Strengthening governance, risk and compliance in the insurance industry
-
Upload
jordi-planas-manzano -
Category
Documents
-
view
2.025 -
download
2
description
Transcript of Strengthening governance, risk and compliance in the insurance industry
Strengthening governance, risk and compliance in the insurance industry An Economist Intelligence Unit reportSponsored by SAP
© Economist Intelligence Unit Limited 2009 Strengthening governance, risk and compliance in the insurance industry
1
Strengthening governance, risk and compliance in the insurance industry is an Economist Intelligence Unit report sponsored by SAP. The Economist Intelligence Unit bears sole responsibility for this report. The Economist Intelligence Unit’s editorial team conducted the interviews and wrote the report. The fi ndings and views expressed in this report do not necessarily refl ect the views of the sponsor. Dan Armstrong was the editor of the report and Mike Kenny was responsible for layout and design. Our thanks are due to all of the survey respondents and interviewees for their time and insights.
February 2009
Preface
© Economist Intelligence Unit Limited 2009Strengthening governance, risk and compliance in the insurance industry
2
Strengthening governance, risk and compliance in the insurance industry
Insurance companies have long struggled to gain greater effi ciency and transparency in their fi nancial processes through automation and process redesign. Their efforts have generally been focused on the
negative goals of controlling costs, reducing sudden fi nancial shocks and avoiding regulatory sanctions. However, some companies are discovering that a more integrated approach to managing fi nancial processes can be a source not only of effi ciency but also of strategic advantage.
Many companies are aiming at achieving that added value through governance, risk and compliance (GRC) initiatives, which embed rules, processes and controls in keeping with a carrier’s operating policies and strategic objectives. These measures provide greater transparency into day-to-day operations, help to identify potential risk exposures, and enable companies to react in a timely fashion to emerging risks. GRC is characterised by effi ciency and accuracy, but can also add the dimension of providing a synoptic picture of risk to support strategic decision-making.
That sort of insight has become suddenly much more important in 2009, in the wake of a fi nancial crisis that could just as accurately be termed a risk management crisis. While strict solvency requirements helped the insurance industry to weather the crisis better than their counterparts in banking and securities, some insurers did encounter unforeseen exposures in their investment portfolios, the consequences of which are yet to be fully realised. There is little question that many insurers lacked the capability to develop a comprehensive picture of risk exposure at a corporate level, comprising credit, market and operational risk.
Moreover, insurers operating in the European Union face challenges stemming from the updated set of regulatory requirements known as Solvency II. The Supervisory Review Process of Solvency II aims to identify institutions with fi nancial, organisational or other features that result in a higher risk profi le. Because the authorities will review fi nancial processes as well as governance and capital reserves, it will be necessary to know who know who participates in each process, what the person does, and the results of the process.
The problem with autonomyAchieving a unifi ed enterprise view of fi nancial process remains an almost quixotic goal in much of the insurance industry because of the operational autonomy of business units. Even in companies that enjoy a high degree of process automation, consistent use of practices and tools across the enterprise
© Economist Intelligence Unit Limited 2009 Strengthening governance, risk and compliance in the insurance industry
3
is rare. As Figure 1 shows, insurers struggle with complex procedures, inconsistent methodologies and incompatible technology. In order to produce a complete fi nancial picture on which to base decisions, survey respondents report the need to reconcile inconsistent or redundant data from disparate sources.
To some degree insurers are more concerned about the risks of improving their processes than the risks those processes can reveal, as illustrated by Figure 2. Nearly half of the respondents cited high cost as a barrier to standardising and automating fi nancial processes. They also reported diffi culties caused by the complexity of modeling fi nancial process and the incommensurability of regulatory regimes within different lines of business. Responses also showed that the siloed organisational structure of insurance companies made securing buy-in from line-of-business managers more diffi cult than corporate-level leadership.
