2018 AI predictions – 8 insights to shape your business strategy

Publié le par hanswillertbleuazurconsultingeu
  1. AI will impact employers before it impacts employment
  2. AI will come down to earth—and get to work
  3. AI will help answer the big question about data
  4. Functional specialists, not techies, will decide the AI talent race
  5. Cyberattacks will be more powerful because of AI—but so
    will cyberdefense
  6. Opening AI’s black box will become a priority
  7. Nations will spar over AI
  8. Pressure for responsible AI won’t be on tech companies alone

Key implications

1) AI will impact employers before it impacts employment

As signs grow this year that the great AI jobs disruption will be a false alarm, people are likely to more readily accept AI in the workplace and society. We may hear less about robots taking our jobs, and more about robots making our jobs (and lives) easier. That in turn may lead to a faster uptake of AI than some organizations are expecting.

2) AI will come down to earth—and get to work

Leaders don’t need to adopt AI for AI’s sake. Instead, when they look for the best solution to a business need, AI will increasingly play a role. Does the organization want to automate billing, general accounting and budgeting, and many compliance functions? How about automating parts of procurement, logistics, and customer care? AI will likely be a part of the solution, whether or not users even perceive it.

3) AI will help answer the big question about data

Those enterprises that have already addressed data governance for one application will have a head start on the next initiative. They’ll be on their way to developing best practices for effectively leveraging their data resources and working across organizational boundaries. There’s no substitute for organizations getting their internal data ready to support AI and other innovations, but there is a supplement: Vendors are increasingly taking public sources of data, organizing it into data lakes, and preparing it for AI to use.

4) Functional specialists, not techies, will decide the AI talent race

Enterprises that intend to take full advantage of AI shouldn’t just bid for the most brilliant computer scientists. If they want to get AI up and running quickly, they should move to provide functional specialists with AI literacy. Larger organizations should prioritize by determining where AI is likely to disrupt operations first and start upskilling there.

5) Cyberattacks will be more powerful because of AI—but so will cyberdefense

In other parts of the enterprise, many organizations may choose to go slow on AI, but in cybersecurity there’s no holding back: Attackers will use AI, so defenders will have to use it too. If an organization’s IT department or cybersecurity provider isn’t already using AI, it has to start thinking immediately about AI’s short- and long-term security applications. Sample use cases include distributed denial of service (DDOS) pattern recognition, prioritization of log alerts for escalation and investigation, and risk-based authentication. Since even AI-wary organizations will have to use AI for cybersecurity, cyberdefense will be many enterprises’ first experience with AI. We see this fostering familiarity with AI and willingness to use it elsewhere. A further spur to AI acceptance will come from its hunger for data: The greater AI’s presence and access to data throughout an organization, the better it can defend against cyberthreats. Some organizations are already building out on-premise and cloud-based “threat lakes,” that will enable AI capabilities.

6) Opening AI’s black box will become a priority

We expect organizations to face growing pressure from end users and regulators to deploy AI that is explainable, transparent, and provable. That may require vendors to share some secrets. It may also require users of deep learning and other advanced AI to deploy new techniques that can explain previously incomprehensible AI. Most AI can be made explainable—but at a cost. As with any other process, if every step must be documented and explained, the process becomes slower and may be more expensive. But opening black boxes will reduce certain risks and help establish stakeholder trust.

7) Nations will spar over AI

If China starts to produce leading AI developments, the West may respond. Whether it’s a “Sputnik moment” or a more gradual realization that they’re losing their lead, policymakers may feel pressure to change regulations and provide funding for AI. More countries should issue AI strategies, with implications for companies. It wouldn’t surprise us to see Europe, which is already moving to protect individuals’ data through its General Data Protection Regulation (GDPR), issue policies to foster AI in the region.

8) Pressure for responsible AI won’t be on tech companies alone

As organizations face pressure to design, build, and deploy AI systems that deserve trust and inspire it, many will establish teams and processes to look for bias in data and models and closely monitor ways malicious actors could “trick” algorithms. Governance boards for AI may also be appropriate for many enterprises.

AI PWC

Click here to access PWC’s detailed predictions report

 

EIOPA Risk Dashboard January 2018

Publié le par hanswillertbleuazurconsultingeu

Risks originating from the macroeconomic environment remained stable and high. Improvements have been observed across most indicators, but were not sufficient to change the overall risk picture. The improving prospects for economic growth still contrast with the persistence of structural imbalances, such as fiscal deficit. The accommodative stance of monetary policy has been reduced only very gradually, with low interest rates continuing to put a strain on the insurance sector.

Credit risks remained constant at a medium level whereas observed spreads continued to decline. The average rating of investments has seen some marginal improvements. Concerns on the pricing of the risk premia remain.

