November issue by Nathan Skinner

CELEBRATING 10 YEARS 2000–2010

Strategic RISK www.strategicrisk.co.uk

LATEST RISK AND CORPORATE GOVERNANCE SOLUTIONS

NOVEMBER 2010

EXECUTIVE REPORT

Product Recall

EXECUTIVE REPORT

PRODUCT RECALL

Highlighting the main risks and identifying practical solutions for dealing with recall incidents

The risks and solutions for managing a recall SPONSORED BY

001 C

GAGGED AND CAGED THE PRESIDENTS’ ROUNDTABLE

Preparing for a double dip FERMA REPORT

Ferma benchmark survey

FERMA REPORT

results

The most eagerly awaited news at Ferma’s biennial get-together is always the benchmarking survey. This results of its year, 782 risk and insurance professionals from 20 member responded to the poll. Addressing associations the attendees and announcing risk management director the survey results, corporate for Campofrio Food Group and a Ferma board member said: “The survey results Cristina Martinez show the evolution of risk management and its role organisations today.” in European

70% 71%

requirements

45% 63%

39%

Pressure from the market

31% 31%

13% 26% Major increases in insurance premiums 12% 9% Other

10%

20%

30%

40%

50%

60%

70%

Risk management maturity triggers

triggers

80%

Little change in main drivers The survey’s most notable finding is how little reasons have changed for companies to adopt risk management practices. Seventy per cent of respondents said legal, regulatory and compliance issues are the principal drivers of risk management in Europe. That figure has hardly altered since 2008, despite the soul-searching following the banking crisis. Speaking about the results, Jean-Michel Paris, a director with survey partners Ernst & Young, said the outcome is a surprise. “The pressure from shareholders on companies to adopt better risk practices is less than expected,” he said. He noted that 39% of respondents indicate that shareholder pressure is a big influence in adopting risk management, and this factor is slowly rising in importance. The fear of catastrophe risks – originally a principal driver of risk management in Europe – is now less important. This year, less than half (45%) of respondents said it is a major factor in encouraging their companies to invest in risk management.

Risk management level of Moderate

Compliance oriented

Both compliance and shareholders expectations oriented

Shareholders expectations oriented

11%

Mature

31%

60%

Risk taker zone High-impact risks

Competition & market

No tolerance zone High-impact risks

50%

40% The top three issues that most concern you about the insurance market

Identifying future risks

61% 48%

Looming hard markets Solvency II – potential impact

42% on availability of insurance

capacity and cost

32% Change in environmental liability 25% Solvency II – potential impact

on captives

10%

20%

30%

40%

50%

60%

energies

70%

80%

Planning & execution Political social & economical

30%

Financial

Production, quality Supply chain, business continuity

Fixed assets 20% Financial market 10%

The looming hard market is the biggest fear for about half (48%) of the respondents. Almost the same number (42%) indicate that their biggest worry is the impact of Solvency II on insurance capacity. Overall, the results reveal continuing progress in risk management fundamentals

24% Collective redress/class actions 19% Broker remuneration, disclosure and transparency 11% Terrorism coverage 10%13% Absence of appropriate solutions to cover investments in renewable Other 5% No opinion/don’t know

Risk importance

Legal, regulatory or compliance

Catastrophic event

35% Clear requirements from shareholders

INCLUDES A FOUR-PAGE SPECIAL REPORT ON THIS YEAR’S FERMA CONFERENCE

Risk appetite per risk category

Compliance

Main external factors triggering risk management within your company

SPONSORED BY

Proportion of companies of risk management with an advanced level maturity per category

conference and the results

28%

18%

40%

MODERATE

25%

20%

43%

HIGH

30%

24%

51%

VERY HIGH

42%

32%

Compliance & ethics

External risks

(such as M&A or political, social and economic issues). Conversely, companies appear to be totally averse when it comes risk to regulatory, ethical and safety issues. and health It is no big surprise, though, that organisations to taking risks where there are big opportunities are open strategic decisions), (such as in and totally risk averse outcome is negative when the only (such as compliance).

‘The pressure from shareholders on companies to adopt better risk practices less than expected’ is

Jean-Michel Paris, Ernst & Young

69%

www.strategicrisk.co.uk

Untitled-2 1

Strategic RISK NOVEMBER 2010 |

of Europe’s biggest risk

www.strategicrisk.co.uk

management benchmarking survey

CAPTIVE BUSINESS | innovations

ON | Eric Bloem

CAPTIVE BUSINESS | innovations

RISKS | offshore

Rise and shine

Risk managers must make their captives work harder in the current soft market. Nathan Skinner studies options including in-house employee beneﬁts and traditionally uninsurable risks such as supply chain upheaval

t ﬁrst glance, there may not appear to be much incentive for using a captive right now. The insurance market is in the depths of a prolonged soft cycle without much sign of change, according to most commentators. Capital, often in the form of bank loans, which is needed to set up a captive, could also be hard to come by. “Most companies that could have a captive have done it already or have looked at it and decided not to,” says Nick Wild, head of JLT’s captive management arm in Guernsey. These factors mean that the number of new captive formations has levelled off, following steady growth over the past two decades. New companies are emerging all the time and Wild believes that a moderate sized company today could easily grow within three years into the size of business worthy of a captive. However, he says: “The reality is, though, that the big numbers of captive formations are not there at the moment because ﬁrst, it is a saturated market and second, the insurance market is so cheap that

MBER 2010 |

www strategicrisk co uk

20 Captive RISK NOVEMBER 2010 |

frankly it’s difﬁcult to make a new captive make sense.” He continues: “The captive market is in a state of equilibrium. There are just about as many captives going off the books as there are coming on. If you look at the major domiciles they are losing about as many as they are gaining at the moment.” There is little doubt that interest in the captive solution will continue. But given the current tough climate, risk managers are looking for ways to make their captives work even harder for them. Aon’s Derek Millar thinks risk managers’ approaches to captives fall into two categories. “You have the very experienced risk managers who have used captives for a long time and risk managers who are new to the concept: the way they think is completely different. The new kids on the block will think, ‘If [premium] rates in the insurance market go up I’ll look at using my captive to keep the premiums down’. Whereas the more sophisticated risk manager is always

looking for new opportunities to use their captive.”

POOL POTENTIAL One area where it is widely recognised that a captive can save its parent significant sums is through the provision of employee benefits. “People are exploring employee benefits in quite a big way because that is still a relatively untapped area,” says Wild. “Some companies are spending more on their employee benefits than they spend on their conventional insurance programmes. So that’s an area that could be expanded.” But at present only relatively few captives write employee benefits business, he continues. “Most employee benefits business that I’ve seen people attempt to put in a captivee is basically the captive taking a position behind a pooled programme.” Cost savings are the prime driver for captive pooled employee benefits. For most commercial risks the insurance market is highly competitive but there are only

a limited number of carriers who write employee benefits well. It can be cheaper to pool the various programmes in a captive than to purchase individual solutions on the commercial market. “There’s nothing terribly innovative about having a pooled employee benefits programme but a lot of people don’t have one,” says Wild. “Quite often [various regions of] global operations are each doing their employee benefits in their own way. As part of pulling it all together, companies realise they have a big insurance premium spend and they think, ‘Surely there’s part of that risk that I’m passing to the insurance market that I could be keeping myself in the captive?’” But the risk manager needs to be aware of a number of major challenges attached to employee benefits. One big challenge is complying with local regulation. “In every operating environment you need a different solution,” says Dominic Wheatley, chief executive of Willis’ captive management arm. “Every

country has their own rules and laws about employee benefits, about the provision of life cover and health cover, and therefore you need local delivery of that.” Adds Millar: “Employee benefits are the Holy Grail in some ways. If you have a global business and each region does its own thing it ends up being expensive. If you get a captive to front the whole thing then it can be really profitable. But the problem is getting each of the operations to buy into that.” In most global enterprises it is the human resources department which has responsibility for employee benefits so the risk manager has to convince HR that using the captive is the best option. This might involve wresting the department away from commercial employee benefits provider who they have a cosy relationship with. Generally, Millar says, the verdict on placing employee benefits in a captive tends to be: “Would it work? Absolutely. Is it profitable? Definitely. Is it practical? Generally not! I know a lot of clients who have looked at doing this but very few have been able to succeed at it.” More positively, Malcolm Cutts Watson, chair of Willis’ international captive practice, says: “Where we’ve found the most success with captive employee benefits programmes is where the chief financial officer or the group counsel is put in charge of both the general insurance buying and the HR. They can then transfer some of the disciplines over from one silo to the other. When they are kept quite separate it is generally difficult.”

INSURING THE UNINSURABLE

“There’s not a great deal of new risks that are obvious candidates for captives,” bemoans Wild. “Captives have been around for some time so they have explored most lines of coverage and if it makes sense they are already in there.” But Millar is more optimistic. “Sophisticated risk managers are thinking about the traditionally un-insurable risks and whether there could be an insurance solution and, if so, whether it is possible to use a captive for that.” He highlights an interesting trend where captives look to tailor bespoke insurance solutions to cover traditional exclusions. He explains: “You insure something that was previously uninsurable within the captive on a net retained basis with a fairly modest limit to begin with. When you get to the renewal, if you’ve had no claims or only small claims then

you’ve built up some underwriting experience. You may be able to tap into some of the reinsurance markets and they’ll take a small piece of the risk.” Cutts-Watson has noticed a similar trend where captives look to insure risks that the market simply won’t insure. “Other areas are contingency type risks that could be related to supply chain or business interruption. These are the things that the market may not be able to model that well and is therefore not that comfortable writing. So the captive is a good way of warehousing that risk until you’ve built up data about it and then you can decide whether to transfer it to the market or not. “We did a lot of work in the 1990s with banks when they were coming up with new ﬁnancial products and looking for the market to provide credit insurance on those products. Because they didn’t have the track record the insurance market was unsure about underwriting the risk because they couldn’t model it. So the captives were used as an incubator to put the risk in and then subsequently the banks decided to transfer the risk into the market once they had a better handle on it.”

EXTENDED WARRANTY Third party insurance is another area that captives have looked at to add value to their business. Extended warranty insurance on electrical goods, cars and mobile phones is big business for captives. “There are quite a lot of people out there using captives for customer insurances,” says Wild. “The reason the big players in extended warranty for electrical goods, cars and mobile phones are putting this business into their captives is because it is highly profitable. The customer pays a fairly modest amount on top of their original purchase and normally that’s got a decent profit margin.” Risk managers interested in going down the captive route should pay close attention to the innovative ways in which these vehicles are used to add value to their parent business. If risk managers want to continue to leverage a captive solution for the benefit of their business they’ll have to think creatively about new areas that they could expand into or re-examine traditional risks that the wider market might be excluding. This will require a deep understanding of the business that the captive is serving so that risk managers know what the priorities are and how a captive solution could help. Q

www.strategicrisk.co.uk

Captive RISK NOVEMBER 2010 |

www.strategicrisk.co.uk

RISKS | offshore

The number of onshore captive insurance domiciles in the USA

attling out of economic recession requires a careful balancing act by all governments. On the one hand, there is the need to generate income – usually by increasing taxation. On the other, there’s no benefit in imposing further costs on businesses that can only have the effect of making them less competitive. In the UK, chancellor George Osborne took the business encouragement approach, with an emergency budget in June that introduced four annual reductions in the rate of corporation tax. These will eventually take the rate down to 24% from its current figure of 28%. Further, the anticipated increase in insurance premium tax, up just 1%, was considerably less than many had predicted. Jonathan Groves, who leads Marsh’s UK captive consulting practice, says that corporate tax rates have generally been falling across the board, and he estimates that the average rate in Europe has dropped in the last 10 years from around 33% to 25% – a significant

€900m

reduction. He believes that if the trend continues, it could have an influence on where businesses decide to locate their captives. Although governments frown upon companies using captives purely as tax avoidance vehicles and have taken steps to prevent this, there are still tax advantages to be gained by using captives, states Towers Perrin’s report Captives 101: Managing Cost and Risk, especially those with multiple owners or insureds and those where the insureds and the shareholders are not the same, “Deductibility of premiums and deferred taxation of insurance income are the two principal advantages,” the report says. But goes on to warn: “Tax issues can be a major driver, but they should not be the only reason for forming a captive. If they are, the captive might not stand up under the scrutiny of tax authorities and regulations.” Groves agrees that tax considerations have been an aspect of captive ownership. “Lower tax jurisdictions such as Ireland have always been attractive. And if you accept that tax rates are a factor, then countries that reduce their tax rates could have an influence on where captives are located in the future.” Executive chairman of JLT’s worldwide captive and insurance management operations (ex Americas), Nick Wild, is not convinced. “In the last 15 years – and particularly in the last five – tax has become much less of a driver in the decision as to where to put your captive. This is mainly because most of the countries from which captives emanate have amended their regimes to deal

Coming home

Captives with annual premiums lower than this tend to be formed offshore due to lower ownership costs

with the fact that the captives may be located in low-tax areas,” he explains. Although companies continue to locate their captives in low or no tax regimes, Wild believes that this is because of the expertise on running captives that has accumulated in such domiciles over the years. “The tax beneﬁts have largely gone away but the knowledge and experience still reside mainly in those domiciles, so captives tend to gravitate there,” he comments.

IN MY BACKYARD But, Groves believes that implementation of Solvency II could reduce the competitive edge of some domiciles. “Although it’s been argued in the past that there has been a common EU regime relating to insurance regulation, that hasn’t totally been the case. There’s been some regulatory arbitrage where regulators have often interpreted rules and policies differently.” Groves thinks that Solvency II will create some consistency and uniformity in approach. He explains: “Some of the significant differences that might have existed with regard to insurance regulation may possibly become far less significant once Solvency II is introduced. And, provided Solvency II and its framework does not kill captives off, the regulation should create a more competitive environment between European countries and d offshore domiciles.” Groves also says that there are “good logisticc reasons” why it is better to have a captive in the same country as its parent. And national preferences may play a part. Wild points out that some companies, notably those based in the USA, have strong preferences for locating their captives onshore.. “They would rather be doing business in their own backyard than on some farflung island,” he says. As a result, the number of US onshore captive insurance domiciles has steadily

With many corporate tax rates falling, and Solvency II creating uniformity across domiciles, is offshoring captives becoming less attractive? Sue Copeman reports why some companies are sticking to their home turf

increased over recent years. According to US consultants Wealth Management Solutions LLC (WMS), the number stands at around 24 states. WMS says that captives that are formed, licensed, managed and operated outside the USA or offshore can elect to be taxed as a domestic US corporation for US tax purposes. “This allows a foreign-based captive insurance company to receive the same US tax benefits and treatment as a captive insurance company formed in any of the 24 US states with captive insurance legislation. The big difference is that a foreign-based captive generally has a much lower costs of ownership and a far higher degree of flexibility for its US owners compared to a captive insurance company that is domiciled in the USA.” The result is that most small captives with annual premiums below $1.2m (€916m) are formed offshore. There can be some tax advantages besides a reduced corporate tax rate in locating onshore. For example, if a British company locates its captive in the UK, any losses that the captive makes can be offset against profits in the core business. But if a captive isn’t subject to UK tax, this is not an option. Groves explains: “It’s often overlooked when considering captives that results are consolidated for accounting purposes but not from a taxation perspective.” There are also fewer uncertainties when doing business in a familiar country. Over the years, tax authorities have sometimes legally challenged offshore captive owners, with varying degrees of success. Groves says that avoiding investigation and litigation can be a consideration where

any tax beneﬁts are marginal. “It’s a risk/ reward trade off in the way you operate your business. You might save €1m but there’s a 50:50 chance that you won’t and it could cost €1.5m,” he adds.

