In April this year, the IRM’s Internal Model Industry Forum (IMIF) released a report which outlined how insurance companies can factor operational risk into their insurance purchasing decisions – and many of its points are relevant to risk managers within all organisations.
Historically, the tasks of modelling operational risk and purchasing insurance have been handled separately, with responsibility for each often sitting with different teams or departments. However, those firms that have moved away from a siloed approach are much better placed to assess how much risk to transfer to insurers, as they are able to use information generated by a robust operational risk management framework.
Putting risk data to work
Within the IMIF report, Caroline Coombe, chief executive of loss data consortium ORIC International, said: “Operational risk tools such as internal and external loss event data, risk control self-assessments, operational risk scenarios and, ultimately, the internal model, go hand-in-hand with loss mitigation. There is a real opportunity for firms to use insurance to manage their risk profile and maximise capital efficiency.”
By properly identifying, managing and reporting risks and loss events, risk managers can help to provide a clear rationale for their firm’s insurance purchase decisions, as well as making sure they are fully aligned to the organisation’s risk profile and associated risk appetites. Providing this information to insurers will allow them to compare it with their own extensive experience within the market. In turn, this opens up the possibility of bespoke insurance, which is becoming an increasingly popular option.
This approach also demonstrates the robustness of the firm’s risk management processes to internal and external stakeholders, including shareholders, debt holders and credit rating agencies.
Aligning risk and insurance
Risk managers need to look at their operational risk framework and insurance decisions in parallel, considering how the various elements of the framework inform insurance decisions, and to what extent information from insurance programmes informs operational risk management assessments. They must also consider whether outputs and decisions from the two frameworks are consistent and whether there are processes in place to ensure this is maintained.
Other key considerations for risk managers include ensuring consistency between the firm’s insurance programme and its risk profile, and being able to quantify the impact of one on the other. This becomes especially important when assessing capital requirements and factoring in any scenario work. Risk managers should also assess the extent to which the rest of the organisation has a common view of the operational risks faced and insurance purchased, in order to ensure consistent risk management decisions.
The IMIF believes there is not enough awareness at a senior level of the advantages of aligning operational risk and insurance processes, but the benefits of moving away from siloed working are abundantly clear; if risk managers are able to ensure the decisions made by insurance purchasers are closely aligned to their own, the process becomes two-way, with both sides benefitting from the insights generated from each other’s frameworks.