The Underwriting of Governance: Why Insurance Oversight Has Entered a New Era

The Underwriting of Governance: Why Insurance Oversight Has Entered a New Era

Insights
May 04, 202611 min read

For mid-market and specialty insurers, sustainability is no longer a disclosure topic. It is a governance mandate. The firms that will hold up under scrutiny are not the ones with the best language. They are the ones that can show how sustainability risk changes underwriting, reserving, and capital decisions.

May 2026

The real test for insurers is no longer whether they can describe sustainability risk. It is whether they can govern it where underwriting decisions are made.

From awareness to accountability

In 2022, much of the insurance market was still treating sustainability risk as an emerging challenge. The industry already held enormous exposure to physical and transition risk, but the conversation was still heavily weighted toward disclosure, frameworks, and future preparedness.

That phase has ended.

The issue now is accountability.

Regulators, investors, reinsurers, and counterparties are no longer asking whether insurers recognise sustainability-related risks. They are asking where those risks sit inside the governance model, who owns them in the risk appetite framework, and what evidence shows that oversight is actually functioning.

That shift is not theoretical. European supervisors have become more explicit. EIOPA's supervisory work has made clear that insurers are expected to demonstrate how sustainability risks affect underwriting, reserving, ORSA, and capital management, not simply how they are disclosed.

In the UK, the PRA has continued to push insurers toward stronger board ownership, clearer governance, and better integration of climate-related risk into underwriting and risk management.

In the Lloyd's market, recent guidance has pointed in the same direction: sustainability-related risk is expected to show up in underwriting governance and exposure management, not sit in a separate ESG workstream.

For many mid-market insurers, those expectations expose a structural gap. Sustainability has been discussed and disclosed but not always embedded into the governance architecture where underwriting decisions are actually made.

The supervisory picture is not identical. The governance problem is.

A transatlantic insurance audience needs this said plainly: Europe and the US are not moving at the same pace.

European supervisors are ahead and more explicit. EIOPA has set out clear expectations on the integration of sustainability risk into prudential supervision, and UK insurers face similarly direct expectations through the PRA and related supervisory activity. For insurers operating in or writing business tied to European markets, the governance question is already live.

The US picture is less uniform. Insurance supervision remains fragmented across states, with the NAIC continuing to shape disclosure and climate-risk expectations while political appetite varies widely by jurisdiction. That makes the supervisory pressure less consistent than it is in Europe.

But that does not remove the governance issue.

US insurers with institutional investors, global reinsurers, international programmes, or meaningful catastrophe exposure are still facing the same commercial tests: how sustainability risk changes underwriting behaviour, how that behaviour is evidenced, and whether that evidence stands up under scrutiny.

The regulatory weather may differ. The governance test does not.

Where the gap actually sits in mid-market insurers

The largest global insurers have spent years building climate and sustainability risk capability: dedicated modelling teams, integrated exposure analytics, specialist committees, and formal governance channels.

Mid-market and specialty insurers face a different reality. They carry many of the same expectations without the same overhead.

That creates a familiar pattern.

Sustainability risk ends up in Corporate Responsibility. Or Investor Relations. Or a standalone sustainability function. Or somewhere else that sounds respectable but sits outside the actual governance chain of underwriting and risk.

That is not a reporting issue. It is a governance exposure.

If a risk sits outside the principal risk taxonomy and outside the decision-making rhythm of underwriting, it is not really being managed. It is being observed.

And observation is not a strategy. It is a liability.

Many firms still mistake visibility for control. They produce a strong sustainability report, hold a few internal workshops, improve the language in their disclosures, and assume the issue is being covered. But when you go looking for evidence in committee papers, underwriting authorities, referral triggers, exposure limits, or reinsurance discussions, the trail is often thin.

That is not a maturity gap. It is a governance gap.

Where governance really lives: the underwriting file

The real test for insurers in 2026 is not whether they can describe their sustainability risk framework. It is whether they can evidence how a specific decision was made.

That is why governance, in insurance, ultimately lives in the underwriting file.

