In­surance and risk

The risk per­spec­tive of in­surance com­pa­nies is chang­ing, and th­ese com­pa­nies have to be ag­ile in or­der to be able to ward off threats that dig­i­ti­za­tion has brought in:

Banking Frontiers - - Contents -

Risk man­age­ment is now on top of the agenda for In­dian in­sur­ers as risk pro­file is in a state of con­stant change. Risk man­age­ment prac­tices are be­ing thor­oughly pro­fes­sion­al­ized and th­ese are now in­te­grated into the process of man­age­ment of busi­ness. In the rapidly chang­ing world of VUCA, or Volatil­ity, Un­cer­tainty, Com­plex­ity and Am­bi­gu­ity, in­surance com­pa­nies face newer and so­phis­ti­cated forms of risks. The om­nipres­ence of VUCA and the grow­ing com­plex­ity thereof in the busi­ness en­vi­ron­ment present road­blocks to an en­ter­prise’s jour­ney to­wards achiev­ing their ob­jec­tives. The man­i­fes­ta­tion of VUCA can be seen in many forms like nat­u­ral calami­ties, tech­no­log­i­cal glitches and changes in fi­nan­cial mar­kets.


In to­day’s dig­i­tal era where tech­nol­ogy has be­come a game changer, tech­nol­ogy risk is one of the big­gest risks faced by in­surance com­pa­nies. Cus­tomer data and cy­ber se­cu­rity have emerged as cru­cial and cus­tomer data pri­vacy is one the big­gest threat in the dig­i­tal era. The rise in the cy­ber crimes has added more wor­ries for the in­sur­ers.

A risk man­ager faces threats (risk) while in­te­grat­ing var­i­ous web plat­forms, pay­ment gate­ways and pay­ment mer­chants with the core in­ter­nal IT sys­tem and ap­pli­ca­tions. As the re­quired data is col­lected from var­i­ous dig­i­tal plat­forms, at times there are chal­lenges on ac­count of in­com­plete data and in­con­sis­tency thereof. In or­der to mit­i­gate the tech­nol­ogy risk, data clean­ing op­er­a­tions, his­tor­i­cal trends anal­y­sis on var­i­ous ex­po­sures and loss ra­tio anal­y­sis are car­ried out by ap­ply­ing sta­tis­ti­cal tools like the re­gres­sion model and by us­ing prob­a­bilis­tic ap­proach.

Glob­ally, with ad­vanc­ing im­por­tance of dig­i­ti­za­tion of data, in­for­ma­tion tech­nol­ogy cou­pled with gov­ern­ment run ini­tia­tives like broad­band high­ways, Ru­ral In­ter­net

Mis­sion, etc, com­pa­nies are vir­tu­ally con­nected to the en­tire world. Hence cy­ber risk is a ma­jor threat. In or­der to pro­tect the cus­tomer’s per­sonal data, health re­lated data and also to re­tain con­fi­den­tial­ity of data at all lev­els, the risk man­ager along with in­for­ma­tion se­cu­rity team take all pos­si­ble steps to mit­i­gate cy­ber risk by im­ple­ment­ing ad­vanced IT se­cu­rity con­trols with­out breach­ing the data loss.

Samir Shah, ex­ec­u­tive direc­tor & CFO at HDFC ERGO Gen­eral In­surance, be­lieves there are chal­lenges that in­surance com­pa­nies face to­day, like tech­nol­ogy ob­so­les­cence, in­volve­ment of var­i­ous ex­ter­nal agen­cies in prod­uct and ser­vice de­liv­ery and rise in cy­ber at­tacks and data theft. “More­over, it is an­tic­i­pated that there is like­li­hood of en­hanced statu­tory norms re­lat­ing to data pro­tec­tion and strin­gent puni­tive ac­tion in the event of breach of cus­tomer data pri­vacy. Hence, in­for­ma­tion se­cu­rity and cy­ber risks are con­sid­ered as one of the top risks for an in­surance com­pany,” says he.

Ra­jeev Ku­mar, chief risk of­fi­cer at Ba­jaj Al­lianz Gen­eral In­surance, con­tends that the risk spread for in­sur­ers who of­fer cy­ber cover to or­ga­ni­za­tions and en­ti­ties is high. This is mainly due to the in­crease in in­ten­sity and fre­quency of cy­ber-at­tacks due to the on­set of tech­nol­ogy and bet­ter in­ter­net con­nec­tiv­ity, he avers.

