Any discussion about organizing and governing risk management in a financial services company typically includes the “three lines of defense” model. Regardless of how useful this model has been over the last fifteen years, it might need to change. The risks currently facing the insurance industry are different than they were ten or fifteen years ago and they continue to change. The existential threat that disruptive technologies pose looms much larger now than traditional risks like credit, market and insurance.
We recently surveyed over two dozen board members and CROs on risk strategy and organization topics CROs and risk committees. They noted a shift in focus to strategic risk and using risk to improve company performance, as well as taking advantage of newfound bandwidth to combine these new areas of focus with traditional solvency and regulatory ones.
Very few, if any, models can expect to remain static for over 15 years. And the three lines of defense model is no exception. It’s time to consider:
Insurance Risk & Regulatory Services Leader, PwC US