published by insurance risk & operations,...

JUNE 2016

Enhancing your risk-adjusted operating model to thrive in today’s turbulent market environment

Sponsors

Media Partners

INSURANCE RISK & OPERATIONS, EUROPE

Published by

2

SECTION 1REGULATORY AND MARKET COMPLEXITY

1.1 INTERVIEW 6Living with Solvency II in the current market turmoil: Setting your risk tolerance levels and capital frameworkInterviewer:• Elena Stevenson, Report Publisher, Clear Path AnalysisInterviewee:• Simen Gaarder, Chief Risk Officer, Gjensidige Forsikring ASA

1.2 INTERVIEW 8Adapting your business operations to an ever changing regulatory landscapeInterviewer:• Noel Hillmann, Managing Director, Clear Path AnalysisInterviewee:• Eberhard Muller, Former CRO and Managing Director, Hannover Re

1.3 INTERVIEW 10Achieving yield targets in a low interest market environment: Finding secure assets and incorporating new risk management techniques Interviewer:• Noel Hillmann, Managing Director, Clear Path AnalysisInterviewee:• Thomas Wilson, CRO, Allianz

1.4 INTERVIEW 12Mastering Pillar 3 reporting – understanding the challenges and developing your processes Interviewer:• Noel Hillmann, Managing Director, Clear Path AnalysisInterviewee:• Antoine Bourdais, Director of the Banking & Insurance Division, Invoke

SECTION 2CYBER RISK AND FRAUD PREVENTION

2.1 EXPERT DEBATE 16How to future proof your business operations in the digital era: Protect yourself against cyber threatsModerator:• Sarah Mortimer, Account Director, REIN4CEPanellists:• Daniel Jäger, Head Enterprise Architecture, Swiss Re • Russell Price, Chairman, Cyber Risk & Insurance Forum

SECTION 3DISRUPTIVE TECHNOLOGIES

3.1 EXPERT DEBATE 21How and when is disruptive technology likely to reshape operations of insurance firms and what are the associated threats or opportunities? Moderator:• Sarah Mortimer, Account Director, REIN4CEPanellists:• Emmanuel Van-Grimbergen, Chief Risk Officer, Ageas• Roger Dix, Chief Risk Officer, Wesleyan Assurance Society

CONTENTS

Insurance Risk & Operations, Europe 2016

Simen GaarderChief Risk Officer, Gjensidige Forsikring ASA

Eberhard MullerFormer Chief Risk Officer and Managing Director, Hannover Re

Thomas WilsonChief Risk Officer, Allianz

Antoine BourdaisDirector of the Banking & Insurance Division, Invoke

Emmanuel Van-GrimbergenChief Risk Officer, Ageas

Georgina PattenInsurance Reporting Specialist, Clearwater Analytics

3

3.2 INTERVIEW 25The digital revolution: Forming relationships with tech and media-savvy customersInterviewer:• Elena Stevenson, Report Publisher, Clear Path AnalysisInterviewee:• Ian Simons, Marketing Director, Charted Insurance Institute

SECTION 4ENHANCING OPERATIONS AND PRODUCT INNOVATION

4.1 WHITE PAPER 30Leveraging technology to meet the vast reporting requirements of Solvency II • Georgina Patten, Insurance Reporting Specialist, Clearwater Analytics

4.2 WHITE PAPER 33Achieving improved management of outsourced claims service providers through process change. • Colin Masson, Group Claims Operations, Beazley

CONTENTS

Insurance Risk & Operations, Europe 2016

Daniel JägerHead Enterprise Architecture, Swiss Re

Russell Price Chairman, Cyber Risk & Insurance Forum

Roger DixChief Risk Officer, Wesleyan Assurance Society

Ian SimonsMarketing Director, Charted Insurance Institute

Colin MassonGroup Claims Operations, Beazley

4

FOR MORE INFORMATION: | W: www.clearpathanalysis.com | T: +44 (0) 207 193 1487 | E: [email protected]

Clear Path Analysis is a media company that specialises in the publishing of high quality, online reports and events in the financial services and investments sector.

We value your interest as without our readers there would be no reports. Please fill out our short survey to give your feedback. The survey will take approximately 3 minutes and all feedback is anonymous. Click HERE to access the survey.

Thank you for helping our reports be the best they can be.

TELL USWHAT YOUTHINK

Media Partners

Sponsors

Clearwater Analytics® provides web-based investment accounting, reporting, and reconciliation services for insurers worldwide. Clearwater aggregates, reconciles, and

reports on more than £989 billion assets across thousands of accounts daily. Clearwater is committed to continuous improvement and encourages insurers to rethink how they approach their Solvency II framework.

Invoke is the trusted regulatory technology partner to supervisory bodies worldwide, as well as to firms in the financial services sector who fall under the scope of complex

regulatory imperatives such as CRD IV and Solvency II. Incorporating cutting-edge XBRL technology, advanced data-governance and disclosure management features, Invoke solutions associate a decade of technical expertise with extensive domain knowledge. Invoke regulatory software has already been successfully implemented in no less than 26 countries throughout Europe.

www.clearwater-analytics.com

www.invoke-software.com

http://www.invoke-software.com/banking-insurance/

5

REGULATORY AND MARKET COMPLEXITY

SECTION 1

Living with Solvency II in the current market turmoil: Setting your risk tolerance levels and capital framework

1.1 INTERVIEW

Adapting your business operations to an ever changing regulatory landscape1.2 INTERVIEW

Achieving yield targets in a low interest market environment: Finding secure assets and incorporating new risk management techniques

1.3 INTERVIEW

Mastering Pillar 3 reporting – Understanding the challenges and developing your processes

1.4 INTERVIEW

6

Elena: A turbulent economic environment and low interest rates put a lot of pressure on life insurance firms. Financial market risks have been further exacerbated due to the new market based Solvency II regime. How has Solvency II adapted to this turbulent economic environment?

Simen: Our main business is within the non-life insurance sector which hasn’t really been affected by the low interest rate levels, however, we also have a small life insurance company that has been substantially affected by the low interest rate environment. We also noticed that the Solvency II ratio has been changing from quarter to quarter due to the fluctuating interest rate levels.

We have developed a standard model for Solvency II calculations for the life insurance business that is similar to our own portfolio. We have a mix in the portfolio of both Defined Contribution (DC) plans and Defined Benefit (DB) plans with a guarantee investment in the products. This is the portfolio that creates the most unstable Solvency II calculations.

We see that our portfolio mix does not derive any benefits from the implemented transitional risk from the FSA but in the future, in our opinion, our portfolio will be more robust to these calculations.

Elena: How are companies dealing with these challenges and what kinds of solutions can they include in their operations on the investment side?

Simen: I feel that companies are doing what they are able to do within these

limits. It is not that easy to increase the risk and the expected returns on the assets side because there are a lot of issues such as equity charges on the calculations under the Solvency II ratio which insurance companies need to take into account.

Elena: As internal models are still being improved, are companies ready for this challenge and are there best practices already in development in the market?

Simen: 2016 is the first year where Solvency II has been enforced but the preparations for it had been going on for years.

Parallel to the Solvency II preparations we have also seen that the FSA has placed increased attention on how the insurance companies are organised and been working on processes that should be implemented to reduce operational risks.

Within our risk department we have been working with different measures to get into a position where we can handle risk effectively. Another action the FSA has taken since 2014 is to ask all insurance companies to deliver an ORSA report. Also during the spring of 2015 a lot of direction was provided by the FSA to the companies regarding this report.

This was very helpful and most insurance firms have become quite well prepared for Solvency II as a result. Internal models are still under development. However we see that several insurance firms have already applied for an approval of their internal models. Note that for most insurance

companies its only a partial model since operational risk is probably not an area where it is common to have an internal model.

In the near future when the financial position is reported to the market we will see the Solvency II position from a perspective where the standard formula is compared to internal model results. We also have a rating from Standard & Poor’s which is important to take into consideration while looking at the internal model in conjunction with the level required by Solvency II.

It is a little early to say that best practices for internal models already exist but I think it is heading in the right direction. More companies are going to make their calculations public and to share their assessments of the results of their internal models. Based on this, insurance firms will be able to develop best practice over time.

Elena: Have the reporting templates of Pillar III been completed? Do insurance firms still require extra resources?

Simen: Looking back at last year’s pre-reporting phase I think It was a very important exercise for large insurance companies. This exercise prepared them well for this year’s compulsive reporting. These days we are finalising the reports and the opening balances of 2016, as well as the first quarter results.

Elena: What needs to be done for next year’s required reporting?

Simen: We will have to deliver the complete Pillar III package by the end

1.1 INTERVIEW

Living with Solvency II in the current market turmoil: Setting your risk tolerance levels and capital frameworkInterviewer Interviewee

Elena StevensonReport Publisher, Clear Path Analysis

Simen GaarderChief Risk Officer, Gjensidige Forsikring ASA

7

Living with Solvency II in the current market turmoil: Setting your risk tolerance levels and capital framework

of 2016 in the spring of 2017. To make this possible, regulators are reviewing approximately 63 templates which will provide very comprehensive reporting, This will include very detailed descriptions of each company, the way it’s organised and the different roles of the first, second and third line, as well as the governance of the company.

Do insurance companies still require extra resources? I would say, at least for many it’s probably too late to increase the resources because we already have to start planning for next year’s reporting.

Elena: How are companies working with Solvency II now that it is here and what is next?

Simen: For the first few years, you will be able to carry out Solvency II reporting, there will also be room for improvements and it will probably take some time for most of the companies before reporting can be streamlined and done in a more efficient way.

Elena: How do you design products that are appropriate within Solvency II? How do you set your risk tolerance levels?

Simen: Since the development of the internal model we have seen that by using it companies gained some advantages particularly in the pricing of products. The reason is that insurance firms now have consistent methods of dealing with all elements, including the capital needs for each product. We will use the internal model to secure the profitability for each product so Solvency II will actually affect the design of the product.

Elena: Do you have any final thoughts on this topic?

Simen: Regarding templates relating to Pillar II we have seen that reporting also helps to build up data warehouses, meaning that we have all of the required data available prior to

reporting. Developing all the needed data has been quite a challenge.

