About the review
Effective risk management enables the proactive identification and mitigation of risks and vulnerabilities, supporting the safety and soundness of regulated entities and contributing to the stability of the financial system as a whole.
This review will focus on risk governance practices of general insurers and examine the implementation of these practices with respect to technology risk.
Given the breadth of technology risk, we will limit our focus to system infrastructure risks, including legacy technologies and technology transformation activities.
Objectives
The objectives of this thematic review are to:
- assess the risk governance practices supporting key components of general insurers’ risk management frameworks, including their Enterprise Risk Management Framework, capital management plans and reinsurance arrangements
- examine the implementation of risk governance practices in managing technology risk, and
- strengthen sector capability by sharing good practices and highlighting areas for improvement.
Sample
The review includes 8 general insurers, with individual participants remaining confidential.
Approach and timeline
Our approach involves a desk based review of internal information and documentation, as well as materials provided by participating insurers. This will be followed by onsite engagement with relevant executives and directors on their risk governance practices.
We plan to complete the review in April 2027.
Feedback
Insights from the review will be used to:
- Provide entity specific feedback to participating insurers outlining good practices, areas for improvement and recommendations to address identified weaknesses.
- Publish a thematic report summarising key findings, examples of good practice, areas for improvement, and industry recommendations.
Current status
Information requests have been sent to participating insurers, and submissions are due by 5 June 2026.
For further information, please contact the Thematics team at [email protected].