Can a CRO, Chief Underwriting Officer, or Head of Exposure Management show:

  • how sustainability risk data influenced a portfolio decision,

  • how a scenario, threshold, or concentration limit translated into underwriting action,

  • how board oversight connects to front-line decision-making,

  • and how that decision was documented, challenged, and escalated where necessary?

That is the point at which governance becomes real.

The devil is no longer mainly in the models. It is in the governance trail behind them.

A firm may have catastrophe models, transition scenarios, board presentations, and a sustainability report that reads well. But if none of that changes underwriting authorities, aggregate limits, pricing discipline, referral triggers, or reinsurance decisions, the governance is not functioning.

That is the distinction many insurers still miss.

What this looks like in practice

Take a mid-market commercial property insurer with meaningful exposure to flood-prone regions and an increasing concentration in older commercial buildings.

On paper, the insurer looks prepared. It has climate scenarios, board reporting, a sustainability statement, and a set of portfolio dashboards. Senior executives can describe physical and transition risk clearly.

Then pressure builds.

Secondary perils start to behave less like secondary perils. Flood exposure looks more volatile than historical assumptions implied. Reinsurers begin asking harder questions about aggregate exposure and underwriting controls. Energy-inefficient buildings begin to face weaker tenant demand, rising retrofit expectations, and more volatile valuations. Claims volatility starts to move before governance has fully caught up.

Now ask the real questions.

Did underwriting authorities change in response to those exposures? Were pricing thresholds adjusted? Were concentration limits tightened? Did exposure management feed directly into portfolio steering and reinsurance discussions? Was the board shown evidence of how these risks changed underwriting behaviour? Is there documented challenge showing that sustainability-related risk was treated as a live underwriting issue rather than an ESG side note?

In many insurers, the honest answer is still no.

That is not a disclosure weakness. It is an underwriting governance weakness.

And once it starts to show up in claims experience, reinsurance terms, or capital strain, it is already late. That is the pattern in miniature. Once governance fails at underwriting level, it does not stay there.

Why this becomes a reserving, capital, and reinsurance issue

Some boards still treat sustainability governance as a soft issue, something adjacent to reputation, stakeholder messaging, or long-range strategy.

That view is outdated.

In insurance, governance weakness does not stay in a governance box. It moves into underwriting quality, exposure management, reserving assumptions, reinsurance negotiations, capital planning, and ultimately earnings resilience.

For European insurers, that link is increasingly explicit. Sustainability risk is expected to feed into ORSA, governance, underwriting, and prudential decision-making. For UK insurers, the same logic applies: board ownership and decision-useful risk integration are no longer optional extras. They are supervisory expectations.

For US insurers, the channel is less uniform, but the commercial consequences are still real. Reinsurers ask harder questions. Rating agencies look more closely at governance quality around catastrophe and transition exposure. Investors increasingly expect insurers to show that risk governance is more than narrative. In catastrophe-exposed lines especially, weak governance can become visible through pricing discipline, portfolio steering, and the cost and availability of reinsurance.

This is where the issue becomes expensive.

If sustainability-related risk is not influencing underwriting and capital decisions, it is not being governed in a way that protects the balance sheet. And if it is not protecting the balance sheet, it is not governance in any meaningful sense.

From risk measurement to risk architecture

In 2022, adopting frameworks such as TCFD or COSO represented meaningful progress. For many firms, those were important early steps.

In 2026, they are baseline. The market now demands defensibility: the ability to demonstrate, document, and withstand scrutiny.

That means moving beyond risk measurement and into risk architecture.

For insurers, the transition is easy to describe but much harder to execute: from scenario production to decision evidence, from sustainability committees to clear underwriting ownership, from disclosure language to documented minutes and escalation records, and from narrative to defensible governance.

That is the progression many firms are still in the middle of making.

The ARCHITECT™ Governance System

I originally developed the ARCHITECT™ Governance System for regulated financial institutions, where supervisory pressure forced earlier maturity in governance architecture. The underlying question turned out to be exactly the same in insurance:

Can you evidence that a financially material risk is being governed, or only that it is being acknowledged?

