Insurance companies discover that solid risk management depends upon building stronger insurance risk culture

Insurers must build stronger insurance risk culture

Regulators urge insurers to build deeper risk cultures to drive the right risk behaviors.

Related content

Man paragliding

Traditionally, ‘risk’ within insurance is seen as solely the domain of the actuary. This is no longer the case.

As financial regulators take a heightened interest in insurance company risk management, they note that insurance risk cultures should be based on sound, articulated values and be carefully managed by company leadership. They opine that insurers with 
a strong risk management culture and ethical business practices are less likely to experience damaging risk events and are better placed to deal with those events that do occur. 

Why insurance risk culture matters

Risk culture can be described as the way in which decision-makers at all levels within an insurer consider and take risks. However, defining risk culture, and establishing a sound risk management framework, is a considerable challenge.

Traditionally, ‘risk’ within insurance is seen as solely the domain of the actuary, and employees in customer-facing or product design positions may have never even acknowledged that there is a risk management element to their work. Consequently, many organizations fail to prevent excessive or inappropriate risk-taking, which can, in some cases, cause significant losses, penalties and negative publicity. 

In organizations with weak or undeveloped risk cultures, responsibility for risk management is unclear, with 
lack of board oversight and direction, 
low awareness of risks amongst employees, and deficiencies in risk monitoring, reporting and controls. The risk management function itself is typically under-resourced and under-qualified. 

Perhaps more importantly, individuals 
are not measured or incentivized on 
risk performance, and there is an over-tolerant attitude to breaches or mistakes, with those taking excessive 
or inappropriate risks rarely disciplined, implying that such behavior is acceptable. 

Insurance companies’ reputations are also at daily risk from poor service quality resulting from slow, inaccurate or unfair claims handling, or marketing messages that over-promise benefits.

Regulators examine insurance risk behavior

Compliance reporting, for regulations including Solvency II and International Financial Reporting Standards (IFRS), can also highlight weaknesses in risk management. Insurers may be unable to demonstrate that controls are in place, and being adhered to, and fail to produce accurate reporting that paints a true picture of the business. 

Consequently, regulators are demanding more risk-sensitive capital regimes, as well as stress and scenario requirements. They are also, increasingly, requiring a clearly articulated risk appetite statement, better assessments of risk management frameworks and risk culture, and expecting senior executives to be rewarded directly for encouraging sensible risk-taking behavior that supports long-term corporate financial interests. 

Measuring insurance risk management frameworks

There are three important questions to help insurance companies improve their risk capabilities:

  • Does the organization have appropriate structures and processes in place to define the desired culture?
  • Are those structures and processes adequate to create the desired culture?
  • Do structures and processes drive effective behaviors in practice? 

An in-depth evaluation involves close scrutiny of risk and compliance policies and past interactions with regulators, along with detailed observations of staff behavior at all levels. Data analysis can reveal patterns of customer complaints, regulatory fines and requests for closer supervision and monitoring, across different departments and locations.

To build an effective risk transformation program, an insurer should aim to build a culture aligned with strategy, values and risk appetite. It needs to detail actions to address any gaps in current risk management practices; actions that are specific, owned by an accountable executive, subject to time limits and have relevant success indicators. 

Traits of solid insurance risk cultures

Insurance companies with strong risk cultures are likely to exhibit four key characteristics:

  • Tone at the top
: The board and executive management should drive risk culture, with leaders exhibiting total consistency in words 
and actions, taking a visible lead in risk management activities – and being fully accountable when risk parameters are breached.
  • Communication
: Although leaders set the tone, senior managers of divisions and business units are also part of the communication process, which must filter down through the organization – and between departments – to the most junior people.
  • Responsiveness: 
In a risk-aware culture, issues are escalated and dealt with swiftly and decisively, before they can become major problems, with a central point of contact for all employees for the management and treatment of risks.
  • Commitment
: Risk must become second nature to all, and not something that applies only to actuaries and/or a central risk team. High profile cultural transformation programs often fail to achieve lasting change because they don’t explain how individuals should behave
to be more risk-aware. Performance management and related compensation systems are key to gaining commitment. 

Having invested in risk processes and frameworks, insurance companies must also devote resources to building a risk culture, to bring frameworks to life and to ensure adherence to policies. Once this has been achieved, all employees – not just actuaries – will be able to say that they are risk managers. 

Frontiers in Finance

The focus of the latest issue of Frontiers in Finance is on having the courage to change.

Read more

Connect with us


Request for proposal



KPMG's new digital platform

KPMG's new digital platform