The role of a Chief Risk Officer (CRO) in any organization is quite critical. It is a tightrope walk to ensure there is adequate risk oversight across all functions while at the same assuring the board on having a perfect risk-management balance. With Covid-19 forcing companies to become more aware of the risk landscape as unforeseen factors have affected performance and profitability, the CRO is now expected to play a bigger role in the c-suite. In a recent conversation with CXOToday.com, Siddharth Kaushik, Chief Risk Officer at Canara HSBC Oriental Bank of Commerce Life Insurance, explains the evolving role of risk officers, especially in a crisis situation, technology trends that are helping to mitigate risks in the insurance sector and the road ahead.
How has the pandemic changed the risk officers’ role?
Chief Risk Officer’s role has been ever evolving. He/she is also responsible for implementation of Risk Management frameworks in line with the business objectives, regulatory landscape and industry best practices; encompassing implementation of processes and systems, to identify, measure, monitor and report risks. An informed approach needs to be maintained wherein one needs to limit the downside risk; however, at the same time enables the business to make necessary risk–reward trade-offs to capture the upside. It is a delicate balance which needs to be maintained at every point in time. While the role of a CRO in any organization is quite critical, it has garnered much importance in the last decade or so.
Post the global financial crisis, the role of a CRO is vital in identifying enhanced requirements in terms of risk reporting as also an effective medium of communication with the board on the current risk landscape and emerging threats. As we are trying to come out of another economic crisis which has had a significant impact on the global economy and customer priorities, the CRO is expected to continue to have an effective risk communication within the company and relevant stakeholders on the risk landscape and emerging threats; however, at the same time one is also expected to play a significant role in strategic decision making considering the evolving customer needs and expectations and enhanced reliance on digital technology.
How new age technology can help in mitigating risk in Insurance sector?
In the recent past, BFSI sector has experienced a lot of technological advancements; rapid adoption has led to a more digitized working and experience for businesses as well as for customers. Learning’s and experience emanating from this situation has changed the way we work, the way we plan and the way we execute our strategies pushing the companies to follow and focus on end-to-end technology backed strategies & with such advanced ecosystems it becomes easier for companies to eliminate single point failure. This adversity has actually proved to be an opportunity in disguise and has helped business process owners find newer ways to maintain and sustain their business. Focus remains on leveraging the technologies using AI (artificial intelligence), OCR (optical character recognition), ICR (Intelligent Character Recognition), etc. for efficient risk mitigation through upfront validations and verifications. Additionally, having an effective framework towards mitigating information and Cyber Security risk remains the need of the hour. This is supported by a balanced mix of technological tools, people training and awareness, efficient processes and continued control monitoring.
What are the new unheard and evolving cyber risks in the insurance sector?
The rapid technology adoption and changing landscape coupled with increased reliance on digital solutions, interconnectivity between systems, introduction of new age technologies, IoT, etc. has led to an increase in complexities and enhanced exposure to cyber risk. The new age threat vectors including cyber extortion or ransomware, web application attacks have only increased in the recent past. The worst part is, each attack seems to be getting more sophisticated; resulting in potential data breaches and loss of intellectual property. In the given scenario, it is imperative for companies to have an enhanced focus and strategy to identify these ever evolving cyber risks to safeguard its customers, stakeholders and company’s data and digital assets. To mitigate the evolving risk landscape, it is of utmost importance that one remains ahead of the curve and have adequate monitoring mechanism in place.
Digitization has been a savior during the pandemic but did it has also escalated the cyber security incidents. What are your thoughts to secure customers from cyber threats?
A huge paradigm shift has been observed which was brought in owing to the unprecedented times of COVID, subsequently accelerating the Digital Journey for majority of the players in the sector. Companies were forced to shift gears and invest and implement in various new digital initiatives right from customer on-boarding to servicing customers. The current adversity has proved to be quite beneficial and has helped business process owners’ to device improved strategies to maintain & sustain the business. One of the critical aspects arising from the shift towards digital environment is a potential increase in Cyber Security threats and having skilled workforce that is well versed with the new age technologies. To ace the game, one needs to regularly review and assess the remote security posture and strengthen controls in the area. It is also of paramount importance that one makes effective use of available tools to strengthen the monitoring framework for proactive identification and management.
Which technologies according to you are the most effective in mitigating the cyber risk?
Given the large canvas of the risk landscape, it’s difficult to single out a specific technology, as one needs to risk assess each of the areas and firm up on a solution basis the risk perception, company’s exposure to the same and existing controls. As mentioned above, there has to be a balanced mix of technological tools, people training and awareness, efficient processes and ongoing control monitoring within an organization. Most important aspect is to identify the right solutions basis Company’s architecture, processes, infra, etc. and focus on ensuring right deployment of the requisite tools with adequate monitoring.
Can you share some of the top emerging risks identified over the last 12-18 months?
Information Security and surge in claims experience continue to be the focus area along with their second order impacts in the current evolving environment. As things start to stabilize, we expect positive movement in both of these areas. Another area wherein companies would need to focus in the coming times pertains to having right skill set owing to increased adoption of new age digital technologies. This shall require resources with new skill sets and up-skill or/and re-skill of existing employees. Apart from this as we move ahead with time, businesses are usually associated with different risks depending upon their nature and magnitude so one has to keep their basic risk mitigation tools handy to overcome such risks.
How do you see 2022? Are you optimistic for the year as far as business growth is concerned?
The range of uncertainties for many startups and businesses conglomerates around the globe has been quite overwhelming. However, on a personal note, I am pretty optimistic for the year 2022. Positive trends have been observed in the last couple of months and I expect the same to continue in the future too. As the pandemic shifts into a new phase, it’s important to recognize that disruptive and dynamic nature of the situation shall continue to remain an area to watch out for with its own set of fresh challenges.