动荡时期风险管理的战略机遇

Beyond navigating an ever-evolving risk landscape, theresults suggest that CROsare doing more — and shouldcontinue to do more — to helptheir organizations transformsuccessfully to drive growth.C R O sA R E D O I N GM O R E ExecutivesummaryThe second annual EY-IIF (Institute for InternationalFinance) survey of chief risk officers (CROs) inthe insurance industry highlights both the needfor CROs to be more deeply involved across allaspects of the business and to take bold, creativeactions to protect their firms against a broad rangeof risks. Beyond navigating an ever-evolving risklandscape, the results suggest that CROs are doingmore — and should continue to do more — to helptheir organizations transform successfully to drivegrowth. This is further evidence of risk managementplaying an enabling, rather than a restrictive, role.Given the environment of regulatory andmacroeconomic uncertainty, CROs have never hada clearer opportunity to assume a larger leadershiprole and make a greater contribution to the successof their firms. The many surprising events of early2025, had they occurred before the survey wascompleted, would likely have resulted in elevatedconcerns about geopolitical, strategic and equity,and market risks, as well as investment returns.But recent turbulence has only confirmed that CROsplay a vital role in helping their firms navigate anevolving — and increasingly turbulent — landscape.EXECUTIVE SUMMARY TABLE OFCONTENTSKey takeaways04CHAPTER 108The CRO agenda: riskpriorities and plannedenhancementsCHAPTER 213The macro view:economic uncertaintyand geopolitical risks CHAPTER 316Risk and the business:CRO involvementin major changeinitiativesCHAPTER 420Operationalresilience: preparingthe business for timesof crisis CHAPTER 6Climate risk: takingthe long-term view CHAPTER 7Regulatory risk:seeking efficiency incomplianceCHAPTER 8Current state ofcontrols: maturingcapabilities from asolid foundation Looking ahead:finding thebalance betweenimmediate-termpressures andstrategic perspectivesCHAPTER 9Risk managementorganization andoperating model:demand-drivenstaffing increasesCHAPTER 10Skills and talent:seeking expertisebeyond technicaldomains 33 4540 Technology andtransformation inrisk management:modernizing for theage of AI Appendix:methodologyand supplementaldata50 Key takeaways1. CROs are expected towork with their C-suitepeers to prepare theorganization for theimpacts of macro forcesoutside of their directcontrol.Along with a big leap in cyber risk, ourresults see considerably higher concernsaround third-party, regulatory, strategicand geopolitical risk. That’s no surprisegiven world developments of the lastyear, current expectations for ongoingvolatility and the increasing complexityof operations at many insurers. CROsexpect that the risks associated with cyberthreats, geopolitics, machine learning (ML)and artificial intelligence (AI), the climateand the environment will remain prioritiesduring the next three years. Macroeconomicuncertainty and turbulence add furthercomplexity to CROs’ agendas.Top CRO priorities for the next 12 months(See full list on page 9.)CybersecurityThird-party riskRegulatory/compliance riskStrategic riskInterest rate riskGeopolitical risk 3. Investments in talent and disruptivetechnology are top priorities, but theymust be aligned and synchronized tooptimize returns.CROs report increased investments in multiple types of technologies(including emerging technologies and foundational tools). The goalis to achieve tech maturity, pay off the tech debt and build strongIT infrastructures to support next-generation risk managementcapabilities. Investments in key skills and talent (e.g., AI, data science)will be necessary to drive the most value from tech investments,putting a premium on holistic strategies.Ideally, investments in rich technology will be aligned to technologytransformation efforts across the business. Further, CROs shouldengage with business leaders to identify additional risk insights thatmay be delivered by deployments of new tech for internal or back-office usage and in customer-facing interactions.Survey respondentThere is a lot more focus on people whocan use the technology. The combinationof human capital and the technology is abig driver of the value.“ 2. The many different threats to resilienceare threaded through the CRO agenda.Cyber remains the number one risk priority for CROs, cited by 66% of thisyear’s respondents, up from 53% last year. That increase can be attributed,to some extent, to increasing geopolitical risk, which presents the threatof more intense cyber attacks in the eyes of many CROs. However, theengagement of the EY organization and IIF with risk leaders across theindustry confirms that operational resilience is a focal point because of itsclose links to cyber, technology, third-party and regulatory risk.Indeed, increased operational resilience can be seen as a targetoutcome — a key goal in setting strategies and tactics to manage many