Marentis Labs

Home / Illustrative Engagements

Diagnostic and Embedded SGaaS Financial Services

Diagnostic to Embedded SGaaS: an FCA-Regulated Insurer

A constructed scenario showing how a four-week Diagnostic and an Embedded rebuild give an acquisitive insurer, facing a supervisory letter and a 90-day window, a risk architecture the board can defend.

FCA-Regulated Insurer

Illustrative Engagement

Illustrative engagement. This is a constructed scenario showing how Diagnostic and Embedded SGaaS operate for a regulated financial services business. It does not describe a Marentis Labs client.

The situation

Picture a mid-market specialist lines insurer writing around £400m in gross written premium, built through three acquisitions in as many years. Each acquisition brought its own risk forum, so the group now runs three overlapping risk committees with no common terms of reference and no clear reporting line into the board’s audit and risk committee. The board’s risk appetite statement exists on paper and stops there: nothing cascades it into operational limits the business units can be held to. A supervisory letter lands, flagging accountability gaps, and the board has a 90-day window to respond.

This is the standard inheritance of growth by acquisition. Each governance arrangement made sense when it was created. The aggregate is an architecture no one designed and no one can defend.

How the engagement works

The engagement opens as a four-week Diagnostic. The Marentis Risk Maturity Model sets the baseline across its six dimensions, drawing on the committee terms of reference, a year of risk papers, the appetite documentation and structured executive interviews. A Red Team Review then tests the board’s risk papers the way a supervisor would read them: what the papers assert, what they evidence, and where the gap between the two sits.

The diagnostic gives the board two things inside the supervisory window: a candid map of the accountability gaps, and a redesign the board can commit to with credible timelines. The response to the supervisor is then a board-approved architecture with a delivery plan attached rather than a promise to look into it.

The board converts the engagement to Embedded SGaaS for the rebuild. Over the following months the three legacy forums collapse into a single group risk committee with defined sub-committees, the appetite statement is rebuilt top-down into business unit tolerances each unit signs up to, and the board’s risk reporting is restructured so the audit and risk committee receives analysis it can challenge rather than data it can only note. The principal attends the committee through the transition, challenging the design as it beds in, because an architecture that has never been contested will not hold the first time it is tested.

The position this leaves the board in

A single accountable risk architecture, operational tolerances traceable to the board’s stated appetite, and papers that evidence challenge rather than assert comfort. When the supervisor next looks, the board is showing a governance system it can defend line by line, with the working documented.

This is a constructed scenario showing how Diagnostic SGaaS and Embedded SGaaS operate. It does not describe a Marentis Labs client. To test the approach against your situation, schedule a confidential call.