Market risks remained stable at a medium level despite a reduction of the volatility on prices was observed. Only price to book value of European stocks moved in the direction of risk increase.

Liquidity and funding risks were constant at a medium level in 2017 Q3 and remained a minor issue for insurers. Catastrophe bond issuance significantly decreased when compared to the record high registered during the previous quarter. The low volume of issued bonds made the indicator less relevant.

Profitability and solvency risks remained stable at a medium level. A deterioration of the net combined ratio was observed in the tail (90 percentile) of the distribution mainly populated by reinsurers in this quarter. SCR ratios have improved across all types of insurers mainly due to an increase of the Eligible Own Funds. This has been especially marked for life solo companies.

Interlinkages & imbalances: Risks in this category remained constant at a medium level. Investment exposures to banks and other insurers increased slightly from the previous quarter.

Insurance risks increased when compared to 2017 Q2 and are now at a medium level. This was essentially driven by the significant increase in the catastrophe loss ratio resulting from the impact of the catastrophic events observed in Q3 mainly on reinsurers’ technical results. This is also reflected in the loss ratio. Other indicators in this risk category still point to a stable risk exposure.

Market perceptions remained constant, with the improvement in external rating outlooks outweighing the observed increase in price to earnings ratios. Insurance stocks slightly outperformed the market, especially for life insurance, and CDS spreads reduced.

Riskdashboard 12018

Click here to access EIOPA’s Risk Dashboard January 2018

The Global Risks Report 2018

Publié le par hanswillertbleuazurconsultingeu

Last year’s Global Risks Report was published at a time of heightened global uncertainty and strengthening popular discontent with the existing political and economic order. The report called for “fundamental reforms to market capitalism” and a rebuilding of solidarity within and between countries.

One year on, a global economic recovery is under way, offering new opportunities for progress that should not be squandered: the urgency of facing up to systemic challenges has, if anything, intensified amid proliferating indications of uncertainty, instability and fragility. Humanity has become remarkably adept at understanding how to mitigate conventional risks that can be relatively easily isolated and managed with standard riskmanagement approaches. But we are much less competent when it comes to dealing with complex risks in the interconnected systems that underpin our world, such as organizations, economies, societies and the environment. There are signs of strain in many of these systems: our accelerating pace of change is testing the absorptive capacities of institutions, communities and individuals. When risk cascades through a complex system, the danger is not of incremental damage but of “runaway collapse” or an abrupt transition to a new, suboptimal status quo.

In our annual Global Risks Perception Survey, environmental risks have grown in prominence in recent years. This trend has continued this year, with all five risks in the environmental category being ranked higher than average for both likelihood and impact over a 10-year horizon. This follows a year characterized by high-impact hurricanes, extreme temperatures and the first rise in CO2 emissions for four years. We have been pushing our planet to the brink and the damage is becoming increasingly clear. Biodiversity is being lost at mass-extinction rates, agricultural systems are under strain and pollution of the air and sea has become an increasingly pressing threat to human health. A trend towards nation-state unilateralism may make it more difficult to sustain the long-term, multilateral responses that are required to counter global warming and the degradation of the global environment.

Cybersecurity risks are also growing, both in their prevalence and in their disruptive potential. Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace. The financial impact of cybersecurity breaches is rising, and some of the largest costs in 2017 related to ransomware attacks, which accounted for 64% of all malicious emails. Notable examples included the WannaCry attack—which affected 300,000 computers across 150 countries—and NotPetya, which caused quarterly losses of US$300 million for a number of affected businesses. Another growing trend is the use of cyberattacks to target critical infrastructure and strategic industrial sectors, raising fears that, in a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning.

Headline economic indicators suggest the world is finally getting back on track after the global crisis that erupted 10 years ago, but this upbeat picture masks continuing underlying concerns. The global economy faces a mix of long-standing vulnerabilities and newer threats that have emerged or evolved in the years since the crisis. The familiar risks include potentially unsustainable asset prices, with the world now eight years into a bull run; elevated indebtedness, particularly in China; and continuing strains in the global financial system. Among the newer challenges are limited policy firepower in the event of a new crisis; disruptions caused by intensifying patterns of automation and digitalization; and a build-up of mercantilist and protectionist pressures against a backdrop of rising nationalist and populist politics.

