Risk and compliance functions across the insurance sector are increasingly focusing on how they can add value and utilize technology to drive efficiency and undertake activities more effectively.

To understand the industry’s approach to managing risk and compliance, KPMG conducted two separate surveys, each for the respective functions, to assess and understand where insurance firms are in their risk and compliance transformation journeys. A total of 37 insurance firms have participated in these surveys, ranging from small and medium-sized firms to some of the key players in the international insurance industry. Responses were received from a broad range of geographies.

In particular, the surveys aimed to:

  1. Gather insights on the insurance sector’s approach to transforming the risk and compliance functions.
  2. Facilitate a benchmarking exercise for survey participants to understand the maturity of their approach to risk and compliance against their peers.


Across both risk and compliance surveys, we identified the following key themes:


Undertaking a risk/compliance transformation program

On average, 57% of respondents, have undergone, are currently undergoing, or plan to undergo a transformation program or a target operating model (TOM) redesign exercise.

Over recent years, insurers have been increasingly cognizant of how the risk and compliance functions are quickly evolving to keep up with rapid changes in the regulatory and economic environment. Many risk and compliance functions have been proactive to understand where efficiencies can be gained, to ensure resources can better utilize their time.

For those who have not and do not plan to undergo such a program, it is important for these firms to closely monitor the current state to mitigate the risk of falling behind peers.


Capability for the ‘risk and compliance function of the future’

Approximately 85% of respondents identified data analytics as the most important capability for the risk and compliance function of the future.

Nineteen percent of respondents considered the average skills mix in relation to data analysis, MI and reporting to be either ahead of peers or market leading. This is unsurprising given that a lack of streamlined MI and reporting processes is common across the insurance (and wider financial services) industry.

Data solutions are only valuable if there are adequate underlying data and systems to draw from. Firms are encouraged to review their current estate and determine what MI the recipient (e.g. regulators, committee members etc.) wish to see and whether the underlying data and systems provides a strong foundation to meet these objectives.


Barrier to investment in new technology and systems

Lack of funding was cited as the biggest barrier to investment in new technology and systems for the risk and compliance function by approximately 37% of respondents. Of this population, 86% responded on behalf of a global or local group entity. This signifies that those from larger organizations are likely to be contending with competing priorities within the group.

Given the nature of technology and systems is continuously advancing, it is often difficult to understand what is the appropriate solution and how to demonstrate value for money.

There is unlikely to be a tool that can solve all issues, therefore it is key to determine which process requires prioritized support. Key decision-makers will require comfort from thorough cost analysis to ensure the benefits are realizable and tangible.


Utilizing automated solutions

Circa 78% of respondents believe their function is suitably and effectively enabled by the automation of processes and controls, with a higher proportion of respondents from the compliance survey (73%) aiming to introduce further automated solutions by the end of 2022, in comparison to risk respondents (45%).

Some risk and compliance respondents (5% and 47% respectively) currently use automated solutions to identify emerging risks and regulations. Organizations that carry out this activity manually may find that efficiencies need to be gained if FTEs are spending long periods of time or unable to prioritize horizon scanning among other risk/compliance activities.

Determining how much time FTEs spend on activities will enable a function to understand whether automated solutions are required.


Focus areas for technology investment

Data capture and transformation, and advanced visualization are seen to be the most important tools/processes for investment. This focal point on data is reflective of what is seen in the wider market.

More broadly, firms are facing common challenges with the current systems/tools used by their organizations. These include:

— Availability of data;
— Reliance on the first line for data input; and
— Lack of interaction/interplay between systems and workflows (e.g. manual processes when inputting data, or lack of real time alerts)

While it is positive that firms are harnessing data solutions, the first step is for functions to assess the suitability of data received from the first line to understand whether the quality of the output is acceptable.


Limited focus on cyber by compliance

Organizations across financial services are increasingly feeling the regulatory pressure to protect themselves and consumers from cyber threats. The surveys found that 7% of compliance survey respondents undertake cyber-related compliance activities. Sixty-eight percent of risk survey respondents conducted deep dives in relation to cyber in the preceding 12 months. It is crucial that cyber risks are monitored by at least one of the functions.

Risk functions typically include cyber as a risk type within their taxonomy/universe. This ensures there is regular reporting and monitoring, to mitigate (as far as possible) the risk of cyber threats crystalizing.

Ensuring functions are equipped with appropriate subject matter expertise will help firms to navigate the complex and unpredictable nature of cyber risks. As cyber threats become more sophisticated, there is less room for complacency.



Get in touch