Governance, Risk and Compliance
With insurance regulations being dealt with at the state or provincial level, how can Resolver’s technology simplify the insurance industry’s digital transformation? How does Resolver’s user interface intuitively solve for resistance to new risk management tools, when most business software not? Listen as our VP of GRC Product, Amanda Cohen, discusses Risk Management vs Risk Intelligence as it applies to the insurance business on the Profiles in Risk podcast with host Tony Cañas.
“Resolver is an Integrated Risk Management company that’s working to solve the disconnect between risk and the business. Ultimately, we recognize that managing risk for any organization is essential. But we think that a lot of organizations are much more aspirational than just managing their risks. They think that they want to do something about it, find insights, and make better decisions based on the risk that they’re exposed to. At Resolver, we’re ultimately trying to amalgamate risk information from across the organization — because risk exists everywhere across your business — so that you have a clearer picture of what types of risks are impacting your objectives.
What’s impacting your ability to succeed as an organization and what we see as “transforming risk management into risk intelligence?”
In order to make better risk-based decisions, we believe that you have to have that type of information at your fingertips. You have to understand what’s happening internally to your business, and what’s happening externally to your business, to really be able to make informed decisions. Because in the absence of risk, you’re really missing out on some critical factors that could impact your ability to succeed.”
Amanda explains that Resolver typically works with risk management teams that are a little bit more established because of the varying degrees of maturity in terms of what’s existing or what’s required from a program perspective. “The majority of organizations really are going to be mandated to have some kind of enterprise risk management program in place. However, the varying degree to which you have to have in place definitely differs depending on your maturity side and the size of the organization.”
“One of the key benefits that we have is that looking at your enterprise risk — your holistic view of risk that you’re exposed to as an organization. But you also have regulatory risk. You probably also have a compliance team, and you’re tracking your regulatory obligations in order to operate. And insurance from a regulatory perspective is often really done at like a state level, at a provincial level… It’s much more it’s a much more complicated regulatory environment. So there’s your regulatory risks, you’ve got your third-party risk, you’ve got risks that are coming from incidents that are materializing in your business.”
Risk teams go out and try to talk to people across the business to understand what type of risk they’re exposed to. They may ask, “What controls do you have in place to make sure that risk doesn’t materialize in a way that is not acceptable for our business?” Amanda says things often get confusing when other teams, like Compliance and Audit teams, start asking the same thing. “People within the business are like, ‘Oh, my goodness, I’m so sick of giving you the same answers! Why do you why do these teams not talk to each other?’ When you start to integrate your risk functions…we can share insights. You can share some of the testing effort, and really make sure that you’ve got that comprehensive view of your enterprise risk exposure. As opposed to a siloed view of who you’ve talked to, and just that area, you’ve been able to prioritize. That integrated view is really where we shine.”
Amanda says a big challenge of working with new business software is getting buy-in, which is one of the reasons Resolver’s platform is designed for ease of use. When ERM, GRC, Compliance, Audit, or Risk Management teams come knocking for information and then ask for it to be entered into a new tech solution, adding “learn a new software” to the average employee’s to-do list can be a huge barrier. Hence Resolver’s no-code, out-of-the-box solution.
“If we put another hurdle in front of the risk team from collecting that information, we’re only making their job harder. So we want to make sure that every time someone logs into our software, it’s no different than checking an app on your phone. It’s no different than buying that pair of shoes on Amazon,” explains Amanda. “It should be really, really simple to use, so that you know exactly what information you need to provide to the risk function. And then you can get on with your day and, and do the things that are really important to the business. By design, we’ve rebuilt all of our software to make it as intuitive as possible, recognizing that business software really doesn’t need to be as cumbersome as it has been historically.”
“If you think about managing risk, all you’re doing is managing something that happened retroactively,” Amanda cautions. “When an enterprise risk management team is presenting to the board to the executive, or sharing something with the regulator, potentially, they’re looking at data that is six-months-old, three-months-old, maybe a year-old. And they’re taking something that was done and analysis that was collected, interviews that were conducted. And then they’re rolling that up, and they’re saying, you know, here’s our risk exposure.”
But now, Amanda states, all that information is actually irrelevant because new things are coming up to the forefront. “If you’re not regularly thinking about risks, you’re not regularly engaging, and you’re not pulling data from other parts of your organization to understand your exposure, you really don’t have a clear picture of what could materialize.”
As a software company known for our background in risk management, what differentiates us is how we look at risk holistically. When looking at an organization’s overall risk picture, we also look at our deep knowledge in Incident Management, for example. Amanda says a key question in Incident Management is, “What are all the events that are occurring in your business?”
Your incidents may be complaints, or they could be money laundering-type transactions or corporate or physical incidents that are actually happening across your business. Resolver offers real-time tracking when it comes to those incidents, “You know, something went wrong. That complaint came into the system. And you’ve got that data visible to you.”
Using customer complaints as another example, teams can use Resolver’s central source of incident data to then extrapolate insights on why a new product might not be beneficial to revenue targets or objectives. “When your data is disconnected, you’re not really able to make a decision about how to make the business better,” says Amanda. “When you’re pulling real-time insights into your risk management program, you’re able to actually propel yourself more towards your objectives.”
The insurance industry has been undergoing a digital transformation over the past decade, but many carriers still have legacy systems. Some of this is due to regulations being determined at the state or provincial level, meaning things tend to be different across a region or country.
Amanda speaks to Resolver’s open API solutions. “We have a variety of different ways that you can connect into our system because we don’t need to be the only system that you work with,” she explains, which solves for data living all over a business. “We have what we call an iPass solution that makes integrations really, really simple. You basically kind of drag and drop a couple of things and data feeds from one to the other. That’s a very simple way of describing it. And then you can build much more complex integration points. But the intention and the idea behind it is really that we don’t want to be a singular source of data. We need to connect externally. If not, we can’t really give a holistic picture of what’s happening.”
Watch or listen to the full episode: