Insurers need to build a strong insurance risk culture | KPMG | AU
Share with your friends

Solid risk management depends on building stronger insurance risk culture

Insurers need to build a strong insurance risk culture

Regulators are urging insurers to build deeper risk cultures to drive the right risk behaviours.


Director, Audit, Assurance and Risk Consulting

KPMG Australia


Also on

Man paragliding

Traditionally, ‘risk’ within insurance is seen as solely the domain of the actuary. This is no longer the case.

As financial regulators take a heightened interest in insurance company risk management, they note that insurance risk cultures should be based on sound, articulated values and be carefully managed by company leadership. They opine that insurers with a strong risk management culture and ethical business practices are less likely to experience damaging risk events and are better placed to deal with those events that do occur. 

Why insurance risk culture matters

Risk culture can be described as the way in which decision-makers at all levels within an insurer consider and take risks. However, defining risk culture, and establishing a sound risk management framework, is a considerable challenge.

Traditionally, ‘risk’ within insurance is seen as solely the domain of the actuary, and employees in customer-facing or product design positions may have never even acknowledged that there is a risk management element to their work. Consequently, many organisations fail to prevent excessive or inappropriate risk-taking, which can, in some cases, cause significant losses, penalties and negative publicity. 

In organisations with weak or undeveloped risk cultures, responsibility for risk management is unclear, with lack of board oversight and direction, low awareness of risks amongst employees, and deficiencies in risk monitoring, reporting and controls. The risk management function itself is typically under-resourced and underqualified. 

Perhaps more importantly, individuals are not measured or incentivised on risk performance, and there is an over-tolerant attitude to breaches or mistakes, with those taking excessive or inappropriate risks rarely disciplined, implying that such behaviour is acceptable. 

Insurance companies’ reputations are also at daily risk from poor service quality resulting from slow, inaccurate or unfair claims handling, or marketing messages that over-promise benefits.

Regulators examine insurance risk behaviour

Compliance reporting, for regulations including Solvency II and International Financial Reporting Standards (IFRS), can also highlight weaknesses in risk management. Insurers may be unable to demonstrate that controls are in place, and being adhered to, and fail to produce accurate reporting that paints a true picture of the business. 

Consequently, regulators are demanding more risk-sensitive capital regimes, as well as stress and scenario requirements. They are also, increasingly, requiring a clearly articulated risk appetite statement, better assessments of risk management frameworks and risk culture, and expecting senior executives to be rewarded directly for encouraging sensible risk-taking behaviour that supports long-term corporate financial interests. 

Measuring insurance risk management frameworks

There are three important questions to help insurance companies improve their risk capabilities:

  • Does the organisation have appropriate structures and processes in place to define the desired culture?
  • Are those structures and processes adequate to create the desired culture?
  • Do structures and processes drive effective behaviours in practice?

An in-depth evaluation involves close scrutiny of risk and compliance policies and past interactions with regulators, along with detailed observations of staff behaviour at all levels. Data analysis can reveal patterns of customer complaints, regulatory fines and requests for closer supervision and monitoring, across different departments and locations.

To build an effective risk transformation program, an insurer should aim to build a culture aligned with strategy, values and risk appetite. It needs to detail actions to address any gaps in current risk management practices; actions that are specific, owned by an accountable executive, subject to time limits and have relevant success indicators. 

Traits of solid insurance risk cultures

Insurance companies with strong risk cultures are likely to exhibit four key characteristics:

  • Tone at the top – The board and executive management should drive risk culture, with leaders exhibiting total consistency in words 
and actions, taking a visible lead in risk management activities – and being fully accountable when risk parameters are breached.
  • Communication – Although leaders set the tone, senior managers of divisions and business units are also part of the communication process, which must filter down through the organisation – and between departments – to the most junior people.
  • Responsiveness – In a risk-aware culture, issues are escalated and dealt with swiftly and decisively, before they can become major problems, with a central point of contact for all employees for the management and treatment of risks.
  • Commitment – Risk must become second nature to all, and not something that applies only to actuaries and/or a central risk team. High profile cultural transformation programs often fail to achieve lasting change because they don’t explain how individuals should behave to be more risk-aware. Performance management and related compensation systems are key to gaining commitment. 

Having invested in risk processes and frameworks, insurance companies must also devote resources to building a risk culture, to bring frameworks to life and to ensure adherence to policies. Once this has been achieved, all employees – not just actuaries – will be able to say that they are risk managers. 

<p>© 2018 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.</p>

Connect with us


Request for proposal