Developing a robust risk management framework is essential to understanding an organisation’s exposure to risks. It helps identify, analyse and report managing them.
Implementing and embedding good risk processes ultimately ensures that businesses can run as intended, while minimising significant business disruptions. The board and senior management should be able to understand how risks facing the business will impact it in the future. They should be able to gain assurance that these risks are being managed effectively throughout the firm and ensure any weaknesses are being addressed. A good risk framework promotes strong risk leadership across the organisation, helping to ensure that firms are achieving their organisational objectives.
Bridging the gap
In the wake of Solvency II, insurers have been required to have an effective risk management system consisting of strategies, processes and reporting procedures in place. This enables senior business leaders to determine strategies needed to manage key business uncertainties, helping to bridge the gap between high-risk exposures and managing those risks to ensure minimal business impact. A robust risk and control self-assessment process (RCSA) helps with this, however, ensuring a proportionate and sustainable approach can be a challenge for many.
An insurer’s own risk solvency assessment (ORSA) should provide a holistic view of the firm’s business and risk profile and how it contributes to regulatory capital requirements. This enables senior business leaders to determine strategies for managing key uncertainties facing the business, helping firms manage business risks and reduce high exposures to minimise business impact and financial loss. The extent to which firms capture data from and use the ORSA effectively can also vary significantly.
Traditionally, firms have taken a reactive approach to risk management, as opposed to a proactive approach, without learning historic lessons. This has led to companies being fined millions of pounds for failings associated with their governance, controls, and risk management over a five year period. By embedding good risk management throughout the organisation, firms can avoid regulatory penalties and intervention.
The firm’s risk framework can be vast, capturing key risks that may impact the business in the current environment and those in the future horizon. It's important to have a reliable emerging risks process to determine the likelihood and impact emerging risks may have on the business. For example, firms are now expected to incorporate areas such as environment, social and governance (ESG) into their risk frameworks, some of which have been part of the emerging risk spectrum for a while.
These with the other risks in the organisation need to be managed in accordance with the firm’s business strategy, risk appetites, and tolerances. Having this level of understanding will provide a greater knowledge of key issues facing the firm and ensure that potential exposures are identified early to avoid issues further down the line.
The absence of a good risk framework leaves the door open for significant setbacks within an organisation. Failure to identify risks early could have a negative impact on the day to day operations of a business. This could also result in financial loss, operational failures, business disruption, regulatory fines, penalties, and even reputational damage.
These issues arise from an insufficient understanding around risk management across the business and the value that it can add. To facilitate this understanding, it's essential for firms to have strong risk functions that consist of the individuals with the right skillset, talent, and capabilities. Firms are increasingly beginning to recognise the need for good risk management across the insurance industry with more and more firms now investing in their risk management teams.
A good risk management framework not only helps to proactively manage risks and anticipate future shocks to the business, it also provides assurance and value to business stakeholders. This can range from internal employees, the board and non-executives, business customers, investors, shareholders and regulators.
The better the firm manages its risks, the more it can demonstrate its resilience, efficiency and effectiveness in its business operations. This enables it to gain a competitive advantage and attract even more business as it would be considered operationally stable.
It's important to gain assurance over whether a firm’s existing risk framework is mature enough to take the organisation forward to achieve its strategic objectives, or if enhancements are required to fit the business profile.
For more insight and guidance, get in touch with Nousheen Hassan.