Tag Archives: governance

Insurance Risk in Latin America

Latin America’s compound growth remains attractive and yet, overall, insurance penetration rates still remain low in many countries. Particularly in life insurance, despite continuing economic growth and reduced poverty levels, penetration is low, suggesting there is still significant growth ahead for the insurance sector. We have seen significant reforms across the region from both a fiscal and regulatory standpoint, in everything from capital and exchange controls to consumer protection. We believe a key challenge for insurers over the next decade is navigating this rapid acceleration toward modern regulatory and operational realities.

Around the world, regulators are setting the expectation that insurers will raise their game. The trend is clear, toward better risk management, better governance, more precise measurement of capital in a risk sensitive way and more detailed and transparent reporting to regulators.

We presented our first report for Latin America in 2012, focusing on risk-based capital (RBC) and emerging regulations in four markets: Argentina, Brazil, Chile and Mexico. We have expanded our coverage and also added Colombia, Peru and Uruguay to our new overview.

In the past two years, each Latin American market has faced a different journey to a risk- and economic value-based solvency framework. More open markets in the Pacific Alliance (Chile and Mexico) have enhanced their risk management processes, while Brazil is seeking Solvency II equivalence by 2016. Mexico’s new law, modeled on Solvency II, is likely to be implemented ahead
of the rest of the world. Peru and Uruguay have no immediate plans to pursue a Solvency II approach. Although both countries are attracting foreign investment, the market size and number of players are impeding regulation. With Argentina’s high inflation and economic concerns, adopting an RBC framework in the short term is unlikely.

The challenge to understanding Latin America remains that most insurers in the region are not well-prepared for the expected changes in governance, risk management, capital requirements and reporting. At EY, we believe that effective risk management and the ability to quantify and price risks accurately are a core competence for a successful insurance company. We also observe globally that the leading insurers will typically look to define their own vision for their capabilities in these key areas, rather than simply following the iteration of each piece of regulation. Leading firms will also typically go on to deploy these capabilities more quickly and effectively across their businesses at the point of decision making, and being ahead of competitors in this way is a source of clear commercial advantage.


The Argentine insurance market has made minimal progress in its approach to RBC in recent years. As other Latin American countries take steps toward Solvency II equivalence, Argentina is only superficially addressing this issue. In a country experiencing high inflation, tight regulation and fluctuating economic market concerns, RBC is only one in a long list of initiatives on the regulatory agenda of the Superintendencia de Seguros de la Nación (SSN).

Nevertheless, insurance is a fast-growing industry that continues to show resilience in premiums and tolerance for expansion in a challenging environment. Annual growth percentages are measured in Argentine pesos, so the inflation rate has a significant impact on those figures. As of 30 June 2013 (last fiscal year-end), there were 184 companies (108 in property/casualty) writing insurance in Argentina – with 29 new companies added in the past two years. International players continue to make acquisitions to enhance their positions in the industry. Growth has been most prominent in workers’ compensation and motor insurance, producing increases of 42% and 35%, respectively, from June 2012 to June 2013.


The Brazilian insurance market continues to achieve double-digit growth. The industry is witnessing a series of mergers and acquisitions and the arrival of multinational insurance and reinsurance companies, mostly from Europe. In addition, the sector experienced the largest initial public offering in the world last year, when BB Seguridade raised approximately US$5.75 billion in the BOVESPA stock exchange.

Although national bancassurance players dominate the Brazilian insurance market, international insurance companies continue to grow at a higher rate through M&A and strategic alliances.

Given the continuous growth in the market, the Brazilian regulator, Superintendência de Seguros Privados (SUSEP), is working with the European Insurance and Occupational Pensions Authority (EIOPA) to achieve Solvency ll equivalence in Brazil. This will facilitate the investment of European insurance companies in Brazil and Brazilian companies in Europe. SUSEP will sign an agreement that will adopt Solvency ll rules partially or fully by 2016, based on a comparative study that EIOPA will perform to measure Brazilian regulation against the Solvency II regime.


The insurance market in Chile continues to shift from its present regulatory framework to a more sophisticated RBC approach to solvency assessment that better reflects current industry risks. New methodology proposed by the Superintendencia de Valores y Seguros (SVS) is an important step toward building an integral and holistic RBC model.

The Comframe capital framework implementation requires each risk category to be managed individually, with most supervision on a product-by-product basis. Most insurers will need to improve their risk function or implement a holistic approach to risk management. Also, local skilled resources are scarce for the level of technical knowledge imposed by this regulation. Many will need to develop better data analytics, systems and precise risk measurement if they are to increase capital efficiency and profitability.

