Chief risk officers in the insurance industry typically hold less senior positions than in other financial services sectors, a global survey by Deloitte has found.

Proposed Australian Prudential Regulation Authority rules will require institutions to designate CROs who can challenge activities that could affect risk profiles.

“The reporting line direct to the CEO is not so prevalent in insurance companies,” Deloitte Head of Insurance and Actuaries and Consultants Caroline Bennet said.

“The CRO usually holds a less senior position and reports to the CFO. But it is starting to change, with a number of major insurers and wealth managers recently announcing senior CRO appointments.”

Deloitte’s biennial Global Risk Management survey covered 86 financial services institutions, including a cross-section of Australian banks and insurance groups.

About 65% of banks, insurance and funds management companies reported an increase in spending on risk management and compliance, up 10% on 2010.

Risk management in insurance companies is undergoing significant change, driven partly by regulatory reforms, according to the study.

Businesses report using a range of methods to assess insurance risk, the most common being stress-testing of interest rates, lapse and mortality.

Many insurance companies are developing integrated enterprise risk management frameworks, using teams drawn from actuarial, risk management, underwriting and finance.

Internal risk models, advanced analytics and stress tests are increasingly important in managing risk exposures and decision making, according to the report.