In June 2019, the CRO (Chief Risk Officers) Forum, published the “Insurance and distributed ledger technology – a risk manager’s perspective” white paper as a practical tool for risk managers to accelerate the accomplishment of the productive phase of DLT.
For this podcast we are joined by Dr. Sebastian Rath, Principal Risk Officer at NN Group, and with Gian Luca de Marchi, CRO at Unipol Group. Sebastian and Gian Luca aren’t here on behalf of the CRO Forum but are pleased to discuss their views on DLT while sharing some of the CRO Forum DLT paper content.
What is blockchain?
A distributed ledger can be considered as a database that is distributed across several independent computing devices where changes to data are protected and manged by cryptography and consensus. This in turn provides guarantees that the data cannot be tampered with and that all parties have identical copies that can be considered as a reliable single source of truth.
The functionality of a distributed ledger system can be enhanced by the use of smart contracts (i.e. computer programs deployed and executed on the ledger’s network) and oracles (i.e. data feeds that trigger specific conditions defined within smart contracts).
What is the CRO Forum?
The CRO Forum was formed in 2004 to advance risk management practice in the insurance industry. CRO Forum member companies are large multi-national insurance companies whose members are headquartered across the world with a concentration in Europe.
The CRO Forum has three core aims:
- Championing best practice in risk management to advance business,
- Aligning regulatory requirements with best practice in risk management, and
- Providing insights on emerging and long-term risks.
The CRO Forum aims to share its views on topics related to these aims through publications and papers. In this context, the DLT paper was created by a working group of hands-on risk and technology experts from multiple member companies, including NN Group and Unipol Group.
What is a Chief Risk Officer and what are their responsibilities?
Basically a Chief Risk Officer, the CRO, is an executive responsible for identifying, measuring and addressing any material risks that could have an impact on company objectives. Adverse events should be mitigated, while opportunities should be enhanced. According to the Solvency II regulation, when insurance companies calculate their own solvency position through internal models approved by supervisors, CROs are also responsible for the design, implementation and management of these models.
The CRO Forum’s white paper on DLT
Hype has surrounded Distributed Ledger Technology and especially blockchain over the last few years since the birth of the Bitcoin cryptocurrency.
Hype, and criticism too, have been fuelled by fervent visions as well as misconceptions. These technologies have not yet delivered on promises, but several experts believe that DLT has the potential to transform the financial services sector. CROs are well positioned to play a critical role and strengthen innovation initiatives; the CRO Forum paper is thus meant as a practical tool for risk managers to accelerate the accomplishment of the productive phase of DLT. Although traditional risk management frameworks remain valid, there are specific issues to consider when assessing the risk of a DLT-based application.
Sebastian believes that the paper captures today’s status-quo for the insurance market’s use of larger DLT applications. More importantly, in his view this paper was an opportunity to formulate key considerations, key questions and advocacy opportunities where the insurance industry of the future may wish to dedicate time and resource to shape future DLT solutions.
Eventually, the paper’s recommendations are designed such that they can inform DLT solutions, future standards for technology and IT aspects, or strengthen strategy and governance for DLT partners. Its guidance is both practical and specific in addressing DLT applicability, feasibility, governance, security and profitability.
Through this paper, the Forum is also sharing some core tools for risk managers to proactively participate and shape the future of DLT in insurance as soon as innovation moves from the exploratory into the deployment phase. Examples of such tools are a risk catalogue and good practices that are explicitly shared with the risk community through the Appendix of the CRO Forum paper.
One of the aims was to establish a sound, jointly shared language for DLT risks and share good practice approaches to mitigate such risks. With the paper’s tool kit, the hope is to engage risk managers addressing strategy, governance, compliance, IT, operations and DLT-specific aspects.
The paper can be downloaded from the CRO Forum’s website.
CROs’ roles in DLT applications
The decentralized nature of DLT and its applications leads necessarily to a risk profile that is different from the one that arises from centralized solutions. The traditional roles of Risk Management become therefore highly valuable also with regards to DLT and DLT based projects.
Risk Management must play a key role to permanently challenge DLT related projects throughout the full project lifecycle. This requires involvement of CROs in such initiatives and potentially some knowledge built up within Risk Management itself. CROs will start considering key questions regarding, for example, DLT strategy, DLT governance, the integration of DLT and non-DLT architectures, and data and algorithm sharing criteria. The first crucial assessment to be done regarding DLT and DLT based initiatives, however, is evaluating the necessity and applicability of a DLT approach.
Key considerations insurers should look at when determining that applicability of a DLT solution
In the paper it explores applicability, feasibility, profitability, governance and security of DLT solutions. The CRO Forum’s working group was clear not to endorse DLT as the only solution for future insurance efficiency improvements. It shares a workflow to determine where there may be genuine advantaged for DLT implementations.
They extended this with critical questions that any business case should be answering, covering profitability, comparisons to non-DLT solutions and the role of non-existent regulation or standards. The paper also facilitates the regular risk identification and monitoring. It urged risk managers to start understanding business contexts and the specific role of DLT. Those can be relevant and very different, depending on the insurance sector, the line of business, products and required operations. They critically inform the technical characteristics of a DLT platform choice.
Two use cases are analysed in the paper to explain this process:
- Risk in using a private DLT – use case Catastrophe Excess of Loss (CAT XL) re-insurance
- Risks in using blockchain – use case Parametric flight delay insurance
What are the events that should trigger a new risk assessment?
As Sebastian puts it “DLT technology is such a fast moving development. Our challenge here is the pace, the lack of standardisation and the role of governance that any solution needs to find to operate with stability. Any major events, such as new developments or changes in the code base, could trigger re-assessments for risks. As emerging technology, the regulatory framework imposes possibly future constraints that need to be managed, monitored and may need to be adhered to”
How can CROs engage blockchain technology now and in the future in the insurance industry and beyond?
The CRO forum believes that individual CRO functions may increase collaboration while engaging on DLT topics. The paper has identified the following:
- Internal policies informing DLT adoption as well as negotiations for the governance and implementation of decentralized insurance networks;
- Developing smart legal contracts and securing the usage of oracles;
- Managing digital identities;
- Safeguarding contract certainty and confidentiality, cryptographic safety and sound decentral governance; the regulatory approval and avoiding regulatory arbitrage; or
- Automating audit trails and verifications;
Now, to achieve such collaborations effectively, the paper identifies distinct insurance market enablers. These can be seen as the ability to:
- Deliver well-defined industry DLT issues and narratives;
- Propose feasible DLT solutions;
- Build strong, trusted DLT and advocacy capability;
- Encourage DLT leadership and champions;
- Inform and mobilize public and customers;
Together these help to establish clear path and resource for implementation, inﬂuence, support, shape and inform DLT coalitions. An in-house capability to strengthen DLT enablers becomes valuable as soon as DLT adopters start engaging and using DLT.