Tag Archives: risk management

How Risk Managers Must Adapt to COVID

Risk managers who specialize in catastrophe planning and pricing are coming to grips with the idea that the financial cost of today’s pandemic will dwarf last decade’s​ ​historic​ losses from natural disasters and cyber hacking. According to researchers​, insurers kept pace last decade, saving lives and mitigating the economic hit, through increased use of data analytics and technology in risk modeling and claims processing. Today, the global scale of the pandemic’s economic fallout makes it more urgent for insurers to adopt and upgrade their digital enablement strategies quickly.

But, given the industry’s large base of cumbersome legacy systems, insurers notably​ ​lag behind other market sectors in adopting these much-needed innovations. To modernize core risk management systems and future-proof policy underwriting processes at the scale and speed required, ​experts​ say low-code application development tools should be incorporated within the enterprise.

“Low-code”— a visual development approach for building software using drag-and-drop components that is transforming the way applications are built — has been​ ​vetted​ by analysts as a powerful and effective means to reach a strategic end. For risk managers, that goal is to jumpstart the targeted use of next-generation capabilities, including cloud-based software deployment, artificial intelligence and augmented reality/virtual reality, all of which can be integrated into legacy systems with low-code tooling. Each has a specific way of empowering lean teams of specialists to handle the coming spike in claims, sort through market confusion, conduct complex tasks remotely and assess new sources of risk, while relying on core systems to maintain daily operations.

How Low-Code Bridges the Gap

First, a robust, low-code development platform enables a diverse talent pool of business experts to collaborate with IT teams and coding professionals. This approach captures the knowledge, expertise and iterative feedback of business-focused experts throughout the entire software development lifecycle, enabling quick deployment of customized, targeted software for web and mobile use.

Second, the underlying architecture of low-code platforms prioritizes integration, connectivity and openness. This enables enterprises to extend their digital capabilities with next-gen innovations while keeping their legacy systems’ core clean and secure.

Here are four aspects of technology enablement that empower risk managers to handle newly scaled-up demands and position the enterprise for success in the “new normal.”

The Cloud Enables Resilience

Compared with other business verticals, the insurance industry is late to adopt and fully leverage cloud-based software deployment. A 2019​ ​Deloitte survey​ on insurance trends found that nearly half of all respondents — 48% — were comfortable with a three-year time frame to adopt cloud technology.

But pandemics have a way of rewriting the rules. Today, risk managers are working remotely and require access to data and workflow processes often managed on mainframes. More than one insurance firm recently experienced operational delays when its data centers were hit with connection challenges. Ops teams were not allowed to go onsite to restart these systems until state officials modified their shelter-in-place orders.

In contrast, cloud-based operations are highly resilient. By design, the cloud enables business continuity from small and large interruptions, with a rolling system of global availability spread across geographically dispersed locations. Cloud-based operations today play a vital role in enterprise business continuity, including an insurer’s own disaster recovery strategies.

The low-code platform is cloud-native, offering the security of housing systems remotely and enabling seamless workforce access from anywhere. Regardless of what triggers a systemic shutdown, cloud-based systems will mitigate the impact.

See also: Where Were the Risk Managers for King’s Landing?  

Multi-Cloud Deployment Options Add Security

The majority of insurers have delayed cloud adoption due to data security and regulatory compliance concerns. To date, many firms still place their trust in on-premises data centers. However, cloud providers have evolved their product offerings to meet a wide range of enterprise cloud deployment strategies.

Companies requiring maximum security can adopt a fully private cloud model, or a hybrid model with the ability to “burst,” moving things to the public cloud when disaster hits or when demand spikes. Risk managers should also consider that the major cloud providers have the resources to hire the world’s best security engineers, a valuable and cost-efficient means of supplementing internal security capabilities.

AI Accelerates and Automates Contract Liability Assessments

As closures, cancellations and supply chain disruptions affect businesses, policyholders will file more and more claims. Risk managers also face uncertainty from mounting legal challenges, as underwriters are pressured by state governments and organizations to use business continuity policies to cover losses from government mandates to shelter in place, overriding existing contracts.