Elena: Do you have any tips on addressing this challenge?

Simen: The most important thing to remember is that it just takes a lot of time as it is very time consuming to build a data warehouse. Also, one shouldn’t underestimate the level of support needed from top management,

Elena: How difficult is it to involve top level management in this?

Simen: It takes time to organise meetings etc but we started setting up meetings and training sessions with all members of the top management group and the CEOs. As we have an internal model we spent a lot of time also training the board to actually understand the model and how it works.

Elena: After that is it down to communication and educating your board?

Simen: That is right, however there is also a need for some technical communication which is quite a difficult area to communicate to the boards.

Elena: Thank you for sharing your views on this topic.

“The reason is that insurance firms now have consistent methods of dealing with all elements, including the capital needs for each product. We will use the internal model to secure the profitability for each product so Solvency II will actually affect the design of the product.”

8

Noel Hillmann: How has the role of risk management changed in response to the new regulations?

Eberhard Muller: The integration of quantitative and qualitative risk management during my last 10 years before retiring as CRO has been the biggest challenge for me given my quantitative background as an actuary. The role of a Chief Risk Officer deals with qualitative issues fifty percent of the time and quantitative issues the other half of the time.

One of the the biggest challenges has always been to keep the balance between risk management and capital allocation. Additionally, determining the correct margins that should be allocated to a business to cover risk and to fulfil the regulatory requirements which were not always aligned with the businesses objectives is difficult. Keeping the regulator happy whilst trying to maintain some balance between the underwriter and the regulator is very challenging.

Noel: Given that Solvency II is now in place there has been great talk about the move on with regards to risk managers focussing on new areas. Do you think that risk management team dynamics are changing and moving towards a new “urgency”? If so, what do these urgencies look like?

Eberhard: A necessary consideration for any risk taking business is the separation of key functions. Usually we consider the first, second and third lines of defence principles. The first line is taking risk, the second is independently monitoring risk and the third is the internal audit unit

examining the first and second lines. But there will still be an ongoing debate about whether it is really justified to have those functions mandatorily further separated within the second line of defence. In my opinion, the risk management function and the actuarial function are inseparable and should be kept aligned.

If an expensive CRO, an expensive Chief Actuary and an expensive Chief Compliance Officer are all fighting competitively against each other rather than aligning their forces to effectively challenge the first line of defence it does not make too much sense. This also should be obvious to regulators.

Noel: What would you do differently next time around?

Eberhard: Nowadays, Hannover Re has the advantage of an internal model that was already approved by middle of 2015 so they work quite safely. Since they have been doing risk based capital allocations since the late 90’s there hasn’t been too much change.

Having said that the main change was the integration of quantitative and qualitative risk management functions as well as the integration of life and non-life risk management in order to achieve a full holistic approach. When looking to the future, in my opinion, the one challenge that might remain is how to get resources in line with the real requirements and not waste too many resources on pure regulatory exercises, particularly, on the quantitative reporting side (quantitative reporting templates).

In this area I predict there will be even tougher resource management reviews conducted on the risk management side compared to what we’ve had in the past.

Noel: What process have insurance companies changed or adapted in order to comply with the ever-changing regulatory environment?

Eberhard: The regulatory impact for Hannover Re and other major reinsurers came after the rating agency impact. The largest impact on the risk management function came from Standard & Poor’s in 2005. That took place when they published their updated requirements for excellence in risk management.

This was the reason for establishing the role of a CRO and a risk committee that meets quarterly to review the risk reports and dynamic financial analysis reports. All of this was already in place when the regulatory requirements came up under Solvency II so we actually benefitted from meeting the first rating agency’s requirements.

In the future we have to look at the different key functions and we have to be very careful that the regulatory requirements do not ask us to implement processes which, at the end, are ineffective and will waste resources.

Noel: Do you think the regulators take into account how changes will affect the industry’s ability to perform and grow or do they merely act as “policemen”?

Eberhard: It depends whom you are talking about, if you are talking about

1.2 INTERVIEW

Adapting your business operations to an ever changing regulatory landscape

Interviewer Interviewee

Noel Hillmann Noel Hillmann, Managing Director, Clear Path Analysis

Eberhard MullerFormer Chief Risk Officer and Managing Director, Hannover Re

9

Adapting your business operations to an ever changing regulatory landscape

the management of regulators then they are definitely able to contemplate what they are doing. It starts with EIOPA and Gabriel Bernardino who is a knowledgeable and fair person. This is also true when you look at the national supervisors like Felix Hufeld from BaFin (Germany), he knows about the impact of various regulations because he also came from the industry.

When going down the ladder to the operational level more and more “policemen” come onto the scene. Unfortunately, my observation is that inexperienced young regulators behave more like “policemen” than they should. Solvency II is originally constructed as a principle orientated system which gives some room to manoeuvre, however, inexperienced regulators on the operative level are trying to “play it safe” by taking a conservative approach. This principle orientated system will gradually move into a rule based system.

Noel: How do you feel that regulators can appropriately adapt to ensure that they are more in line with what the industry needs? Do you feel there needs to be more working groups that involve industry participants? What actions do you see them taking that would be productive?

Eberhard: Absolutely, it starts with the education of regulators and their presence at conferences. I was quite glad to see representatives from the German regulator BaFin in the Re-Insurance Association of America’s (RAA) natural catastrophe modelling conference which is held

every February in Orlando. It’s a great opportunity to give regulators a platform to communicate with business.

Those events bring knowledge from one side to the other and I don’t understand why some regulators didn’t allow their representative to attend those conferences.

Noel: Do you anticipate any impending changes? How will this affect the way you do business?

Eberhard: The next beast on the horizon is ComFrame which is the initiative currently being done under the roof of G20 and IAIS. Its aim is to establish a worldwide solvency capital requirement for internationally active insurance groups and a common framework for insurance supervision.

Here the danger is what has been established as a regulatory framework in Europe under Solvency II might not be in line with the U.S. and other interests.

We may face additional or deviating requirements in the future and I can only ask government bodies in Europe especially EIOPA to be very clear that we will not deviate from the Solvency II standards.

Noel: Thank you for sharing your views on this topic.

“Solvency II is originally constructed as a principle orientated system which gives some room to manoeuvre, however, inexperienced regulators on the operative level are trying to "play it safe" by taking a conservative approach.”

10

Noel Hillmann: Increased volatility and lower interest rates can potentially make an insurance company’s products less attractive, resulting in lower sales and lower income. Would you agree with that?

Thomas Wilson: From a client perspective, life cycle investment defined by asset accumulation in the earlier years and leading to decumulation in retirement is going to continue because low rates and volatile markets are not going to fundamentally affect this underlying demand.

In fact, higher volatility will make some aspects of insurance products even more attractive to clients, for example guarantees, especially to those clients that are approaching their retirement decision; in addition, structured life cycle funds and investment strategies optimised within an insurance product should also be more attractive to clients. For the insurer, producing the guarantees will be more challenging, so I guess you could say that the low rate, and market volatility offer insurers both opportunities to better meet client needs but also challenges them.

Noel: Have lower interest rates changed your approach to risk management and how you assess the riskiness of the products that you are offering?

Thomas: The concerted actions by Central Banks have demonstrated that interest rates are not governed by natural laws like gravity and that, as a consequence, there is no “natural” level. Risk management has adapted to this new reality, especially in the

area of asset / liability management. Designing products so that the guarantees can be managed and hedged is the first step to a good asset liability management process. The second step is to actually manage the guarantees so that the margins promised at the point of sale are in fact locked-in and achieved for the insurer afterwards. Improved product design combined with liability-based investing to match guarantees are two of the most important areas where low interest rates and volatile markets have changed risk management.

Noel: Does the low interest rate environment present an opportunity for you to exit certain product lines that you would have otherwise found difficult?

Thomas: Not necessarily. In terms of new business, we have always had the option to leverage a wide product palette so I don’t see it as a driving factor.

Noel: Are there “new” risk management approaches in this area or are the old principles still effective?

Thomas: Well, we have already talked about product design and asset liability management. Another area where risk management practices have been adapted is at the asset level, focusing on better origination, evaluation and underwriting of less liquid, higher yielding alternative asset classes.

Many insurers are looking for increased and predictable yield by earning an illiquidity or structuring premium, focusing on asset classes such as infrastructure, real estate, alternative

energy and so on. In order to be successful in these more complex asset classes, you have to have the skills necessary to underwrite within that asset class. This requires scale in terms of volume to support the fixed cost of building the expertise. Allianz has the scale and expertise and we are strong in the alternative categories where we choose to be active. This has changed our risk management practices because we are looking at individual assets within less traditional asset classes, with a higher emphasis on deal-by-deal risk identification, evaluation, underwriting and pricing as well as portfolio level concentration limits.

Noel: What criteria do you use when choosing your assets?

Thomas: We use a variety of criteria driven by the different metrics that are imposed upon us as well as our own economic perspective. For our life products, local accounting based rules determine in part how much investment income we should be crediting to our clients at any point in time so accounting rules influence our asset allocation decisions. But Solvency II and rating agencies also play a role because they determine the level of capital needed to support our strategy; unfortunately, they represent completely different paradigms with conflicting signals and so a balanced decision must be taken.

In addition to balancing accounting and Solvency perspectives, we also use return on risk capital (RoRC) for evaluating individual structured assets as well as asset liability management decisions. Our RoRC measures the

1.3 INTERVIEW

Achieving yield targets in a low interest market environment: Finding secure assets and incorporating new risk management techniquesInterviewer Interviewee

Thomas WilsonChief Risk Officer, Allianz


11

Achieving yield targets in a low interest market environment: Finding secure assets and incorporating new risk management techniques

incremental returns to the marginal risk capital required to support a given product or ALM strategy based on our actual liabilities, recognising that our asset decisions cannot be taken in isolation relative to our liabilities.

Noel: Are you pleased with your results in this low interest rate environment?

Thomas: There is no denying that it is a challenging environment to operate

in. However, the environment is what it is and I am pleased with the actions we have taken to meet these challenges.

