As insurance rapidly transforms into a digital-first industry, the role of risk leadership is evolving just as quickly. Hyper-personalised products, AI-driven underwriting, and ecosystem-based services are redefining how insurers operate — but they are also introducing new layers of complexity around trust, accountability, and operational resilience.
According to Gaurav Banka, Chief Risk Officer at Aviva India, the industry’s shift toward insurtech-driven models has fundamentally changed the way insurers think about risk.
“Insurance has moved from a policy-centric or distributor-centric model to a product-led, customer-centric one,” Banka explains. “That transformation is exciting, but it also raises important questions about fairness, privacy, and long-term trust.”
The hidden risks of hyper-personalisation
Insurtech innovations have enabled insurers to leverage granular customer data — from health and lifestyle information to behavioural insights — to tailor policies with unprecedented precision. While this improves relevance for customers, it also creates the risk of unintended exclusion.
When data becomes highly granular, actuarial models may conclude that certain individuals represent higher risk based on lifestyle patterns such as lack of exercise or poor sleep habits. From a purely analytical standpoint, this could justify higher premiums or restricted coverage.
“But the real question is whether that is the right thing to do for the customer,” Banka notes.
He believes hyper-personalisation can easily cross into what he calls the “creep factor.” If customers feel insurers are monitoring their behaviour only to deny claims or raise premiums later, trust erodes quickly.
To mitigate this risk, Aviva focuses on using data to encourage healthier behaviour rather than penalise customers. If inactivity is detected through wellness applications, the response is designed to be supportive — nudging customers toward better habits or rewarding improvements rather than imposing financial penalties.
“Innovation works when customers feel that sharing their data creates value for them, not just profit for the company,” he says.
Cyber risk: From IT issue to boardroom priority
Another major shift is how organisations perceive cyber risk. In many companies, cybersecurity discussions still revolve around technical controls — firewalls, antivirus tools, and patch management.
However, organisations with mature governance frameworks see cyber threats very differently.
“The difference becomes obvious within minutes of a conversation,” Banka says. “Companies that treat cyber risk as an IT problem talk about servers and software. Those that treat it as a strategic risk talk about brand reputation, liquidity, and customer trust.”
For leadership teams, the real question is not whether systems are patched but what happens if core services fail. A prolonged outage of a customer portal, for example, could disrupt service delivery and damage market credibility.
At Aviva, cyber risk discussions are framed around business consequences rather than purely technical vulnerabilities, ensuring executive leadership remains actively engaged.
Why risk governance should accelerate innovation
Risk frameworks are often perceived as obstacles to innovation. Yet Banka argues that modern risk governance should do the opposite.
He compares risk controls to brakes in a car.
“Cars don’t have brakes so they can go slow — they have brakes so they can go fast safely,” he says.
When risk management enters product development late in the cycle, it inevitably becomes a bottleneck. However, if organisations establish clear risk guardrails early — covering areas such as data privacy, pricing logic, and customer segmentation — product teams can innovate freely within those boundaries.
At Aviva, such predefined parameters allow teams developing digital health and protection products to move quickly without repeatedly seeking approvals.
“Governance becomes the paved road teams run on, rather than a gate they have to unlock,” Banka explains.
From black box AI to glassbox decisions
As insurers increasingly adopt AI-driven decisioning for underwriting, onboarding, and claims processing, new concerns around transparency and fairness are emerging.
Banka warns against the dangers of opaque “black box” models.
“If an AI system rejects a customer or denies a claim and we cannot explain the decision in simple language, we have failed,” he says.
Aviva follows a clear rule: if a decision cannot be explained, the model is not deployed.
Explainable AI frameworks allow organisations to monitor bias continuously. Since algorithms are trained on historical datasets — which may contain embedded biases — insurers must ensure automated systems do not systematically disadvantage certain demographics or customer segments.
Human oversight remains essential, particularly in edge cases. When automated systems flag proposals or claims, human review is often required before final decisions are communicated to customers.
The CRO’s expanding strategic role
The Chief Risk Officer’s role has expanded significantly in the digital era. Instead of focusing primarily on compliance, risk leaders are now expected to influence product design and technology strategy.
Banka says he now spends more time collaborating with product and business teams than with compliance functions.
Rather than blocking new ideas due to regulatory constraints, his approach is to help teams design solutions that deliver customer value while remaining compliant.
For instance, when Aviva explored integrating health data from fitness apps into its wellness-driven product strategy, concerns emerged about the validity of user-generated data.
Instead of rejecting the idea, the risk team worked with product and technology teams to design a tiered rewards model where verified health data earns higher benefits.
“That is how risk should shape strategy — by solving problems creatively, not just identifying them,” he says.
The overlooked risk: Third-party dependencies
Operational resilience is another area gaining urgency as insurers rely heavily on digital ecosystems.
While organisations often focus on protecting their own systems, Banka believes the bigger threat lies in third-party concentration risk.
Modern insurers depend on a complex network of cloud providers, API platforms, payment gateways, and healthcare partners. If any critical partner experiences an outage, insurers may be unable to serve customers.
“You cannot outsource a process and assume you have outsourced the risk,” Banka warns.
To address this, organisations must map critical dependencies, conduct scenario planning for cascading failures, and embed resilience criteria into vendor selection and architecture decisions.
Building trust in India’s digital insurance market
In India’s rapidly digitising insurance landscape, consumer trust remains fragile despite widespread digital adoption.
Banka believes insurers must adopt a “phygital” model to bridge this gap.
While purchasing insurance digitally should be seamless, the claims experience — often the most emotional interaction customers have with insurers — must prioritise empathy and human engagement.
“You can automate many things, but empathy is not one of them — at least not yet,” he says.
Transparency is equally important. When customers can buy policies within minutes but face unexpected delays or documentation requirements during claims, trust collapses quickly.
“Trust is built when the digital promise matches the real-world service experience,” Banka explains.
Preparing for the next wave of risk
Looking ahead, Banka believes some of the most significant risks insurers face are still emerging and not yet fully reflected in traditional dashboards.
One major concern is the intersection of climate change and health risks. Rising temperatures, shifting disease patterns, and pollution could significantly alter long-term mortality and morbidity trends in India.
Another emerging vulnerability lies in the growing interconnectedness of digital infrastructure.
As insurers increasingly rely on shared cloud platforms, AI tools, and third-party data sources, the risk of correlated failures grows. A systemic disruption in one widely used platform could cascade across multiple insurers simultaneously.
To prepare for these future threats, Banka argues that organisations must broaden their risk horizon beyond immediate operational metrics.
“Risk management today is not just about protecting what exists,” he says. “It is about anticipating what could reshape the industry tomorrow.”