WELL-EQUIPPED But nationalistic and familiarity preferences aside, Wild does not believe that a European country such as France would automatically attract existing or new captive owners to locate there “even if it dropped its corporation tax rate to 5% overnight”. He stresses that it takes a long time to build up experience in running captives. “Even though knowledge and expertise can be relocated, having the right legislation and regulation is also key in enabling captives to operate efﬁciently,” Wild says. “Many of the countries around the world whose tax rates may be going down are not well equipped to accommodate captives. They’re not geared up, and I don’t think they want to gear up for it,” he adds, pointing out that they would need to rewrite their legislation to attract captives. Groves is not so sure that the established offshore domiciles have little to worry about, and believes that some may be reviewing their current tax regimes in the light of corporate tax trends. He sees the issues of tax rates and Solvency II as being very closely related in their effect on captive location. “Offshore jurisdictions have to manage the question of whether or not to be an equivalent jurisdiction. If they decide to be equivalent, this may make them less competitive and it could make long-term sense to locate your captive where your home company is based.” While attracting captives may not be at the top of the agenda for countries cutting their corporate tax rates, Groves believes that for some of them “it’s on the radar”.

‘Many of the countries whose tax rates may be going down are not well equipped to accommodate captives. They’re not geared up’

Plus: the Solvency II debate,

Nick Wild, JLT Wild concedes that some companies may ﬁnd the ‘own backyard’ approach attractive. “But we won’t see another 20 captive domiciles suddenly emerging, trying to drum up business and proactively attract captives. “In fact,” he concludes, “I think there’s already a surfeit of captive domiciles – and there’s a danger that resources may get spread too thinly.” Q

Channel Island tax changes, and the rise of Bermuda

Sue Copeman is editor-in-chief of StrategicRISK

fronting costs

21 22 Captive RISK NOVEMBER 2010 | www.strategicrisk.co.uk

Captive RISK NOVEMBER 2010 |

www.strategicrisk.co.uk

Strategic RISK NOVEMBER 2010 |

02_03_Contents_Nov10.indd 3

www.strategicrisk.co.uk

21/10/2010 14:02

RISK NEWS The latest business round-up

For more news go to www.strategicrisk.co.uk

Best of the web TOP

3 | UN halts carbon credit scheme over ‘biggest ever environmental scandal’

E SS E NTIAL ON LI N E STO R I E S

7 4

9 3

5 2

1 | Afghanistan, Africa declared most at risk of food shortage Countries at extreme risk of food shortages 1 Afghanistan

2 Democratic Republic of Congo 3 Burundi 4 Eritrea 5 Sudan 6 Ethiopia 7 Angola 8 Liberia 9 Chad 10 Zimbabwe Source: Maplecroft

Reuters

The wars in Afghanistan and the Democratic Republic of Congo caused the two countries to top a risk index of the places most vulnerable to critical food shortages. Eight other sub-Saharan countries made up the top 10 countries at extreme risk of food shortages, according to Maplecroft. In all, African nations make up 36 of the 50 nations most at risk in the index. Africa is particularly vulnerable to food insecurity because of the frequency of extreme weather events, high rates of poverty and failing infrastructures, including road and telecommunications networks. A heatwave in Russia and floods in Pakistan have also had a profound effect on food security. “Russian brakes on exports, plus a reduction in Canada’s harvest by almost a quarter due to flooding in June, are provoking fluctuations in the commodity markets. This will further affect the food security of the most vulnerable countries,” said Maplecroft environmental analyst Fiona Place. goo.gl/k52d

2 | State capitalism is on the increase Emerging market countries are using state-owned companies and sovereign wealth funds to increase government control of their economies, warned Eurasia Group. In Russia, the government has assumed control over a number of strategic industries, while Brazil has intervened in the oil sector. This process gives state-backed ﬁrms a competitive edge, warned the research. A better understanding of state capitalism will help companies work with the blurred line between politics and markets, said Eurasia Group. goo.gl/mMtG

ONLINE CONTENTS MOST READ

ONLINE ONLY

www.strategicrisk.co.uk ■ UK general insurer complaints data ■ Dubai gets two new captives ■ Two charged in Venezuela nuclear bomb plot ■ The evolving role of the chief risk ofﬁcer

Strategic RISK NOVEMBER 2010 |

DVS SYMPOSIUM DAILIES Around 590 risk and insurance professionals gathered in Munich for the annual DVS Symposium on 7, 8 and 9 September. For the ﬁrst time ever StrategicRISK published the only local language conference daily.

www.strategicrisk.co.uk

Highlights included a debate over whether Aon should be selling client information to insurers and news that Siemens risk boss Stefan Sigulla plans to join HDI Gerling. Use our online reader or download the PDFs online. goo.gl/tCk0

Some companies may be abusing the emissions trading scheme by overproducing dangerous greenhouse gases just to generate carbon credit revenues. Under the UN’s clean development mechanism (CDM), companies earn carbon credits for the destruction of trifluoromethane (or HFC-23). HFC-23 projects account for more than half of all CDM carbon credits sold to date. But the UN has now halted issuing new carbon credits for the destruction of HFC-23, pending an investigation into evidence from the Environmental Investigation Agency (EIA) that manufacturers are “gaming the system” by intentionally overproducing HFC-23 for profit. The CDM leadership blocked issuance of HFC-23 emission reduction units from five facilities in China. “The evidence is overwhelming that manufacturers are creating excess HFC-23 simply to destroy it and earn carbon credits,” said EIA policy and legal adviser Mark Roberts. “This is the biggest environmental scandal in history and makes an absolute mockery of international efforts to combat climate change.” goo.gl/7MiU

4 | Coke faces legal action for cutting healthcare of striking employees Lawyers representing 500 striking employees at Coke filed a class action lawsuit after the company cancelled their healthcare. The suit accused Coke of violating the Employee Retirement Income Security Act, which sets minimum standards for health plans in the private sector. “My wife had a kidney transplant two years ago. When Coke cancelled our healthcare, they cut off her anti-rejection medication. This shows me that Coke doesn’t care about its employees,” said Bill Mauhl, a 34-year Coke employee, who works in the company’s production facility in Bellevue. “In my almost 20 years of representing workers and unions in labour disputes, it’s hard to think of any past instance where I have seen an employer retaliate against its striking workers in a manner as egregious as what the Coca-Cola Bottling Company has done here,” said attorney Dmitri Iglitzin of Schwerin Campbell Barnard Iglitzin & Lavitt, an employment law firm based in Seattle. goo.gl/7fl1

5 | UK government sued over Congo conflict mineral claims The campaign group Global Witness launched legal action against the British government after it refused to put forward UK companies to the UN for human rights breaches. “A number of UK companies known to have been trading in minerals sourced from the eastern Democratic Republic of Congo [DRC] should have been put forward to the UN Sanctions Committee,” Global Witness said. “By failing to adequately investigate the companies and individuals, the UK government is breaching its international legal obligations.” The campaign group said it had evidence proving that British companies have supported armed groups by purchasing minerals from areas under their control in the DRC. Despite this, the UK government has never put any of them forward for sanctions. “These companies have proﬁted from a brutal conﬂict, and should face UN sanctions,” said Global Witness campaigns director Gavin Hayman. goo.gl/Xhzr

The latest business round-up RISK NEWS

Reuters

For more news go to www.strategicrisk.co.uk

6 | Bahrain charges 23 in terror plot Authorities in the Kingdom of Bahrain charged 23 “terror suspects” following a campaign of violence in the Gulf Kingdom. Prosecutors described the perpetrators as a “sophisticated terror network” with international support. Bahrain’s National Security Agency made the arrests in August under new anti-terror laws. Members of the network included academics, taxi drivers, civil servants, dentists and clerks as well as several unemployed people. Bahrain’s public prosecution ofﬁcial, Abdulrahman Al Sayed, commented: “This sophisticated terrorist network … has undertaken and planned a systematic and layered campaign of violence and subversion, aimed squarely at undermining the national security of Bahrain.” The network is accused of seeking to overthrow Bahrain’s rulers by force. goo.gl/TCca

7 | One in five students have hacked One in five college and university students have hacked computer systems, despite recognising that it is wrong, according to new research. The research from IT security firm Tufin Technologies, found that around a third (32%) of the 1,000 UK students polled thought hacking was ‘cool’ and a similar percentage considered hacking to be easy. Vice-president of products, marketing and business development at Tufin Technologies, Shaul Efraim, said: “It is clear we have a smart new generation emerging that understands how to get around computer systems – some are doing it just for fun, others with slightly more sinister intent. Hacking is illegal and we need to ensure everyone understands that.” goo.gl/5zi5

8 | Britain faces ‘new wave’ of terror attacks Britain faces an increasing threat from lone, home-grown jihadists, as terrorists focus activity on a new small-scale style of violence, according a respected think-tank. The Royal United Services Institute (RUSI) said: “Al-Qaida and other related organisations have recently been sending out a higher number of lone individuals whose chances of success are considerably lower, but whose number and presence raise similar public anxieties.” RUSI also warned of the rising rate of radicalisation of Muslims in the UK prison system, which could produce up to “800 potentially violent radicals”. As they are released back into society, they will pose a signiﬁcant challenge to security services, said RUSI. goo.gl/ZwgO

9 | New labour law focus causes surge in Chinese worker disputes Chinese labourers are demanding better working conditions, leading to a surge in worker disputes that is overwhelming the courts. Local sources in China said that the number of labour disputes has grown as the Chinese government seeks to improve workplace conditions and make workers more aware of their rights. Official statistics showed 295,000 labour dispute cases brought to court in 2008, an increase of 95% from the previous year. The figure in 2009 was 318,600, and it was 207,400 in the first eight months of this year, China Daily said. Companies are unable to satisfy workers’ demands for higher wages, Chinese officials said. China has enacted two labour laws to guarantee workers’ rights and improve their access to legal arbitration. goo.gl/hhVX

10 | USA drops in competitiveness index For the second year running, Switzerland topped the World Economic Forum’s Global Competitiveness Index. The USA fell two places to fourth position, overtaken by Sweden (2) and Singapore (3). The WEF said that “macroeconomic imbalances” that have built up over time as well as a “weakening of the United States’ public and private institutions” and “lingering concerns about the state of its ﬁnancial markets” were the reasons for the downgrade. The UK, after falling in the rankings over recent years, moved back up by one place to 12th position. The People’s Republic of China (27) led the developing economies, improving by two more places this year. goo.gl/G95z

INFOGRAPHIC: CORRUPTION PERCEPTIONS This online infographic maps the perceived level of public sector corruption in 180 countries and territories around the world. It is based on Transparency International’s Corruption Perceptions Index. Fragile, unstable states that are scarred by war and ongoing conﬂict linger at the bottom of the index. Overall, results in the 2009 index are of great concern because corruption continues to lurk where opacity rules, where institutions still need strengthening and where governments have not implemented anti-corruption legal frameworks, Transparency International said. goo.gl/mlqu

Strategic RISK NOVEMBER 2010 |

04_05_News_Nov10.indd 5

www.strategicrisk.co.uk

21/10/2010 12:42

RISK INDICATOR

SURVEY

BRIBERY

Risk management still ‘ineffective’ Despite big investment in improving risk management since the ﬁnancial crisis, most executives still rate their companies as “ineffective” or only “moderately effective” at incorporating emerging risks into decisionmaking, according to a new survey. A global poll of 650 senior executives, conducted in April 2010, found most executives consider global recession to be the greatest risk to their businesses in the next 18 to 36 months. Pressing ﬁnancial events have pushed risks, such as climate change or pandemics, off most executives’ radar. Only a small minority of executives surveyed consider potential threats related to environmental issues, societal risks or technological concerns as major risks.

Bribe trends in Brazil Source of bribe demands

Form of bribe demands

Purpose of bribes

Fortaleza

Police

<$50,000

Extortion

Other government official

>$50,000

Undue advantage

Non-government official

Non-cash (gifts or entertainment)

Other

Natal

Salvador

Brasilia

The top five perceived global emerging risks (2010 v 2009)

Brazil

Global recession

Rio de Janeiro

Liquidity/ credit crunch

São Paulo

Regulation policy risk

2010 2009

Financial market volatility

P a c i f i c O c e a n

Porto Alegra

Commodity price volatility 0%

20% 40% 60% 80% Percentage of respondents

100%

S o u t h A t l a n t i c O c e a n

Organisations that increased their focus on emerging risk

10%

No change in risk capability Increased risk capability

Source: Oliver Wyman sponsored study by the Financial Times

90%

16% 9%

36%

Public ofﬁcials are the source of the vast majority (80%) of bribe demands in Brazil, according to a new report. And a signiﬁcant number of bribe demands (36%) are made by the police. More commonly bribe demands are extortionate (accounting for 40% of bribes), in other words payments are sought in exchange for avoiding harm to personal or commercial assets. Slightly fewer bribes (30%) are paid to receive an undue advantage, such as circumventing bureaucracy. Research summarised information about 121 bribes made between 2007 and 2010. Most demands are for less than $5,000 (e3,160). But 8% of bribes in Brazil involve more than $50,000. Cash was overwhelmingly the preferred payment, comprising 73% of bribes. A surprisingly high 27% of bribe solicitations in Brazil involve demands for non-cash payments such as gifts, entertainment and assistance with visas.

Primary challenges in identifying and assessing emerging risks Obtaining information

26% 13%

Insufficient analytical capabilities and methodologies Applying appropriate company resources and time Ensuring senior leadership focus Interpreting/aligning the data to the company’s strategies and operations Source: Trace International

Strategic RISK NOVEMBER 2010 |

www.strategicrisk.co.uk

RISK INDICATOR

Food for thought: breakfast is getting costly

SOUNDBITES

The cost of breakfast is going up in line with basic commodity prices, according to the Economist’s Breakfast Index. The prices for most of the raw ingredients of breakfast have increased by 25%.

“

Coffee

We are always facing destructive activities by these spy services and, of course, we have arrested a number of nuclear spies to block the enemy’s destructive moves

Oranges Economist commodity pricing index

Wheat

140

100 80 2009

2010

Shutterstock

”

Iranian intelligence minister Heidar Moslehi says his agency is able to counter cyber threats like the Stuxnet worm, which is believed to have been launched by Israel to disrupt Iran’s Russian-built Bushehr nuclear plant.

