As the global life insurance industry continues to undergo significant change, chief risk officers (CROs) have an increasingly pivotal role to play in ensuring their organizations prepare for a multitude of complex and wide-ranging challenges.
Geopolitical conflict and a changing climate
The impact of the war in Ukraine, together with the lasting effects of the pandemic, have led to a turbulent few years with higher inflation driving up interest rates and significant economic uncertainty. This geopolitical volatility has continued into 2024, exacerbated by the conflict in the Middle East and the prospect of elections in over 50 countries around the world. Against this backdrop, CROs will need to continually consider the wider potential implications of geopolitical risks on an insurer's risk profile, both economic and operational.
Climate change, meanwhile, is complex, nuanced and characterized by uncertainty. The Institute and Faculty of Actuaries (IFoA) has warned that current climate-change scenario modeling techniques are significantly underestimating climate risk, with too much of a focus on regulatory scenarios, which, while they introduce consistency, also introduce the risk of groupthink. In addition, these techniques still exclude many catastrophic impacts that we can expect from climate change – they simply do not exist or are not well represented in models and methods that we use today.
Also, the focus of most life insurers' investigations into climate change has been on the direct impact of physical and transitional risks on asset portfolios without considering the potential wider indirect impacts on both assets and liabilities--for example, considering how variations in climate might affect policyholder behavior, which could in turn affect mortality or persistency. To be more effective, CROs will need to address the material limitations and uncertainties of scenario modeling.
Climate change requires a new lens through which to view materiality and proportionality, alongside current methods. The global risk landscape is more complex and connected, and the potential for disasters to cascade through systems is increasing with the impacts having greater geographical, social and temporal reach.
Regulation rising on the CRO radar
In the U.K., Solvency U.K. reforms have been well communicated, with changes to the risk margin having come into effect at the end of 2023 and matching adjustment reforms due in the middle of 2024. The PRA have also recently focused on funded reinsurance as one of their top priorities for 2024. The CRO will need to consider the impact of recapture on capital requirements, considering how collateral links to their risk appetite and have a plan for taking ownership of assets and liabilities in the event of recapture.
Meanwhile, IFRS 17 has been a long time coming, and our recent global survey of over 300 firms suggests more work is needed to complete the job. So far, much of the burden has fallen on the finance function to interpret the standard, implement new methodology and assumptions, adopt new systems and cope with increased complexity in the reporting. This is set to change, with CROs expected to become more involved. This is because the new IFRS standard contains more judgment than its predecessors. And where there is judgment, you typically see a greater level of oversight. IFRS 17 results are also externally reported, so a risk function is likely to have a closer view over model reliability.
See also: Building an Effective Risk Culture
Consumer outcomes and operational resilience
Regulatory focus in the U.K. during 2024 seems concentrated on consumer outcomes, evidenced by the rollout of the consumer duty introducing a new consumer principle that requires firms to deliver good outcomes for retail customers. It goes further by requiring firms to enable their customers to make effective decisions that are in their own interests. This is intended by the regulator to be a paradigm shift in delivering a higher standard of customer care and protection in the market.
This links to operational resilience, which is focused on the ability of insurers to adapt and respond to operational disruption. For example, the Financial Conduct Authority in the U.K. has been focusing on the potential impact on consumers, such as when disruption leads to claims not being paid. Significant progress has been made, with risk functions heavily involved in designing operational resilience frameworks and putting in place impact tolerances, with CROs continuing to have an integral role in the review and challenge in these areas.
Raising the bar on model risk
Actuarial valuation models or day-to-day tools such as Excel used to produce key information to stakeholders are not always well governed, potentially leading to key numbers reported by a life insurer being incorrect due to the data calculations or process involved. This risk is exacerbated with the increased use of open source tools and data science techniques in models. While not a new challenge for life insurers in 2024, we do see a variety of levels of maturity in the market in terms of addressing model risk in the business, coupled with obvious intent by the regulator following a recent supervisory statement to U.K. banks, which we expect will require investment to raise the bar on model risk this year and into next.
The incentive for insurers to make that investment is clear. Strong model governance provides greater confidence in reported results. Whether it's Solvency II or IFRS 17, quotes on new business acquisition pricing, numbers communicated in letters or online to customers, it's not uncommon to see material errors in reporting. These can and have had real business consequences, needing rework and redress. Yet, all too often, firms only implement strong model governance once they have made a material error.
See also: Behavioral Science and Life Insurance
Preparing for the unexpected
The CRO is responsible for maintaining an effective risk framework to help guide the business through foreseeable regulatory and business change, and with which the company can safely execute its strategy. For example, the business needs to have a clear risk appetite and risk limits to manage certain exposures. In addition to this responsibility, the CRO will also need to have the capability and tools to monitor and respond to a much wider myriad of emerging or horizon risks that have the potential to affect the business, some at high velocity and with little warning.
You can bet your bottom dollar that the risk event that does arise will be slightly different to any that an insurer has potentially foreseen or modeled in advance. The rapid rise of generative AI is a clear example of a disruptive force, that is both risk and opportunity. The technology has evolved at astonishing speed with insurers finding themselves scrambling on a steep learning curve to recognize the risks and leverage the potential of generative AI.
With insurers having to deal with increasingly complex challenges and opportunities, we expect to see CROs taking on a wider strategic role within their organizations. The risk function has a pivotal role to play in the most difficult discussions and decisions, helping to identify, assess and mitigate risks that threaten the viability of business models and the achievement of sustainable growth in the face of uncertainty.