Securian Financial, a $2.8 billion US life insurer based in Minnesota, eased its transition to an economic capital-based approach to risk management by enlisting business managers into working
About the survey
In 2008 and early 2009, on behalf of SAP, the Economist Intelligence Unit surveyed 446 senior executives from ten industries about their views on their fi nancial processes and their attempts to improve them. Of this total, 58 came from the insurance industry (both life and property and casualty). It is
these insurance executives upon which this paper is based. Of these respondents, 30% hailed from Europe, 25% from North America and 20% from the Asia/Pacifi c region. Over half worked for companies with annual revenues in excess of $1bn. One-third have positions in the C-suite and another 24% came from the VP level or higher. Most respondents served in the fi nance, risk management, strategy, business development or operations functions.
Complex procedures which are difficult to model or automate
Inconsistent methodologies around the organisation
Incompatible technology (eg, customised spreadsheets, databases and commercial products)
The need to reconcile inconsistent or redundant data from multiple sources
Boundaries between departments, with departmental managers trying to hold on to authority
Too many manual processes
Controls which are too numerous or restrictive
Portions of the process depend on individuals who are not always available
Lack of visibility and accountability
The need to document audit trails
Other
Figure 1: Insurers struggle with complexity, inconsistency and incompatibilityWhat are the biggest problems with your current financial processes? Select up to three. (% respondents)
Source: Economist Intelligence Unit survey, 2009.
36
36
33
33
29
29
21
19
16
12
5
© Economist Intelligence Unit Limited 2009Strengthening governance, risk and compliance in the insurance industry
4
groups on key topics. “Our approach was to work with them to achieve ‘quick wins’ demonstrating the advantages of the new way of measuring risk and value,” says Vice President and Chief Actuary Leslie Chapman. “For example, we formed an asset/liability management group. We have found that by having every business line actively engaging in dialogue has help drive buy-in.”
Chapman credits a combination of corporate risk management culture and the power of automation in enabling Securian to more precisely measure and project risk exposure. By building a platform allowing a view of risk from an economic capital perspective, the company is able to see the impact of decisions from multiple perspectives, which simultaneously enables more secure and more opportunistic management of risk.
“We have enhanced our fi nancial processes and reporting over the years so that we can spend less time quantifying and more time analysing,” comments Chapman. “We couldn’t do this at all without automation. But the value is multiplied as we get faster, enabling us to spend more time on decision-making, which results in higher-quality decisions.”
Securian is clearly not alone in its appreciation of the potential benefi ts of more automated fi nancial processes as demonstrated by survey respondents’ reports of the benefi ts their companies have enjoyed (Fig. 3). Respondents say that higher levels of automation have yielded faster processes with fewer errors while at the same time requiring less staff to manage them. By embedding risk assessments into fi nancial processes, two-thirds of respondents’ enjoyed greater effi ciency and over 80% reported higher-quality decisions.
Enhancing data integrity
Cutting back on manual processes, decreasing risk of error
Freeing staff from routine number-crunching, redeploying into higher-value activities
Meeting compressed deadlines/improve response time
Reducing costs
Better visibility into origin of numbers and how they are calculated
Standardisation of methodologies around the enterprise
Higher productivity
Able to set risk thresholds, data access and other controls centrally
Better compliance with regulatory requirements
Able to identify and resolve bottlenecks
Fewer opportunities for fraud
Other
Figure 2: Insurers want to improve data integrity and cut back on manual processesWhat would be the biggest benefits of an initiative to standardise and automate your financial processes? Select up to three. (% respondents)
Source: Economist Intelligence Unit survey, 2009.
50
48
43
34
24
17
16
16
12
10
9
3
2
© Economist Intelligence Unit Limited 2009 Strengthening governance, risk and compliance in the insurance industry
5
Despite these successes, very few insurers have overcome either the cost and diffi culty barriers to achieving enterprise GRC capability. Few companies have developed the discipline of balancing asset and liability risk and tend to manage these portfolios independently. Most insurers continue to manage “through the rear-view mirror,” attempting to predict the future solely on past performance, often on the basis of stale reports. Few companies can produce accurate, near-real-time information to support decision-making, and fewer still have mastered scenario analysis and regular risk stress-testing. While insurers have become very comfortable with many tools and technologies within operational silos, the industry at large has not invested in the capabilities needed to correlate all of its risk exposures and track their interdependencies.
