Strengthening risk frameworks

Interest rates might be a challenge, but they are also an opportunity for insurers, Gus Ortega, head of operational risk management at Voya Financial, tells Risk.net

Ortega warns that insurers must adopt a more comprehensive operational risk framework against known exposures and, in terms of future-proofing, it is the awareness and understanding of risk and vulnerabilities across a firm’s employee community that will ensure an organisation’s success.

What are currently the most pertinent challenges for life insurers?

Gus Ortega: It’s a combination of factors. From a risk manager’s view, first and foremost, the Covid-19 pandemic has influenced a number of priorities for life insurers. I’d like to think interest rates are front and centre, something that is not only challenging but an opportunity for many insurers. However, from an operational risk perspective, I believe cyber security, third-party risk, environmental, social and corporate governance compliance, and operational resilience are top of mind.

I strongly feel that, now more than ever, insurance companies have a broader and perhaps a more pervasive operational risk landscape. Insurers must adopt a more comprehensive operational risk framework against known exposures that can harm their reputation from weaknesses in their business resiliency, compliance risk management frameworks and IT risk management activities.

How is compliance affecting life insurers? What measures and tools do they have in place to arm themselves for another pandemic?

Gus Ortega: One must go back to the basics of risk management. Reckon your losses, learn from them, document and track known management actions, understand your regulatory environment, and stay abreast of rules and legislation changes that can alter your risk and compliance policies and procedures. Having the ability to stay agile, informed and connected to the ever-changing business environment provides an organisation’s risk and compliance managers with the ability and insights to put controls in place that can better prepare the organisation for expected events and, where possible, avoid unexpected surprises.

There are tools we must explore, such as simple tabletop exercises and scenario analyses, and we must expand our ability to further understand where we may have vulnerabilities – whether that is in our operational or technology landscape. What we’ve learned is that one-in-50- or 100-year events are becoming a lot more frequent. It’s more important than ever to prepare around them and understand not only the primary effects but the secondary effects these events can have in and on an organisation. Addressing and focusing on single points of failure is a must, not only for life insurers but all financial institutions.

Is there regulation that is possibly imminent for your industry that insurers must actively think about and take action on next year?

Gus Ortega: While there is always regulation in the works, artificial intelligence (AI) is a key area of interest for global and US regulators, particularly as it relates to the use of customer data in the AI space. What does exist is privacy regulation around the protection of customer data and customer rights. The forthcoming regulation is expected to be around automation, statutes that will require certain jurisdictions – whether that is individual states or countries – to think about how organisations begin to consume and utilise customer data through the means of automation or robotics in a way that doesn’t imply bias.

Certain US states have begun to put rules in place and have issued guidance around this. The first that come to mind are Colorado and California – they have put some language in place around AI compliance for potential enforcement.

Could you shed some light on model governance and insurers’ ability to manage model risk?

Gus Ortega: Model governance is understanding your organisation’s model population, model documentation and rating methodology. Models are no longer limited to pricing or underwriting activities; there are algorithms based on AI used for customer segmentation or product allocation that should also be considered as models for risk management purposes. I believe we are starting to see an evolution of model governance and model risk management that goes above and beyond financial risk, evolving to take into account technology-related algorithms requiring model documentation and validation.

How is technology changing the landscape and where are life insurers on the curve of adoption – as well as just awareness of what’s out there – in terms of AI and machine learning, and all of these platforms that have been brought to the market in recent years?

Gus Ortega: I spent about 15 years in banking before making the shift to insurance, and I think banks as an industry have had a better understanding of their digital domains and can enable advanced capabilities through technology to better serve and deliver products to their customers. This is not to say that life or general insurers are not interested in the AI space, because I think the entire financial services industry is. However, there appears to be a slower transition for a life company than has been observed in banking to make use of AI platforms, and it’s my understanding this has contributed to the lack of IT investment made in the past, which is now changing as many insurers are pivoting to technology as the key enabler of their strategic business objectives.

The challenge now is trying to modernise the ecosystems in which some of those applications reside. You may have certain companies that are willing and able to undergo a shift in utilising new technology, but their IT infrastructure is not able to support it because it’s so antiquated. Companies can take the software-as-a-service and infrastructure-as-a-service approaches where the opportunity lies for a lot of these life insurance companies trying to upgrade their technology stacks much faster. The risk, however, is that your organisation then becomes so dependent on third-party service providers that it can potentially hinder your company’s growth. I think an IT strategy that is balanced and uses advance methods for products and services is likely the winning strategy. To get there, however, requires complete alignment of business goals that are, in parallel, pegged to technology spend.

How can this industry future-proof itself – are you giving your team direction on how to future-proof, whether it’s risk, pandemics or better models?

Gus Ortega: I think it all comes down to your people. You could have the greatest systems in the world, all the well-defined risk frameworks and models but, at the end of the day, it is the awareness and understanding of risk and vulnerabilities across your employee community that will ensure your organisation’s success.

If you’re in the business of issuing life policies, then you must have proper risk management in place to ensure that, if and when those policies result in some sort of claim, you’re there for that customer. Therefore, to protect your franchise, you really need to have a comprehensive risk management model. Operational risk is typically what cripples organisations – risks such as cyber breaches, data loss events, inability to perform business activities due to dependence on third parties that were not available for you at the time you needed them. These are all pertinent threats that have played out in the past few years and have cost insurers and other financial institutions hundreds of millions in losses.

Sponsored content

More from sponsor

• Asset management

Risk analytics to the rescue

Cyber security remains a challenge for insurers worldwide, according to Ron Harasym, head of risk analytics, enterprise risk management (ERM) at Protective Life Insurance Company

• 30 Mar 2022

• Asset management

Adapting to the new normal

The current interest rate environment and need to adapt to changing technology and regulatory mandates is keeping insurers on their toes, Nakul Nayyar, head of investment risk at Guardian Life, tells Risk.net

• 31 Mar 2022