The world has moved into a new and unsettling geopolitical phase. Multilateral rules-based approaches have been fraying. Re-establishing the state as the primary locus of power and legitimacy has become an increasingly attractive strategy for many countries, but one that leaves many smaller states squeezed as the geopolitical sands shift. There is currently no sign that norms and institutions exist towards which the world’s major powers might converge. This creates new risks and uncertainties: rising military tensions, economic and commercial disruptions, and destabilizing feedback loops between changing global conditions and countries’ domestic political conditions. International relations now play out in increasingly diverse ways. Beyond conventional military buildups, these include new cyber sources of hard and soft power, reconfigured trade and investment links, proxy conflicts, changing alliance dynamics, and potential flashpoints related to the global commons. Assessing and mitigating risks across all these theatres of potential conflict will require careful horizon scanning and crisis anticipation by both state and nonstate actors.

This year’s Global Risks Report introduces three new series:

  1. Future Shocks,
  2. Hindsight,
  3. Risk Reassessment.

Our aim is to broaden the report’s analytical reach: each of these elements provides a new lens through which to view the increasingly complex world of global risks.

Future Shocks is a warning against complacency and a reminder that risks can crystallize with disorientating speed. In a world of complex and interconnected systems, feedback loops, threshold effects and cascading disruptions can lead to sudden and dramatic breakdowns. We present 10 such potential breakdowns—from democratic collapses to spiralling cyber conflicts—not as predictions, but as food for thought: what are the shocks that could fundamentally upend your world?

In Hindsight we look back at risks we have analysed in previous editions of the Global Risks Report, tracing the evolution of the risks themselves and the global responses to them. Revisiting our past reports in this way allows us to gauge risk-mitigation efforts and highlight lingering risks that might warrant increased attention. This year we focus on antimicrobial resistance, youth unemployment, and “digital wildfires”, which is how we referred in 2013 to phenomena that bear a close resemblance to what is now known as “fake news”.

In Risk Reassessment, selected risk experts share their insights about the implications for decisionmakers in businesses, governments and civil society of developments in our understanding of risk. In this year’s report, Roland Kupers writes about fostering resilience in complex systems, while Michele Wucker calls for organizations to pay more attention to cognitive bias in their risk management processes.

GRR2018 1

GRR2018 2

Click here to access WEF – Marsh’s detailed Global Risk Report 2018

Technology Driven Value Generation in Insurance

Publié le par hanswillertbleuazurconsultingeu

The evolution of financial technology (FinTech) is reshaping the broader financial services industry. Technology is now disrupting the traditionally more conservative insurance industry, as the rise of InsurTech revolutionises how we think about insurance distribution.

Moreover, insurance companies are improving their operating models, upgrading their propositions, and developing innovative new products to reshape the insurance industry as a whole.

Five key technologies are driving the change today:

  1. Cloud computing
  2. The Internet of Things (including telematics)
  3. Big data
  4. Artificial intelligence
  5. Blockchain

This report examines these technologies’ potential to create value in the insurance industry. It also examines how technology providers could create new income streams and take advantage of economies of scale by offering their technological backbones to participants in the insurance industry and beyond.

Cloud computing refers to storing, managing, and processing data via a network of remote servers, instead of locally on a server or personal computer. Key enablers of cloud computing include the availability of high-capacity networks and service-oriented architecture. The three core characteristics of a cloud service are:

  • Virtualisation: The service is based on hardware that has been virtualised
  • Scalability: The service can scale on demand, with additional capacity brought online within minutes
  • Demand-driven: The client pays for the services as and when they are needed

cloud

Telematics is the most common form of the broader Internet of Things (IoT). The IoT refers to the combination of physical devices, vehicles, buildings and other items embedded with electronics, software, sensors, actuators, and network connectivity that enable these physical objects to collect and exchange data.

The IoT has evolved from the convergence of

  • wireless technologies,
  • micro-electromechanical systems,
  • and the Internet.

This convergence has helped remove the walls between operational technology and information technology, allowing unstructured, machine-generated data to be analysed for insights that will drive improvements.

IoT

Big data refers to data sets that are so large or complex that traditional data processing application software is insufficient to deal with them. A definition refers to the “five V” key challenges for big data in insurance:

  • Volume: As sensors cost less, the amount of information gathered will soon be measured
    in exabytes
  • Velocity: The speed at which data is collected, analysed, and presented to users
  • Variety: Data can take many forms, such as structured, unstructured, text or multimedia. It can come from internal and external systems and sources, including a variety
    of devices
  • Value: Information provided by data about aspects of the insurance business, such as customers and risks
  • Veracity: Insurance companies ensure the accuracy of their plethora of data

Modern analytical methods are required to process these sets of information. The term “big data has evolved to describe the quantity of information analysed to create better outcomes, business improvements, and opportunities that leverage all available data. As a result, big data is not limited to the challenges thrown up by the five Vs. Today there are two key aspects to big data:

  1. Data: This is more-widely available than ever because of the use of apps, social media, and the Internet of Things
  2. Analytics: Advanced analytic tools mean there are fewer restrictions to working with big data

BigData

The understanding of Artificial Intelligence AI has evolved over time. In the beginning, AI was perceived as machines mimicking the cognitive functions that humans associate with other human minds, such as learning and problem solving. Today, we rather refer to the ability of machines to mimic human activity in a broad range of circumstances. In a nutshell, artificial intelligence is the broader concept of machines being able to carry out tasks in a way that we would consider smart or human.

Therefore, AI combines the reasoning already provided by big data capabilities such as machine learning with two additional capabilities:

  1. Imitation of human cognitive functions beyond simple reasoning, such as natural language processing and emotion sensing
  2. Orchestration of these cognitive components with data and reasoning

A third layer is pre-packaging generic orchestration capabilities for specific applications. The most prominent such application today are bots. At a minimum, bots orchestrate natural language processing, linguistic technology, and machine learning to create systems which mimic interactions with human beings in certain domains. This is done in such a way that the customer does not realise that the counterpart is not human.

Blockchain is a distributed ledger technology used to store static records and dynamic transaction data distributed across a network of synchronised, replicated databases. It establishes trust between parties without the use of a central intermediary, removing frictional costs and inefficiency.

From a technical perspective, blockchain is a distributed database that maintains a continuously growing list of ordered records called blocks. Each block contains a timestamp and a link to a previous block. Blockchains have been designed to make it inherently difficult to modify their data: Once recorded, the data in a block cannot be altered retroactively. In addition to recording transactions, blockchains can also contain a coded set of instructions that will self-execute under a pre-specified set of conditions. These automated workflows, known as smart contracts, create trust between a set of parties, as they rely on pre-agreed data sources and and require not third-party to execute them.

Blockchain technology in its purest form has four key characteristics:

  1. Decentralisation: No single individual participant can control the ledger. The ledger
    lives on all computers in the network
  2. Transparency: Information can be viewed by all participants on the network, not just
    those involved in the transaction
  3. Immutability: Modifying a past record would require simultaneously modifying every
    other block in the chain, making the ledger virtually incorruptible
  4. Singularity: The blockchain provides a single version of a state of affairs, which is
    updated simultaneously across the network

Blockchain

Oliver Wyman, ZhongAn Insurance and ZhongAn Technology – a wholly owned subsidiary of ZhongAn insurance and China’s first online-only insurer – are jointly publishing this report to analyse the insurance technology market and answer the following questions:

  • Which technologies are shaping the future of the insurance industry? (Chapter 2)
  • What are the applications of these technologies in the insurance industry? (Chapter 3)
  • What is the potential value these applications could generate? (Chapter 3)
  • How can an insurer with strong technology capabilities monetise its technologies?
    (Chapter 4)
  • Who is benefiting from the value generated by these applications? (Chapter 5)

 

Click here to access Oliver Wyman’s detailed report

Insurance Data Integrated Platform

Publié le par hanswillertbleuazurconsultingeu

The insurance industry today is poised for a paradigm shift in the way that technology is deployed to provide products and services to customers. This has primarily been driven by changing business needs and the innovations brought about by myriad insuretech firms, leading to an inevitable shift towards adopting the new digital innovations.

Analysts have forecast significant investments geared towards the digitalization of the industry and expect such investments to continue pouring in for several years. It is also expected that an increasing number of new insurance companies will be driven by technology companies to bring better products, services, and customer service in the insurance industry.

A forward-looking plan of action, sufficient operational flexibility, an effective implementation strategy, and a willingness to adopt digital disruptions in every aspect of their organization – those insurers that have all of the above can position themselves to leverage the impending digital disruptions to propel their organization to the very forefront of the industry.

DEALING WITH THE DIGITALIZATION OF THE INSURANCE INDUSTRY

These adopters of digital technology will have a clear upper hand against their competition. Suitably equipped to cut costs and design more attractive offerings, the digital insurance carriers are sure to acquire a whole new set of customers, thus increasing market share. Those who fail to quickly adopt the new technologies, on the other hand, will struggle to maintain their competitive positions in the midst of a customer-centric, price-sensitive market.

Data has always been at the center of the insurance industry, and despite the changes that are to come, data will continue to be the focal point of the industry. In fact, it’s set to play a bigger role to play than ever before.

The continued criticality of data in the insurance landscape is ensured by carriers’ need for information-driven strategies in the digitalized business scenario. They’ll have to leverage data as an asset, enabling automated decision-making in critical business processes, in order to thrive. This, in turn, is why a digital business technology platform – one that incorporates information management and analytical capabilities – will become a necessity in the future.

