ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2433 All Rights Reserved © 2016 IJARCET
A Study of Operational Risks in Insurance Business
Ravi Shankar Jha
Abstract
Operational risk management in the insurance
business has gained significant momentum in
recent years, mostly due to changing
regulatory and rating agency capital
requirements. The New Basel Capital Accord
(NBCA), known as Basel III, which has been
endorsed into insurers’ Solvency II establishes
that a bank (or insurance company) should
develop a framework for managing
operational risk and evaluate the adequacy of
capital on this framework.Several studies have
been conducted across the globe and
quantitative models have been proposed to
manage the operational risks that a global
insurer typically faces in due course of its
business.
It has been identified across various studies
that there is no single unified understanding
pertinent to operational risk among insurance
carriers. The problem lies more about
definitions and the current approach to
combat operational risk aims to serve the
regulatory and capital requirements rather
than support the growth of the business in
long run.
Also, certain studies reveals that there are
many risks which are operational in nature
but difficult to correlate them under specific
category. The study also found a clear
distinction between strategic and operational
risk but difficult to decouple it at either
regulatory or organization level.
Across several studies it was found that
operational risk causes are due to internal
factors, strategic risk causes are due to
external factors. Since the action of humans
(or human behaviour and organizational
culture) plays a vital role in the level of
operational risk an insurer holds, both the
strategic risk and operational risk are not
quantifiable in the same sense as we see in
financial risks. The study will make an effort to
identify the success mantra of operational risk
management depends on how quickly the
firm identifies the underlying cause of the
problems (e.g., Underwriting risk or
managerial incompetence) and addressesit
appropriately
Keeping in view above points, firstly, this
study is an attempt to identify list of
operational risks in Insurance Business based
on its nature, frequency and severity.
Secondly, identify the leading operational
risks (among the list of identified operational
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2434 All Rights Reserved © 2016 IJARCET
risks) based on survey response, Industry
record and recommendations from Industry
Principals. Thirdly, the study will identify
critical levers/drivers associated with
operational risk management in Insurance
Business. Lastly, this study offers
recommendation and benefits in terms of role
of technology and Internal and external
process drivers/levers in managing and
mitigating operational risks in Insurance
Business
Key Words: Insurance, Operation risk, Technology, Process, Regulatory Compliance, Claim, Social
Media, Big Data, Basel, Solvency, Product, Business, Server etc.
Introduction
The primary objective of most business
organization is to generate profit. The profit is
effectively the returns to the owners of the
business for undertaking the operating
activities of the firm, from which they bear
operational risk in the process. In a nutshell,
operational risk is loss resulting from failed
operational activities due to firm’s productive
inputs (capital and labour), to the process of
the productions of output goods and Service.
Most or perhaps all regulatory frameworks
across financial and non-financial domain
defines operational risk as a risk of loss
resulting either from inadequate or failed
processes or people and system or from
external events or mixed of all.
In Basel III, the common industry definition of
operational risk is:
“The risk of direct or indirect loss resulting
from inadequate or failed internal processes,
people and systems or from external events”
Significance of operation risk management in Insurance Business
Operational risk management provides significance values to Insurance business in following ways:
Reduce the risk of operational failure
by improvising internal processes,
systems or human capital
Increase the probability of meeting
strategic business objectives and
profitability in short and long run
Optimizing operational risk exposure
from internal and external
environment and reduce financial
uncertainty
Facilitate in making not only prudent
investment decisions but also helps in
business expansion and retaining
existing customers
Help in estimate the demand of
capital required based on exposure
level
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2435 All Rights Reserved © 2016 IJARCET
Streamline the business processes to
drive performance and quality at
reduced cost base
Help organization in holistic growth
and enable to achieve strategic
objectives
Background, Motivation and Objective
Background
In recent times, Operational risk has received
considerable attention in Insurance and
Banking due to increase in complexity of
business execution owing to reduced product
development time, Technology upgrade,
changing market and customer needs, agile
regulatory requirements and many more.
Capital adequacy regulations (e.g., Basel III
and Solvency II, including those of a similar
nature) require appropriate capital charge for
operational risk. Financial Industries have
been spending considerable time and effort to
collect operational risk data and establish a
predictable model to subside or mitigate few
yet not all operational risk faced in course of
business. However, in Insurance companies
despite Solvency II (Capital adequacy
framework) in place but most of the insurer
pay very less attention towards managing
operational risks except for regulatory or
underwriting risk. The chief motive of this
study is to explore the characteristics of
operational risks from Insurance firms’
perspective to develop better insight of the
topic.
Motivation
Post globalization, various new factors were
introduced in insurance business from
operational aspects such as regulatory
changes, demographic profile, multi-language
support, cross currency translation and many
more. It is imperative for leading global
insurance carrier to have sustainable and
robust operational risk management
framework in place to handle current and
upcoming challenges and manage them
effectively.
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2436 All Rights Reserved © 2016 IJARCET
Objective The primary focus in this study is to examine the holistic impact of Operational risksto anInsurer:
Identify list of leading operational risk
in Insurance Business
Study the impact of operational risk
on Insurance companies business
Identify top trending operational risks
based on its nature, frequency and
severity
Identify critical levers/drivers leading
to operational risks in Insurance
Business
Recommend approach to
manage/mitigate top
trendingoperational risks using
identified levers
Literature Review There is limited evidence of consistent and
complete understanding of operational risk in
insurance. In contrast, the idea of operational
risk in non-financial sectors such as airlines,
energy, IT and the manufacturing industry is
established and adequately enumerated in
various literatures.
The academic discussion on operational risk in
insurance is recent and imprecise. Cummins
et al. (2006) revealed that there remain a few
studies that focus on the financial sector,
specifically, banking and insurance. Most
research works on risk management have
concentrated on the financial perspective of
riskwhere the purpose of risk management
was argued to reduce the probability of costly
lower-tail (i.e., low frequency and high loss
events) outcomes (Stulz, 1996).However, the
operational risk associated with the execution
of firms’ investment strategies was
inadequately researched in the literature
about risk management.