Chile is one of the more stable markets in the region, primarily because of tight controls over insurance products and asset portfolios. This stability is essential in a market that offers rich growth potential. While the ease of doing business in the country presents an opportunity, product expansion remains an emerging challenge due to a lack of insurance product awareness and consumer perceived value.


Colombia enjoys strong economic growth and enormous potential for financial stability over the next three to five years. GDP growth is about 4% a year, ahead of the average for the region. This is driven by stronger activity from foreign investors, a stable macroeconomic environment and a growing middle class. The free trade agreements that Colombia has engineered with major world markets are one example of the tremendous potential the country offers.

Insurance regulation is moving toward a more risk- and economic value-based solvency framework, with tightened capital market regulations. As a result, Colombia is ahead of many global rapid growth markets in reforming regulatory processes, protecting investor rights and cross-border trading to increase the ease of doing business for small companies.

Recent rules that allow foreign insurance companies to establish branches and operate as local insurers have changed the complexion of the Colombian market. Global industry players are entering, buying local insurers or considering start-up companies. This should encourage increased capacity, product diversification and greater competition. Colombia’s premium growth was US$8b in 2013, and rate reductions of as much as 10% were expected for property and life/accident insurance in 2014.


The Mexican insurance market is the second largest in Latin America. As of December 2013, gross premiums totaled $334.19 billion Mexican pesos or approximately US$25.6 billion, an increase of 11% over the prior year; this increase includes the effect of a large biannual policy of the government. Despite having one of the lowest proportions of insurance penetration in the region (almost 2% of GDP), Mexico continues to grow above the country’s nominal GDP. New insurance laws and Solvency II regulations are leading to market consolidation, as well as growth in specialty and consumer product lines. The high demand for life insurance is reflected in individual life premiums, which rose 23% in 2013, following a 19% increase in 2012, basically for the success of some savings products.

The regulatory framework in Mexico is evolving toward a more sophisticated risk-based capital approach. A proposed Solvency ll – type insurance law has been under review by the Mexican regulator, Comision Nacional de Seguros y Fianzas (CNSF) and the Mexican association of insurance companies, Asociacion Mexicana de Instituciones de Seguros (AMIS) since the second half of 2008.
The Mexican Congress approved the new regulation in April 2013. Quantitative impact studies and qualitative impact studies are moving forward, and new accounting principles are under discussion. Legislation in the country continues to advance and is likely to be implemented ahead of the rest of the region.


Peru’s steady economic growth and expanding middle class are attracting new business and opening doors for insurance companies. The Peruvian economy is supported by rapid growth in investment, low inflation, strong economic fundamentals and an annual GDP growth rate of nearly 6%. The country has an investment rating in Latin America that is second only to Chile and offers a favorable legal framework for foreign investors. The financial sector, including insurance, is second only to mining (gold, zinc and copper) in direct foreign investment.

In the last decade, insurance industry sales in Peru have grown more than 200%, from PEN2,700 million (approximately US$776 million) to PEN9.069 million (approximately US$3.36 billion) in 2013. As of December 2013, 40% of total net premiums were from general insurance, 14% from accident and health, 21% from life insurance and 25% from the private pension fund system. It is important to note that only approximately 16% of the urban population has private insurance and 18% has health insurance – and this number has stagnated over the past five years.

The insurance market is highly concentrated in Peru, with 2 of the 15 insurance companies accounting for 60% of total gross written premiums. Overall, insurance penetration rates remain low, as they are in many other Latin American countries.


Uruguay is a small country with stable economic growth, expanding tourism and rising disposable income. It was one of the few countries in Latin America that was able to avoid recession in 2008, and it continues to grow, with an economy based largely on exports of commodities like milk, beef, rice and wool. Some of world’s largest banks and financial institutions maintain branches there, and it was fortunate not to experience the impact of the global financial crisis or ensuing government intervention.

Although the Uruguayan insurance market is highly competitive, it has no more than 15 companies competing for market share. The largest in the country is Banco de Seguros del Estado (BSE), a government-owned insurer with about 65% of the market share as of December 2013.

Gross written premiums for the insurance industry totaled UYU21.6 billion (US$1.1 billion) in 2012, with a CAGR growth rate of almost 19%. Motor insurance and general liability insurance were leaders in the non-life segment. An increase in demand for pension products contributed to the significant growth in the life segment.

