Value creating risk management

A starting point for many insurer’s efforts regarding their enterprise risk management (ERM) systems has been a reactive stance, says McKinsey in their latest issue “Transforming enterprise risk management for value in the insurance industry.” In the aftermath of the financial crisis, insurance companies have been pressured by regulations, rating agencies and investors to ensure compliance with existing regulation and rules yet to be implemented.

However, some insurance companies went beyond the regulatory necessities and introduced ERMs that support strategic decisions and create real value for the company by reducing the volatility of returns and improving capital performance. A new McKinsey survey among executives of insurance companies finds that despite being confident about the risk capabilities of implemented systems, executives are rather focussed on improving risk transparency and insights.

McKinsey identifies ERMs as having four major stages of development: At the first step, which is still quite common in the industry, an ERM is just monitoring risks and ensures compliance with regulation. At the second development stage, an ERM controls losses by quantifying risks. In its third development stage, it protects value by optimising the risk-return function. Finally, an ERM is integrated into an insurer’s strategy and creates value for the company.

In a context of higher macroeconomic uncertainty, persisting low interest rates, financial-market volatility, and rising geopolitical instability, McKinsey advises insurers to integrate best practice in their risk management system based on a circular framework including: 

  1. Risk transparency and insight: Instead of looking backwards on historical data, insurers should take a forward-looking view integrated across existing and emerging risks.
  2. Risk appetite and strategy: Which risks to take and how much of each should be determined by company goals and aligned with the overall strategy, says McKinsey.
  3. Risk decisions and processes: Insurers should integrate risk information timely into processes to improve their decision making and get an integrated view on trade-offs.
  4. Risk organisations and governance: Establish teams and structures dedicated to risk management with board involvement and clear responsibilities across the organisational structure should be a priority for good risk governance.
  5. Risk culture and performance transformation: Insurance companies should measure clearly and intervene targeted to foster a strong risk culture.