However, if I had to vent a little bit to the Central Bank about the current novel monetary policies, I would say that we do not seem to be doing a great service to the broader economy and clearly not to those individuals saving for retirement.

Noel: Do you feel that there needs to be some form of hard deadline taken by the ECB to say exactly how long they will continue their actions? I have heard people say that their open ended approach has left them feeling uncertain.

Thomas: In contrast to the Fed, I don’t think that the ECB policy could get any clearer. There has been a commitment by the ECB to do “whatever it takes” to help the economy using the only channel that they have open to them, which increasingly is novel monetary policy.

Unfortunately, it is becoming clear that novel monetary policy isn’t spurring a consumption led or debt driven recovery and may actually be detrimental in the long term as it delays underlying reforms which

are necessary, supports sovereign issuers with otherwise unsustainable finances and leads to asset bubbles as individuals search for yield in an otherwise barren return landscape.

So, I think that the ECB policy is quite clear, if not a bit misguided – we are in for low rates for a very long time, especially since sovereign financing in Europe could not support higher levels of interest rates.

Noel: Looking back at the last 5 years, do you feel that there are different ways you could have tackled the problems you’ve faced?

Thomas: If it was 30 years ago and I knew then what I know now, I would have bought Google or Apple. Looking back and playing “if only” isn’t terribly productive. Strategic and commercial decisions are taken based on forward looking views. You do the best you can at any given point in time, based on your best guess of what is going to happen and an objective assessment of the potential risks if that view turns out to be wrong.

Noel: Can you continue to achieve positive results if this environment continues?

Thomas: Short-term, the challenges may appear to be on the asset side of the balance sheet; in reality, the real long-term challenges for building a sustainable retirement business are going to be on the liability or product side of the balance sheet. The existing portfolio is what it is and nobody is feeling too happy about fixed income returns which could go more negative if the ECB gets their say. However, those companies which adapt their products to the new low rate environment and create guarantees which are capital efficient have a chance to thrive in the future.

Noel: Thank you for sharing your thoughts on this subject.

“If it was 30 years ago and I knew then what I know now, I would have bought Google or Apple.”

12

Noel Hillmann: Can you talk to us about Pillar 3 reporting and how you have understood the associated challenges faced by insurers in 2016?

Antoine Bourdais: After years of preparation, the Solvency II regime came into force on 1 January 2016, bringing to the European Union (“EU”) insurance market the most complete reporting package the industry has ever known. Based on the experience of the 2015 preparatory phase, we can say that insurers are ready to face the first challenges of Pillar 3 reporting. But the main issue is coming at the end of this year when the full scope of the regulation will effectively come into force with the annual 2016 data submissions.

The first submissions under the Solvency II regime have just been made in May last month for the day one and quarterly reporting requirements. Whilst these reporting requirements were pretty close to what insurers have already experienced during the 2015 preparatory phase reporting exercise, the real challenge they face today is to be fully prepared to jump into the deep end for the first annual Solvency II submissions requested in 2017, based on December 2016 data.

In my opinion, one of the key factors of success consists of not underestimating the real reporting workload that will be required for this first annual report. Part of the challenge will be to efficiently achieve the necessary internal re-organisation of human resources in the company, so as to be able to cope with the multifaceted burden of Pillar 3 reporting. Not only do insurers have to meet the 2016

regulatory requirements whilst getting ready for the 2017 annual reporting, but they also have to anticipate future evolutions of the regulation.

These evolutions encompass regular updates of the main requirements (the next release of the European Insurance and Occupational Pensions Authority (“EIOPA”) XBRL taxonomy is expected this summer and taxonomy amendments are likely to continue further on). They also encompass additional reporting obligations, such as the National Specific Templates (“NST”) that a number of countries have already mandated, like Ireland in 2016 and France in 2017.

All this adds to the challenges faced by report preparers. If large companies may have distinct teams dedicated to each of these issues, it is a real organisational challenge for a host of smaller entities where it is often the same person who is in charge of both “producing for the present” and “preparing for the future”.

In addition to the issues we just talked about, which are mainly due to the recent entry into force of the regulation and its relative lack of stability for now, the next challenge for insurers is to get started (or pursue) a gradual industrialisation of their reporting production processes. Today, insurance companies are still “exploring” the Solvency II framework. None of them are 100% ready to automate the production of the whole set of expected reporting templates.

Noel: You mention the danger of underestimating the real reporting work load for insurers. In what

particular areas do you see insurers underestimating?

Antoine: There are several possible scenarios. For some insurers, simply because they have successfully managed the preparatory phase reporting exercise as well as their day 1 and quarterly submissions, report preparers consider themselves ready to meet the full scope of Solvency II reporting. In this case, they are not fully aware that future requirements include new families of reports that they have never experienced before. In my opinion, they are clearly underestimating their capability of preparing the full package of templates for the annual reporting.

For some other insurers, although the team in charge of the production are well aware of the additional workload that will be required, it is mainly a budget issue. As the regulation officially came into force the boards of some insurers haven’t identified yet the need to maintain the internal taskforce or get help from external resources.

Noel: Have the reporting templates of Pillar 3 been completed, are companies operationally ready? Has business and IT established an end-to-end system and data processes that are sustainable and cost effective to Solvency II reporting framework?

Antoine: If we only keep our eye on the visible part of the iceberg, yes, we can say that they are ready. Regulators received their Solvency II data, which reflects that they were indeed ready to submit some reports. But if we take a closer look at the situation, the hidden part is that they are still producing

1.4 INTERVIEW

Mastering Pillar 3 reporting – understanding the challenges and developing your processesInterviewer Interviewee

Antoine BourdaisDirector of the Banking & Insurance Division, Invoke


13

Mastering Pillar 3 reporting – understanding the challenges and developing your processes

these reports using, partly if not entirely, manual processes.

Today, I don’t think we can say that insurers are ready to manage Solvency II. They can survive under the Solvency II newly implemented regime, but again, they definitely need to move to an industrialised, end-to-end reporting process if they want to be in a good position to meet their reporting obligations eventually.

Noel: So you are saying that the end to end system and data processes are not at this point sustainable for insurers?

Antoine: At this point, processes are not sustainable. This is partly due to the relative instability of the EIOPA taxonomy – insurers already had to comply with two different versions of taxonomy for the preparatory phase on the one hand and the day one and quarterly reporting on the other hand. They will have to report quarter four and annual reporting under the new version which is due to be released this summer.

As a consequence, it is obvious that the IT system in charge of the reports production cannot be easily stabilised. The impact of these regulatory evolutions is all the greater for companies that started automating their production processes. Despite the edge effects of these regulatory evolutions, the latter will nevertheless have the opportunity to locate these impacts, to then better anticipate future ones.

Noel: Insurers have to report additional statistical data in 2016 and some of the data requested cannot be retrieved from available Solvency II data. How can they overcome the challenge of gathering data for Solvency II, enriching this data with any additional information and making sure it’s of sufficient quality to form a report?

Antoine: The introduction of the additional Financial Stability reporting templates by the European Central Bank is a typical example of what you may anticipate from a new regulation. The volume and scope of requirements always tend to increase, not decrease. Insurers have to keep in mind that the Solvency II regulation will probably be subject to further enhancements of this kind in the near future.

We are currently observing new emerging projects amongst our insurer clients that show more ambition than merely initiating the industrialisation of the regulatory reporting production. These projects aim at extending the use of the invoke regulatory reporting platform to exploit it further upstream in the regulatory production chain as a regulatory data warehouse.

This data warehouse enables them to collect, store and process not only the data required to meet the initial EIOPA Solvency II requirements, but also the statistical data required to meet the additional reporting requirements of the ECB and the Financial Stability Board (“FSB”). Data is sourced from multiple, heterogeneous systems and centralised in the data warehouse. Based on this, the software then enables them to define cross-system

data consistency checks and to validate data quality.

Data quality is a hot topic at the moment, as regulators communicated during the preparatory phase to the industry that the quality of the data submitted was not sufficient enough. The goal of these emerging projects is to move from a pure reporting system to a comprehensive regulatory platform, in order to manage data quality prior to automated reporting production.

Noel: What is the key to a successful Pillar 3 reporting strategy?

Antoine: It is crucial to have the right target in mind i.e. to have an industrialised process of production of data applicable to Pillar 3 reporting.

To be able to assess this target, insurers have to choose the appropriate way to get there smoothly depending on their current situation. This means that companies need to have a clear assessment of their I.T system maturity because they have to identify which sort of data is already Solvency II ready and what is not mature enough to be used for an automatic production of reports.

Based on these diagnostics they have to define the relevant milestones to make a good decision around the evolution of their current processes. We have seen some insurance companies deciding that their system is not Solvency II mature enough at the moment and so they prefer to keep a tactical solution to produce the Solvency II reporting. This means that they will continue to prepare it manually and just use software to transform the Excel data into the expected XBRL format.

As for our clients who decided to adopt a global reporting approach, they are using their current invoke reporting system to manage and concentrate all of their data through. They can then manage the data quality before

“We are currently observing new emerging projects amongst insurers that show more ambition than merely initiating the industrialisation of the regulatory reporting production.”

14

Mastering Pillar 3 reporting – understanding the challenges and developing your processes

producing both regulatory reports and internal reporting.

Depending on the capability of each entity to adapt a tactical, strategic or global approach it will define the rhythm at which each company is able to achieve the right target which is clearly a fully industrialised reporting process.

Noel: Thank you for sharing your view on this subject.

4 Strategic and tactical approaches4 Cutting-edge XBRL technology4 Extensive domain expertise4 Full regulatory maintenance4 Trusted by industry leadersINVOKE PILLAR 3

SOLUTIONS FOR SOLVENCY II AND LLOYD’S CMR REPORTING

Risk-free solutions for regulatory peace of mind

www.invoke-software.com

160519_Pub_Clearpath_Analysis.indd 1 19/05/2016 15:46

16

CYBER RISK AND FRAUD PREVENTION

SECTION 2

How to future proof your business operations in the digital era: Protect yourself against cyber threats

2.1 EXPERT DEBATE

17

Sarah: Cyber security risk is now at the top of the risk agenda for every insurance firm due to increasingly tech-savvy consumer needs. And insurance companies are trying to satisfy this by moving towards digital channels. How are cyber risk and threats evolving?

