With regulatory requirements intensifying and endless technological advances, senior risk management executives for property/casualty insurers face a complex and shifting landscape.
As a result, many firms have enhanced their risk management capabilities and centralized previously dispersed functions and teams. Others have focused on meeting baseline regulatory requirements in the simplest and most efficient ways.
With the first year of the Own Risk and Solvency Assessment (ORSA) now complete, it’s a good time to take stock of the current state of risk management in the P/C insurance sector. The thoughts below largely reflect inputs received during EY’s 2016 Insurance Chief Risk Officer (CRO) Survey, where we talked with more than 30 senior risk management leaders from across the industry, including many from leading P/C carriers. (Full results will be released later this summer.)
Certainly, the developments of the last several years have reshaped each of the classic components of risk management, leading to a new enterprise orientation of the risk management discipline. Consider risk appetite setting. Historically, P/C companies have clearly defined their underwriting limits by product line, business unit and territory and have carefully monitored their limits on aggregate exposures (by geography, risk type, etc.). But only recently have these limits been formalized and presented to boards as part of holistic risk management frameworks. Risk tolerances and limits are just starting to be linked and stress-tested or incorporated into dynamic capital models.
NAIC mandates for ORSA were obviously the driver of the increased documentation and reviews by senior management and the board. However, progress has been uneven and unpredictable. For instance, some companies lack full-time CROs or have small risk teams that play only coordinating or information-gathering roles. At other firms, CROs are viewed as essential members of the senior leadership team.
At many P/C insurers, risk mitigation takes the form of extensive and complex reinsurance programs. These programs—which may apply a variety of quota-share, excess-loss, stop-loss and other types of treaties—are managed by in-house expert teams working closely with global reinsurance brokers to ensure aggregations remain within limits. Companies developing new and more holistic risk management frameworks often build out from existing aggregation management and use reinsurance modeling as the foundation for enterprise-wide capital models.
When it comes to risk measurement and quantification, the directional trend points clearly toward more complex stress testing or full dynamic financial models. Some companies have unsophisticated models that were developed five or 10 years ago, leading them to question whether these are appropriate to support new risk management approaches or to span all of today’s risks.
The same holds true for risk reporting. Although state regulators have not been highly focused on risk reporting to date, it is not difficult to see how future requirements will call for more granularity, accuracy and frequency. Here again, ORSA has provided an impetus for carriers to establish risk reporting to senior management and the board, if no such processes were in place previously.
A New Set of Questions
Participants in EY’s Insurance CRO Survey made clear that these questions are taking an increasing amount of their attention and that individual insurers will have unique answers.
Looking Ahead: Evolution Toward Enterprise Risk Management
As they seek answers going forward, P/C insurers are very likely to continue maturing their capabilities and expanding their views of risk to see potential impacts across and at various levels of the organization. As second-line functions increasingly come together, CROs will likely be responsible for more risk management functions and activities, including:
In this sense, the long-term evolution is leading to what can truly be called enterprise risk management.