Business continuity policies are highly complex legal documents. Enterprise legal teams can quickly run out of bandwidth to evaluate contract liabilities triggered by the pandemic. While it is incumbent on brokers and underwriters to analyze existing contract language to map out covered risks and exclusions during these extraordinary circumstances, they need help to get it done accurately and in a timely fashion.

Applications built with low-code tools can integrate back-end systems with AI and natural language processing tools to review and flag contract language and risk mitigation strategies to ensure proper coverage. Here again, collaboration is key. Input from risk managers, executives, legal experts, process executors and IT professionals is needed to map out a firm’s current level of risk exposure, evaluate its preferred risk appetite and adjust strategic planning. Because it employs a visual “language” understandable by both technical and non-technical personnel, low-code is a powerful collaboration tool for conceiving, building and deploying digital solutions that address the massive disruption triggered by the pandemic.

Quality Assurance and Training Can Be Digitized

The limited number of risk management specialists is a challenge for the industry. Their ranks will never be large enough to thoroughly execute the tasks of onsite assessment and analysis, especially during and in the aftermath of a pandemic.

Risk managers should already be working with a checklist of qualitative items, including operational risks and associated controls, plus event and escalation triggers for risk identification and measurement. Too often, these essential processes are paper-based or stored in Excel documents. One solution to streamline these processes would be a customized mobile application combining a digitized checklist with a time-stamped photographic inventory of a plant or facility. Such an application would also improve training, documentation and knowledge transfer when new risk managers join the team.

See also: 3-Step Framework to Manage COVID Risk  

With current restrictions on business travel, the case for augmented reality tours through plant operations and factory floors makes economic sense. It may sound futuristic, but low-code developers have already integrated augmented reality into warehouse management tasks, insurance claim workflows and even cancer detection by radiologists. Similar capabilities could be leveraged by the risk management industry to confirm a range of safety standards and to analyze visual information that may require a specialist.

Collaborative Digital Initiatives to Power in the New Decade

With revenue taking a big hit, it’s key to remember that risk and recovery are two sides of the same coin. To speed the recovery process, risk professionals must help the enterprise understand the risk profile of every potential customer and reduce the overall risk profile of the organization.

Low-code application development in the cloud, along with AI, AR and other ascending technologies, can bring visibility to otherwise hidden relationships and liabilities, while ensuring that data is understood, available and actionable Risk managers and C-suite executives need to champion innovative technologies that can scale up an effective response and protect the bottom line, speeding the pace of digital adoption from ​later​ to ​now.

3-Step Framework to Manage COVID Risk

For insurance leaders, the full impacts of the COVID-19 pandemic will unfold over the coming months, but the rapid evolution of the crisis is forcing organizations to constantly evaluate how they are responding today.

Realistically, most business continuity procedures will prove inadequate. Very few would have planned and provided for a global crisis that kept virtually all of their workforce sequestered at home for weeks or months. Because there is no proven methodology for what we’re navigating today, organizations are having to collaborate virtually, sometimes on a global scale, to rapidly adapt business operations, frequently and simultaneously across several businesses on very short time cycles. Some solutions will succeed, and some will not. Others might not work until conditions change. Also, business decisions driven by the current situation will create unexpected demands on operation risk management. For example, several insurance carriers announced premium credits to their auto policyholders due to a significant drop in usage. Such decisions will require an ability to process large volume of one-time transactions, in a controlled yet customer-friendly manner.

In these conditions, insurers need a more comprehensive yet customizable approach to assess operational risk quickly and dynamicly and chart responses to COVID-19. 

Organizations should undertake a three-step approach to better understand the impact of the coronavirus on their operations, identify high-impact and high-priority areas, assess new and increased risks and develop actions to address business critical priorities.


Companies should use an integrated process-health check that brings together business continuity process and crisis management teams to define and implement targeted response decisions. A thorough assessment will identify gaps specific to the current pandemic, as well as heightened or new risks.

