Developing risk management capabilities, whether in response to new regulation or management strategy, is often an expensive and resource-intensive process. So the last thing insurers want is to discover when they are done is that circumstances have changed and what they have built is less useful or even obsolete, or that with more foresight they could have addressed wider business issues within much the same budget. To avoid this outcome, KPMG helps insurance companies take a ‘no regrets’ approach to developing risk management capabilities.
“We want to help our clients avoid building a capability just for one specific reason, for example because the regulators call for it. Instead, we help them make sure that whatever capability they build, they do it in such a way that it adds value to the business so they have no regrets if there are changes in the original circumstances in the future,” says Carl Groth, a managing director in KPMG's actuarial and insurance risk practice, who is based in New York.
KPMG is able to help major firms with some of their largest risk management projects globally because of its own global presence. Its insurance risk advisory practice is based on a consistency of approach worldwide, cross-pollination of ideas and strategies from one region to another and the flexibility to engage with clients at any scale, from multi-region projects to specialised local services, Groth says. This is exemplified by recent assignments such as the development of a group risk appetite statement and capital allocation methodology for a large US-based global property and casualty (P&C) company, the development of an enterprise risk management programme for a US life and retirement services subsidiary of a global parent, and a group-wide operational risk management project for a major Italian P&C and life insurer.
During the past year, KPMG has also continued to grow and refine its practice portfolio with the addition of a number of new services, each of which incorporates a specific project approach, delivery methodology and deliverable format. This includes risk data visualisation, vendor risk management, roles-based risk training programmes, risk data aggregation, compliance risk assessment, project risk management and e-commerce risk management.
Some of these services are being brought into play as KPMG responds to insurers that may already have relatively advanced implementations of enterprise risk frameworks, but who discover on review that they have pockets of risk where their response is behind current industry best practice or insufficiently integrated into their overall framework. “Companies have focused a lot of resources on their major risks, such as natural catastrophe in general insurance or market and credit risk in life, but other risks have received less attention,” Groth says.
Operational risk is one such area. While an insurance company may have a broad op risk management programme in place, certain risk subsets, such as vendor or project risk, may not be adequately covered. Cyber security is another example, and one that is made more problematic by the fact the threat is not only growing, but its nature is continually evolving. As a consequence, it requires highly specialised expertise to address this. A strength of KPMG is the firm’s depth and breadth of knowledge and skills across the organisation, which its insurance advisory team can draw on to enable the firm to respond to clients on such issues.
“We have a cyber risk practice within KPMG that is industry agnostic and we have created a bridge between them and our insurance risk advisory practice. This is a good example of how quickly we can team up with experts elsewhere in our organisation to create a new service to meet the needs of our insurance clients,” says Groth. As a result, KPMG was recently able to undertake an engagement with Europe-based global multi-line insurance company for a cyber security risk assessment, evaluating the threat within a three lines of defence risk governance framework.
We help make sure that whatever capability they build, they do it so they have no regrets
The week in Risk.net, May 19-25 2017Receive this by email