Without a system in place to support the analytics and reporting needs of the business, decision-makers may be left with no choice but to rely on conventional time-consuming manual processes those are more qualitative rather than quantitative in nature. This is bound to cause serious repercussions for the organization, ultimately resulting in missed opportunities and loss of competitiveness.

According to a Gartner study, the two following technology platforms are essential for any digital business:

  1. Data and analytics platform – This platform should consist of data management programs and analytics applications to enable data-driven decision making
  2. Ecosystems platform – This platform’s role should be to support the creation of and connection to external ecosystems, marketplaces, and communities

MFX

 

Click here to access MFX’s detailed White Paper

 

Keeping up with shifting compliance goalposts in 2018 – Five focal areas for investment

Publié le par hanswillertbleuazurconsultingeu

Stakeholders across the organization are increasingly seeking greater compliance effectiveness, efficiency, cost cutting, and agility in compliance activities to further compete in the expanding digital and automated world.

Organizations are being reinforced this way to continuously improve their compliance activities, because in the future, integration and automation of compliance activities is an imperative. To prepare for tomorrow, organizations must invest today.

When positioning your organization for the future, keep in mind the following five areas for investment:

1. Operational integration

Regulators are increasingly spotlighting the need for operational integration within a compliance risk management program, meaning that compliance needs to be integrated in business processes and into people’s performance of their job duties on a day-to-day basis.

When approaching the governance of managing compliance efforts, a more centralized, or a hybrid approach, strengthens the organization’s overall compliance risk management control environment.

2. Automation of compliance activities

The effectiveness of compliance increases when there is integration across an enterprise and successful automation of processes. Compliance leaders are turning toward intelligent automation as an answer for slimming down compliance costs, and becoming more nimble and agile in an ever-increasingly competitive world. When intelligent automation is on the table to support possible compliance activities, some important considerations must be made:

  • Compliance program goals for the future
  • Implementation dependencies and interdependencies
  • Determining how automation will and can support the business
  • Enhancing competitiveness and agility in executing its compliance activities

Automating compliance activities can also help augment resource allocation and realize greater accuracy by implementing repetitive tasks into the automation.

3. Accountability

Regulators increasingly expect organization to implement performance management and compensation programs to encourage prudent risk-taking. In fact, identified by the KPMG CCO Survey, 55% of CCOs identified “enhancing accountability and compliance responsibilities” as a top 3 priority in 2017.

It is essential that disciplinary and incentive protocols be consistently applied to high-level employees. To do so sends a message that seniority and success do not exempt anyone from following the rules.

4. Formalized risk assessments

Regulatory guidelines and expectations released in 2017 set forth specific focal areas that compliance leaders should ensure are covered in their risk assessments.

  • Evaluating the data needs of the compliance program can help the organization migrate to a more data-driven metrics environment in a controlled way.
  • Availability, integrity, and accuracy of data is needed to understand and assess compliance risks enterprise-wide. The use of data quality assessments to evaluate the compliance impact can help address this challenge.
  • Implementing a data governance model to share data across the 3 lines of defense is a good way of reassuring data owners and stakeholders that the data will be used consistent with the agreed upon model.
  • Further integration and aggregation of data is needed to avoid unintentionally ‘underestimating” compliance risks because of continuous change in measurement of compliance programs and data & analytics.
  • To maximize the benefits of data & analytics, leading organizations are building analytics directly into their compliance processes in order to identify risk scenarios in real time and to enhance their risk coverage in a cost-effective way.

5. Continuous improvement

Compliance efforts by organizations need to continuously evolve to ensure the control environment remains firm while risk trends appear, risks emerge, and regulatory expectations shift.

Compliance and business leaders must continuously improve their compliance activities in pursuit of greater effectiveness, efficiency, agility, and resiliency. Because by continuously improving, organizations can methodically position their organizations for the future.

KPMG

Click here to access KPMG’s detailed White Paper

The General Data Protection Regulation (GDPR) Primer – What The Insurance Industry Needs To Know, And How To Overcome Cyber Risk Liability As A Result.

Publié le par hanswillertbleuazurconsultingeu

SCOPE

The regulation applies if the

  • data controller (organization that collects data from EU residents)
  • or processor (organization that processes data on behalf of data controller e.g. cloud service providers)
  • or the data subject (person)

is based in the EU. Furthermore, the Regulation also applies to organizations based outside the European Union if they collect or process personal data of EU residents. Per the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from

  • a name,
  • a home address,
  • a photo,
  • an email address,
  • bank details,
  • posts on social networking websites,
  • medical information,
  • or a computer’s IP address.”

The regulation does not apply to the processing of personal data for national security activities or law enforcement; however, the data protection reform package includes a separate Data Protection Directive for the police and criminal justice sector that provides robust rules on personal data exchanges at national, European and international level.

