As the global life insurance industry continues to undergo significant change, Chief Risk Officers (CROs) have an increasingly pivotal role to play in ensuring their organizations adapt. With new regulation being introduced, arising external environmental changes and evolving risks – what are the biggest issues facing the risk function in 2024?
CROs have a lot to juggle in trying to help steer their firm safely through the myriad of complexities they face.”Philip Tervit | Senior Director, Insurance Consulting and Technology, WTW
In this episode of (Re)thinking Insurance, Mark Mennemeyer is joined by Philip Tervit and Niamh Carr to explore the top ten key challenges for CROs in the year ahead; from Climate risk and Model risk, to making sense of IFRS 17 and ensuring their risk framework is operating effectively.
The top ten challenges facing Chief Risk Officers in life insurance for 2024
NIAMH CARR: But for me, I think if you look at the top 10, it shows just the wide variety of issues that insurers are dealing with. But also, as we see CROs take on more of a strategic role with insurers, that the risk team have a pivotal role in providing guidance, oversight, and counsel on these topics. And this variety for me means that personally, I think it's quite an exciting time to be involved in risk management.
SPEAKER: You're listening to (Re)thinking Insurance, a podcast series from WTW where we discuss the issues facing P&C, life, and composite insurers around the globe, as well as exploring the latest tools, techniques, and innovations that will help you rethink insurance.
MARK MENNEMEYER: Hello. Welcome to (Re)thinking Insurance. I'm your host, Mark Mennemeyer, and today we're talking about key priorities for life insurance chief risk officers. I'm joined by two of our risk experts, Phil and Niamh. Thanks, both of you, for being here. I'd like to start by asking you to introduce yourselves and describe your background in this topic. And then just for fun, let's get to know you a little bit better and also stay on theme. So as you do, could you tell me about one of the riskiest things you've ever done? And Phil, maybe I'll let you go first.
PHILIP TERVIT: Yeah Thanks, Mark. And hello, everyone. I've been with WTW for two years now, but in the industry for over 20. I'm a specialist in risk, finance, and transformation. And I guess, particularly importantly in this topic, I've been a CRO for the last couple of years for a client and support the risk proposition on behalf of WTW.
The riskiest thing? That's an easy one for me. I had a near-death experience whilst diving with my wife in search of hammerhead sharks. The sharks turned out to be absolutely fine. But rather, my wife's oxygen tank bashed my head at some 30 meters below surface and I lost my own air supply. So that was really scary, and I'm told, entirely unintentional.
MARK MENNEMEYER: That's terrifying. But I'm glad that you made it through OK to tell us about it. So thanks. Thanks for being here. Niamh, over to you.
NIAMH CARR: Thanks, Mark. So I'm Niamh Carr. I'm Deputy Lead of our UK and Ireland Life Consulting Team, and I've been with WTW for over 20 years now. And in that time, I've focused on both risk and Capital Management, and I currently lead our UK and Ireland Risk and ESG proposition.
In terms of the riskiest thing I've ever done, one of the riskiest things is I did a freefall abseil down the ArcelorMittal orbital sculpture in the London Olympic Park a few years ago. And that's the UK's tallest sculpture. And it was as part of a WTW group raising money for charity. It felt quite risky going out over the edge. But in practice, I think it was probably an example of really good risk management. The safety equipment was brilliant. But the view was amazing over the Olympic Park. It was an incredible thing to do.
MARK MENNEMEYER: Sounds perfect. Let's start with some of the basics. Phil, if you want to kick us off, tell us, what is risk management in life insurance, and why are we talking about it today?
PHILIP TERVIT: Yeah. Very simply, life insurers act to provide insurance against life events when a customer needs them, whether it's health-related, such as a personal accident or death. But it also includes retirement provisioning in the form of pensions. Life insurers I guess, essentially are in the business of taking on risk in exchange for a premium. And therefore, risk management itself is a fundamental component of the business. And we're talking about it today because risk management in life insurance is complex, it's evolving, and we believe there are pertinent matters to consider in the year ahead.
MARK MENNEMEYER: And because risk is so fundamental to the insurance business model, insurers clearly have dedicated risk management functions themselves. Can you explain more about that structure and how it works?
PHILIP TERVIT: Sure. Many of our listeners will be familiar with the three lines of defense model adopted in financial services. Risk are the second line of defense, headed up by the chief risk officer and comprised typically by a range of financial, operational, and compliance experts. And whilst this podcast will focus on the CRO and his or her team, risk management and life insurers is relevant to first-line functions such as marketing, operations, and finance, too. Ultimately, risk management starts with the first line.