The value of aligned processesWhile manual processes present opportunities for error, slow the distribution of vital information and keep executives from higher-value tasks, the dichotomy of good versus bad management is more important than that of manual versus automated processes. Automation is key to competing at an accelerated pace of business. But sound manual practices reveal the full potential of GRC. In any case, successful GRC initiatives will not mean the total abolition of manual processes.
“I am less concerned about manual processes than having an aligned approach to risk management across the overall organisation,” observes Axel Lehman, chief risk offi cer of Zurich Financial Services, a $55 billion company that does business in more than 170 countries. “Whether I get risk reports from Japan or South Africa, I want to know that like risks are reported in the same way.”
That degree of uniformity is impossible without a commitment to risk management as a corporate priority from top management. From the management level, risk culture must be instituted throughout every level of the organisation, in order to fully understand risk both at local and corporate levels.
“Companies need risk aggregation capabilities in place that allow them to look at risk in an aggregated, enterprise-wide view,” comments Lehman. “One of the essential lessons of the fi nancial crisis is the need for a holistic view of risk.”
Risk management begins at Zurich with a board risk committee, followed by the CEO, who is ultimately
-70 -60 -50 -40 -30 -20 -10 0 10 20
Number of poor-quality decisions
Audit costs
Control errors
Time required
Headcount
Figure 3: Insurers say automation yields greater speed, lower costs and better decisions
Percentage reporting decrease as a result of process automation
Percentage reporting increase as a result of process automation
Source: Economist Intelligence Unit survey, 2009.
© Economist Intelligence Unit Limited 2009Strengthening governance, risk and compliance in the insurance industry
6
responsible for risk management. As chief risk offi cer, Lehman shares risk management with other members of the executive team, who in turn work with business unit leaders, who are responsible for observing risk management procedures and standards while retaining the independence they need to function as business managers.
Zurich has implemented a Risk Modeling Platform with the ability to tap into other information systems and reconcile information. That gives the insurer the ability to understand local risks and aggregate them up through various levels of the organisation. Zurich has also instituted what it calls Total Risk Profi ling, which identifi es and records risk at all levels of the organisation, and it has implemented an economic capital framework to project return on risk-based capital in the company’s strategic decision-making.
Too often insurers limit their risk management activities to the negative goals of protection, reducing earnings volatility, protecting the capital base and otherwise insulating the franchise from negative surprises, Lehman believes. He regards that approach as necessary but not suffi cient. “Risk management in a well-managed company is used to support profi table risk-taking and growth,” he says. “It is not only about being aware of the risk exposure, but strategically shaping the risk/return profi le of the organisation.
© Economist Intelligence Unit Limited 2009 Strengthening governance, risk and compliance in the insurance industry
7
Insurance companies were among the original adopters of information technology, and their actuaries, underwriters and accountants have demonstrated interest and even mastery in the use of a broad
range of technological tools in recent times. However, the traditional independence of business lines and the functions within them have contrived to render the insurance industry a laggard in process automation even in the core functions of governance, risk management and compliance that have special importance in a highly regulated industry dedicated to the profi table transfer of risk. Moreover, when insurers have adopted technology to upgrade governance, risk and compliance processes, the focus has been on reducing costs and increasing effi ciency rather than providing an integrated picture of risk to support better decisions. Cost reduction is still a compelling argument for moving forward, especially in a stagnant economy. But the less heralded benefi ts—which ultimately may be more important—have to do with improving the quality of decisions.
Companies have managed to be profi table despite their dependence on manual processes, but as the pace of business accelerates, the speed and effi ciency afforded by automation becomes more important. Even more important is the need to have an enterprise-wide picture of risk and the ability to identify and react to emerging risks. Risk is opportunity for insurers, but they need a tighter grip on their overall portfolio of risk with the emergence of new and imperfectly understood risks, such as those associated with the fi nancial markets, rapid change in laws and regulations, information security vulnerability, climate change, political instability and terrorism.
