16
Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk i THE PRESIDENTS’ ROUNDTABLE Preparing for a double dip SPONSORED BY INCLUDES A FOUR-PAGE SPECIAL REPORT ON THIS YEAR’S FERMA CONFERENCE FERMA REPORT Compliance oriented Risk management maturity triggers Nature of risk management triggers Both compliance and shareholders expectations oriented Shareholders expectations oriented Risk management level of maturity 31% 11% 19% 3% 8% 6% 11% 2% 9% Ferma benchmark survey results The most eagerly awaited news at Ferma’s biennial get-together is always the results of its benchmarking survey. This year, 782 risk and insurance professionals from 20 member associations responded to the poll. Addressing the attendees and announcing the survey results, corporate risk management director for Campofrio Food Group and a Ferma board member Cristina Martinez said: “The survey results show the evolution of risk management and its role in European organisations today.” Complex organisations are most risk-mature The survey shows that the most risk-mature organisations are those with the most complex operations. Highly complex organisations have the most advanced risk governance, practices, tools and communication. But 26% of respondents say they have no external risk communication. Overall, the survey suggests that risk management mandates remain fairly limited and there is minimal co-ordination across risk functions. Little change in main drivers The survey’s most notable finding is how little reasons have changed for companies to adopt risk management practices. Seventy per cent of respondents said legal, regulatory and compliance issues are the principal drivers of risk management in Europe. That figure has hardly altered since 2008, despite the soul-searching following the banking crisis. Speaking about the results, Jean-Michel Paris, a director with survey partners Ernst & Young, said the outcome is a surprise. “The pressure from shareholders on companies to adopt better risk practices is less than expected,” he said. He noted that 39% of respondents indicate that shareholder pressure is a big influence in adopting risk management, and this factor is slowly rising in importance. The fear of catastrophe risks – originally a principal driver of risk management in Europe – is now less important. This year, less than half (45%) of respondents said it is a major factor in encouraging their companies to invest in risk management. Just over a quarter of respondents say they have no external risk communication FERMA REPORT Risk appetite per risk category Risk appetite Risk importance Strategic & governance Operational risks Compliance & ethics External risks Compliance Planning & execution Competition & market Financial Political social & economical Production, quality Supply chain, business continuity Financial market Safety, health & security Fixed assets Treasury Intangible assets Corporate governance Credit Civil, general, professional Internal control Product design Ethics, fraud, CSR Liabilities Environment HR & social security IT/IS/data Dynamics, M&A 60% 50% 40% 30% 20% 10% 0% Risk appetite relies on type of risk Other important findings from the survey relate to risk management maturity and risk appetite. The findings show that corporate attitudes to risk are mainly driven by the category (or type) of risk, rather than a technical risk assessment. For example, companies mainly adopt risk-taking strategies when it comes to strategic or business risks (such as M&A or political, social and economic issues). Conversely, companies appear to be totally risk averse when it comes to regulatory, ethical and health and safety issues. It is no big surprise, though, that organisations are open to taking risks where there are big opportunities (such as in strategic decisions), and totally risk averse when the only outcome is negative (such as compliance). Insurance concerns Risk managers’ biggest bugbear with the insurance market is its ability to identify and respond to future risks (61% said so), according to the survey, which was carried out in partnership with AXA Corporate Solutions. The looming hard market is the biggest fear for about half (48%) of the respondents. Almost the same number (42%) indicate that their biggest worry is the impact of Solvency II on insurance capacity. Overall, the results reveal continuing progress in risk management fundamentals but there are still significant disparities between companies, countries and risk management topics. ‘The pressure from shareholders on companies to adopt better risk practices is less than expected’ Jean-Michel Paris, Ernst & Young

Presidents Roundtable

Embed Size (px)

DESCRIPTION

The StrategicRISK Presidents' Roundtable sponsored by ACE

Citation preview

Page 1: Presidents Roundtable

Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk i

THE PRESIDENTS’ ROUNDTABLE

Preparing for a double dipSPONSORED BY

INCLUDES A FOUR-PAGE SPECIAL REPORT ON THIS YEAR’S

FERMA CONFERENCE

FERMA REPORT

xiv Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk

Compliance oriented

Risk management maturity triggers

Na

ture

of

risk

ma

na

ge

me

nt

trig

ge

rs

Both compliance and shareholders expectations oriented

Shareholders expectations oriented

Risk management level of maturity

Moderate Mature Advanced

31%11%

19%

3% 8%

6% 11%

2%

9%

Main external factors triggering risk management within your company

0% 10% 20% 30% 40% 50% 60% 70% 80%

Legal, regulatory or compliance requirements

Catastrophic event

Clear requirements from shareholders

Pressure from the market

Major increases in insurance premiums

Other

70%

45%

39%

31%

13%

12%

71%

63%

9%

35%

31%

26%

Ferma benchmark survey resultsThe most eagerly awaited news at Ferma’s biennial get-together is always the results of its benchmarking survey. This year, 782 risk and insurance professionals from 20 member associations responded to the poll. Addressing the attendees and announcing the survey results, corporate risk management director for Campofrio Food Group and a Ferma board member Cristina Martinez said: “The survey results show the evolution of risk management and its role in European organisations today.”

The top three issues that most concern you about the insurance market

0% 10% 20% 30% 40% 50% 60% 70% 80%

Identifying future risks

Looming hard markets

Solvency II – potential impact on availability of insurance capacity and cost

Change in environmental liability

Solvency II – potential impact on captives

Collective redress/class actions

Broker remuneration, disclosure and transparency

Terrorism coverage

61%

48%

42%

32%

25%

24%

19%

11%

Absence of appropriate solutions to cover investments in renewable energies

Other

No opinion/don’t know

10%

13%

5%

Complex organisations are most risk-matureThe survey shows that the most risk-mature organisations are those with the most complex operations. Highly complex organisations have the most advanced risk governance, practices, tools and communication. But 26% of respondents say they have no external risk communication. Overall, the survey suggests that risk management mandates remain fairly limited and there is minimal co-ordination across risk functions.

