Doing business in a dangerous world
Risk Management and BCM imperative in new world of risk
The world is a dangerous place, and becoming more so. Executives face a myriad perils, any of which could close their businesses and cause immense pain to investors and staff alike.
To make life even more difficult, the cost of achieving peace of mind through insurance is increasing. This makes understanding and managing risk very important.
So far, price increases have been largely confined to classes of insurance, or regions of the world, hit by last year's ferocious hurricane season, the most damaging on record. But there is concern that as the year progresses, price rises will spread to areas not directly affected by the hurricane losses. Individuals and businesses exposed to natural perils are becoming increasingly fearful that they will be forced to pay even higher prices, or struggle to find cover at all.
Given these conditions, good risk management is imperative. According to Andrew Cornish, a member of the Executive Committee of the Association of Insurance and Risk Managers: "In a market that is less certain, if you are looking to insure a large concentration of value in a single location, you have to convince a large segment of the market that you are well risk managed. Being able to demonstrate that is very important and does make a difference." For some corporate insurance buyers, good risk management will make the difference between obtaining insurance cover and having to meet the cost of claims from a company's own resources.
Chris Clark, chief executive of Willis Re's speciality division, says that in the wake of damage to oil and gas facilities in the US Gulf of Mexico in the past two years, the amount of cover that is available for windstorm related losses is limited. Where it is available, prices are rising by as much as 400 per cent. In order to obtain cover where it is available, or to reduce the cost of claims that will have to be met from a company's own balance sheet, some energy companies with facilities in the US Gulf of Mexico are being forced to improve risk management. "Some of the historic housekeeping on platforms has been below the expectations of insurers, and steps are being taken to improve this aspect of the risk," he says.
Last year's hurricane season. which is expected to result in losses to the entire global insurance industry of up to $80bn, has pushed the risks from natural perils up the agenda. The threat from terrorism remains, while concern about an avian flu pandemic is intensifying after the discovery of the UK's first case of the disease in birds. But two recent events have underlined the devastation that seemingly more mundane events can cause.
In December, an explosion at a petroleum depot in Hertfordshire caused a fire at the Buncefield site itself and damaged businesses at a nearby industrial estate, forcing some to suspend operations temporarily. A few months later, more than £53m was stolen in a raid on a Securitas depot in Kent, making it Britain's biggest ever cash robbery.
Airmic's Mr Cornish says such events underline that "traditional fires and thefts still occur, and can still be catastrophic in nature. It is important to manage these risks". The damage to nearby business premises from the Buncefield blast, and the widespread disruption that could arise if avian flu were to mutate into a form transmittable between humans, also highlight the need for businesses to have effective business continuity arrangements. These should ensure that if the worst does occur companies are prepared The risks that companies face also depend on location.
Increasingly, corporations are transferring aspects of their operations, such as manufacturing, to lower-cost regions of the world. These may be more unstable politically, or more at risk from natural perils. According to a political and economic risk map published this year by Aon, the world's second largest insurance broker, the international trade in oil, gas and other reserves means volatile and politically unstable countries are inevitably part of the supply chain. But the risks that companies face are not just from physical hazards. The insurance industry, which has an important role to play in absorbing the risks that remain after mitigation, has been rocked by a series of scandals.
In late 2004, Eliot Spitzer, New York state attorney general, alleged that Marsh & McLennan, the world's biggest insurance broker, falsified and rigged bids on contracts and favoured insurers at the expense of clients in return for higher commissions. The fall-out from Mr Spitzer's inquiries forced insurance brokers to reassess fundamentally their business models and the way they are paid for their services.
The attention of regulators on both sides of the Atlantic also focused on finite reinsurance contracts, non-traditional insurance policies that span elements of insurance and financing, precipitating a collapse in demand for this type of cover. Companies are also subject to a series of regulatory requirements that make managing risk the explicit responsibility of directors. Banks around the world are preparing for the Basel II framework, which seeks to relate banks' regulatory capital more closely to the risks they take.
The European Commission is also drawing up a directive known as Solvency II. One of the directive's main objectives is to match the risks insurers face more closely to the capital they hold to ensure they can meet their liabilities. In Asia, the development of corporate governance codes is fostering risk management frameworks.
In Eastern Europe, meanwhile, potential investors are also demanding that companies have good risk management practices in place. Richard Sharman, a partner in KPMG's risk advisory services group, points out that in the US, boards are increasingly taking the management of operational hazards as seriously as controlling financial risks. "Risk management is gathering momentum around the world," he says. "The emerging trend is commonality. If you put the world on a spectrum of maturity of risk management, whereas a year or 18 months ago there were clear divisions of maturity and immaturity, that is coming much more into balance. We are seeing an upskilling around the world." But in November, Gordon Brown, the UK chancellor, unexpectedly scrapped a requirement for British companies to produce an operating and financial review, which was to detail the non-financial risks the company might face and how it was responding. British companies still have to comply with the combined code on corporate governance, which requires them to demonstrate they have in place the processes for identifying and assessing risk.
Meanwhile, companies across the EU will still have to produce a business review, a simplified version of the OFR, as a requirement of the EU's accounts modernisation directive. Hans-Kristian Bryn, director of Mercer Oliver Wyman's enterprise risk consulting practice, also points out that while companies may not have to produce an OFR, they continue to face pressures from other stakeholders, such as ratings agencies, institutional investors and equity analysts to demonstrate that they are managing risk effectively. But Ken Davey, chairman and managing director of FM Global, an insurer of commercial and industrial property, believes the risk management debate has moved beyond a need to meet corporate governance requirements. "The whole emphasis on corporate governance has been a tremendous driver, but I think to a large extent it has moved beyond that," he says. Chief executives and finance directors, he says, are taking an interest in risk management not only to meet reporting requirements, but to protect their businesses from risks they face.
"Risk management has become much more of a board level issue," says Mr Davey. "It has moved on from a response to increased corporate governance and the theory of risk management ... to the practice of risk management. The number of chief financial officers who are now actively engaged in ensuring that their businesses are well prepared has dramatically increased." According to Mr Bryn: "Boards have now become much more demanding in getting assurances from executives that the risks are identified, that they are quantified and that quantification is translated into management action. This is both in terms of mitigating the downside from potential hazards, but also understanding that there is scope to exploit the upside of risk. "Risk is not just about downside, it is about balancing upside and downside."
END
f you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.