Some of the factors that have increased risks under COVID-19 and affect processes include:

  • Dependency on technology that is less effective when working from home 
  • Activities that require physical interaction, such as check printing and mail rooms 
  • Activities that rely on in-person interactions and meetings
  • Numerous process handoffs, particularly across functions 
  • Regulatory constraints such as time-sensitive and mandatory requirements

Insurers must quickly document processes severely affected by the current crisis and identify areas with a high number of manual touch points and mandatory in-person interactions. Companies need a framework agile enough to provide leaders with increased visibility into their processes, including changes to daily tasks, implications for working remotely and identifying tasks that cannot be handled without manual intervention. The right framework should also highlight regulatory risks for non-compliance and potential impact on quality assurance procedures.

Using strategies such as a lightweight, questionnaire-based approach, leaders can gather insights into their processes that account for the impact of COVID-19 in two to three business days and require minimal time from process owners. Responses to a well-designed questionnaire will not only identify process gaps specific to the current crisis but will also find candidates for future improvements and innovations. 

See also: Rethinking Risk Management in a COVID-19 World


A centralized and purpose-based response structure works best to solve company-wide issues for many carriers. Key decisions related to organizational priorities, customers, employees and costs must be made in the face of uncertainty and incomplete information. Central ownership and accountability in the form of a dedicated response team will ensure a consistent, iterative approach and effective risk management.

The right framework captures this information and ranks it from both business criticality and risk perspectives. Once risks have been identified and prioritized, operation leaders should align on potential scenarios and recommended solutions. While recommendations will vary across organizations and functions, they will typically include:

  • Identify processes that have changed during COVID-19 and implement new process steps on an interim basis. Rapidly create or update existing process map documentation and communicate this information to relevant stakeholders
  • Identify new risks, controls and testing procedures. Develop plans to reinforce controls that have been relaxed in any transitions to work-at-home
  • Identify and recommend changes to employee responsibilities including deprioritizing non-business critical activities, and the strategic navigation of key business continuity process resources
  • Supplement processes with additional collaboration tools to enhance remote work output, such as digital check printing solutions, document sharing tools and other interventions.

Business leaders know they need to act now instead of waiting to design the perfect solution. Senior executives should communicate to business units and function leaders a broad outline within which solutions should be developed. Such guardrails are usually based on the organization’s vision, culture, business critical requirements and other non-negotiables. Then, the focus of operations leaders must turn to segmenting the overall organization response strategy into actionable plans for their responsibility areas. Clearly, action plans should be detailed enough to include ownership, timelines and measurable, expected outcomes.


Response managers must also establish feedback loops to monitor the efficacy of their response strategy and tweak it as required. New challenges will emerge. Unanticipated situations will develop, and a significant percentage of responses will at least partially fail to meet their objective. In these scenarios, an agile, test-and-learn approach allows leaders to adapt to changing requirements as quickly as possible. Following are a few agile principles that would allow leaders to strike a balance between business support and risk management, and move forward with speed:

  • Build and deliver working solutions, with a preference to short time cycles 
  • Learn and change. Be creative and promote non-standard solutions 
  • Set up cross-functional and diverse response teams 
  • Clearly define ownership and outcome expectations 
  • Hyper-track progress, using frequent touch points

Every crisis presents opportunities, and some companies will come out of this crisis stronger. Post-crisis, speed and agility to adapt will differentiate the leaders from laggards in this new normal. According to a McKinsey study, companies that managed the 2008 financial crisis with speed, discipline and resiliency saw 30% increases in revenue and big reductions in operating costs during the recovery. 

See also: 7 Biases Customers Have About Risks  

There is an opportunity to accelerate an agenda advancing the future of work as companies consider an environment that promotes virtual teams, provides online collaboration tools to employees and uses digital operational capabilities to supplement human workers. As operations stabilize and the new normal takes hold, the response team should pivot and identify opportunities to continue to transform. This will allow companies to leverage learnings from the current crisis and build stronger crisis response capabilities.

An adaptive risk assessment framework approach requires a strong alignment among functional and operations leaders. It also requires a status cadence that allows a quick rollout of actionable recommendations, rapid reviews of their impact with process owners and the ability to course correct frequently. 

How Machine Learning and AI Reduce Risk

Risk management is integral to insurance, but it’s traditionally been an inexact science. Thanks to recent technological advances, however, risk management is about to get a long overdue upgrade.