Daniel: We see cyber-attacks gradually becoming more sophisticated, while the surface of attack is expanding due to the ongoing digitalisation and because of a movement toward cloud offerings by third parties. As the old means of protection become superseded, companies become more vulnerable to an attack. Quantifying the probability and severity of an attack remains difficult, but to understand how attacks evolve, we need to understand the motives behind them. Usually it is about ransom for stolen data. Some attacks are motivated by the “challenge”, by being able to penetrate an organisation to expose it for political purposes for instance. There is also an increasing number of sophisticated attacks focusing on industry espionage.

Sarah: Are you seeing why any insurance companies would be targeted and what the motivation would be?

Daniel: Besides the attacks purely focused on the challenge or destruction, insurance companies hold a vast amount of very sensitive data which could be of interest for espionage-lead attacks. In both cases, information could either be sold or used for ransom money.

Sarah: Russell what are your thoughts on this topic?

Russell: One of the factors we need to recognise is consequence in terms of evolving sophistication and Malware or Cryptologic that can create not just an operational dilemma but also a moral one.

How will events look in the press? Public expectation is that an insurance firm will do things right and there will be indignation, annoyance, and depending on the circumstances media coverage could easily escalate and distract from the core business causing reputational harm and impact beyond the technical nature of a breach.

This has been an escalating social impact for quite some time and most of us would agree that if our personal data was stolen from our insurer we would be annoyed at the very least but now there is a consequence.

You have already seen class actions develop from stake holder groups back to insurers. This is one packet of an evolved response to a consequence from a breach that is now transformative. Because of repeated failures we have seen we are seeing a change in attitude from regulators - those who have a capability to impose fines or sanctions against operations.

Sarah: What type of cyber-attacks are most likely to happen in the nearest future? How well are business operations adapted to the digital age and to cyber threats?

Russell: If we go back to the types of threat we haven’t touched upon it was

the more serious, considered attacks and the ones that are in the realm of sophisticated groups and individuals who target high value theft with a high degree of sophistication.

The approach is likely to be a mixture of reconnaissance, developing the social understanding of the organisation and a technical element over a period, all to execute a detailed attack to steal a lot of money. This will involve social engineering and the objective is to execute a multi-million dollar single transaction or to generate similar revenues from multiple, but rapid transactions in a targeted organisation.

Another wrinkle is looking at the IP, getting information that enables you to perhaps legitimately exploit a knowledge of a situation for your advantage. This might be merger and takeover information or design specifications and, of course, personal data that would help extend wider criminal activity. Another area is around malicious attacks and how they might impact on command and control systems for utilities and transportation etc. These tend to be aimed at causing wide scale disruption. Whilst not just specific to the insurance sector, payment systems are clearly valuable targets to criminals, with a potential for large returns with limited exposure to risk for the perpetrators.

Looking at the most likely attacks, often organisations or governments would say it’s Trojans. This only really could be addressed by educating end users and updating systems to ensure that software, processes and users are all proactive and able to identify the

2.1 EXPERT DEBATE

Moderator


Panellists

Sarah Mortimer Account Director, REIN4CE

Daniel JägerHead Enterprise Architecture, Swiss Re

Russell Price Chairman, Cyber Risk & Insurance Forum

18


risk and take appropriate action. This requires discipline, planning and some investment.

However, much of our data shows that all to often, core systems haven’t been patched in a very long time. This is a basic requirement and it makes you wonder just how seriously security is being taken. Keeping up with security maintenance of systems is a simple first step in the main and it will help protect against phishing, trojans, worms etc. There are others like SQL injections, cross site scripting and password breakers etc and again they are all relatively straightforward to deal with if the organisation takes positive action and aim to manage cyber risk and build their resilience.

Daniel: The businesses are relatively well set up for traditional parameter protection, but this isn’t enough anymore. In order to really address

the problem in the future, we need to move from information protection to building cyber resilience. Part of building such cyber resilience is embedding a culture within an organisation in which all staff and stakeholders are educated on what is expected of them and how to react under certain circumstances.

On top of this, many companies invest heavily into monitoring and detection while running smart analytics on all the movement and activities of the systems. The goal is to spot, understand and prevent attacks before they happen or at least be on top of

them at a very early stage. The other element is: how do we deal with an attack once it has happened? BCM, communications, legal teams etc. need to be involved and plans need to be agreed and in place to efficiently respond to major attacks.

Russell: Resilience is absolutely the right word, it’s an outcome and the result of activity and action.

In the world of standards there have been information security standards for over 20 years, with those in place there should be a greater capability to deal with cyber-attacks, however, the absence of real commitment and application has lead to our current problems because there hasn’t generally been the buy in.

There has also been a bit of a blame culture and there have been people who have been fired because a novel

attack has breached their defences. It is bolting the door shut after the horse has bolted. We really need to have a much more engaged attitude around security. When you are talking about the monitoring, make sure the penetration testing is up to scratch etc. It is quite probably the best activity to take that leads to real change if carried out with commitment.

Good information security depends on more than just managing the incident and the recovery, but also much better awareness of risk and threats by sharing the information of what went wrong technically, but also

more widely within the policies and procedures of your firm.

We are starting to see the developments of the cyber information security partnerships (CISP’s) where firms are exchanging data on what is happening and where threats are emerging. By sharing data those who have been attacked the earliest share what has happened with the data and metrics to forewarn others. This generates a more aware, concerted and collaborative approach to deal with the threats that we are facing. It won’t stop the emergence of novel attacks but it will reduce the damage because our defences will adapt much more quickly and the risks and threats will be addressed widely. In practical terms good information sharing combined with more proactive action has the capability to reduce losses from a flood to a trickle over time.

What we need to be doing proactively across information security is improving staff training, stake holder engagement and managing supply chains which, in the digital world today is how most insurers are communicating with their clients. It is understanding where the risks might lie, regardless of what you do in house, if you don’t educate your workforce then you are still locking that stable door after the horse has already left.

Sarah: How should the industry identify vulnerable IT elements in order to build resilient defence systems?

Daniel: In addition to what we have discussed, there are two aspects which are important. Firstly, this isn’t a pure IT issue, it’s the human factor which contributes to the majority of the data breaches. A robust culture is key in addressing this.

Secondly, companies need to continue moving from a parameter protection system to more information centric protection. For this we need to understand where our critical

“The goal is to spot, understand and prevent attacks before they happen or at least be on top of them at a very early stage. The other element is: how do we deal with an attack once it has happened?”

19


information is and how it is managed. Only when we know where it is stored and how it potentially can be accessed, can we add protection. It also allows more efficient monitoring while adding additional protection such as digital rights management.

Sarah: Because cyber is a relatively new risk, is it a guessing game at the moment? How would you drill down into which assets would be targets?

Daniel: In the past it was relatively easy, as you had IT infrastructure, including a big firewall around making the outside world “the bad” and the inside world “the good”. This has changed: your data might be with an outsourced provider or somewhere in the cloud, the location of which you might not initially be aware of unless you consciously manage it.

Through this development and the digital channels which continue to be introduced, the traditional firewalls are broken into pieces. This opens many doors and sub areas. This means that you would need to think with an information centric view: where is the information located, who manages it and how is it being protected? It isn’t sufficient nowadays to think only about fences that you put around your own infrastructure.

There is a move away from a pure IT into a full cyber resilience system which involves much more than just the internal IT, it also covers suppliers, clients and other stakeholders.

Russell: There is the vulnerable IT element and there are some simple

solutions that exist, for instance, you can carry out PEN tests, have network monitoring and surveillance tools etc that can work together to identify and help inform you to when a breach might be underway.

It really is very important to know as early as possible that something is wrong if you are going to mitigate the effects of a breach. Early intervention really does help reduce the losses and impact from events. However, as too many recent cases have shown for some companies it has taken months to find out that there were intruders in their systems meaning months of data disruption and potential malicious activities.

If you look at it from a continuity point of view, reacting and having to fix vulnerabilities and apply the forensics for this is a disruptive and expensive exercise. Having monitoring systems that enable you to get the alerts on any potential risk within minutes or seconds is not only good practice, but a smart investment.

Service providers, software developers, hardware and outsourcing firms all have a role to play too. Much more emphasis should be made on designing security in to the real network where many different products and applications need to work together. I would be looking to make them responsible for their products and services and to set a much higher bar for the standard of application security. They have to become custodians of a new mission which is a secure cyber space, but unfortunately they are

often not recognising the scale of their responsibility.

Sarah: It seems to me that you are saying that no one has really stepped up and taken on the role of responsibility in how to address this?

Russell: There are firms who have acted very well individually but even these are dependent on other people. If the people they work with aren’t quite so diligent it makes it more complicated and probably risky. It is such a complex topic and no firm can really do everything alone.

I think it best to have a consortia approach to this so that it is not just the tech guys (at an IT manager level) who should be champions of information security, it should also be the CEO, Chairman, head of the risk committee etc. It should be all the members of the C suite team saying that their business information should be treated as absolutely critical and confidential.

There wouldn’t be too many consumers who would have a problem seeing this statement in the company’s reports and accountants. It is a big problem, particularly for sectors where you have lots of connected technology as the task can be huge and it might take many years to fully update, upgrade and reach a new level of capability. To get there you have to make a connected start.

Daniel: I agree and it goes back to the mind-set. The old idea of a completely safe ‘inside’, protected from the evil ‘outside’ is not possible anymore in the new interconnected world. A company

“In the past it was relatively easy, as you had IT infrastructure, including a big firewall around making the outside world "the bad" and the inside world "the good". This has changed: your data might be with an outsourced provider or somewhere in the cloud, the location of which you might not initially be aware of unless you consciously manage it.”

needs to have protection along the value chain, including all partners, and needs to know what information has to be protected and where this information is stored.

