2020 has probably been the one of the worst years that most of us can remember, so what better time for the Actuaries Institute to host its annual CRO Forum? This year, we wanted to learn from a Board Member about how the risk teams had coped and to think about the ways risk management may change following the unprecedented events resulting from the COVID-19 pandemic. As usual, Chatham House Rules apply and so what follows is a high-level overview of themes and topics covered.
For reference, Verne Baker chaired the event which was arranged by the Actuaries Institute’s Risk Management Practice Committee (RMPC) and hosted virtually by the Institute. Sean McGing gave us an introduction focussed on some potential changes to the CRO role that we might expect following COVID-19. Duncan West then gave his personal views and perspectives based on his experiences in the industry and as a Board member for several companies during the period.
Potential changes and opportunities for the CRO role to focus on in this new environment arise in four main areas:
- People – Working from home (WFH)
- Business – Operations, Payments
- Financials – Cashflow, Interest rates, liquidity, capital
- Regulation – APRA changes and expectations
Changes arising from the above include the advantages that Enterprise Risk Frameworks offer are more appreciated, risk is better understood at the Board level through “experiential learning” and the benefits of risk management best practices have been elevated (i.e. “never waste a crisis”). Many of the risks and unintended exposures have been financial risks related to the core business such as insurance risk and products, e.g. business interruption insurance. More broadly, risks have changed because existing trends have been accelerated, some risks have been exacerbated and the Government response has inevitably had a massive effect in all areas.
Looking back over the last 12 months, Board members should be pleased that, overall, the risk management frameworks seem to have held up and in fact performed remarkably well, particularly in the areas of business continuity, cyber, financial risk management and leadership performance – all at a time of unprecedented stress for organisations.
Some areas where we could look for improvements include:
- Interaction with regulators to make sure they focus on the most relevant and helpful areas to aid the recovery
- Communication with actuarial team – needs to be early engagement
- Need to consider risk culture which has been at the forefront recently but also financial risk. The approach must be holistic and cover financial and non-financial risks
- Emerging Risks are hard to identify by their nature and we didn’t see the pandemic coming in terms of its broad impact on society – do we spend enough time considering these risks?
So, what might be worrying boards right now?
- A huge amount of regulatory change? Should be business driven as a priority.
- How do we better embed policies into our businesses, so they don’t ‘sit on the shelf’?
- The implications for Risk Culture across a remote working environment?
- Health and wellbeing of the staff and how that is being managed?
- The unanticipated consequences of all the actions taken so far – What are the “unknown unknowns”!?
Consequently, what Boards may require will likely include:
- Increased speed of information to the Board – “time doesn’t improve bad news”
- Seeking not only information but more analysis which is insightful rather than just a data dump.
- Risk driving strategy both upside and downside. Boards need to take a balanced approach which means stress and scenario testing is crucial.
- Conducting more “deep dives” into business issues despite the potential blurring of corporate governance/ management lines.
In conclusion, after a broad ranging discussion and questions covering most of the above topics, there was broad agreement that leadership and direction were paramount. Much has been learned by working together under pressure and decisions are needed rather than ambiguity. Communication is crucial, particularly to maintain an organisation’s culture.
Important take-outs are:
- The return to work plan is still unclear and perceptions of staff and management may differ. There are also interstate factors in Australia to consider so one policy may not be adequate.
- Time frames for things to happen have shortened considerably. This pace of change has been generally good but beware unintended consequences.
- Principles based advice is needed and the regulators should be pragmatic to help the recovery.
- There needs to be clarity around who has responsibility and accountability in organisations – i.e. who is accountable for making different decisions.
- High trust and constructive conflict in management teams and with the Board really help to deliver the right outcomes.
- Informal communication has been adversely affected by the remote working environment. What are the implications as it appears unlikely that the workforce will ever be the same again!
- We need more focus on emerging risks and a holistic approach.
It was a great session, and we all came away with a huge amount to consider. We would welcome any thoughts or questions to the RMPC for further consideration and comment.
CPD: Actuaries Institute Members can claim two CPD points for every hour of reading articles on Actuaries Digital.