A number of studies for example, Jobst (2007)
and Flores et al. (2006) have discussed several
statistical techniques for operational risk
measurement and subsequent regulatory
requirements.Various literatures have also
identified leading operational risks faced by
large and medium size enterprises.
Measurement issues with Operational Risk
It is evident that the measurement
methodology for operational risk in Insurance
Business follows what has been adopted in
the banking sector under Basel II capital
requirements. Three different approaches of
increasing sophistication (basic indicator,
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2437 All Rights Reserved © 2016 IJARCET
standardized, and advanced measurement)
have been suggested under Pillar 1 of Basel II.
The basic indicator approach, which is less risk
sensitive, utilizes one indicator of operational
risk for a bank’s total activity. The
standardized approach specifies different
indicators for different business lines. The
advanced measurement approach, which is
most risk sensitive, requires banks to utilize
their internal loss data in the estimation of
required capital for operational risk. Most of
the Insurers are using mixed approach
covering standardized and advanced
management approach. A number of
researchers (Valle and Giudici, 2008; Bilotta
and Giudici, 2004; Chavez-Demoulin et al.,
2006) have used several statistical techniques,
such as actuarial, casual, and Bayesian, to
calculate operational risk capital by utilising
internal models but the adequacy, accuracy
and consistency of data remains an inherent
problem towards the accurate measurement
of operational risk.
Research Design
Operational risks assessment is generally
analysed at a granular level than at a total
level. This occurs because organizations have
a multitude of operational activities which
involve different kinds of processes and
resources giving rise to different types of
operational risks.
A mixed technique has been used for the
purpose of this study. Survey with an online
questionnaire was administered on sizable
participants from Service providers,
integrator, third party solution providers and
insurers (including Life and non-life).
Approximately sixty-four percent of the
participants were based in the US and
remaining were based in Asia Pacific region.
First phase of the survey was conducted with
an intent to identify the trending operational
risks in Insurance Business.
Format
Initial online and paper based MCQ (Multiple
Choice Question) Survey was conducted to
rank the operational risks in Insurance
business based on nature, impact and
frequency.
Qualitative analysis will be performed to
identify the feasibility and viability of
Technology as a tool to help in operational
risks identification, assessment, reporting and
monitoring.
Online Survey was administrated by survey
portal. The survey was directed via paper
based and email methods to conduct the
online survey.
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2438 All Rights Reserved © 2016 IJARCET
Participants
For the survey, intended audience were
mainly targeted from the following groups:
1. Insurance Policy Holders
2. Insurance Companies Senior
executives
3. Service providers
4. Regulatory Authority.
Profiles of the target audience chiefly included
personnel with the designations of
Consultant, Senior Consultant, Lead
Consultant, Principal Consultant, Senior
Underwriter, Customer Service Executive,
Technology Architect and Risk manager. These
people were chosen because they held key
positions with substantial responsibility and
had an understanding of risk in the Insurance
Business Model.
The sample size for the questionnaire was
around 150with the combined online and
offline distribution channel.
Second Phase
In second phase of survey, questionnaire was
designed in a fashion (based in consultation
with Industry expert and principals) to capture
the cause, impact and current strategy in
place to combat the top 5 operational risks.
The operational risks were then mapped to
the operational levers in a way to designate
the impact of the levers upon the particular
operational risk.Upon researching in terms of
major cause of operation risk in Insurance
business especially covering Underwriting,
Internal and External fraud,
Regulatory/Compliance and Business
disruption and system failure and post
discussion with Industry principals, four key
driving levers are identified which will help
insurers to manage/mitigate its operational
risks.
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2439 All Rights Reserved © 2016 IJARCET
Fig.1.0
Second phase of the survey was conducted
with an intent to determine the cause, impact
to the business’ top line, current strategies
and challenges associated with the top
trending operational risks from insurer and
other stakeholders such as Broker, TPA etc.
perspective. This analysis also helped in
ascertaining the key drivers/levers leading to
those top trending operational risks.
While the participants and their profile was
more or less the same for this phase of
research, the sample size targeted for this
questionnaire was around 80 mostly aiming
the highly skilled and experienced folks.
Results:
Representation of First Phase Survey outcomes as follows
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2440 All Rights Reserved © 2016 IJARCET
Fig 2.0
A summary of trending operational risks in
insurance business based on nature,
impact/severity and frequency based on
outcome of first phase survey is described in
the Fig. 2.0 and details of each operational
risk is available in Table I under appendix
section
The entire process of ranking operational
risksis based on the nature, frequency and
severity in the Organization and across
Insurance Industry at large. As majority of
respondents are from Insurance industry as
they were well versed with range of
operational risks and
relevant details. Therefore, the response
administrated through offline and online
mode reveals that regulatory/compliance risk
is perceived as major risk and deemed Rank 1
by majority of respondent and subsequently
same for Rank 2, 3 and others.
Top trending operational risks as follows:
Regulatory/Compliance risk
Internal and External fraud
Underwriting risk
Business disruption and system failure
Client, Product and Business Practices
failure
Details of Survey outcomes for above risks as follows
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2441 All Rights Reserved © 2016 IJARCET
Regulatory Compliance Risk
Insurers always have to adhere to many
stringent and changing compliance
requirements like Solvency II in Europe and
National Association of Insurance
Commissioner’s (NAIC) Solvency
Modernization Initiative (SMI) in the US. Any
such compliance failures in insurance
processes are quick to get the attention of
media and consumers. Companies have to
keep up with new regulatory requirements as
well as live up to stakeholder expectations
and in doing so are faced with a challenge to
maintain performance objectives, sustain
value and brand reputation.Frequent
regulatory changes is the main worry in the
industry, failure to which can lead to penalty,
reputational risk and loss of market share.
Majority of Insurers firmly believe that a
dedicated department for keeping a close
watch on regulations/compliance change will
help Insurers to excel in combating regulatory
risks.
Internal and External Fraud
Insurance fraud can be an external fraud
(fraud against insurer by policyholder and/or
other parties in the purchase and/or
execution of an insurance product),
Intermediary fraud (fraud by intermediaries
against insurer and/or policyholders) or
internal fraud (fraud against insurer by
employee on his/her own volition or in
collusion with parties that are internal or
external to insurer).
Fraudulent activities have been anticipated to
have a 7% to 10% impact on organization’s
top and bottom line and an impression that
sharing information with other Insurance
carriers will solve majority of fraud risks in an
organizations by leveraging technology and
processes.
Underwriting Risk
Underwriting risk generally refers to the risk
of loss due to underwriting activity in the
insurance industry. Underwriting risk can
either arise from an inaccurate assessment of
the risks entailed in writing an insurance
policy, or from factors wholly out of the
underwriter's control such as fraudulent
activities and misrepresentations thus
increasing the costs for the insurer. The long-
term profitability of an insurer is directly
proportional to its mitigation of underwriting
risks. Underwriting risk is expected to have a
2% to 5% impact on organization’s top line
and animpression that user training (people
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2442 All Rights Reserved © 2016 IJARCET
and organization culture) will solve majority of underwriting losses in an organization.
Business disruption and system failure risk
The rise in disruptive natural catastrophes has
led to growth in business disruption and
interruption thus increasing this risk
probability. Some of the examples are natural
disasters, accidents and theft which can lead
to lost revenue and legal liabilities. It also
includes hardware, software, telecom, utility
outage etc.Business disruptions and system
failure is one of the most feared risk in the
industry owing to an absolute halting of the
business processes. The strategy to combat
this risk would be tosplit with various de-
risking options available at market place.
Client, Product and Business Practices failure
This category includes suitability and fiduciary
issues, inappropriate business or market
practices and product quality. Some examples
are lender liability, market manipulation,
money laundering, unlicensed activities,
product defects, improper trading on firm's
account etc.
These consequences arising from negligent
practices generally lead companies to face
lawsuits. The outcome of the survey shows
that non-unified processes and systems is the
primary cause of such failures.
Driving Levers of Operational risk
Key Levers which drive Insurers to achieve
Operational excellence in terms of being
effective and efficient are broadly classified
under four categories (People and
Organization culture, Technology, Internal
and External Processes and Business and IT
Alignment).Fig 3.0 depicts the dependence of
the top 5 operational risks on the identified
levers based on the responses of the survey
participants.
Distribution of Driving Levers across leading Operational risks in Insurance Business
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2443 All Rights Reserved © 2016 IJARCET
Fig. 3.0
Recommendations/Conclusions
Recommendation phase will cover four
leading operational risks in terms of the two
prominent levers i.e. analyzing current
processes (internal and external) and
Technology (in terms of scalability and
manageability). Post the discussion, for each
of those operational risks, a certain set of
standard processes and technologies have
been outlined which possibly will help
Insurers to achieve operational excellence.
Recommendations were built based on
opinions from Industry SME, Insurance
Industry standards, market trends, changing
demographics and nature of Insurance
Business.
Underwriting Risk
Driver: Internal and External Processes
Underwriting processes and workflows can be
streamlined to help insurers lower their
operational costs (in terms of expense and
loss ratio) and optimize approval times. Those
carriers that take up streamlining are likely to
find themselves leading in their markets (cross
sell, upselling etc.) as they focus on changes
large and small and align themselves to do
business with them.
Few key areas in which Underwriting
processes can be streamlined to achieve
better underwriting function productivity as
follows:
UW Case Assignment and Management
Many insurers have improved turnaround and accuracy in the underwriting process by sorting cases according to attributes such as product type, face amount, underwriting class and riders. Cases can then be matched to underwriters based on skill level, product knowledge, face value and experience. Underwriting activities need to enable efficient risk assessment for
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2444 All Rights Reserved © 2016 IJARCET
a case and not hamper it.
Outsourcing Transferring underwriting activities to an outsourcer is an established way to streamline underwriting, as the outsourcer (who holds core competency in UW) can make the process more effective and efficient to reduce costs and improve margins. Outsourcing also transfers the need to adjust staffing as the number of applications ebbs and flows.
Governance and Control mechanism
Accountability is an integral pillar which needs to be reconsidered and increased compliance built in to the underwriting environment as processes and responsibilities evolve. Clear governance and well-defined controls are key components of designing and implementing streamlined processes and achieve higher levels of automation.
Roles and responsibilities Defining clear roles and responsibilities will help to ensure that underwriting talent is used effectively and efficiently. Experienced underwriters engaged on high-risk cases may become more pro-active in the sales process (building new product – Actuarial activity), shifting the focus of their activities to spend more time on rules development including automation and sales support as they spend less time on application assessment and case management.
Continuous Processes improvements
More interactions with the sales channels, including traditional and digital, may further influence underwriting processes.
New processes will need to be introduced for maintaining and updating system rules.
