Decision Focus continues to focus on integrated assurance. Jeff Robinson, a partner at GRC software provider Decision Focus, explains how it has done so this year.
How has Decision Focus enhanced its risk focus for insurers in the last year?
Reducing the silos has benefitted our clients who can rely on a single source of the truth. Our focus is on end-user adoption as we see the platform as a highly effective way to embed governance within the business.
Decision Focus's recent launch of new modules, such as operational resilience has been helping clients with connecting to the overall enterprise risk management framework, and third-party risk management frameworks. This leads to higher levels of effectiveness, swift escalation, and a reduction in duplication of reporting.
We see clients moving to Decision Focus, either from spreadsheets and manual processes, where clients have outgrown this, and the administrative burden becomes too much.
Other clients come to us migrating from legacy technologies, looking to benefit from modern capabilities in the Decision focus platform, such as @ messaging capability, allowing for discussions threads with targeted notifications and automated reporting capabilities. We have a strong demand for our platform from insurance companies in the US and expect to see growth here in the region of 30%.
Finally, we see risk system implementations being a light-touch effort for risk teams, particularly given our agile working principles and removing the implementation burden from the risk teams. Given enhancements in our module suite, we anticipate implementation timelines for standard setups will reduce from nine weeks to six weeks.
Data is a particularly important issue for insurers right now. How has Decision Focus addressed this in the past 12 months?
Data quality remains undoubtedly an important issue for insurers. Within the Decision Focus platform, there is full audit traceability of changes made to the data. Additionally, our workflow ensures that the data can only be updated by the right people. This is particularly important for risk management, but also regulatory compliance teams, for example in relation to regulatory reporting of regulatory submissions.
This has been a growing theme of the regulators, not just about late submissions, but ensuring that companies have confidence behind the submissions made.
Furthermore, the Decision Focus has a data quality management setup, which helps clients, for example with meeting Solvency II data quality requirements. Boards must have confidence in the data on which the capital models are relying.
Data sets that feed capital models can be shown to be adequate through data criteria and data controls as part of a data governance framework. Data control assessments, whilst more granular typically than ERM controls, these controls can be integrated into control assessment regimes.
It isn't merely the case that the data drives business decisions, but the regulator continues, as has been seen recently, to fine insurers in the region of tens of millions of pounds for poor-quality data.
And we haven't even mentioned the privacy aspects of data management.
What key regulatory issues has Decision Focus focused on in its work with insurers recently?
We have been helping clients use the Decision Focus platform to support a range of regulatory topics, including consumer duty, operational resilience and enhancing controls around regulatory reporting.
We see a range of work from some more recent regulatory initiatives, to ensuring that insurers have effectively embedded some existing regulatory regimes, such as the Senior Managers and Certification Regime ("SM&CR") within their organisations.
Of course, ESG is gathering momentum – we know this is an area where requirements are continuing to be refined and clients are looking to embed within business practices.
Is there an AI angle that Decision Focus has been looking at developing?
We have dedicated resources looking at this and have already established AI capability within the Decision Focus platform. We are not looking at a single vendor for AI. We recognise the pace of development in this area is extraordinary. We see a number of areas of use for this. Some central teams have been using AI to learn from publicly available data to remove the risk of key person dependencies.
Through our API, we can train the model on client data without the data being in the public domain. We can train the model so it can use your own risk and control data to identify any potential control gaps/weaknesses in the current setup. Other uses include analysing the existing control landscape in the event of a risk incident being reported centrally, whilst the model has learned from the existing data structure.
