Using GRC to Move Risk to The Forefront
Insurance Networking News, September 1, 2009
Much as the Greek goddess Athena emerged from the forehead of Zeus, the marketplace for governance, risk and compliance (GRC) software was birthed in an epic headache. The accounting scandals and subsequent bankruptcies of Enron and WorldCom prompted the creation of the Sarbanes-Oxley Act (SOX) and GRC software soon emerged to help companies comply with the regulations.
"If you look at the genesis of the GRC market, it was brought on by the passage of SOX in 2002," says Tom Eid, VP research, at Stamford, Conn.-based Gartner Inc. "The first GRC solutions emerged in 2004, and at that point the focus was really on the finance and audit function."
Advertisement
Five years and one credit crisis later, the risk management component of GRC seems poised for a similar boom. While no legislation has yet passed as a direct result of the financial services meltdown, few expect this to persist for too much longer. Bills intended to rewrite the regulation of financial services in general, and insurance in particular, are winding through both houses of Congress. Leaving aside the diverging opinions on the merits of the bills, a broad consensus exists that more regulations-and a larger emphasis on risk management by regulators-are inevitable.
"The administration continues to make the case that they need some sort of consolidated oversight over insurance and financial services at the federal level," says Gary Bhojwani, president & CEO of Minneapolis-based Allianz Life. "They are talking about true regulatory oversight, whether they get it is a whole other discussion."
While the industry awaits development in Washington, rules propagated by standards bodies such as the Financial Accounting Standards Board are already being enacted, and rating agencies are putting a renewed emphasis on risk. Notably, the Solvency II regulations scheduled to be implemented throughout the European Union in 2011 enshrine stringent risk modeling standards for insurance carriers. Many expect future U.S. regulations to mandate a similar, principles-based approach. Considering this, the question may be not if insurers should consider GRC solutions, but when.
"It's a question every chief compliance officer should be asking," says Donald Light, a senior analyst at Celent, a Boston-based research and consulting firm. "You have to take a position on the future. Insurers can start beefing up systems now, or say 'there's a lot dust in air' and sit back and wait until it is settled."
NOT ANOTHER ACRONYM
Taking this uncertainty into account, few could fault a budget-conscious CFO for the begrudging the chance to spend money on GRC solutions. The fact that GRC is young and somewhat ill-defined also complicates matters. GRC bears more than a passing resemblance to enterprise risk management (ERM) platforms companies may already have in place. GRC proponents contend it augments, but doesn't replace ERM. They note GRC is broader in focus, and only emerged because traditional approaches were not sufficient for new business and regulatory realities.
By automating internal processes associated with compliance, GRC solutions address the lack of consistency endemic to manual procedures and promise a more comprehensive, unified picture of an organization's risk exposures across multiple geographies and jurisdictions around the globe. With much of this risk residing within arcane financial products housed within far-flung investment portfolios, GRC boosters say its breadth and immediacy are critical.
Indeed, among other revelations, the financial crisis laid bare the fact that many insurers lacked transparency into their investment portfolios. Now more than ever, insurers have a fiduciary responsibility to make sure they hold no securities below a specific rating or asset class. With the financial markets in flux and indicators such as bond ratings changing rapidly, keeping an eye on an investment portfolio is no mean feat, especially so for large insurers with diversified investment portfolios. In the fall of 2008, if an insurance industry treasurer or CFO wanted to know their firm's exposure to particular institution such as Lehman Brothers, an immediate answer may not have been readily at hand.
THE WIDE VIEW
It was this need to be sure of his positions that prompted Mike Warantz, treasurer from New York-based CV Starr & Co. Inc., to invest in a GRC solution. Warantz says the company saw the need for a solution in the fall of 2007, and implemented a Web-based platform from Boise, Idaho-based Clearwater Analytics in April of 2008. With asset managers around the globe, Warantz says he values the centralization and integration of accounting, compliance, risk and performance.
For more information on related topics, visit the following channels:
