This next quarter will seen many insurance firms updating their ‘conduct risk frameworks’, ready for 2019. While there may be a temptation to simply ‘copy and paste’ the 2018 version into 2019, that would be a risky approach. 2019 is going to feel quite different.
Much of that difference will be down to the personal accountability that the Senior Managers and Certification Regime will introduce into UK insurance in a few months time. Ethical issues that may in the past have lacked ownership within larger firms will now be automatically assigned to one or more of the executives on the firm’s responsibility map. Whether they like it or not.
In which case, it’s a sensible idea to make sure they really do know what ethical issues their name has been attached to. That means carrying out a thorough assessment of the firm’s ethical risks, both in their present form and how they could be affected by the firm’s strategic plans for 2019.
Time for a Stand-Alone Assessment?
If your firm has traditionally accommodated the ethical side to its risk assessments within enterprise risk management or corporate governance processes, then be careful. The results could be undermined by inadequate scope and depth. Part of what makes an assessment of ethical risks different is the extent to which you need to think about them from both outside and inside the firm, and on the influence of ethical cultures within the firm on how people behave.
Be careful of optimism too. Research points to people having a tendency to be overly optimistic about their own ethical behaviour, but surprisingly accurate about the not so ethical behaviour of others. Your assessment needs to be robust enough to overcome this tendency and challenge (diplomatically of course) assertions of the ‘it’s not us, it’s them’ kind.
So I’m encouraging insurance firms this quarter to take a blank sheet of paper and build up their ethical risk frameworks from scratch. Divide it into three sections: market driven risks, firm driven risks and employee driven risks (more on this here). These three dimensions reflect some of the hard realities of ethical risks: for example, that they’re not just about what individuals within the firm get up to, and that the firm’s actions could well be contributing to a problem more than any one individual.
A Simple Test
Take this example as a simple test. Look at your ‘Treating Customers Fairly’ framework and check to see whether it covers the following issues: pricing, policy design and application fraud. If none of them are mentioned (and I’ve seen this happen), then mark it with a big red exclamation mark. If all three are mentioned (and in a meaningful way), give yourself a big green tick.
My point with this example is that many insurance firms can underestimate the extent to which ethics can be present in the many everyday decisions their people are making. There is a tendency to focus more on the one-to-one exchanges and less (often a lot less) on the one-to-many exchanges. An ethical issue like fairness needs to be addressed on both an individual and group basis.
Be careful as well not to just address the ethically issues that are obviously questionable: overly generous gifts from suppliers for example. Other ethical risks may be more difficult to find, yet could carry just as much exposure to your firm’s reputation. Make sure that both the easy and the difficult are picked up by your risk radar. That can often require an approach to ethical risk assessment that circumvents the dangers of groupthink.
Think beyond the Symptoms
A similar danger to watch out for is paying attention to the symptoms of an ethical risk rather than its underlying cause. So the over generous gifts from suppliers could be a symptom of wider problem with supplier relationships. While you can seek to control overly generous gifts, it is more productive in the long run to recognise and influence the underlying circumstances that make the offering of such gifts tenable.
2019 will be the year in which ethical risk becomes more personal, at least for senior executives. Frameworks need to be checked to ensure that they’re still fit for purpose. Risk radars checked to ensure they’re reaching to the right scope and depth. Materiality assessments need a bit of stress testing to ensure that the right decisions are being made. Perhaps the last thing you want to present to senior executives in twelve months time is an ethical risk framework that looks just like this year’s one.