The risk landscape is changing faster than ever. Insurers are at the forefront of helping their policyholders manage risk. Therefore, it is critical that insurers adapt and evolve their own approach to managing risk in an increasingly interconnected, fast-moving and volatile world.
LCP has explored the drivers of change and the ways in which the risk function needs to evolve in our “Risk Function of the Future” report, based on conversations with over 50 CROs from across the market. This article summarises some of the key themes from our research.
The changing risk landscape
Our research identified five key “megatrends” which already influence the risk landscape today and which we expect to drive the most change over the next decade. These are:
- AI and technology
- Geopolitical risk
- ESG (including climate change)
- Social and cultural change
- The Interconnected world
We found that most risk teams were alert to the first three of these trends and were proactively taking steps to address them, even if their risk response was at an early stage. In contrast, there was a risk that challenges related to social trends and interconnections between risks were flying under the radar.
What are the key social / cultural trends and interconnection risks that insurers face?
On social and cultural trends, CROs are currently concerned with people risks such as changing workforce expectations and a changing relationship with their customers. These also closely link to social media amplification and the potential for increased reputational risk.
Longer-term challenges include managing public perceptions of the overall insurance industry, dealing with public interest issues such as protection gaps, and managing long-term people like wealth gaps and an aging workforce.
Social media amplification is also a prominent example of the growing interconnection between risks. In the past, an operational risk such as claims system downtime would be contained, but increasingly it risks becoming a reputational risk through social media fallout and then a financial risk if consumers vote with their feet.
Other examples of interconnection risk that CROs highlighted include global supply chain risks, as well as a combination of cyber risk and dependency on critical (often outsourced) IT infrastructure, such as cloud computing environments.
So what does the risk function of the future look like?
Our vision for the risk function of the future is a team that fuses human judgement with technology and AI to produce value‐adding business insights efficiently. 60% of CROs see better automation of risk work as a key development priority – and we agree. We believe that AI and automation can help:
- Automate routine data ingestion and analysis
- Collect unstructured data for the risk team to analyse through AI and machine learning
- Produce custom risk dashboards for stakeholders
The objective of this is not to automate the risk function and create a “robo-CRO” - but to free-up risk managers to spend significantly more time partnering with the business and embedding a good risk management culture.
Correspondingly, our research highlighted the importance of soft skills such as relationship building and communication to support that business partnering role.
Good culture cuts both ways. On the business side, it means ensuring that first line teams take responsibility for aspects of risk management and that they are comfortable raising challenges with the risk team. On the risk side, it means having a “how can we help” mentality, whereas all too often the conversation at the moment is more about “how can we stop”.
Strategic CROs
The risk function of the future will be led by a strategic CRO who helps create a clear link between risk and strategy. Strengthening that link is essential if the risk function is to help businesses address long-term evolving risks like climate change and geopolitical evolution.
Being a strategic CRO means having a seat at the table for early-stage strategic decision-making. Being asked to provide a rubber stamp from a risk perspective at the end is no good!
Other qualities of strategic CROs include:
- giving clear and justified opinions on risk matters
- being trusted by the board, NEDs and other executives
- and being able to take a balanced view between taking and avoiding risk.
Levelling up your risk team
Risk teams need to evolve to support the business in the long term, but it’s easy to face decision paralysis when faced with a large number of strategic changes.
We recommend breaking the recommendations down into workstreams and taking a phased approach to each. For example, automating routine data ingestion and monitoring could begin with a small-scale pilot such as automating the regular KRI dashboard. Similarly risk leaders can’t position themselves as “strategic CROs” overnight, but can take steps to strengthen board relationships and seek opportunities to provide planning input.
Overall risk teams that embrace change and manage it proactively will be best able to keep pace with changing times, ensuring they give the business the best chance of success.
This article was originally published in Actuarial post in January 2024