Russell: From an insurance perspective it is very interesting to look at this emerging use of new technology. We haven’t even seen the merest tip of the iceberg of what the next 10-20 years are going to show, with regards to driverless cars, drones and the way we connect and enact ourselves in the workplace as well as socially.

With all this going on there is either a commitment to good information security embedded which is going to be the foundation for everything or there is more mess that isn’t connected. If you have that kind of lack of connection, there will be gaps and these are the exploits that will be costing us dearly later on.

Sarah: What techniques are cyber-criminals using? And what process should be in place?

Daniel: If we look at the techniques cyber criminals are using in this space, you mainly see social engineering including phishing, malware, personal deception and unfortunately, there is no silver bullet. We need to continue to improve our systems making impersonating a customer impossible. With a collaborative approach including all stakeholders there would be opportunities to work on this and identify our customers in a unique and more secure way.

Russell: A good understanding of the value and potential use of data within an organisation, conducting the internal audit in order to set a proportional level of access to data. We need to be more scalable in how we use information, making sure that the permissions are right and the data is considered appropriate for the internal user. It’s a useful way for slicing and dicing some of the completeness of information.

When you are looking at the techniques of cyber criminals one of the facts that we should understand is that this is not a technical issue. It comes back to culture and training of end users as well.

In my opinion, it’s a matter of embedding best practices and we mustn’t ever just point the finger towards somebody else. We have to address the accountability question meaning if somebody else has my

data it doesn’t remove me from the accountability equation.

This means not seeing security as a burden, rather as a responsibility that as individuals we have to be more aware of at work and at home. One of the worrying trends is an attitude in the younger generation to be very blasé about information and the security information.

Sarah: Do you have any final thoughts?

Daniel: As mentioned, one of the key factors is the move towards a holistic cyber resilience and away from just IT and information security. The other important point is that this needs to be addressed together with all of the stakeholders including the consumers themselves.

Russell: It is incumbent on all organisations not just the insurance

industry to expect to be good and demand capability.

You must see strong evidence of real capability which involves active measurement and testing of the systems that are in place. Pen testing by reptutable security companies try to get in to your systems, continuous staff training, security monitoring, embedded policies, including for suppliers, are all active measures that show the attitude, capability and

culture of the organisation is positive, aligned and responsible. Remember too that this approach is not just for insurers but all business.

Sarah: Thank you both for sharing your thoughts on this topic.

20


“We need to be more scalable in how we use information, making sure that the permissions are right and the data is considered appropriate for the internal user. It’s a useful way for slicing and dicing some of the completeness of information.”

21

DISRUPTIVE TECHNOLOGIES

SECTION 3

How and when is disruptive technology likely to reshape operations of insurance firms and what are the associated threats or opportunities?

3.1 EXPERT DEBATE

The digital revolution: Forming relationships with tech and media-savvy customers3.2 INTERVIEW

22

Sarah: Disruptive technology is a big issue right now for any industry. How would you define what it is, and what does it mean for the insurance industry?

Roger: I can’t say that I know for sure what it is although I can wonder if Google, Apple or Amazon are the known disruptive technologies. Some of the fear we have is if they use their mighty powers to enter the insurance industry, what would it mean for the rest of us.

It will be something which is disruptive and possibly we haven’t seen what that disruption is and what form or style it could take. For instance, in the UK we have what has been called robot advice, and conceptually we know and understand what it is but it is still in the early stages of development.

It is the classic risk when you know something is out there, however, you aren’t sure what it is, consequently, you have an even bigger fear and not knowing what to do about it. What we can do though is we can enable our customers to reach us when there is a need and crucially, we can offer products via this disruptive technology or we can try and fit into it.

Sarah: Can you be more proactive or is it a case of the industry simply waiting to react?

Roger: I am not suggesting that we simply sit back and wait to see what happens as there is work that we could get done now and this will vary for each company depending on what state of maturity your data is in, how well you know your customer and

what access they have to you etc. The industry can set up its own disruptive technology as there is potentially a first mover advantage but it could be expensive if you get it wrong by backing the wrong horse so to speak.

In the UK, I look at platform providers that offer many different funds. We know that they cost a fortune to build. Some has been successful in terms of volume whereas others have been less successful and one should wonder whether to keep going or not.

The other area I hear in the insurance industry that is being defensive is in the life insurance space when we deal with a product that is sold and not bought, and people believe it gives them defence over technology because why would you do it otherwise.

Sarah: Emmanuel what are your thoughts on this?

Emmanuel: It is true that we know something is out there. It’s interesting to see what impact the internet of things will have on the insurance industry.

In my opinion, these developments will have a major impact on the insurance industry as we know it. To give an example, there is a study from the European Commission showing if that one day all the cars in a city are connected to each other and if we are in a shared economy, meaning no one owns a car rather they are all connected and you take a smart phone and order it, then there will be 80% less cars in that city.

This would have a big impact on the insurance industry and in this given case more specifically on the motor insurance. We need to prepare ourselves for this type of evolution. For me the question isn’t if it will happen but rather when.

The elephant in the room is whether Google like companies will enter the insurance market. I am really doubting whether they will. The strength of the insurance industry is managing a balance sheet, risk management and complying with regulations and I don’t believe that Google or similar types of organisations want to enter into these types of activities.

Their advantage is the way they can use the data and that’s when the insurance industry has to find the right business models to work with these types of companies.

Sarah: Do you feel that disruptive technology is necessarily a bad thing for the industry?

Roger: There are definitely opportunities for insurance firms and what our customers want, expect and require from us. We can’t put our heads in the sand and continue working in our old ways as we will fail.

With technology there is always the vision of revolution but actually there is some strong evolutionary work happening as we speak. There are the aggregators in the GI space and our customers can work out what they want at what prices by simply browsing these sites.

3.1 EXPERT DEBATE

Moderator


Panellists

Emmanuel Van-GrimbergenChief Risk Officer, Ageas

Roger DixChief Risk Officer, Wesleyan Assurance Society

Sarah Mortimer Account Director, REIN4CE

23


There is a Dutch company which is operating in the car insurance space and totally online which is called InShared. I would consider their business models to be disruptive but going back 20 years DirectLine in the UK was also considered to be disruptive and so we have examples of it here.

Sarah: Yes, DirectLine was supposed to be the demise of the brokers but that didn’t happen.

Roger: They primarily focused on their risks, knowing and understanding their risk appetite, took it and didn’t focus on the rest forcing everyone else to go down the same route. I would expect that some of the initial robot offerings could be similar where you go down a particular route and manage it in that way.

Emmanuel: I agree we do need to move from an insurance contract that is being sold by an agent to more of an insurance contract that should be bought by the customer.

This is what we are starting to see, whether technology will force us or help us to shift our business model from an insurance contract that’s being sold to one that’s being bought. It is an opportunity and the question again isn’t if but when and this varies for each country.

We are active in the UK and the insurance industry is probably 10 years in advance here compared to some continental countries. If you take a look at Belgium which is a very traditional country from an insurance industry perspective and ask people who is your insurer, more than 50 procent will answer they don’t know.

This is changing and I am looking at my kids whose behaviour is completely different to my generation and the generation before. Technology is absolutely an opportunity in changing the business model, although, in my opinion the biggest worry at the

moment is the cyber risk. This is a domain where we still have so much to discover.

I have a friend who has an alarm that is completely connected to his home. He realised a few months ago that someone disabled the alarm via the internet which means it would be no problem for buglers to get in to the house.

This could be the same for connected cars or other technologies that we use.

Sarah: Roger what are your thoughts on cyber risk?

Roger: It is already a material risk, and one which has various faces.. There is the part via the internet (viruses, denial of services etc) but also the aspect of customers who are increasingly aware of what being completely digital can do so they get nervous about it.

With something like the black box in cars which is used for insurance purposes, the theorist in me says, it is a great way to work out the risk because you know exactly how many miles a driver is doing, you can also assess the driving style and then set the premium.

However, many customers are nervous of this as they don’t know what else it shows. They prefer a one size fits all rather than a specific box designed for them and insurance firms should educate and help customers to understand why the black box might be more sensible and practical.

In anything we do we have to be able to cover all aspects of society together

with the risks and not just those we are going to pay claims on.

Sarah: Disruptive technology companies can offer a more direct relationship with customers, clearer risk pricing at an individual level and at a lower price. Should insurers partner with technology companies to create a customer-centric culture and offer new services?

Emmanuel: It is a question of how you tackle this, in my opinion, the insurance industry needs to create its own eco system.

There are different ways to approach this, one way is to create the eco system in your own company by hiring a lot of people to work on it. In this case, you have to ensure that you are getting people from various industries in order to create something competitive.

Another scenario is for an insurance firm to enter into different partnerships, mostly start ups. You can use the opportunity of entering into partnerships by leveraging as much as possible and adopting the best strategies. However, let’s not forget that the insurance industry is heavily regulated and you need to make sure you comply with the regulator, manage your balance sheet and risk management.

Roger: I would rephrase the question whether we do have a customer centric culture or whether it’s better to figure out how to maintain this culture by satisfying the expectations of the

“Technology is absolutely an opportunity in changing the business model, although, in my opinion the biggest worry at the moment is the cyber risk. This is a domain where we still have so much to discover.”

24


digitally focused lifestyle of the new generations coming through.

Either scenarios make sense, a company wants a boost forward, which often means buying a small company that is doing something sensible or partnering with them. If you try and build it yourself then you probably have the wrong mind-set.

Sarah: New entrants are companies who operate in a way that is completely against classical insurance operating models and the insurance industry needs to be aware of that. How can insurers build a flexible operating model for new things that are coming along in order to adopt easily and quickly?

Roger: Many companies enter the market operating in a different way which is against classical insurance operating models and I can think of many in the UK who have done this. At their core they still have control of their underwriting, and balance sheets, however it’s their way of reacting to the customer and the customer experience.

Those companies are a useful wake up call to all of us in showing that there are other ways of operating and we don’t have to stick with one method and old ways.

We have to be aware of what we offer and how wedded we are into our operating model, for instance, if something new came in, how quickly could we change or adapt to it without even knowing what that change would be.

There will be changes but we don’t know what it will be so it is about setting yourself up to be able to manage any new changes.

