New risk governance models for insurance: Improving the three lines of defense

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

Using risk knowledge to improve company performance

Respondents to a survey of board members and chief risk officers (CROs) reveals a "major strategic disruption” as the next significant threat to the insurance industry, ahead of another financial crisis.

Many insurers, especially life insurers have significantly reduced their market risk-taking, shifting more of their risk profile away from market and credit risk and toward insurance risk.

Virtually all survey respondents agreed that, in the future, enterprise risk management should focus more on using risk knowledge to improve insurance company performance.

Shortcomings of the "three lines of defense" model

The three lines of defense model falls short in addressing enterprise risk in some key areas:

  1. It is a defensive model that does not address risk-taking for profit and the utilization of risk information to improve performance.
  2. It doesn’t address new risks like strategic disruption that require proactive effort to identify and evaluate.
  3. It doesn’t consider other parts of the risk management tool kit that have advanced over the last 15 years and that insurers need to address in governance.

More nuance is necessary to distinguish different types of risks and risk taking. A defensive model adequately addresses risks (like operational risks) that all companies, including insurers seek to avoid. However for risks intentionally taken in order to earn a profit, a more robust model is needed.

If insurers want to leverage risk management to improve business performance, then they would be wise to take a closer look at the roles that specific functions should play, and in doing so should assign clear responsibilities at a sufficiently detailed level to establish whose job is on the line in the event of a risk governance failure.

Contact us

Dana Hunt

Insurance Risk and Regulatory Services Partner, PwC US

Follow us