Prudential practice guide

GPG 240 Insurance Risk

  • General insurance
  • Final not yet in force
    4 December 2024
Prudential framework pillars
Risk Management
Insurance Risk
Supporting

About this guide

Prudential Standard CPS 220 Risk Management (CPS 220) sets out APRA’s requirements of APRA-regulated institutions in relation to risk management, including for general insurers (insurers). This prudential practice guide aims to assist insurers in complying with those requirements in relation to insurance risk and, more generally, to outline prudent practices in relation to insurance risk management.
Subject to the requirements of CPS 220, insurers have the flexibility to configure their insurance risk management framework in the way most suited to achieving their business objectives.
Not all the practices outlined in this prudential practice guide will be relevant for every insurer and some aspects may vary depending upon the size, complexity and risk profile of the insurer.
Disclaimer and copyright
This prudential practice guide is not legal advice and users are encouraged to obtain professional advice about the application of any legislation or prudential standard relevant to their particular circumstances and to exercise their own skill and care in relation to any material contained in this guide.
APRA disclaims any liability for any loss or damage arising out of any use of this prudential practice guide.
© Australian Prudential Regulation Authority (APRA) 2024
This work is licensed under the Creative Commons Attribution 4.0 International. This licence allows you to copy, distribute and adapt this work, provided you attribute the work and do not suggest that APRA endorses you or your work. To view a full copy of the terms of this licence, visit https://creativecommons.org/licenses/by/4.0/

Insurance Risk

Insurance risk is the risk that inadequate or inappropriate underwriting, claims management, product design and pricing will expose an insurer to financial loss and the consequent inability to meet its liabilities.Insurance Risk

Product design

Product design involves the introduction of a new product or the enhancement or variation of an existing product.
In relation to product design and approvals, an insurer’s risk management framework would typically cover the product classes and types of risks in which the insurer chooses to engage.
In this regard, the risk management framework would typically include the following elements:
setting a business case for new or enhanced products;
market testing and analysis;
cost/benefit analysis;
risk identification and assessment;
requirements for limiting risk through, for example, diversification, exclusions and reinsurance (including confirmation that either the existing reinsurance will provide protection or new reinsurance protection is being provided);
processes to ensure that policy documentation is adequately drafted to give legal effect to the proposed level of coverage under the product;
an implementation plan for the product, including milestones;
clearly defined and appropriate levels of delegation for approval of all material aspects of product design;
post-implementation review; and
methods for monitoring compliance with product design policies and procedures.

Pricing

The pricing of an insurance product involves the estimation of claims costs and other business costs arising from the product and the estimation of investment income arising from the investment of the premium income attaching to the product. Pricing risk may occur where the claims, costs or investment returns arising from the sale of a product are inaccurately estimated.
An insurer could consider incorporating ongoing actuarial review and involvement in the pricing process and, where relevant, undertaking specific independent reviews of pricing for schemes and larger or more complex risks.
In relation to pricing, the insurer could consider including in the risk management framework the following elements:
clearly defined and appropriate levels of delegation for approval of all material aspects of pricing;
risk identification and assessment;
a process for the reflection of emerging experience in price adjustments;
profit and loss analysis including monitoring the effect of price movements on the bottom line;
price discounting authorities;
a process for the insurer’s product pricing to respond to competitive and other external environmental pressures;
a process for and the ability to monitor deviations of actual price from the technical underwriting pricing; and
methods for monitoring compliance with pricing policies and procedures for proposed pricing variations.

Underwriting

Underwriting is the process by which an insurer determines whether or not to accept a risk and, if accepted, the terms and conditions to be applied and the level of premium to be charged. Weaknesses in the underwriting process and in the types and levels of controls and systems can expose an insurer to the risk of operational losses which may threaten the long-term viability of the insurer.
In relation to underwriting, the risk management framework would typically include the following elements:
a statement of the insurer’s willingness and capacity to accept risk;
the nature of insurance business that the insurer is to underwrite including:
the classes of insurance to be underwritten;
the geographical areas in which these classes will be underwritten;
the types of risks that may be underwritten and those that are to be excluded; and
the criteria for the use of reinsurance in the different classes of insurance business to be underwritten;
details of the formal risk assessment process in the underwriting of insurance including:
the criteria used for risk assessment;
the method(s) for monitoring emerging experience; and
the method(s) by which the emerging experience is taken into consideration in the underwriting process;
the process for setting approval authorities and the definitive limits to those authorities (including controls surrounding delegations given to intermediaries of the insurer);
risk and aggregate concentration limits; and
methods for monitoring compliance with underwriting policies and procedures such as:
internal audit (where it is established that the internal audit unit has the appropriate skills and experience to perform such activities);
reviews by area heads or portfolio management;
peer review of policies underwritten (including details of the staff responsible for undertaking the peer review, the frequency of such reviews and the reporting arrangements for the results);
assessments of brokers’ procedures and systems to ensure the quality of information provided to the insurer is of a suitable standard; and
in the case of reinsurers, audits of ceding companies to ensure that reinsurance assumed is in accordance with treaties in place.

Claims management

Claims settlement is the process by which insurance companies fulfil their contractual obligations to policyholders. In the management of the claims handling process, the following procedures would be triggered when a loss occurs and claims notification is made to the insurer:
verifying the contractual obligation of the policy to pay the claim;
making an assessment of the claims liability quantum, including loss adjustment expenses; and
ensuring the claims settlement process is handled promptly and efficiently within the terms of the policy.
Weaknesses in the controls and systems surrounding the claims management process can expose an insurer to additional or increased losses which may impact upon its capital position.
In relation to claims management, APRA envisages that the risk management framework would include the following elements:
clearly defined and appropriate levels of delegations of authority;
claims settlement procedures, including loss estimation and investigation procedures;
criteria for accepting or rejecting claims;
dispute resolution procedures; and
methods for monitoring compliance with claims management processes and procedures such as:
internal audit (where it is established that the internal audit unit has the appropriate skills and experience to perform such activities);
reviews by area heads or portfolio management;
peer review (including details of the staff responsible for undertaking the peer review, the frequency of such reviews and the reporting arrangements for the results);
assessments of brokers’ procedures and systems to ensure the quality of information provided to the insurer is of a suitable standard; and
in the case of reinsurers, audits of ceding companies to ensure that the value of claims paid is in accordance with treaties in place.