Emmanuel: The new entrants and companies operate in a way that is completely different against the classic insurance model.

For me most of these new entrants have developed something completely descriptive usually with a niche product line. They are really specialised in the one specific aspect of the insurance product or way of doing business.

This is fine, however, when they want to become scalable or they need to extend their offer it becomes less agile because inevitably the business is starting to grow and has to manage the balance sheet and all the other aspects that comes with being a bigger business.

The question arises how would they evolve and at this moment the classical insurance operating companies have to intervene and find a way to team up with these start-ups and embed what they have created so far into a bigger insurance company.

Being a start-up is great as you can be agile and develop something completely new but the question is what is next. If they continue to operate in the market on their own they will run into certain aspects they might not be able to deal with, possibly, the better choice for them

would be to team up with an insurance group or companies.

Sarah: How can insurance companies adopt disruptive technologies into their disposal inorder to keep up with changing customer demands in the digital era?

Roger: You need to be aware of what is out there as insurance companies tend to get stuck in a rut both within a company or as a sector. For instance, don’t say there is a great digital offering from another insurer, but rather say look at how our customers interact with Amazon and what has been done on a John Lewis website. We should be focusing on how they use these sites and try to think it through that way.

We need to see how customers are interacting in other markets in the digital world and what we can then do to become similar.

Emmanuel: One way or another, we need to follow this up, in my opinion, one of the questions to arise is do you want to be one of the first movers as an insurance company or do you want to be a smart follower?

This is a difficult question to answer as we all know being a first mover isn’t easy. You can have thousands of start ups on the market and try to team up with one of them and it might not work you will have wasted the shareholder’s money.

If you are a smart follower you need to be quick enough as well as sufficiently agile to react and know how things are evolving to be able to change your method in the same direction.

The key question then is whether you want to be a front runner or a smart follower.

Sarah: Do you have any final thoughts on this topic?

“We have to be aware of what we offer and how wedded we are into our operating model, for instance, if something new came in, how quickly could we change or adapt to it without even knowing what that change would be.”

25


Roger: A majority of us will be forced to be smart followers and it is then down to how smart and fast we can be This follow up will be key to success.

Emmanuel: We are living in a world that is changing so fast and I am interested to see what the insurance universe will look like in 5 years’ time.

Sarah: Thank you both for sharing your thoughts on this subject.

26

Elena: Successful insurers this year will look to grab any opportunities to maximise and exploit their digital channels. What are the three key trends that will be dominating the way insurers interact with customers?

Ian: All three of these are interrelated but in summary it is about data and segmentation, content relevance and communities.

The fundamental differences between digital communications and non-digital are the ability to measure and target the information and the volume opportunities.

Insurers to date have struggled to maximise the benefits of the amount of data they have on their customers and how they can best use it. This is partly because of our historic lack of investment in that form of data analytics and partly because of the limitations of what we can do with it from a data protection point of view.

The amount of data that we can now use to learn about our customers from simple things such as how they browse through our websites, how they complete questions as part of a survey or which adverts they respond to in what ways, is almost infinite. Insurers are increasingly focusing efforts on analysing what we now know about how customers consume digital communication so we can better target future material rather than simply creating more content to push out via new channels.

Through better targeting we can focus one proposition on a very specific audience, at a specific price point

with a specific message and multiple variants being tested in parallel.

The speed we can now do this at is escalating. Rather than waiting weeks to review whether or not what you tried was successful, you can tweak campaigns in real-time. It is about learning and evolving rather than pushing content. The focus has shifted from the creation and promotion of material to analysing what that communication has achieved for you and programming how you would do more with that in the future.

This has driven a shift in resource and skills towards data analysis within a marketing function. Data analytics 10 years ago would have been a very small or non-existent function but has increasingly become a driver in the marketing process. Another big shift is the realisation that with all of the data we have now from digital and particularly social marketing activities, we have to be much more focused on measuring what we are trying to achieve rather than simply driving numbers.

Elena: Does this mean that companies are trying to target customers rather than going to the wider mass market?

Ian: It is realising that numbers don’t mean much unless you know what they do for you. Sometimes you may be happy to have achieve pure awareness. However, firms are increasingly challenging the social media budget to deliver a clear financial or strategic objective rather than to simply say that they have doubled the number of followers or likes this month.

Marketers have often followed the mantra “content is king”. Social media in particular is very hungry for content, so firms have invested a lot of money and time in developing content to keep their social media feeds live and engaging. Unfortunately, in pursuit sometimes of simple likes and impression volumes, some have invested in content that isn’t relevant to their products and services. This is particularly true in the insurance industry as it is hard to come up with social media relevant content that is both easy to consume and interesting when your product is largely intangible.

The third theme is communities: working with self-defined groups of consumers to embed and develop your product or brand. Communities have a huge potential within the digital world.

Consumers are self-aggregating into communities around shared interests, not just to communicate but increasingly to co-create. When it works well, firms can almost outsource product research and development to the consumer rather than having it done in-house or to pay for external consultants. However, there are relatively few strong examples of this working within insurance. This is partly because of the level of engagement that consumers typically have within a conventional product as opposed to, for example, the tech industry. If there is a product or a service that your consumers really care about, they can help tweak and develop the product, the promotion, even the packaging themselves.

3.2 INTERVIEW

The digital revolution: Forming relationships with tech and media-savvy customers

Interviewer Interviewee

Ian SimonsMarketing Director, Charted Insurance Institute

Elena StevensonReport Publisher, Clear Path Analysis

27


Within insurance the more technologically driven products and services have strong potential for community development, particularly in areas such as more advanced consumer driven telematics motor products. The consumer experiences the product on a daily basis through

the feedback on their driving risk, and this is gamified and produced as highly sharable content. Co creation of a product within a community is a very powerful growth opportunity not just because it can reduce costs, but engages advocates who are then invested in the product and brand.

Elena: What are the most effective digital channels for creating interactive communications with customers? In your opinion, how does a customer want to interact with an insurance company and what are their expectations?

Ian: To be brutally honest, most customers don’t want to interact with insurance companies. The consumer perceives insurance as a grudge purchase - one which follows an annual renewal cycle and a good experience is when there has been no need to use the policy, i.e. have a claim. Consequently, there are very minimal touch points in the conventional model.

This doesn’t have to be the case. Insurance firms need to recognise that we don’t have the luxury of consumers fighting to have closer relationships with our brands as they may in tech or fashion. But we do have opportunities to break the cycle and become less about a product which a consumer

buys because they feel like they are legally required to do so.

A lot of this comes back to telematics and big data. We should interact with our customers less about the process of selling a product or renewing it and more about the delivery of a service.

For instance, a pet insurer can provide health tips and access to services relevant to the particular breed. By using pet wearables, the insurer can help to tailor the diet and fitness regime of the pet. This means that a consumer begins to see the insurance company more as a risk guidance partner rather than a contractual finance provider.

Going back to the question of channel preference, looking specifically at social media, some are focused on broadcast, shortform or visual media, such as Pinterest , which suits a company with something that is visually very interesting but it would be almost useless for a complex commercial insurance product, which typically works better in more targeted professional platforms such as Linkedin.

Elena: It depends then on the sector?

Ian: Yes, and it also comes back to what you are trying to achieve with it, as many firms, not just insurance firms, have historically begun by seeing digital channels as primarily a means to sell or tell a customer a message.

Digital channels give us an opportunity to be much less about one-way communication and much more

about listening and working with a community of advocates.

This is more valuable than simply telling people what you do. Some insurers are investing quite heavily in having dedicated social servicing teams who are there to monitor and respond not just to direct requests, but also if they need help, so insurance firms can react fast and offer guidance, such as emergency flood advice. Consumers increasingly expect a joined up experience so it isn’t about focusing on only one channel, there usually will be a mixture of channels that all need to complement each other.

We can’t offer a different style of communication or proposition across web, social, print or phone. There may be cases where we need to offer a slightly different price or offer but they still need to be reflected and joined up. It is the customer’s choice which channel they choose to use but they still expect the same brand experience whether by email, twitter or phone.

This doesn’t mean that you have to be on every channel. In fact many firms have failed to get much traction from the next big thing when a new social platform arrives. The more channels you are on the more reputational risk and effort you need to put into maintaining the power of those channels. Typically, more successful firms are choosing a smaller number that targets the groups they are aiming at and giving them relevant content that engages the audience rather than simply pushing out product messaging continuously across different channels.

Elena: How do the use of digital channels and social media affect claims handling?

Ian: Most customers expect to be able to talk directly to a human when it comes to an actual claims scenario. We are not saying that claims will move to twitter but customers do expect to deal with businesses in multiple different ways and the same

“Digital channels give us an opportunity to be much less about one-way communication and much more about listening and working with a community of advocates.”

28


customer might choose three different communication channels at the same time.

They may be emailing when they want details, tweeting when they want to share feedback and phoning to ask a question and all of these elements need to be joined up in order for this information to go to the same customer record otherwise it can cause issues. In practice, few customers will actually want to ask personal details about their claims progress via a public media platform but it does happen.

They might be asking whether they would be covered in the event of a certain situation and if the company is not able to answer via the same channel, it doesn’t look very customer-centric.

Elena: Are there risks about consumers using public platforms to tweet their information?

Ian: Yes you do have to be careful about personal data, even if the customer doesn’t understand their own risk. Typically, whilst a customer might use a social platform to ask a question, if it relates to a personal situation, an insurer will offer to take that conversation into a more direct communication e.g. email or phone. Insurance companies are increasingly investing in dedicated social teams which are getting much better at knowing what they can and can’t do, and at managing the potential risks.

Elena: Do you feel that risk managers should educate social media teams as well in this communication?

Ian: Absolutely. All firms should have a clear and well-communicated social media policy, and not just for those directly employed in social media roles. Any employee can expose an organisation to reputational risk via social media. But the policy should not simply be a list of what staff are not allowed to do. Within a regulated environment there are things that as any employee you can and cannot do, such as improperly promoting your company’s products via digital channels, which is something that all employees of a firm would need to know and understand.