Little change in main driversThe survey’s most notable fi nding is how little reasons have changed for companies to adopt risk management practices.

Seventy per cent of respondents said legal, regulatory and compliance issues are the principal drivers of risk management in Europe. That fi gure has hardly altered since 2008, despite the soul-searching following the banking crisis.

Speaking about the results, Jean-Michel Paris, a director with survey partners Ernst & Young, said the outcome is a surprise. “The pressure from shareholders on companies to adopt better risk practices is less than expected,” he said.

He noted that 39% of respondents indicate that shareholder pressure is a big infl uence in adopting risk management, and this factor is slowly rising in importance.

The fear of catastrophe risks – originally a principal driver of risk management in Europe – is now less important. This year, less than half (45%) of respondents said it is a major factor in encouraging their companies to invest in risk management.

Just over a quarter of respondents say they have no external risk communication

Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk xv

FERMA REPORT

Risk appetite per risk category

Risk takerZero tolerance

Risk appetite

Ris

k i

mp

ort

an

ce

Risk averse

Risk taker zoneLow-impact risks

Risk taker zoneHigh-impact risks No tolerance zone

High-impact risks

No tolerance zoneLow-impact risks

Strategic & governance Operational risks Compliance & ethics External risks

Compliance

Planning& execution

Competition& market

Financial

Political social & economical

Production, quality

Supply chain, business continuity

Financial market

Safety, health & security

Fixed assets

Treasury

Intangible assets

Corporate governance

Credit

Civil, general, professional

Internal control

Product design Ethics, fraud, CSR

Liabilities

EnvironmentHR & social security

IT/IS/data

Dynamics, M&A

60%

50%

40%

30%

20%

10%

0%

Risk appetite relies on type of risk Other important fi ndings from the survey relate to risk management maturity and risk appetite.

The fi ndings show that corporate attitudes to risk are mainly driven by the category (or type) of risk, rather than a technical risk assessment.

For example, companies mainly adopt risk-taking strategies when it comes to strategic or business risks

(such as M&A or political, social and economic issues). Conversely, companies appear to be totally risk

averse when it comes to regulatory, ethical and health and safety issues.

It is no big surprise, though, that organisations are open to taking risks where there are big opportunities (such as in strategic decisions), and totally risk averse when the only outcome is negative (such as compliance).

Insurance concernsRisk managers’ biggest bugbear with the insurance market is its ability to identify and respond to future risks (61% said so), according to the survey, which was carried out in partnership with AXA Corporate Solutions.

The looming hard market is the biggest fear for about half (48%) of the respondents. Almost the same number (42%) indicate that their biggest worry is the impact of Solvency II on insurance capacity.

Overall, the results reveal continuing progress in risk management fundamentals but there are still signifi cant disparities between

companies, countries and risk management topics.

Link between advanced level of risk management maturity and company complexity

Risk governance

Risk practices and tools

Risk communication

Pro

po

rtio

n o

f co

mp

an

ies

wit

h a

n a

dva

nce

d l

eve

l o

f ri

sk m

an

ag

em

en

t m

atu

rity

pe

r ca

teg

ory

Company complexity

LOW MODERATE HIGH VERY HIGH

28%

18%

40%

25%

20%

43%

30%

24%

51%

42%

32%

69%

‘The pressure from shareholders on companies to adopt better risk practices is less than expected’Jean-Michel Paris,Ernst & Young

Untitled-2 1

Page 2: Presidents Roundtable
Page 3: Presidents Roundtable

Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk iii

ROUNDTABLE

The Presidents’ Roundtable participants

JORGE LUZZIvice-president, Ferma,

chaired the discussion

PAOLO RUBINIpresident, Anra

CHARLOTTE BARNEKOWpresident, Swerma

CARL LEEMANpresident, Ifrima,

board member, Belrim

GÜNTER SCHLICHTformer DVS chief executive,

board member, Ferma

JULIA GRAHAMvice-president, Ferma,

former chairman, Airmic

CHARLOTTE ENGGAARDpresident, Darim

JEFF CARRclient relationship manager,

major risks, Ace UK

KADIDJA SINZcommercial director,

Ace Continental Europe

Sponsored by

Page 4: Presidents Roundtable

ROUNDTABLE

iv Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk

After a modest recovery, could Europe be

heading for a double-dip recession? How

has risk management weathered the

downturn and is it prepared for another

economic plunge? Is the ‘soft’ insurance

market likely to reverse in the near-future?

These were the questions that our panel

addressed at the Presidents’ Roundtable

discussion during the London Ferma seminar

in late September.

It was clear from the comments of

participants that many European companies

have yet to emerge from the effects of the

recent fi nancial crisis, with most still in a

cautionary and cost-cutting mode. However,

it was felt that lessons had been learnt – as

chairman Jorge Luzzi put it: “The patients

have been inoculated and the vaccine should

be taking effect.”

Risk management during the recession has

been tough. The experience has shown the

need to take into account interconnectivity of

businesses, geographies and suppliers, and

to include a wide range of ‘what if’ scenarios.

The discussion also highlighted the

importance of small companies in corporates’

supply chains. Small- and medium-sized

enterprises generally play a major part in

the profi tability of larger businesses, so it is

essential to encourage them to have good

risk management.

Communicating the value of risk management

is a continuing theme. Some participants

feared that the message might have been

eroded by the fact that fi nancial institutions

experienced diffi culties despite having what

appeared to be excellent risk management

in place. The key question here is whether

senior management listened to risk

managers’ warnings, and this leads on to the

debate over the standing of risk managers

within an organisation.

Finally, it looks like it will take a major

catastrophe (or two) to harden the insurance

market. For the time being, multinational

companies are unlikely to experience the cost

savings created by good risk management in

previous years.

