The Role of Risk Management

CROs Gaining Authority, Survey Finds

The roles of insurance sector CROs are expanding.
By: | May 12, 2015

The forces of change are continuing to reshape the insurance industry and its chief risk officers (CROs) are at the forefront of that change, reports Ernst & Young Global, aka EY.

The professional services multinational just published its fifth annual survey of CROs in the insurance sector. Conducted between December 2014 and February 2015, the survey canvasses views from various senior risk executives at 20 North American insurance companies, with life, P&C and multi-line insurers all represented.

The findings show that “the most profound forces of change” are reflected in an evolution of the CRO role. They have greater authority, are assuming greater responsibilities and gaining an enhanced profile across the organization, with effective risk management increasingly regarded as contributing to market success.

Ways in which this enhanced profile is evidenced include direct participation on key strategic business matters, larger staffs than before and a wider use of stress testing. Nearly three in four CROs told EY that their department had expanded in the past year.

Along with more stress tests, additional staff are needed for operational risk, the own risk and solvency assessment (ORSA) and model risk management. Risk management today is closely “integrated with the business, rather than being an afterthought,” according to one survey respondent.

The report identifies three current key themes cited by CROs:

Capital Standards Still Confuse

The lack of common accounting standards and capital measures makes it difficult to compare performance and solvency across companies. Insurers employ various capital measures, many specific to the company, to analyze their risk exposures over a range of time periods and under different normal and adverse scenarios. The quantitative impact survey (QIS) launched last September by the Federal Reserve Board and field testing by the International Association of Insurance Supervisors (IAIS) persuaded several companies to consider new approaches to regulatory capital treatment.

Expanding risk management capabilities and the hiring of more risk staff confirms that it has become a team activity, played across and at every level of the enterprise.

More Regulations and Intrusive Regulatory Oversight

CROs from insurers not already regulated by the Federal Reserve Board accept, grudgingly, that they will also come under its spotlight. Until recently these CROs were confident that current state-based requirements would remain unchanged, but now accept that the two regulatory regimes, with different risk management standards, will probably converge around more stringent guidelines.

Risk Management Is a Team Sport

The 2015 survey shows CROs spending more time and effort on integrating risk management practices into the business. For some, the risk management function’s value is chiefly measured through its integration with the business. Expanding risk management capabilities and the hiring of more risk staff confirms that it has become a team activity, played across and at every level of the enterprise.

Past and Future Challenges

Asked to identify the main risk challenges currently occupying the insurance industry, 40 percent of CROs surveyed cite the slew of regulation and pending common capital standards. Although a distant second, 14 percent picked cyber risk, showing the CRO’s agenda now extends beyond financial risk. Easing concerns over interest rates and the economy as well as renewal of the Terrorism Risk Insurance Act (TRIA) saw both dip from a year ago to 13 percent and 10 percent respectively. Lingering worries that TRIA might not be extended was subsequently resolved at the end of January. Competition and pricing levels also scored 10 percent.

Looking ahead to the main risk challenges of the next 12 months, 28 percent of CROs surveyed cited capital modeling and stress testing. Three tasks: establishing an enterprise risk management (ERM) framework and governance; integration and transparency; and assessing risk appetite each attracted 15 percent, while both emerging risks and operational risks were cited by 9 percent. Still a high priority a year ago, ORSA has since fallen off the list as many institutions have since participated in one of the three pilots or produced an ORSA draft.

Longer-term, insurance industry CROs expect greater authority and accountability, increased influence and broader interaction over the next few years, with their role becoming more visible and more accountable as it becomes better defined. In the meantime, they are focused on performance and creating value for the business. As one respondent commented, “we are spending less time on defining and debating the role and approach and more time on executing our risk plan.”

Graham Buck is a UK-based writer and has contributed to Risk & Insurance® since 1998. He can be reached at riskletters.com.

More from Risk & Insurance