Risk culture tops priority list for APAC insurance CROs in 2018
When it comes to implementing risk culture frameworks, Australian CROs are leading the way, while those in other Asian markets, such as China and Singapore, will need to focus on this over the coming 12 months.
KUALA LUMPUR: Less than half of chief risk officers (CROs) across Asia-Pacific’s insurance sector have developed a risk culture or risk conduct framework in their organizations, but it will be a top area of focus for them in the next 12 months.
According to EY’s latest APAC Insurance CRO survey 2017-2018 — Empowering for transformation, while risk frameworks have already been widely adopted in the banking sector, they remain relatively new to the insurance industry, with only 45 per cent of insurers across Asia-Pacific having implemented them.
However, results vary across the region with Australian insurance CROs citing “implementing a strong risk culture” as among their greatest accomplishments within the past 12 to 24 months — reflective of the relative maturity of that market.
Jonathan Zhao, EY Asia-Pacific insurance leader, said that differences between markets across the region are largely due to different regulatory expectations and approaches to conduct risk.
“When it comes to implementing risk culture frameworks, Australian CROs are leading the way, while those in other Asian markets, such as China and Singapore, will need to focus on this over the coming 12 months.
“It is also fair to say that larger firms operating in the region, with headquarters in the US or Europe where regulators have set high-conduct risk management benchmarks, tend to have more advanced practices,” said Zhao.
The survey also found that insurers’ maturity in understanding, measuring and governing cyber risks has come a long way over the last 12 months.
CROs understand that cyber attackers do not just target money or credit card details, but also other valuable information, including customer data. The damage caused by a major data breach will not only be financial, but will also
Jonathan Zhao, EY Asia-Pacific insurance leader
have a significant reputational impact to the organization.
Despite the material improvement in understanding cyber risks and potential impacts, risk teams are struggling to bring cyber expertise into the risk function — driven by a skillset shortage in Asia-Pacific.
In fact, 45 per cent of survey respondents across the region are yet to allocate a devoted risk resource toward managing cyber risk.
According to Jason Yuen, Partner and Malaysia Cybersecurity Leader, Ernst & Young Advisory Services Sdn Bhd, the shortage of skilled cyber resources in the country is leading to exponential impact at the second and third lines of defense.