Insurers appear to be increasingly anxious about their ability to manage risk across their lines of business, and much more concerned about regulation, according to Wolters Kluwer’s new Regulatory and Risk Management Indicator survey of U.S. companies.

Among the major findings:

  • The level of regulatory and risk concerns rose to a score of 99 in 2017, compared to 97 in 2015, when the last Indictor survey took place.
  • Anxiety is on the rise among insurers. About 56 percent of respondents in the 2017 survey said they’re anxious about their companies’ ability to manage risk across all lines of business, up 14 percent from 42 percent in the 2015 survey.

“While overall compliance concern levels rose only slightly compared to the previous Indicator scores, the ability to keep pace with the continued growing burden of regulations clearly remains a very real challenge facing insurance companies,” Chuck Ross, vice president and general manager for Wolters Kluwer’s Compliance Program Management business, said in prepared remarks. “Moreover, the significant upward leap in risk management anxiety indicates that many insurers are nowhere near a manageable comfort level when talking about their organizations’ relative risk exposure.”

Despite positive strides taken by many insurers since 2015 to better manage organizational risk, the findings showed a considerable gap in respondents’ perceived focus on fundamental compliance program management elements versus actual planned investments. This disconnect was most noticeable for regulatory change management, with a 37 percent gap; regulatory insight capabilities, a 36 percent gap; and risk and control assessments, which revealed a 30 percent gap.

“While our survey doesn’t measure why risk management concerns have spiked,” noted Ross, “it is very likely that the wave of high-profile media stories detailing data breaches, hacking, and other risk control failures across the financial services sector has contributed to insurers’ heightened angst about their ability to manage risk.”

Other survey results:

  • 67 percent of respondents said that they see cybersecurity as getting an escalated or higher priority in the next 12 months. Coming in second was regulatory risk, at 43 percent, followed by data governance at 39 percent. IT risk and operational risk followed at 34 percent and 30 percent, respectively.
  • 44 percent of respondents said they have an integrated, strategic enterprise risk management program in place actively used by all departments, up from 35 percent in 2015.
  • About 44 percent of respondents said their organization uses a centralized risk register to monitor risks.
  • Additional findings showed that smaller organizations were less likely than global organizations to have a “robust” risk program. As well, the survey found that executives are more likely than others to see their firm as having a well-defined process, but not an overall risk program.

The Indicator was conducted nationwide in July 2017 and generated 377 responses this year, covering the period between July 2016 to June 2017. Respondents are from the P/C, life and health insurance sectors.

For more details on the 2017 Indicator results, go to