For the full report from which this excerpt is taken, click here.

Pointers on Managing GRC Issues

MetricStream has shared with us a November 2014 report from the analyst firm Forrester: Predictions 2015: The Governance, Risk and Compliance Market Is Ready For Disruption. (Registration required.)

I have had serious issues in the past with Forrester, its portrayal of governance, risk management and compliance (GRC), its assessment of vendors’ solutions and its advice to organizations considering purchasing software to address their business problems.

However, Forrester does talk to a lot of organizations, both those that buy software as well as those that sell it. So, it is worth our time to read their reports and consider what they have to say. I’m going to work my way through the report, with excerpts and comments as appropriate.

“…the governance, risk, and compliance (GRC) technology market is ripe for disruption.”

I have a problem with the whole notion of a GRC market. For a start, the “G” is silent! The analysts seem to forget that there are processes, each of which can be enabled by technology, to support governance of the organization by the board and others. For example, there is a need to enable the secure, efficient and useful sharing of information with the board – for scheduled meetings and throughout the year. In addition, there are needs to support whistleblower processes, legal case management, investigations, the setting and cascading of business objectives and goals, the monitoring of performance and so many more.

In addition, organizations should not be looking for a GRC solution. They should instead be looking for solutions to meet their more critical business needs. Many organizations are purchasing a bundle of GRC capabilities but only use some of what they have bought – and what they do use may not be the best in the market to address that need.

Finally, I have written before about the need to manage risk to strategies and objectives. Yet, most of these so-called GRC solutions don’t support strategy setting and management. There is no integration of risk and strategy. Executives cannot see, as they review progress against their strategies and objectives, both performance progress and the level of related risks.

“A corporate risk event will lead to losses topping $20 billion.”

What is a “risk event”? This is strange language. Why can’t Forrester just talk about an “event” or, better still, a “situation”?

I agree that management of organizations continue to make mistakes – as they have ever since Adam and Eve ate the apple. Some mistakes result in compliance failures, penalties, reputation damage and huge losses. I also agree that the size of those losses continues to rise.

But what about mistakes in assessing the market and customers’ changing needs, bringing new products and services to market or price-setting (consider how TurboTax alienated and lost customers)? I have seen several companies fall from leaders in their market to being sold for spare parts (Solectron and then Maxtor).

Management should consider all potential effects of uncertainty on the achievement of objectives.

“Embed risk best practices across the business…. Risk management helps enhance strategic decision-making at all organizational levels, and, when company success or failure is on the line, formal risk processes are essential.”

The focus on decision-making across the enterprise is absolutely correct. Risk management should not be a separate activity from running the business. Every decision-maker needs to consider risk as she makes a decision, so she can take the right amount of the right risk.

“Read and understand your country’s corporate sentencing guidelines.”

This is another excellent point! Unfortunately, the authors didn’t follow through and point out that the U.S. Federal Sentencing Guidelines require that organizations take a risk-based approach to ensuring compliance; those that do will have reduced penalties should there be a compliance failure.

“Build and maintain a culture of compliance.”

Stating the obvious. It is easy to say, not so easy to accomplish.

“Review risks in your current register and add ‘customer impact’ to the relevant ones.”

All the potential consequences of a risk should be included when analyzing it. Rather than “customer,” I would include the issues that derive from upsetting the customer, such as lost sales and market share.

Further, it’s not a matter of reviewing risks in your risk register. It’s about including all potential consequences every time you make a decision, as well as when you conduct a periodic review of risks. Risk management should be an integral part of how decisions are made and the organization is run – not just when the risk register is reviewed.

Forrester makes some comments and predictions concerning GRC vendors. I don’t know whether they are right or wrong. However, I say again that organizations should not focus on which is the best GRC platform. They should instead look for the best solution to their business needs, whatever it is called.

I do agree with Forrester that there are some excellent tools that can be used for risk monitoring. They should be integrated with the risk management solution, with ways to alert appropriate management when risk levels change.

What do you think of the report, the excerpts and my comments?

Should we continue to talk about GRC platforms? Is it time to evaluate risk management solutions? How about integrated strategy, performance and risk solutions?

[By way of complete disclosure, I have a relationship with a number of vendors of “GRC” solutions, including MetricStream and Resolver. I no longer have a relationship with SAP.]

