Insurers aim to become masters of risk management

In a nutshell: Most insurance companies are making bold moves to modernise their technologies and business processes. Long-time masters of actuarial risk and active assessors of market and credit risk, insurers need to manage nonfinancial risks with the same rigour they use to manage their growth goals. That will require a new approach to risk management, one that involves the risk management function early in strategic decisions, establishes a clearly defined company-wide risk culture and vigourously invests in risk management technology.

Making bold moves to modernise

Insurance is an increasingly unpredictable industry, and carriers must contend with a number of disruptive factors. Topping the list for the insurance sector are relentless technological changes that are significantly affecting operating and business models, growing customer expectations, highly capitalised new market entrants, distribution channels that are starting to diversify outside the industry, and talent shortages.

Despite these obstacles, insurers are optimistic about the future. In PwC’s 2022 Global Risk Survey, 84% of insurance companies predict revenue growth in the next 12 months, with 19% expecting growth of more than 10%. This expansion is largely driven by new products or services (16%), new customer segments (16%) and the digitisation of products and services (13%). 

Carriers are making major business changes — and investing in technology. Most insurers wholeheartedly embraced technology in reaction to COVID-19 restrictions, while others had already been working on digitisation for some time. 

Consider, for instance, Liberty Mutual. More than two years after the company decided to accelerate its "digital journey," its bold moves are starting to pay off in big ways.

“I couldn’t believe some of the things we were still doing in 2020,” says Judi Gonsalves, Executive Vice President and Chief Internal Auditor for the Global Internal Audit division, “which is why we created our own [internal audit] app.”

Since launching the app in 2021, the team built out a module for fraud detection and investigation, "which I can confidently say has been best in class," Gonsalves says.

“At Liberty Mutual, we say that we’re a software company that happens to sell insurance. But we also need to make sure that we’re thinking about emerging technologies and the new risks coming our way.”

– Judi Gonsalves, Liberty Mutual

Insurance companies like Liberty Mutual are harnessing the power of technology to meet changing customer demands, but they’re also using it to propel their business into the future of risk management. With new risks on the horizon, where the future might take the insurance sector remains unclear.

New insurance risks need new risk management

As insurance companies grow, nonfinancial risks are becoming increasingly important to manage. But in a hyper-connected digital world, addressing these risks will become increasingly difficult. The industry is most concerned about risks related to business and operational models (26%), cybersecurity and information management (23%) and markets (20%).

Embracing new business and operating models to help strengthen business capabilities. Growing external pressure is spurring insurers to modernise outdated legacy systems and software. As they adopt technology to cut costs and increase efficiency in response to leaner rivals, capital market fluctuations and rising inflation, carriers are attempting to do more with less. 

The sector expects a number of disruptive and impactful trends over the coming three years. Of the top three disruptions reported, two are related to business and operational model risks: lean operations (53%) and customised products for underserved segments (48%). 

Traditional carriers are contending with disruptions in distribution and increasing competition. Usage-based insurance (UBI), behaviour-based insurance (BBI) and pay-as-you-go policies are becoming increasingly popular among consumers and competitors. And, as more big players in mainstream tech begin to increase their presence in the insurance sector, traditional carriers need to modernise or they risk being left behind. 

But with new business models come new risks. To meet that challenge, 77% of insurers are actively monitoring or implementing a risk management plan to understand the risks of lean operations. More than two-thirds (67%) are monitoring or implementing a plan for customised products — particularly important for property and casualty carriers and institutional life providers. 

Information assurance and cybersecurity management are on the rise. Digital technology is revolutionising the way insurers do business. Data analytics and AI can help insurance companies achieve growth goals and deliver digital insights into customer behaviour, but they also introduce new risks, including the need for transparency around AI-driven decisions.

The second most-mentioned issue is creating a digital-first experience from quote to claim. As they adopt more digital solutions, insurers are learning how to interact with customers and stakeholders in entirely new ways. They’re also learning how to deal with more digital risks. 

Cloud computing, for instance, helps insurers realise a number of business benefits, including improving efficiency, enhancing customer service and delivering cost savings. And, with the scale of global cloud providers, insurers also benefit from “shared digital immunity.” By managing a potential cyber risk or exposure for one insurance company, cloud providers can immediately and automatically help protect other insurance companies using the same cloud components. 

Cloud does come with some risks of its own, however. Changing operating models or unclear expense models, for instance, have dissuaded some insurers from fully embracing cloud computing. Some carriers also have concerns about legacy systems, reliability and data security in cloud. 

