Short-sighted boards are taking risks with their risk management

Given that insurance companies make their living on assessing and pricing expected risks, many have yet come to terms with the serious consequences of not having a robust risk management system in place at board level.

With mandatory Solvency II guidelines as of 2014, there has been growing awareness of the need for heightened risk management tools both at an operation level and, most importantly in boards and on the individual directors of insurance carriers. However, without an appropriate framework, even the most diligent of boards place themselves and their organisation at risk from risk itself.

In addition to the existing requirements of their local governing bodies, under the Solvency II, organisations are obliged to implement and keep effective governance systems in place. A system of governance needs to include a structure for internal reviews of the system itself, as well as a clear internal audit trail and compliance demonstration at firm and group level. Groups must demonstrate a clarity of structure for all their legal entities, as well as the systems to monitor the effective flow of information across the organisation. The most common area for organisations to fall short of these requirements is the requirement for an effective risk management system.

The number of risks companies are facing are increasing year on year as threats become more sophisticated. Go back 25 years and the only way for your private records to be hacked into was for someone to physically break into your offices and steal the paper on which they were written. Now all it takes is for one hopeful email containing a malware infected link to be opened by an unsuspecting employee and a company’s entire database can be laid bare for all to see.

In line with the Forward-Looking Assessment of Own Risk – FLAOR – framework, which came into place in 2015, it is individual board members who own these risks. This framework requires boards collectively to consider a wide range of factors from a business strategy perspective to identify, describe and assess and report on their particular risk appetite and so determine the company’s tolerance to risk. Focusing the board in such a way looks to safeguard an organisation from known potential threats and determine parameter to face down new risks.

Policies, reports and minutes must now be documented and signed off by the board before being submitted to the National Competent Authority (NCA). These guidelines allow organisations to understand their liabilities and responsibilities better. However, despite having this framework, without the security protocols in place and the right technology to document this process, companies may, unwittingly, remain open to predictable risks. High-profile cases of hacking in seemingly secure organisations, such as Yahoo and Dropbox among many others, are evidence of this. As in prior years, Cybersecurity was on the short list of global concerns discussed World Form last month.

Understanding digital threats is a complex task, given the rate of technological change, the increase in frequency and heightened sophistication. But, if you choose the right technology and the right provider to partner with, technology can help you stay on top and increase the effectiveness of your risk management.

eShare’s governance enhancing board portal, BoardPacks, combines rigorous security with the convenience of access to business-critical information, wherever you are. The benefits of board portal technologies is well-documented. However, where most providers focus on the paperless benefits, eShare focuses on improving your board governance. This includes an integrated risk management system.

The BoardPacks Controls module allows you to visualize your risks by category or in a heatmap view. The board can easily monitor expected impact and likelihood of each risk, track incidents, review and up-date documentation and controls – all in real-time. Being able to monitor your organisations risks on-the-go, and in a secure manner, from your tablet or smartphone will revolutionise your risk oversight and provide a strong framework for documenting your compliance to the NCA. With the correct information at hand, management and other stakeholders will also have more confidence in understanding the sources of risk, and therefore be better equipped to make the correct decisions to combat the threats.

Demonstrating an understanding of risks is vital for insurance carriers, both in securing new clients and investments, as well as reassuring the regulatory authorities. Access to the right information when you need it is vital for better informed decision-making and enhanced risk management.

If you would like more information on how BoardPacks and its Controls module can help your organisation and to arrange a free demonstration, please contact Jonathan Callund on