3 Keys to Achieving Sound Governance

Of the many definitions of governance, the simplest ones tend to have the most clarity. For the purpose of this piece, governance is a set of processes that enable an organization to operate in a fashion consistent with its goals and values and the reasonable expectations of those with vested interests in its success, such as customers, employees, shareholders and regulators. Governance is distinct from both compliance and enterprise risk management (ERM), but there are cultural and process-oriented similarities among these management practices.

It is well-recognized that sound governance measures can reduce the amount or impact of risk an organization faces. For that reason, among others, ERM practitioners favor a robust governance environment within an organization.

A few aspects of sound governance are worth discussion.  These include:  1) transparency and comprehensive communications, 2) rule of law and 3) consensus-building through thorough vetting of important decisions.


Transparency lessens the risk that either management or staff will try to do something unethical, unreasonably risky or wantonly self-serving because decisions, actions and information are very visible.  An unethical or covert act would stand out like the proverbial sore thumb.

Consider how some now-defunct companies, such as Enron, secretly performed what amounted to a charade of a productive business. There was no transparency about what assets of the company really were, how the company made money, what the real financial condition actually was and so on.

Companies that want to be transparent can:

  • Create a culture in which sharing of relevant data is encouraged.
  • Publish information about company vision, values, strategy, goals and results through internal communication vehicles.
  • Create clear instructions on a task by task basis that can used to train and be a reference for staff in all positions that is readily accessible and kept up to date.
  • Create clear escalation channels for issues or requests for exceptions.

Rule of Law

Good governance requires that all staff know that the organization stands for lawful and ethical conduct. One way to make this clear is to have “law abiding” or “ethical “as part of the organization’s values. Further, the organization needs to make sure these values are broadly and repeatedly communicated. Additionally, staff needs to be trained on what laws apply to the work they perform. Should a situation arise where there is a question as to what is legal, staff needs to know to whom they can bring the question.

The risks that develop out of deviating from lawful conduct include: financial, reputational and punitive. These are among the most significant non-strategic risks a company might face.

Consider a company that is found to have purposefully misled investors in its filings about something as basic as the cost of its raw materials. Such a company could face fines and loss of trust by investors, customers, rating agencies, regulators, etc., and individuals may even face jail time. In a transparent organization that has made it clear laws and regulations must be adhered to, the cost or cost trend of its raw materials would likely be a well documented and widely known number. Any report that contradicted common knowledge would be called into question.

Consider the dramatic uptick of companies being brought to task under the Foreign Corrupt Practices Act (FCPA) for everything from outright bribes to granting favors to highly placed individuals from other countries. In a transparent organization that has clearly articulated its position on staying within the law, any potentially illegal acts would likely be recognized and challenged.

How likely is it that a highly transparent culture wherein respect for laws and regulations is espoused would give rise to violations to prominent laws or regulations? It would be less likely, thus reducing financial, reputational and punitive risks.

The current increase in laws and regulations makes staying within the law more arduous, yet even more important. To limit the risk of falling outside the rule of law, organizations can:

  • Provide in-house training on laws affecting various aspects of the business.
  • Make information available to staff so that laws and regulations can be referenced, as needed.
  • Incorporate the legal way of doing things in procedures and processes.
  • Ensure that compliance audits are done on a regular basis.
  • Create hotlines for reporting unethical behavior.


Good governance requires consultation among a diverse group of stakeholders and experts. Through dialogue and, perhaps some compromise, a broad consensus of what is in the best interest of the organization can be reached. In other words, important decisions need to be vetted. This increases the chance that agreement can be developed and risks uncovered and addressed.

Decisions, even if clearly communicated and understood, are less likely to be carried out by those who have not had the chance to vet the idea.

Consider a CEO speaking to rating agency reviewers and answering a question about future earnings streams. Consider also that the CFO and other senior executives in separate meetings with the rating agency answer the same question in a very different way. In this scenario, there has clearly not been consensus on what the future looks like. A risk has been created that the company’s credit rating will be harmed.

To enhance consensus-building, companies can:

  • Create a culture where a free exchange of opinions is valued.
  • Encourage and reward teamwork.
  • Use meeting protocols that bring decision-making to a conclusion so that there is no doubt about the outcome (even when 100% consensus cannot be reached).
  • Document and disseminate decisions to all relevant parties.

During the ERM process step wherein risks are paired with mitigation plans, improved governance is often cited as the remedy to ameliorate the risk. No surprise there. Clearly, good governance reduces risk of many types. That is why ERM practitioners are fervent supporters of strong governance.