In­for­ma­tion has be­come a valu­able key as­set for any or­ga­ni­za­tion and more so for an in­surance com­pany by virtue of its busi­ness deal­ing in­volv­ing high vol­ume of cus­tomer in­for­ma­tion ex­change and re­ten­tion. The com­pa­nies have there­fore to fo­cus on spe­cial­ized work­force to man­age cus­tomer data and to man­age cy­ber se­cu­rity risks.


Ex­treme drought, un­prece­dented rains lead­ing to floods, rag­ing wild­fires, tsunamis, chang­ing weather pat­terns etc have be­come a rel­a­tively rou­tine phe­nom­ena across the world th­ese days. It has been a mat­ter of con­cern that there has been a con­sis­tent rise in the fre­quency and sever­ity of cat­a­strophic events across the globe.

Samir Shah says as a gen­eral in­surance com­pany, HDFC ERGO fore­sees risk of nat­u­ral disas­ter and cat­a­strophic events as one of the top risks as it has a two-fold im­pact, firstly on the quan­tum of claims and se­condly the higher cost of fu­ture rein­sur­ance pro­tec­tion.

Ra­jeev Ku­mar too says cli­mate risks are be­com­ing even more un­cer­tain for in­sur­ers be­cause of cli­mate changes like in­crease in fre­quency of nat­u­ral catas­tro­phes, droughts, etc. Such events pose a risk for in­sur­ers in terms of claim outgo and in­fra­struc­ture costs.

Thi s y e a r I ndi a has wi t nes s e d un­pre­dicted rains and floods in most of its ge­ogra­phies. So, the global warm­ing and chang­ing weather con­di­tions have be­come the top risks for in­surance com­pa­nies and th­ese com­pa­nies are de­vel­op­ing spe­cial strate­gies to com­bat th­ese risks.


Apart from tech­no­log­i­cal risks, cy­ber se­cu­rity risks and chang­ing weather risks, in­surance com­pa­nies also have to deal with rep­u­ta­tion risk. It is dif­fi­cult for com­pa­nies to main­tain rep­u­ta­tion in a com­pet­i­tive in­dus­try en­vi­ron­ment. There is con­sid­er­able rise in op­er­a­tional risk in the in­dus­try due to the fail­ure of the sys­tem, pro­cesses and peo­ple.

Rep­u­ta­tional risk has a di­rect im­pact on brand im­age of the com­pany. Pos­i­tive news about a com­pany en­hances its brand im­age, but neg­a­tive news, re­view or com­ments in so­cial me­dia may re­sult in a trust deficit among cus­tomers, which can have an ad­verse im­pact on the im­age of com­pany. The risk man­ager and se­nior man­age­ment are most con­cerned about brand im­age of the com­pany.

C o mment s R a j e e v K u ma r o n op­er­a­tional risks: “Op­er­a­tional risks arise due to fail­ure of sys­tem, pro­cesses and peo­ple that or­ga­ni­za­tions face dur­ing their day to day op­er­a­tions. With the ge­o­graph­i­cal spread and ex­ten­sive use of IT that most in­sur­ers have to­day along with in­crease in the num­ber of of­fices, chan­nels, man­power, etc, it is im­por­tant to have con­sis­tency and stick to cer­tain norms to avoid the risk large or­ga­ni­za­tions may face.”

In­surance i ndus­try is sub­ject to con­sid­er­able strate­gic chal­lenges. Gopal Balachan­dran, CFO & CRO at ICICI Lom­bard Gen­eral In­surance, em­pha­sizes that cor­po­rate risks do not ex­ist or oc­cur in iso­la­tion, thereby re­quir­ing a dif­fer­ent ap­proach for dis­cus­sion on ex­po­sures and risk man­age­ment. “In to­day’s dy­namic en­vi­ron­ment the top risks that in­surance com­pa­nies are ex­posed to mainly per­tain to cy­ber se­cu­rity, data pri­vacy, ta­lent pool and at­tri­tion,” says he.

Rep­u­ta­tion, op­er­a­tional, cor­po­rate and other risks re­quire an in­te­grated ap­proach by de­part­ments like mar­ket­ing, IT and HR to man­age them ef­fi­ciently.