Jeff Carr, client relationship manager,

major risks, Ace UK

Sue Copeman, editor-in-chief, StrategicRISK

Kadidja Sinz, commercial director,

Ace Continental Europe

Introduction

Page 5: Presidents Roundtable

ROUNDTABLE

Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk v

What’s next?The profession’s leaders met in London to discuss how the state of the worldwide economy is affecting their work, whether some countries will see a double-dip recession, if captives still make sense, and how best to spread the message of good risk management

Chairman Jorge Luzzi, Ferma vice-president, opened the discussion by looking at some of the problems that Europe has experienced in the recent recession. Although it was banking institutions that were hit hard

at fi rst, he pointed out that the insurance industry had been affected too, with some companies relying on government funding for their survival. Luzzi expressed gratitude for this government help, saying that if these insurers had been allowed to fail, there could have been signifi cant capacity problems, particularly with liability cover.

He said current discussion concerned the possibility of a new recession – a so-called double-dip. It appeared that the USA could be on the verge of this, while some European countries had still to emerge from the fi rst downturn. Luzzi cited problems in Spain where unemployment has reached nearly 20% and is likely to worsen as the country reaches the end of the holiday season. Problems with the Greek economy, accompanied by signifi cant social unrest, have also hit the headlines.

Recession risksAgainst this dismal background, and taking into account the slight recovery in some European countries, Luzzi asked if those present thought that some fragile economies might slip back into recession. “If that happens, how do you think it will affect risk management, and what new challenges will risk managers face? Are we prepared?” he asked.

Ferma vice-president Julia Graham was fi rst to respond. Pointing out that there are several angles to take into account, she said it was important to look at scenarios and actually get a company’s board or risk committee to think about what the risks could be, and the effect on corporate plans.

She asked: “If you’re trying to protect the delivery of your strategic objectives, what would be the impact of a double-dip? What are the variables that could change your view?” For example, a double-dip might not be universal. Europe could suffer while China continues untroubled. Organisations that trade in Asia, as well as in Europe and in North America, need to consider the implications and look at the combined picture, she suggested.

In terms of the local view for the risk manager, a further recession would put more pressure on corporate overheads. “Often the fi rst thing that happens when businesses are under pressure is that they want to cut costs. Risk management, like other things, is an overhead and a cost,” Graham said. She stressed the need for risk managers to keep their eyes on delivering value and providing evidence of their effectiveness, suggesting that one of the best ways do this was to help the board look into the future.

Ace UK’s Jeff Carr pointed out that recession had triggered employment disputes and social unrest in the USA and Europe, all of which could affect businesses. Graham agreed that the world’s economic problems mean there is more pressure on risk managers to do things well, and this includes employment practices. She said risk assessments against future scenarios should include disputes and unrest.

Carl Leeman said lessons had to be learnt from the previous crisis, although he questioned whether the fi nancial institutions that triggered the problems had taken these on board. “Many

‘Businesses under pressure want to cut costs. Risk management, like other things, is an overhead and a cost’Julia Graham, Ferma

Sponsored by

Page 6: Presidents Roundtable

ROUNDTABLE

vi Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk

risk managers within fi nancial organisations had predicted and/or warned their senior managers about the risks associated with the tricky investments and derivatives they were playing with – but they were not listened to,” he said.

Leeman said it was mainly the investment operations of the banks that led them into trouble. Public opinion was that huge bonuses in the banking sector were part of the problem. “Now we see that, despite the debate on bonuses, people are fi nding many ways to get around this and continue paying them. Most frighteningly, the major European banks that have now changed their chief executives have put in charge people who were responsible for their investment operations. Rather than penalising these individuals, they’ve been promoted,” Leeman said.

In terms of how the economic crisis had affected his own organisation, he said that his company’s broad spread, both geographic and in different types of business, had provided a cushion and enabled it to increase cashfl ow. It had remained conscious of the need for good risk management.

Leeman had a warning, however: “At a time of tough competition, there’s a danger that those in charge of

commercial operations may accept unreasonable terms just to get business. What is the use of good risk management if your commercial guys take unlimited liabilities in their contracts? That can kill a company.”

He considered this was an often underestimated aspect of risk management. “People are always talking about contract certainty in relation to their insurance policies. But contract certainty for the commercial contracts that a company has with its clients is perhaps much more important.”

A double or even a triple recessionary dip is something that risk managers do not have the power to avoid, but they can assist senior management in preparing the company to cope as well as possible, far in advance of any crisis.

The results of the 2010 Ferma risk-benchmarking survey showed that catastrophic events have diminished in importance as triggers of risk management. Leeman found this rather alarming, for example in view of the oil spill in the Gulf of Mexico, which he said could have led to the collapse of a company smaller than BP.

Leeman also pointed out that, in his view, individuals did not want to take responsibility for risk. “We saw it with the ash cloud from the Iceland volcanic eruption. People whose travel was disrupted were immediately thinking about their travel agencies or airlines paying the costs. What did travel or air companies have to do with the volcanic eruption? Everybody thinks that somebody else should step in and solve the problem.

“We should come back to the situation where people ask themselves what they can do to solve a problem – or even better to avoid a problem – rather than looking around for what other people will do.”

Graham agreed it could be valuable to look back and make sure that a business had learned the lessons of the fi rst dip. She said: “In that recession, we saw a lot of things: cutting corners, contract terms and clients transferring their liabilities to you. For example, there were situations where, if your landlord went out of business or failed to pay its bills, you might not have premises; so we saw the need for contingency plans. There are some really interesting business continuity issues that we could learn from.”

Luzzi concurred that businesses were probably better prepared today because of what they had suffered in the past.

Supply chainThe lessons also applied to component suppliers, said Swerma president Charlotte Barnekow. It had been diffi cult to persuade managements of the need to manage exposures arising from the interconnectivity of businesses, especially the damage that could result from a shortage of components. Although managements understood there could be problem, the view tended to be that it was unlikely to occur. She felt there was now a greater appreciation of supply chain risk.

Barnekow said that, while most large companies now had some risk management in place in this area, there was a

need to educate SMEs, which are thought to account for 80% of most European economies. Encouraging SMEs to adopt good risk management practices would benefi t the big companies they supply.