“

There are good reasons for taxing the ﬁnancial sector, and feasible ways to do so

Commodity prices 6 January 2009=100 (baseline)

“

DEBT

Public debt levels among advanced economies have reached levels not seen before in the absence of a major war

$1,000bn

China is the biggest foreign holder of US debt, followed by Japan. The grand total of all US debt held abroad is about $3.5 trillion (€4.83 trillion), with China owning around a quarter of this. China and the USA – the world’s two biggest economies – hold each other in a strange embrace. The fear is that China could inﬂuence American policy by threatening to sell its immense holdings (thus weakening the dollar). But the conventional wisdom is that China would never do this because it would be undermining its most important trading partner, effectively cutting off its nose to spite its face.

765.7

$800bn $700bn $600bn $500bn $400bn

148.7

141.8

116.5

$100bn

89.7

88.4

52.8

47.8

Germany

169.3

Canada

178

$200bn

Reuters

$300bn

Artwork: Jamie Sneddon

Luxembourg

Switzerland

Taiwan

Russia

Hong Kong

Brazil

Japan

China

$0bn

Reuters

$900bn

istockphoto.com/apcuk

Who owns America’s debt?

894.8

”

Algirdas Šemeta, EU commissioner for taxation, sets out the European Commission’s ideas for the future taxation of the ﬁnancial sector. The Commission supports the idea of a so-called ‘Robin Hood’ tax on ﬁnancial transactions, but businesses say that would cause them to relocate out of the EU.

”

Carlo Cottarelli, director of the IMF’s ﬁscal affairs unit, says some of the most indebted countries in Europe are way beyond sustainable positions. Government debt in the G20 advanced economies surged from 78% of GDP in 2007 to 97% in 2009, and is projected to rise to 115% of GDP in 2015.

“

The whole settlement should be bulldozed to the ground

”

Janos Potza, an angry resident from one of the villages left uninhabitable after an accident at an aluminium processing plant in Hungary released a ﬂood of toxic sludge, which is now threatening the ecosystem of the Danube.

Source: Computational Legal Studies (2009 ﬁgures)

Strategic RISK NOVEMBER 2010 |

www.strategicrisk.co.uk

Sources: Reuters, The Telegraph

Sources: Chicago Board of Trade; International Coffee Organisation; Bloomberg; The Economist

120

NEWS ANALYSIS By Andrew Leslie

For more analysis go to www.strategicrisk.co.uk

Learn the art of ageing a workforce gracefully

Grounds for dismissal for someone over the previous ‘retirement age’ are exactly the same as for someone younger with exactly the same problems of aging populations, longer life expectancy, and the difficulty of funding state pensions into the future at current levels. Most are planning to raise the retirement age, either rapidly or in steps. France, with the most generous retirement age in Europe, suffered nationwide strikes in September as unions battled to force the government to scrap plans to raise it from 60 to 62, while Greece has seen equally bitter protests over pension reform. The consequences of running out of money to pay pensions are equally vivid. In Estonia, the government was forced to suspend its contributions to the ‘second pillar’ of the pension system in 2009 – with the result, according to statistics published by the BBC, that both male and female employees are now working up to three years beyond the official age of retirement.

to be exaggerated, and certainly outweighed by the benefits of allowing people to stay on. With the government’s announcement of the abolition of the DRA, the controversy has heightened, with Rachel Krys of the Employers’ Forum on Age describing the move as “an incredible leap forward in employment practices”, but Graeme Leach of the Institute of Directors saying: “We greatly regret the government’s decision.” A consultation period lasts until the middle of October this year. For organisations preparing to adjust to the new regime, it is key to avoid any age discrimination when considering redundancies or dismissals. Grounds for dismissal are exactly the same for someone over the previous ‘retirement age’ as for someone younger. Although a worker may still be compulsorily retired, an objective case will have to be made for doing so. It would be a rash employer who came up with “he’s getting a bit past it” as a justification, rather than producing clear, specific evidence. Certainly, managers will now have to document and manage performance more carefully to avoid a rash of claims under age discrimination or unfair dismissal rules. And it will no longer be possible to assume that an underperforming worker will be retiring in a couple of years, and so avoid taking action. Equally, the already tangled arguments over what constitutes ‘a legitimate aim’ that can justify discrimination by age, are likely to become even more complex.

Still on learning curve A survey, Managing an Ageing Workforce, published this September by the Chartered Management

Institute and the Chartered Institute of Personnel and Development found that only 14% of managers and human resources professionals considered their organisation to be very well prepared to cope with the issues caused by an ageing workforce, despite the fact that over 90% of the organisations surveyed said that they valued their older workers. Equally, only 7% of organisations offered training on managing older workers, despite 47% thinking such training was necessary. At the time the survey was conducted, 57% of organisations were using the DRA of 65 as the basis of their retirement policy, with only 16% having no fixed age of retirement. Quite clearly then, a large number are going to have to review their policies and consider what changes to practice, and above all to culture, will have to be made. The survey showed that there is much work still to be done, and concluded: “Despite examples of good practice, the survey findings suggest that many managers lack awareness of their organisations’ policies relating to the employment of older workers. Line managers and middle managers in particular are not clued-up about retirement policies. They are also the groups most likely to find managing older people a challenge. “It is likely they would benefit from training to help them manage older workers more effectively as well as specific training on approaches to retirement.” ■ Reuters

Exactly a year ago, StrategicRISK highlighted the possibility that the default retirement age (DRA) in the UK would be scrapped. Demographic pressures, the perceived inadequacy of pension provision and likely conflicts with age discrimination legislation suggested it was only a matter of time before employers were no longer able to compel workers to retire at the age of 65. Indeed, one of the first acts of the new UK coalition government was to announce the abolition of the DRA. From 6 April 2011, employers will not be able to issue forced retirement notices and the DRA will be scrapped altogether in October 2011. The government is also planning to raise the age at which the state pension can be claimed to 66 from 2016, making it inevitable that most people will continue working for at least a year longer than at present. Throughout Europe, governments are grappling

Beneﬁts as well as risks Whether the inevitable raising of retirement ages happens swiftly or slowly, under protest or peacefully, employers are faced with the question of how to manage an older labour force. In the UK, as we reported last year, there were two opposing schools of thought among employers: on the one hand, those who were concerned by the extra costs and risks; on the other hand, those who considered these worries

Strategic RISK NOVEMBER 2010 |

08_NewsAnalysis_Nov10.indd 8

A battle between unions and the French government over raising the retirement age to 62 led to nationwide strikes

www.strategicrisk.co.uk

13/10/2010 14:58

Different views, different risks: We help you put it all together.

Different clients face different challenges. We at Allianz Global Corporate & Specialty work in partnership with our clients to develop the tailored cover they need â&#x20AC;&#x201C; whatever the challenge. Find out why we are the choice of so many Fortune Global 500ÂŽ companies, and discover a partnership you can rely on. www.agcs.allianz.com

Allianz is a registered trademark of Allianz SE, Germany. Allianz SE is the parent company of entities around the world. The range of services in different markets may vary.

NEWS ANALYSIS by Nathan Skinner

For more analysis go to www.strategicrisk.co.uk

Diasporas send risks and opportunities worldwide The demographic imbalance in China could lead in 10 years to 22 million ‘spare’ 18- to 25-year-olds

Multiculturalism, under which immigrants are The Earth’s population is rising dramatically and is encouraged to retain the culture of their country set to reach nine billion by 2030. As the population of origin, is pursued in Canada, Australia, the grows and resources are put under more strain, Netherlands and the UK. But it has been called there will be pressure for people to move away from into question recently after events like the London their place of birth, usually in pursuit of economic transport bombings in July 2005 and the murder of opportunities or personal profit. As populations radical right-wing politician Pim Fortuyn in Holland shift, migrants can benefit their hosts or put yet more in 2002. Both crimes were committed by angry pressure on the communities to which they move. individuals from an ethnic minority. Migration is one of the defining elements of Meanwhile, homegrown terrorism is more globalisation. The combined effects of jet travel common in the UK than in the USA, which is and the internet have shrunk the earth. Such sometimes attributed to the technological advances enable distinct USA encouraging immigrants to groups of people to disperse from their assimilate with the dominant culture, traditional homelands while at the although this argument is frequently same time retaining a distinct sense GREEK open to debate. of common identity. These diasporas DIASPORA Estimates of maintain a link with their homeland major populations 2008 and each other through the internet The beneﬁts of 700,000 or more and cheap air travel, explains Rear migrant skills 120,000 – 355,000 Admiral Chris Parry, formerly a Royal Despite these risks, mass migration 20,000–40,000 Navy strategist. “But the problem with can bring many benefits. The UK diasporas is they transmit both risks construction and service sectors have 10,000–14,000 and opportunities.” benefited for a number of years from no data While the free movement of people a deep pool of highly skilled and has benefited mankind enormously, hard-working Poles. The Polish both in terms of economic liberalism diaspora is one of the UK’s biggest. As and multiculturalism, it also has the well as providing the host country with potential to spread risk. Consider the a talented workforce, this migration has LEBANESE rapid reach of pandemics like SARS, helped spread economic rewards. DIASPORA Estimates of avian flu and swine flu. Some developing countries major populations 2009 Diasporas can take even more depend on their diaspora for income. threatening manifestations, such as Remittances by expatriate workers 400,000–800,000 ideological or religious extremism; a back to their home countries topped 60,000–110,000 small minority of disaffected young $316bn (£224bn) in 2009, a five-fold 10,000–40,000 Muslim men living in Britain feel increase over 1990. These capital 5,000–4,999 sufficiently aggrieved to turn to inflows constitute a vital chunk of no data terrorism. The would-be terrorists GDP in some countries (40% in the feel more connected (via cyberspace) Democratic Republic of the Congo Source: The Atlas of Human Migration to the dangerous world of religious and over 20% in Lebanon and extremism than to the British Moldova). communities in which they have lived Provided they are allowed and inadvertently helped China establish a huge global most of their lives. encouraged to integrate, diasporas can bring presence. More recently, China’s one-child-only These dangers and others have forced many benefits to their host country. Young tech policy has led to a massive demographic imbalance. governments to impose restrictions on international wizards from China, for example, could be a Parry, who used to head a Ministry of Defence travel and put up barriers (literally, in the case of the boon for hi-tech industry in the UK or another unit tasked with identifying future threats to US barricading its border with Mexico). European market. Britain’s security, says: “The huge demographic Most countries recognise this and seek to increase imbalance in China means that in 10 years, they the number of skilled migrants to fill specific job could end up with 22 million ‘spare’ 18- to 25-yearClassic diasporas requirements, particularly in the fields of health olds.” Pushed out into the diaspora, these highly The graphics below show two classic diasporas. The and IT. Some countries, such as the Philippines, educated stateless young Chinese men could pose Lebanese diaspora (bottom) maps the geography of specifically train nurses for the global market. a risk to Western countries, warns Parry. Macho its trading settlements over the past century, while Skilled workers, though, make up a minority of all youth combined with low economic prospects the current distribution of Greeks (top) comprises migrants, but the figures are increasing. can lead to problems including organised criminal a mixture of early colonies, trading settlements in There may be little that risk managers can do activity, he says. Africa and labour migration to North America. other than be aware of these trends. The reality is The fact that there is very little pressure on Another classic diaspora is that of the Chinese. that networks of people across the world exploit diasporas to integrate into their host countries The decline of the Chinese empire in the 19th opportunity and create risk depending on their does not help. In most cases, they maintain century and its shift to Communism in the 20th own motivations. ■ stronger contact with their home countries. century led many Chinese citizens to leave, which

10 Strategic RISK OCTOBER 2010 |

www.strategicrisk.co.uk

Project1:Layout 1

4/6/10

12:13

Page 1

Glory, passion, pride – what will you be playing for?

How’s your team doing in the Aviva Premiership Rugby Fantasy Challenge A few weeks into the season and now’s the time to get serious. How are your management skills shaping up? Will you stay the course? And if you haven’t entered yet, there’s still time to pick your team and get the chance to win fantastic prizes. And it’s free to enter. To register all you have to do is go to: www.strategicrisk.co.uk/avivapremiershiprugby For full terms and conditions, please visit www.strategicrisk.co.uk/avivapremiershiprugby Issued for use by insurance intermediaries only. This information has not been approved for use with customers. Aviva Insurance UK Limited. Registered in England No. 99122. Registered Ofﬁce: 8 Surrey Street Norwich NR1 3NG. Authorised and regulated by the Financial Services Authority.

In association with

NEWS ANALYSIS

For more analysis go to www.strategicrisk.co.uk

Farewell Fido and Fluffy ... you’re too much of a threat Two years ago, Discover magazine warned: “The principles of infectious disease are the same as they have always been, but modern conditions, including life in proximity to pets and mammal-filled woods, are exposing us to new pathogen reservoirs and new modes of transmitting disease.” More recently, the United Nations has suggested that domesticated animals will be the source of the next pandemic. The warnings beg two questions. First, how seriously are European organisations taking the threat – bearing in mind that most knowledgeable commentators talk about ‘when’ rather than ‘if’? Secondly, if the next pandemic results as a mutation from domesticated animals, could the response vary, depending on just what types of animals are involved? Just over a year ago, in an editor’s letter, I warned that a new danger could result if governments and international associations over-reacted to potential pandemics – in that case, swine flu (previously avian flu). I said that false alerts that did not materialise into real problems would make companies less inclined to react the next time an alert came along.

Sense of security Hopefully, companies have now got their pandemic response programmes in place anyway – or have they? Aon Global Risk Consulting senior consultant Scott Nicholl likens the reaction to the last two predicted pandemics to the furore that surrounded Y2K, the so-called millennium bug expected to bite and destroy computer systems on the change of the century. “A lot of people thought it was out of proportion,” Nicholl says – although he points out that if companies had not taken the issue seriously, the results could have been much worse.

Government and business shouldn’t discount pandemics, and they must not fall off the risk radar Nicholl thinks that organisations may be embracing a false sense of security if they consider pandemic planning a waste of time. “You have to take a proportionate approach but you shouldn’t discount it and it shouldn’t fall off the risk radar,” he says. However, all the signs are that the companies now putting the greatest effort into pandemic planning are either those that believe they would be affected directly, notably those in Asian countries such as China, or those that would experience a severe indirect impact – corporations whose business and

therefore profits depend on international travel. In the early years of this decade, severe acute respiratory syndrome (SARS) became a threat, apparently beginning in China and spread by international travellers. More recently, we’ve had avian flu (for which China got its fair share of blame) and swine flu. While the most virulent strain of the latter first became apparent in Mexico, it soon spread to China. As recently as September 2009, China’s health minister said the nation was facing “a grim situation as it tries to contain a rapid surge in swine flu”. Perhaps it’s not surprising that Marsh recently conducted a survey into the preparedness for a pandemic of companies with a presence in China.

