Accenture Insurance Sector research - Global Risk Management survey

Flood Risk?

A nice generic risk management benchmarking piece from the guys and girls at Accenture came out this week, and after I spent last week at the Leicester rugby game, I was happy to see another 15 "tigers", albeit this time scattered throughout the survey paper itself, presumably as a subtle metaphor for "death by tiger" risk...

It is made up of 98 C-suite respondents (nicely spread across disciplines), is Insurance sector-specific, and Global in coverage (one-third Europe, half N.America), so should be useful to any reader for trend-spotting and Board briefing.

From the document itself, I've pulled out the following;

Risk Governance

• 98% have their "risk management owner" reporting to the CEO
• 96% have a senior executive (regardless of title) as "risk management owner"
• 80% have their "risk management owner" report regularly to the Board
• 55% had a titled CRO
• A number of those stats (whilst improved since their last survey) are a poor reflection on the Global insurance industry, but perhaps reflect where corporate culture is outside of the EU/US axis
• Of the governance bodies, I was surprised to see only 60% of Life companies have an operational risk committee

Solvency II/Non EU equivalent legislation-specific

• Over 80% of Life and P&C respondents seem happy that they are preparing well for their regulatory initiatives (Solvency II or local equivalent).
• Other than Internal Model development, the main outstanding issues for Life insurers to be prepared for Solvency II/equivalent is IT architecture and Data Management/Integration. For P&C, documenting risk processes and developing a meaningful Use Test are also worrying at least half of respondents.
• Issues such as training and education, risk culture and risk governance documentation are relatively low on the priority list.
• Conversely, when asked on a 1-5 scale about specific areas of risk governance, respondents were more positive about their Data preparations than their risk governance - go figure!
• Use Test preparation remains a laggard throughout.

Generic

• Top external pressure was Legal risk, and by a good distance. Regulatory risks relatively low on the list, perhaps reflecting Europe's low weighting in the quantum surveyed.
• Risk Management seemingly well integrated with strategic deployment, but not with product development or reward.
• Poor statistics around embedding risk management into core functions.
• Two thirds of Life respondents noting that a lack of "early warning capabilities" impedes emerging risk management.
• Over half of Life companies said investment benefits ("above and beyond" continued compliance with regulations) would come from better reporting and better integration of Risk and Finance.

There is some of the softer stuff on aspirational elements of risk management thinking at the back, but if you just want to check against your peers, you can save that for a rainy day.

Accenture study on Risk Analytics - lessons for Insurance Industry

Decent piece of benchmarking from Accenture on the current usage of risk analytics as well as drivers for the future. 450 mostly c-suite level respondees from across industries (40% insurers), but the findings are targeted specifically at the Insurance industry. Interestingly, respondees leaned towards incomplete data sets, rather than a lack of data or technological capability, as the main constraint.

While it touches on a number of areas of interest for Use Test specialists, it also covers Stress and Scenario Testing (13% of Life and 21% of P&C insurers reporting that they "rarely" or "never" use stress testing in decision making), and Reporting (which suggests the main driver for reporting improvements is regulatory rather than voluntary, due to regulators "...[increasing] their focus on the quality and frequency of reporting"). Internal Modelling also gets a mention, with almost 80% of respondents saying they already use, or are planning to use, an internal model for capital adequacy requirements.

Data Governance  of course gets decent treatment here. Only 69% of insurers polled currently have a Data Policy, but 41% have a data quality department, which feels alarmingly high, particularly when drawn against Accenture's comment that "...many firms have insufficient rigor who owns data, who sets it up and who manages it". The FSA concurred with that in their preliminary Data Quality Review findings back in September, and I'm not at all convinced that a DQ department will help in this respect (i.e. BAU absolve themselves of responsibility for their data sets!)

The Accenture crew use the "Leaders" and "Laggards" analogy throughout, so benchmark away and find out which one you are!

ORSA guidance from Accenture - good, bad and ugly?

In the same week as the FSA told the industry to "go fish" for additional guidance around ORSA, the guys at Accenture have pushed out a bite-sized piece on extracting added value (i.e. above and beyond "compliance") from one's ORSA processes.

There are clearly a number of consultancies who fancy themselves in this space (click the ORSA link in the tag cloud at the bottom of this webpage for my review history of them), so having cast an eye over it, I noted the following;

• Leads with the rather hackneyed soundbite around ORSA helping insurers "extract additional value" from what is ostensibly a compliance investment
• Note that "...many companies have just begun to implement their ORSA projects, or are still considering how to do so" - if that's the case, it is good for my business, but it sounds like a lazy justification for publishing this pamphlet (how can anyone only be as far as "considering" in mid 2012?)
• Recommend that operational specifications should derive from the C-suite - easier said than done, but I totally agree if one wants to extract value from the ORSA process rather than tick the box.
• Suggest that ORSA "...may become a source of competitive advantage" - clearly the assessment does not do this, rather the consideration of it by the AMSB and the application of management actions off the back of it.