Risks related to data security have  become a significant source of concern in particular. Insurers worry about privacy rights and protection (71%), data protection laws (73%) and cyber regulation (73%). 

How insurers can manage nonfinancial risks

fundamental shift in the industry has made managing risks more effectively, which is especially important for insurance companies. Risk is the raison d'être for insurance companies, but if carriers can’t manage their own risks, how can customers trust that insurers can manage theirs?

The fact that less than 30% of insurers are realising benefits of a risk management programme suggests that the discipline does not play a prominent role in strategic business decisions. This reflects in large part how quickly carriers have changed since the pandemic began and how nonfinancial risk functions haven’t always been considered. 

The next crisis is just around the corner, so insurers should start responding to nonfinancial risks with the same rigor currently reserved for actuarial risks. That means finding more opportunities to involve the risk management function earlier in strategic decision-making, establishing a clearly defined company-wide risk culture and making more aggressive investments in technology.

Investing in insurance risk management technology

More and more carriers are investing in risk management technology, data analytics and automation tools because they generate valuable business insights and efficiencies. Automation can eliminate menial tasks, data analytics can provide additional visibility into risks and risk functions, and dashboards and visualisations can streamline reporting of this information to decision-makers. Insurance carriers must capitalise on all the ways that technology can serve their interests to get a better grasp on managing risk for growth.

“At Liberty Mutual, we say that we’re a software company that happens to sell insurance,” Gonsalves says. “But we also need to make sure that we’re thinking about emerging technologies and the new risks coming our way.” 

Insurers should increase investments in risk management technology, prioritising tools that facilitate real-time automation and identify risks across functions. Risk management tech provides better insights into KRIs and KPIs with live dashboards, visualisations and real-time information. 

It’s also important to use advanced analytics, AI and partnerships to expand data sources and shape a more holistic approach. There won’t be a single solution that can address all of these problems, and even if there was, the centralisation of end-to-end operational risk and controls management may not be feasible or appropriate for every organisation.

Carriers should invest more in people

Insurers need to avoid becoming hyper-focused on digital alone. Technology is an important catalyst for change, but people are even more critical. 

“This is a huge change,” Gonsalves says. “We’re asking people to change the way they work and think. Those who have really embraced it love it.”

To support user adoption, leadership teams should develop an integrated approach to company-wide change. Cultural guidance must be concrete and specific, adequate training and upskilling should be provided and the implementation should be clearly linked to strategic business goals. Business leaders can demonstrate their commitment to change by adopting recommended behaviours.

The most holistic risk cultures emphasise collaboration, and they have the organisational structure in place to facilitate it. Clearly defined risk-related responsibilities can help insurance companies enhance cooperation, alignment and integration throughout the organisation. 

Insurers should look to the top 10% of all respondents to PwC’s 2022 Global Risk Survey. Together, these practices distinguish growth-focused risk management. The top 10% are five times as likely to report confidence in achieving their risk management goals in 2022-2023, and they tend to be acutely aware of the challenges facing risk management today, rating all of the challenges as very significant. Moreover, they’re twice as likely to be increasing investments in risk management technology by more than 10%.

What insurance stakeholders should do next

For CEOs and CROs

  • Ask every owner of major business moves — a new product launch, cost-savings initiatives, new technology implementation — to describe the attendant risks of the project. 
  • Also how the initiative changes the organisation’s risk profile. Does it require that we increase risk appetite? How well are these risks mitigated in the overall business plan?
  • Know when to say no and when not to. Use risk mitigation as an opportunity to identify areas for growth as opposed to viewing risk as a roadblock.

For the board

  • Ask business owners to describe their risk management plan and report regularly for every major initiative.
  • Engage with both the risk owners and risk managers to understand new risks to the organisation.

For risk owners in business lines

  • Communicate the intended risk culture to the business unit as a whole and demonstrate the type of behaviours you expect.
  • Partner with risk and compliance functions and internal audit to unlock data-driven risk management perspectives.

For CROs/risk leaders

  • Build relationships with risk owners to help embed risk management in business decisions and transformations.
  • Invest in data analytics to provide risk owners, including the CEO and board, with the data they need to make better decisions. 
  • Confirm that there’s a feedback loop throughout the risk management process to facilitate awareness of all relevant decisions.

Contact us

Alexandra Burns

Alexandra Burns

Partner, Leader Financial Services Risk Consulting & Internal Audit, PwC Switzerland

Tel: +41 58 792 46 28