At the sharp end

Going back to the second point I mentioned, viruses are great survivors and have mutated and transferred to other species in ways that were not foreseen. We’ve already seen culls of domesticated animals – turkeys and pigs – as a result of avian and swine flu. But what happens if the threat is in the home? Suppose it’s cats or dogs that are identified as the possible transmitters of a human pandemic? There are a lot of controls around farm animals in Europe so that the appropriate authorities, as well as the owners, know pretty much where they are and the numbers involved. The same does not apply to pets. Plus, there’s an emotional tie between owners and pets that generally does not occur with farmers and their animals. If the next pandemic proves to be caused by transfer from our pets, how many of us will be prepared to sacrifice Fido or Fluffy to a cull for the national – or international – good? Not many, I suspect. ■

With respect to the indirect impact, StrategicRISK ran a case study in September 2007 focusing on international airline catering supplier Gate Gourmet’s preparation and testing of a pandemic business continuity plan. Gate Gourmet is headquartered in Switzerland but has significant catering operations around the globe including Europe, the Americas and Asia. Nicholl, who coauthored the report, says: “Organisations at the sharp SWINE FLU end are very likely, like Gate 14,286* Gourmet, to have continued to keep their plan up to date and to actively monitor it. If the worst happened, their revenue could disappear overnight.” SARS However, it’s likely that 774** organisations that don’t see an immediate threat are not focusing on specific pandemic planning. Instead, they’re hoping that AVIAN FLU their business interruption plans will pick up disruption 300*** from pandemics along with that from other contingencies. This is fine so long as those companies’ plans take account of the worst-case scenario – which includes disruption The figures for SARS and avian flu deaths are as reported by the World Health not only arising from their Organisation. These numbers are believed to be an under-representation of the own business and people actual total because many deaths are never tested or recognised as flu related. being out of action, but also The number of swine flu deaths comes from an European Centre for Disease those of their suppliers and Prevention and Control report from January 2010. customers all at the same Sources: WHO and ECDC time. I wonder just how many * Data accurate at December 2003 ** Data accurate at August 2010 *** Data accurate at business interruption plans August 2010 actually do this?

PANDEMIC DEATH TOLLS COMPARED

Strategic RISK NOVEMBER 2010 |

www.strategicrisk.co.uk

a n i h C h t u o S s t n i i n n u o y o r h o t p c y a f , “A t s e n i l r e w o p d e a k f c o e r r e w e r a c e h ’ t ’ n d o n d a n o L n i r e g a n a m k ris

A typhoon doesn’t just wreck buildings, it destroys production targets, goodwill and reputations. That’s why FM Global believes that the best insurance is the kind you never need. So, we don’t just insure, we help you to prevent. At our US $123 million research centre, we test just how well your buildings will stand up to a typhoon. We visit critical sites in your supply chain to make sure they’re structurally sound. And we work with you on a long-term strategy to lower risk. In short, we don’t just help to secure your roof, we help secure your future. Speak to your FM Global representative or contact your broker, and visit www.fmglobal.co.uk/touchpoints to read our latest White Papers.

Secure the value you create

PEOPLE & OPINION

IN MY OPINION

Periscope up! Why we must watch for risks from the sea The scramble for access to the treasures of the sea is one of the emerging threats to international stability, says Rear Admiral Chris Parry, a UK defence and security strategist

16 Strategic RISK NOVEMBER 2010 |

www.strategicrisk.co.uk

The United Nations Convention on the Law of the Sea has generally restrained overt competition while encouraging co-operation over the past decade or so, but it is expected that its provisions will come under increasing pressure. Competition on the high seas has also been limited by the dominance of the USA and its allies. What effect will resource constraints and cost growth have on their ability to preserve the freedom of the seas and international order, just as regional powers such as China, India, Iran and a reviving Russia seek to assert themselves?

Seaborne terror A more immediate problem is likely to be a significant increase in risks associated with irregular activity, originating from sub-state actors, criminals and terrorists. Jihadist literature and other more secular terrorist websites consistently stress the intention to attack the economic lifelines of the developed world, in particular those associated with oil and gas. They also list cruise liners, large ferries and those ships supporting military operations in Muslim countries as desirable targets and, in the wake of the Deepwater Horizon disaster, publicise the potential of striking oil and gas platforms and large

tankers so as to create shock through widespread environmental damage. Until now, terrorist attacks at sea have been isolated incidents. They have been carried out against moored or slow-moving ships – typically, the French oil tanker Limburg, which in 2002 was rammed off Yemen by a small boat carrying explosives, and the USS Cole, a destroyer that was bombed by Al-Qaeda in Aden in 2000; 17 American sailors died. Untypically, the Sea Tigers, the naval wing of the Tamil Tigers, used specialised craft and suicide tactics to conduct a sustained, co-ordinated campaign against Sri Lankan government forces and civilian targets during the last decade. Also, Somali pirates have succeeded in capturing a large number of ships and hostages with little firepower and effort. It is likely that terrorists will have learned lessons from both these operations. The way in which the Somali pirates, in particular, have operated almost 1,100 miles offshore through the use of mother ships will not have gone unnoticed. Indeed, the terrorists who carried out the November 2008 assault on Mumbai first captured the Indian trawler Kuber, and killed her crew. The boat provided a platform for a final approach by smaller inflatable boats. Attack from the sea is likely to feature more prominently in both terrorist and criminal operations. Well before Mumbai, acute commentators were anticipating such operations against economic and prestige targets, as well as assaults on isolated, offshore installations.

Under the surface

Corbis

hange in our interdependent world is being characterised by unprecedented levels of economic integration, technological convergence and a varying pace of modernisation across virtually every country and society. Meanwhile, in response to pressure on the world’s resources and the need for sustained growth, inter-state relations display a complex balance of co-operation and competition, although outright competition is constrained by the linkages that are part of a consensus-based, international system of law and order. Nowhere is this balance more apparent than in the scramble for access to, and increased exploitation of, the sea. Three main themes seem set to dominate the next 10-15 years: coastal complexity, sustainable development and oceanic competition. History and recent experience tell us that peace at sea does not keep itself, and all three themes have implications for security and the maintenance of order. The most densely populated and economically productive areas of the world are nearly all within 150 miles of the sea, and two main processes are under way. First, rising sea levels caused by climate change will affect coastlines and the way of life in many countries. Secondly, pressure on land use, predominantly for human habitation and economic growth, means that mankind is going offshore. This trend is taking the form of the construction of artificial islands for habitation and the positioning offshore of industrial hubs and nuclear installations, as well as substantial renewable energy projects. The sheer scale of such developments will add significant complexity to security challenges. On the high seas, there will be a concerted drive to exploit resources. This will involve not just fish, oil and gas but mineral extraction from the seabed. Access to trade routes and areas of strategic importance will remain areas of contention. On the basis of historic evidence, these factors could lead to numerous significant jurisdictional and boundary disputes, such as the persistent arguments over the Paracel and Spratly Islands in and around the South China Sea, and unilateral extensions of states’ areas of vital interest into what, until now, has been considered international waters.

One aspect that is perhaps being overlooked by some security experts is the potential of minisubmarines and semi-submersible vehicles (usually used for covert and special force operations), which have proliferated over the past decade, with notable examples in use by Iran and North Korea. In addition, both South American drugstraffickers and the Sea Tigers put into use improvised semi-submersibles capable of penetrating conventional detection systems. Indeed, the so-called narco-subs – commercially sourced and comprising light-weight, low detection materials – are increasingly able and reliable.

PEOPLE & OPINION

Q&A Sandra Quinn, people risk director, Lloyds Banking Group Quinn was appointed in August this year, and StrategicRISK poses some questions about her position

Further subsea exploitation by terrorists and criminals – and possibly by adventurist or rogue states – is likely as technologies and advanced hull-forms become more available. Already, recreational and research variants, which can go deeper for longer, are on the market. These will allow covert entry to ports, easier attacks on targets accessible from the sea and the laying of mines or improvised explosives.

History and recent experience tell us that peace at sea does not keep itself Countries are already putting in place measures to deter, detect and defeat the risks and threats associated with seaborne criminal and terrorist activity, as well as irregular, deniable attacks by state-based opponents (experienced by South Korea) or their proxies. As Israel, India and other countries have discovered, terrorists and criminals are increasingly interested in the sea as an operational medium. Sophisticated, integrated surveillance systems, along with more robust and comprehensive key point and harbour protection schemes, will be required to cope with the threats posed to increasingly complex coastal regions. Continued vigilance will be necessary, together with the sensible application of vulnerability-based risk assessments and the integrated use of a range of available and emerging technologies, to deter, detect and defeat a wide range of potential risks both at and from the sea. Rear Admiral Chris Parry CBE is a British former naval officer and is chair of the UK government’s Marine Management Organisation

READ MORE ONLINE

For more political risk updates, go to strategicrisk.co.uk

goo.gl/mQ6G

What does the role entail? As a business of some 100,000-plus people, we are conscious that we need a people perspective in our risk management. It is our people who are the face and substance of Lloyds Banking Group. Risk management has always been undertaken here, but I was invited to develop the way we do risk management in HR, and also to develop our management of people risk. As far as you are aware, is the role unique? I haven’t come across anybody with the same title. For many businesses there is an increasing recognition that to be effective in risk management, you have to include a people dimension. That includes controls and processes, the culture, behaviours, the way you incentivise people, the way you remunerate them, the way you performance-manage them and the way you attract, retain and develop talent. Bankers’ pay is under scrutiny. How will you ensure your staff are remunerated appropriately? In compliance with the FSA remuneration code we aim to ensure that in rewarding our people those rewards take into account the risks involved in the underlying business. The director of reward at

Lloyds has the principal responsibility in relation to our remuneration policy. Do you have any plans to link remuneration of staff to their risk management credentials, rather than short-term business objectives? Our staff are rewarded on a long-term rather than short-term basis. The FSA’s remuneration code includes provisions for deferring bonuses and for ensuring that short-term risk-taking is not the principal driver of reward. Will you have enough influence to effect change? I report to the chief risk officer, who is an influential senior executive. The fact that I’ve been appointed and I’m carrying out the role is a signal that the group is taking things seriously. In the run-up to the banking crisis, HBOS clearly had serious cultural problems. How will you stop that affecting the merged group? An integration programme has been under way here for more than 18 months. The effort and importance that is attached to that process has made a huge impression on me. We think of ourselves as being the Lloyds Banking Group, and the group is clear about its vision and culture.

Insight MANAGING THE RISKS OF THE RUGBY WORLD CUP

Robert Brophy, head of finance at the International Rugby Board, explains the top risks at next year’s rugby world cup in New Zealand With the Commonwealth Games in Delhi, as with any major sporting event, the stadiums are a significant risk. New Zealand will host next year’s rugby world cup and the country is fortunate to have an excess of suitable stadiums; perhaps they could be bigger, but then this is the biggest event New Zealand will stage, and it is unlikely to need bigger stadiums in the future. Rugby New Zealand (RNZ) 2011 is a joint venture between the government and the New Zealand Rugby Union. RNZ has been been established to focus on the delivery of the tournament. Challenges will include the number of TV broadcast trucks and the quality of accommodation, but RNZ has had four years to prepare for this, and most operational challenges have been dealt with. A third risk is the commercial side. The NZ time zone – 12 hours ahead of Europe – is less than ideal because the European market is by far the biggest driver of revenue for the game. On top of this, NZ is a small commercial marketplace. This all represents a big risk. The International Rugby Board has its own risks that are separate, but the most risk arises from the host country. You cannot ignore the risk of cancellation and abandonment, and then there are factors likely to make travel difficult, such as the threat of disease or an eruption of volcanic ash. These things are covered by insurance – and we locked away the cover two years ago. We’ve always gone early into the market on this, while other sporting bodies have gone in one year out, and ended up with a more expensive and less comprehensive policy. We feel the more likely risks are local risks: that’s why we’ve worked closely with RNZ on those. • StrategicRISK is running a Fantasy Rugby game for readers. For more details, see page 20.

Strategic RISK NOVEMBER 2010 |

www.strategicrisk.co.uk

RISK SURVEY

Don’t stop me now When any number of problems could bring business grinding to halt, a continuity plan is vital. And, according to the latest survey by StrategicRISK, senior management agree Extreme weather was the event most likely to have caused disruption to your organisations in the past year – 31% said it had done so in the latest StrategicRISK reader poll in association with Ace. This was followed by loss of IT (20%) and utility outage (14%). Surprisingly, relatively few (5%) of the 85-strong sample of European risk managers had suffered interruption in the last year as a result of supply chain problems. This stands in sharp contrast to the generally perceived wisdom that a downturn leads to more disruption of supply chains. In the future, most respondents (27%) thought that loss of IT would be the biggest potential threat over the one-year horizon. Utility outage and damage to corporate reputation were the two other factors cited by most (11% each) as likely to cause disruption within the next year.

Does your organisation have a business continuity plan covering all of the critical business activities?

In the process of implementing one

Yes

7 No

Loss of key skills was also cited by 9%, indicating that some businesses are cautious about losing key human resources as their organisations downsize in the face of a drawn-out recession. Once again, only 4% of respondents cited supply chain issues as the main business continuity risk in the near future.

Be prepared It was heartening to see that 65% of the businesses surveyed had some sort of continuity plan in place covering critical activities. But a signiﬁcant minority (28%) are only just in the process of implementing one. Seven per cent of the survey respondents have no plan in place. Around three-quarters of our sample have access to an alternative work site in the event of a major disruption. Furthermore, almost all (94%) of

What is the biggest external driver of business continuity managment?

Did any of the following events cause disruption to your organisation in the past year?

1 Fire 3 Pressure group protest

46 46 Corporate governance standards

Strategic imperative

Customer demand

Which of the following disruptions do you consider to be the biggest potential threat over the next year?

the organisations we sampled support remote working in the event of a major disruption. The message is clear though: businesses need to ensure that they have the infrastructure in place to do this.

Drivers Customer demand did not feature as a prominent driver of business continuity management (only 8% said so). Instead, business continuity initiatives are likely to be driven by strategic imperatives (46%) or corporate governance standards (46%). The vast majority of businesses in our sample believe business continuity reduces the incidents of disruption on their organisation (82% believed it did so “well” or “extremely well”). Just over one in 10 (12%), however, felt that it did not have this effect.

Don’t know

How far does business continuity management reduce disruption?

