The role of the CRO is to manage and define the overall medium- to long-term risk strategy for the insurance company. (Photo: iStock)

The role of insurance is to bring some predictability, manageability and stability to a chaotic and uncertain world. In essence, it is a risk mitigation tool.

Despite this fact, the role of the chief risk officer (CRO) has often been neglected by insurance companies. But this is changing. 

For the past 30 years, businesses in this industry have been bombarded with new and increasingly diverse regulations, all designed to ensure that insurers are financially stable. But in recent years, insurance has also increasingly become global and more multifaceted, and many of the earlier regulations put in place can’t address these new industry complexities.

Insurance companies around the world face a host of new regulations that go beyond simple compliance. At the heart of many of these new regulations is the requirement that insurance companies perform an Own Risk and Solvency Assessment (ORSA) — a self-assessment of their current and future risk.

ORSA is a relatively new concept aimed at enhancing insurer awareness and understanding of significant risks and interdependencies, as well as the impact of these risks on each company’s available capital and capital needs.

Annual assessments

One of the key requirements of ORSA is that companies conduct an annual, forward-looking assessment. The result is an ORSA report that includes all current material risks and potential future risks (e.g., “emerging risks”) that must be managed to arrive at the company’s appropriate risk profile and risk appetite. The report should include a series of stress tests, which are scenario analyses to support the assessment of key risks and their potential impacts. Given all of these requirements, producing an ORSA report requires close collaboration among the finance, actuarial and risk management departments.

The goal of an ORSA is to demonstrate not only that the company’s current capital needs are appropriate, but also that its future capital needs will be met over a specified assessment time frame (usually three to five years). The report also allows regulators to get an enhanced view of an insurer’s ability to withstand financial stress.

The role of the CRO is to manage and define the overall medium- to long-term risk strategy for the insurance company. This strategy takes into consideration variables such as risk appetite, target market, customer segments, core products, distribution channels and expected return on investments. Arriving at this strategy is achieved by what is commonly referred to as the capital management and planning process.

Planning and capital management

The first step in this process requires insurers to identify and model all material risks that can potentially affect their solvency or the long-term value of equity. To have an efficient capital management framework, insurers also need to coordinate the actions of their risk units with their actuarial and finance departments. Planning and budgeting exercises that steer direction for operational actions should be coordinated with a view into risks, profitability and shareholder returns.

The second step is the necessity to align the decision-making process with estimates for how much capital the organization must have on hand in light of commitments and identified risks. This helps business line managers perceive the constraints and opportunities that economic capital presents in the areas of risk-based pricing, customer profitability analysis, customer segmentation and portfolio optimization.

With effective capital management, insurers should be able to weather extreme internal risk events (e.g., a data breach) and external scenarios (e.g., a catastrophic natural disaster) at an enterprise level. It also helps business line managers create favorable opportunities, as they can generate an optimized risk-return profile of their product portfolios.

Today’s insurance regulations demand a more comprehensive approach to risk management. Insurance companies need to evaluate their business activities more closely to fit with their long-term strategic goals, risk appetite, regulatory requirements and capital management requirements.

At the same time, they need to be able to anticipate the regulatory and risk changes ahead and deal with them efficiently and proactively. Insurers who have the systems and processes that help them adapt swiftly to change will realize significant competitive advantages, including lower compliance costs, less intrusive regulatory supervision, and greater peace of mind for their board members

Insurance and risk have always gone together. However, as insurance becomes more complex and regulated, the rise of the chief risk officer is inevitable and the importance is undeniable.

Stuart Rose is global insurance marketing manager at Cary, N.C.-based business analytics software and services company SAS.

Related: Here come the accountants — the codification of cyber risk

We’re on Facebook, are you?