MARK MENNEMEYER: Great. Thanks for that. So let's get more specific into the world of the CRO I understand you maintain a list of CRO top 10 issues. Could you describe that for us?
PHILIP TERVIT: That's right. That's something I hold dearly. The CRO's got a lot to juggle in trying to steer their firm safely through a myriad of complexities they face. And we maintain a CRO top 10 as a way to focus on the very biggest issues that we believe the majority of life insurers are facing into.
Where does the list come from? Well, we spend a lot of time and effort scanning the market and the related regulation. We have regular client engagements. So in some ways, the top 10 reflects their issues and challenges and plans. And also host risk events such as CRO dinners and so on and so forth. So it's informed by those many inputs.
And we'll go through the top 10 in a moment or two, but I should add that this list changes. New regulation comes to market. External environment changes arise beyond the insurance industry and into societal changes. And risks can also evolve by means of one's own business strategy changing and evolving over time. And also, I should say, the focus today is on life insurance, but some of these equally evolve and play into the general insurance market.
MARK MENNEMEYER: Niamh, let's shift over to you. Could you take us through the current list of the CRO top 10?
NIAMH CARR: Yes, of course. So the first three are really focused on the external environment in which we operate. And they are the exposure to the external and geopolitical global market, cyber risk, and climate risk. The next four relate to regulatory focus. So they are regulatory capital reform. So this is focused on Solvency UK and Solvency II reform in the UK and Europe. But also, there's many other regulatory changes taking place globally with a focus on capital.
The fifth is making sense of IFRS 17. The sixth is customer outcomes leading to regulations such as consumer duty and operational resilience in the UK. And then the seventh is model risk. Then we come on to aspects related to the insurer's strategy, the eighth being liquid assets as insurers invest in more and more private assets to back their liabilities. And the ninth, looking at new products and underwriting.
And finally, the last of the 10 is the risk framework itself. So this is where the onus falls upon the CRO to ensure that the firm has an effective risk framework on which it can safely execute its strategy. So for example, they need to have a clear risk appetite and risk limits to manage certain exposures. And this is really likely to always be in the top 10, as the CRO needs to ensure that this is operating effectively all the time.
MARK MENNEMEYER: Yeah, that's quite a good list, and clearly there's a lot there. Could we delve into a few of them more specifically, and why they're important in 2024?
NIAMH CARR: Yeah. So looking at the first of these, the impact of the current external and geopolitical environment is clearly very important. So we've seen that the impact of the war in Ukraine together with the lasting effects of the pandemic have led to a turbulent few years with higher inflation leading to increases in interest rates and significant economic uncertainty, and this seems set to continue in 2024.
So we face ongoing conflict in the Middle East, together with elections taking place in over 50 countries around the world. And this means that CROs will need to continually consider the wider potential implications of geopolitical risks on an insurer's risk profile, both economic and operational. What might be a bit easier to predict are the impacts of regulatory capital reforms.
So in the UK, the Solvency UK reforms have been well communicated, with changes to the risk margin coming into effect at the end of 2023 and matching adjustment reforms due in the middle of 2024. However, we still wait to see the full details of how the regulators implement these changes with significant work for some risk management functions required to support MA attestation.
PHILIP TERVIT: I was just going to add in a little bit there that's related to this, which is around model risk. And in its widest sense, model risk to me is the risk that the calculation kernels. For example, actuarial valuation models or day-to-day tools such as Excel use to produce key information to stakeholders are unreliable. Or more bluntly, the key numbers reported by the life insurer are incorrect due to the data calculations or process involved.
So what we've seen in the UK-- but this does apply wider, is a key focus on this. And indeed, there's been a recent supervisory statement to the UK banks. Whilst not a new challenge for life insurers in 2024, what we do see is a variety of levels of maturity in the market in terms of addressing model risk in the business. And couple that with a clear intent by the regulator-- it is foreseeable that this is an area that will require investment to raise the bar in this year and into next.
MARK MENNEMEYER: And what's in it for the insurer to make that kind of an investment?
PHILIP TERVIT: For me, strong model governance provides greater confidence in reported results. Whether it's Solvency II or IFRS 17 quotes on new business acquisition pricing or numbers communicated in letters or online to your customers, it's not uncommon to see material errors in reporting. And these can and have had real business consequences and need rework as well as redress, for example. And all too often, firms only implement strong model governance once they have made a material error.
MARK MENNEMEYER: OK. And Phil, back to you. What's not in the CRO top 10?