‘Take the Iceland ash cloud. Everyone thinks somebody else should step in, but they should ask what they can do’ Carl Leeman, Ifrima

Sponsored by

Page 7: Presidents Roundtable

ROUNDTABLE

Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk vii

Leeman said more attention should be paid to educating SMEs. Most risk management associations’ membership comprised larger companies, and it was a “huge task” for them to try to reach SMEs and spread good practice in risk management. Ferma’s Günter Schlicht pointed out that some associations, such as the German risk management association, DVS, included SMEs. He pointed out the diffi culties in serving the needs of both large and smaller companies.

“You cannot do it in exactly the same way, “ he said. “We try to render active service by counselling them. If they ask us questions, we tell them how we think an insurance programme or a contract should look, and what to do. We hold seminars and regional conferences. However, even with this active service, the possibilities are limited and it is diffi cult. It is an ongoing job and we are committed to it.”

Paolo Rubini said Anra, the Italian risk management association, also found it diffi cult to reach SMEs. He suggested that it was probably easier for big companies to try to educate them via their supply chains. Associations could help with such educational programmes as a service to their large corporate members.

Training aside, large buyers could require suppliers to meet certain risk management standards, although Ace Continental Europe’s Kadidja Sinz pointed out that this would be a cost at a time when suppliers were already under fi nancial pressure. “The crisis has shown the interdependency that exists and highlighted the fact that, in terms of fi nancial resources, the system is only as robust as some of the weaker links,” she said.

The credit crunch also meant that at one point some major companies could not continue to sub-contract to certain businesses because of their inadequate credit rating. “The fi nancial aspect is also crucial,” emphasised Sinz.

Luzzi said that with large companies generating work at a time when many countries are suffering high unemployment, suppliers needed to maintain good relationships with their customers. He added that his own organisation was requiring transport companies to provide improved protection of its products in some countries.

As far as smaller suppliers were concerned, Luzzi agreed that those risk management associations with a signifi cant number of SME members had a role in educating them. However, small businesses had to understand that larger companies relied on their support in order to compete effectively.

He gave the example of a contract to supply tyres to a team in Formula 1 racing. “We have to demonstrate that we are able to fulfi l the contract on time because, if we fail, that will affect our clients’ ability to compete, and they will lose revenue in terms of sponsorship. There is an interconnection all the way through now. If small companies want to play the game, they have to try to manage that.”

ExposureSinz said a double-dip recession could drastically affect those companies that were fi nding it hard to recover after being weakened by the last economic crisis.

Schlicht pointed out that smaller suppliers in some industries had their own associations, some of which provided assistance with liability, insurance and risk

management. He said interests can differ, and they might fi nd it better to obtain advice and develop strategies from these groups rather than from risk management associations with large corporate members.

Generally, it was agreed that there should be a change from past practice, where big companies imposed their will on small suppliers without discussion, and with the threat of going elsewhere if those suppliers did not sign up to their terms. Leeman said more people were aware of the importance of small suppliers in the supply chain and the vital contribution they made to the success of large businesses.

Credit exposure also came under discussion, with the panel agreeing that credit insurance was one of the few covers that had not moved into a soft market. Schlicht said this was the insurance area that caused most problems in Germany during the fi nancial crisis.

“Companies encountered real diffi culties because they could not obtain cover, or the cover they had was cut down from one day to the next in a sudden and rather brutal manner,” he said.

Not all countries were hit by the fi nancial crisis, principally because stringent banking regulations prevented them

‘This has shown the interdependency that exists. The system is only as robust as some of its weaker links’Kadidja Sinz, Ace Continental Europe

Sponsored by

Page 8: Presidents Roundtable

ROUNDTABLE

viii Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk

taking the risks that led to the problems, said Leeman. Sinz questioned whether companies really would give up on risk management.

Short-life technologyThe pressure in certain industries to keep offering new products and models was discussed next, and it was agreed that this is not conducive to good risk management – as demonstrated by the number of recalls in the car industry.

Luzzi said that while some products had a relatively long life before obsolescence, other markets required companies to continually re-invest their profi ts to remain competitive. He cited the mobile phones and computer industries, where buyers demanded the latest technology.

Rubini said sophisticated telecom companies that could rely on a good IT infrastructure were starting to sell their services, for example in the internet cloud, but these were unregulated. The danger is that they are shifting the risk from the customer to themselves; they are managing clients’ data and there is a real exposure to liability. But such companies believe they have to

move in this direction because it is perceived to be the way that the telecoms industry is going.

Graham believed that this illustrated her fi rst point about the need to consider scenarios and the way that trends could combine to create risk. “We could have fast-moving and innovative technology without a recession, but in a time of recession it imposes all sorts of additional pressures on the businesses concerned and their suppliers. This includes geographical considerations as to where you can get a product made the most cost-effectively.

“A recession in one part of the world can have a huge effect, potentially, somewhere else. It is all these connections that I think are so complicated for us to understand and to know what to do with,” Graham said.

Luzzi asked whether, in the event of a double-dip recession, risk managers considered that they had more weapons in their armoury than before 2008. Were they in a weaker or stronger position than in the run-up to the last fi nancial crisis?

Schlicht said that the DVS had asked risk managers whether the importance of insurance management had changed within and with the crisis. Most said it had not altered fundamentally, but they were more cautious about certain aspects. They said there was more careful consideration of what they were doing.

Giving an insurer’s view, Carr said that some clients had reduced the number of people in their insurance teams. “They’re looking to perhaps push some of the tasks onto their broker, or even their insurer, or are putting the tasks to one side and deciding that maybe they don’t need to be done at the moment.”

Graham said that the UK risk management association Airmic had seen a slight move towards more insurance buying being outsourced, especially among SMEs. Some companies are turning to their brokers, perhaps to run the portfolio as an outsource supplier.

Barnekow, however, has seen the reverse trend. She said that some smaller companies, which a few years ago outsourced insurance purchasing, had taken it back internally. Carr suggested that the squeeze may have led to more outsourcing by larger companies with big insurance departments, and less by smaller companies with no insurance departments, which had decided to bring in purchasing. In effect, they were coming closer together.

