Facebook Twitter LinkedIn Instagram Email Printer Google Plus
February 25, 2020

Jumping Forward: Compliance in Insurance

Strategic changes and quick wins to manage compliance

Key Takeaway
Compliance functions need to take a much more risk-based approach, along with substantially increasing engagement with the business and aligning more fully with other non-financial risk functions.

Cybersecurity, data privacy, and customer protection continue to shape new challenges and trigger regulatory scrutiny for today's insurance.  How can insurance leaders address regulatory and risk management challenges and more effectively manage compliance risks?  A new report from Oliver Wyman, Jumping Forward:  Compliance in Insurance presents the strategic changes and quick wins needed to effectively manage compliance, including how to develop a risk-based compliance program, increase engagement with the overall business, and fully align other non-financial risk functions.

Compliance functions at insurers tend to be less mature than those at other regulated financial institutions. Similarly, insurers typically have fewer resources dedicated to compliance risk management and less influence and impact within their organizations than at other types of regulated financial institutions.

What's needed? Insurance companies need to take a hard look as to whether their Compliance functions are keeping pace with this heightened degree of complexity, scrutiny and change.

The report recommends that insurers make three strategic changes to more effectively manage existing and evolving compliance risks:

  • Establish risk-based compliance programs to focus on the most important compliance risks rather than applying similar intensity across all obligations. 
  • Increase the engagement between Compliance and the business and corporate functions to enable a broader firm-wide effort to manage the most important compliance risks rather than having these efforts shouldered by Compliance.
  • Work more closely with other non-financial risk management functions in order to more seamlessly manage the firm’s top risks (e.g., privacy and cyber) in a similar fashion.


As insurance companies invest in the development of more “risk-based” compliance risk management programs, these changes can be implemented across the typical compliance risk management framework, as outlined below.


We believe that it is essential for insurers to begin a journey towards a more effective model for Compliance within their organizations. Enabling this transformation requires insurers to obtain strong support from senior management, clarify the first-line and second-line ownership of compliance risks, and upskill the Compliance team. While such a transformation will likely occur over multiple years, many quick wins can start to be implemented right away to progressively set the tone on the way forward.

Read the full report, Jumping Forward:  Compliance in Insurance

Join our InsurTech Community

Learn More