Processes need to establish to manage outsourcing relationships with third-party vendors
Automation of specific services
Translating most of the activities in self-service mode (no human intervention) would require very limited intervention from IT department. For example, the advent of Straight through processing (STP) for New Business Underwriting not only simplified the processes but also improved customer/user experience and accuracy
Refine/Establish Capability Benchmark and collaterals
Most of the Insurers will need to build or refine their capability benchmark associated with underwriting function spanning across product lines, business areas, potential feasibility, capability of players( inclusive of technical and functional) and future roadmap. Also, Insures need to build capability collateral based on feedbacks and learning from prior experience across various lines of business. An example of capability benchmark is described in Table 3.0 in the appendix
Driver: Technology
As Insurers take advantage of technology,
underwriters no longer have to engage in
mundane tasks, allowing them to become
more effective and efficient in handling more
accounts. New data and tools are available to
support underwriters in making faster, more
reliable, more consistent and better informed
risk decisions. In fact, many risk decisions
need not even involve underwriters. Optimal
use of information, technology, and
outsourcing can free underwriters from the
need to review all applications and allow
them to participate more actively in strategic
and sales activities.
Rules Based Decision making
Insurers making greater use of their rules-based systems are gaining efficiencies and expanding their product offerings to include the simplified-issue policies growing in popularity among consumers. Few example of Rule
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2445 All Rights Reserved © 2016 IJARCET
Base decision making systems (especially commercially off-the-shelf product (COTS) products are Oracle InsBridge, FirstBase underwriting rule engine etc.
Point-of-sale underwriting Point-of-sale and real-time underwriting has been deemed as disruptive evolution which can shorten the issuing time of a policy from months or weeks to just minutes. Products with direct distribution can be issued with a pre-defined set of questions through contact centers or online. A point-of-sale underwriting system that combines online data validation, real-time quotes, predictive analytics and other external data feeds can be used not only to forecast loss outcomes on an individual basis but also help in taking informed decisions. E.g. Apptical®’s underwriting-automation and life insurance sales-acquisition solutions provide simplified-issue customers with TRUE point-of-sale acquisition closure capability.
Data integrity and delivery The automated delivery of information and data from third parties eliminates the need for underwriters to search and wait for critical information. E.g. The OnBase Insurance Solution offers an MIB Integration which automatically creates an ACORD 401 message to request the MIB before the application is even sent to underwriting
Harness power of data analysis/excellence
Evolving predictive analytics may eliminate the need for intrusive procedures
such as blood tests and physical exams, which add costs, slow the sales and
underwriting processes, and deter consumers from buying life insurance. The
next generation of advanced analytics may go a step further and predict the
decision an underwriter would make by using more external information, such
as economic indicators, consumer marketing data and social media activity.
E.g. IBM predictive analytics utilizes advanced algorithms to process historical
data and to create models that help insurers make predictions about future
outcomes.
Internal and External Fraud
Driver: Internal and External Processes
SIU(Special Investigation Unit) Teams for Fraud response
Front-end fraud case investigation with a triage team : These triage
teams consist of experts from the domains such as hospital nurses,
coders, and call center representatives who make sure that the case
the SIU needs to investigate has all of the necessary data elements
and is ready for full investigation
Add statisticians to the SIU team : Insurers need resources that can:
1) understand requirements for fraud scoring of insurance cases 2)
work with fraud management vendors to internalize fraud
management knowledge in the organization and 3) update analytical
fraud risk scoring models so that they are always effective at cutting
fraud losses.
Encourage data sharing between SIUs of several business lines: Using
shared case management systems and tracking the same (or at least
the same subset of) case attributes are great first steps in this
direction.
Establish Standard Metrics To Measure Fraud Efforts
Avoided fraud losses as a percentage of total transaction dollars.
Insurers can augment their earnings by detecting and preventing
fraudulent cases and by tracking avoided fraud losses as a percentage
of total insurance revenue. One carrier reported that avoided fraud
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2446 All Rights Reserved © 2016 IJARCET
loss as a percentage of total insurance revenue is sometimes 20% to
25%.
False positive ratios in “outsorted” cases. When using analytics or
rule-based risk scoring tools, usually the risk scoring system identifies
(“outsorts”) potentially fraudulent transactions whose risk score is
above a certain risk-score threshold.
Balanced Scorecards for intake, output, and efficiency of SIU
performance: most North American insurers look at the three key
performance indicators (KPIs) of their SIU. On the intake side, they
track the total number of referred cases (cases identified as
potentially fraudulent), cases assigned (i.e., investigated in detail by
an analyst), and cases closed. On the outcome side, they track cases
that can be worked or are assigned, the sum of avoided fraud loss
dollars at various stages of the SIU process, and the total number of
positively identified and confirmed fraudulent cases.
In site checks GPS empowered data checks against entered data. E.g. If user filling
first notice of loss
Using data from Drones to check accident site in case of accident
insurance
Driver: Technology
Analytical Capabilities
Modern fraud detection tools help analysis of structured and
unstructured data to model and predict behavior. Analysis of
repeatable trends via social network also helps to identify fraud rings
Predictive analytics can be used to effectively allocate resources,
assign adjuster/units on expertise and/ workloads and enhance the
claims handling process based on claim attribute
Real time data analysis Real time data analysis at the time data is entered
Back/ forward movement of data and field changes can be tracked to
check consistency
Boost Fraud Intelligence
with Improved Data Quality
And Quantity
Improve data quality throughout the whole insurance value chain:
Successful carriers should ensure that they capture as much correct
and relevant data as possible during the whole insurance value chain
— without bothering the customer.
Build an integrated insurance contract and transactions data
warehouse: build out a data warehouse that contains a consolidated
view of all lines of business, products, and geographies. Finding
interlinked cases and transactions in an aggregated database is more
accurate and cheaper.
Use Mobile Apps To Help
Agents And Customers
Prevent Fraud
Allow agents and sales to review policies and improve data quality
right at the transaction time. One of the carriers is planning to roll out
an iPad-based mobile applications to its sales force helping in
assembling the paperwork interactively with the client, walk through
the entire policy during one visit, and capture quality data to the
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2447 All Rights Reserved © 2016 IJARCET
carrier’s contract database.