If an eyebrow is raised, it is likely because the insurance industry has been slow to adopt technology, but artificial intelligence (AI) and machine learning are making headway. The appeal in using data to predict outcomes, drive efficiency and reduce costs has sparked intrigue and curiosity. Tack on the ability to make jobs easier and facilitate claims faster, and even the biggest skeptics, those most resistant to change, are curious about how AI can be applied.

Despite the aversion to tech or potentially costly, time-consuming operational overhauls, AI systems already have been put to work in some of the world’s largest insurance organizations, where they are used to address highly specific issues that have plagued different sectors for years. Now, the time has come to consider how AI can help with risk management.

New Data, New Insights

Much of the information that risk managers value in making assessments is not readily accessible to them today. Data in claim notes, documents, images, even injured worker sentiment requires someone manually poring through files because this type of information can’t be entered or sorted in conventional systems easily. But new, AI-based systems can incorporate and analyze these forms of unstructured data. They make it much simpler for employees — even the least tech-savvy employees — to find and interpret the elements that will be the most crucial to their decisions.

See also: How Machine Learning Transforms Insurance  

Additionally, the more that AI-based systems “read,” the faster and better they learn and understand. Models that leverage unstructured data yield more accurate and detailed analysis, and, by enabling adjusters to make more informed decisions based on data, organizations can reduce the severity and frequency of claims. This makes everyone happy. The industry can move light years forward by delivering this kind of data and analysis to risk managers’ fingertips whenever they need it.

Group Analysis

Another way in which new AI-based systems can help risk managers is by analyzing data across groups. It’s far more efficient to grasp what is happening across a portfolio or set of claims when a machine generates a report vs. reading file after file to formulate an opinion. With new tools, risk managers easily can look across very large datasets to see what’s happening collectively. They can determine the macro impact instead of relying on an isolated view of a single claim. In addition to the time and resource advantages, AI-based software spots trends and outliers that cost money unnecessarily.

Collective View Vs. Limited Project Basis

AI models also are able to draw on a wealth of historical information — information that is constantly updated. This stands in contrast to the way the world of risk works today, where most analysis is conducted on a project basis. The project ends; so does data collection. Important information is often lost in the lapse between projects. Modern AI systems solve the issue by persistently refreshing to ensure updated reports can be ready on demand. The result is a much richer and more realistic picture of what is happening in an organization’s claims.

Power of Prediction

The gold for risk management, however, lies in AI-based solutions’ ability to predict outcomes. AI applies science to risk management based on an incredible number of data points that should be considered in helping teams prepare for the future. Modern systems show risk managers the behaviors that need to change, assumptions that are incorrect and what things will look like if they continue to follow the present course. This information is so important because every customer or risk manager has observed different behaviors, which shape their views and how they conduct their jobs. AI systems parse all of this behavior to give a far more comprehensive view. Systems then can alert users to adverse trends that are developing so that teams can adjust accordingly. This not only decreases the lifespan of claims but potentially can save millions of dollars.

To gain the best predictions, however, it is necessary to use a platform solution that lets users easily gather insights and create models that learn from the entire industry, not just their own data. They then apply that information to a specific customer’s data. The more data a system can analyze, the more patterns come up, yielding more precise and valuable predictions.

See also: Key Challenges on AI, Machine Learning  

Armed with an abundance of data that is simple to access and interpret, claims managers can do their jobs faster and more easily than ever. This can make a potentially huge positive impact, not only on their own organization but also on the larger sector. As machine learning and AI-based technologies mature and are more widely adopted, the industry will become more exact. Costs will drop, and efficiency will improve, ultimately helping to transform the insurance industry.

As first published in WorkCompWire.

A Renewed Focus on EERM Practices

With third-party risks on the rise, there is renewed focus on maturing extended enterprise risk management (EERM) practices within most organizations. This focus appears to be driven by a recognition of underinvestment in EERM, coupled with mistrust of the wider uncertain economic environment.

