IFRS 17 and the Chief Risk Officer: The Perfect Storm

Much has been discussed on IFRS 17 and the need for insurers to prepare now as compliance will take significant resources, both manpower as well as financial. What has not been significantly discussed is the massive effect IFRS 17 will have on the Chief Risk Officer (CRO).

The role of the CRO is far reaching within an insurance company. The CRO is heavily involved in governance via ensuring that all regulations are being complied with. This means risk management policies for each guideline, regulation and directive, whether from the regulator, the Board of directors or requirements for the annual financial statements. Focusing in on the annual financial statements this means that every item in the financial statements has been properly audited, internally as well as externally, and proper audit trail is present. Under IFRS 4 the various items in the accounts such as premiums, investment income and claims are easily audited via review of the various registers in the back-end system, such as premium register and claims register. Under IFRS 17 however, the items in the financial statements will include contractual service margins, expected claims, expected expenses and many other items which are not nearly as easily auditable. The various processes behind the calculation of these items such as the data warehouse system and actuarial system will need to provide a full audit trail.

The role of the CRO also includes ensuring a proper Enterprise Risk Management (ERM) framework and culture. Part of this is that all risks are understood from the ground up, with such risks removed, mitigated or monitored. Through this it is vital that staffs are sufficiently trained in both risk management as well as their own duties. It is also vital that IT related processes and programs are robust. From an IFRS 17 point of view all staff will need to understand how IFRS 17 affects their work and that the major changes required to IT, actuarial and accounting systems follow robust user acceptance testing (UAT).

A third role of the CRO is in strategy and objective setting. Every insurer has a yearly business planning cycle, where 3 – 5 year projections are put together along with the strategic direction of the insurer. This strategy and projections must be in line with the insurers risk appetite and risk framework. Such a risk appetite would normally define the probability and frequency of loss as well as minimum levels of profits. The current business planning cycle likely includes periods where IFRS 17 is already in-force, making it vital that the CRO understand IFRS 17. The CFO will need to understand how IFRS 17 affects profits, such as the need to segregate onerous and non-onerous contracts and define tranches by no more than yearly cohorts. This change alone is very likely to change the levels of volatility and risks of breaching the risk appetite framework. Product design and development as well as shifting in product mix due to IFRS 17 will need to be done now in order to be ready when IFRS 17 goes live. Without such a strategy now the Board of Directors over the next several years will ask how the CRO can accept such business planning with huge risks during the projection period which were left vague and unquantified.

A fourth role of the CRO is in oversight. The Board of Directors must oversea the design and implementation of the risk management framework. Thus, the Board must be aware of the risks to operations, risk appetite, ERM and other aspects. The Board must also have the necessary skills to oversee management in its duties. Huge expenditures are currently underway for new actuarial, accounting and data warehouse systems to comply with IFRS 17. Thus, the Board must be trained in IFRS 17 concepts now in order to oversee management, not after all these major purchases have been completed.

Thus the CRO is in a perfect storm of needing to be an expert in IFRS 17 and understanding its implications in diverse parts of the CRO duties. A CRO will need to:

  • Be trained in IFRS 17 concepts and details
  • Design risk management policy for IFRS 17 compliance
  • Ensure product design and mix is revised now to ensure compliance with the risk appetite statement during the entire business planning period.
  • Ensure staff and the board is properly trained under IFRS 17, both to perform their duties appropriately as well as to recognize new risks due to IFRS 17.

Practice Areas: