WillisWire Contact Author

Issue 07 / October 2015

Mars’ risk manager discusses risk management strategies

At a glance
  • Biggest concern is a catastrophic event that completely shuts down one of its factories
  • Next three biggest risks are brand reputation, cyber and environmental incidents affecting raw materials
  • Focuses on managing big risks through loss prevention and business recovery programmes
How the corporation revamped its insurance programmes for the first time in decades, and the growing importance of analytics to its strategic risk management. A conversation with Donny Quesenberry, international risk manager, Mars

How is Mars’ risk management team structured?

We split duties by our international and domestic presence: domestic denotes everything within North America (including Canada and Puerto Rico) and international is everything outside of North America.

We are risk managers first and foremost, not insurance buyers.

As international risk manager, I have responsibility for the insurance placed and the risk management duties for Mars’ local business units in 70+ countries.

Every quarter I do a big trip to build up my network of local contacts, and recently returned from a two-week trip of the Far East, taking in China, Japan and Thailand. During these visits I give risk management presentations to managers of  the local business unit in which I discuss the issues in that particular country, so that they understand that someone is supporting them and looking after their everyday needs.

With responsibility for risk in so many countries, I never know what I am going to get one day to the next. It could be a challenge with a contract negotiation, a claim, a new exposure that needs to be analysed and covered, etc.

If I was to try to describe a typical day in the office, however, I’d say that my morning is full of inquiries from our local business units around the world and the afternoon comprises work on various projects/initiatives we have within risk management.

What is your approach to risk mitigation, risk retention and risk transfer?

We have a simple four-quadrant diagram we use to explain to our internal customers how our philosophy works, also known as the ‘4 Ts’.

How Mars manages its insurance programmes

Focused on long-term buying strategies rathern than whether the market is soft or hard


 • Low frequency/low severity risks we try to self-insure. (Tolerate)

• High frequency/low severity risks we try to manage through risk mitigation programmes (ie, fleet safety). (Treat)

• Low frequency/high severity risks we try to insure through our risk transfer programmes. (Transfer)

• High frequency/high severity risks we try to review and remove as exposures. (Terminate)

We have three areas of focus within risk (also known as the ABCs of our risk management):

• Asset conservation management (ACM)

• Business recovery management (BRM)

• Corporate risk management (CRM).

Within the ABCs of our risk management we want to mitigate a loss as much as possible through loss prevention (ACM). If a catastrophe occurs, we obviously look at how we can get the business back up and running, so we implement a thorough, effective business recovery plan for all sites (BRM).

Finally, should the loss exceed certain financial levels, we want to ensure our risk transfer programmes will respond and restore the business financially (CRM).

What are your biggest risks?

Our biggest concern would be a catastrophic event at one of our factories that shuts it down completely, hindering our ability to get products on the shelf. We obviously try to mitigate this risk as much as we can through loss prevention measures, but some of our sites are pretty sizeable with a total insured value pushing $1 billion.

Aside from that, our three biggest risks are:

• Brand reputation through quality

• Cyber

• Environmental risks that affect our raw materials.

For brand reputation, we maintain very high-quality control standards: every morning at every factory we have a panel that checks a sample of each product made on our production lines the previous day   to ensure the quality of our products, and our reputation for quality products, is upheld.

Cyber is probably in the top-three risks of every company today. Our main cyber risk comes from our six M&M World stores around the world, the most recent of which opened in Shanghai.

These big stores provide a range of M&M-branded merchandise, with a large number of customers making purchases using their credit cards, either in store or online, so we need to be vigilant against the risk of our database being hacked.

For environmental risks that affect our raw materials, we need to be sure our suppliers can guarantee to provide us with the high-quality raw materials we need to make our products. The best way to manage this risk is to maintain a good relationship with our suppliers, but we also conduct detailed contract negotiations to ensure that they retain the liability for this exposure, rather than us.

To what extent do you insure these risks?

We are looking into buying a cyber insurance policy. That’s a new market where capacity is steadily growing, but where capacity is currently still at pretty small limits. That isn’t likely to be a problem for us, however; while we do have a significant exposure, we don’t carry the same level of exposure as, say, a department-store chain.

