Five areas for insurance CROs to focus on during transformation

Chief risk officers (CROs) in the insurance sector have never had a more diverse or more urgent set of priorities on their plate than they do today. The job description goes far beyond protecting the enterprise from proliferating risks today and preparing for emerging threats tomorrow. CROs are increasingly involved with business and technology transformations designed to promote innovation and growth and will be on point to provide timely and insightful perspectives across a range of risk management and regulatory topics.

The results of the first annual EY/IIF survey of insurance CROs reveal the many dimensions of the position today and the many hats CROs must wear. Our study confirms specific areas where they can – and already – provide timely insights and guidance to the C-suite, the board and leaders on the front lines of the business. CROs are well-suited to this strategic role, given that they have one of the broadest, big-picture views of insurance companies.

Participating insurance companies were fairly diverse in terms of asset size, geographic reach and line of business (property and casualty, life, health, reinsurance and specialty). Regionally, those companies were headquartered in Asia-Pacific (18%), Europe (54%), Africa (6%) and North America (22%).

For CROs to contribute strategically, they must first establish a foundation of robust and effective risk management practices that protect the core assets of the business and the brand. Our survey findings illustrate the progress insurers have made on the journey to fully mature, high-performance risk management functions.

From our research, we have identified five strategic aspects of the CRO role in insurance today, reflecting key areas where they can help the organization identify risks accurately and proactively, manage them effectively and grow sustainably.

1. Focusing on the future: identifying emerging risks and devising strategies to stay ahead of them

Seeing around corners has always been part of CROs’ jobs, but never before have they had to consider such a wide variety of threats, each of which is massively complex and highly dynamic. Cyber, geopolitical, technology and climate risk – these emerging risks are all evolving rapidly and can pose severe threats to insurers on multiple fronts.

The intersections between these risk categories make CROs’ jobs that much harder. Consider how geopolitical risks have led to more cyber attacks and created more macroeconomic volatility. Similarly, the rising uptake of GenAI may lead to larger talent gaps, while also disrupting the workforce.

2. Engaging on technology transformation: supporting the digitization of the business for sustainable growth

CROs in insurance have long sought to overcome the common perception that they are innovation inhibitors. Our research participants made clear that they want to enable growth and innovation and engage – even lead – on the company’s most important transformation initiatives. From large-scale technology upgrades and extensive process automation to new product development and omni-channel customer engagement models, these transformation efforts touch every part of the organization, including front-office processes and back-office functions.

Engaged CROs can provide vital inputs in cost-benefit analyses, evaluation of alternative strategies and sourcing models, assessment of regulatory impacts and other areas. The good news is that the vast majority of CROs are involved in some capacity. But there’s ample opportunity to contribute value to every step of the process, from design and testing through implementation.

Highly efficient processes at the core of risk management operations help CROs deliver outstanding returns on investments in sophisticated risk modeling, threat detection, data visualization and other advanced capabilities. They also create time and capacity to focus on strategic matters, including advising business leaders and the board.

5. Instilling a strong risk culture across the business: promoting a higher risk IQ

Building strong risk cultures may be the most important task CROs undertake. More than half (55%) of our survey respondents cited it as the number-one way their role will evolve in the next five years, followed by serving as a strategic advisor to the business (52%).

While the insurance business has always been about risk management, CROs must ensure the organization has a nimbler mindset and agile approach to identifying risks and moving quickly to get ahead of them. That means engaging their counterparts in the business.

Strengthening risk cultures will need to be a priority in the future, given that our results show relatively few firms actively prioritize and encourage risk-informed thinking and action across the entire organization. When CROs and business leaders work together to embed risk mindsets into the business, firms will be better positioned to deliver safe innovation and sustainable growth.

In conclusion

As complex as insurance CROs’ jobs have become in recent years, they won’t be getting any easier anytime soon. Cyber, climate and regulatory risk all look to be more challenging in the years ahead, as will maintaining operational resilience. Geopolitical risks, macroeconomic volatility and demographic shifts add to the backdrop of unpredictability. CROs can serve as beacons, providing insight to C-suites and boards across the industry and helping them navigate the challenging road ahead. Even as they make a greater strategic contribution, CROs can continue to strengthen the core of technical and tactical risk management capabilities. We look forward to charting their progress in future insurance CRO surveys with the IIF.