I’ve only been working at Nationale-Nederlanden since 1 January 2018, but I’ve got a lot of experience in the insurance sector. Around 18 years ago, I joined OHRA, the direct insurer that was part of Delta Lloyd. I held various positions there, including Business Process Consultant and coordinator of the Customer Interests First programme. In my various roles, I was already involved in monitoring risks.
As operational risk manager, I help the business to remove any risks that may arise in its operations. We identify the risks of processes and projects in risk assessments. We then put control measures in place, and we monitor whether the measures are implemented and that they work. This is part of the effective control framework, Nationale-Nederlanden’s risk framework.
Imagine, for example, that a customer’s car is damaged. When he or she wants to take out a car insurance policy to then try and claim for the damage, we run a financial risk. It means we have to take measures to prevent this type of risk, such as adequate staff training or monitoring to ensure policy requests are processed properly.
I’m currently spending a lot of my time on the phenomenon of data breaches. In the context of the General Data Protection Regulation (GDPR), personal data may not be leaked to third parties. We sometimes find – particularly in the private market, that addresses are incorrect, and information is sent to the wrong address. In that case, our staff have to fill in a form to register the breach. I and the Data Protection Officer (DPO) then assess whether the data breach is serious – and if it is, we are required to report it to the regulator – or whether the breach is not fraud-sensitive. Registering data breaches is a time-consuming process for our staff. We’re currently looking at how we can simplify it, so that it is manageable without compromising the process.
And that’s an important challenge for risk management straight away. On the one hand, we have to comply with our policy and standards, which means working in accordance with procedures. On the other hand, we want to keep those procedures practical. If you abandon risk management, you encounter problems in the organisation. If you’re too rigid, it doesn’t work either. We’re looking for that balance, which is why we’re also trying to ensure that risk management is part and parcel of the organisation, so that people no longer see it as an obstacle, but as an opportunity to achieve their goals.
The changing needs of the customer, for example, as a result of the emergence of the sharing economy, marks another challenge for risk management. Nationale-Nederlanden is constantly marketing innovative products and they cannot of course pose an unforeseen risk for the customer or for us.
At Nationale-Nederlanden, I have a lot of freedom and independence in my work. I manage my own time and there’s nobody checking up on me every day. I really enjoy that, just as I enjoy the opportunity for all-round personal development, in an environment in which initiative is valued.
Operational Risk Manager, Nationale-Nederlanden Non-life