50 Well

32 Extremely well

1 Negative publicity/coverage 1 Environmental incident 1 Flood/high winds 1 Customer health/product safety 3 Terrorist damage

3 Loss of key skills

4 Supply chain disruption

4 Environment incident

4 Fire

5 Supply chain disruption

5 Loss of access to site

6 Loss of telecommunications

6 Industrial action

6 Loss of people

8 Loss of telecommunications

7 Loss of access to site

Not very well

8 Loss of people

14 Utility outage eg electricity, gas, water, sewage

9 Loss of key skills

20 Loss of IT 31 Extreme weather eg flood/high winds

11 Utility outage eg electricity, gas, water, sewage 11 Damage to corporate image/brand/reputation 27 Loss of IT

NB: all charts show percentage of respondents 18 Strategic RISK NOVEMBER 2010 |

www.strategicrisk.co.uk

RISK SURVEY in association with

EXPERT VIEW

Level of awareness Business continuity management is regarded “highly” or “very highly” by senior management within the large majority of our sample organisations. Only 21% said their bosses did not place business continuity very highly. Around half (49%) of the organisations queried said that senior management takes responsibility for business continuity. The board takes responsibility in a minority (14%) of the sample. In a ﬁfth of the organisations, either operational staff or the operational risk department were the prime sponsors. In other cases (17%), a speciﬁc business continuity team is responsible for it.

Partnering up Around half (47%) of respondents indicated that their business-critical suppliers are required to have business continuity plans in place. A further quarter (28%) said they intended to implement this requirement on their suppliers or outsource partners. The results indicate that there is quite a strong trickle-down effect for business continuity, where larger businesses insist that

Does your organisation have access to an alternative ofﬁce or work site in the event of a major disruption?

their smaller suppliers have the measures in place to prevent disruption. This could be why few businesses fear disruption from a supply chain failure – they feel measures are in place to mitigate the risk.

Flu awareness Focusing on the risk of disruption from a global flu pandemic, only around a third (36%) of the respondents think their plans are significantly robust to deal with an outbreak, although 6% of these respondents think their measures are “very robust”. The majority either have no specific plans for the threat (15%) or think their measures are “weak” (7%) or only “moderate” (42%). A third (32%) think that a flu pandemic would lead to absenteeism rates of up to 10%. And the most likely length of employee absenteeism is one to two weeks, according to 46% of the survey’s respondents. Overall the results clearly show that business continuity is regarded by most organisations as essential. It also appears to be taken seriously at the top level of most organisations. ■

Yes

Who takes reponsibility for business continuity?

Senior management

BCM team

Business continuity planning is a key factor in reducing property damage and business interruption in the event of a major loss. It can reduce losses by more than 50%. It can also help protect important intangibles such as market share and proﬁle. An effective plan should include a risk analysis to identify all potential business interruptions, the length of time or extent of potential interruptions and business impact. Additional analysis of the suppliers and manufacturers of critical equipment and components will help formulate a recovery strategy. But a formalised business continuity plan is not the end point. Rather it should be the catalyst for a cultural change within an organisation. An effective plan is one that is regularly tested and reviewed. This can raise the proﬁle of business continuity planning in an organisation and can lead to a cultural shift within an organisation, so that activities and developments within it are undertaken from the outset with continuity planning always in mind. Business continuity planning is a key tool in protecting a business and its assets, and should be seen as a continual business continuity process rather than a business continuity plan. Imran Malhi is an account engineer with Ace

What level of absenteeism do you expect in the event of an inﬂueza pandemic? 35% 30%

Board

Operational Operational staff risk department

25% 20% 15% 10%

Out IT systems do not support remote working Not possible due to nature of the organisation’s work

Does your organisation support remote working in the event of a major disruption?

93 To a great extent

Does your organisation require its suppliers or outsource partners to have business continuity plans?

12 All suppliers

Business-critical suppliers only

Up to 10% 11%-20% 21%-30% 31%-40% Over 40%

Don’t know

What is the anticipated length of employee absenteeism following an inﬂueza pandemic?

Intends to

50% 45% 40%

How importantly is business continuity management regarded by senior management within your organisation?

Don’t know

Not very highly

31 Very highly

47 Highly

How effective do you think your current continuity plans are to deal with an inﬂuenza outbreak?

6 Very

15 No plans

robust

30 Robust

7 Weak

42 Moderate

35% 30% 25% 20% 15% 10% 5% 0

0-1 weeks

1-2 weeks

Strategic RISK NOVEMBER 2010 |

2-4 weeks

More than 4 weeks

www.strategicrisk.co.uk

AVIVA PREMIERSHIP RUGBY FANTASY CHALLENGE

StrategicRISK has teamed up with Aviva to bring you an exciting Fantasy Rugby thrill-fest. Enter online and compete with your risk and insurance friends for the chance to win fantastic prizes*, including exclusive tickets to the Aviva Premiership Final. OCTOBER’S TOP 10 PERFORMING MANAGERS

OVERALL TOP 10 MANAGERS MANAGER

TEAM NAME

POINTS

MANAGER

TEAM NAME

POINTS

David Bee Nigel Screen Cameron Yeo Dan Broome David Perry Craig Brown Adrian Simpson Brian Spinks David Blyth Tina Baum

Future Stars The Shunters Cam’s Crusaders Odd shaped balls Millwall Mavericks RFU Browns Beer Drinkers Andy Powell’s Ryder Cup XV Spinks Stars B-Force is gonna get you The Macrae Springers

352 339 338 334 329 328 328 327 326 324

Mike Wildy Alistair Wardale Cameron Yeo Emma Pinder Adrian Simpson Peter Graham Nick Sigwart Jonathan Meyers Julian Cartman Simon Boulton

Shedheads ali’s assemblance Cam’s Crusaders Paddington’s Panthers Andy Powell’s Ryder Cup XV Luck of the Irish Fat Tankers The Cruncher Herts Crusaders 80U170N

71 71 70 70 69 68 68 68 68 67

TOP 10 POINTS SCORERS SO FAR

OVERALL TOP 10 RISK MANAGERS MANAGER

TEAM NAME

POINTS

PLAYER

POINTS

POSITION

CLUB

Ben King Iain Grieve Evonne Robinson Martin McRandal Martin Gillett Owen Laverty Matthew Craft James Agate Patrick Smith Richard Clifford

Wasps Winners Team Iain Taines Marauders Triple Clowns Callard sliced it! Dunder Mifflinity ciacs Kings Cross Stealers Stormers The Odd Sods

299 285 284 281 273 270 267 261 257 257

Nick Evans Ryan Lamb Gareth Steenson Derick Hougaard Dave Walder Jimmy Gopperth Nick Macleod Shane Geraghty Nicky Robinson Olly Barkley

70 68 63 62 52 45 41 36 35 32

Fly half Fly half Fly half/Centre Fly half Fly half Fly half Full back Fly half/Centre Fly half Centre/Fly half

Harlequins London Irish Exeter Chiefs Saracens London Wasps Newcastle Falcons Sale Sharks Northampton Saints Gloucester Bath

RISK MANAGER OF THE MONTH Winner Company Team name Points

Ben King, risk surveyor Aspire Wasps Winners 299

After the first month of play, the best performing risk manager in the Aviva Premiership Rugby Fantasy Challenge is Ben King. Ben, who is a risk surveyor with Aspire, was disappointed to lose out on the overall top spot to a broker. “It’s always nice to be at the top but it is fun just playing,” he said. He likes to keep up to date on his team’s performance twice a week: once on a Monday (after the weekend’s play) and

again on Friday, when he checks out the news headlines to see how his players are performing and if any changes are required. He plays with a friend at work and the two of them have their own league. “I’m a London Wasps fan,” says Ben, who used to play rugby at school. “I go there a few times a year. But I don’t play rugby anymore. I don’t think I’d be much good now. I was usually stuck on the wing where I could stay out of trouble”. “I’ve got three Wasps players in my team but I tried to be even, because I didn’t know how we were going to do. I tried to pick players who would play quite a bit and do well. There’s always a certain amount of luck in any Fantasy Rugby game but I picked players that I thought would do alright and I had an idea of how they would get on.”

strategicrisk.co.uk/avivapremiershiprugby *T&Cs apply, please visit strategicrisk.co.uk/avivapremiershiprugby

20 Strategic RISK NOVEMBER 2010 |

www.strategicrisk.co.uk

ANNUAL DINNER 2010

Tuesday 30th November - Lancaster London Airmic would like to invite you to the 47th Annual Dinner at the Lancaster London Hotel in London. Join the Chairman, Board and our members for the most celebrated occasion in the insurance and risk management calendar. For more information on prices or to book tickets visit: www.airmicdinner.com

Together Leading in Risk

COVER STORY

Don’t gag the birdie The likes of Facebook and Twitter have created new ways for businesses to connect with their customers. Now they must learn to use these social media platforms while not ignoring the reputation risks they pose. Nathan Skinner reports

eputation economy is the Silicon Valleycoined term that describes the way the standing of a product, person or company is framed by the evaluation of consumers. These days, it is normally applied to the realm of web 2.0, which refers to all the interactive and network-based applications of the world wide web, such as blogs, wikis and social networks. A company might spend millions building up its reputation in the eyes of consumers, but it can easily be broken – and is increasingly vulnerable online. The explosive growth of user-generated web content is one of the main dangers. Social networking sites, like Facebook and Twitter, but increasingly also user review sites, such as TripAdvisor and Yelp, offer consumers a soapbox to express their views or pass judgment on anything from the latest celebrity haircut to the price of fish. One of the big differences with this new form of media is that it doesn’t play by the same rules as more traditional formats, such as newspapers, where content is checked for accuracy before being published. That’s partly because of the opaque legal rules governing the electronic environment, where internet libel isn’t always easy to prove. Added to that, more and more people are using these networks to communicate. Over 211 million people in Europe use social networking sites, mainly Facebook, according to the European Network and Information Security Agency. And so, while web 2.0 offers great opportunities for companies to engage with their customers, through blogs, forums, dedicated pages on Facebook and so on, it also poses a significant risk to corporate reputation. “The internet has changed the entire landscape of corporate reputation management,” says Leslie Gaines-Ross, the chief reputation strategist for public relations firm Weber Shandwick. “It has had a vast impact on how companies are perceived. The

22 Strategic RISK NOVEMBER 2010 |

22_24_CoverStory_Nov10.indd 22

general public is much more cynical than it used to be: it doesn’t take companies or their chief executives at their word. Instead, consumers do their own investigations or dig deeper.” There is so much more activism among consumers, she says, and no bad news goes unpublished. “Disgruntled consumers blog and twitter, and they get so much more coverage because they’re so easy to find. Basically, companies and their chief executives are naked today, and it’s really hard to deal with.”

Danger ahead Social networking sites clearly pose a big threat to a company’s brand: a recent survey of more than 1,000 office workers found that 42% of those aged between 18 and 29 discussed work-related issues on social networking sites and blogs. However, these websites also represent plenty of IT security risks for businesses. Security software provider Sophos surveyed over 500 organisations and discovered that 72% are concerned that employee behaviour on social networking sites exposes their businesses to danger, and puts corporate infrastructure – and the sensitive data stored on it – at risk. Survey respondents were asked which social network they believed posed the biggest security risk. Sixty per cent named Facebook; 18% said MySpace; 17%, Twitter; and 4%, LinkedIn. “Finding the balance between harnessing socalled ‘web 2.0’ technologies for business benefit and maintaining strong security is key,” says Ian Bowles, chief executive of software security vendor Clearswift. “It isn’t difficult to envisage an employee posting unauthorised comments about their organisation’s product or service quality issues on a blog, causing major brand damage. But at the same time, banning all blog access is not the answer, as it cuts the organisation off from conversations with partners and customers.” “Using and participating in these online services and communities forces enterprises to relinquish

SOCIAL NETWORKING GOLDEN RULES • Remember to log out from the social network once your navigation is over. • Do not allow the social network to remember your password. • Do not mix your business contacts with your personal contacts. • Report immediately stolen/ lost mobile phone with contacts, pictures, or personal data in its memory. • Set the proﬁle privacy level properly. Source: ENISA

www.strategicrisk.co.uk

21/10/2010 09:57

COVER STORY

‘I tend to see from clients that they’re not sure what controls to put around these technologies, and their knee-jerk reaction is to lock it down and block it’ William Beer, PwC

a level of control that they historically would not tolerate,” Gartner fellow Joseph Feiman explains. “It is forcing enterprises to rethink their security strategies.” The risks are characterised by inbound IT threats, such as malicious malware or a hacker gaining access to an employee’s online account, as well as the external (mainly reputational) risk of engaging with this technology. A big beast that many companies are already wrestling with is the question of employee blogging. Some organisations encourage it, others forbid it, and some have no policies at all. “It’s a two-sided coin,” Feiman explains. “On the positive side, blogging can build strong communities, brand awareness and transparency but, on the negative side, blogging can reveal corporate secrets, arm disgruntled employees and have undesirable consequences.” PricewaterhouseCoopers saw social networking as an opportunity. Its director of security, William Beer, explains: “We looked at Facebook and what it meant for the firm from a brand reputation point of view. We felt that it was something we should recommend adopting, as long as certain precautions were taken.” PwC updated its acceptable internet use to cover social media and also updated its security awareness training, Beer says. He explains the business benefits: “We have communities that we use to engage with some of the universities to help graduates understand the culture of the firm before they join.” But he believes most other firms are still unprepared to deal with the risks. “I tend to see from clients that they’re not sure what controls to put around these technologies, and their knee-jerk reaction is to lock it down and block it.”

Crisis points There are plenty of real-life examples of how the web can swiftly cause damage to a company’s reputation. British furniture retailer Habitat was hit by a social media crisis when it started linking its sales tweets to unrelated current affairs news topics – these included stories about violence during the Iranian elections – in an attempt to boost visibility. Angry twitterers accused the company of profiteering from social unrest. Elsewhere, a growing number of businesses are falling victim to spiteful online attacks. These include the setting up of websites solely to destroy reputations. “All it takes is for one disgruntled exemployee to post malicious comments on a blog or an internet forum about a perfectly good business,” Barker explains. “Bad news travels very quickly on the web. That business is suddenly at risk as the internet has no fact-checking capability and all because of someone who has an axe to grind.” Following an incident in 2008, Virgin Atlantic dismissed 13 staff members who had posted comments on Facebook criticising the cleanliness of the company’s fleet and its passengers. Similarly, British Airways check-in staff at Gatwick posted messages on Facebook saying travellers were “smelly” and criticised the chaotic operations at Heathrow. Further, the recent leak of more than 90,000 pages of classified military and intelligence documents by

Strategic RISK NOVEMBER 2010 |

22_24_CoverStory_Nov10.indd 23

www.strategicrisk.co.uk

21/10/2010 09:57

COVER STORY

FIVE TOP TIPS TO PROTECT YOUR ONLINE REPUTATION 1. “Do the right thing in the ﬁrst place,” says Leslie Gaines-Ross of Weber Shandwick. “Whatever you say internally or in the restaurant on Saturday night can turn up somewhere, so be careful.”

2. Monitor what’s being said about you and your competitors, and make sure that gets through to the top of the organisation on a regular basis. “Social media monitoring is a whole new industry,” Gaines-Ross says. 3. Have a crisis plan in place. Coca-Cola, for example, has a dedicated website that it uses to dispel myths and rumours about its products. “If you have a customised company site that uses all sorts of media, you can get your message out there immediately.” 4. Listen and react to what’s being said about you. Some companies use communities of interest, where they invite people who are interested in their products to interact in an online community, such as through Twitter or Facebook. “Finding your advocates and working closely with them is a good strategy. They’ll defend you if there’s a problem.” 5. Have social networking policies in place and make sure that staff are following them.