In­dian in­surance com­pa­nies had started ap­point­ing chief risk of­fi­cers even be­fore it be­come manda­tory. The risk team size mainly de­pends on the size and ar­eas of op­er­a­tions of the in­surance com­pa­nies con­cerned They have ap­pointed spe­cial risk man­agers to man­age dif­fer­ent types of risks. The risk team mem­bers have ex­per­tise in risk man­age­ment func­tions, in­for­ma­tion se­cu­rity and fraud pre­ven­tion.

Ba­jaj Al­lianz Gen­eral In­surance has a team size of less than 10 peo­ple for risk man­age­ment, as tech­nol­ogy plays a vi­tal

role in iden­ti­fy­ing and mit­i­gat­ing risk, which is mainly done through in­ter­nal track­ing mech­a­nisms. Samir Shah shares the de­tails of the team size: “We have a des­ig­nated CRO for the last 10 years. We have a team of 6 per­son­nel in our risk man­age­ment team in­clud­ing the CRO.”

ICICI Lom­bard Gen­eral In­surance has a CRO at a MANCOM level head­ing the risk man­age­ment func­tion. The MANCOM is com­pletely in­volved in risk man­age­ment ini­tia­tives, in­clud­ing play­ing a key role in the risk ver­sus re­wards de­ci­sion mak­ing process. Gopal Balachan­dran says the to­tal size of the risk man­age­ment func­tion is over 175 peo­ple com­pris­ing the right blend of en­ter­prise risk man­age­ment, in­for­ma­tion se­cu­rity and fraud pre­ven­tion and man­age­ment pro­fes­sion­als. Dif­fer­ent seg­ments of the risk man­age­ment func­tion have able lead­ers who drive and lead the re­spec­tive prac­tices, says he.

Uni­ver­sal Sompo Gen­eral In­surance Com­pany has an i nde­pen­dent risk man­age­ment depart­ment which acts as the sec­ond line of de­fence in the com­pany for iden­ti­fi­ca­tion of var­i­ous risks and for sug­gest­ing cor­rec­tive mea­sures thereof. Nir­mal Bhattachar­ya, chief un­der­writer at the com­pany, speaks about the risk man­age­ment slo­gan adopted by the com­pany: “We treat all the em­ploy­ees as stake­hold­ers of var­i­ous risks and heads of the de­part­ments as risk own­ers of the re­spec­tive de­part­ments. We have adopted this slo­gan: ‘Ev­ery­one is a Risk Man­ager for the com­pany’.”

Ca­nara HSBC Ori­en­tal Bank of Com­merce Life In­surance Co has a CRO, who is en­gaged in iden­ti­fi­ca­tion, as­sess­ment, mon­i­tor­ing and re­port­ing of key risks to which the com­pany is ex­posed to, in­clud­ing emerg­ing risks. Its team com­prises of 9-10 spe­cial­ized risk man­age­ment pro­fes­sion­als over­see­ing var­i­ous cat­e­gories of risks like in­for­ma­tion se­cu­rity, fi­nan­cial risk, op­er­a­tional risk, fraud risk, etc. The com­pany’s CRO Sid­dharth Kaushik says: “Ev­ery func­tion within ‘First Line’ has been em­pow­ered to drive the risk man­age­ment frame­work in the re­spec­tive ar­eas of op­er­a­tions through a struc­tured frame­work and ded­i­cated risk specs, which in­cul­cates a cul­ture of risk man­age­ment and en­hances the com­pany’s ca­pa­bil­ity to build risk en­gage­ment at ev­ery level within the or­ga­ni­za­tion.”

The role of CRO and other risk man­agers is be­com­ing cru­cial be­cause of the rise of tech­nol­ogy re­lated frauds in the in­dus­try. In fu­ture, it is pos­si­ble that in­surance com­pa­nies will in­tro­duce spe­cial dig­i­tal risk man­age­ment teams to man­age on­line frauds.


Many in­surance com­pa­nies have not ap­pointed risk man­age­ment con­sul­tants. Some com­pa­nies have im­ple­mented en­ter­prise risk man­age­ment prac­tices, which help to lay the foun­da­tion for ef­fec­tive risk man­age­ment prac­tices.

