RISK & GRC MANAGEMENT
FOR INSURERS
The insurance industry can realize significant advantages from integrated GRC. The industry is highly regulated and their business processes usually contain a high number of operational risks. If executed properly, an integrated GRC approach will result in more effectiveness and will ultimately have a huge effect on the bottom-line instead of being a cash drain to the company. Another aspect one may not forget are the penalties that regulatory bodies can address to a company in case of breaching its compliance obligations.
- Risk Management: The Solvency-II framework directive will impose additional obligations for risk management on insurers. Beyond the insurance specific risks like investment and underwriting risks, it will also ask for more sophistication in other risk areas like operational risks. Though ORM is not fully elaborated in the present documents it is very likely that the principles as applied in banks will be copied to insurers.
- Compliance: Insurers have to cope with multiple compliance topics which has increased significantly over the last years. Compliance subjects may concern the services provided, the required licenses, the disclosure of information or the recordkeeping of data. The legislative enforcements can differ from customer privacy (Insurance Consumer Protection Act) , reinsurance activities (EU reinsurance Directives), solvency guidelines (Solvency II), HIPAA, Gramm-Leach-Bliley Act, SOX and the USA patriot Act.
- Audit support: The GRC framework of CERRIX will help audit departments of insurers to ease their audit activities. Audit engagements can better make use of Risk and Compliance register.
- Capital Planning : More sophisticated risk-based capital management can not only help to underpin compliance with new prudential regulation, but also provide a better understanding of the tradeoff between risk and reward, leading to smarter capital allocation and more sustainable value creation.