May 21, 2018
How Insurtech Alters Operational Risk
Years in, insurtech is more than an emerging risk. Risk management professionals need new approaches to manage its effects.
According to its generally accepted definition, operational risk is “the risk of loss resulting from inadequate and failed internal processes, people, and systems or from external events” and it covers also legal risk exposure. However, according to the risk management literature, strategic and reputational risks are excluded from operational risk definition.
With its qualitative background, operational risk is found as one of the most treated components in business processes. Because its features, operational risk exposure of an entity is not easy to measure and risk appetite is not easy to determine. Like other qualitative risks, top down and bottom up assessments are performed for operational risk exposures. However, yearly analyses change frequently and finding a trend for exposures is really struggling.
See also: Cognitive Biases and Risk Management
Risk management can add value to companies only because markets are imperfect and today, insurtech is the main driver which makes markets imperfect. As a revolution in insurance business, it is changing every dynamic in our business. Inevitably, it converts traditional risk management functions of insurance companies totally. After two very busy years with solid development, insurtech is more than an emerging risk now. And as risk management professionals, we need brand new approaches for manage its effects.
Needless to say, insurtech affect all risk types of an insurance company, but because of above mentioned features, it is more difficult projecting how will change ORM (Operational Risk Management) after insurtech. My predictions on this grey point are as below.
With digitalization, operational risk exposure of an entity will be based more on digital process based risks (not systematic or systemic risks!) than man-made risks. After insurtech implementations, many manual controls will die, and system-based ones fill these gaps. Enterprise risk manager will need to construct its risk management framework mainly on automated controls and this brings different testing processes as well.
Insurtech implementations do not mean just digitalization, but also using disruptive technologies; as AI, IoT, machine learning, blockchain, AR, VR; in every step of insurance business. As a second line of defense of insurance companies, risk managers should be one step further from their colleagues and need to define control framework of these activities.
See also: How to Improve ‘Model Risk Management’
Last but not least, one of the crucial side effects of insurtech in operational risk management is cyber risk. Today, cyber risk is assessed as third or fourth most threated risk in insurance professionals ‘expectations. However, more automated systems will put insurance companies into target of cyber-attacks and cyber risk will become most threated and costly risk in very short time.