A global perspective on Enterprise Risk Management

I’ve been in Australia just over a year-and-a-half now, and having just hit one year in the Australian insurance market, I thought it would be good to take some time to reflect on this new land that I call home – from an actuarial perspective of course.

As an actuary from South Africa, I’ve predominantly worked in life insurance, but more recently, driven by my passion for enterprise risk, I’ve taken on the challenges of a few second-line risk roles.

When my young family and I moved to Australia in 2019, I was lucky enough to find another second-line role, given that the concept of ‘all else equal’ didn’t apply to me at the time.

Everything was different.

Surprisingly, as months went by, I found it was not really the case from a living perspective, but what did stand out for me was my second-line role here in Australia compared to South Africa.

Given this, I thought I’d share some observations and use this as a sounding board to encourage the actuarial community to look beyond traditional areas of actuarial work, because the world really needs us.

Evolution of the Risk Functions

As actuaries, we understand proportionality, dedicate more resources and time to that which matters most. While financial risks are still the largest risks at any insurer (from a capital allocation perspective), you would find second-line risk functions skewed predominantly towards non-financial risks.

One reason could be the challenge that comes with quantifying and understanding the financial implications of these risks. Another reason could be the fact that first-line has to manage financial risk well, as this is the bread and butter of the company, so less emphasis is placed on finding the right expertise for second-line oversight.

From my short time in the market, I’ve noted the risk world evolution being largely driven by post-Royal Commission and the need for many insurers to bump up their risk and compliance areas after some hefty fines.

While the intentions are good, the question that seems unanswered is the skillset needed to effectively manage risk in a second-line capacity, and is the Australian market overlooking the actuarial skillset when re-defining their risk and compliance divisions?

In South Africa, many Chief Risk Officers of insurance companies are actuaries, and risk teams include numerous actuaries focusing of core fundamentals of risk versus return, which support business planning and wider economic management frameworks. That said, critical elements, like conduct, cyber and reputational risk, were always topics high on the agenda at any risk committee meeting.

A second-line castaway

My experience as an actuary in second-line has felt somewhat isolating, given the strong audit and compliance flavour that gets embodied into a risk function. It makes you wonder who you really are sometimes.

Two key elements that one should be aware of; A second-line risk function does not need to operate like a compliance function, and secondly it should not operate like a second line audit function, because that should be left to third-line. While an organization’s size may dictate how these functions behave, one should not lose sight of its true purpose.

There are a number of factors that influence how second-line risk functions are going to evolve in Australia in the coming years, the biggest being the regulator and the abundance of risk and control requirements set on insurers post-Royal Commission. That’s great news for anyone in second-line, as this means the push for a culture shift we’ve been waiting for all these years to ensure first-line awakens to the risk awareness that may have been lacking in the past.

Another factor that has a big influence is the CRO’s view and what they believe good risk management looks like. Without appropriate leadership, this could result in a risk function being swamped by internal auditors, or lawyers or a combination of diverse backgrounds all claiming that they understand risk.

But do they really understand risk in its true sense, or do they just understand how to implement processes and frameworks to manage a risk that they don’t really understand? Where the objective is to get third-line off their back instead of challenging the underlying root causes or assisting the business from a commercial sense. Or maybe the regulator prefers it to be a tick the box function. A risk function with no soul.

Moving into non-traditional areas

So, going back to my point of why the world needs us, or specifically the risk functions within insurers, is because actuaries understand risk. To completely fulfill the actuarial control cycle in a company, actuaries should be deployed in all (not just traditional) areas of an insurer. That’s a fundamental difference I’ve seen amongst actuaries in the Australian market – it’s somewhat black and white.  

As actuaries, we have a skillset that can be used in many non-traditional areas of business. While data analytics or other actuarial fields may be the more appealing option, risk functions could also do with more actuaries. While most actuaries would generally focus on financial and insurance risks, non-financial risks can be even more rewarding once you overlay the challenges of modelling.

And this is where the value-add begins – applying an actuarial skillset to data or processes that have never been considered before, challenging status quo on how we manage non-financial risks. We’ve seen it with the COVID-19 modelling and assessment impacts globally, so this just validates the case for actuaries to move into non-traditional areas.

Multiskilling never hurt anyone, so I encourage you to try something different.

CPD: Actuaries Institute Members can claim two CPD points for every hour of reading articles on Actuaries Digital.