Tom Hughes, the chief risk officer (CRO) of UK household appliances insurer Domestic & General (D&G), has been highly commended in InsuranceERM's CRO of the year award category for his multiple achievements.

The first key achievement is that Hughes took executive ownership of D&G's complaints and quality assurance functions in the last year. This involved bringing in external experts, as well as making internal promotions, to shape the strategy.

D&G has created two teams dealing with complaints under the leadership of Hughes.

He tells InsuranceERM: "Through our early resolution team, we focus on talking to customers at the earliest opportunity to understand their issues and try to put things right as soon as possible.

"We then have a separate team focusing on more complex complaints, which require additional investigation. The teams work together in an agile and complementary way for the benefit of our customers."

By improving the customers' complaints process, Hughes and the insurance team can better resolve client issues and have reduced the number of outstanding complaints.

An important aspect of Hughes's work has been steering D&G's cyber risk and information security strategy, working extensively with the technology, data privacy, and information security functions. In addition, he has executive accountability for the data protection officer function.

Given his multiple roles and responsibilities, Hughes insists his team also deserves great credit and should be recognised.

"You can't be successful in a broad role where you're responsible for multiple functions unless you've got a really great team working for you.

"I'm fortunate that we've got some fantastic people across the different functions I'm responsible for. They're very good at flagging to me if there's anything they're concerned about, which helps me to be successful in my role."

Under Hughes's leadership, his team has grown ten-fold and Hughes empowers his colleagues by actively supporting their diverse individual strengths and abilities.

Hughes has also fully embraced the emergence of hybrid working and proactively sought talent from a wider pool than was typically available for a London-based insurer before Covid-19.

"Being open minded attracts a more diverse range of candidates, whereas if you only want people to be in the office five days a week in London, you're just not going to attract the top talent."

D&G started with a team of around 20 people within risk and compliance, but this has now grown to 200 and includes those working in data privacy, quality assurance and complaints.

Hughes has no plans to increase the team for now, but will instead focus on retaining talent, motivating the team and developing people. For example, by supporting colleagues through professional qualifications and mentoring, together with further learning.

Climate change and cyber risk will continue to be key focuses for Hughes. He says: "As a CRO, you really have to upscale your own knowledge and make sure you have that technical understanding in terms of how [cyber] attacks could happen, what the different controls you need to have in place and what your response plan would be."

Hughes's first role in insurance came in 2009 when he joined RSA's finance team. He then moved to Axa in 2011 taking on a number of senior positions, before joining D&G in 2018.

The insurance sector attracts him for several reasons. "It makes a positive difference to people's lives. You are there for people when the worst happens. It really helps to give people that buffer, to help protect them and safeguard their future. It is a powerful sector to be part of.

"Insurance is also a highly commercial sector with a broad range of products and routes to market, and an increasing amount of innovation for the benefit of customers."

Hughes has spent around eight years in risk and compliance and says the role of the CRO and the risk function have evolved over time.

"Risk has become more embedded in commercial decision-making. When I started out, in some firms, there was a view that maybe risk was there to do the risk mapping and fulfil certain regulatory requirements at arms-length from the core business functions.

"The risk function is now seen as an integrated key business partner to help advise the business and enable the business to make great decisions, which reflect the needs of all stakeholders. It has become very strategic and forward-looking, which makes the role more exciting. It means you are at the heart of key discussions around setting strategy, designing new products, projects and ideas."