November 18, 2019 by Jason Contant
When trying to implement an IFRS 17 solution in your insurance company, should you start fresh with a new solution, integrate into your existing systems, enlist the aid of a third-party provider or some or all of the above?
The risks for your company will vary depending on the path you choose. Insurers will need to consider integration from an enterprise risk management (ERM) perspective, as the implementation affects a variety of business functions ranging from actuarial, risk, finance and IT. The decision will require collaboration between these business departments.
“From my perspective, an IT perspective, the best way to implement this is to put in a new solution. Start fresh, that’s the way I chose,” said James Knott, manager of risk advisory services at BDO Canada, and one of the speakers at the Canadian Insurance Accountants Association’s Fall Technology Seminar in Toronto last week. “But from a business perspective, the accountants may say, ‘Wait a second, we can’t do that. The cost is exorbitant, we can’t afford that. I’d rather have this solution.’”
A complete system replacement is inherently a risk in itself, Knott warned. “It’s probably one of the largest, riskiest [things] a company can do. Not just on the replacement… but the analysis of how you are going to connect with IFRS 17.”
An insurer may decide to implement a cloud-based solution. If they go down this route, the security and risk posture of the company will need to be re-evaluated and addressed within the ERM. The benefit is the insurer will instantly have the expertise, controls and reporting structure of that cloud provider. But they will also need to ensure that data is transmitted securely and the cloud is consistently available.
“Is that provider up all the time, especially during the reporting periods, or are they down?” Knott asked during the seminar, presented by BDO and Moody’s Analytics. “All these risks need to be identified and managed.”
Transfer of data between systems is another consideration, as data between systems aren’t always compatible. “You may have to export data, transform data, protect data, upload data,” he said. “The complexities vary depending on what type of product or solution you are choosing. Is it in-house or are you relying on a third party that has the knowledge? It’s something you need to consider from a risk perspective, management perspective and training perspective.”
There are so many facets of risk that need to be identified, evaluated, managed, monitored and reported on, Knott said. “It’s not a simple implementation; it’s important that it’s planned out in an upfront manner.
“So, start early,” he said. “Otherwise, you might be forced down a path that may not be the solution.”
Some questions to ask yourself: