manyof these new regulations is the requirement that insurancecompanies perform an Own Risk and Solvency Assessment (ORSA)— a self-assessment of their current and future risk.

ORSA is a relatively new concept aimed at enhancing insurerawareness and understanding of significant risks andinterdependencies, as well as the impact of these risks on eachcompany's available capital and capital needs.

Annual assessments

One of the key requirements of ORSA is that companies conduct anannual, forward-looking assessment. The result is an ORSA reportthat includes all current material risks and potential future risks(e.g., "emerging risks") that must be managed to arrive at thecompany's appropriate risk profile and risk appetite. The reportshould include a series of stress tests, which are scenarioanalyses to support the assessment of key risks and their potentialimpacts. Given all of these requirements, producing an ORSA reportrequires close collaboration among the finance, actuarial and riskmanagement departments.

The goal of an ORSA is to demonstrate not only that thecompany's current capital needs are appropriate, but also that itsfuture capital needs will be met over a specified assessment timeframe (usually three to five years). The report also allowsregulators to get an enhanced view of an insurer's ability towithstand financial stress.

The role of the CRO is to manage and define the overall medium-to long-term risk strategy for the insurance company. This strategytakes into consideration variables such as risk appetite, targetmarket, customer segments, core products, distribution channels andexpected return on investments. Arriving at this strategy isachieved by what is commonly referred to as the capital managementand planning process.

Planning and capital management

The first step in this process requires insurers to identify andmodel all material risks that can potentially affect their solvencyor the long-term value of equity. To have an efficient capitalmanagement framework, insurers also need to coordinate the actionsof their risk units with their actuarial and finance departments.Planning and budgeting exercises that steer direction foroperational actions should be coordinated with a view into risks,profitability and shareholder returns.

The second step is the necessity to align the decision-makingprocess with estimates for how much capital the organization musthave on hand in light of commitments and identified risks. Thishelps business line managers perceive the constraints andopportunities that economic capital presents in the areas ofrisk-based pricing, customer profitability analysis, customersegmentation and portfolio optimization.

With effective capital management, insurers should be able toweather extreme internal risk events (e.g., a data breach) andexternal scenarios (e.g., a catastrophic natural disaster) at anenterprise level. It also helps business line managers createfavorable opportunities, as they can generate an optimizedrisk-return profile of their product portfolios.

Today's insurance regulations demand a more comprehensiveapproach to risk management. Insurance companies need to evaluatetheir business activities more closely to fit with their long-termstrategic goals, risk appetite, regulatory requirements and capitalmanagement requirements.

At the same time, they need to be able to anticipate theregulatory and risk changes ahead and deal with them efficientlyand proactively. Insurers who have the systems and processes thathelp them adapt swiftly to change will realize significantcompetitive advantages, including lower compliance costs, lessintrusive regulatory supervision, and greater peace of mind fortheir board members

Insurance and risk have always gone together. However, asinsurance becomes more complex and regulated, the rise of the chiefrisk officer is inevitable and the importance is undeniable.

Stuart Rose is global insurance marketing manager at Cary,N.C.-based business analytics software and servicescompany SAS.

Related: Here come the accountants — the codification ofcyber risk

We're on Facebook, are you?