Sid­dharth Kaushik of Ca­nara HSBC Ori­en­tal Bank of Com­merce Life In­surance ex­plains: “We have a spe­cial­ized risk man­age­ment func­tion which is pri­mar­ily en­gaged in car­ry­ing out all risk re­lated ac­tiv­i­ties along the first line of de­fence. At times, we en­gage ex­ter­nal con­sul­tants for se­lect highly spe­cial­ized ser­vices such as foren­sic in­ves­ti­ga­tions.”

USGIC has ef­fec­tively im­ple­mented en­ter­prise risk man­age­ment prac­tices across the com­pany by lay­ing down the foun­da­tion pil­lars of risk gov­er­nance, risk man­age­ment cul­ture among em­ploy­ees of com­pany and ad­her­ing to reg­u­la­tory com­pli­ances. While de­liv­er­ing re­li­able in­surance prod­ucts to In­dian cus­tomers, the com­pany is pri­mar­ily fo­cussed with cus­tomer cen­tric ap­proach for pro­tect­ing pol­i­cy­hold­ers’ in­ter­ests.

Most of the in­sur­ers pre­fer in­house con­sul­tants for risk man­age­ment func­tions. En­ter­prise risk man­age­ment prac­tices play an im­por­tant role in en­hanc­ing the risk man­age­ment cul­ture in the or­ga­ni­za­tions.


Sev­eral in­surance com­pa­nies have suc­cess­fully im­ple­mented risk man­age­ment soft­ware to mange dif­fer­ent types of risks. Most of the in­surance com­pa­nies have de­vel­oped such soft­ware in­house and th­ese are mainly used in ar­eas like for un­der­tak­ing risk as­sess­ments and for do­ing risk anal­y­sis. Risk man­age­ment teams have de­vel­oped dif­fer­ent tools to man­age the risks.

Ba­jaj Al­lianz Gen­eral In­surance has de­vel­oped a soft­ware that helps to iden­tify risks spe­cific to each depart­ment, which

is then as­sessed, mitigation steps are sug­gested and mon­i­tored ac­cord­ingly.


Data an­a­lyt­ics and data in­sights are fo­cus ar­eas for in­surance com­pa­nies. They fo­cus on build­ing pow­er­ful an­a­lyt­ics ca­pa­bil­i­ties to rea­son over data, not only in hind­sight, but through in­sights that can em­power the com­pany and lead­er­ship to pre­dict un­fore­seen risks and ex­po­sures. In cer­tain ar­eas, the com­pa­nies also use spe­cial­ized off the shelf or cus­tom­ized tools like for pred­ica­tive fraud risk anal­y­sis, etc.

Samir Shah speaks about cus­tomised risk man­age­ment tools: “We fo­cus on de­vel­op­ing cus­tom­ized tools for en­ter­prise wide risk and con­trol as­sess­ment. For ex­am­ple, we have an ap­pli­ca­tion which as­sists in as­cer­tain­ing and mon­i­tor­ing the nat­u­ral and cat­a­strophic risk ex­po­sure and ac­cu­mu­la­tion at pin code lev­els across the coun­try.”

Nir­mal Bhattachar­ya of Uni­ver­sal Sompo Gen­eral In­surance Com­pany says data clean­ing and blend­ing tools are used for rec­on­cil­i­a­tion of premium and claims data, Ex­cel VBA -macro are used in de­vel­op­ing the risk matrix and au­tomat­ing the process of alerts gen­er­a­tion, while in­ci­dent man­age­ment tools cap­ture loss event. Open source tools are cus­tom­ized for cre­at­ing in­ter­nal pro­to­types like sta­tis­ti­cal mod­el­ling: lin­ear re­gres­sion model and com­pu­ta­tion of loss ex­penses.


Dig­i­tal trans­for­ma­tion has l ed to a pro­lif­er­a­tion of dig­i­tal so­lu­tion providers. The emerg­ing risktech com­pa­nies are equipped with ad­vanced tech­nol­ogy, de­sired skilled re­sources and cost-ef­fec­tive so­lu­tions which can be largely cus­tom­ized as per var­i­ous re­quire­ments of cus­tomers. They there­fore are of­ten able to find in­no­va­tive and fea­si­ble al­ter­na­tives to cater to the risk man­age­ment needs of com­pa­nies. How­ever, be­ing new ven­tures, they have lim­i­ta­tions like lack of de­sired ex­pe­ri­ence and ex­po­sure in risk man­age­ment.