To understand the broader risk environment and provide organizations with the insights needed to effectively assess their risk and adapt processes accordingly, Deloitte recently conducted the EERM Risk Management Survey 2019, obtaining perspectives from more than 1,000 respondents across 19 countries covering all the major industry segments. Results shed light on crucial considerations surrounding economic and operating environments; investment; leadership; operating models; technology; and affiliate and subcontractor risk. More specifically:

Economic and operating environment: Economic uncertainty continues to drive a focus on cost reduction and talent investment in EERM. The main drivers for investing in third-party risk management are: cost reduction, at 62%, reduction of third-party-related incidents, at 50%, regulatory scrutiny, at 49%, and internal compliance, at 45%. Organizations urgently want to be more coordinated and consistent in extended enterprise risk management across their organization, as well to improve their processes, technologies and real-time management information across all significant risks.

Investment: Piecemeal investment has impaired EERM maturity, left certain risks neglected and hurt core basic tasks. Only 1% of organizations say they address all important EERM issues, and only a further 20% say they address most EERM issues. One of the main reasons for this maturity stall is that organizations are taking a piecemeal approach to investment – they are mostly making tactical improvements rather than investing in strategic, long-term solutions. This piecemeal approach has led to certain areas – such as exit planning and geopolitical and concentration risk – being neglected, and some organizations not doing core basic tasks well, such as understanding the nature of third-party relationships and related contractual terms.

See also: The Globalization of Risk Management  

Leadership: Boards and senior executives are championing an inside-out approach to EERM, which includes better engagement and coordination and smarter use of data. The survey reveals that boards and executive leadership continue to retain ultimate responsibility for EERM in the majority of organizations. Better engagement and coordination across internal EERM stakeholders is a top priority for boards and senior leaders. Boards are moving away from using periodically generated data to more succinct and real-time, actionable intelligence, generated online. But who has ultimate responsibility for third-party risk management? According to the survey results, 24% indicated the chief risk officer, 19% indicated other board members and 17% indicated the CEO.

Operating models: Federated structures are the most dominant operating model for EERM, underpinned by centers of excellence and shared services. More than two-thirds, 69%, of respondent organizations say they adopt a federated model, and only 11% of organizations are now highly centralized, which is down from 17% last year. Investments in shared assessments and utilities, and managed services models, are also increasing. Furthermore, co-ownership of EERM budgets is also emerging as a trend. Robust central oversight, policies, standards, services and technologies, combined with accountability by business unit and geographical leaders, is a pragmatic way to proceed.

Technology: Organizations are streamlining and standardizing EERM technology across diverse operating units. The survey confirms Deloitte’s prediction last year that a three-tiered approach for third-party risk management will continue. Smartly coordinated investments in third-party risk management technology across three tiers can drive efficiency, reduce costs, improve service levels, increase return on equity and create a more sustainable operating model. More specifically, 59% of the respondents adopted tier one, 75% adopted tier two and tier three continues to grow.

Affiliate and subcontractor risk: Organizations have poor oversight of the risks posed by their third parties’ subcontractors and affiliates. The lack of appropriate oversight of subcontractors is making it difficult for organizations to determine their strategy and approach to the management of subcontractor risk. Only 2% of survey respondents identify and monitor all subcontractors engaged by their third parties. And a further 8% only do so for their most critical relationships. Leading organizations are starting to address these blind spots through “illumination” initiatives to discover and understand these “networks within networks.” Less than 32% of organizations evaluate and monitor affiliate risks with the same rigor as they do other third parties. As affiliates are typically part of the same group, organizations are likely to have a higher level of risk intelligence on them than other third parties.

See also: Is There No Such Thing as a Bad Risk?  

For more information on Deloitte’s “2019 Extended Enterprise Risk Management Survey,” or to download a copy, please visit their website here. You can find the full report here.

TokenEx’s Alex Pezold

Alex Pezold, CEO and Co-Founder of TokenEx, talks with ITL Editor in Chief Paul Carroll about how the 10-year old company, which has been active in providing a cyber solution to the banking and payments industries, is now exploring ways to bring its data protection solution to the insurance industry. TokenEx assigns a token for sensitive data, such as a customer’s personally identifiable information, so that a company is not storing actual consumer information that is at risk in a data breach. Learn more about TokenEx.

View more Innovation Executive videos

Learn more about Innovator’s Edge