During a recent meeting of a Board Risk Committee that we attended, the CEO emphasised the importance of preparing for both foreseeable emerging risks and those that crystallise unexpectedly. This perspective, particularly relevant in the aftermath of unforeseen events like COVID-19, highlights the need to focus on building skills and capabilities for an effective response.
So, we decided to follow the lead from that CEO and focus not on predictions but on the impact of trends and focus on how you might seek to build capability to respond.
During 2023, businesses face increased cost pressures, and were expected to do more with less. We see this pressure in how firms tackle their risk and compliance activities – both in risk functions and in the business. This led to a sharper focus on the efficiency and effectiveness of risk and compliance, and we see this trend continuing in 2024.
While some see increasing risk efficiency as naturally threatening effectiveness, our experience suggests this is not the case. Done appropriately, increasing risk efficiency can reduce cost and complexity, increase embedding, and improve effectiveness. This helps firms respond better to the unexpected, and second line functions support the business in making decisions and dealing with change and disruption. It requires careful listening to stakeholders’ concerns and moving away from a siloed consideration of efficiency based on a function’s headcount to a more holistic consideration of risk resource across the business.
We also anticipate firms’ focus on effectiveness and efficiency will also lead to re-examination of the distinction between compliance and regulatory risk management.
The transition from Solvency 2 to Solvency UK will continue to take up management time during 2024. Impacted firms (e.g., annuity providers, internal models) will need to consider how they optimise their operations and respond to changes. Some of these are quite subtle, beyond the headlines of the matching adjustment, e.g., the shift from model approval to model permission. This has implications for how the relationship between firms and regulators evolve and could also have significant implications for how firms respond to commercial risks and opportunities.
The focus on capital of the UK’s Solvency 2 review feels like a missed opportunity to assess the maturity of risk management in the insurance industry and explore ways to improve it. This would have required focusing on substance over legal form and on the management of risks, rather than the capital held. This perspective could unlock significant business value and lead to capability enhancements that make insurers more resilient over time.
We envisage continuing efforts to integrate sustainability considerations in underwriting. However, this is an area still characterised by policy developments and new initiatives.
The ongoing trend to strengthening and broadening disclosures - International Financial Reporting Standards (IFRS), Transition Plan Taskforce (TPT), Taskforce on Nature-related Financial Disclosures (TNFD), Corporate Sustainability Reporting Directive (CSRD) - means that finance and sustainability professionals must collaborate more closely and avoid ‘digging up the road twice’. They need to work together to develop processes and controls that enable the efficient disclosure of information, with the right level of assurance.
Firms are looking at scope 3 emissions, and increasingly recognise their suppliers’ significant impact on their carbon footprint. Proactively developing a responsible supply chain and procurement processes ensures suppliers are helping, rather hindering sustainability efforts. Arguably, this should be a continuation of an increasing focus on the management of third-party risk.
Finally, the focus on a forward-looking approach to sustainability will continue during 2024 following the recent launch of the disclosure framework from the Transition Plan Taskforce (TPT). We envisage one of the main challenges is accepting that progress is needed even if the business does not have all the answers. Transition planning is also extending to specific sectors and we note the recent release of Lloyd’s transition framework. It is still unclear how this guidance will evolve and whether it will become a formal requirement. We believe that a guidance approach is appropriate and offers an opportunity to develop an approach that suits firms’ needs and business model.
The Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) set a deadline of March 2025 for firms’ operational resilience to meet internal expectations and address vulnerabilities. 2024 is the last financial year before the deadline.
From our discussions with firms, operational resilience has helped to get greater clarity on vulnerabilities although more work is needed to meet expectations. Only leading firms have really recognised that remediation needs to start early in 2024 to ensure vulnerabilities are addressed and retested. Some firms are discovering the limitations of their ‘off the shelf’ frameworks.
A related aspect is scenario testing and its sophistication to validate that the vulnerabilities identified are appropriate. This means going beyond a tabletop approach to scenario testing and focusing on smaller, through the cycle scenario testing, rather than a big set-piece exercises. Genuinely building resilience also requires considering the operating model around resilience, including business continuity and operational risk.
Overall, there is a need to shift from refining resilience frameworks to remediating vulnerabilities and enhancing capabilities during 2024 to build the intended resilience, generate value and enable the business to respond to events more effectively.
Change and transformation is key to a firm’s ability to respond to and adapt to market uncertainty.
Stemming from COVID-19, businesses have recognised the need to be agile in the ways of working, speed to market, response to customers, and to regulatory demands. The challenge for 2024 remains how to implement a workable approach.
We continue to see transformation driven by regulation, cost, and advancements in technology. These in turn present significant opportunities to transform the underwriting, customer service and operations landscape of firms, and drive longer term improvements in operating ratios and customer satisfaction.
As firms respond to operational resilience, sustainability, and other regulatory challenges, we expect them to take a more holistic and considered approach to adapting their business models and establishing robust and resilient operating models for the future. With the Critical Third Parties consultation, we also expect the regulator to begin to turn their attention to these areas in 2024.
The continuing focus of businesses on costs and efficiency, and of customers on digital offerings are driving significant transformation efforts. Many firms will need to lay robust data and IT infrastructure, which tackle issues such as legacy systems and fragmented data landscapes to unlock true customer value.
AI has been described as ‘the coming wave’. Our view is that AI is not an existential threat at this point but a competitor with well-developed AI capabilities may well be. We envisage businesses considering the potential risk and opportunities from AI more proactively, as well as business cases and initial pilots to develop and test capabilities.
The conceptual shift required is like the one experienced by manufacturing industries about hundred years ago to shift from steam to electric power. This required reconfiguring factories and new skills rather than just substituting a source of power for another.
The ‘plumbing’, i.e., people, processes, and governance, will be important to enable firms to capture the opportunities of AI by giving more prominence to data governance and cleansing and model risk management.
Model risk management has an added regulatory perspective. The PRA issued a supervisory statement for banks, but it has not applied it to insurers, to focus on Solvency UK. Model risk management is good for business and may be increasingly coming up risk functions’ agendas as businesses optimise their operations in a competitive environment (e.g., pricing models) and model complexity increases (e.g., climate change). There is not a one-fits-all for model risk and 2024 may well be the year when insurance (and asset managers, as well) formalise their capabilities and approach to model risk management.
Our Risk Consulting team specialise in risk management, sustainability, resilience, transformation, and data and analytics.
We use our skills and experience to support insurers, asset managers and other businesses respond to business challenges and enhance their financial and operational resilience.
For more information, please contact Isaac Alfon, Justin Elks or your usual Crowe contact.
Insights