They then go on to split the doc into sections as below;

Compliance requirements

• Neat enough as a beginner's guide to ORSA compliance 101, though they introduce a rather naughty term in "ORSA Capital" as the amount over and above SCR - the concept of ORSA is difficult enough to transpose into BAU for smaller organisations who perhaps haven't had to consider economic capital measures before, so this term is one I would consign to the "nice try" bin.
• Some nice schematics in the section as well around the process side of ORSA.

Creating an operating model

• Suggest that preliminary input should be obtained from the C-suite to create one's target operating model. As above, I agree with their participation in the design phase, but with BAU pressures around ICA/FCR etc, it should be weighted much more towards approval of recommended models, rather than dialogue, as there simply isn't enough time when dual running.
• Recommend designing the process with people already familiar with existing performance management framework, which is good advice.
• Also allude to the significant crossover synergies between Pillar 3 requirements (as documented in the draft implementing measures) and ORSA as it stands.

Develop risk-adjusted performance management

• Relatively bland section which won't tell you anything new on the topic if you are building/refining an ORSA process off the back of a reasonable ERM Framework

Make the most of these releases - you can be sure that your friendly national regulator will be!

PS - In case you viewed this on Friday looking rather bare, I was supposed to save it as a draft, and accidentally published it!

ERM benchmarking - Accenture - "High-performance insurer of the future"

A decent effort from the guys at Accenture on identifying and explaining the kinds of strategies which in their mind will separate the insurance men from the boys in future.

They have researched 70 companies (mix of single line, multi line and multinational companies) and come out with;

• A suite of KRIs to measure and benchmark corporate performance
• 5 Key attributes of "high performance" insurers; Customer-centric distribution, responsiveness to market, operational excellence, pursuit of cost reduction and focus on risk management
• 5 forces for change in the industry; growth shift to emerging markets, increases in technological development, escalation of risk and regulation, changes in consumer behaviour and changes in the competitive ladscape
• 6 distinct business models that should flourish

Very useful for benchmarking, KRI and ORSA purposes, particularly if you are working for a "multi" - the future growth aspects are likely to be hitting a strategic plan near you in the next couple of years...

Accenture Global Risk Management Study 2011 - talking points

A rather lavish piece of research from Accenture on developments in using risk as a source of competitive advantage was pushed out yesterday - All industry version here, with Insurance-specific report here.

Solvency II doesn't really feature in the global study (which covered just under 400 risk execs), but some aggregate trends are worth noting (observations against their 2009 survey);

• Increased likelihood of execuitve-level oversight of the risk function
• Increased concern about coverage of the spectrum of risk (types and severity coverage)
• Almost half of respondents had "reducing costs" as one of their main challenges in next 2 years
• Vast majority have either a CRO or an executive with Risk responsibility
• Majority of medium term spend seems to be focused towards data and technological improvements
• 40% have responded that regulatory risk will be "significantly increasing" in next 2 years
• Integration of risk measure capture and use across busienss areas particularly poor (most categories of risk were under 50% rated as "highly integrated across business units".
• Some lareg gaps between the importance of the risk function's objectives against their achievement (worryingly large on the matter of ensuring sustainability of future profitability)

For Insurance-specific, I noted the following (around 50-odd companies by my count);

• 80% of respondentshave ERM program in place or in planning
• Top risk executive reports to CEO in almost 90% of respondents (a truly horrifying statistic, and the highest of all industries) 
• 81% of Life company respondents felt regulatory pressure is creating an increasing gap to achieving compliance
• 54% have a CRO who owns responsibility for Risk in their organisations (surely a massive no-no under Solvency II)
• Integration of Finance and Risk and improving reporting capabilities on risk-adjusted performance management are the highest Life company priorities for improving capabilities.
• To achieve "Risk Mastery", a rather anodyne list of enhancements are depicted - invest in analytic tools, integrate risk and finance, improve approaches to fraud and financial crime and leverage compliance initiatives (such as Solvency II I guess, though I wouldn't call it a compliance initiative!)

They create a sub-category of "Risk Masters", whose risk management capabilities are assumed to be superior to the crowd - these are the component parts of "risk mastery";

1. Creation of shareholder value from Risk Management
2. Risk Management involved in key decision making process
3. Improved sophiostication of measurement, monitoring and analysis
4. Going beyond a compliance mindset
5. Integration of risk management capabilities across business units and structures
6. Establishment of a "c-suite" role for Risk
7. Infusion of "|risk awareness" across the organisational culture
8. Investment in continuous improvement

Risk masters (around 40 of the respondents qualified) either have or are in the process of establishing ERM programs, and tend to use their Risk function outputs to achieve quantifiable business objectives considerably more than the pack. They also had significantly higher scores for having "highly integrated" risk measure capture and usage across business units (including using these measures in their decision making process), and the majority participate in most areas of the strategic decision making process.

Interestingly, almost 90% of Risk Masters said that they are active in influencing risk regulation in their relevant industry - Solvency II anyone?