Wikileaks is a sharp reminder of the vulnerability of corporations to data leakage. The Wikileaks website promises to publish and comment on leaked documents alleging government and corporate misconduct. Incidents like this have encouraged companies to develop internal web 2.0 policies to try to control their employees’ behaviour. But while these may exert some influence over internal staff, customers are free to say what they like. There have been plenty of cases of brands being criticised online, with major consequences. In one example, Johnson & Johnson company Motrin launched an ad campaign in 2008 with an online video about it seeming fashionable to carry your baby in a sling – despite the resultant back pain – so as to look like “an offical mom”. The badly misjudged ad offended scores of mothers who, empowered by social media, started airing their grievances. It led to a Twitter revolt, and the story moved into the mainstream media before Motrin could axe the ad, which is now immortalised on YouTube (go to our website for the link: goo.gl/dNGS). Motrin was forced to temporarily shut down its website, pull the campaign and issue an apology.

Shifting trends The risks of online reputational damage are exacerbated by the fact that fewer people are reading print publications and instead are turning to the internet for their news. In 2008, the News Media Consumption Survey from America’s Pew Research Center found that online readers comprised more than a third of all news consumers. Two years earlier, fewer than a quarter of newspaper readers viewed content online (see graph ‘Print v online readership’,

24 Strategic RISK NOVEMBER 2010 |

22_24_CoverStory_Nov10.indd 24

below). This is being driven predominantly by a substantial shift in how younger generations read newspapers, according to Pew. “News travels so quickly now,” Gaines-Ross says. “People can access information much more easily these days, and if they hear a scandal about one product, they can easily find out who makes it and choose to stop buying any of their products.” But Chartis risk adviser and cyber security expert Pascal Lointier thinks that nightmare scenarios are an exaggeration. “I’m very cautious regarding online reputation, because there’s a strong amnesia regarding cyber incidents,” he says. “Most of these incidents are intangibles, so you forget very quickly. Plus it’s actually quite hard to access historical information on commercial indexing search engines, like Google.” Other types of cyber risk, he says, like the fines or class actions that result from data leakage, are much more significant. Nevertheless, faced with these risks, some companies are turning to online reputation management companies to offer damage limitation.

Tricks of the trade Plenty of PR consultancies offer brands ‘online reputation management’ services, and some of them promise to be able to bury bad news online, so that negative comments and stories don’t show up on search engine results. Although this sounds like a murky form of censorship, it’s more about boosting positive coverage than gagging negative stories, says Nathan Barker of Liverpool-based Reputation 24/7. “Our experts use internet-monitoring tech and other techniques to help firms improve their online profiles by hiding damaging stories and promoting positive headlines,” Barker says. “We use our in-depth understanding of search engines and how they work to make sure only the results that clients want to view are shown when people search for their name, business or brand on Google or other search engines.” The trick Barker’s firm uses is to create hundreds of new sites full of positive information about the brand or individual, which then saturate the search

engines to the point that the negative content no longer shows up. “This forces anything undesirable back to pages two, three and into the internet abyss,” he says. “In short, online reputation management can effectively bury bad publicity by manipulating Google.” It’s not all about reactive strategies like this, however. Some companies prefer to proactively use the new web technologies to their advantage. The pizza chain Domino’s, for example, responds to customers’ Twitter complaints. It has several community managers who monitor the feed and take care of the issues or forward complaints to the right department. Others look to social media to boost sales. US airlines Delta uses Facebook to reach out to customers, who can book their flights using the social networking tool. Other airlines, such as Virgin and JetBlue, do the same. Another trend is for companies to use Twitter to announce company news, results and performance numbers. IR Web Report published a list of 10 companies that actively use Twitter to tweet to investors and the media in this way: Proctor & Gamble, Roche, eBay, Garmin, Lafarge, Potash Corp, Metso Group, BASF IR, Corning and Syngenta. “The internet is great because it allows companies to talk to their customers immediately and give their point of view,” Gaines-Ross says. “But on the other hand, rumour and hearsay can damage a reputation just as quickly.” There’s plenty of misinformation out there, she adds. The evidence suggests that companies need to go into web 2.0 with their eyes wide open to the risks as well as the benefits. As Barker says: “It’s unfairly damaging, but mud sticks. So the sooner you can wipe it clean, the better. That is why it’s vital to have a reputation management strategy.” Whether that strategy involves trying to cover up mistakes once they’ve happened or engaging positively with consumers in an increasingly diverse media environment is for companies themselves to decide. But there’s no sense ignoring your company’s online presence either, as a final piece of advice from Gaines-Ross attests. “If you want to win the war of reputation, you’ve got to be online.” ■

PRINT v ONLINE READERSHIP (43% of respondents read a newspaper the day before)

(39% read a newspaper yesterday)

5% web 4% both

=9%

9% web 5% both

=14%

34% print 25% print

2006

2008

Source: Pew Research Center

Overall newspaper readership declined in spite of an increase in the number of people reading online news. In 2008, 14% of Americans said they had read an online newspaper the day before, up from 9% in 2006

www.strategicrisk.co.uk

21/10/2010 09:57

GZejiVi^dc

6i @âc lZ jcYZghiVcY gZejiVi^dcVa g^h`! YZa^kZg^c\ ^chjgVcXZ hdaji^dch [dg idYVnĂ&#x2030;h Xgî^XVa Wjh^cZhh XdcXZgch l]ZgZ igVYî^dcVa egdYjXih [Vaa h]dgi# >[ gZejiVi^dc ^h Xgî^XVa id ndjg Wjh^cZhh hjgk^kVa! iVa` id jh# Id\Zi]Zg lZĂ&#x2030;aa Ă&#x2019;cY V higViZ\n id bVcV\Z ndjg bdhi ^bedgiVci ^ciVc\^WaZ VhhZih#

8aZVg i]^c`^c\# @âc# AZVY^c\ egdk^YZgh d[ ^chjgVcXZ VcY gZ^chjgVcXZ ^c i]Z AadnYĂ&#x2030;h bVg`Zi h^cXZ &.+'# 8dciVXi/ 9Vc IgjZbVc/ YVc#igjZbVc5`âc\gdje#Xdb G ? @âc 8d A^bîZY &%+ ;ZcX]jgX] HigZZi AdcYdc :8(B *CG I )) % '% ,--+ .%%% ; )) % '% ,)-- &-)- lll#`âc\gdje#Xdb

SCIENCE

Size is everything Nanotechnology is carving new frontiers in manufacturing, medicine and food processing, creating a stream of new risks in its wake. Liz Booth reports from this fast-moving ﬁeld

ack in 1966, in the Hollywood film Fantastic Voyage, a team of scientists are shrunk to enter a colleague’s body in a submarine so that they can destroy a blood clot threatening his life. The stuff of science fiction back in 1966, but now not so far from reality as nanotechnology promises to shrink materials to unbelievably small sizes. There is talk of nanobots being used in medicine, which will harness bacteria to hitch a ride to the site of the injury. Nanotechnology has been attracting increasing attention in the past decade as governments and the public wake up to its increasing use in a variety of manufacturing processes. The figures back this up. According to the UK’s Institute of Nanotechnology, the sector is attracting more public funding than any other area of technology, estimated at €3.8bn worldwide in 2005. And according to a British parliamentary report, the global market for nanotechnology in food was $140m (€99.4m) in 2006 and is expected to reach $5.6bn in 2012. It is no wonder that, as Swiss Re reveals, most Fortune 500 companies have some involvement in nanotechnology. Thousands of products that have been developed using nanotechnology are in everyday use, from self-cleaning windows and aeroplane seats to cosmetics and electronics. Lloyd’s predicted in 2007 that 15% of all goods would contain nanoparticles by 2014. The insurance industry has been keeping a close eye on developments in this field too, evaluating risks wherever possible and asking more questions of their insureds. Some are choosing to exclude nanotechnology risks altogether and wordings are being developed along those lines, while others are investing in research to monitor potential risks.

26 Strategic RISK NOVEMBER 2010 |

www.strategicrisk.com

Wilson Elser Moskowitz Edelman & Dicker partner Michael O’Brien says: “There are a lot of unknowns. It is an applied science but as the technology has advanced so has the list of applications.” He warns, however, that the use of nanotechnology means changing a product’s structure. “A previously stable product can become liquid. Nanoparticles change the characterisics of substances.” O’Brien believes the greatest risk could lie in inadvertent transfers, particularly if nanoparticles were to penetrate human skin and enter the bloodstream. He asks: “What are the long-term effects? There are also concerns for the environment – what happens when these things are dumped in landfills?” He acknowledges a lot of research is under way, starting with creating simple definitions that can be used internationally. And this, says Lloyd’s deputy head of exposure management Trevor Maynard, is an essential step in developing a set of internationally recognised standards. “It is an extremely fast-moving and exciting field of research,” he says, “and there is talk of developing some sort of exchange, in which particles would have to meet certain standards. At the moment, there is no real definition of what size or quality they should be.” He believes the concerns of the insurance industry are driving some of the demands for such information and he is pleased that, for example, when the UK’s House of Lords looked at the issue recently, Lloyd’s was able to make a presentation on behalf of the industry. Insurers would like to see labelling on products so that consumers are more able to make choices about their purchases. Maynard says that, for the future, labelling might help defray some of the cost of any potential

Nanobots are no longer just the stuff of science ﬁction

WHAT IS NANOTECHNOLOGY? Nanotechnology is the study of the controlling of matter on an atomic and molecular scale. The term nanotechnology originates from the Greek word meaning ‘dwarf’. A nanometre is one billionth of a metre — the length of 10 hydrogen atoms, or about 100,000th of the width of a hair. Generally nanotechnology deals with structures sized between one and 100 nanometres in at least one dimension and involves developing materials or devices within that size. Although scientists have manipulated matter at the nanoscale for centuries, the recent surge in development has occurred since the 1980s when a new generation of microscopes was invented. Nanotechnology can be deﬁned as ‘engineering at a very small scale’ and this term can be applied to many areas of research and development – from medicine to manufacturing to computing, and even to textiles and cosmetics.

SCIENCE

liabilities were a product found to be harmful. Lloyd’s is updating its research on nanotechnology and Maynard believes that figure of 15% by 2014 may well have risen. Like O’Brien, he voices concern that the properties of products are being changed – and for Maynard that raises the question of representation. “The critical

‘The greatest risk comes with production (when people are most exposed to the product) and at the end of their useful life (when products need to be recycled)’

Coneyl Jay/Science Photo Library

Dr Mike Morrison, Institute of Nanotechnology

FAST FACTS The global market for nanotechnology in food is expected to be worth

€3.98bn

in 2012

Lloyd’s believes of all goods will contain nanoparticles by 2014

15% A nanometre is

one billionth of a metre or about

100,000th of the width of a hair

thing to get across is that nanoparticle silver is not like the silver in a bracelet – it has more properties that are active in different ways. Representation becomes an issue if a product is sold as silver-like, but it is not necessarily silver-like any more.” Both Maynard and O’Brien, however, are keen to stress that it is not all bad news. “Nanotechnology has the potential to be extremely beneficial. Of course, insurers are always worried about adverse changes but, from a societal point of view, it could be beneficial and we should not be scaremongering.” The last word should go to chief executive of the Institute of Nanotechnology Dr Mike Morrison: “It is true that, as with any material, there are potential hazards. We recognise that the greatest risk comes with production (when people are exposed to the greatest density of product) and at the end of their useful life (when products need to be recycled) and we need to consider how they can be recycled.” But, as Morrison points out: “Nobody is looking at this with rose-tinted glasses. Everybody is considering the potential harmful effects. This is being driven by the risk of potential litigation and industry is being mindful of the risks.” He stresses, however: “Nobody can be 100% sure of the safety of anything. Take aspirin – we all think of it as an innocuous drug that is sold over the counter, yet if it had been discovered now, it would never have been allowed to be marketed that way because of all its side effects.” ■

APPLICATIONS Here are just a few of the hundreds of ongoing projects involving nanotechnology: • Scientists at the UK’s Institute of Food Research claim to have found an unexpected synergy that helped break down fat. It might lead to new ways of slowing digestion and ultimately to creating new foods that make dieters feel fuller. • Scientists from the Australian National University have developed a ‘Superbowl’ drug delivery system, promising more accurate doses of drugs with fewer side effects. Researchers have created a molecule – dubbed the Superbowl – that can capture, contain and deliver drugs. The group have already successfully put aspirin inside the Superbowl and are now working on incorporating drugs to treat other diseases, including cancers, arthritis and heart disease. • A Florida State University engineering professor’s research could one day lead to a new generation of hydrogen fuel cells that are less expensive, smaller, lighter and more durable — advantages that might make them a viable option for widespread use in cars and in military and industrial technology. • Solar cells are usually grouped in large arrays, because each cell can generate only a limited amount of power. However, not every building has enough space for a huge expanse of solar panels. Using carbon nanotubes, Massachusetts Institute of Technology chemical engineers have found a way to concentrate solar energy 100 times more than a regular photovoltaic cell. Such nanotubes could form antennae that capture and focus light energy, potentially allowing much more compact and more powerful solar arrays to be developed. • A North Carolina State University researcher has developed a way to make an aluminum alloy – a mixture of aluminum and other elements – just as strong as steel. The search for ever lighter – yet stronger – materials is crucial when reﬁning all kinds of products, andrelevant projects for this kind of technology could include more fuel-efﬁcient cars and safer aeroplanes. The new nanoscale architecture within aluminum alloys has unprecedented strength but also a certain amount of plasticity, so that the material stretches rather than breaks under stress. The technique of creating these nanostructures can be used on many different types of metals.