Case for Reinventing Insurance in India

Since independence, all governments of India have committed to gradual rather than revolutionary means for spreading democratic and socialist principles (as attested notably by the preamble to the constitution of India). Independent India averted the revolutions (and most of the debates) that have shaped the role of the state in the western world for some 500 years. In recent history, India never had to face its Thomas Hobbes, Jean-Jacques Rousseau, John Stuart Mill, Georg Wilhelm Friedrich Hegel, Karl Marx, Beatrice and Sidney Webb, Franklin Delano Roosevelt or Margaret Thatcher, John Maynard Keynes or Milton Friedman. India was saved the horrors of the French, American, Russian, Turkish, Cultural (Chinese) or Iranian revolutions (to mention but a few). India was largely spared the two World Wars and most of the “…isms” (fascism, communism, Marxism, capitalism, etc.). For every political fad that swore by TINA (“There Is No Alternative”), India responded with its inimitable TATA (“There Are Thousands of Alternatives”). It had its gradual transition away from non-democratic practices (e.g., abolition of privy purses in 1971 and of debt bondage in 1976) to a welfare democracy. Even the embrace of the “Washington consensus” (a combination of open markets and prudent economic management) under the guidance of Manmohan Singh has not changed the essential nature of the state.

This “Fabian” model meant that the state was committed to provide welfare, not merely security, to the citizens, and that central government was in the main responsible for funding, producing, procuring, allocating and distributing most goods and services. This has been done in large measure through subsidies to public enterprises, producers of inputs, private-sector producers and consumers. The goods and services whose availability and price have been modified through subsidies include food, water, energy, financial services, labor, education, healthcare, fertilizers, information and media. As the public demanded more and more, the state promised more and more, sometimes through milestone measures (e.g., the largest debt waiver and debt relief program for farmers, in 2008) but mainly through quasi-permanent subsidies, which have led to a sizable fiscal deficit (almost 75% of the 2014-15 budget estimate, and 4.1% of GDP). The net cost of these handouts and subsidies is much higher than their nominal value, for three reasons: the interest payable to fund the deficit, the losses because of intermediation (e.g., it has been reported that for every kilogram of subsidized grains delivered to the poor, the government released 2.4 kg from the central pool) and the societal effects of enhanced inequity (an IMF working paper titled “The fiscal and welfare impacts of fuel subsidies in India” argued that the richest 10% of the households benefited from fuel subsidies seven times more than the poorest 10%).

This is why a policy of “less government” could have much scope by divesting ownership of public sector undertakings (PSUs) in manufacturing, services and distribution and reducing subsidies substantially. However, the existing system has created many winners that would presumably be motivated and suitably represented to protect their vested interests by militating for status quo. Additionally, certain social services must be improved considerably (mainly water-sanitation-health, financial protection, food security and education), but acting on those needs would lead to more rather than less government. Similarly, actions to remedy inequitable targeting and inefficient distribution of subsidies could bring “more governance” only if preceded by more government intervention and spending.

So, what is the road to “less government and more governance” that would both engage the many who today enjoy representation without taxation and protect future taxpayers from the financial and societal ramifications of today’s consumption? We submit the answer is in “localism.”

“Localism” means encouraging people to be involved in elaborating and governing local solutions, with only subsidiary support from government. Most of India’s population is rural and in the informal sector. For this vast majority, the world is local, and local is the measure for most things. It is a moot point to argue whether people wish to be in the informal sector (to be excluded from the framework through which the government collects taxes and imposes regulations) or whether they are victims of circumstances (of being de facto excluded from the practical measures through which the government delivers universal rights for all citizens). The essential point is that people belong to local groups through which they access benefits that are not otherwise available as public goods. Therefore, communities reinforce the norms and networks that enable individuals to act collectively, influence decisions of single community members on the economic and social engagements they can/must/must not enter into, who can/cannot do so and on how benefits are distributed. Compliance with consensus flows from members’ reliance on the community’s patterns of reciprocity. As the community reaches most everybody on a continuing basis, it can be mobilized to play a role in “more governance” of local activities and structures.

