Caroline Stone: I joined DUAL in October 2022 as the Chief Risk Officer (CRO) for the UK, and I'm also responsible for leading the risk and compliance function. My team and I need to make sure that the organisation is operating within the risk appetite that has been set out by our board. This covers all kinds of risk: operational risk: processes, people, systems; and financial, regulatory, and strategic risk. We need to ensure that everything we're doing delivers to the standards that we've set for ourselves.
Prior to DUAL, I spent five years at BGL Insurance as CRO; they’re based in the Midlands and focus largely on retail general insurance products – motor, home, and life. Before that, I worked in various Risk and Compliance roles in mortgages, savings, credit cards, and credit reference agencies – pretty much everything in the financial services sector barring pensions and wealth management.
DUAL is a global managing general agent (MGA) and part of Howden Group. We receive requests for insurance cover from a network of insurance brokers, and then our team of specialist underwriters place those cover requests with a panel made up of Lloyd's and London market syndicates and insurers. We work with over 70 insurer partners worldwide, and we're responsible mainly for the underwriting but in some cases, also the claims handling as well.
"My job means you get to be involved in everything that is going on, as you
have to look at it through a risk lens, which is often a different angle."
As we're an MGA, we're one step removed from the end customer. We don't have policyholders ourselves because we deal with brokers, but we've worked hard to ensure that we do everything we can do to make sure our broker network recommends clear, easy to understand products to the customers that meet their needs.
My job means you get to be involved in everything that is going on, as you have to look at it through a risk lens, which is often a different angle. You have people looking at things from a P&L perspective, an operations perspective, an information security perspective – but to look at the risk picture holistically is rewarding. We get to ask: “What are the challenges here? What are the assumptions we’ve made that something is going to happen? How will unexpected variables get in the way of that?” It’s a unique perspective. You come to grips with how a business works, its drivers of success, and the areas in which it needs to improve to consistently deliver high standards to brokers and carrier partners.
Caroline: As with any MGA, there's always a focus on making sure that we've secured a range of sustainable capacity. Without carriers electing to place their business through us, we don’t have the supply of policies that we need. We were established 25 years ago, and our focus has always been to make ourselves the best underwriting business we can be because that's what's going to attract insurers to stay with us over the long term. We believe it's in our best interest to effectively serve not only our carrier partners but also our extensive broker network so that they come back to us year after year, knowing that they're going to get quality service and products that meet their customer needs.
"Managing risk is part of everybody's role, whether you work in underwriting,
finance, operations, human resources, or anywhere else."
We're in a position to be able to listen to brokers and clients and therefore innovate and meet their evolving demands. Underlying all of that the operating standards and underwriting controls have to be on-point so that we can demonstrate that we underwrite appropriately and responsibly. My immediate focus is on making sure that systems and controls are robust and scalable for the future so that we can absorb extra growth from wherever it comes. For me, it’s a bit parochial: it means making sure I've got the right people and systems in place within my team today and then putting in place transformational work to ensure we're fit for the future. To that end, we're recruiting heavily, trying to secure some additional skillsets into the team to support the next phase of our strategy, but also double checking that everything is streamlined and everything's effective.
The other big thing for me is making sure that the culture is right. We have a culture here that asks everybody to take responsibility for doing things right the first time and get a sense of pride from performing well. Managing risk is part of everybody's role, whether you work in underwriting, finance, operations, human resources, or anywhere else. For me, we must have a culture that strives to do the right thing but is also comfortable identifying where things could be improved. That’s the mentality you need to have when it comes to risk culture.
Caroline: This comes close to home because recruitment and building our team is the future – you’re unable to support a great strategy without it. I'm focused on understanding what we need to do to meet the future plans. We have a strong team already, but the demands on that team are going to change fairly rapidly so what are the strengths that we need to build on? What are the areas where we might need to plug a gap in the future? How do we make everything scalable, and how do we make sure everything's robust as well?
Secondly, understanding the strategy for the business and assessing any risks to that strategy, understanding what the assumptions are that underpin it. What have we decided about the market, what are our plans with our carriers, what’s our view about where the regulator's going to take us next? Recognising any assumptions, any potential hurdles to those assumptions being valid, any challenges that might stand in our way, and then working with business leaders to raise them to the surface and make sure that we have some sensible plans that we can work through and help to mitigate as much of those as we can.
"There’s a challenge between prioritising enough of the things that you want
to do alongside the things that you have to do to get that balance."
The third point is a mix of the first two: it's about evolving my team's interactions with the rest of the business. There's a lot of work that happens in a risk and compliance team that's essential, such as regulatory reporting, but is it visible to the rest of the business? I want to focus on making sure that we're centred on our interactions with other teams. How do we support the business? How do we provide insight through data and other means that gets the business to stop and look at things differently and challenge themselves more than they would have done otherwise? It’s those interactions: how can I add value to the business? How can I add insight into data to drive better understanding of the risk environment that we're in.
Another point would be about the speed of change. The pace of change is a challenge for pretty much every organisation out there doing something different. There’s a challenge between prioritising enough of the things that you want to do alongside the things that you have to do to get that balance. More often than not, this leads to people who are ambitious to over-commit.
At the risk of repeating myself from earlier, it comes back to getting the basics right. If you've got effective controls and processes to manage the day-to-day, then you can start to focus on things which will push you forward strategically.
