The evolving risk landscape
Findings from the World Economic Forum’s 2017 Executive Opinion Survey[1], a poll of 12,400 executives across 136 countries, illustrate the changing profile of global risks. Within the next 10 years, economic risks such as high unemployment (#1), fiscal crises (#2), energy price shocks (#4) or financial institution failures (#6) remain of high concern; however, other non-economic risks such as national governance failures (#3), social instability (#5) or large cyberattacks (#8) are of increasing significance.
Growing concern around these risks is perhaps unsurprising given the recent history of election and referendum surprises across the globe, increasingly nationalistic sentiments and authoritarian leadership. High profile and well publicised incidents, such as alleged state-affiliated attacks on critical infrastructure or the Equifax data breach, have most likely contributed to large cyberattacks being the largest climber (up three places) in the global top 10 risks.
Insurers need to be confident that their processes around identifying, prioritizing, understanding (as far as possible) and measuring such emerging risks are sufficient
Insurers need to be confident that their processes around identifying, prioritising, understanding (as far as possible) and measuring such emerging risks are sufficient. In order to do so they should draw on a diverse range of sources for identifying emerging risks, and make use of forward looking analyses to understand their impacts. Furthermore, they should ensure that they have appropriate monitoring and early warning indicators in place such that they can manage and mitigate risks as they crystallise.
Regarding cyber risk, for many insurers which provide cyber cover, more work is required to understand their exposure. One example is performing stress tests to measure the impact of large scale simultaneous cyber claims. It is imperative that all insurers understand the scale of hidden exposure, or "non-affirmative risk", where cyber risk is unintentionally covered by regular policies. Furthermore, insurers need to take a holistic approach to cyber security and risk management, including the consideration of outsourced activities, in order to protect their own data and that of their customers.
A variety of other evolving risks should also be on insurers’ radars. The nature of conduct risk is changing, in particular as the use of robo-advice increases in scale and sophistication over the coming decade. The use of new data sources combined with machine learning techniques poses new compliance risks. These will only be exacerbated for European insurers with the introduction of the General Data Protection Regulation (GDPR) in 2018.
Doing more with less
Against this backdrop, Risk functions are increasingly facing cost challenges from the business. For this reason, some of our clients are looking to benchmarking to understand where they may be over or underweight resources, while also factoring in the differing size and business models of insurance companies and the differing mandates of their Risk functions.
In addition to more ‘traditional’ cost saving initiatives such as offshoring or nearshoring of resources, insurers are also looking at how they can make use of new technologies to reduce costs and increase efficiency, or to improve the effectiveness of their Risk function.
Making better use of existing data or introducing new data combined with analytical approaches such as machine learning can help improve the measurement and management of insurance risks such as mortality risk and catastrophe risk. Furthermore, new data sources can be used to better predict or monitor emerging non-financial risks. An example is using ‘social listening’ (gauging sentiment from social media and other public data) to monitor and measure exposure to emerging political risks.
…insurers are also looking at how they can make use of new technologies to reduce costs and increase efficiency, or to improve the effectiveness of their Risk function
Adopting more efficient open-source coding approaches can help to lower costs and improve process efficiency, for example, through streamlining data collection, data cleaning, data validation and calculation processes for risk modelling. Algorithms can be used to automatically produce documentation containing repetitive tests and charts, including natural language algorithms to intelligently describe analyses.
The technology to deliver digital risk dashboards via web or app-based interfaces has been around for some time; however, not many companies have made this step. Such dashboards can now be dynamically updated with (close to) real time data, and can incorporate more flexible “what-if” stress testing and scenario capabilities. This enables better engagement with senior stakeholders and provides quicker access to information.
Solving the talent puzzle
Prognoses vary wildly regarding the impact of digital technologies on the workforce of the future, with the most sensationalist commentary talking about a "Fourth Industrial Revolution". What is clear is that there is a talent gap for individuals with the most prized skill-sets, and that many areas of the insurance value chain are considered to be at risk from automation.
Given this, insurers should take a strategic view of the people risk to their business by projecting skills requirements, quantifying gaps and thinking through how they might need to re-train parts of the workforce. This includes understanding the skillsets required of staff within the Risk function.
As the risk landscape changes, insurers will need to ensure they have access to sufficient expertise across a range of areas, which historically were considered less important
As the risk landscape changes, insurers will need to ensure they have access to sufficient expertise across a range of areas, which historically were considered less important. For example, in order to understand innovations being applied elsewhere in the business and to implement digital technologies themselves, Risk staff will need an increased understanding of data science and advanced analytics. This will equip them to provide effective oversight and challenge of the risks introduced by such techniques.
However, access to expertise does not necessarily need to be entirely in-house. It may be more flexible, efficient and effective to use a network of specialist third party providers, who supply focused expert reviews or analyses in specific areas, such as cyber risk.
Furthermore, to retain staff with key skills, insurers need to ensure their value proposition remains attractive. For the next generation of risk managers, remuneration is only one area of importance, and insurers should make sure they are competitive in other areas, including flexible working, corporate social responsibility, training and externship opportunities, mentoring, inclusion and diversity.
Future Success
To position themselves for future success, “next generation” Risk functions should ensure they have a sufficient understanding of emerging risks and in particular the impacts of ‘digitisation’ both inside and outside of their own organisation. In parallel they should look for opportunities to embrace new technologies to improve how the Risk function operates, while responding to the implications for talent management and resourcing.
[1] Marsh & McLennan Companies is a strategic partner of the World Economic Forum on the global risks agenda. Additional details and country-specific results from the WEF’s Executive Opinion Survey can be here:
http://www.brinknews.com/politics-cyber-rising-concerns-business-leaders/
http://www.mmc.com/content/dam/mmc-web/Global-Risk-Center/Files/executive-opinion-survey-2017-selected-results.pdf