Building an innovation risk sandbox: What to expect from your CRO

April 28, 2016

In a competitive market with low interest rates, volatile financial markets and an abundance of capital, insurers and reinsurers are looking for new diversifying growth opportunities.  For many, this means exploring digital innovation.

To facilitate this, insurers and reinsurers must experiment with new structures and management frameworks, for example “unconstrained” innovation teams in trendy offices, internal start-up “accelerators” and so forth. As a business partner, the CRO needs to ensure that the risk management framework has the flexibility to encourage this innovation in a risk-aware environment.

We believe that insurers should implement a “risk sandbox”.  This is a facility, within the overall risk framework, that allows teams to innovate freely yet within controlled limits.  The facility makes it easy for teams to experiment with low risk ideas or at low volumes and has a clear process for raising limits on individual initiatives over time as the concept matures. For additional control the CRO should impose an aggregate limit on all sandbox initiatives.

So what should CROs do to make the sandbox as effective as possible?

1. Focus on material risks to the business. It is easy to get “lost in the weeds” when assessing new opportunities and burden the business with too much reporting on quantitative risks which are not material to either the overall company or the business segment. The CRO should take a parsimonious approach and ensure that sandbox processes focus on measuring and monitoring only the material risks.

2. Operational risks should be carefully managed for new opportunities. For the majority of new start-ups, the scale of the business will be small relative to the overall size of the firm in its early phase. Operational risks around the build out of the processes in the start-up are usually the most likely areas for concern. Creating an agile operational risk environment within the sandbox allows the development of the processes and management of operational risk.

3. Maintain transparency to all stakeholders. Management and Boards are concerned about new risks; innovation teams are concerned that they have the authority to act. A key role of the CRO is to define dashboards and reporting processes for the sandbox that help everyone understand where they stand.  We think a key strategic role of the CRO is to contribute appropriate KPIs for individual initiatives: all too often, internal innovation is measured in what have been called “vanity metrics” – KPIs which make everyone feel good but don’t necessarily demonstrate traction.  The CRO can use their technical and business expertise to provide valuable strategic insight.

4. Build a review process that helps shape the innovation portfolio. Most startups fail – we’ve all read that memo.  But some don’t.  Companies that are outstanding at releasing innovative products and services don’t have an innate ability to predict which ideas will be successful.  Rather, they are likely to have an innovation process which kills poorly performing ideas early and nurtures those that perform well.  By developing appropriate KPIs which adapt as the business develops, the CRO plays a pivotal role in helping shape the innovation portfolio within this agile review process, which combines insight from both the business and the risk functions.

Michael Steel, a Founding Partner at Oxbow Partners, was the Group CRO of Axis Capital from 2008 to 2014 and has deep experience of building risk frameworks and sandboxes. He is currently Chairman of the CRO Network for the Geneva Association.