Kathmandu: As the insurance industry is expanding and getting a bigger shape with larger life fund, larger investment and larger volume of business, the degree of inherent risk is also increasing. The regulatory authority has let the insurers to be self-controlled and self-regulated by the implementation of Corporate Governance Directives, Risk Management Guidelines, Investment Guidelines, Financial Regulations. With the change in the Chairmanship of the Insurance Board(IB), the Board of Directors of insurers are made more responsible while delegating higher degree of autonomy for decision making regarding the purchase of fixed assets and other investment decisions.
The Insurance Industry needs to minimize their operational risk to avert any possible loss or damage to the reputation of the company itself. The Risk Management Guidelines for Insurance Company 2076 has some provisions for the mitigation of operational risk.
What is an operational risk?
Operational Risk is the risk of direct or indirect loss, or damaged reputation resulting from inadequate or failed internal processes, people and systems or external events. Operational risk has always been inherent to insurance company and exists in all of their activities. This refers to all the risks associated with the operating units of an insurance company, such as the underwriting, claims and investment departments. Each department has its own risks which must be managed.
Insurance company shall develop a clear operational risk governance structure with well defined, transparent and consistent lines of responsibility. The governance structure should be commensurate with the nature, size, and complexity of the activities undertaken by the insurance company.
A sound operational risk management structure should rely on three lines of defense:
1) The Business Line Management:
Insurance company shall identify and assess the operational risk inherent in all products, activities, processes, and systems. The business line should assess for itself the relevant operational risks in their operations considering both internal and external factors. Based on the insurance company’s risk profile, the operational risk strategy shall clearly articulate the nature, types, and levels of risk that the institution is willing to take (risk appetite).
2) An Independent Risk Management Function:
While formulating the strategy, the board of directors(BODs) must understand not only the level and complexity of risks inherent in the insurance company’s activities, products, services, and systems, but also the expected outcome of not undertaking certain activities or systems. The Independent Risk Management Team shall be formed under the coordination of the BODs. Such team will be responsible for the independent assessment of the operational risk and providing guidance to take corrective actions for the same.
3) Internal Audit:
Operational risk management and monitoring require an adequate internal reporting framework for making regular reports to the appropriate levels of the insurance company, to inform the senior management and the board on the implementation of the risk strategy and the extent to which the risk appetite is reflected in actual risks being taken by the insurance company. The reports should be comprehensive, accurate, consistent and actionable across business lines and product.
(With inputs from the Risk Management Guidelines for Insurance Company 2076 issued by the Insurance Board, Nepal)