The policy and training should be balanced to show what can be done as well as what can’t. One insurer has made it a condition of using social media at work that all staff pass a ‘social media driving licence’ consisting of a range of video and test modules to bring real scenarios to life. Members of the dedicated social teams need to be very well versed in social communication styles to minimise the risk of negative customer experiences that have the risk of going viral.

Some insurers regularly train those involved in social servicing to manage potentially viral social interactions with mock scenarios, acted by colleagues in a closed-environment to test and review worst case scenarios. Firms cannot simply ignore social channels. Conversations that refer to their products, brands and services will happen anyway, even if they don’t have a profile on that channel. It is about understanding how and when to listen and engage. Social interaction is harder in many respects for insurers than conventional consumer goods because there is often an unequal level

of knowledge between the customer and the firm, which can foster distrust and disengagement. The public nature of most social media means that firms have to get better at clearer, simpler language and explaining in terms that make sense to the consumer. Being perceived to fall back on what customers may see as small print or legalese is unlikely to work on social media, and the customer is in control of where and how far that conversation goes.

Elena: How does digital transformation change the direct distribution?

Ian: Digital transformation is a very broad term and it is important to think of it as something that should be addressing the entire value chain from the consumer’s point of view. All distribution, communication and marketing is then a part of this.

It should be transforming the process - both back office and customer experience. Certainly most insurance company’s digital transformation programs tend to look at the target operating model around the customer and then distribution is a factor within that.

Digital transformation creates opportunities as well as challenges for insurers in the sense that it lowers the barriers of entry for disruptive providers or intermediaries who can create and grow a brand very quickly via pure digital channels with less of the baggage and history of a conventional insurance company. This is something that insurers have to be attuned to in order to decide to work

“Within a regulated environment there are things that as any employee you can and cannot do, such as improperly promoting your company’s products via digital channels, which is something that all employees of a firm would need to know and understand.”

29


with these companies or try to emulate that sort of behaviour.

The amount spent by businesses on digital advertising has perhaps unsurprisingly grown at an exponential rate. Global digital advertising spend grew from under $60bn in 2008 to almost $100bn in 2012, and is expected to reach over $160bn by 2017. Some of this has come directly from conventional print and Out-of-home spend, but some is complementary.

Financial services, and in particular insurance are some of the most sought-after and therefore most expensive

keywords on Google Adwords. ‘Car insurance’ and ‘Car insurance quotes’ were number 2 and 3 respectively in U.S. google desktop ads in 2014, and cost an incredible $28 and $32 per click respectively. Of the top 20 text ads with the most spend that year, insurance terms accounted for 7, with almost $200m spent on those 7 keywords alone.

The challenge for distribution is about being better at measuring where you put your money to acquire and retain customers. The cost of acquisition has never been easier to measure, and there have never been more options for firms to maximise the effectiveness through new channels, more relevant content and propositions. Those that succeed in digital put the customer at the heart of the proposition and then build digital distribution to support deeper, more value-adding interactions with customers.

Elena: Thank you for sharing your thoughts on this topic.

“The cost of acquisition has never been easier to measure, and there have never been more options for firms to maximise the effectiveness through new channels, more relevant content and propositions.”

30

ENHANCING OPERATIONS AND PRODUCT INNOVATION

SECTION 4

Leveraging technology to meet the vast reporting requirements of Solvency II4.1 WHITE PAPER

Achieving improved management of outsourced claims service providers through process change

4.2 WHITE PAPER

31

4.1 WHITE PAPER

Solvency II is one of the most significant regulatory changes ever implemented. The magnitude of the challenges surrounding Solvency II have only started to come into focus, as insurers struggle to understand changing guidance and manage the massive amount of data and data-driven tasks in time for the first filing deadline. The regulations are so complex that insurers are still testing their Solvency II Pillar III capabilities and finding unexpected challenges. From refining data requirements, fine-tuning staff responsibilities, and monitoring EIOPA regulation changes, the path to Solvency II Pillar III success requires a multifaceted and flexible approach.

The purpose of this complex set of regulations is not merely to go through the motions of governing and disclosing solvency-related data, but to create micro and macro-level insights through deeper levels of reporting, risk disclosures, data granularity, and security characteristics than ever before. Ideally, with Solvency II, insurers can better understand their own risks and regulators can better understand the risks of the market as a whole.

However, the quality of insight depends directly on the quality of the data. EIOPA emphasised data validation in their Final Report issued on 30 June 2015: ‘The process of validating data is as important as the data itself.’ And The Prudential Regulation Authority (PRA) highlighted the importance of data quality at the Solvency II Asset Data Industry Update on 2 July 2015: ‘[The] quality of data is very important.’

Unfortunately, while data validation and accuracy are key to Solvency II Pillar III success, they are also two of the most challenging aspects of the regimen. Validating Solvency II level data requires multiple steps beyond insurers’ normal procedures to ensure the data is complete and accurate. Many insurers are struggling with processes that make meeting Solvency II Pillar III requirements more complicated than necessary and are trying to find better ways to increase efficiency and source accurate data.

The tools that insurers use to manage their investment data and reporting have a significant impact on how disruptive Solvency II is—or isn’t. Leveraging specialised Solvency II technology for an integrated and automated data management solution is the key factor in overcoming Solvency II Pillar III’s vast reporting requirements.

Lessons from Interim Reporting: The Challenges of Increased Granularity

Solvency II Pillar III is pushing investment teams outside of their established processes and creating the need for new reporting tools and work-arounds. Based on Clearwater’s industry interviews, the majority of insurers are quickly discovering that bolting a new Solvency II solution onto the existing network of investment reporting systems can have major drawbacks. The integration usually has to occur manually through the use of Excel, and is by definition a time-consuming and error-prone process. Other manual challenges abound, as most Solvency II solutions— whether in-house, installed, or outsourced—are still based on the manual entry of cash, position, and transaction data from custody banks into spreadsheets or investment accounting systems. Overall, any manual data entry is prone to human input errors, which can easily propagate downstream into financial statements and reports. Manual tasks are not an easy way to accomplish Solvency II Pillar III processes, and this risk of manual error is of course not ideal for meeting reporting requirements.

Solvency II Pillar III requires EU insurers to provide new security characteristics and deeper data granularity. While preparing their interim reporting templates for the recent preparatory phase filings, many firms were overwhelmed with the task of classifying the numerous Solvency II-specific data points, such as Complementary Identification Codes (CIC), Nomenclature Générale des Activités Économiques dans les Communautés Européennes (NACE), and Legal Entity Identifier (LEI). They also found that they spent almost as much time reconciling and validating the Solvency II Pillar III data as they did aggregating it.

Even when reporting was provided by a third-party solution, the responsibility of reconciliation still typically landed on insurers’ shoulders. Furthermore, most insurers only process data monthly and often skip the critical task of data validation. Because up-to-date data isn’t in the system, mid-month portfolio data is extremely unreliable. Insurers who

Leveraging technology to meet the vast reporting requirements of Solvency II

Georgina PattenInsurance Reporting Specialist, Clearwater Analytics

32


allow data to pile up throughout the month have to then process it all at once, which increases the likelihood of data entry errors. This might have been manageable in the past, but the detailed data requirements of Solvency II Pillar III make this an unsustainable and risky approach.

For Solvency II, the data validation process starts with the aggregation of complete security master and accounting data. Validating numbers within and between reports requires time, patience, and subject matter expertise. Yet manual processes inevitably lead to mistakes, and this manual ad hoc reconciliation often leads to inaccurate data.

The lessons learned from cobbling together disparate systems, and manually recording and reconciling data, is simply that manual spreadsheet processes are prone to many data integrity risks. With the increased data requirements of Solvency II Pillar III, insurers need to trust that their data is thorough and clean, with no unexpected problems at any stage.

In addition to that data integrity risk, whether manually classifying the security characteristics with an internal team or collecting, reconciling, and normalising the classifications from various asset managers, significant resources are required to complete manual exercises. And these interim reporting templates that insurers struggled with were only a subset of the data points required for the 2016 filings, which will include additional security characteristics, such as Infrastructure Investments and Issuer Group LEI.

Data is Not Enough

While Solvency II Pillar III is ostensibly a data requirement mandate, insurers long-ago realised that there were many more nuances and complications beyond just data accuracy. Once insurers have all the accurate data they require they are presented with the second major challenge: they must develop expertise in a new area of regulation.

With Solvency II comes uncertainty, and insurers continue to ask many questions even as the first filing period has arrived. Given that Solvency II is still in its infancy, many insurers are looking for experts to guide them through the process. With the lack of experts in the market they are forced to dedicate valuable internal resources to try to interpret and apply the guidance as best as they can. One of the biggest concerns insurers have when it comes to their Solvency II Pillar III processes is that they have a solution for Q1—but that Q1 solution is not a sustainable process going forward.

To combat these complex issues, many insurers have enlisted the help of a consultant or set up a Solvency II team to help work through the Q1 filing. When asked what the plan is for Q2, the response is often a version of, ‘That is still to be decided, but it will likely go to the accounting, actuarial, or reporting team’. And if those teams lack expertise, they will need to spend additional time being brought up to speed.

Leveraging Technology for Increased Data Accuracy and Process Efficiency

There’s simply no way to ensure the level of accuracy that Solvency II requires through manual-heavy processes. Leveraging technology in the form of an automated data aggregation and reconciliation solution is the best way to transform traditionally manual and cumbersome processes into effortless and accurate data integration, and improve overall data accuracy at all times. Not only does automation improve data accuracy, but it improves overall team efficiency, as the burden of manual data management is all but eliminated.

Specialised Solvency II solutions based on automation and integration will also include an initial arithmetic check on custody data, validation of data characteristics from third-party data sources, and independent reconciliation of cash, position, and transaction information back to the custody bank. An automated data feed will provide fully reconciled, accurate data without manual intervention. These functions will result in a reduction of errors, and investment accounting teams will be freed up to work on other vital tasks.