‘Real’ risk managementLeeman said he deplored the focus on insurance buying. “If risk managers really want to grow in their organisation, they should take care of other things apart from buying insurance. It’s crucial to be able to advise your board on real risk management issues, not only for the board’s and your own sake, but also for the targets that the company has set for itself.

“At the end of the day, that will have an effect on insurance as well. I’ve heard a number of insurers say they want risk managers to grow within their organisations and to have more input, because that will affect the risks of the company. In turn, that will infl uence insurance: their companies will get better terms and conditions because insurers will know the risks better.

‘Things are going well in Germany but there are signs of a growing readiness to demonstrate … to go on the streets’ Günter Schlicht, Ferma

Sponsored by

Page 9: Presidents Roundtable

ROUNDTABLE

Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk ix

“For the sake of risk management, that’s the only way forward. It’s not an easy debate because most members of the risk management associations spend around 80%-90% of their time on insurance issues.”

Darim president Charlotte Enggaard said the liquidity problems and cost-cutting considerations of the fi nancial crisis had led to many long-term pay-back projects being put on hold. As Graham said: “It’s a brave organisation that invests a lot of money in something it can’t see.” She said it was a more typical and understandable reaction for organisations to start to manage what was in front of them, and not to want to look too far into the future.

She added that a lot of risk managers were trying to balance both but that was a big challenge in a recession when many companies were in survival mode.

It was also suggested that this was one of the reasons many risk managers had failed to demonstrate the value added by risk management. Even institutions that were claiming to have proper risk management procedures in place, with people employed full-time to do it, did not manage to see the fi nancial crisis coming. Risk managers needed to overcome this challenge to get buy-in for strategic risk management.

Sinz said that you could argue that some people were informed and advised by their internal unit that there was a danger zone. “It’s always about which risks bring margin and which don’t. The message didn’t get through because some of what was happening was bringing margins to the companies and was being welcomed by shareholders.

“Now it’s a question of how much money we spend to be in less trouble the next time, and that’s diffi cult to answer,” she said.

Enggaard agreed this was the case “because what’s coming next time is the thing we can’t see”. She added: “If we look backwards and make evaluations based on what we’ve seen before, that is never the story, even though memory is short. We will see some catastrophes coming back.”

However, some regulators have taken action to help prevent or mitigate future problems. For example, the UK is ensuring that organisations have good facilities for whistleblowers. This might mean that people whose warnings were ignored before the last recession could be heard if something similar were to happen.

Organisations also have to ensure that facilities are set up properly so that people are not victimised if they highlight a problem within their organisation. There have also been a number of anti-bribery and anti-corruption measures.

Public reaction to the crisisIt was noted that public reaction to the fi nancial crisis was intensifying, especially as countries cut public spending, and that this could lead to social disruption.

Sinz said that any risk management analysis should include the effect of such disruption as well as customer reactions. She asked how these could be evaluated. Graham suggested that organisations needed to have their contingency plans fi nely tuned to take into account the effect of air or rail strikes, for example.

She said: “It raises the profi le of good contingency planning. If something does happen – and there’s not a lot we can do

to control some things – what do you do? How do you keep yourself in business? And how does that become a competitive advantage? If you do it well and somebody else doesn’t, maybe it’s you that survives.” Graham gave as an example the need for offi ce-based businesses to plan for people to work at home.

Even in Germany, where recent economic developments have been positive, there is talk of a new culture of civil protest. Schlicht said: “Things are going rather well, with positive unemployment rates and the economy growing at a satisfactory pace, but there are signs of a growing readiness to demonstrate – to go on the streets to protest.” Graham attributed this to the cumulative effect of different pressures and events.

Carr suggested that it could be a role of risk managers to look into the future, because social unrest and perceived injustice could lead to political change. He said: “It can move from left to right quite quickly, and back again. That generally stirs up the political and the legislative environment, which will affect businesses. It’s diffi cult to predict, but I think it’s something we have to consider.”

‘Risk managers should be able toshow how they have prepared a company for a crisis’Jorge Luzzi, Ferma

Sponsored by

Page 10: Presidents Roundtable

ROUNDTABLE

x Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk

Returning to the possibility of a double-dip recession, Leeman said the risk management community should make sure it has a good communication system. Everybody would benefi t from exchanging more information, and this could include problems that had occurred, claims experience and any damages paid, particularly in those US cases settled out of court. He said risk management associations, brokers and insurers could take a lead on this as they would all gain from others’ experience.

Barnekow said there was more pressure on risk managers to be effi cient. “Fast-moving developments create opportunities for risk managers and the risk management community, and I think this is something we should try to leverage, and fi nd ways to help others to do that,” she said. Luzzi agreed, and said risk managers should be able to show senior management how they had prepared a company for a crisis, and not just prove their value through lower insurance premiums.

Risk managers’ wider roleMoving to the effects of recession on employment, Luzzi pointed out that some countries had raised the pensionable age

for employees and asked if risk managers were likely to become more involved in workforce-related issues.

Leeman and Rubini agreed that an older population was a problem for many European countries because it is unsustainable for a diminishing employee base to support an increasing number of elderly people.

Schlicht said trends in pensions would not have a direct infl uence on the work of risk managers, but Graham pointed out that “people issues” were now more of a priority. She said: “You have to look after your people. You have to consider how you get the right people and whether they’re working under pressure because of cost cutting. If people leave, you have to make sure this is done in the right way to avoid any liabilities.”

Graham believed that risk managers had a signifi cant role in risk fi nancing. She said more risk managers were involved in buying health and other employee benefi ts, just like any other kind of insurance. Sinz noted that there was increased interest in liability with regard to employment practices.

Enggaard said: “If risk managers are doing their job well, then the human resources people will be applying the same risk management techniques to their work. They will thereby have a better picture of the risks involved in hiring, fi ring, pension funds, healthcare or whatever.”

She said instilling a risk management culture into a company was more important than worrying about who was directly responsible for any one area. “Defi ning who is responsible for what is not as interesting as asking: ‘Are we feeding the right culture into the companies?’ You can work together on these things, it doesn’t just have to be the role of risk managers.”