One of our five principles is ‘mutuality’, which we define as: a mutual benefit is a shared benefit; a shared benefit will endure.

We do buy product liability insurance, but we don’t buy product recall cover. We’re not big believers in buying insurance for lots of our different exposures.

Our first priority is managing those risks through loss prevention and business recovery programmes. We will put insurance in place where we feel we need the cover, but we are risk managers first and foremost, not insurance buyers.

How confident are you that you can get the business back up and running quickly after a catastrophic event?

We have a robust business recovery process, and we have plans in place that cover the majority of our total insured value. This resulted from us making onsite visits where we brainstormed just about every scenario we could think of. Then we went through a step-by-step process for how we would get the business back up and running within, for example, the first 24 hours, the first week, the first month.

It’s a very detailed process, involving just about everyone who runs a section within that site, from every part of the production process through to personnel. The plan for each site is then updated every year. 

We have had some smaller incidents at sites that have business recovery programmes and they reacted well, but there are others where we are still working to put these programmes in place.

The corporate risk management team is currently working as a matter of priority on creating plans to get as many of our sites up and running again as quickly as we can, from our factories to our third-party warehousing and office sites. This supports our commitment to our customers.

What are your views on the role of analytics in risk management?

This is a very key role in risk management – especially these days. One of the main reasons we selected Willis as our international broker is their analytics capabilities – we plan to work with Willis through analytics to see where our vulnerability lies with any one set of exposures. We are hopeful that this more analytical approach will help determine if our insurance structure is correct or if we need to make changes at future renewals.

I strongly believe risk priorities are different at different levels of management, so it will be about finding the right fit for the company as a whole.

How do you expect Mars’ risk management function to evolve in the next three to five years?

The vision Mars Risk has over the next three to five years is to work towards becoming more self-sufficient through various areas: cost savings, administrative efficiencies, enhanced global compliance, improved client management and better utilisation of our internal risk management resources to become true enablers within the business.

We want to work with our brokers to build a seamless and effective transition of change by creating a robust service model. We want to become more informed and ensure better quality decision making on a global basis. And obviously create value for the business.

Through all of this, we can be successful with efficiency, control, continuous improvement and enhancing our risk intelligence and knowledge sharing with our brokers, insurers and third-party vendors.

Find out more

Why a well-run energy industry workforce underpins effective asset risk management
Piper Alpha. Longford. Texas City. Deepwater Horizon. Everyone in the energy industry knows about these landmark energy losses, and everyone fears another one. But apart from being catastrophic, each of these occurrences has one common thread — human error. Where …
Does your HR portal create a zen place for your employees?
The saying goes, “there is place for everything and everything in its place.”  I often think of this when I work with organizations on arranging their HR content.  In my last blog post, “Implementing an HR portal? Get your house …
Crowd goes wild: Risks of overreliance on crowdsourcing
While the concept of a sharing economy may be a fairly new one, its roots date back to the centuries-old practice of crowdsourcing (i.e., outsourcing work, or aspects of work, traditionally performed by an employee or designated agent to separate …
Construction Insurance Marketplace update
Expectations for Construction Risks: Rate, Terms and Conditions The U.S. construction property and casualty market continues to exhibit rate stability. While the market remains soft, a level of underwriting restraint has started to take hold. Much of this is driven …

Sign up to our newsletter


Willis Group Holdings plc is a leading global risk advisor, insurance and reinsurance broker. With roots dating to 1828, Willis operates today on every continent with more than 18,000 employees in over 400 offices. Willis offers its clients superior expertise, teamwork, innovation and market-leading products and professional services in risk management and transfer. Our experts rank among the world’s leading authorities on analytics, modelling and mitigation strategies at the intersection of global commerce and extreme events.

Find more information at our website, www.willis.com

About Resilience

Resilience is the risk management magazine from Willis for business leaders around the world. Each issue explores the latest trends and issues facing multinational businesses as they compete in an increasingly dynamic and interconnected threat landscape.

Subscribe today.