Fighting on several fronts

The chief risk officer (CRO) must adapt to help the boardroom face up to the challenges of low rates and a stringent regulatory environment.

Leading figures from around the global re/insurance sector attended a roundtable hosted by Insurance Day in conjunction with insurance group IGI in London to evaluate how best the CRO can make a positive impact. It agreed that the role of the CRO is getting ever more challenging as the pressure on boards mounts, but there are important opportunities available to be grabbed.

Participants agreed that the core role of the CRO is to enable the underwriter to assume risk in a way which best benefits the size, risk appetite and capabilities of the company.

However, the waters are becoming muddied as the CRO is being pulled in different directions, and the core functions of the role are side-lined

Michael Hoskings, CRO, Faraday said: “I would say you’re justifying your existence perhaps a little bit more than you used to because that expense ratio or expense line in the balance sheet is under more scrutiny.”

The temptation to move into areas which are outside the CROs core remit must be resisted as pressure grows for the CRO to take on a wider set of responsibilities, participants said.

“You have to remember what your core operating function is within the company, which is that professional worrier role,” added Hoskings.

“The risk function has, probably as it has in a lot of organisations, grown out from the compliance and the internal audit functions,” said HCC CRO Graham White. “One of the things that concerns me is that I don’t see the business segregated between those three entities.”

Hatem Jabsheh, chief operating officer at IGI added: “I personally think if you have a risk and capital function that’s truly embedded into the company and the decision makers understand the numbers and how to use them as part of the decision-making process, I think you’re a million times safer.

“But I’ll tell you, if the function is simply a tick box compliance function, it is a cost.  There is no value added to the company whatsoever,” he added.

The reliance of some companies on modelling is a concern for many CROs.

“When you talk about it at the board level, what does the boardroom say? As soon as there’s a problem, they get to the point where they say: ‘the model knows’,” said Ross McGee, CRO, One Re.  “No, the model doesn’t know. The model gives you a determination based on … a number of assumptions. It gives you ball-park [figures].”

Sunnie Luthra, risk and capital actuary at IGIm added: “I think the model idea has been taken to an extreme. It shouldn’t be the case that you are focused on one number. The primary use of the model should be understanding the line drivers of your business; where all the risks are coming from and then distilling them.”

The battle to establish the CRO role in the boardroom comes at a time when CROs are fighting to keep ahead of a tide of regulatory change and ensure compliance with current regimes. The fear is that these efforts come at a cost to the CRO’s ability to manage their core company risks.

The EU’s Solvency II regulations which were implemented two years ago to create a risk-based solvency regime has, in the view of many in the industry, gone too far and the rigidity of the rules continues to stifle innovation. This is particularly true in the specialty markets where high-value, low-volume claims come with a significant capital weighting. It has been exacerbated by the fact that the regulatory challenges come at a time when the market faces the disruptive threat of digital entrants.

Simon Spurr, group head of risk management at IGI, added: “I think there’s been a polarisation towards how you comply with the measures contained in Solvency II, and with it we have actually lost sight of common sense.”

“One of the issues is the hidden risk; I call it the big project fatigue at present in the business,” said Graham White.  “We went through Solvency II, that took management time away; we are going through Brexit, [the entry of the General Data Protection Regulation] (GDPR), and IFRS is on the horizon.  I have concerns about the business not focusing on the risks they are writing rather than these big, big projects and that’s an issue.”

CROs said they believed that the regulatory burden the industry faces will only increase as the exposures they face become larger. The concern is that while the EU looks towards demanding that international risk centres have a regulatory regime equivalent to that of Solvency II, there is little hope that the industry will have any success in its efforts to engage with the European Commission to highlight where it believes the regulations have gone too far.