Luzzi said that some enterprise-wide risk management activities refl ected the traditional work of risk managers in identifying, mitigating and transferring or assuming risk, and that this culture was transferring to other sectors of companies.

He said that the emergence of risk committees with the involvement of chief executives and other senior management was, in a way, a victory for the risk management profession. “I don’t know whether the risk manager will eventually take up the role of chief risk offi cer in all cases but, in a way, the tools that we were using are being applied for everything,” he said.

A fresh look at captivesThe discussion moved on to captives and whether their existence and role had changed due to the fi nancial crisis. Graham suggested that the downturn had put pressure on risk managers to take a fresh look at the need for captives.

“It’s not always for building a nest egg; sometimes you can set up a captive purely for the benefi t of control, knowing where your cost is going. I do think that the recession has challenged people to ask whether their captive was set up for the right reasons, if it is delivering what it should be doing, and if they can put more through it.

“If you set up a captive because you thought the conventional insurance market was going to harden, you now have to try to look over the horizon to see if your assumption is still valid. Can you place your company’s health and benefi ts programme with your captive? It’s a matter of making your captive work for you.

‘Several owners might have allowed their captives to be inactive for a while, to refl ect current circumstances’Charlotte Enggaard, DARIM

Sponsored by

Page 11: Presidents Roundtable

ROUNDTABLE

Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk xi

“The pressure is on risk managers to step back and examine why they have captives and what value they’re adding, just like anything else.”

Although it was generally agreed that such questions should have been asked when the captive was set up, it was felt that the recession and increased regulation had brought more pressure to bear on captives.

Carr pointed out that the rationale for a captive might have changed with the competitive risk transfer options now available. He said: “One of the reasons for setting up a captive – and one that is sometimes forgotten – is to remove some of the volatility of risk transfer. In a recessionary environment, the fi nance director might question putting business through a captive when conventional insurance is relatively cheap. They might at least want to see what a conventional risk transfer option would produce.”

Enggaard said not many Danish companies had captives but those that did were generally favourable. “I think that several captive owners might have allowed their captives to be inactive for a while to refl ect current circumstances. This goes to show that captives are a tool that you use as appropriate. Of course, companies have to consider why they are using a captive, but those that have used them to leverage prices and to try to smoothe the insurance-buying process have found that they have achieved this over the past couple of years.”

A harder market?The soft market in insurance may reduce the value of having a captive insurer but there are signs of a hardening, perhaps not next year but possibly in 2012. Luzzi said new solvency requirements could lead to consolidation and a reduction in capacity; for niche products, there could be a relatively small market offering few options.

Carr stressed that Ace provided underwriting for each risk on its merits, but said that market overcapacity could continue for some time. He felt the situation was unlikely to change as a result of attritional risks. “Insurers in combination with clients have got a much better handle on employee injuries and those types of losses, so I think those costs, certainly outside the USA, are much more under control.

“However, if there are one or more signifi cant catastrophic events that have an impact on reinsurers, and therefore on insurers via their reinsurance treaties, rates could start to harden. When that’s going to happen is obviously diffi cult to predict.”

Carr pointed out that Ace, along with other insurers, was becoming more cautious about the pricing of renewals, so any reductions were likely to be less than they would have been six months ago. This applied especially in the multinational arena where relatively few insurers can provide a global solution. He said that while the SME marketplace in certain territories was still very soft, competition for multinational business had started to reduce.

Enggaard said she understood there needed to be rectifi cation when margins were falling, but she probably spoke for all risk managers when she said she hoped volatility would not be as extreme as in the past. “Solvency II might be the ‘big bang’ that starts it up but hopefully, in the long run, that will produce a better picture.”

Sinz suggested that the allocation of capital to various types of insurance could change. “When insurers analyse the margins and return on capital associated with different types of business, it may be that they see quite a different picture to what they originally thought. That will trigger some adjustments in pricing and an analysis of systemic risk.

“Historically, insurance has not been an industry that has given investors a high return: we’ve been more focused on stability.”

But the volatility that is part of insuring uncertain events has not gone away. If one or more major catastrophes occurred, the system would need more premium to cope. This would affect prices, as would the need to ensure adequate return on capital.

Schlicht concluded by saying that German risk managers do not think the insurance industry is suffering at the moment. He said the market had been soft for several years but had started at rather a high level. “At the moment, there doesn’t seem suffi cient reason to force a turnaround. Industrial insurers haven’t reported bad results in the last six or seven years. However, I wouldn’t guarantee that things will remain as they are.” ■

‘Insurers are becoming more cautious about the pricing of renewals. Any reductions are likely to be less’Jeff Carr, Ace UK

Sponsored by

Page 12: Presidents Roundtable

FERMA REPORT

xii Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk

The role of the risk manager, whether or not they hold

the post of chief risk offi cer, was debated at the 2010

summit of the Federation of European Risk Management

Associations (Ferma) – Europe’s biggest risk association.

Almost 500 risk and insurance professionals gathered at the Hilton

London Metropole Hotel for a two-day conference. The summit is

held every two years.

‘Driving change’ was the theme of the event. Speaking in the

main presentation hall, chief risk offi cer of information group

Reed Elsevier Arnout van der Veer said the enhanced focus on risk

issues means there is a great opportunity for members to push

their boards to take risk management more seriously.

Van der Veer said the global economic crisis has revealed four

truths about risk: they are greater than many people originally

thought; they are often unexpected; they are often hidden deep in

an organisation; and they are usually linked to human behaviour,

making them hard to predict.

“A small issue somewhere in the world can spread quickly

online and affect your reputation worldwide,” said van der Veer.

Risk managers: a seat on the board?Meanwhile, the role of the risk manager was investigated in a

break-out session with Ferma directors.

Ferma board member and director of risk assurance at Morgan

Crucible, Paul Taylor, was asked whether the chief risk offi cer

should have a seat on the board (this is the case with many

banks). The argument is that this will help business leaders

understand and deal with major risks.

