Some of the principles enunciated by the International Association of
Insurance Supervisors are discussed in this section. Companies must be
more conscious of strategic risks associated with an internet strategy. These
risks are critical and would be more so when new products designed for
sale on the Internet reach the market. The new underwriting opportunities
that would become available must be kept in mind. A critical aspect to be
examined relates to the risks posed by e-commerce that are new or different
in scale or impact from traditional business conducted through other
distribution channels. Reputations are at stake as mistakes can multiply
and spread quickly.
Strategic Risks
These risks arise when a company engaging in new business strategy, does
not analyse the implications that decision on electronic commerce will have
on other parts of the organization or the company as a whole. Without such
a plan, the risk of mistakes occurring increases and the chances of the strategy
succeeding decrease.
The impact on the solvency should be the overreaching consideration
in the analysis. In addition the company should be wary of the following
factors:
l The global nature and rapid development and growth of e-commerce
will put pressure on its planning and implementation of online
operations, in particular, product design and technological applications.
l The Internet is an efficient way of doing business, but it is far from
being cost free. System costs and maintaining customer awareness
of the website may involve significant advertising costs.
l Brand loyalty may evaporate in the face of competition. Customers
could switch their business from one to the other company.
l There is a danger of some customers being neglected. There is an
equal danger that research, product innovation, data security and
even risk management may be neglected.
l The speed of processing may complicate management of information.
l The dangers of adverse selection could increase and there could be
inadequate disclosure by the customers.
l It is the responsibility of the Board to choose strategies that reflect the
company’s desired risk profile, functional capabilities and solvency.
It must decide how its internet strategy will influence the company’s
philosophy, the way it conducts business and its financial situation.
Without a well thought out strategy, the decision to engage in ecommerce
may result in an unwarranted increase in risks at the operational
level and an unproductive drain on resources.
Operational Risks
These relate to risks that arise as a result of a failure or default in the IT
infrastructure. There could even be deficiencies in the structure available.
It may not
l have the capacity to handle increased traffic, process transaction and
volume;
l be scalable;
l be accessible all the time due to a lack of fault tolerant technology;
l be secure from internal and external disruption;
l be accessible, compatible or interoperable in every market;
l have appropriate policies and controls in place for third-party vendors;
and have adequate scrutiny of the service provider’s operational
viability, financial liquidity and project management skills.
Transaction Risks
Transaction risks arise on account of an unauthorized alteration or modification
to texts, information or data transmitted over the computer network
between an insurer and the client or vice versa. In e-commerce these risks
arise mainly on account of technology. This risk also includes information,
which is hosted on the server or website of a ‘partner’ third party.
Data Security Risks
These risks arise due to losses, unintentional changes or leaks of information
or data in computer systems. These could be broadly divided into two
categories. Incompatibility of the data systems or part of the data system
information leaks or information loss may be the cause for such risks. The
external links could lead to data breaks. A customer’s personal data may
be illegally accessed. These could complicate and in some cases, negate
the company’s ability to authenticate information and data. Information
concerning an insurance contract may be changed without authorization
after the system has been broken into. Thus, a company’s reputation may
suffer.
Connectivity Risks
Failure in one part of the system may impact all or other parts of the system.
If any part of the internet’s operational system is damaged as a result of
intentional or negligent actions, the company may fail to provide service
to clients.