Enterprise Risk Management (ERM) Maturity Model and Challenges for Insurance Companies in the Nepalese Context

Abstract

Enterprise Risk Management (ERM) has advanced considerably since the early 2000s, evolving from a governance-driven, compliance-oriented framework into a strategic, integrated approach informed by COSO and ISO standards. For insurance companies in Nepal, the increasing complexity of the risk environment driven by regulatory reforms, digital transformation, and emerging threats such as cyber, ESG, and operational risks has made structured ERM implementation essential. This paper outlines the core prerequisites for establishing an effective ERM system, including a clear governance structure, systematic risk assessment and quantification, informed risk-based decision-making, and robust monitoring and reporting mechanisms. It further presents the ERM Maturity Model, which encompasses five stages ranging from foundational setup to full integration of ERM into strategic planning and business optimization. Although this model provides a practical roadmap, Nepalese insurers encounter notable challenges, particularly limited modeling expertise, difficulties in validating advanced risk models, and insufficient reliable data for quantifying operational and reputational risks. These constraints underscore the need for capacity enhancement, improved data infrastructure, and strengthened risk culture to support the continued evolution of ERM within the sector.