Risk informed, not risk-based?
Traditional compliance-based approach: if you have the right rules, and enough of them, all will be well but the world is too complex – no ‘rules’ can guarantee the healthy financial condition of an insurer! Imagine a motorist driving down a street late at night. Authorities have placed a red light at an intersection in the motorist’s path, and deterministic traffic regulations say the driver must stop regardless of other traffic or the actual risk that running the light might pose to the driver or others. In a purely risk-based world, there would be no traffic light. Each driver would evaluate the probability and consequences of operating a vehicle in various situations, and continue at speed through the light if the situation is ‘safe enough’ or stop if the risk is too high. The driver’s actions are based on the perceived risk compared to an acceptable threshold, set by the authorities or determined individually by each driver. In a ‘risk-informed’ approach, the regulators recognise the intersection as a risky situation that calls for additional caution so they have installed a flashing yellow light. A driver approaching the intersection must slow down and check for traffic in all directions. The driver stops if necessary, or continues through the light at a safe speed if the ‘coast is clear.’ The driver’s actions are a consequence of considering actual real-time risk (is traffic coming?) and following deterministic regulations, i.e. the traffic laws governing the driver behaviour at a flashing yellow light. The challenge for the industry is adopting a risk-based approach in a prudential regulatory setting!