Taylor said this might be a solution for some organisations but

he feels differently. He said: “For me, a risk manager is a driver of

change who delivers results and has a supporting and facilitation

role. It is not really about taking responsibility and ownership

of those risks.” He noted that the ultimate risk managers are all

C-suite executives.

Ferma president and corporate insurance risk manager for Dutch

multinational Stork, Peter den Dekker, agreed with Taylor. He said:

“The chief risk offi cer should not be part of the board.

Risk managers are not yay- or nay-sayers. In my view, they are

literally facilitators.”

Some commentators believe that if a chief risk offi cer sits on a

board, they come under its infl uence and are then less effective at

restraining any excesses of the business.

One framework for basic risk governance is the ‘three lines

of defence’ model, which is becoming increasingly popular. In

this model:

• operational management is responsible for implementing

internal controls;

• group-level risk and compliance management sits above

operational management; and

• internal audit interrogates everything.

The model is explored in more detail in a report by Ferma and

the European Confederation of Institutes of Internal Auditing

(ECIIA) – Guidance on the 8th EU Company Law Directive – which

was launched shortly before the conference (see page xiii of this

special conference report for more detail).

Co-operate on global insurance standardsFerma also announced that it would like to see improved

co-operation over global insurance programmes. In response

to a question from StrategicRISK, Den Dekker said he wanted

to see large insurers work collaboratively to resolve

compliance issues with the administration of global insurance

programmes.

Speaking at a press conference on the fi rst day of the

summit, he said it was time the insurance industry “grew up”.

He said: “Compliance should not be an issue of competitiveness.

In my view, we should all interpret insurance regulations in the

same way.”

Den Dekker said he would like to “sit down with large global

insurers”, with the approval of the EU Competition Commission,

to come up with an industry-wide solution.

At the moment, he said, each global insurer treats

insurance rules and regulations differently, and uses their

own interpretations in each jurisdiction worldwide, which can

lead to confusion over the rules and whether they are being

followed correctly.

He gave as an example the case of a company found to be

underinsured (or acting illegally) only when it makes a claim,

which could be due simply to the rules having been interpreted

incorrectly.

Den Dekker would like the industry to develop a consistent

interpretation of the various legal systems rather than having each

global insurer compete for business based on its understanding of

the rules. “We should all be willing to contribute to this process,”

he said.

Since taking the helm of Ferma, Den Dekker has spearheaded a

lobbying campaign at European level on issues such as Solvency

II and broker remuneration. The question of globally compliant

insurance programmes is another major challenge facing the

commercial insurance industry.

Ferma explores the best way to set up risk management

‘A small issue somewhere in the world can spread quickly online. It can then affect your reputation worldwide’Arnout van der Veer, Reed Elsevier

Sponsored by

Page 13: Presidents Roundtable

FERMA REPORT

Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk xiii

The question of how to monitor the effectiveness of

a company’s internal control, internal audit and risk

management systems is the subject of new guidance

published by Ferma and the ECIIA.

The guidance is a response to the corporate governance section

of the 8th European Directive on Company Law, which states

that “the audit committee shall monitor the effectiveness of the

company’s internal control, internal audit, and risk management

systems”.

Ferma directors Michel Dennery, Marie-Gemma Dequae and Paul

Taylor worked with ECIIA to produce the Guidance on the 8th EU

Company Law Directive. This is intended as practical advice for

board members, risk managers and internal audit professionals.

The guidance gives an overview of the risk management role

and responsibilities of the board, chief executive and senior

management, operational management and the assurance

functions. It clarifi es the recommended interactions between

internal control, risk management and audit. The report also

suggests good practice for boards on the oversight of the risk

management system and internal audit function.

Getting defensiveThe paper recommends a ‘three lines of defence’ model (see box,

below). “We think this is one of the answers to the question,” said

president of the ECIIA and chief executive of audit consultancy

Governis, Claude Cargou.

“The fi rst line of defence and control is operational management

by the people in the fi eld. The second line of defence involves

the development of frameworks and standards of control; risk

management is part of that level. The third line of defence is

internal audit. This has a mandate to provide some assurance that

the two other lines of defence are working properly.

Cargou said: “The idea is to strengthen the links between

the various control bodies: risk management, compliance,

internal audit and quality control. They all used to work in silos

but that doesn’t make sense at all. The strength of the control

environment is not the strength of one single body, it’s the

strength of the various bodies working together. A good answer to

what is required by the directive is to implement this architecture

according to the three lines of defence model.”

In many organisations outside the fi nancial services sector, the

three lines of defence operate independently of each other.

Director of risk assurance at Morgan Crucible, Paul Taylor, said:

“If management are unwilling to put governance in place then

this is not going to make any difference. What this guidance does,

particularly for non-executives and the audit committee, is to

get people to ask the right questions. This gives them some very

simple things to ask in their role in ensuring the effectiveness of

risk management systems.

He said: “There are two parts: putting the frameworks in place

and changing the culture of the organisation. The guidance helps

with both aspects. The audit committee can then make up its mind

about the effectiveness of the systems. To put it in place, you need

the skills of risk management and internal audit, as well as other

experts who can drive change.”

Cargou said that the design of the control environment

is the responsibility of the chief executive. “He has to

design the big picture. The second line of defence will then

design the standards and frameworks. These will be used

everywhere in the organisation by the third line of defence.

That’s how it works.”

Speaking the same languageTaylor explained how he is making the three lines of defence work

in his organisation: “I’ve been in my group for just under two

years, and we are halfway through a three-year implementation

programme. To get real change in the culture and make it

sustainable could take another couple of years. It’s not a

fi ve-minute process.”

Taylor said he has learnt a lot by working with the ECIIA on the

guidance, and said risk managers should co-operate more with

audit departments. He said that developing a standard methodology

and language for risk can make it easier for the departments to work

together: “Having that same expression is very useful.”

Ferma and the ECIIA will keep working together, said Cargou.

“We have achieved something that should prove valuable. There

are so many more directives coming from Europe and together we

can help people understand them.”

