Insurance Companies: more technology for control functions

Insurance Regulation - Operational Transformation Observatory at SDA Bocconi School of Management recently turned its attention to the role of new technologies, and the opportunities and limitations they represent in value creation for control functions in insurance companies. This was the inspiration behind Next Generation Risk and Compliance: data and technology to support value creation, a study conducted with Capgemini, project partner and sponsor.  

The aim was to come up with answers to some key questions:  What’s the general awareness of the evolution of the risks managed by the two control functions? What problems arise in balancing the competitive demands of the business and the evolution of the regulatory framework? What level of awareness and understanding do people in control functions have as far as technologies and what they can bring to the table? What do they perceive to be the limitations of these technologies? What doubts do they have about implementing them? Lastly, what innovative approaches and tools have been adopted or should be adopted in the future? 

There’s no doubt, in fact, that in a constantly evolving global and local context, the number of risks that insurance companies have to handle is on the rise. This would make regulation and innovation the priority investment areas for control functions, with the aim of modernizing the business model, creating value and working more proactively to identify new and/or emerging risks. The pressure in guaranteeing oversight of internal controls, from a cost-saving perspective, and curtailing the impact on the operational machine justifies the strategic centrality of data and the evolution of the technology-based operating model. All this for the sake of effectiveness, efficiency and – ultimately - the resilience of the company itself. 

We ran our study on a representative sample of the Italian insurance market: 49.07% of total premiums from the property segment; 45.97% total premiums from the life segment, and 46.73% of the total premium income. The method we adopted was based on two questionnaires, one for each function, which we utilized as a guide for conducting interviews and making responses comparable.
With regard to the Risk Management function, an analysis of our findings reveals careful monitoring of this activity, with growing focus on fleshing out a frame of reference with the help of digital innovation. This applies not only in decision-making at a company level, but also in specific processes of the function itself.
Knowledge on innovation issues is solid, and several different initiatives have been rolled out, in particular in the context of risk reporting. The priority risk profiles we identified are typical of risk management activity (market risks and insurance technical risks). However, investments here are more closely tied to upgrading systems for calculating capital requirements, rather than innovative technologies to support the management of these risks. Also deemed critical are risks associated with cybercrime and those relating to ESG (environmental, social and governance issues). The strong propensity here is to use new technologies, as with operational risks.
Project initiatives are hampered by rollout delays, a lack of specific know how and budget restrictions.
As far as the Compliance Function, the results of our study show marked interest in new technologies, some of which are already being used, as they are recognized as fundamental tools for improving decision-making processes, enhancing compliance efficiency and effectiveness, minimizing losses and improving corporate profitability.
Anti-recycling and Know Your Customer (KYC), according to our findings, are the fields of choice for automating controls and reporting, utilizing data analytics and artificial intelligence (AI). In addition, the Compliance Function has been brought on board more and more in the process- and product-building phase to maximize the effectiveness of control: as an example, consider the regulations on governance and control of insurance products, with a reinforcement of the role of the Compliance Function along the entire chain.
Finally, in comparing the two functions, our analysis does not emerge significant differences, even though the level of maturity of Risk Management seems to be more advanced: more sensitive to the urgent need to ramp up the use of new technologies and more convinced of both the present and future investment.

As far as future prospects on the Risk Management front, the possibilities that AI and process robotization offer appear to be most interesting. However, these questions must be carefully evaluated with respect to the need to ensure that the company is always able to comply with regulatory norms.
As for the Compliance Function, the development Insurtech is the way of the future. Along with Regtech tools, Insurtech will enable companies to easily identify and verify, in real time, whether or not processes and codes of conduct adopted by individual insurance companies are up to standard. What’s more, this move may encourage companies to adopt an approach that is no longer product-centric but customer-centric, to satisfy customers’ demands and anticipate their future needs.
Generally speaking, investing in AI initiatives, machine learning and robotic process automation doesn’t represent a strategic choice, but rather an unavoidable fact of life for business continuity. Companies will have to make big investments in IT architectures (cloud computing, data leaks, analytics tools, data governance policies), as well as skill building. The final goal, which should represent the North Star, is always creating value for the company.