Mobile applications can check the coherence and validity of data in
claims filed by customers and can provide much more information for
the claim than traditional paper-based or desktop application-based
processes
Provide a mobile application for customers with context-sensitive
data. Providing a mobile claim- filing application to customers will
allow for better and faster claim servicing and fraud reduction as well.
For example, if the mobile device is context-aware and has a GPS, the
carrier can ask for GPS coordinates of the accident where the
customer takes claim pictures — which will reduce fraud for auto
body work before it even happens.
Fig 7.0 in the appendix provides a brief overview of the global technology spending in the fraud
management domain of insurance.
Regulatory/Compliance Risk Driver: Internal and External Processes
The effectiveness of compliance function will
play a key role in enhancing the capabilities of
insurers to elevate the policyholder
experience. The compliance risk includes both
the risk of new regulations or changes to
existing regulations. It also includes evasive
risk on non-compliance.
Structure and duties of
Regulatory/Compliance function: Most
compliance departmentsareused to work in
acheckbox approach to conduct most of the
business matters.Along with that, it is now
also conducting numerous reviews against a
broader set of law and regulations, and
expressing an opinion on how well it is
working.There are many regulators at
multiple levels that an insurance company
must report to perform
regulatory/compliance duties
State regulators – These regulators are in
each state where the insurance company
conducts its activities, with the regulator of
the ‘state of domicile’ holding the primary
supervisory role.
Federal regulators – The federal regulation is
comprised of Financial Industry Regulatory
Authority (FINRA) and the Securities and
Exchange Commission (SEC). The Federal
Reserve Board has also been added to the list
of regulators at the onset of the financial crisis
with the Dodd-Frank Act.
To make the matters more complex, the
regulatory examination approach also keeps
changing with time and in case of any
compliance failure, the burden of proof is
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2448 All Rights Reserved © 2016 IJARCET
always more heavily placed on insurance
companies. This necessitates the need to
refine the existing process to be compliant.
Key process areas need to be overhaul/improved in Compliance/Regulatory life cycle as follows:
Effective Communication
The compliance department stresses increasingly related to effective
communication with the board, and involve deeper interaction with business
units through the transmission of sufficient information or via well-defined
escalation processes.
Urgency of documentation An insurance company must be always ready to provide all needed data if an
insurance commissioner requests additional information on risks or how they
are mitigated e.g. NAIC has come up with a requirement to submit annual
reports of their Own Risk and Solvency Assessment (ORSA) for insurance
companies with more than $500 million in direct premium ($1 billion for
insurance groups).
Internal trainings Keeping in view that the demands in regulations are ever changing, there is an
ongoing need to increase the level of awareness of the compliance
environment among the employees though more trainings and sessions.
Compliance structure and
functions
The three key pillars of defense model are as follows –
The first line of defense in the model is the business unit, including front line
support units (such as operations). Businesses are expected to understand
their compliance risks and to take ownership and responsibility for mitigating
those risks.
The second line of defense is the necessity of a strong enterprise compliance
program. This program should have the responsibility to establish base
standards and policies for risk management activities including reporting,
escalation and remediation of issues. This program is also responsible for
aggregating the applicable risk across the enterprise and ensure senior
management and the board have the information required to provide
guidance and oversight.
The third line of defense is the internal audit function. Internal audit should be
responsible for providing the independent assurance to the audit committee
and the board on the design and operating effectiveness of the enterprise
compliance framework.
Governance and Oversight Dedicated and periodic reviews and audit should be conducted to improvise on
risk management methodologies, framework and policies. This should involve
relevant people across the organization including CXOs, compliance
department and representative from respective business units head. There
should be a constant effort to inculcate this culture into Organization DNA.
Reporting Structure and
responsibilities
Centralized enterprise compliance functions aggregate compliance reports into
a one stop report that is regularly shared with senior management and often
with the audit committee to ensure that compliance program is operating as
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2449 All Rights Reserved © 2016 IJARCET
intended. Enterprise compliance reporting should also provide information
about the status of the annual compliance plan.
Driver: Technology It has been observed that the more modern
the policy admin system that they're using,
the better they're in compliance. The ever
increasing levels of regulation and a greater
focus on data and reporting is forcing firms to
invest in regulatory technology solution (also
called Regulatory Technology). Firms must
embrace Regulation Technology solutions as
they will help them automate compliance
tasks and reduce operational risks associated
with meeting compliance and reporting
obligations.
Information technology can bring the same
benefits to the compliance function as it
already brings to most other areas of an
organization as follows:
Reduced costs and enhance margins
Streamlined reporting
Greater consistency in the execution
of the program
Insight to support sound business
decisions
Some of the key characteristics which a Regulatory Technology solution should possess are:
Regulatory Knowledge Management
The solution should involve a team of lawyers and paralegals to process and
push out regulatory changes to insurers and keep them up-to-date
Agility The solution should provide agility by removing cluttered and intertwined data
sets by de-coupling and organizing through ETL (Extract, Transfer Load) tools
and technologies
Speed The speed of delivery should be achieved by configuring Standard and Ad-hoc
Reports to be generated quickly on the fly
Integration The solution should have seamless integration of inbound and outbound
interfaces to get the solution up and running.
Analytics and big data Regulation Technology solution should use analytic tools to intelligently mine
existing “big data” data sets and unlock their true potential e.g. using the same
data for multiple purposes to cut out redundancy. The solution should make an
increased use of big data to streamline and reduce the costs of providing data
to regulators.
Visualization and robotics
tool
The development of features like online visualization and robotic advice tools
can deliver regulatory advice and guidance more cheaply, efficiently and
effectively.
Real time and system
embedded compliance/risk
evaluation tools
Risks can be evaluated more accurately by utilizing compliance and risk
technologies which also helps in improving operational efficiency and
effectiveness. E.g. new tools can be used for financial crime risk monitoring,
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2450 All Rights Reserved © 2016 IJARCET
anti-money laundering and customer profiling in trade surveillance.
