(Image credit: Dollar Photo Club.)
Novarica recently conducted research that centered on the idea of CIO and Board of Director communication and the notion of establishing board level technology committees. In the research, it became clear that the insurance industry was putting itself in a competitive and innovation deficit by not having optimized CIO and board relationships, and by not having technology-experienced board members. This has resulted in a board governance model that focuses on the risks that IT and technology present in an insurance carrier, rather than on the competitive opportunities that IT and technology can bring to an insurance carrier. This is a fundamental disadvantage to the industry as a whole, and one that needs to be addressed sooner rather than later.
There are of course other risks inherent in this non-strategic governance of IT and technology, and by implication they need to be dealt with as part of an overall strategic approach to IT and technology governance. To put it succinctly, insurance carriers are exposing themselves to risk by not having either board members with real and quantifiable technology experience, or a board level technology committee comprised of members with real and quantifiable technology experience, or both.
And what are those risks? They fall into three general categories: financial, operational, and legal/regulatory.
The financial risks are material and impactful, and go to the heart of the risk of not having a board level technology committee. Insurance companies spend a lot of money on their IT divisions and the technologies they implement, and there are a lot of ways to misspend large IT investments. CIOs have stood before their boards often over the past several years, asking for millions and tens of millions in technology spend for such things as core systems transformation, information and data repositories and analytics, and the kinds of innovative technologies that provide customer intimacy, responsiveness, and service, to name but a few. These are complex and often long-tail financial transactions, and without the kind of technology and solution provider acumen required to properly vet these deals, an insurance company can—and some have—put itself at financial risk. That’s particularly true with IT initiatives that don’t go quite as planned, which is to say the majority of them, making the ramifications and implications of not having well-structured financial deals that have spread accountability and responsibility among stakeholders equally, potentially material indeed.
It’s a similar argument for operational risk. It’s not always as appreciated as financial risk, but that’s only because it’s easier to identify the financial impacts of technology—good and bad—by looking at numbers on a spreadsheet or other forms of corporate results. However, in terms of long term impact, the operational implications of most any IT initiative, not least initiatives like enterprise wide core systems transformations, are often much more material for and on an insurer than anything else. Any technology that has the potential to alter an insurer’s processes needs to be fully and properly vetted. Most insurance companies don’t do this well, and that’s a result of, among other things, the lack of technology experience at the ultimate vetting level, the board of directors. The operational costs come in many forms and fashions, from lost opportunity costs, to slow or inefficient process costs, to employees who refuse to adopt any new processes causing nearly immeasurable productivity costs. And worse than financial risk, operational risks and costs can be systemic, sustained, and in the very worst cases, culturally embedded. However, this is another risk that can be avoided, or at least mitigated, by having technology-savvy board members who had these experiences, and can therefore ask the kinds of questions that can generate the right level of dialogue and examination for the carrier.
The final category of risk is legal/regulatory. This risk can also be as impactful as the first two, because it potentially exposes any carrier to the kinds of things they would rather avoid—compliance costs, negative publicity, legal fees—and many more. At the highest legal/regulatory level it’s a pretty simple argument: boards of directors have a fiduciary responsibility to any carrier on whose board they serve. It’s difficult to see how that responsibility can be fully and properly discharged when board members don’t have a strong grasp of technology, and when they don’t have the kinds of backgrounds and experiences that would set their “Spidey senses” to tingling when large scale technology investments and initiatives are being discussed. That would never happen, and doesn’t happen, when the carrier’s financials are being discussed, or when some change to the strategic business goals and objectives are being discussed. Yet it happens every single day when it comes to IT and technology matters, and has for years.
These risks are secondary to the primary risk of non-strategic governance of IT in most carriers, but they are nonetheless important. The good news is that that these risks can be mitigated with the kind of board governance paradigm shifts required to take advantage of the kinds of opportunities that technology presents to carriers.