That is why the framework translates well to mid-market and specialty insurers.

In an insurance context, the six ARCHITECT™ pillars become practical tests of underwriting defensibility:

  • A: Accountability
    Are sustainability-related financial risks owned clearly at executive, committee, and board level, with traceable escalation and challenge?

  • R: Risk Integration
    Are those risks embedded in underwriting guidelines, pricing discipline, exposure management, reserving, and reinsurance strategy, or still treated as a side assessment?

  • C: Capital Exposure
    Can the firm show how sustainability-related risk affects underwriting performance, capital strain, ORSA assumptions, and balance-sheet resilience?

  • H: Horizon Scanning
    Is there a disciplined process for tracking regulatory change, market dislocation, climate litigation, reinsurance market pressure, and sector-specific underwriting shifts?

  • I: Information and Reporting
    Do boards and risk committees receive decision-quality information that links sustainability scenarios to underwriting and capital decisions?

  • T: Transparency and Defensibility
    Is there a clear governance trail showing how risk was identified, challenged, escalated, and translated into decisions?

The goal is straightforward: move sustainability risk out of the reporting file and into the underwriting and governance operating model.

The ARCHITECT™ Governance System translates sustainability ambition into a governance model that can withstand regulatory, investor, and counterparty scrutiny.

Mid-market insurers need to stop hiding behind proportionality

Proportionality matters. Of course it does. A mid-market or specialty insurer is not a global multiline carrier, and nobody sensible expects identical infrastructure.

But proportionality is not a free pass for weak governance.

That is the point many firms still resist. They assume being smaller lowers the standard enough to make patchy architecture acceptable. That assumption is not going to age well.

Regulators, investors, reinsurers, and counterparties are all asking some version of the same question: is this risk governed properly within the core framework of the firm, or not?

If the answer is no, the fact that the firm is mid-market does not make the weakness disappear. It simply means the weakness may be discovered in an organisation with fewer resources to absorb the consequences.

That is why delay is a mistake.

Governance remediation is always harder under pressure. It is always more expensive once someone external has identified the gap. And it is always more disruptive when the issue surfaces in a file, a review, a renewal, or a board challenge that should have been anticipated earlier.

Five questions for boards, CROs, and underwriting committees

Before the next underwriting committee or board risk meeting, I would ask five direct questions:

  • Can we identify, by name, who owns sustainability-related financial risk at executive and board level?

  • Is sustainability risk embedded in underwriting governance, exposure management, and risk appetite, or is it still sitting outside the core framework?

  • Could we produce documented evidence showing how a sustainability-related scenario or threshold changed an underwriting or portfolio decision?

  • Do we understand how sustainability risk affects reserving, reinsurance strategy, and capital planning, not just disclosure language?

  • If a regulator, reinsurer, investor, or board committee asked for governance evidence tomorrow, would we be confident in what we handed over?

If those questions produce hesitation, the governance gap is already there.

Closing

The next phase for insurers is not better sustainability language. It is defensible governance inside underwriting, reserving, and capital decisions.

The firms that build that now will face the next supervisory cycle, renewal negotiation, and board challenge with evidence. The firms that do not will be trying to construct a governance trail after the questions have already started.

That is a much more expensive place to begin.

_______________________________________________________

Not sure how your governance framework would stand up under regulatory review, renewal scrutiny, investor challenge, or a major file review? The ARCHITECT™ Governance Maturity Assessment gives mid-market and specialty insurers a practical starting point.

_______________________________________________________

Author bio

Brendan Walsh is the founder of Walsh SRA and creator of the ARCHITECT™ Governance System. He brings more than 30 years of global executive leadership in regulated financial services, including senior roles at American Express across the US, Europe, and Asia, as well as advisory experience with regulated institutions including the UK's Office of Gas and Electricity Markets (OFGEM). He holds a master's degree in sustainability from Harvard University and is credentialed by GARP in both Sustainability and Climate Risk (SCR) and AI Risk. Walsh SRA advises mid-market financial institutions, insurers, and private equity firms on governance frameworks for climate and sustainability-related financial risk.

Back to Blog