SINGLE SET OF RULES AND ONE-STOP SHOP

A single set of rules will apply to all EU member states. Each member state will establish an independent Supervisory Authority (SA) to hear and investigate complaints, sanction administrative breaches, etc. SA’s in each member state will cooperate with other SA’s, providing mutual assistance and organizing joint operations. Where a business has multiple establishments in the EU, it will have a single SA as its “lead authority”, based on the location of its “main establishment” (i.e., the place where the main processing activities take place). The lead authority will act as a “one-stop shop” to supervise all the processing activities of that business throughout the EU. A European Data Protection Board (EDPB) will coordinate the SAs.

There are exceptions for data processed in an employment context and data processed security, that still might be subject to individual country regulations.

RESPONSIBILITY AND ACCOUNTABILITY

The notice requirements remain and are expanded. They must include the retention time for personal data and contact information for data controller and data protection officer must be provided.

Automated individual decision-making, including profiling (Article 22) is made disputable. Citizens now have the right to question and fight decisions that affect them that have been made on a purely computer generated basis.

To be able to demonstrate compliance with the GDPR, the data controller should implement measures which meet the principles of data protection by design and data protection by default. Privacy by Design and by Default require that data protection measures are designed into the development of business processes for products and services. Such measures include pseudonymizing personal data, by the controller, as soon as possible.

It is the responsibility and liability of the data controller to implement effective measures and can demonstrate the compliance of processing activities even if the processing is carried out by a data processor on behalf of the controller.

Data Protection Impact Assessments must be conducted when specific risks occur to the rights and freedoms of data subjects. Risk assessment and mitigation is required and prior approval of the Data Protection Authorities (DPA) is required for high risks. Data Protection Officers (DPO) are to ensure compliance within organizations.

DPO must be appointed:

  • for all public authorities, except for courts acting in their judicial capacity
  • if the core activities of the controller or the processor consist of
  • by their nature, their scope and/or their purposes, require regular and systematic
    monitoring of data subjects on a large scale
  • processing on a large scale of special categories of data pursuant to Article 9 and
    personal data relating to criminal convictions and offences referred to in Article 10
    processing operations which, for the purposes of national

GDPR in a Box

 

Click here to access Clarium’s detailed paper

Mastering Risk with “Data-Driven GRC”

Publié le par hanswillertbleuazurconsultingeu

Overview

The world is changing. The emerging risk landscape in almost every industry vertical has changed. Effective methodologies for managing risk have changed (whatever your perspective:

  • internal audit,
  • external audit/consulting,
  • compliance,
  • enterprise risk management,

or otherwise).

Finally, technology itself has changed, and technology consumers expect to realize more value, from technology that is more approachable, at lower cost.

How are these factors driving change in organizations?:

Emerging Risk Landscapes

Risk has the attention of top executives. Risk shifts quickly in an economy where “speed of change” is the true currency of business, and it emerges in entirely new forms in a world where globalization and automation are forcing shifts in the core values and initiatives of global enterprises.

Evolving Governance, Risk, and Compliance Methodologies

Across risk and control oriented functions spanning a variety of

  • audit functions,
  • fraud,
  • compliance,
  • quality management,
  • enterprise risk management,
  • financial control,

and many more, global organizations are acknowledging a need to provide more risk coverage at lower cost (measured in both time and currency), which is driving reinventions of methodology and automation.

Empowerment Through Technology

Gartner, the leading analyst firm in the enterprise IT space, is very clear that the convergence of four forces,

  • Cloud,
  • Mobile,
  • Data,
  • and Social

is driving the empowerment of individuals as they interact with each other and their information through well-designed technology. In most organizations, there is no coordinated effort to leverage organizational changes emerging from these three factors in order to develop an integrated approach to mastering risk management. The emerging opportunity is to leverage the change that is occurring, to develop new programs; not just for technology, of course, but also for the critical people, methodology, and process issues. The goal is to provide senior management with a comprehensive and dynamic view of the effectiveness of how an organization is managing risk and embracing change, set in the context of overall strategic and operational objectives.

Where are organizations heading?

“Data Driven GRC” represents a consolidation of methodologies, both functional and technological, that dramatically enhance the opportunity to address emerging risk landscapes and, in turn, maximizing the reliability of organizational performance. This paper examines the key opportunities to leverage change—both from a risk and an organizational performance management perspective—to build integrated, data-driven GRC processes that optimize the value of audit and risk management activities, as well as the investments in supporting tools and techniques.