PHILIP TERVIT: For me, the CRO runs a wider framework upon which they seek to help guide the business through of foreseeable regulatory change and business change and so on. But what they will also have within their capability is the need to monitor emerging risks. Or horizon risks can also be a term that's used.
And there, you've got a much wider myriad of risks that could impact the business, some of which have high velocity and could impact quickly. And those sometimes garner quite a lot of specific mitigants or reactions that need to be either already up their sleeve or ready for implementation. Or indeed, just having the set of tools that with which to respond should you need to.
So we do a lot of work with firms around what is the emerging risk process, and also how do you make that most effective, and therefore leading into recovery and resolution should such risk events arise? Because you can bet your bottom dollar, the risk event that does arise will be slightly different to any that you've potentially foreseen or modeled in advance.
One such example-- and there are many, but something that is increasingly coming both from horizon into more near-term type consideration is generative AI and how that is impacting the business. Or indeed, being used by the business, and whether that's a sort of asset, or is it a risk? It's certainly a topic that needs to be considered more fully.
MARK MENNEMEYER: Niamh, one of the items in your list was climate risk. Can you expand more on what life insurers need to consider in this regard?
NIAMH CARR: Yeah. So climate risk is actually an example of a risk that has been on emerging risk registers for a long period of time, and there's quite a lot of debate about whether it's emerging or emerged. But actually, I think what's important is actually to consider what the potential impacts on the business could be rather than debate about that debate.
I think the use of scenario analysis is a really impactful way of considering the potential impact of emerging risks, and help businesses react quickly when unforeseen events do occur. And insurers and reinsurers have spent quite a lot of time and effort looking at climate-related scenarios and the potential impact on their business. And this has been driven by regulatory pressure and shareholder pressure, but also quite a lot of internal stakeholder interest.
But what we have seen is that there has been some discussion recently about how useful that scenario analysis has actually been. So recent publication from the Institute of Faculty of Actuaries noted that many climate scenario models are actually underestimating climate risk, and that regulatory scenarios-- so those scenarios that are consistent scenarios-- they have the benefit of being consistent across insurers. But they also introduce the risk of groupthink and outcomes being taken too literally and out of context.
What we have seen is that the focus of most life insurers' investigations into climate change has been on the impact of physical and transitional risks on asset portfolios without considering the potential impact on liabilities. So I think there's more work to be done in looking at climate scenarios and more work for risk function to be involved in that. And we have seen recently an increasing number of life insurers and reinsurers have started to turn their attention to the liability side. For example, considering how variations in climate might affect mortality. And we expect this to continue in 2024.
MARK MENNEMEYER: Thanks for that. Another item in the list was IFRS 17. And by the way, for the US listeners, although the details are different, I would imagine that from a risk perspective you could be thinking about GAAP LDTI and still hit many of the same points. So could we talk about this a little bit more? And Phil, maybe that's a good one for you, if you could explain IFRS 17 from the CRO lens?
PHILIP TERVIT: Certainly. So most of our listeners will have some awareness of IFRS 17, which is the new IFRS insurance standard. So unless exempted or, as you illustrated, from a US perspective, insurers globally are adopting this new standard to report their earnings with a view to consistency and transparency in the market. It's been a long time coming, and our recent global survey of over 300 firms suggests there is much more to do to complete the job.
I guess as we talk today, much of the burden has fallen upon the finance function to interpret the standard, implement new methodology and assumptions, adopt new systems, and to cope with increased complexity in the reporting, and ultimately prepare for audit standard results to the market. So no easy task.
MARK MENNEMEYER: And so there must be a key role there for the CRO, correct?
PHILIP TERVIT: Yeah. What we've seen at this point in time is quite a varied level of input from the CRO and the risk functions. Where our risk team are heavily involved in risk and capital, and more generally prudential metrics, is high, the involvement in accounting has typically been less direct. So I think to some degree, that is now changing and I foresee the CRO and risk functions getting more involved in IFRS 17 than they have been to date. And here's a few reasons.
Firstly, the new IFRS standard contains more judgment than previous IFRS standards. And where there's judgment, I would typically see a greater level of oversight. There are also closer parallels to regulatory reporting-- for example, Solvency II-- than before. So there is overlap to consider. And thirdly, I mentioned model governance before. And IFRS 17 results are externally reported, and hence key. And as such, I would expect a risk function to have a view over model reliability.
Again, the parallels globally, depending on where our listeners are-- things like Sarbanes-Oxley would also be of relevance here. So from a control perspective, that could be another key reason for the CRO to have an increased involvement before. So I guess if you're in a risk function and you're feeling like right now, you're not as close to IFRS 17 as you would like, that's the comments we are hearing and feeling. But think that will change in 2024 as it becomes ever more a priority in the wider firm outwith finance.