An example of how fi nancial process integration can generate returns rather than simply reduce costs might be the effort by property and casualty insurers to target home and auto insurance policies by location. Underwriting guidelines have long distinguished among risks in different postal codes. Adding precise elevation data by latitude and longitude allows insurers to go further and target, for instance, high-elevation addresses in a postal code dominated by a fl ood plain. Similarly, a life insurance company might be able to quickly model and price the actuarial effects of, for instance, a widespread outbreak of avian fl u. Companies that integrate risk, pricing, location and sales activities should be able to “cherry pick” high-margin, low-risk underwriting opportunities.
Ultimately risk management is about management, not modeling. In the end, technology supplies input for decision-making, not the decisions themselves. Nevertheless, with a holistic implementation of GRC, governance risk and compliance are consistently defi ned, closely linked and embedded throughout the organisation through end-to-end processes and controls. Well-designed automated processes effi ciently integrate fi nancial reporting, compliance and risk monitoring into daily operations. Furthermore, they afford greater ease of modifi cation, giving insurers the ability to react to changes in the marketplace. Finally, they not only reinforce the protective aspects of risk management but they also provide the basis for strategic risk management as an engine of profi tability.
Conclusion
8
Economist Intelligence Unit 2009AppendixSurvey results: Insurance respondents only
Strengthening governance, risk and compliance in the insurance industry
AppendixSurvey results: Insurance respondents only
Complex procedures which are difficult to model or automate
Inconsistent methodologies around the organisation
Incompatible technology (eg, customised spreadsheets, databases and commercial products)
The need to reconcile inconsistent or redundant data from multiple sources
Boundaries between departments, with departmental managers trying to hold on to authority
Too many manual processes
Controls which are too numerous or restrictive
Portions of the process depend on individuals who are not always available
Lack of visibility and accountability
The need to document audit trails
Other
What are the biggest problems with your current financial processes? Select up to three. (% respondents)
36
36
33
33
29
29
21
19
16
12
5
High level of investment required
Difficulty of getting buy-in from business lines/regions
Difficulty of modeling complex financial processes
Multiple regulatory regimes make compliance rules unique by business and/or region
Difficulty of getting buy-in from senior management
Organisation is too diverse in its business lines
Business model and operations are unique
Financial processes are sufficiently fast, efficient and accurate now
What would be the biggest drawbacks of an initiative to standardise and automate financial processes? Select up to two.(% respondents)
47
28
26
24
21
17
14
7
Enhancing data integrity
Cutting back on manual processes, decreasing risk of error
Freeing staff from routine number-crunching, redeploying into higher-value activities
Meeting compressed deadlines/improve response time
Reducing costs
Better visibility into origin of numbers and how they are calculated
Standardisation of methodologies around the enterprise
Higher productivity
Able to set risk thresholds, data access and other controls centrally
Better compliance with regulatory requirements
Able to identify and resolve bottlenecks
Fewer opportunities for fraud
Other
What would be the biggest benefits of an initiative to standardise and automate your financial processes? Select up to three. (% respondents)
50
48
43
34
24
17
16
16
12
10
9
3
2
Economist Intelligence Unit 2009 AppendixSurvey results: Insurance
respondents only
Strengthening governance, risk and compliance in the insurance industry
9
Increase level of automation for processes in general
Prioritise controls based on risk assessments
Increase level of automation for internal controls
Realign segregation of duties
Reduce redundancies
Other
We have not attempted to improve our financial processes
In the past five years, which of the following tasks has your organisation attempted to address by improving its financial processes? Select all that apply.(% respondents)
76
50
48
43
34
3
2
Much higher Higher No change Lower Much lower Don’t know
Headcount
Time required
Control errors
Audit costs
Number of poor-quality decisions