Experience from rural India and from other countries confirms that underserved rural communities have been able to operate community-based mutual-aid schemes that create welfare and distribute benefits, which are funded by resources of the members. Such collective action of groups, by groups and for group members is a major paradigm shift from the mentality of reliance on government handouts, decisions and entitlements. The change in mindset is from being dependent to being dependable; the change in the financial model is from relying on inflow of charity to relying on pooling of own funds, which are otherwise invisible and inaccessible, to obtain welfare gains. The argument in favor of empowering community-based mutual aid is not merely that it is more opportune, but that it is more legitimate. Recalling the words of Abraham Lincoln (a speech from 1854, quoted in G.S. Boritt, 2004: Lincoln and Democracy): “the objective of government is to do for a community of people whatever they need to have done but cannot do at all or cannot so well do for themselves in their separate and individual capacities.” If now the case is that communities of people can do for themselves what the government cannot so well do for them, is it not then self-explanatory that the government should do all it can to support such action at the local level? Moreover, the argument in favor of encouraging the proliferation of local action is consistent with the democratic system of India, where interest groups are well established.  In his book The Logic of Collective Action: Public Goods and the Theory of Groups (1965), M. Olson pointed out that small local groups can form more easily and function more effectively to advance their interests. Olson also asserted that it is easier for the government to support many small groups than few large ones, and by supporting community-based self-interest the state can also advance its interests more easily and less expensively. If the reason for seeking “less government” is to encourage more self-reliance and hard work and a decrease in dependence on acquired rights and corruption, then does it not follow that government should provide tangible support to encourage voluntary action? The pooling of part of people’s resources for the advancement of community-based welfare gains serves the interest of the members of such groups (who can take charge of rationing and of priority-setting relating to the use of their funds) and also of the government (which could leverage the community-based risk management by limiting its intervention to subsidiary coverage of only rare events).

The development of community-based health insurance in India as a mutual-aid activity, replacing entitlements or debt, is one of the most effective mechanisms for voluntary social change.

Just as after independence India abolished several homegrown systems based on inequality of rights (e.g., chaudhary, deshmukh, jagir, samanta and zamindar) and favored equality through democracy, so asset creation should take primacy over money lending (in all its forms, from village shark to microfinance and to banks), for the same reason. India also abolished bonded labor (which also involves interlinking debt and exploitative labor agreements), even if this practice is not yet dismantled completely, according to the International Labor Organization (ILO). And the infamous phenomenon of farmer suicides is also linked, at least in part, to debt: Farmers are held morally deficient for inability to repay loans, when in fact the reason for that insolvency is crop failure (occasioned by the inherent risks of agriculture: too much or too little rain, too hot or too cold climate, pests etc.). Many other countries developed crop insurance to protect both farmers and farming. In India, agricultural insurance is used mostly to securitize loans rather than farming (farmers must pay the premium when they borrow, but the payout goes to the lending bank).

Disconnecting crop insurance from borrowing and connecting it with “what a responsible adult does” to avert the risks of agriculture can bring about safer agriculture and more governance with less government. This change is best accomplished when embraced by local communities, not merely single individuals. When agriculture is a safer economic activity, more farmers are likely to continue farming (and thus provide food security). When crop insurance becomes an act of mutual aid, something everybody in our village does, it is easier to mobilize the community to also encourage asset creation, and better financial protection. The virtuous cycle of more community-based cooperation fosters multiple positive changes, including improved targeting of government support for financial protection, better advisory to farmers on how to improve their agricultural productivity and thus food security and enhanced equality. These are objectives that have never been achieved by debt/credit extension or debt relief, because such programs missed completely the opportunity to leverage the collective energy that, what the community can do together, none of its members can do alone.

Creation of such local asset pools may start with modest amounts, as many villagers are cash-poor, and will first want to gain trust that the new form of collective action will deliver welfare to many members of the group, not just to a few powerful or privileged persons. However, the accumulation of funds will grow over time, especially if such growth is stimulated by the government. The government can encourage such solidarity-based collective action by passing enabling regulations to recognize mutual and cooperative insurance schemes (as part of the revision of the insurance law). Indonesia has recently changed its insurance law to recognize mutual and cooperative insurance at par with commercial insurance, to facilitate the development of mutual micro-insurance in rural communities. The European experience has shown that today’s large financial institutions originated from exactly such community-based local initiatives. As these were allowed and supported to grow, they served as the basis for universalization of health insurance, agricultural insurance and natural catastrophe insurance. In some countries (e.g. Switzerland, France, the Netherlands, Belgium or South Africa) ,the local schemes have morphed into large private or cooperative insurance companies. The local origin of the activity was essential to ensure that local groups can define their local priorities (which enhance local willingness to pay) and operate their scheme with locally dependable persons (which enhances flow of information, notably through gossip, about the fair and equitable treatment of all members of the scheme).

