With strong economic headwinds putting pressure on balance sheets, and amid regulatory and compliance scrutiny, operational resilience – and in particular digital operational resilience – is firmly under the spotlight for 2023. Pro Global Head of Insurance Services Richard Emmett explores how companies can get a grip on an issue that is likely to continue to dominate the headlines in the year ahead.
In a world of differing opinions and outlooks, it’s rare to find something that everyone agrees on – so it’s perhaps ironic then that there is near universal agreement that the global economic outlook for 2023 is challenging to say the least.
Low growth, even recession in some economies, combined with high inflation and the ongoing recovery impacts of the pandemic are putting pressure on the cost of living for individuals and the cost of operating for businesses; and the forecast is that this will remain the case for the foreseeable future.
Stability and growth
To maintain stability and even achieve growth in this environment requires operational resilience – the ability to prevent, adapt and respond to, and recover and learn from operational incidents, including those relating to cyber and technology.
The operational, reputational and financial risks of getting this wrong are serious for companies and for their customers. And regulators know this too and have placed a high priority on developing and embedding operational resilience in their supervisory approach in order to mitigate the risk of disruption to the provision of critical functions – including IT functions.
At the end of 2022, for instance, the Financial Conduct Authority and the Prudential Regulation Authority fined TSB Bank a total of £48.65 million for operational risk management and governance failures, including management of outsourcing risks, relating to the bank’s IT upgrade programme. Technical failures in TSB’s IT system ultimately resulted in customers being unable to access banking services.
Digital operational resilience
And late last year, the European Council also formally adopted the Digital Operational Resilience Act (DORA), which aims to make sure the financial sector in Europe is able to stay resilient through a severe operational disruption.
DORA sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide IT-related services to them. Essentially this Act creates a regulatory framework on digital operational resilience whereby all firms operating in EU member states need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats. The core aim is to prevent and mitigate cyber threats.
What does this mean for the re/insurance sector?
The intense and sustained scrutiny from central banks and regulators of re/insurers’ financial operational resilience and digital operational resilience is entirely appropriate given the volatility we have experienced in the last two years, and the short to medium-term economic outlook.
Managing operational resilience adequately is a way firms can reduce their financial risk and the number and impact of IT or operational incidents. The way in which a firm manages operational resilience is an integral part of regulatory assessments of their safety and soundness. It is, therefore, essential that re/insurers know exactly what they need to do to meet operational resilience requirement supervision strategies, and the key drivers of harm for firms that they identify.
This includes having a firm handle on data management and governance, and taking a top down view of operational resilience against the ambition of continuous improvement, before developing action plans to implement and embed changes that close the gap and exceed what is expected from regulatory requirements.
Risk mitigation strategies
It is vital, therefore, that re/insurers can show that they have effective supervision models in place, can demonstrate an awareness of the drivers of harm and can clearly evidence how their firm has mitigated risk.
Areas of focus should include conducting regular reviews for relevance and impact of any material market or economic developments; undertaking regular stress and tolerance testing; ensuring good governance by having clear structures for accountability and appropriate delegation and escalation routes; monitoring and mitigating key risks of harm; and allowing for strong and independent board oversight and challenge.
The regulator has rightly focused on strong governance and operational resilience and, with moves towards tougher regulations in these areas, companies will need to ensure that they have robust processes in place or face possible investigations and enforcement.
The benefits of working with a trusted outsource partner
The fact that operational resilience will play a significant part in boardroom discussions and media headlines in 2023 is ultimately a good thing – but the challenge is that re/insurers are also focused on running, growing and adapting their businesses and often struggle to find the necessary skilled resource to dedicate to eliminating processing errors, supporting their compliance journey and delivering sustainable scale as they grow.
With the current macroeconomic environment likely to challenge most companies across the re/insurance sector for some considerable time to come, this highlights the opportunities for businesses to work with a trusted outsource partner such as Pro Global who can help with the heavy lifting in terms of dedicated resource and breadth of subject matter expertise – both of which are particularly important in some areas of the market at the current time with many organisations seeing staff turnover, recruitment challenges as well as a lack of relevant experience and expertise.
Pro is a long-standing adviser and partner to the sector and we have the solutions to support companies with operational resilience, scalability and specialist people management. Working with true experts in the field, we are able to help leading re/insurers to protect their organisation, workforce and clients from adverse operational and financial events and improve their operational resilience strategies to exceed regulatory requirements.
Meet our expert
Name: Richard Emmett
Job title: Head of Insurance Services
Get in touch
To speak to the Pro Global team please feel free to reach out to us at:
Lysander PR
To contact our PR team directly please use the link below