What improvements, if any, have resulted from these attempts? Increase level of automation for processes in general(% respondents)
7 11 32 48 2
2 11 14 57 14 2
7 7 16 56 9 5
5 9 43 25 5 14
2 7 25 45 7 14
Much higher Higher No change Lower Much lower Don’t know
Headcount
Time required
Control errors
Audit costs
Number of poor-quality decisions
What improvements, if any, have resulted from these attempts? Increase level of automation for internal controls (% respondents)
4 19 31 42 4
19 19 48 15 0
19 11 44 22 4
4 11 44 22 7 11
8 20 48 8 16
Much higher Higher No change Lower Much lower Don’t know
Headcount
Time required
Control errors
Audit costs
Number of poor-quality decisions
What improvements, if any, have resulted from these attempts? Reduce redundancies (% respondents)
11 11 21 53 5 0
11 11 11 53 11 5
6 11 17 56 6 6
6 11 50 17 17
6 28 39 6 22
10
Economist Intelligence Unit 2009AppendixSurvey results: Insurance respondents only
Strengthening governance, risk and compliance in the insurance industry
Much higher Higher No change Lower Much lower Don’t know
Headcount
Time required
Control errors
Audit costs
Number of poor-quality decisions
What improvements, if any, have resulted from these attempts? Realign segregation of duties(% respondents)
4 25 38 25 8
21 33 38 8
22 30 39 4 4
22 57 17 4
5 55 32 5 5
Much higher Higher No change Lower Much lower Don’t know
Headcount
Time required
Control errors
Audit costs
Number of poor-quality decisions
What improvements, if any, have resulted from these attempts? Prioritise controls based on risk assessments (% respondents)
21 59 14 7
28 28 41 3 0
11 25 61 4 0
3 17 31 31 3 14
7 17 59 3 14
79
17
3
Yes
No
Don’t know
Does your organisation regularly include risk evaluations as part of its financial processes? (% respondents)
Much better Better No change Worse Much worse Don’t know
Quality of decisions
Efficiency of processes
Prioritisation of controls
What are the results of these risk evaluations? (% respondents)
11 72 17
6 53 36 6
17 53 28 3
Economist Intelligence Unit 2009 AppendixSurvey results: Insurance
respondents only
Strengthening governance, risk and compliance in the insurance industry
11
United States of America
United Kingdom
South Korea
Canada
Nigeria
Brazil
China
India
Netherlands
Switzerland
Australia
Belgium
Croatia
Czech Republic
Denmark
Germany
Ghana
Hong Kong
Hungary
Israel
Kenya
Latvia
Mexico
Poland
Puerto Rico
South Africa
Spain
Thailand
Turkey
Zimbabwe
In which country are you personally located?(% respondents)
20
9
7
5
5
4
4
4
4
4
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
4
4
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
30
25
20
14
7
4
Western Europe
North America
Asia-Pacific
Middle East and Africa
Latin America
Eastern Europe
In which region are you personally based? (% respondents)
100Financial services
What is your primary industry? (% respondents)
100Insurance
In which sub-sector of financial services does your organisation belong? (% respondents)
12
Economist Intelligence Unit 2009AppendixSurvey results: Insurance respondents only
Strengthening governance, risk and compliance in the insurance industry
26
19
16
19
19
$500m or less
$500m to $1bn
$1bn to $5bn
$5bn to $10bn
$10bn or more
What are your organisation’s global annual revenues in US dollars? (% respondents)
Board member
CEO/President/Managing director
CFO/Treasurer/Comptroller
CIO/Technology director
Other C-level executive
SVP/VP/Director
Head of Business Unit
Head of Department
Manager
Other
Which of the following best describes your job title?(% respondents)
2
10
16
0
5
24
12
14
12
5
Finance
Risk
General management
Strategy and business development
Marketing and sales
Operations and production
Customer service
IT
Human resources
R&D
Information and research
Legal
Procurement
Supply-chain management
Other
What are your main functional roles? Please choose no more than three functions.(% respondents)
45
40
34
29
16
14
12
7
5
5
3
0
0
0
3
Whilst every effort has been taken to verify the accuracy of this information, neither The Economist Intelligence Unit Ltd. nor the sponsors of this report can accept any responsibility or liability for reliance by any person on this white paper or any of the information, opinions or conclusions set out in the white paper.
LONDON26 Red Lion SquareLondon WC1R 4HQUnited KingdomTel: (44.20) 7576 8000Fax: (44.20) 7576 8476E-mail: [email protected]
NEW YORK111 West 57th StreetNew York NY 10019United StatesTel: (1.212) 554 0600Fax: (1.212) 586 1181/2E-mail: [email protected]
HONG KONG6001, Central Plaza18 Harbour RoadWanchai Hong KongTel: (852) 2585 3888Fax: (852) 2802 7638E-mail: [email protected]