Regulatory Technology for any insurance firm,
in short term, will help firms to automate the
more mundane/regular compliance tasks and
reduce operational risks associated with
meeting compliance and reporting obligations
and offer certain agility. In the long run, it will
empower compliance functions to make
informed risk choices based on power of data
tomanage/mitigate those risks.
Statistical details revels the trend of
continuous increase in regulatory pitfalls
across the globe. Also, emphasize the Insurers
to pay adequate attention to curb the
outgrowth of regulatory non-compliance. Fig
4.0 in the appendix provides details on the
global year on year, region wiserising costs on
regulatory non-compliance.
Business disruption and system failure
Research has demonstrated that firms which
experience disaster-induced business
disruption may experience long term
significant customer trust reduction, stock-
price decrease and equity risk increase. E.g.
Hurricane Sandy caused significant and wide-
ranging damage across the northeast coast of
the United States on October 28, which led to
the closure of the equities and options
markets on the very next day. In such events,
specific emphasis was given to firms’
implementation of their business continuity
plans (“BCPs”) and disaster recovery
procedures.
Driver: Internal and External Processes
Agencies like FINRA (Financial Industry
Regulatory Authority) promulgates insurance
companies to disclose their business
continuity plan. Firms should have a corporate
policy requiring each Business Unit to develop
a business continuity plan. Pursuant to this
policy, their Risk and Compliance department
should coordinate the development, testing
and maintenance of all Business Continuity
Plans. Each of the below areas should be
considered in the plan:
Proximity Firms should consider the possibility of widespread lack of
telecommunications, transportation, electricity, office space, fuel and water
in their BCPs. Consideration should be given to multiple, redundant services
and the proximity of vendors to the potential disaster area.
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2451 All Rights Reserved © 2016 IJARCET
Remote Access Firms should consider adequate staffing during crisis, enhancing the
capabilities of staff that work from home by identifying technology and
communications products and services that could increase efficiency.
Alternative location An alternative location (i.e., back-up data centers, back-up sites for
operations, remote locations, etc.) in close proximity to the primary site may
not protect the firm from the effects of a region wide event. Firms should
consider whether their primary site and alternative sites rely on the same
critical utility services, such as electricity, transportation and
telecommunications.
Accessibility of alternate
sites
Firms should consider the accessibility of alternative sites and the ability of
staff to travel to the site in the event of a transit shutdown or closure of
major roadways.
Staffing size Firms should consider the appropriate number of staff necessary at any
alternative site to perform critical activities, including risk functions, control
functions, finance and treasury activities, and ensure that adequate space is
available.
Telecommunications service
considerations
Firms should consider contracting with multiple telecommunications
carriers to provide a failover to a different carrier to maintain fax, voice
mail, and landline and VoIP services.
Communications with
customers and third parties
Firms should consider taking measures to ensure that their website has up-
to-date information about the firm’s operational status and general contact
information during a disruption event which will allow them to better
communicate and coordinate with regulators, exchanges, emergency
officials and other firms.
Communication with staff Firms should update emergency contact lists frequently so staff can be
contacted with firm updates. They should providefor critical staff to carry
multiple communications devices on multiple carriers
Continuous review and
testing
Firms should consider full staff BCP (Business Continuity Plan) tests to
evaluate whether all day-to-day functions, including trade processing can be
performed regardless of staff location. Firms should also consider
incorporating stress tests into their BCPs. Based on this analysis, firms may
be better prepared to adjust their position and be ready with combative
measures prior to an event.
Business continuity training Firms should provide adequate focus in conducting annual or more frequent
training on their BCPs to familiarize all personnel with the plan and their
critical pre-established roles.
Driver: Technology
Storage and Server virtualization
Virtualization helps substantially reduce the number of physical servers
required while increasing the utilization levels of remaining servers. Each
virtualized server can run its own full-fledged operating system, and each
server can be independently rebooted. Server virtualization benefits
include:
Optimal number of physical servers - Lower number of physical
servers can reduce hardware maintenance costs. However, careful
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2452 All Rights Reserved © 2016 IJARCET
planning needs to be done about distributing applications,
operating systems and data across the available server
infrastructure.
Augmented space utilization efficiency in data center -
Implementing a server consolidation strategy saves space in data
environment. This also gives a good opportunity to address the
issue of disaster recovery.
Subside impact on applications - By having each application within
its own "virtual server," we can prevent one application from
impacting another application when upgrades or changes are
made.
Virtual server build - standard virtual server can be built that can
be easily duplicated which will speed up server deployment.
Cloud disaster recovery Cloud-based disaster recovery services are accessible anywhere there is
access to networking infrastructures. With cloud disaster recovery,
replacement assets are always standing by, but we only pay for it when we
need it, and only for as long as we need it. Applications can be backed up
and running within a few hours, without having to select, order for and wait
for new equipment to be delivered to data storage environment.
Email continuity Email continuity applications must function without interruption during an
email server failover. This is essential to maintain end user productivity and
assure regulatory compliance. Email continuity solutions, such as Email
Management Services from Dell MessageOne, MailWise Rescue from
MailWise, or Ontrack Data Recovery services from Kroll Ontrack Inc.,
typically recover Exchange components at an alternate location.
Data Deduplication Data deduplication eliminates redundant data one of the unique way of
data compression. Duplicate blocks of data are replaced by a pointer which
may be retrieved for multiple file requests by maintaining an index for the
pointers. By reducing the amount of data that has to be protected, data
backup and recovery times can be shaved off.
Smart Device Accessibility In the context of such a connected future, Insurers need to assure that their
systems, sensors, devices, should be well connected.