Data Driven GRC

Click here to access ACL’s detailed White Paper

Digital Strategy and Transformation

Publié le par hanswillertbleuazurconsultingeu

Digital Strategy for a B2B World

It’s easy to see why so many view companies like Uber, Amazon and Google as the business models of the future. They’ve redefined their industries. They’ve rewired the customer experience. They’re not afraid to fail fast, learn from mistakes and make the changes necessary to stay well ahead of the market.

None of this is news to leaders of industrial and other business-to-business (B2B) companies. But these executives also know full well that what works in the consumer realm doesn’t always translate in a B2B context. Failing fast? That’s problematic in industries such as chemical processing or offshore drilling, where the smallest mistake can trigger epic disaster. Moving quickly? We’ll get back to you when our channel partners get back to us.

Redefining the industry? Easier said than done in a business like aviation, where many stakeholders operate in a complex, interdependent ecosystem. The truth is B2B is different than business-to-consumer (B2C) when it comes to digital strategy, and it requires a different approach. There are many lessons to be learned from digital innovators like Amazon, and the opportunities are very real. But simple comparisons to what works for these digital standouts aren’t always useful in an industrial setting and often come off as naive or impractical, feeding the notion that digital is more hype than reality. This gets in the way of deciding how digital can, in fact, transform important parts of a business and makes it hard to create alignment around the right path forward.

Digital Destination

Click here to access BAIN_BRIEF-Digital_Strategy_for_a_B2B_World

Digitalization in Insurance: The Multibillion Dollar Opportunity

The business of property and casualty insurance— assessing risk, collecting premiums and paying claims— hasn’t changed much since 1861, when a group of underwriters sold the first policies to protect London homeowners against losses from fire. Recently, though, the insurance industry has embarked on a radical transformation, one spurred by a series of digital innovations whose widespread adoption is just a few years away. Bain & Company and Google have identified seven key technologies—namely,

  • infrastructure and productivity,
  • online sales technologies,
  • advanced analytics,
  • machine learning,
  • the Internet of Things,
  • distributed ledger
  • and virtual reality

—that have already begun to disrupt the industry and whose impact will accelerate in the next three to five years. These new technologies are likely to be a boon for consumers, bringing more choice, better service and lower prices.

For those insurers ready to seize the initiative, digitalization presents an immense opportunity. The companies that stand to benefit the most are those that use the impetus of digitalization to rethink all their operations, from underwriting to customer service to claims management. The impact on both revenues and costs can be enormous. An analysis by Bain and Google shows that a prototypical P&C insurer in Germany that implemented these technologies could increase its revenues by up to 28% within five years, reduce claims payouts by as much 19% and cut policy administration costs by as much as 72%.

These pioneers in digital technology can gain an edge over their rivals by becoming more effective and efficient. They’ll be able to trim costs and pass on those savings to their customers, thereby winning new business and gaining market share. The digital laggards, by contrast, will find themselves fighting an intensified price war and scrambling to protect their competitive positions.

Digital P&C

Click here to access BAIN_BRIEF_Digitalization_in_Insurance

Six IT Design Rules for Digital Transformation

Superior performance in the digital age calls for an adaptable technology infrastructure that manages the complexities of a multicloud environment, embedded security and compliance policies, and deep business alignment. Best-in-class IT operations and the software vendors that support them are adopting a playbook based on six core rules for IT design.

  1. Break boundaries across IT stacks. Given that companies are unlikely to achieve complete migration to the public cloud anytime soon, CIOs need monitoring, discovery and confi guration tools that function in hybrid, multicloud environments as well as up and down the stack, from legacy systems to consumer-facing apps.
  2. Embrace DevOps. As firms increase the cadence of their digital offerings, they have no choice but to integrate software development and IT operations. Already, as many as 60% of enterprises are using or planning to use a DevOps approach to building and installing software, according to a survey by Gartner. Modern IT organizations require software that works across the production chain and that’s designed for rapid testing and validation.
  3. Be open. No modern solution can be an island. As designers produce focused, best-in-class solutions instead of massive monolithic systems, openness becomes critical. Companies need modular, opensource and application-program-interface–friendly software that is designed for easy extensibility and integration with other apps. CIOs expect to be able to combine the capabilities of their disparate systems to serve new needs.
  4. Incorporate policy engines. Cost pressures have driven CIOs to seek to automate their IT operations. They want to escape the massive manual efforts that they currently rely on to monitor policies, including compliance, data governance and security rules. They need solutions that have builtin logic to identify and remediate against rules in order to enable policy management across a hybrid infrastructure.
  5. Induce insights. As digital apps proliferate, companies are becoming fl ooded with an abundance of data—some of it useful, some of it not. CIOs need analytical tools that use techniques such as machine learning to glean insights from disparate sources.
  6. Insist on user-friendly experiences and tools. In a complex world, IT professionals are demanding intuitive, easy-to-use software. They are no longer satisfied with hard-to-master, second-rate applications; they want a consumer-level user experience. They need solutions that are software-as-a-service (SaaS) capable, simple to install and have immediate, out-of-the-box functionality.