Samir Shah com­pares emerg­ing risktech vs es­tab­lished com­pa­nies: “The es­tab­lished risk man­age­ment so­lu­tion providers have ready off-the-shelf prod­ucts which are well con­structed but may not be suit­able for the de­sired de­gree of cus­tomiza­tion re­quired. Un­der such cir­cum­stances it is of­ten a trade­off be­tween fully and par­tially cus­tom­ized prod­ucts. Both op­tions have their pros and cons, hence in­di­vid­ual cir­cum­stances and re­quire­ments of­ten de­ter­mine the choices made.”

Nir­mal Bhattachar­ya adds: “Emerg­ing risktech com­pa­nies help in us­ing data sci­ence and an­a­lyt­ics tech­niques for pre­dict­ing fu­ture loss with the help of ma­chine learn­ing al­go­rithms and big data. The ap­proach fol­lowed by an es­tab­lished so­lu­tion provider is pri­mar­ily to min­i­mize the cur­rent fi­nan­cial losses. Our ex­pe­ri­ence with risk tech com­pa­nies has been lim­ited so far.”

Both t he c at e gori e s of s ol uti on providers bring value to the ta­ble. While the es­tab­lished play­ers have the ca­pa­bil­ity of pro­vid­ing en­ter­prise wide so­lu­tions and / or are cat­e­gory lead­ers, the emerg­ing risk tech com­pa­nies pro­vide in­no­va­tive point so­lu­tions. Says Sid­dharth Kaushik: “In my view, there is noth­ing like one be­ing bet­ter than the other; rather, it’s a mat­ter of what suits one’s needs and aligns with the end ob­jec­tive. Both the so­lu­tion providers do pro­vide new tech­nolo­gies and at times bring in a com­pletely new per­spec­tive. One of the key as­pects which one needs to be cog­nizant of while work­ing with so­lu­tion providers per­tains to blend­ing th­ese so­lu­tions with the ex­ist­ing ecosys­tem which at times may in­clude old pro­cesses and le­gacy sys­tems.”

In short, the es­tab­lished com­pa­nies have ex­per­tise, but they are un­able to pro­vide cus­tomised so­lu­tions like risktech com­pa­nies.


Evolv­ing tech­nolo­gies like ad­vanced an­a­lyt­ics; telem­at­ics, In­ter­net of Things (IoT), etc are buzz words in the fi­nan­cial ser­vices space. In­surance com­pa­nies can­not af­ford to de­lay or avoid adop­tion of th­ese rel­e­vant tech­nolo­gies as they fa­cil­i­tate speed, agility, scal­a­bil­ity and flex­i­bil­ity.

Born dig­i­tal in­surance com­pa­nies are lever­ag­ing tech­nol­ogy to drive change in cus­tomer pref­er­ences, ex­pec­ta­tions and ex­pe­ri­ence; no sooner than later this will ne­ces­si­tate restruc­tur­ing of the tra­di­tional busi­ness mod­els of old-time play­ers. The longer is the wait to break in­er­tia for such adop­tion, more dif­fi­cult would it be for the com­pany to sur­vive the tech­no­log­i­cally savvy com­pe­ti­tion. De­layed or nonac­cep­tance of rel­e­vant tech­nol­ogy adop­tion and de­ploy­ment is a top risk for the fu­ture for the in­surance com­pa­nies.

Samir Shah fore­sees risk of nat­u­ral disas­ter and cat­a­strophic events as one of the top risks in terms of quan­tum of claims and higher cost of fu­ture re-in­surance pro­tec­tion

Gopal Balachan­dran be­lieves that cor­po­rate risks do not ex­ist or oc­cur in iso­la­tion and they need a dif­fer­ent ap­proach for dis­cus­sion on ex­po­sures and risk man­age­ment

Ra­jeev Ku­mar main­tains risk spread for in­sur­ers who of­fer cy­ber cover to or­ga­ni­za­tions and en­ti­ties is high be­cause of the in­crease in in­ten­sity and fre­quency of cy­ber-at­tacks

Sid­dharth Kaushik refers to his com­pany’s treat­ment of risk ac­tiv­i­ties along the first line of de­fence

Nir­mal Bhattachar­ya ex­plains how his com­pany has cre­ated the slo­gan ‘Ev­ery­one is a risk man­ager for the com­pany’

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.