The pace of change for insurers is accelerating, with incumbents and start-ups pursuing digital innovations across the value chain. This digital revolution changes the nature of the risks being managed, but also presents opportunities to evolve how the risk function operates.
New and changing risks
Implementing digital technologies within insurers is changing the risks which need to be identified, measured and managed. Below we give some examples and perspectives on how the risk landscape is evolving.
Conduct risk
Using robo-advice to sell life insurance fundamentally changes the nature of conduct risk. Whilst it can help to ensure more affordable, consistent financial advice (reducing idiosyncratic mis-selling and the frequency of misconduct) there is also the risk that an algorithm could systematically mis-sell, especially if regulations change, increasing the severity of misconduct if large numbers of customers receive inappropriate outcomes. Future front office applications of machine learning, e.g. intelligent ChatBots, will pose further conduct risk management challenges.
Compliance risk
Using new data sources in combination with advanced analytics has the potential to help better price risk, and better prioritise new business acquisition and cross-sales. However, it also introduces the risk of inadvertently using inappropriate risk factors in pricing and underwriting, for example, risk factors selected via machine learning could simply be acting as a proxy for gender. Furthermore, compliance risks associated with the use of third party data will only be exacerbated by the introduction of the General Data Protection Regulation (GDPR) in 2018.
Cyber risk
The increasing reliance on data and the increasing interconnectivity of systems means cyber risk is also rising. Insurers need to take a holistic approach to cyber security and risk management; including building defensive capabilities against the cyber "kill chain" (prepare, prevent, detect, respond and recover). More work is needed to understand cyber risk exposure, including stress tests to measure the impact of large scale simultaneous cyber claims, and assessing the scale of hidden exposure / "non-affirmative risk" where cyber risk is unintentionally covered by regular policies.
People risk
As the pace of digital change accelerates, insurers need to consider the skillsets required of their employees across the business and the extent to which staff will need to be retrained to adapt to the "Fourth Industrial Revolution". This also applies to the capabilities required within the risk function, including an increased need for staff with a sufficient understanding of advanced analytics and data science, and the skills to act as influencers or advisors within the company.
Operational risk
The automation of policy administration and claims management has already achieved significant cost savings and efficiency gains for many insurers. However, the need for automation approaches to remain "future proof" results in a new universe of operational risks to be identified, measured and managed. Furthermore, taking automation to the next level whereby claims are assessed, processed and paid almost immediately using rules based decision-making and image recognition-based damage assessments, could increase the risk of poor financial or conduct outcomes occurring systematically.
Finally, the move towards more sophisticated and automated approaches, in particular the use of artificial intelligence, raises questions around the lack of visibility of how decisions are being made. This can already be seen in the move from rules based automation to machine learning techniques for some high volume areas such as medical claims. Risk functions or regulators may ask "Who controls the robots?" or at least challenge how these robots/algorithms/models can be effectively validated.
Opportunities for insurer risk functions
Digital technologies can also be used within the risk function to help identify, measure, monitor and manage risk. They can also reduce costs and increase process efficiency, and to facilitate improved risk-based decision making.
Improved identification and measurement of risk
Introducing new data and analytical approaches (e.g. big data and artificial intelligence) to better measure and manage risk:
Using new data sources combined with machine learning approaches to better understand insurance risks such as mortality risk and lapse risk
Cross-industry collaboration on the measurement and management of cyber risk, such as industry-wide data standards
Using new data sources to better predict or monitor emerging non-financial risks, such as social listening to monitor and measure exposure to emerging political risks
Improved efficiency
Adopting new technology (e.g. robotic process automation and mixed speed data processing architecture) to lower costs and improve process efficiency:
Using modular systems and cloud-based architecture to enable consistent use of centralized models across the organization and to help reduce costs
Using automation and more efficient open-source coding approaches to streamline risk modelling data collection, data cleaning, data validation and calculation processes
Using algorithms to automatically produce documentation containing repetitive tests and charts, including natural language algorithms to intelligently describe analyses
Using mixed speed processing solutions to enable full bottom-up “stochastic on stochastic” balance sheet calculations in short time frames, offering potentially the next step in Solvency II modelling
Faster and more informed decision making
Adopting new technology (e.g. secure cloud-based architecture and open source coding tools) to improve the frequency and quality of reporting, and to facilitate faster and better decision making:
Digital risk dashboards with web or app-based delivery, allowing interactive drill-downs, dynamic updating with (close to) real time data, and more flexible “what-if” stress testing and scenario capabilities; helping to better engage senior stakeholders and provide quicker access to information
Improved links between front-line capital deployment (i.e. product sales or investment activities) and back-end capital management (i.e. risk appetite and measurement) through digitizing processes to support "real time" efficient capital allocation
Preparing for change
In order to keep pace with the change ahead, risk functions need to understand the digital strategy and innovations being implemented across their organisations so that they can recognise, plan for and respond to new risks and the changing risk profile of the business. Furthermore, risk functions should already be prioritising how they can leverage digital technologies to better manage risk, to perform activities more quickly and at lower cost, and to facilitate becoming a more strategic advisor to the business.