Liz Booth is a freelance contributor to StrategicRISK

Strategic RISK NOVEMBER 2010 |

www.strategicrisk.com

DISASTERS

Damage P

redictably, in the aftermath of the BP oil rig explosion in the Gulf of Mexico, influential oil company investors are demanding better disclosure of disaster response plans. They are horrified by the fact that the Deepwater Horizon disaster wiped a third off BP’s share price. The ensuing environmental clean-up alone is estimated to cost €25bn (over €15bn of which will pay compensation claims). Given this huge financial loss, global investors have asked major energy companies to disclose what risk oversight measures and disaster preparedness plans they have in place to protect their own offshore drilling platforms from similar incidents. The group’s petition describes last April’s blowout of BP’s Macondo well and explosion on the Deepwater Horizon drilling platform, which killed 11 people, as the “greatest environment-related destruction of shareholder value in history”. “In my state alone, the nation’s two largest public employee pension funds have seen the value of their BP holdings plummet by $349m,” says California state treasurer Bill Lockyer, a major state pension fund trustee, and one of the investor appeal signatories. Another signatory, Pennsylvania state treasurer Rob McCord, adds: “Would I invest in an offshore drilling company if its disclosure statement revealed that its ‘rapid response’ to a catastrophic oil spill involved the unproven technique of stuffing golf balls, hair clippings and shredded tires down a well? Probably not.”

limitation With the Deepwater Horizon oil spill hurling urling BP into an environmental, legal and PR crisis, other multinationals may feel relief not to be in the ﬁring line. But experts suggest that a company that handles a crisis well can come out of it even stronger. Nathan Skinner reports It’s not just company investors that are vocalising their concerns. The media, environmental groups and politicians are placing increasing pressure on the oil industry and its management of risks, particularly those associated with a move towards extreme environments to find oil. Equally, the consequences of such a disaster as Deepwater Horizon spans much further than high clean-up costs and disgruntled shareholders. Putting aside BP’s apparent systemic cultural problems and neglect of safety in the run-up to the disaster, the

THIS CAN GO ONE OF TWO WAYS …

20% 15%

Managing the crisis

Recoverers Share value gain/loss

Knight and Pretty’s study looked at 15 major corporate catastrophes, tracing their impact on stock returns and trading volume. In all cases, the catastrophe had a signiﬁcant negative initial impact on stock returns. The study found businesses affected by catastrophes fall into two groups: recoverers and non-recoverers. The initial loss of stock value is about 5% on average for recoverers and about 11% for non-recoverers. The chart shows that, by the 50th trading day, the average cumulative impact on stock returns for the recoverers was 5%-plus – so the net impact on stock returns by this stage was actually positive. The non-recoverers remained largely unchanged between days ﬁve and 50, but suffered a net negative cumulative impact of almost 15% up to one year after the catastrophe.

10% 5% Baseline stock value

0 -5% -10%

Non-recoverers -15% -20% 1

33 49 65 81 Event trading days

Source: Corporate Reputation Review, ‘Corporate Catastrophes, Stock Returns, and Trading Volume’, Rory Knight and Deborah Pretty, University of Oxford

28 Strategic RISK NOVEMBER 2010 |

www.strategicrisk.com

resultant financial blow wasn’t helped by several public ic relations slippups as the crisis risis unfolded. BP had problems oblems getting its message across amid the media edia frenzy after the oil leaked. Perhaps erhaps the most famous of all was the remark by Tony Hayward, then BP’s chief executive who has since been replaced by Bob Dudley, that he “wanted to get his life back”.

113

In fairness, BP has done many things right in its response to the spill, namely putting Hayward forward as the human face of the crisis (though this may have backfired) and bringing to bear a wealth of resource and expertise to deal with the clean-up. In fact, at some stage in the future, if BP handles the aftermath of this disaster properly, it could actually see its reputation improve. Only time will tell if it can pull off such a seemingly unlikely turnaround. Crisis management experts usually agree that being seen to handle a crisis well can actually have a positive impact on a company’s reputation. Corporate reputation (in other words, the emotional relationship between a company and its key stakeholders, such as the public, shareholders

DISASTERS

and regulators) is an inherently intangible asset, however, and consequently the impact of a catastrophe on it is extremely hard to measure. Rory Knight and Deborah Pretty’s 1999 landmark study into corporate catastrophes and stock returns remains one of the best yardsticks. Their research found that, following a catastrophe, companies that managed the effects of this well actually witnessed a boost to their share price relatively quickly (see graph, left). Regester Larkin reputation consultant Tim Johnson says that a good reputation brings a business plenty of rewards. “If you build a good relationship with your stakeholder groups, it brings a lot of intangible but finance-related benefits, which wh can be everything from an regulatory easier and less regu intrusive environment, envir capital, access to ca access to better employees, to emplo

TIPS FOR CRISIS MANAGEMENT

✓

✓ ✓ ✓ ✓ ✓

Perception is the only reality Regester Larkin reputation consultant Tim Johnson says: “If you are perceived to be at fault, then you either have to correct that perception or accept in the court of public opinion that you will be found guilty.”

The legal response and the communication response must work hand in hand “That’s imperative,” Johnson says. “Those are usually the two parts of the organisation that need to work most closely in the opening hours of the incident. Most crises will lead to litigation in some form. The legal response will be to say nothing, do nothing and admit nothing, whereas the communications response will be driven by a need to respond to the public and media attention. There has to be a balance between the two.”

Actions speak louder than words “You have to respond in a physical way,” Johnson advises. “You may be able to reassure the public that a product contamination has been ring-fenced, but there comes a time when a recall has to take place to provide the reassurance.”

A crisis always needs a human face This applies both internally and externally, says Johnson.

Manage a crisis through the lens of the victims The immediate response should be governed by the people who are perceived to have suffered through your actions, Johnson says. “Be seen to look after people ﬁrst.”

Never lie “But manage expectations appropriately.”

opportunities opportu – for partnerships partner that helps everything tha businesses tick to make businesse and move forward.” On the other hand, Johnson adds: “If crisis strikes and reputation is damaged, then all of those opportunities fall away” – as it did for the oil industry after the Gulf spill when US president Barack Obama enforced a moratorium on deep-sea drilling. In this case, the regulatory backlash in response to the disaster spread to the whole oil industry.

Assessing the cost So what are the effects of significant reputational damage? “There tend to be four commercial downsides,” Johnson says. “The first is a product or service boycott. The second is an impact on share price. The third is greater regulatory intrusion. And the fourth is access to funds and revenue. In this case, the financials tend to go awry and this can lead to bankruptcy.” It is difficult to assess the financial cost of a damaged reputation, he says. “If you’ve mismanaged

a crisis and the outcome is that you struggle to hire the best talent, you can never quantify that. You can’t quantify an unidentified opportunity cost.” But there are some quantifiable costs, such as contracts falling away or a decrease in productivity. “Organisations may need to inject more capital to meet greater regulatory requirements; those things can be totted up. But it’s always going to be difficult, and you can’t guarantee you’ve captured the true cost.” He thinks there’s more opportunity for an organisation to benefit from a crisis if the incident is not of its own making. “Generally speaking, for organisations to benefit they need to first recognise that they are in a crisis,” Johnson continues. But sometimes it is hard for organisations to do that and ensure the appropriate response is launched. “A crisis draws into focus many of the things that senior people don’t want to talk about, such as vulnerability, levels of authority, external scrutiny, and questions over integrity. These don’t make people comfortable, but they come into sharp focus during a crisis.” Organisations can only launch a good response if they’ve done things well in advance, he adds. “The first thing is to ensure process readiness. If you operate as a fast-moving consumer goods company, for example, and there’s a problem with a product, are you able to withdraw it quickly enough and ring-fence the problem? You also need behavioural readiness. That’s the

attitude, culture and competencies required to invoke that plan.” Faced with a crisis situation, one of the best things to remember is to show emotion, and communicate honestly and openly with your stakeholders. Johnson says that means explaining “what’s happened, what you are doing about it and how you feel about it”.

Be prepared The resounding lesson for risk managers is that a crisis doesn’t begin when disaster strikes. There tends to be a chain of problems trailing back long before the catastrophe itself. The financial crisis, for example, was decades in the making. And while BP’s operational response to the Gulf spill was extraordinary, it will need to look closely at systemic cultural issues that probably contributed to the problem a long time before the Macondo well exploded. The priority for BP now is to rebuild its ruined reputation. And it will need to focus on operational excellence to do so. By demonstrating the highest standards in attending to its responsibilities in the Gulf of Mexico now, BP may be able to reinvent itself in the public’s eyes. Investors, meanwhile, have a right to full disclosure on risks and how a company intends to manage the fall-out from a major incident. Taking mitigation measures before a crisis hits could reduce the chance of one happening in the first place, and improve the prospects of a company recovering when disaster strikes. ■

Strategic RISK NOVEMBER 2010 |

www.strategicrisk.com

INSIGHTS INSIGHTS

ith corporate ethical issues at the forefront of the public’s consciousness, companies are expected to conduct their business with integrity. The BP Gulf disaster last April served to highlight the need to acknowledge the financial risks of ethical issues when making decisions about investments. Accused of “recklessness” by US president Barack Obama, it is thought BP’s draconian cost-cutting measures sacrificed safety and ultimately led to the spill. Companies must adhere to high ethical standards. If they fail to meet these standards, they risk their reputation with customers, investors and the media. Loss of reputation is without doubt one of the paramount concerns for any business. With reputations so easily damaged, when companies deliberately disregard their stakeholders’ expectations, acting ethically must be regarded as a top priority. Swiss research firm Covalence recently released its annual ranking of the overall ethical performance of multinational companies (see box). The survey also underlined the importance of behaving appropriately and clarifies what quantifies ‘ethical behaviour’.

Environmental damage BP’s Gulf of Mexico oil spill violated the environment and devastated the local community, two major, but sadly fairly common, offences. Plenty of other companies have been exposed for similar blunders. In its 2009 report, ‘Most Environmentally and Socially Controversial Companies’, RepRisk detailed the criticism Newmont Mining Corp received from its shareholders for allegedly stripping local communities and 10,000 farmers of land and water resources near its gold mines in Ghana. Toronto-based gold-mining corporation Barrick was cited as twelfth worst in the Covalence survey, after it was accused of burning at least 130 homes near its mine in Papua New Guinea and allegedly being responsible for life-threatening levels of arsenic in the area around its North Mara mine in Tanzania following a spill in May 2009.

Corruption Just as troubling is the prevalence of bribery and corruption in even the most high-profile companies. The Italian television company Mediaset, for example, the largest broadcaster in the country, which was founded and is still controlled by prime minister Silvio Berlusconi, ranked eleventh worst in Covalence’s survey, on account of alleged corruption. Late last year, Berlusconi caused controversy when he attempted to double the tax rate of one of Mediaset’s main competitors, Rupert Murdoch’s Sky Italia. Meanwhile, Monsanto, the American agriculture conglomerate, which leads the world in genetically engineered seed production, was given the dubious honour of being named ‘least ethical company’ by Covalence. It was accused of unjustly suing small farmers for patent infringement of its genetically modified seeds, among many other criticisms. According to Transparency International, 25% of Africa’s gross domestic product is lost to

3 Str 30 SStrategic trrate eg giic gic ic RIS R RISK IS SK N NOVEMBER NO NOV OVEEMB OV EM MBER ER 2010 201 20 010 01 10 |

www.strategicrisk.com w ww www. ww sstra ww. tra atteg tegi eg egi giicris g crisk.c kk.c .cco com

Bad company International organisations may be tirelessly working to crack down on corporate misbehaviour, from human rights abuses to bribery and corruption, but some companies continue to act without scruples. Nathan Skinner delves into the murky realm of the world’s least ethical companies corruption every day, the facilitation of which often involves companies from developed countries. In countries grappling with conflict, like Sudan and the Democratic Republic of Congo, there is no governmental infrastructure to enforce anticorruption initiatives. With organisations like Transparency International campaigning for an end to corruption and stricter laws, the exposure of corporate misdemeanours can only multiply. A recent shakeup in the UK government’s anti-bribery laws, for example, should make it easier to prosecute companies and their directors for bribery offences and ensure the consequences are more serious. “Corrupt money must not find safe haven. It is time to put an end to excuses,” Transparency International chair Huguette Labelle says. “There must be more bilateral treaties on information exchange to fully end the secrecy regime. At the same time, companies must cease operating in renegade financial centres.”

Human rights abuse Compared with those for corruption, international human rights regulations are relatively weak. Improving corporate responsibility for human rights comes down to those companies who recognise the worth, in terms of winning contracts, of investing in an ethical code of conduct. “Emerging market governments are increasingly requesting that human

rights policies and procedures are in place,” Control Risks’ vice-president for social risks consulting, Michael Shtender-Auerbach, says. “If you are competing for a government contract, human rights assessments could deliver competitive advantage in a number of jurisdictions.” A new labour standards report by Maplecroft branded China as a high-risk jurisdiction. Foxconn, the world’s largest electronics contract manufacturer, which makes iPhones and iPads for Apple in China, is the latest company to come under scrutiny for alleged human rights abuses and poor labour standards. A number of sources raised concerns about working conditions for employees at the Foxconn factory in Shenzhen when 12 young workers committed suicide within the first six months of 2010. “China is rated extreme risk in Maplecroft’s Working Conditions Index and is ranked seventh out of 196 countries,” Maplecroft labour rights expert Monique Bianchi says. “Companies must perform due diligence when sourcing from local suppliers, especially in high-risk regions, including Dongguan and Shenzhen. These suppliers may ignore or attempt to circumvent labour laws.”

Treating customers fairly Another ethical issue that threatens a company’s reputation lies in the treatment of customers. In seventh place in the Covalence survey of the least ethical companies, Ryanair Holdings Plc was an

INSIGHTS INSIGHTS

to their complaint practices and two were referred for enforcement.

