The Australian Prudential Regulation Authority (APRA) has published the findings of its review into the robustness of the general insurance industry's approach to insurance risk management.
This followed the business interruption (BI) issues during the height of the COVID-19 pandemic where lockdowns and other restrictions triggered a spate of claims on BI policies. The legal uncertainty about whether cover applied, the significant potential financial exposure for insurers and the impact on consumers was substantial, and revealed weaknesses in how insurers managed their exposures.
APRA required 10 insurers to conduct a self-assessment against the robustness of their risk frameworks in the context of BI and extend this assessment to other product lines that could also be vulnerable, including cyber risk. In all cases, the insurers found weaknesses that required remediation and have implemented work programs to address them.
Some of the themes from the exercise included:
- failure to update policy wordings to reflect the change in the Quarantine Act legislation which opened insurers up to legal challenge to "make good" on claims in a pandemic scenario;
- the burgeoning of complexity in policy wordings and distribution channels, without commensurate controls to identify, prioritise, quantify and manage exposures;
- a reticence to "move first" when it came to correcting wordings that compromised risk appetite settings, especially in the small and medium enterprise sector. Competitive pressures overriding sound risk judgments signals weaknesses in risk culture and accountabilities;
- reinsurance contract wordings out of step with direct insurer policy wordings – an oversight that could have left some insurers without sufficient reinsurance cover;
- inadequate attention to strong control effectiveness testing, including its frequency and intensity; and
- insufficient adoption of a "what-if" mindset around emerging and evolving risks.
APRA Deputy Chair Helen Rowell acknowledged the high level of engagement shown by the insurers involved in the self-assessment, and that comprehensive remediation plans were being undertaken to remedy the issues.
"The self-assessment exercise affirmed APRA's view that insurers took their eye off the ball of sound insurance risk management.
"While the legal uncertainty has largely abated in recent weeks, the BI issue was a near miss for insurers and one which cannot afford to be repeated. APRA expects all insurers and reinsurers to review their approach to risk management in light of these findings, and we are determined to ensure the various remediation plans of the 10 insurers involved are fully implemented," Mrs Rowell said.
A letter outlining the key findings of the review and APRA's ongoing supervisory focus on insurance risk management has been sent to all APRA-regulated general insurers. A copy of the letter is available on the APRA website at: Insurance risk self-assessment thematic review.