On 28 June 2017, the Central Bank published a “Dear CRO” Letter (the “Letter”) which addressed Operational Risk Management (“ORM”). In addition, the Central Bank published a complementary article entitled “Spotlight on Operational Risk Management” (the “Article”) in its Insurance Quarterly Newsletter for June 2017.
The Letter and the Article were published following a number of recent on-site inspections performed by the Central Bank across a number of high-impact insurance undertakings in the life and non-life sectors, focusing on the area of ORM during 2016 and the beginning of 2017. The main purpose of the Central Bank’s inspections was to assess the design, implementation and operating effectiveness of the ORM frameworks, as a sub-set of the overall Risk Management Framework (“RMF”).
From these inspections, the Central Bank concluded that insurers are at different stages of maturity, both in terms of design and embeddedness of their RMFs. In particular, the Central Bank noted the slow pace of progression with respect to identifying, measuring and monitoring non-financial risk, and in some instances these activities have not been integrated with the overall RMF. The Article notes that while ORM can fail for many reasons, failure is often due to inadequate governance and oversight and/or lack of embeddedness of appropriate risk practices and risk culture in the front line of the insurer’s business.
The Article observes that ORM is still considered the “poor cousin” to financial risk management in some instances. The Letter similarly stresses that non-financial/operational risks, which have the potential to impact significantly on an insurer’s finances or reputation, should be afforded similar levels of attention and discussion as the more “traditional financial risks” of insurance.
The Letter recognises that there have been some areas of improvement, noting that some insurers have made significant progress in developing and embedding the overall RMF over the past few years.
Helpfully, Appendix 1 to the Letter sets out a non-exhaustive list of good and poor practices observed in different areas of review during the Central Bank inspections. According to the Central Bank, these practices are shared with the CROs in the hope of improving the consistency of implementation of the requirements of Solvency II, Pillar II. The areas of review are as follows:
- Governance structure
- Risk identification
- Risk measurement
- Risk reporting and monitoring
- Disclosure/Lessons learned
- Other Observations
Contributed by Niall Campbell
Follow us @WilliamFryLaw