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2453 All Rights Reserved © 2016 IJARCET
Benefits of managing operational risks in Insurance Business
Here are list of few benefits Insurance
Company can achieve through tightening its
operational risks in terms of streamlining
internal and external processes, managing
technical debts, Organization culture and
Business and IT alignment to curb operational
leakage and achieve efficiency and
effectiveness. Broadly benefits are
categorized in 6 areas including profit margin,
expense ratio, sustainability, operational
agility, unified processes and improve delivery
confidence. Details pertaining to each areas is
highlighted below:
Fig. 4.0
Summary of recommendations – Technology and Internal and
External Process Drivers Perspective
In this study, among four key drivers
(Technology, Internal/External Processes,
Business and IT Alignment and People and
Organization Culture) study selected two
drivers Technology, Internal/External
Processes. Selected drivers were explored
across four risks Regulatory/Compliance risks,
Business Disruption and system failure risks,
Underwriting risks and Internal and External
fraud and highlights key recommendations.
These recommendations will certainly help
Insures not only to manage the operational
risks but also help to improve their top line
and bottom line as well. Moreover, it is
equally important that how Insures align
these recommendations in their organization
context to make this happen effectively and
efficiently.
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2454 All Rights Reserved © 2016 IJARCET
Fig 5.0
Fig 6.0
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2455 All Rights Reserved © 2016 IJARCET
Appendix
1. Summary of leading operational risks in Insurance Business:
Risk Description
Regulatory compliance risk Insurers always have to adhere to many stringent and
changing compliance requirements like Solvency II in
Europe and National Association of Insurance
Commissioner’s (NAIC) Solvency Modernization
Initiative (SMI) in the US. Any such compliance failures
in insurance processes are quick to get the attention of
media and consumers. Some examples are regulations
like Foreign Account Tax Compliance Act (FATCA) and
Unclaimed Property Act (UPA), Anti Money Laundering
(AML) compliance etc.
Underwriting risk Underwriting risk generally refers to the risk of loss due
to underwriting activity in the insurance industry.
Underwriting risk can either arise from an inaccurate
assessment of the risks entailed in writing an insurance
policy, or from factors wholly out of the underwriter's
control. As a result, the policy may cost the insurer
much more than it has earned in premiums. The long-
term profitability of an underwriter is directly
proportional to its mitigation of underwriting risk.
Internal and External Fraud Insurance fraud encompasses a wide range of illicit
practices and illegal acts involving intentional
deception or misrepresentation. It can be Policy holder
and claims fraud (fraud against insurer by policyholder
and/or other parties in the purchase and/or execution
of an insurance product), Intermediary fraud (fraud by
intermediaries against insurer and/or policyholders) or
Internal fraud (fraud against insurer by employee on
his/her own volition or in collusion with parties that are
internal or external to insurer)
Client, Product and Business practices The conduct of a business towards its client and
products poses a high probable risk in the insurance
industry. This category includes suitability and fiduciary
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2456 All Rights Reserved © 2016 IJARCET
issues, inappropriate business or market practices and
product quality. Some examples are lender liability,
market manipulation, money laundering, improper
trading on firm's account etc.
Business disruption and system failure The rise in disruptive natural catastrophes has led to
growth in business disruption and interruption thus
increasing this risk probability. Some of the examples
are natural disasters, accidents and theft which can
lead to lost revenue, legal liabilities and big headaches.
It also includes hardware, software, telecom, utility
outage etc.
Technology and Infrastructure failure The failure in cyber or other information security
systems, as well as the occurrence of events
unanticipated in insurer’s disaster recovery systems
and business continuity planning can be a very critical
risk.
Obsolete technology stack The risk that a process, product or technology used by
an insurer for profit will become obsolete, and
therefore be no longer competitive in the marketplace.
E.g. few of the old technology stack may not allow
insurer to provide services through mobile applications.
Consumer data protection Insurers and intermediaries collect and use vast
amounts of personal data about their customers, and
some of them are very sensitive data. Any breach of
this this can have huge risk impact.
Lack of skilled man-power The risk posed by potential lack of manpower in niche
high-end skills in complex and highly-specialized areas
like risk management, credit evaluation, financial
engineering, actuaries and professionals proficient in
underwriting, claims and customer services.
Changing consumer demand The aging of the baby-boomer generation has serious
capital expense implications. Insurance companies
have enjoyed a long period during which the baby-
boomer, the first generation to purchase a range of
insurance on a large scale, prepared for retirement by
accumulating saving. Moreover, younger generations
are contributing less for their future retirement, as
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2457 All Rights Reserved © 2016 IJARCET
different product lines are delayed or deferred. As
consumer demand increases for shared services,
Insurer capture risk profiles and offer more customized
products to meet the demand.
Globalization Globalization has brought unprecedented benefits and
opportunities for insurers but it also poses the danger
that it creates any risk as pandemic e.g. financial risks
can quickly engulf everyone. This risk has to be handled
simultaneously while reaping the benefit of
globalization.
Table I
2. Indicative Example of Capability Benchmark as follows:
Domain(Life/P&C) Product Lines Business Areas
Potential feasibility
Capacity (Technical & Functional) of Players
Future Roadmap
Property and Casualty
Home/Auto
NB Self Service
H M M
Servicing Transactions
M H L
Renewal M H M
Portfolio monitoring
H L L
Table II
Capacity Definition
High (H) – Systematic Underwriting process by more than 30% players
Medium (M) - Systematic Underwriting process between 15 and 25 % players
Low (L) - Systematic Underwriting process less than 10% players
Future Roadmap
High (H) – doable in near future
Medium (M) – challenging but viable
Low (L) - Very challenging and high cost implications
3. Technology Spends:
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2458 All Rights Reserved © 2016 IJARCET
Statistical details highlighting the need for adequate focus on Fraud Management including Internal
and External. It further shows that the global fraud management systems spending will increase by
50% in 2016 and focus will be on big data based solutions.