IT Transformation

Click here to access BAIN_BRIEF_Six_IT_Design_Rules_for_Digital_Transformation

 

EIOPA’s Supervisory Statement Solvency II: Solvency and Financial Condition Report

Publié le par hanswillertbleuazurconsultingeu
  • The majority of insurance undertakings and groups published the (Solo/Group) SFCR on a timely basis and generally complied with the relevant Solvency II requirements. In some cases Groups went the extra mile to make the Group SFCR accessible to all stakeholders: The SFCRs are generally easy to find in the websites of most of the disclosing entities. However, some undertakings still do not own a website. In the websites of the insurance groups, in general, in addition to the Group SFCR, the solo SFCRs of the major entities of the group are also available at the same address and versions in English are available which facilitates access regarding the full group. The reports follow the structure as of Annex XX of the Delegated Regulation, but for non-applicable items, it is important to have a clear indication that the information is not applicable.
  • The use of different language styles and different formats to disclose SFCR information makes difficult the definition of a common disclosure approach to all types of stakeholders: EIOPA expects that care is taken when deciding the content and language style of the SFCR and in particular of the Summary of the SFCR. The Summary is the part of the SFCR that will most interest the policyholders. They should be the main addressees of this part of the Report. In the remaining sections of the SFCR it is not expected that the full content of EU or national legislation is reproduced in the SFCR. The Report should instead include relevant undertaking-specific information under each section to make it easy to efficiently identify and read the relevant specific information.
  • The need for a more fit-for-purpose ‘Summary’: EIOPA encourages insurance groups/undertakings to improve the content and clarity of the Summary. The SFCR Summary should encompass relevant SFCR areas and briefly provide relevant information. Given the importance of the SFCR Summary for the policyholders and the range of different approaches EIOPA clarifies the expectations on its minimum content from a supervisory perspective.
  • Quantitative Reporting Templates (QRTs) in the context of the SFCR: The placement of QRTs in an Annex to the SFCR, although a good practice, should not prevent undertakings/groups from providing quantitative and qualitative information into the body of the SFCR. Relevant information covered by the QRTs and additional information not covered by the QRTs in the Annex to the SFCR, such as background information that allows the reader to understand the information in the templates should be included in SFCR. If appropriate, parts of the QRTs should be repeated, or complemented through the narrative information of the SFCR.
  • Information on the own-risk and solvency assessment (ORSA) under the SFCR is by its very nature undertaking/group specific. This means that undertaking/group specific information needs to be included, even when referring only to the process and not to the outcome: The information disclosed should go beyond repeating the laws, regulations and administrative provisions on how the ORSA needs to be integrated into the organisational structure and decision making process.
  • The information on the risk sensitivity to different scenarios or stresses, should be better structured and more comprehensive: The information regarding the SCR and risk sensitivity is not comparable across different undertakings/groups. It is expected that the reporting of sensitivities to different scenarios or stresses is disclosed in a more structured format. The sensitivity to the different risks should be shown under the section ‘Risk Profile’. In addition under each risk section information on the overall impact should be provided.
  • Information on the bases, methods and main assumptions used for the valuation for solvency purposes should include undertaking/group specific information and address the uncertainties around the valuation: the SFCR should include more relevant, undertaking/group specific information, in particular regarding valuation of investments, valuation of deferred tax assets and deferred tax liabilities and valuation of technical provisions. Regarding the later the SFCR should provide a description of the level of uncertainty, by linking it at least to the assumptions underlying the calculation, such as economic and non-economic assumptions, expected profits in future premiums, future management actions and future policyholder behaviour.
  • Information on eligible own funds: EIOPA encourages undertakings/groups to disclose information about the management of the own funds in the context of the undertaking’s/group’s strategy and business model, including information on the time horizon used for business planning and on any material changes over the reporting period. The information of the eligible own-funds items, classified by tiers should be complemented by explanations of the most material own-funds items, including the extent to which they are available, subordinated, as well as their duration and any other feature that is relevant for assessing their quality.
  • In next year’s SFCR undertakings/groups should also include comparative information in certain areas of the SFCR. EIOPA expects that when providing comparative information the format of tables is used as much as possible in the narrative part of the SFCR. These tables could include amounts for both reporting years or focus on the material differences between both reporting years. Qualitative information on material differences between two reporting years are also expected to be included in the report. Publication of QRTs for current and the previous reporting year as an Annex alone is not sufficient to be considered compliant with the comparison requirement.

 

Click here to access EIOPA’s SFCR report