Insurtech: Active approach to adopting a resilience mindset

By Gary Lynam
Firms need to be prepared for novel risks and changes in risk correlations, argues Gary Lynam, Director of ERM Advisory, Protecht Group

Pressures from regulators are triggering reviews of traditional risk areas for insurers. Considering the multiple external uncertainties facing insurers, it is important that firms take proactive steps to assess the adequacy of their risk management and control frameworks. Firms need to be prepared for novel risks and changes in risk correlations

On January 10th, the Bank of England’s Prudential Regulation Authority (PRA) wrote to chief executives of financial services companies setting out its “planned work for 2023”.  One of its top priorities is to see them improve their risk management and governance frameworks to build financial resilience. Here, we explore some of the implications of this initiative.

Organisations are not ‘risk-ready’

Conventional approaches to risk assessment in the insurance sector, such as relying on historical data to model risk, are not always prepared for new or unexpected risks. These approaches assume that the future will be like the past Confirmation bias effect means organisations are placing too strong an emphasis on the preventative control environment.

Instead, resilience managers are now encouraged to focus on impacts and recoverability, even once in a hundred-year events such as Covid-19 (extreme but plausible!). This shifts the mindset from ‘what if?’ to ‘assume failure’. Tell yourself that whatever theoretical calamitous event has actually occurred and map the fallout and your organisation’s response to it. This deconstructs the conversation to focus on the recovery plan, enabling us to ask: how would one adapt? Who would be responsible for what? How do we ensure the customer is at the hub of the decision-making process when disaster strikes?

From specific threat prediction to building resilience

According to the FCA guidance, this is a key focus for 2023. What happens when your Important Business Services (IBS)fails? This is the exam question. Currently, many companies lack the ability to effectively test their processes end-to-end, including third parties and suppliers, however, regulators expect a level of sophistication to be achieved in this area by 2025. Invest the necessary time and resources to test comprehensively and adopt the learnings quickly and seamlessly. This will build resilience and improve fault tolerance.

Enabling continuous risk monitoring through accurate and valid data

Operational resilience is focused on outcomes and the continual observation of the risk landscape. Begin by establishing clear risk management processes and procedures that are well-defined and consistently applied across the organisation. Define your range of data sources, including internal and external data, to develop a comprehensive understanding of the risks faced by the organisation and its policyholders.

Organisations, particularly large ones in the financial sector, struggle to implement comprehensive control assurance programmes due to the sheer volume and the vertical, siloed nature of the business. The key is to establish a centralised data repository to host gathered data. With valid and accurate data in place, use advanced analytics and machine learning techniques to analyse data in real-time, identify emerging risks, and assess the potential impact of those risks on the organisation. Then, develop risk scenarios and stress tests to evaluate the potential impact of different risk scenarios on the organisation's financial position and its ability to continue to provide coverage to its policyholders.

Finally, use risk dashboards and other business intelligence tools to provide regular updates on the organisation's risk exposure and risk management activities to key stakeholders, including senior management, the board of directors, and regulators. By taking these steps, insurance companies can create a more dynamic and responsive risk management framework that is better able to adapt to changing risk environments.

Building a future state of resilience

Third party management is another key theme for 2023. To create a future state of resilience where third parties are connected to the nerve centre of the business, it's vital to take a strategic and proactive approach to third-party risk management by following these guidelines:

  • Identify critical third-party relationships and assess the risks associated with those relationships, including assessing the third-party's ability to maintain continuity of operations and protect sensitive data.
  • Enable secure data-sharing to support testing scenarios.
  • Develop a framework for monitoring and managing third-party risk, including policies and procedures for due diligence, contract management, and ongoing monitoring.
  • Establish regular communication and collaboration with third-party partners, including regular updates on risk management activities and any changes in the risk environment.
  • Invest in technology and tools that can help automate and streamline third-party risk management, including monitoring tools and risk dashboards.
  • Foster a culture of collaboration and information-sharing across the organisation and with third-party partners, including sharing insights and best practices related to risk management.

These will help build a future state of resilience where third-party partners are fully integrated into the risk management framework and better able to contribute to the overall resilience of the business. Such an approach will help protect companies and their policyholders from a wide range of risks, including those that may originate from third-parties, helping them to meet the expectations set out in the PRA’s letter.

Gary Lynam

About the author:  Gary Lynam is the Director of ERM Advisory for Protecht Group


Featured Articles

Insurtech unicorn bolttech takes on extra $50m in funding

Insurtech unicorn bolttech has taken on an extra US$50m in funding from Leapfrog Investments as part of the insurtech's Series B extension

Allianz wants to 'lead by example' with new net-zero targets

Allianz has said it wants to "lead by example" after announcing ambitious new targets to make its investment and underwriting portfolios net zero

Insurtech pricing solution Akur8 seals $25m in fresh funding

Akur8, whose insurtech solution is used by actuaries to build pricing models across all insurance lines, has received backing from Guidewire and FinTLV

Beazley launches tornado parametric insurance using NWS data


Alex Dalyac: Founding AI-based insurtech Tractable

Technology & AI

Saudi Arabia: 'solid' framework to guide insurtech sector