MARK MENNEMEYER: Yeah. That makes a lot of sense. Thanks for that. One more in the list that I'd like to dig into a bit deeper-- customer outcomes. Could you both help to explain that one a little bit more? And Phil, maybe start with you?
PHILIP TERVIT: Sure. Forgive me, this is from a UK regulatory angle. But I think some of this is being seen more globally as well. But from a UK perspective, the regulator is currently very focused on consumer outcomes, and they've rolled that out in the form of what's called the consumer duty. And the consumer duty introduces a new consumer principle, which requires firms to act to deliver good outcomes for retail customers. It goes further in placing an onus on firms to equip their customers, to make effective decisions in their interests.
So why is this important? Well, you'll see rhetoric along the lines of this being a paradigm shift in delivering a higher standard of customer care and protection in the market. So that's a key backdrop. The regulator's heavily focused on this, and it's leading to actions of insurers in the UK market. So it's a topic that alone garners its own podcasts and articles, some of which are available on the WTW website. But a really key focus into 2024.
NIAMH CARR: And I think linked to this is regulation around operational resilience. So this is focused on the ability of insurers to adapt and respond to operational disruption. So in the UK in particular, the Financial Conduct Authority is focusing on the potential impact on consumers. So for example, if disruption leads to claims not being paid.
And quite a lot of work has been done in the UK on this to date with risk functions being heavily involved in designing operational resilience frameworks and putting in place impact tolerances. So the focus is moving into line one with the need to embed operational resilience and business operations, but risk will have an ongoing role in reviewing and challenging line one on these aspects. And their regulations on operational resilience are being brought into other jurisdictions as well, for example, in Ireland. So this is an ongoing area of focus for risk functions as well.
PHILIP TERVIT: Is it worth to say, I think it's a really helpful framework, Niamh, in as much as what firms are being asked to do is articulate what their important business services are. So if for, example, you're an annuity writer, you've got a really important customer business service to pay your annuitants there essentially the income upon which they rely each month.
And then you're being asked to scrutinize what parts of the chain in delivery of that monetary payment to your customer could fall over. And if it were to fall over, what can you do to readily stand that process back up again? So it's proven to be quite a helpful framework upon which to really scrutinize what your areas of weakness could be.
MARK MENNEMEYER: Yeah. It's very interesting. Thanks for describing that. So drawing the podcast to a close, there is a lot for the CRO to be thinking about in 2024. Any final thoughts that either of you want to share?
PHILIP TERVIT: I guess today we've discussed the CRO top 10, and these are likely to be on many the planning lists for the coming year and things to keep on top of. And that is no easy task, but I've always learned to leave a bit of extra capacity for the unexpected. And so the external or internal events that will occur-- we can only hypothesize about these right at the start of the year. And there will be things that arise that we don't foresee, so leaving the capacity for the unknowns is key.
NIAMH CARR: So for me, I think if you look at the top 10, it shows just the wide variety of issues that insurers are dealing with. But also, as we see CROs take on more of a strategic role within insurers, that the risk team have a pivotal role in providing guidance, oversight, and counsel on these topics. And this variety for me means that personally, I think it's quite an exciting time to be involved in risk management.
MARK MENNEMEYER: Well, Phil and Niamh, thanks again. It was great to hear your perspectives. And to all of our listeners, thanks for joining us. We'll catch you again on the next episode of (Re)thinking Insurance.
PHILIP TERVIT: Thank you.
NIAMH CARR: Thank you.
SPEAKER: Thank you for joining us for this WTW podcast featuring the latest perspectives on the intersection of people, capital, and risk. For more information, visit the Insights section of wtwco.com. This podcast is for general discussion and/or information only. It is not intended to be relied upon, and action based on or in connection with anything contained herein should not be taken without first obtaining specific advice from a suitably qualified professional.
Mark is a Senior Director in the Insurance Consulting and Technology business. He has over 15 years of experience working with U.S. domestic and international insurers on topics that include capital modeling, risk management, financial modeling and reporting, and M&A.
Philip is a Senior Director in the Insurance Consulting and Technology business and leads our Accumulation and Savings segment offering. He has more than 20 years of industry experience in senior Risk, Finance and Transformation roles and is a former Master Trust Trustee.
Niamh is a Senior Director in the Insurance Consulting and Technology business and has over 20 years’ experience in the life insurance industry in the UK and Europe. She is the Deputy Leader for our UK and Ireland Consulting and Technology life team and leader of our UKI Life Risk & Climate proposition.