SRA's Gary Preysner joined Target Markets to discuss the importance of Enterprise Risk Management for Insurance PAs and carriers. Below are some takeaways from the discussion. To view the full recording, click here.
If you look at the current landscape, the market is evolving so quickly, regulators are more concerned about risk than ever and the consequences of not managing risk are much more intense than previous year. Gone are the days of slaps on the wrist, your company may be facing much heavier fines and regulatory scrutiny than ever before. It's no longer enough to say "I have it documented". Regulators are looking to see if you're thinking about the risk, managing it properly, and have a plan in place in case the risk goes bad.
The first step is picking a modern ERM system, not an excel spreadsheet or old fashioned risk register. These items are static, so when risk appetite or controls change, they are not easily updated and unable to provide a full view of the enterprise's current risk profile. However, ERM cannot become just an IT project - it has to be a part of the DNA of an organization.
Gary recommends starting with just a few categories of risk, then adding from there. Start identifying, monitoring, and measuring 1-2 risk categories, within 3-4 months, you can understand a lot, if not all, of the needs for the 1-2 risk categories. It becomes a replicable process, so you don't need to spend significant time going forward. After spending 3-4 months, identifying, monitoring, and measuring these few risk categories, you should be able to explain your companies risk progress, goals, and evolution. By adding 1-2 categories each quarter, you'll build a full ERM model that only requires maintenance and provides an extensive view of your company's risk. Click the button below to watch to full interview on TargetMarkets.com