Nonfinancial risks top concerns for financial institutions: Deloitte

Financial institutions are seeing a new wave of risks threaten their horizon.

Cybersecurity was named by 67% of respondents as one of the three risk types that would increase the most in importance, including 40% who named it as number one — far more than any other risk type. (Photo: Shutterstock)

Risk management in today’s global marketplace is much like being a juggler — except the objects being juggled continue to increase with no end in sight. Even when a groove is established and everything is seemingly under control, something can spring up and cause the objects to come crashing down.

The risks of today have been fermenting for some time. Nonfinancial risks like cybersecurity, third-party and conduct risk, in particular, continue to erode at the stability of those in the insurance industry. The rise of chief risk officers (CRO) and enterprise risk management (ERM) programs are two clear ways the industry has responded to the changing times, but it can’t stop there.

“Despite the relative calm in the global economy, risk management today is confronting a series of substantial impending risks that will require financial services institutions to rethink traditional approaches,” reads the executive summary in Deloitte’s Global risk management survey, 11th edition.

The survey gathered the views of CROs or their equivalents at 94 financial services institutions around the world, most of which are headquartered in the U.S./Canada, Europe or the Asia Pacific. The participating institutions provide a range of financial services, including banking (61%), investment management (49%) and insurance (46%).

While advances in technology have certainly helped, there is much work to be done before risk managers and risk management programs are keeping up with the pace that risks are developing at. With this in mind, here are the biggest takeaways from Deloitte’s latest report and what it means for the insurance industry.

Related: Allianz identifies top global business risks to watch in 2019

Who’s on board?

Following the financial crisis in 2008, risk governance and the role of the board of directors in risk management increased substantially in importance.

Deloitte’s analysis found board of directors at most institutions have a wide range of risk management responsibilities:

Another rising trend is the presence of one or more risk management expert on a board risk committee, something that is becoming a regulatory expectation for larger institutions. Eighty-four percent (84%) of respondents in the survey said their institution has one or more risk management expert on its board risk committee, up from 67% two years ago.

The CRO is almost universally found in most financial institutions as 95% of respondents said they have a CRO or some equivalent position.

An ERM program, which is designed to implement a process to identify and manage risks facing an institution, is also increasing in prevalence with 83% of institutions responding to the survey stating they have an ERM program in place, up from 73% in a previous Deloitte survey.

Brexit uncertainty, a brewing trade war between the U.S. and China and an increasing number of natural disasters are just a few elements among the volatility that surrounds today’s global marketplace. The role risk management plays going forward will be called upon even further to counter any future unpredictability.

Related: Who’s on board when it comes to cyber resilience?

Size matters when testing risk

To assess the risks in the insurance industry today, a wide variety of methods have been employed. The methods tend to vary when an insurer’s size is factored.

Stress testing is used more often by larger insurers. Stress testing is used as a primary methodology by 65% of the largest insurers, compared to 50% of mid-size and 20% of smaller insurance companies. Economic capital is also used much more often as a primary methodology by the largest insurers (71%) than by mid-size (31%) or small insurers (33%).

Respondents said their institutions use a variety of methods as either a primary or secondary methodology to assess insurance risk. (Photo: Deloitte)

In contrast, value at risk is more often a primary methodology at small insurance companies (60%) than at mid-size (31%) or large companies (44%). Claims ratio analysis is also more often a primary methodology at small insurers (75%) than at mid-size (46%) or large companies (56%).

Regardless, most — if not all — small, mid-size and large are incorporating new technologies into their repertoire. Artificial intelligence (AI) and risk analytic technologies are expected to enhance pricing and underwriting capabilities, thereby improving all aspects related to risk assessment.

“Yet these technologies will create their own risk management issues. For example, the increased use of AI-powered real-time claims processing will demand new types of fraud risk management, including real-time detection,” reads Deloitte’s report. “The increased level of personalization allowed by these technologies, such as in price and cover, create the potential for customer pricing issues and socioeconomic impacts, which might lead to additional regulatory requirements regarding the use of data and AI algorithms.”

The risks on most radars

While there are countless risks on insurance companies’ radar, when asked which three risks they believed would increase the most in importance for their institution over the next two years, there was a broad consensus: cybersecurity.

Cybersecurity was named by 67% of respondents as one of the three risk types that would increase the most in importance, including 40% who named it as number one — far more than any other risk type.

Cybersecurity has received increased attention from regulatory authorities recently, in large part due to a number of high-profile cases of hacking and other misconduct. (Photo: Deloitte)

Strategic (27%, with 12% naming it as number one) was the risk type named next often after cybersecurity. “The heightened focus on strategic risk is consistent with the current uncertainty and unevenness in the global business environment and markets,” reads Deloitte’s report.

Regulatory/compliance (25%) was named third most often among the top three risk types, although this was down from 36% in the prior survey. “While the financial services industry must comply with extensive regulatory requirements, the pace of regulatory change has abated in the current environment,” the report adds.

Related: The importance of privacy laws for insurance markets

Big data to the rescue

Financial institutions are seeing a new wave of risks threaten their horizon. To counter their potential damage, big data will have to be a prominent factor in any risk assessment equation.

Survey respondents indicated cloud computing, machine learning and business decision modeling tools, among other emerging technologies, are currently being used, but many more indicated that they are planning to use them going forward.

“In institutions that seize this opportunity, a risk-aware culture will infuse the organization, flowing from senior management as they devise [a] strategy for business units to make day-to-day business decisions,” concludes Deloitte’s report. “Risk management could be powered by digital tools that provide tools that provide early warning of impending risk events, offer insight into the factors that increase risk, allowing them instead to concentrate on identifying emerging risks and adding value.”

A full copy of Deloitte’s report can be found on the company’s website.

Related: Push for standardized data security controls for insurers gains momentum

Recommended Stories