Government support for community-based asset creation can provide the government with information that it does not have currently but that it needs to enhance governance and the government’s revenue side. The shift from remote governance to local governance relies on local trusted elites, a new kind of elite, different from the capitalist elite and the bureaucratic elite. The local elite needs to be given a good start (by imparting private sector methods for social sector activities, minus the profit-taking), and the government must still provide worst-case protection. But for the rest, government should encourage communities to devote their talents to create public goods, to fend for themselves, to concentrate on assuming responsibility for their own welfare.

This is so much better than the present situation, in which many people entertain huge, unrealistic expectations and contradictory demands from the government based on messages, disseminated for years, that welfare is a right; and when they receive welfare or debt/credit benefits, rather than being grateful, many people feel that their due has reached them too little and too late. Anchoring the support to local asset-building by community-based collective action enhances the notion that we can do more on our own and allows each local group to design and do itself some of the work that hitherto it waited for the government to do. Supporting “localism” means that welfare creation is the legitimate domain of each community, delivered bottom-up rather than entirely top-down, supported by the government rather than the exclusive responsibility of the state to each individual. Localism will enhance governance because communities, governing their own priorities and resources, are very good regulators of their local scheme, because they are responsible for doing, not debating, and their actions are transparent locally. This transition from external to community leadership entails transition to performance-related legitimacy and away from formal title or appointment. It can also be the transition from short-termism (with the next elections as implied statute-of-limitations) to the long-term, recognizing that to achieve universal access to financial services, or to health insurance, or to secured livelihoods, or to relevant agricultural insurance or better sanitation may take decades. Notwithstanding the patience needed to get results, localism can provide the platform for less government and more governance now.

Modernization: CRO Faces New ‘Unknowns’

Internal and external demands have resulted in the clarification and expansion of the role of the chief risk officer and the risk management function. Internally, senior management and the board see the merit of using key risk information. Ensuring the company is managed within its risk appetite enables it to best utilize its resources to take advantage of changing competitive needs and strategic opportunities. Externally, U.S. and global regulators are articulating clear expectations for the role of the CRO and governance of the risk function, as well as the role of the board in risk management and the CRO’s and risk function’s relationship with the board. These demands emphasize the need for clear policies and processes with appropriate documentation and governance.

As little as 10 years ago, the risk function was novel at most companies, and there were almost as many models of how to organize and manage the function as there were insurers. This has changed. Leading practice is becoming clearer, and expectations are now more consistent and defined. However, boards and regulators are increasingly inquiring about new “unknowns”: data security, cyber terrorism, reputational risk and competitive obsolescence. All of these also fall under the CRO’s purview and increase demands on risk resources.

The case for change

The risk function is the newest among the direct stakeholders that insurance modernization directly affects, and there are a number of important implications and outcomes.

  • No existing “pipes” – For the majority of North American risk functions, many risk calculations and resulting reports are very recent creations. Very few have a solid network of pipes that transmit data and input through models and calculations onward to result in verifiable and controlled information. Therefore, compared with many other functions that modernization affects, the risk function does not need to dismantle existing pipes. However, it is critically important that, as insurers plan and develop these new pipes, they do so in cooperation with other stakeholders. If they do not, then the risk function may find itself unnecessarily tearing up what should be a common roadway.
  • From build to oversee – While internal and external changes affect all stakeholders, the risk function is unique in that its very nature also is changing. When the risk function originally came into being, it was the CRO’s and his staff’s responsibility to create the models and capability needed to support the function. Now, as risk infrastructure takes shape, management, boards and other stakeholders are asking the CRO and risk function to play a key role in governance and control. This brings into question how best to manage and oversee both the risk and overall corporate infrastructure. Can and should these be responsibilities of the risk function, and, if not, who should be responsible for managing this infrastructure?
  • Process and documentation – Much of the newly built infrastructure was constructed quickly and in a “learn by doing” mode. Much of it is parallel to but not coordinated with activity in other areas, especially actuarial. As companies have mapped processes and documented assumptions, models and output, functional overlaps have become clearer. In many cases, clarification and resolution of the overlaps will be necessary to enable rational enterprise level mapping and non-duplicative documentation.
  • Demonstrated engagement – The CRO and risk management staff (with input from actuarial, investment, finance and others) support the foundation on which risk information is built Increasingly, the board and regulators are asking for holistic engagement in agreeing on assumptions and methodologies, not just siloed input from subject-matter experts. The risk function increasingly is being asked: Are the business managers – the first line of defense –in agreement? And, is their collective engagement substantive and verifiable?
  • Governance – As the board’s role in risk management and risk taking becomes clearer, many boards and regulators recognize the need to include major risk and strategic initiatives under the oversight umbrella. They look to the CRO to be the conduit of information between them and the insurer. This strongly suggests that the CRO should have insight into modernization initiatives that go beyond just the risk function.