En garde: implementingthe three lines of defence

Three lines of defence model

First line of defence Second line of defence Third line of defence

Operational management

Internal controls

Risk management

Compliance

Other

Internal audit

External audit

Senior management

Board/audit committeeSource: Guidance on the 8th EU Company

Law Directive, ECIIA and Ferma

Sponsored by

Page 14: Presidents Roundtable

FERMA REPORT

xiv Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk

Compliance oriented

Risk management maturity triggers

Na

ture

of

risk

ma

na

ge

me

nt

trig

ge

rs

Both compliance and shareholders expectations oriented

Shareholders expectations oriented

Risk management level of maturity

Moderate Mature Advanced

31%11%

19%

3% 8%

6% 11%

2%

9%

Main external factors triggering risk management within your company

0% 10% 20% 30% 40% 50% 60% 70% 80%

Legal, regulatory or compliance requirements

Catastrophic event

Clear requirements from shareholders

Pressure from the market

Major increases in insurance premiums

Other

70%

45%

39%

31%

13%

12%

71%

63%

9%

35%

31%

26%

Ferma benchmark survey resultsThe most eagerly awaited news at Ferma’s biennial get-together is always the results of its

benchmarking survey. This year, 782 risk and insurance professionals from 20 member associations

responded to the poll. Addressing the attendees and announcing the survey results, corporate

risk management director for Campofrio Food Group and a Ferma board member Cristina Martinez

said: “The survey results show the evolution of risk management and its role in European

organisations today.”

The top three issues that most concern you about the insurance market

0% 10% 20% 30% 40% 50% 60% 70% 80%

Identifying future risks

Looming hard markets

Solvency II – potential impact on availability of insurance capacity and cost

Change in environmental liability

Solvency II – potential impact on captives

Collective redress/class actions

Broker remuneration, disclosure and transparency

Terrorism coverage

61%

48%

42%

32%

25%

24%

19%

11%

Absence of appropriate solutions to cover investments in renewable energies

Other

No opinion/don’t know

10%

13%

5%

Complex organisations are most risk-matureThe survey shows that the most risk-mature

organisations are those with the most complex

operations. Highly complex organisations have the

most advanced risk governance, practices, tools

and communication. But 26% of respondents say

they have no external risk communication. Overall,

the survey suggests that risk management

mandates remain fairly limited and there is

minimal co-ordination across risk functions.

Little change in main driversThe survey’s most notable fi nding is how little

reasons have changed for companies to adopt

risk management practices.

Seventy per cent of respondents said legal,

regulatory and compliance issues are the

principal drivers of risk management in Europe.

That fi gure has hardly altered since 2008,

despite the soul-searching following the

banking crisis.

Speaking about the results, Jean-Michel Paris,

a director with survey partners Ernst & Young,

said the outcome is a surprise. “The pressure

from shareholders on companies to adopt better

risk practices is less than expected,” he said.

He noted that 39% of respondents indicate

that shareholder pressure is a big infl uence in

adopting risk management, and this factor is

slowly rising in importance.

The fear of catastrophe risks – originally a

principal driver of risk management in Europe –

is now less important. This year, less than half

(45%) of respondents said it is a major factor

in encouraging their companies to invest in risk

management.

Just over a quarter of respondents say they have no external risk communication

Page 15: Presidents Roundtable

Strategic RISK NOVEMBER 2010 | www.strategicrisk.co.uk xv

FERMA REPORT

Risk appetite per risk category

Risk taker Zero tolerance

Risk appetite

Ris

k i

mp

ort

an

ce

Risk averse

Risk taker zoneLow-impact risks

Risk taker zoneHigh-impact risks

No tolerance zoneHigh-impact risks

No tolerance zoneLow-impact risks

Strategic & governance Operational risks Compliance & ethics External risks

Compliance

Planning& execution

Competition& market

Financial

Political social & economical

Production, quality

Supply chain, business continuity

Financial market

Safety, health & security

Fixed assets

TreasuryIntangible assets

Corporate governance

Credit

Civil, general, professional

Internal control

Product design Ethics, fraud, CSR

Liabilities

Environment

HR & social security

IT/IS/data

Dynamics, M&A

60%

50%

40%

30%

20%

10%

0%

Risk appetite relies on type of risk Other important fi ndings from the survey relate to risk

management maturity and risk appetite.

The fi ndings show that corporate attitudes to risk are

mainly driven by the category (or type) of risk, rather than a

technical risk assessment.

For example, companies mainly adopt risk-taking

strategies when it comes to strategic or business risks

(such as M&A or political, social and economic issues).

Conversely, companies appear to be totally risk

averse when it comes to regulatory, ethical and health

and safety issues.

It is no big surprise, though, that organisations are open

to taking risks where there are big opportunities (such as in

strategic decisions), and totally risk averse when the only

outcome is negative (such as compliance).

Insurance concernsRisk managers’ biggest

bugbear with the insurance

market is its ability to identify

and respond to future risks

(61% said so), according to

the survey, which was carried

out in partnership with AXA

Corporate Solutions.

The looming hard market

is the biggest fear for about

half (48%) of the respondents.

Almost the same number (42%)

indicate that their biggest

worry is the impact of Solvency

II on insurance capacity.

Overall, the results reveal

continuing progress in risk

management fundamentals

but there are still signifi cant

disparities between

companies, countries and

risk management topics.

Link between advanced level of risk management maturity and company complexity

Risk governance

Risk practices and tools

Risk communication

Pro

po

rtio

n o

f co

mp

an

ies

wit

h a

n a

dva

nce

d l

eve

l o

f ri

sk m

an

ag

em

en

t m

atu

rity

pe

r ca

teg

ory

Company complexity

LOW MODERATE HIGH VERY HIGH

28%

18%

40%

25%

20%

43%

30%

24%

51%

42%

32%

69%

‘The pressure from shareholders on companies to adopt better risk practices is less than expected’Jean-Michel Paris,Ernst & Young

Page 16: Presidents Roundtable