Cyber security remains a challenge for insurers worldwide, according to Ron Harasym, head of risk analytics, enterprise risk management (ERM) at Protective Life Insurance Company Speaking to Risk.net, Harasym says risk analytics is a challenge across the board whether you’re looking at mortality trends, policy-holder data, information on claims, or interest rate or equity exposures of your products. The biggest challenge lies in getting robust analytics in a timely manner.
On the technology front, he says there are a lot of legacy environments on the insurance company side, and bridging that gap will take time. But having the right technology is key to future-proofing oneself.
How is the industry tackling the interest rate environment?
Ron Harasym: One of the biggest challenges is the lower for longer interest rate and the need for spreading assets. There is a thought process at many insurance companies that interest rates will rise over time. To the extent interest rates stay lower for a longer period of time, then profitability of products that are added on the books will not emerge as originally priced.
We’ve already seen it in other countries, particularly in Japan. Could it also happen in the US? The lower for longer interest rates and the search for spread or alternative assets that offer greater spreads will also bring higher risk.
Another challenge is cyber security – expenses and the cost-benefit analysis is always on my mind. Many risk management expenses are difficult to justify on a simple cost-benefit analysis because you can see the cost, but the benefit is difficult to quantify: how do you assign value to risk events that you prevented?
And, more broadly, the cost-benefit analysis for ERM spend often gets wrapped up in a pure finance cost-benefit analysis framework/mind-set and that, in my mind, is problematic and difficult to address.
What’s interesting about cyber security is that it is easy for someone to say that 90% of what they spent didn’t do anything or didn’t have any impact. But, in reality, unless you have a reasonable standard bar in terms of cyber security, there are people out there who will exploit you.
The difficulty with cyber security is that you don’t know what has tried to hurt you because it didn’t happen. So it is difficult to demonstrate the value-add. Cyber security is hard to quantify.
In terms of cyber security and how much is enough, money has to be spent wisely on it because you can certainly see that you can toss a lot of dollars at it. Going back to the issue of a majority of the spend on cyber security, it will be basically raising the bar high and higher. It’s like the brakes on a car: you don’t really realise how important they are until something happens.
On the ERM side, with risk management endeavours, such as quantification or developing new analytics, it’s hard to see the value-add of these since it’s hard to quantify. But, if you could quantify various risk exposures that you couldn’t before or correlations or cross relationships, that’s the value-add.
The risks to any insurance company, like any business, are all interconnected. So you have to be on guard in many areas from an ERM perspective. Then, once again, it comes down to cost-benefit analysis and expenses. It’s easy to look at and say ‘risk management is just an excess expense because many years back it wasn’t really a big area’, whereas now it has a lot of focus.
How are risk analytics shaping up to be a challenge for insurers and what measures are in place to improve risk analytics?
Ron Harasym: Risk analytics is a challenge across the board, the greatest of which is securing robust analytics in a timely manner. By timely I mean they’re produced almost in real time such that the decision value of that information is useful.
Getting buy-in from the management is also a challenge. If you’re going to make decisions on some of this information, you want to make sure it’s accurate, predictable and explainable. In terms of risk analytics, you need to get a bit of history but, just like in economics, the macroeconomics keep changing, and the mortality and demographic landscape can suddenly shift. Timeliness of information is one of the challenges across any industry.
How is technology changing the landscape and where are insurers on the curve in the technology adoption game?
Ron Harasym: It’s well known that the insurance industry has been slower to adopt technology than other industries, and that is a problem. Also, in order to adapt new technology – whether for underwriting, for taking applications or just doing actuarial reserving calculations – the new technology needs to be implemented by a team that is different from those running legacy systems.
Do companies have the right teams working on the new technologies?
Ron Harasym: Sometimes you must change your view because software-as-a-service has become much more the common standard. A company could have several types of platforms – one could be in the cloud, one could be totally on-premise, or a hybrid. There are a lot of legacy environments on the insurance company side and bridging that gap will take time, but it also requires a culture change. I feel some companies are better at it than others.
How can this industry future-proof itself?
Ron Harasym: What’s interesting about the insurance industry is, if you go back 20 years, the barriers to entry – such as capital requirements, regulatory requirements and filing requirements – seemed considerably high. Now there are a lot more entrants that could be smaller. As an insurance company, keeping your expenses under control is a challenge because, to maintain profitability, expense control must be very tight.
And, now it sounds very simple, but it’s very easy for expenses to get out of control in any company. There is also an issue of competition for labour and specialised skills, such as accounting, finance and actuarial. So there will be areas that will put more pressure on the expenses, but that’s all the more reason you need to be aware of where to make things more efficient and effective in terms of expense reductions, because you never know where the next expense stress will occur.
Also, having the right technology is crucial. If you’re smart about the expenses and smart about implementation and process, that’s key to future-proofing. From beginning to end – from product design and development, to sales, reserving valuation and projecting it – you just have to be efficient and effective in your processes.
If you happen to make a new better process – more streamlined, more efficient, more rock-solid – that helps in future-proofing. And how do you stay competitive? Obviously, the number one thing is pricing in the long run. People will look at claims and credit quality, but if you maintain a reasonable credit quality, reasonably good claims process, settling and handling, then pricing really becomes key.
Courtesy- https://www.risk.net/asset-management/7937596/risk-analytics-to-the-rescue