In a modernized company, a synergy of efficient processes with clearly defined stakeholder expectations exists among risk, actuarial, finance and technology (RAFT). The modernized risk function will share a common foundation of data, methods and assumptions and tools and technology with the other RAFT functions. (Naturally, the risk function will have certain unique processes that build on this foundation.) Finally, enterprise compatible business management, HR, reporting and governance all channel the process to its apex: intelligent decision making.

  • Data – The organization, with significant risk input, clearly defines its data strategy via integrated information from commonly recognized sources. The goal of this strategy is information that users can extract and manipulate with minimal manual intervention at a sufficient level of detail to allow for on-demand analysis.
  • Methods and analysis – Modern risk organizations emphasize robust methods and analysis, particularly the utilization of different approaches to arrive at insight from more than one perspective. Key to proper utilization of multiple methods is confidence that different outcomes are not the result of inconsistent inputs but rather truly reflect new insight.
  • Tools and technology – Up-to-date tools and technology help the risk function gather, analyze and share information faster, more accurately and more transparently than ad hoc end-user computing analysis. With modern tools and technology, risk personnel can devote the majority of their time to understanding and managing risk rather than programming and running risk models.
  • Stress testing – Stress testing has become a key weapon in the risk management arsenal. Test results convey risk information to senior management, the board and regulators. Resulting impacts on capital under stress scenarios become key to capital planning and calibrating economic capital (EC) models. Moreover, these tests are fully integrated in financial planning and the finance function’s agenda.
  • EC/Capital modeling – Economic capital calculations continue to be an important tool for decisions at all levels, from strategic to micro-level asset trading and product design. A modernized organization fully integrates these models with key actuarial activities, and the process and results help the company more effectively plan for and manage risk. Results are available quickly, and efficiency of the process allows for extensive “what if” testing.
  • Validation – A comprehensive model risk management structure is in place. The company routinely validates new models and model changes. Assumption consistency is transparent across risk, actuarial and finance. The company verifies data integrity and uses a model inventory to weed out duplication and overlap. Savings more than pay for model risk management (MRM) costs.
  • Human capital – Risk functions employ more inquisitive and analytical analysts. The emphasis is on managing risk, not running models. A significant portion of the group devotes its time to understanding emerging trends and investigating potential new threats to the organization. Clear organizational design facilitates working in a collaborative manner with other control functions and business managers.
  • Governance – Risk plays a key role in governance and risk appetite is well established. Decision making throughout the organization incorporates risk in a transparent manner. This is in large part because of confidence in risk output because data and input is consistent with finance and actuarial analytics, models are validated and senior management and the board understand key assumptions and limitations.

The benefits

Realizing ERM’s promise requires more than just complex economic capital and value at risk (VAR) models. It requires confidence in these models and an understanding of their key assumptions and limitations. This confidence and understanding need to be pervasive – from risk, finance and actuarial personnel themselves, through line of business leadership, up to senior management and the board.

With a modernized platform in place, CROs and risk functions can turn their attention to managing risk, not calculating and reconciling numbers, as well as providing management and board with the best tools for intelligent decision making, confidence in capital deployment and competitive strategies consistent with risk appetite and capacity.

Critical success factors

Plan ahead and in concert with other stakeholders. The risk function is in the unique position of not having to dismantle infrastructure, but it definitely does need to build on it. The function’s relative youth and lack of legacy encumbrances mean it is in an ideal position to be a leader in modernization initiatives.

Moreover, the risk function has both an opportunity and an obligation to raise concerns about the risks involved in modernizing in an uncoordinated way or the risk to the insurer’s competitiveness from not modernizing at all.

Call to action – Next steps

Look for quick wins, like faster processing, more transparency, deeper insight, but stay true to the long-term plan. Some of these quick wins can be cost savings opportunities. For example, an inventory of documented models can reduce the number of models (and associated maintenance cost) by weeding out redundancies. In addition, the company can streamline internal reports when all areas use the same foundational data and calculations. Moreover, the company may be able to rationalize multi-jurisdictional, external and regulatory reporting.