The Solvency II directive is revolutionising how insurers manage their data. For most firms, it’s the first time they’ve had to closely consider the details of refined data quality and data management. To seamlessly and accurately meet the challenges of Solvency II, insurers should employ an automated data validation process that provides complete and accurate data while allowing existing resources to be applied elsewhere. An automated data validation and reconciliation software solution—built with insurers’ needs in mind, and supported by Solvency II experts—is the most efficient solution to ensuring data will meet the exacting demands of Solvency II Pillar III.

Evaluating Options and Weighing the Benefits

Insurers are recognising that the hidden burden of Solvency II Pillar III is time—specifically, the time needed to source data, aggregate data, map data, and gain familiarity with the intricacies of the new regulation. But just as Solvency II is a

33


new requirement, finding appropriate Solvency II software is a new challenge that many insurers find overwhelming, especially with so many unknowns and no proven leaders in the field. When considering new technology for Solvency II, insurers must balance five key considerations:

1. The monetary cost of leveraging technology and software automation, weighed against the loss of hands-on, manual control over data.

2. The balance of an investment into software up-front, with longer term pay-offs in increased accuracy and time-saving efficiencies.

3. The burden of adding Solvency II processes on top of existing processes, especially in incorporating teams’ existing workload, vs. outsourcing that burden to a specialised provider.

4. Looking beyond just the first quarter, and preparing for ongoing evaluations of processes and technology to ensure that a repeatable and efficient process is in place.

5. Holistic system analysis, to ensure that any new solution or process will integrate successfully across investment reporting as a whole.

This decision will be different for every insurer, though for many it boils down to monetary cost vs. time-savings. But one thing that all insurers have in common is their need for accurate data in the face of Solvency II Pillar III requirements. Establishing streamlined processes and continually assessing how new technology can help improve those processes, both now and as Solvency II takes firmer hold, will position insurers for future success across all parts of Solvency II regulations and beyond.

The new Solvency II regime has created a greater demand for better investment portfolio systems. Constantly changing regulatory guidance and expansion of our business created a need for better investment data aggregation, accuracy, and access. Transparency is a key requirement of Solvency II, and is a factor that influenced our decision to use Clearwater.

David Astor, CIO (Hiscox Ltd.)

clearwateranalytics.co.uk

Call us at +44 (0)131 524 8138©2016 Clearwater Analytics. All Rights Reserved. Clearwater is a registered trademark of Clearwater Analytics and/or its affiliates.

Web-Based Investment Accounting & Reporting

AccurateIntegrated

AutomatedC

M

Y

CM

MY

CY

CMY

K

16-0509-ClearPath-Advertisement-PRESS.pdf 5 5/9/16 1:33 PM

35

4.2 WHITE PAPER

Process improvement can be dull by nature, but is absolutely necessary. Relationship management can appear to be more interesting, but is time consuming and the outcome difficult to quantify. Good governance requires both. Improve the tools, enhance the skills and the outcome improves. This is not rocket science.

Outsourced claims service providers have long been used in the insurance industry to provide a useful extension to an insurer’s own claims team. The need is often driven by a combination of requirements for:

- Specific expertise

- Efficient process and technology

- Local representation/ language skills

- To cover resource gaps

- Catastrophe response

For commercial claims, we are talking principally about law firms, loss adjusters and third-party administrators, who may be provided with some level of delegated authority to handle certain types of claims on behalf of an insurer.

A typical relationship will begin with assessment of need and continue with, initial evaluation of the service provider, a procurement process, ongoing management and performance measurement.

There is risk involved with outsourcing claims. These principally arise as the result of poor initial choices at the evaluation and procurement stage and inadequate ongoing management. In addition, there is a risk of abdication by the insurer, in whole or as part, of responsibility for claims outcomes, once claims are outsourced.

It is quite possibly as the result of an observation of the above that there is renewed focus on the management of outsourced service providers, particularly with any element of delegated underwriting or claims authority. There has been additional regulatory interest that the industry has taken on-board and responded to. The result has been a quite marked improvement in some fundamental aspects of service provider management:

- Clear procurement and due diligence processes for the appointment of providers

- Service Level Agreements including actual service level requirements

- Audit requirements matching the risk profile of activities being undertaken (e.g High Product Risk claims handling.)

- Detailed reporting requirements

- Complaints oversight and management

- Review of associated management information to identify potential issues

- Resolution of audit action points

Given the sources of potential failure in claims outsourcing discussed above, there are some clear steps in terms of process improvement that can be taken to enable more appropriate oversight of outsourced providers:

Due diligence. A due diligence process with input from, but managed outside the claims team can provide improved efficiency. A central team responsible for service provider approval can draw on relevant internal functions such as compliance and finance and deliver a more streamlined approach that a familiarity with the process brings. The burden of a validation exercise is removed from technical specialists. The output can be tracked and once complete, a new appointment can be added to the relevant approved panel list.

Service Level Agreements. Whilst default requirements can be set in terms of service requirements, these are unlikely to suit diverse lines of business. Ensuring that there are provisions that reflect the particular needs of the end customer will result in ongoing monitoring to standards that will make a difference to customer outcomes. This can be achieved by the use of specific schedules agreed with the service provider rather than a need for wholesale re-draft of the entire agreement. Compliance with the standards set and exceptions can then be monitored on a regular basis and enables benchmarking to take place. Think carefully about the contents of your own agreements. Fastest, for example, deals only with speed and is not necessarily a quality indicator when looked at in isolation.

Audit Requirements. Oversight and monitoring is required on both a formal and informal basis. Formal audit requirements should be set that reflect the risk to the business. It is important that an annual plan is agreed in order that


Colin MassonGroup Claims Operations, Beazley

36


resource requirements are clear and compliance with that plan can be monitored. Audit scopes should be dynamic in terms of content reflecting the particular needs for the specific review. Any concerns from the business and the claims team should be investigated. This can only be achieved with appropriate engagement in the process.

Detailed reporting requirements. Reporting requirements should be set that reflect the need for operational information and appropriate oversight. The regularity of reporting similarly needs to be considered and reflected in those requirements. The demands made of outsourced providers in terms of data, both from a regulatory standpoint and as a result of an increased thirst for management information, are becoming increasingly voluminous and potentially unmanageable. Concentrating on reporting requirements will be useful in terms of content and will help drive sound business decisions and is likely to result in better output than untargeted requests. This is particularly so when significant investment is required in systems in order that the requested information can be captured and reported on.

Complaints oversight and management. As Bill Gates pointed out “Your most unhappy customers are your greatest source of learning.” Over concentration on the resolution of complaints, as important as it is, means that an opportunity is missed. The real issue is what can be learnt in terms of decision making processes and customer management. Ensuring appropriate feedback loops are in place is essential for ongoing improvement.

Review of associated management information. Without oversight and review of relevant management information, any additional reporting requirements that are put in place are rendered useless. Reporting, particularly in relation to service standards can reveal at an early stage any potential shortcomings in service. It enables prompt intervention in a way that would otherwise rely on a review of complaints and audit output. Use of the associated information to enable analysis of trends is a vital underwriting tool.

Resolution of audit action points. Central monitoring of the resolution of outstanding audit action points enables issues to be resolved quickly and escalated appropriately. Grading in terms of urgency can be achieved in conjunction with the business. Resolution of action points can be used as proactive relationship management if approached in a constructive way.

And in many senses this will always be the most important aspect of what is required to produce the best results. Any appointment and ongoing monitoring process should have as its goal an outcome that ensures claims are managed to the same standard as if they were being managed in-house. Outsourced claims service should be provided as an extension of and not separate to the service provided by the

insurer. Ensuring this is the case requires ongoing dialogue and training to ensure cultural alignment. All of the process improvements discussed above enables that dialogue to take place and in many senses forces it. It provides a basis for discussion about continued improvement and resolution of, hopefully, minor issues in a constructive way that if properly managed can only result in benefit to the customer.

Achieving this in partnership with the service provider is an important way of ensuring that it is the end customer who is always the focus. Partnerships are different to the fostering of a client/employer relationship between a service provider and an insurer. Both need to work in collaboration to ensure the needs of the end customer are met. The insurer should not be treated as the client, the end customer should be. Henry Ford once said “Employers only handle the money – it is the customer who pays the wages.” Recognising that to be the case is an excellent way of achieving alignment between the insurer and outsourced provider in overall service delivery. Ensuring therefore that any service provider management process includes a requirement for ongoing dialogue and active relationship management is vital.

Finally any process improvement should involve questioning whether the right providers are being used for the right work. This is not least because more detailed oversight and better relationship management is obviously easier to achieve with a more manageable list of providers. A balance will always need to be struck between ensuring strength and breadth of providers with relevant expertise and the difficulties of oversight and monitoring of an extensive panel. It is, however, a simple reality that it is easier to have closer and more productive relationships with fewer people.

Whilst efficiency can be gained in delivery of process by a central team, overall relationship management, implementation of standards and oversight of claims outcomes should, wherever possible, be retained within the claims team. The delivery of an insurer’s claims proposition is where value is created. Improving process should not in this context be seen as the goal. It should be seen as a way of achieving more effective monitoring that enables closer relationship management, to achieve aligned claims delivery that improves customer outcomes.

TO READ MORE FREE REPORTS VISIT:

www.clearpathanalysis.com

The opinions expressed are those of the individual speakers and do not reflect the views of the sponsor or publisher of this report.

This document is for marketing and/or informational purposes only, it does not take into account any investor’s particular investment objectives, strategies or tax and

legal status, nor does it purport to be comprehensive or intended to replace the exercise of an investor’s own careful independent review regarding any corresponding

investment decision. This document and the information herein does not constitute investment, legal, or tax advice and is not a solicitation to buy or sell securities or

intended to constitute any binding contractual arrangement or commitment to provide securities services. The information provided herein has been obtained from

sources believed to be reliable at the time of publication, nonetheless, we cannot guarantee nor do we make any representation or warranty as to its accuracy and you

should not place any reliance on said information.

© Clear Path Analysis Ltd, registered in England and Wales No. 07115727. Registered office: 69 Blyth Road, London, England E17 8HP. Trading office: The

Foundry, 156 Blackfriars Road, London, SE1 8EN

http://www.clearpathanalysis.com/

published by insurance risk & operations,...

Documents