InsuranceERM Annual Awards 2024 - UK & Europe

Benefit from an integrated assurance platform

Jeff Robinson, a partner at Decision Focus, discusses the software vendor's key achievements over the past year, its integrated assurance approach, and how it can help insurers build operational resilience.

Is Decision Focus working on any new technology innovations for the insurance market in 2024?

Jeff RobinsonDecision Focus is proud to have launched a new module, which is the Enterprise Compliance Engine, to help compliance officers sleep at night! This solution is particularly effective at mitigating the risks associated with growing regulatory developments. Being confident you have identified the critical regulatory obligations and then demonstrating compliance against them across the business is far from easy.

Then there is the time-consuming job of monitoring regulatory change and managing the impact of those changes. Without an effective strategy in place, you face the threat of non-compliance, regulatory fines and reputational damage.

The Decision Focus Enterprise Compliance Engine (ECE) allows compliance teams to manage proactively compliance strategies and deal with regulatory change in real time. The ECE allows for ease of 1) identifying drivers; 2) managing compliance and 3) monitoring and managing change. We have partnered with a content provider who uses AI to cut through and prioritise compliance topics to support the ease of regulatory digestion!

Broadly speaking, what are the main operational risks currently facing insurers? How far have insurers progressed on their operational resilience journeys?

Insurers today face a myriad of operational risks stemming from multiple sources including technological advancements (for example AI), continued regulatory changes e.g. DORA, cyber threats and geopolitical uncertainties.

These risks continue to impact on ongoing operations and business continuity, financial stability and operational resilience. The journey towards embedding operational resilience is ongoing, where insurers are operationalising their frameworks further into the business.

Progress has been made by insurers to establish relevant operational resilience frameworks; we see a number of insurers who are working to embed their process within the business and to integrate with other assurance frameworks e.g. ERM.

How can Decision Focus help insurers build a holistic operational resilience framework? What expertise and capabilities can Decision Focus offer?

Operational resilience connects to other areas of assurance such as TPRM and ERM. Where suppliers are a key resource supporting important business services, information and analysis captured via an insurer TPRM process should be used seamlessly to better equip a company's operational resilience.

Furthermore, operational resilience draws from ERM frameworks whereby risk incidents and key risk indicators provide relevant information again about important business services. Using the Decision Focus platform, which is a key enabler of embedding governance within the business, the solution allows clients to tap into the source of the information either through ownership in the first line, or through the third-party suppliers themselves. This is a hugely efficient way of managing the process and joining up all the dots.

Why is third-party risk rising up the agenda for insurers? How can insurers best tackle third-party risk?

With the FCA's lens on operational resilience and forthcoming DORA requirements coming on stream early in 2025, third-party risk has become increasingly prominent on insurers' agenda. The TPRM set up in Decision Focus has four main areas – centralisation of all suppliers in one single source, due diligence of all suppliers, contract management and monitoring of performance.

How do you expect operational risk to evolve for insurers in the next 3-5 years? Will new operational risks emerge and how is it best to mitigate these?

There continues to be growing themes including cyber risk, growing global regulatory developments and AI. In relation to AI, we see a growing interest in using the concept of Model Risk Management to provide an overarching framework to mitigate this risk.

Given AI is essentially operating as a form of model, akin to Model Risk Management for insurers, validation of methodologies and data used by AI help to mitigate risks associated with using AI.

Regulators have provided effective frameworks for Model Risk Management, which can be leveraged as a means to be managing risks associated with AI. We see the recently launched Enterprise Compliance Engine as a key mitigant to the risk of global regulatory developments. This streamlines and automates the tracking of regulatory change, whilst connecting it to the wider ERM framework.