Skip to main content
Blog Post

6 ways CROs can champion cross-functional risk discussions to add value

Insurance Consulting and Technology|Reinsurance
Insurer Solutions

By Paul Simmons | October 17, 2019

Cross-functional risk discussions with the business can help ERM teams manage the complex and interconnected issues insurers face.

Unlock More

About our 'A Year in the Life of the Strategic CRO' series

In our ongoing A Year in the Life of the Strategic CRO series, risk experts from our Insurance Consulting and Technology team, Willis Re and other parts of Willis Towers Watson cover how a strategically focused CRO can drive corporate strategy through the enterprise risk management planning process and throughout the year.

Among midsize and larger insurers, specialization among functions is the norm. And with specialization comes silos. The enterprise risk management (ERM) function, though, must be a major exception to that rule: ERM needs to be specialized – but it can't operate in a silo.

The chief risk officer (CRO) and ERM staff should have an enterprise-wide perspective. And risk committee meetings should require participants to pay attention to topics outside their silos. If everyone is thinking beyond their own specialties, the committee can be a major contributor to strategy and planning with the CRO setting the tone for broad strategic thinking across the committee.

Getting an enterprise-wide perspective

Considering the breadth, complexity and interconnectedness of issues facing insurers, no ERM team can reasonably expect to be specialists in every challenge out there. Cross-functional discussions and networking are key tools to help ERM teams stay on top of these challenges, and are important to forging a positive risk culture across the firm. Ultimately, to provide assurance to the CEO and board, the strategic CRO needs to be demonstrably connected to the entire business.

Engaging with the business will help the ERM team to better understand the business, enabling them to identify risks earlier. Moreover, engagement provides access to analysis and risk insights from the local teams themselves. Similarly, developing contacts will help to facilitate the rapid escalation of issues, which can be particularly important for certain risks where quick response is required, such as the 72-hour notification deadline for data breaches under Europe's General Data Protection Regulation (GDPR) rules.

Such conversations can also help the ERM team to better understand how various teams in the business define success (and failure). Aligning the risk framework with these definitions, including any metrics used, increases the likelihood of successful execution of the organization's strategy. Equally, understanding such matters enables the CRO to intervene if the definition of success is inconsistent with the organization's objectives.

6 ways the CRO can champion cross-functional thinking

What can the strategic CRO do to facilitate greater cross-functional discussions? We've set out some practical ideas below, beyond the direct approach of simply having one team present to the other, which typically has mixed rates of success in our experience. Many of these overlap with the (related) issue of risk culture, which can be taken as another benefit of encouraging greater cross-business discussion.

  1. Transfer resources internally, such as through secondments, in both directions and where capacity permits. Doing so can help expose the risk team to different segments of the business and vice versa. Likewise, secondments from group to subsidiaries can help to bring a fresh perspective and help people develop their networks.
  2. Be open about complaints and the resolution processes. For many insurers' staff, and especially those on the frontlines, contact with the risk management framework is likely to be most tangible through operational failings, whether customer complaints or operational events. Providing transparency into the resolution process for operational failings, where appropriate, can help engage staff in risk discussions, including the causes and consequences of issues, and the steps and processes taken to ensure such issues cannot recur.

    Recent regulatory investigations have highlighted that staff typically care about such issues and are receptive to ideas about fixing and preventing them (although insurers were poor at engaging their staff in such processes).
  3. Crowdsourcing risks. As technology has developed, so too have communication tools. Such platforms, allied to peoples' natural instinct for community, provide the opportunity for ERM teams to facilitate wider conversations, and capture unique and unexpected perspectives on risks (and solutions).

    Surveys are the obvious place to start gathering opinions from across the firm, although the amount of dialogue they facilitate is limited, generally speaking. More advanced tools and platforms can be used to create communities that share experiences, insights, and issues, and ultimately to help break through silos.
  4. Solicit employee feedback on products. Many insurers offer their employees discounts in their own products, depending on the type of insurance offered. But how many then target those employees to better understand the sale and post-sale experience?

    Getting customer feedback is tough, particularly in some markets, with customers making their feelings known only where the process has substantially failed. But employees are typically far more engaged in their employer's success, and more willing to provide open and useful risk-related feedback, whether to identify user experience issues, to highlight poor service failings or to highlight questionable sale processes.
  5. Model operational risk. Operational risk modeling typically requires input from specialists across the business, and provides a natural forum for promoting discussions between the risk function and the business. This is particularly the case for Bayesian-style operational risk models, which are focused on the causes and linkages between, different operational risks, rather than the ERM team's comfort zone of probability distributions and loss functions.

    In our experience, the benefit to the business of elevated awareness and engagement with ERM (i.e. risk culture) is just as beneficial as the capital number produced by the model itself.
  6. Record interactions between risks in risk registers. Expanding risk registers to record the linkages between different risks and encouraging the owners of interconnected risks to speak with one another should raise awareness and understanding of risk and facilitate early warnings of developing risk events. Translating the risk register from a simple list to a risk map showing the linkages between different risks can encourage risk owners to engage with other risk owners. Encouraging, and where appropriate, facilitating risk discussions between different segments of the business is an important step toward developing a culture that can effectively manage risks as they arise.

By taking any of these steps, CROs can help improve the practice of ERM across the business and build more resilient organizations.

Previously in the A Year in the Life of the Strategic CRO series: How insurers should present their enterprise risk management programs to rating agencies.


Paul Simmons
Senior Consultant

Contact Us

Related Capabilities