Issue 07 / October 2015
There is a growing demand for risk management within corporations, which is primarily coming from the boardroom. A number of companies have formed new subcommittees, reporting to the audit, treasury or even remuneration committees of the board, to deal specifically with the risks facing their company.
A key part of being a winning company today is having good social and welfare benefits for your workers.
The financial crisis was a stress-test for many companies’ risk management strategies. Several thought they were managing their risks well but ended up making big losses.
That was a real wakeup call, and has prompted them to fundamentally review their risk management policies, tighten up their practices and take a more sophisticated approach to risk management.
How the risk management function is organised obviously varies between corporations. There tend to be three risk management roles: the insurance manager, the risk manager and the chief risk officer.
The organisation of these roles depends on how mature the risk management function is within a particular company and which sector it operates in.
For example, the chief risk officer has a very important role in a bank or insurer, which is not limited to buying the company’s insurance cover. Whereas, an insurance manager of a road-haulage company plays a central part in its overall risk management strategy, because it is crucial for the company to have a comprehensive and cost-effective motor insurance policy.
Focuses on its long-term buying strategy rather than whether the market is soft or hardhttp://www.resilience.willis.com/articles/2015/09/29/how-mars-manages-its-insurance-programmes/
We have increasingly seen that many companies’ risk mapping is being done primarily for internal audit and control purposes, rather than for the sake of its insurance programme. Although the risk manager will be heavily involved in the process, they will not ‘own’ the process.
But it’s also true that many companies are putting an increasing emphasis on their casualty insurance because of their growing liability exposures.
Some companies are now more worried by their casualty exposures than their property exposures – a trend that is only likely to grow in the years ahead. As a result, the activities of these organisations’ insurance managers have grown.
It has certainly been an important factor. In some industries – for example, the financial institutions, consumer products and pharmaceutical sectors – regulators have put their clear imprint on companies risk management practices, by being very prescriptive about what they expect companies to do.
It is not all the result of the 2008 financial crash, however. Regulation, particularly if a company has operations or does business in the US, has become increasingly stringent over at least the past decade.
For example, the Sarbanes– Oxley Act placed significant additional corporate governance requirements on corporations in the US after a number of high-profile financial scandals at Enron, WorldCom and Tyco.
We mustn’t forget the important role auditors have also played in this process. They will now only sign off on a company’s accounts if they have confidence in its risk management.
But it hasn’t all been due to outside pressures. Companies themselves recognised that their risk management practices needed to improve.
The financial crisis prompted many companies to take a more sophisticated approach to risk management.
Data security is the biggest. Information is now so important to most organisations that the threat of a data breach or cyber-attack is a great concern to them.
CEOs are also increasingly concerned by threats to their corporation’s image. If an incident occurs, they are just as anxious about the potential damage it could do to their brand as whether it produces a liability claim.
The third risk increasingly worrying companies relates to their employees. In some industries there is a war for talent, so a company will suffer if it cannot attract or retain the best people – it won’t be able to innovate as well as its competitors.
A key part of being a winning company today is having good social and welfare benefits for your workers. This is more about having good HR processes than a robust risk management policy, but it also makes protecting your company’s image that much more important.
A company wants to be seen as a good place to work, but if its brand becomes tarnished then that could make it harder for it to attract and hold on to the most talented people.
How they optimise their aviation insurancehttp://www.resilience.willis.com/articles/2014/04/25/american-airlines-groups-risk-manager-discusses-in/
The market is making progress in insuring cyber risk, and we are able to find more solutions for our clients. But we are still not quite there yet – our industry could do more to offer our clients peace of mind.
The insurance industry has done good work on protecting corporations against their reputations being damaged. The main threat to a company’s image tends to come as a result of an incident, and we are able to offer them a range of policies that combine liability coverage with measures to protect their image.
On the risk to talent, insurers already offer companies a variety of workplace benefits and retirement packages. But we are also going a step further, by offering other policies to cover all of the growing threats to its employees that a multinational corporation faces today, such as kidnap and ransom and political risk.
We have identified three possible strategies for how companies can benefit from the highly competitive insurance conditions.
First, a corporation tries to buy what it wants at the lowest available price – with stringent requirements on the security of the capital provider, of course. This is what I call the ‘spot market’.
Second, a company keeps the same insurance budget, but uses the savings it makes in its traditional insurance programme to buy new coverage. So, for example, it might use the money it has saved on its property insurance towards buying a cyber-risk policy.
Third, a company starts to prepare for the next turn in the market cycle, by creating some buffer capital in its captive, so that when prices start to increase it already has a hedge against its rising insurance costs.
These three strategies are not mutually exclusive. Companies can – and have – developed their own strategies that are a blend of these options.
In the book we tried to understand why some risk management techniques failed in the financial crisis. We found that, in many instances, companies took the wrong approach to modelling their exposures.
Their models were simply not robust enough for turbulent times, and we made some suggestions for how they could be improved.
Although we haven’t made a comprehensive review of whether companies’ modelling has improved, I’ve seen several examples, particularly in financial services, where companies have made the effort to understand the bias in their models.
They’ve learnt the truth of the expression ‘all models are false, but some are useful’ and have sought to find ways of improving them.
Willis Group Holdings plc is a leading global risk advisor, insurance and reinsurance broker. With roots dating to 1828, Willis operates today on every continent with more than 18,000 employees in over 400 offices. Willis offers its clients superior expertise, teamwork, innovation and market-leading products and professional services in risk management and transfer. Our experts rank among the world’s leading authorities on analytics, modelling and mitigation strategies at the intersection of global commerce and extreme events.Find more information at our website, www.willis.com
Resilience is the risk management magazine from Willis for business leaders around the world. Each issue explores the latest trends and issues facing multinational businesses as they compete in an increasingly dynamic and interconnected threat landscape.Subscribe today.