How can insurers withstand and recover from disruption?
Over the last few years the sector has seen more cyber attacks and firms are increasingly reliant on technology and automation. To respond, financial sector regulators are bringing their focus on operational resilience up to that of financial resilience. This new regime is currently in consultation and will look at firms’ ability to withstand and recover from disruption.
Today’s business continuity plans are typically siloed by function. Risk management focusses on identifying potential threats, and reducing their likelihood and impact. Both of these are important, but the new operational resilience requirements are likely to be more demanding:
Successful implementation of this new regime will require firms to set a clear operational resilience vision and strategy, and will need clarity of planning and reporting. Achieving regulatory compliance in the future will be obligatory, but firms should exploit the business advantages that a strong operational resilience can bring.
Most firms work in a complex ecosystem with reinsurers, primary carriers, capital providers, third party administrators and technology providers, branches and offshore subsidiaries, brokers and distribution partners. As with conduct regulation, regulated entities will be responsible for their end to end operational resilience, no matter who performs the activity. This will require more joining up through the value chain on aspects such as:
Getting this right for your firm may mean considering a different operating model approach, including consolidating third party activities with fewer, more resilient partners or reconsidering which activities you can reliably outsource. operational resilience brings with it the impetus to eliminate those problem areas in your value chain and strengthen your firm for the longer term.
The banking sector is ahead of insurance in preparing for this new regime and there are already some key learnings insurance firms can benefit from. Although a standard approach to the topic is still emerging, we are seeing some common implementation challenges. It is crucial to define a good business service architecture, and using a pilot approach by business service helps to refine the development of a holistic operational resilience regime. The ultimate goal is to ensure that a resilient approach to operations becomes part of your organisational (DNA).
Each firm is different and will have a unique starting point. To ensure a powerful implementation, and to get prepared for the start of this new regime, the first key step is to perform a high level framework assessment. This will look at your current business continuity, recovery and risk regimes and compare those to the principles of the operational resilience regulation. From here, you will have a much clearer perspective on which elements of your organisation and operating model you will need to learn more about the next steps you can take, get in touch with us.
Lulu O’Leary, Partner, Insurance Operations, KPMG in the UK
David Miller, Partner, Insurance Risk and Regulation, KPMG in the UK
© 2021 KPMG LLP a UK limited liability partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organisation please visit https://home.kpmg/governance.