Fig. 7.0
Source of above Data: CEB Report Enterprise Fraud Management
4. Rising costs due to non-compliance year on year
Source of below Data: THE RISING COSTS OF NON-COMPLIANCE: FROM THE END OF A CAREER TO
THE END OF A FIRM (https://risk.thomsonreuters.com/sites/default/files/GRC01700.pdf)
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2459 All Rights Reserved © 2016 IJARCET
Fig. 8.0
5. Technology Vs. Operational Risk Grid Summary
There are plethora of technologies such
as big-data, analytics, product
platform,cloud etc. which has the
capability to create significant impact
across operational risks e.g. implementing
a well defined and matured data analytics
solution will help reduce risks across all
the categories in various degrees. Such
technologies should be implemented with
higher priority to reduce overall operation
risks with less cost per risk mitigation. In a
nutshell, mapping of such
leading/emerging Technologies with
Underwriting, Internal and External fraud,
Regulatory/Complaince and Business
disruption and system failure operational
risks will certainly help Insurance
organization to manage/mitigate
operational losses. Below figure highlights
the impact of technologieson leading
operational risks:
Fig. 9.0
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2460 All Rights Reserved © 2016 IJARCET
References/Bibliography
[1]. Palmer, T. B. and Wiseman, R. M., 1999. Decoupling risk taking from income stream uncertainty: a holistic model of risk. Strategic Management Journal, 20(11), 1037-1062
[2]. Jensen, M. C. and Meckling, W. H., 1976. Theory of Firm: Managerial Behaviour, Agency Cost,
and Ownership Structure. Journal of Financial Economics, 15 (4), 305-360
[3]. Valle, L. D. and Giudici, P., 2008. A Bayesian approach to estimate the marginal loss distributions
in operational risk management. Computational Statistics & Data Analysis. 52(6), 3107-3127 [4]. Risk Measurement and Management of Operational Risk in Insurance Companies under Solvency
II - AFIR/ERM Colloquium 2012, Mexico City October 2nd, 2012 Nadine Gatzert and Andreas Kolb Friedrich-Alexander-University of Erlangen-Nuremberg
[5]. The growing role of the insurance compliance officer. http://blogs.reuters.com/financial-
regulatory-forum/2015/09/24/the-growing-role-of-the-insurance-compliance-officer/
[6]. FS Insights. Solvency II Moves Closer to Integrating Risk and Capital Management. Across the Insurance Industry. http://www.protiviti.co.in/en-US/Documents/Newsletters/FS-Insights/FS-Insights-V3-I9-Protiviti.pdf
[7]. Quantifying Operational Risk in General Insurance Companies. Academy Comments to NAIC on
Operational Risk
https://www.actuary.org/files/Capital_Adequacy_NAIC_OpRisk_Comments_010715.pdf
[8]. Structure and governance of the compliance function. How Smart, Connected Products Are
Transforming Companies. Harvard Business Review 2015-10-01 [Vol. 10 Issue. 10]
[9]. How Smart, Connected Products Are Transforming Companies. Harvard Business Review 2015-
10-01 [Vol. 10 Issue. 10]
[10]. BUSINESS CONTINUITY SOFTWARE REPORT 2013-14
http://www.cirmagazine.com/cir/reports/BCSoftwareReport2013-14.pdf
[11]. Risk Management in the Insurance Business Sector by Everis Inc. Sep 2009
[12]. Deloitte Risk Management Survey -
www2.deloitte.com/ng/en/pages/risk/articles/insurance_risk_survey.html
[13]. RISK DISCLOSURES IN THE P&C INDUSTRY -
http://www.stjohns.edu/sites/default/files/tcb/riskfactoranalysis_whitepaperfeb915.pdf
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2461 All Rights Reserved © 2016 IJARCET
[14]. Operational Risk Management – KPMG -
https://www.kpmg.com/lu/en/services/advisory/risk-
consulting/financialregulatoryreporting/documents/operational-risk.pdf
[15]. RegTech Is The New FinTech. How Agile Regulatory Technology Is Helping Firms Better
Understand and Manage Their
Risks.http://www2.deloitte.com/content/dam/Deloitte/ie/Documents/FinancialServices/ie-
regtech-pdf
[16]. The growing role of the insurance compliance officer. http://blogs.reuters.com/financial-
regulatory-forum/2015/09/24/the-growing-role-of-the-insurance-compliance-officer/
[17]. The Geneva Papers on Risk and Insurance - Issues and Practice.
http://www.ingentaconnect.com/content/pal/gene
[18]. Structure and governance of the compliance function.
http://www.ey.com/Publication/vwLUAssets/EY-compliance-seeks-a-path-to-regulatory-
readiness/$FILE/EY-compliance-seeks-a-path-to-regulatory-readiness.pdf
[19]. MetLife Business Continuity Plan Disclosure.
https://www.metlife.com/assets/investments/products/mutual-funds/MSIBUSCONTINUITY.pdf
[20]. Acharyya, M (2012). The scope of developing optimization models for insurer’s operational
riskfrom risk-return trade-off perspective. Society of Actuaries. www.soa.org/Files/Research/
Projects/The-Scope-of-Developing-Optimization-Models-for-Insurer-s-Operational-Riskfrom-
Risk-Return-Trade-Off-Perspective.pdf
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 5, Issue 10, October 2016
2462 All Rights Reserved © 2016 IJARCET
About Author
Mr. Ravi Shankar Jha currently works as Lead
Consultant with Infosys Limited. Prior to
Infosys, he had worked with Cognizant
Technology Limited. He has extensive
experience in Project Management, Package
Implementation and Consulting in global
delivery model. He holds Bachelor of
Engineering (B.E.) in Computer Science from
Central University, Bilaspur, Chhattisgarh and
Master of Business Administration (MBA)
from Indian Institute of Technology,
Kharagpur.