Proving your worth

Miners at Bisie mine, North Kivu, Democratic Republic of Congo. Photograph: Mark Craemer

Surviving the ethical minefield is about showing investors, shareholders, media and the public that a company is committed to engaging in ethical initiatives. Some are making positive movements towards change. The UN Global Compact Office (UNGCO) was launched in July 2000 as a practical guide for business to align their operations with 10 universally accepted principles in the areas of human rights, labour, the environment and anti-corruption. The UNGCO promotes the work by Cadbury as one of its big success stories. Cadbury partnered up with a number of NGOs in Ghana to create a sustainable livelihood for farmers working on their cocoa plantations. By the end of 2006, the UNGCO says Cadbury and its partners had built 375 water wells in Ghana, providing access to clean water for over 50,000 people. It also launched education initiatives to build its farmers’ skills and understanding of cocoa farming and trading, and in 2005 partnered up with environmental charities to develop cocoa farming in a more ecologically balanced way. “Protecting the people who grow the cocoa that Cadbury buys has to be a priority – these are the people that provide a prized ingredient,” the UNGCO says in its guide to implementing the compact in 2007. “Their well-being translates into well-being for the company. Supporting and encouraging farmers helps to ensure continuity of the cocoa supply chain.”

unexpected addition, but it serves as a warning to all companies of the risks of treating customers poorly. Covalence mentions Ryanair’s boss, Michael O’Leary, who was infamously verbally abusive to a customer who requested a refund because a relative was ill. Ryanair also tried to cap compensation payments to customers following the ash cloud crisis and, most recently, insisted that only one pilot is needed per plane on short-haul flights, a move that the British Pilots Association has declared “unsafe”. Then there are the pitfalls of being exposed for deceiving consumers. The charity Sustain, which campaigns for better food and farming policies and practices, criticised Heinz in its publication ‘Ethical Hijack’, for implying its ‘Farmers’ Market’ soups are made from produce sourced at farmers’ markets, when in fact “the soups are neither local nor seasonal”. And last month, the UK’s financial watchdog, the FSA, proposed changes to its complaints handling rules to drive up standards of complaints handling within the financial sector. “Good complaints handling standards should be the rule, not the exception, and complaints handling forms should be a key part of our intensive and intrusive approach to supervise how firms deal with their customers,” the FSA’s director of conduct policy, Shelia Nicoll, says. In April 2010, the FSA published its review of complaints handling into several banking groups and found poor standards in most of the banks assessed. Five banks were required to make changes

Some say that it is harder for those businesses that invariably have a bigger environmental and social impact, such as mining, oil or construction companies, to operate in an ethical way. But this year, Skanska, a development and construction firm, proved this did not have to be the case. Skanska won an award for being the best green company in its sector. Since 2000, despite its environmentally costly trade, it has stepped up its green commitment. It is a member of the UN Global Compact and the EU Corporate Leaders Group on Climate Change, and runs a range of green initiatives, ranging from reducing employee flights to planting 15,000 trees in Sussex. It also cut CO2 emissions from its commercial construction vehicles by using liquefied petroleum gas, compressed natural gas and electric alternatives. This is fitting considering one of its big projects is the £6bn (€8.86bn) upgrade of the M25 (one of the UK’s busiest motorways). Skanska UK says it spent more than £4.2m on improving its environmental performance between 2007 and 2009 and succeeded in cutting its carbon footprint by 10%. Skanska’s UK director of environment, Jennifer Clark, says: “There’s always more we could do. Yes, we’re deep green in some areas, in others we’re still vanilla and we’re working on it.” She adds that the cost of environmental improvements should be regarded as secondary to the benefits they bring, but is pleased to say that being green has helped make the company money too. ■

St Strategic trat rategi egicc RISK egi RIS SK NOV NOVEMBER OVVEMB EMBER EER R 201 20100 | 20

www.strategicrisk.com www. www ww w w..strat w str sst stra tra tra atte tegi teg egi eeg giicr g crris cri cris iisskk.c k.co .co com

31 31

REGULATION REVIEW

No more

Mr Light Touch Governments worldwide are planning drastic changes to the regulatory landscape, these include new duties for directors and better risk management. Neil Hodge investigates whether all the new regulation be a good or bad thing

32 Strategic RISK NOVEMBER 2010 |

www.strategicrisk.com

REGULATION REVIEW

egulators worldwide have all reached largely the same conclusions in their efforts to address the weakness of financial regulation and corporate governance. In various reviews, watchdogs have said there needs to be more boardroom discussion about risk, greater disclosure about corporate strategy and director remuneration, and a renewed effort to promote diversity in the boardroom. Regulators also want investors to ask more questions, cast votes against policies that contravene best practice and disclose what engagement they have with investee companies. “Regulation has moved back towards being overburdensome,” says director in the financial services regulatory practice at PricewaterhouseCoopers, David Kenmir, “but who is to say that in a few years’ time it won’t change again to being light-touch?” That prospect seems light years away as various reviews begin. The European Commission – the EU’s executive body – is planning a wide-ranging overhaul of financial regulation and corporate governance. On 2 June, its green paper floated a series of potential reforms, including new duties for directors, better risk reporting and a wider remit for external auditors. The Commission will soon launch a broader review of corporate governance in listed companies in general, as well as examining the roles of boards and investors. Many of the world’s leading financial markets, however, have already taken steps to beef up regulation and enforcement.

In the USA So far, the most far-reaching effort towards reform has been in the USA. Since February, the SEC (Securities and Exchange Commission), the country’s financial watchdog, has required companies to disclose the relationship of a company’s compensation policies and practices to risk management, what the board’s role is in overseeing risk, the background and qualifications of directors and nominees, and how the company tries to achieve diversity in the boardroom. But it is the Dodd-Frank Wall Street Reform and Consumer Protection Act (see box, overleaf) that is set to put in place the most sweeping overhaul of the US financial system since the 1930s. According to law firm Davis Polk & Wardwell, the legislation requires that regulators create 243 rules, conduct 67 studies and issue 22 periodic reports. This is not going to appeal to most directors, particularly those in the UK where principles trump rules every time. Counsel at law firm Dechert in New

‘Are they the best people to ask about board remuneration, when they too are being paid large salaries?’ Danielle Harris, Maclay, Murray & Spens York, Matthew Kerfoot, says: “The new legislation may provide the necessary groundwork for the establishment of a more transparent, more robust and more reliable US financial system.”

In the UK The UK has also followed a tough line in taking more control, with the days of light touch regulation rapidly becoming a distant memory. Following May’s Walker Review, which found that bank directors needed to get a much firmer grip on risk management, the Financial Reporting Council (FRC), the UK’s corporate governance regulator, introduced changes to the Corporate Governance Code (see box, below). This will improve board effectiveness and increase accountability in large companies. The UK is also overhauling the country’s system of oversight. In July, the government released a consultation paper called ‘A new approach to financial regulation: judgment, focus and stability’. The UK is also planning to replace the FRC and UK financial watchdog, the FSA, with a

new super-regulator to set and enforce financial reporting rules, corporate governance standards and securities regulations for listed companies. Governance experts in the UK favour the regulator’s decision to retain its ‘comply or explain’ approach. However, international corporate partner at law firm Gibson Dunn & Crutcher, Selina Sagayam, says this approach has to be combined with greater and more responsible shareholder engagement. She says: “Investors need to be more challenging about boardroom strategy and governance. How companies run themselves can no longer just be left to regulators to determine whether they have complied or not.” Danielle Harris, professional support lawyer at commercial law firm Maclay Murray & Spens, says that greater investor engagement should not be a substitute for effective regulation. She says that long-term investors have an obvious interest in promoting better risk management and corporate governance, but she asks: “Are they really the best people to ask an opinion about board remuneration, for example, when they too are being paid large salaries?” Harris also points out that short-term investors will not necessarily be interested in engaging with boards about strategies that might not pay off for years. “For them, taking on more risk to get greater rewards might be the most appropriate course of action,” she says. Others also believe that new

UK CORPORATE GOVERNANCE CODE

The Corporate Governance Code retains its core principle that companies either need to follow the code or explain how else they are acting to promote good governance. The latest changes to the code include a clearer statement of a board’s responsibilities relating to risk, an annual election for all directors in FTSE 350 companies and the promotion of boardroom diversity. There is also a requirement that chairmen should

report personally in their annual statements how the principles relating to the role and effectiveness of the board have been applied. The FRC also says that it wants to see more active shareholder engagement to ensure that boards are held to account over their organisation’s strategies and risks. The regulator published its stewardship code in July – the world’s ﬁrst – to urge institutional investors to explain their level of engagement with company boards.

Strategic RISK NOVEMBER 2010 |

www.strategicrisk.com

REGULATION REVIEW

An exterior view of the Bank for International Settlements in Basel, Switzerland. In September, global banking standard setters met in Basel to work on the minimum capital standards that banks will need to hold from 2013

‘Regulation has moved back towards being overburdensome’ David Kenmir, PricewaterhouseCoopers

rules may hamper corporate governance rather than enhance it, making it more difficult to appoint directors, particularly non-executives. Director in the UK executive compensation practice at HR consultancy Hay Group, Simon Garrett, says: “Over the past few years the responsibilities of directors have become more explicit rather than implicit, and that is likely to deter people from taking on the role. Why would anyone want to put themselves up to such scrutiny and increased liability? A non-executive’s career can be over if they are linked to a governance failure, so what incentive is there for them to come forward when remuneration is relatively low, increasing it is a contentious issue, and their personal and professional reputation is at stake?” Such views have been backed by recent findings. In an international survey released by PwC at the beginning of the year, more than a quarter (27%) of big company chief executives said they were “extremely concerned” about over-regulation, saying excessive regulation is the biggest threat to business growth.

WORLD VIEW OF REGULATORS The UK and USA are not the only countries where regulators have been making major changes following the global financial crisis. At the start of the year, the chief executive of the Irish Stock Exchange, Deirdre Somers, said that its listed companies needed to improve corporate governance. She said that if companies do not improve in response to recent governance failings, Ireland will find it harder to attract foreign investment. Somers added that key problems included “political and opaque” board appointment processes, companies that were “run like personal fiefdoms,” and public companies refusing to provide information or be accountable. In Germany, the government was so unhappy with the way that its financial regulator, BaFin, handled banking supervision prior to the crisis that it proposed stripping it of responsibility and putting

34 Strategic RISK NOVEMBER 2010 |

www.strategicrisk.com

US Senate Banking Committee chairman Chris Dodd (right) and chairman of the House Financial Services Committee Barney Frank discuss bailout legislation on Capitol Hill. They are also responsible for drafting the Wall Street Reform and Consumer Protection Act, which has become known as the Dodd Frank Act

the Bundesbank in charge. However, the plan was not implemented after concerns that it could jeopardise the central bank’s independence, particularly on monetary policy. The French government this year merged banking and insurance supervision under the Authorité de Contrôle Prudentiel. It hopes the body will increase the country’s inﬂuence on international regulatory bodies. Companies with a share listing in Norway face a cap on any performance-related part of executive pay under a proposed new version of the country’s corporate governance code. The Norwegian corporate governance board says the revised version will require an absolute limit to performance-related remuneration, and for a company’s remuneration statement “to be clear, easily understood and speciﬁc”. Companies will be able to decide at what level to cap performance

The majority felt that governments have done nothing to reduce the compliance burden they face. In a separate PwC report, ‘Integrated reporting: what does your reporting say about you?’, the firm found that most FTSE 350 companies are failing to provide sufficient information about their activities and are simply ticking boxes to meet regulatory requirements. But Sagayam says that the current emphasis on the role and responsibilities of directors does not translate into more onerous obligations: “Directors have always been the people who are in charge of a company and are legally liable for any corporate failings. The current raft of governance reforms all over the world does not change that.”

Spreading the blame Some experts question why all companies are being targeted under corporate governance reviews, when the financial crisis was caused by – and largely limited to – financial service organisations. Head of the financial services regulatory practice in the UK for City law firm Taylor Wessing, Clive Cunningham, says: “It does appear that regulators have taken a sledgehammer to crack a nut. “Why are they reviewing corporate governance in all organisations rather than just focusing on banks? In the vast majority of cases, companies have been following best practice and investors have acted appropriately. There may be a case for saying that these pay, reviews need to be more but that focused.” limit must be disclosed to shareholders. In September the Basel Committee on Banking Supervision (BCBS), the global standard setter for the banking industry, announced an agreement on the minimum capital standards that banks will need to hold to comply with Basel III from 2013. BCBS increased the minimum level of core equity to 4.5% (previously 2%), with an additional conservation buffer of 2.5%.

REGULATION REVIEW

The largest ﬁne the UK watchdog, the FSA, imposed in 2009 was the £8m (€9m) that Swiss banking giant UBS (chief executive Oswald Gruebel is pictured) must pay for unauthorised employee transactions

President of German Bundesbank, Axel Weber, is reﬂected in a window as he addresses a news conference. The German government was so unhappy with the way that its ﬁnancial regulator, BaFin, handled banking supervision prior to the crisis that it proposed stripping it of responsibility and putting the Bundesbank in charge Images: Corbis

Yet it is not just increased regulation that is giving directors a headache. Enforcement action is also backing up strong words. The FSA, imposed record fines of nearly £35m (€39.8m) in 2009, and it plans to increase that total. It levied 41 significant fines over the year, the largest being the £8m that Swiss banking giant UBS must pay for unauthorised employee transactions. In 2008, there were £22.6m of fines, itself a record annual amount. The FSA wants to set a series of minimum fines for some offences, which in some cases will triple penalties. Firms could be fined 20% of turnover, with individuals liable to penalties of 40% of their salary and bonuses. Individuals guilty of ‘market abuse’ would be fined a minimum of £100,000. Not to be outdone, the SEC has also vowed to bring more high-profile enforcement actions against Wall Street, following July’s $550m settlement with Goldman Sachs. Director of enforcement Robert Khuzami says: “Deterrence works in the whitecollar world. Financial institutions look at cases like Goldman and review their own practices and risk tolerance and think about how risky behaviour affects their brand.” Sagayam agrees. “These fines may not hit the biggest players hard, but they do tell those in the industry what is expected of them, what is unacceptable practice, what they need to do to comply, and that action can and will be taken against them if they step out of line. The costs of ensuring that level of compliance often outstrip any fine.” In May, the European Commission reached its first cartel-busting settlement against 10 memorychip manufacturers under ‘fast track’ procedures introduced two years earlier. In March, for the first time, the FSA, arranged the extradition from the UK of somebody suspected of insider dealing.

The right protection Such enforcement and penalties are making directors nervous about their potential liabilities, and whether their directors & officers (D&O) insurance provides the necessary cover.

According to StrategicRISK’s recent research carried out with Ace, more than half (52%) of directors surveyed had recently checked their D&O policies to ensure they had adequate protection. Practising lawyer at information risk specialist Recommind, Craig Carpenter, says it is apparent that the regulatory pendulum continues to clearly swing in the direction of “more and stronger”. He says companies need to think about what information they will have to disclose in future. “Today’s regulators are required to take action before problems occur by seeking to deal with issues of fraud and internal mismanagement of information at their inception. “It is extremely likely that companies will be obliged to report on everything and provide transparency to regulators. Information that was previously never disclosed to regulators will have to be available, and the time allowed for providing that information will be days or weeks rather than months.” He adds: “These changes mean that regulators will be required to sit inside companies in many cases. It is important for businesses to take a stance on transparency. This will satisfy regulatory pressures and help mitigate any fallout should problems occur.” ■

‘What incentive is there for nonexecutives when remuneration is low and their reputation is at stake?’ Simon Garrett, Hay Group

THE DODD-FRANK ACT The new law, much of which is still to be written by various federal agencies, has three goals: to reduce systemic risk between financial participants; to reduce the structural leverage of the financial markets, and to increase transparency to allow appropriate pricing of risk; and, when appropriate, to allow the government to intervene. Besides introducing rules to monitor over-thecounter derivatives and proprietary trading – both of which have been widely blamed for causing and exacerbating the financial crisis – Dodd-Frank also

tries to remove the implicit guarantee from the federal government of losses from large financial institutions that are supposedly ‘too big to fail’. Furthermore, Dodd-Frank puts in place several entities to streamline the regulatory process and improve oversight, as well as a statutory liquidation process to deal with systemically risky institutions. A new Financial Stability Oversight council has been created to monitor systemic financial risks, while the Federal Reserve has been given new authority to impose increased regulations on bank holding companies and various other non-bank financial institutions, including heightened capital and liquidity requirements.

Strategic RISK NOVEMBER 2010 |

www.strategicrisk.com

INSIGHTS

Was

he earliest records of human history and prehistory include stories of risk and its management. If we take a long view back, we find historical documents, sacred writings, myths and legends – all telling tales of the human struggle against nature or the gods. Accounts of mankind’s earliest origins describe the urge to break boundaries, to go beyond current confines, to explore the unknown. Epic narratives describe risk-taking individuals ranging from Abraham, revered by three of the world’s great religions for his faith as he left home and set out to find a new country, through mythological heroes like Jason or Odysseus who undertook death-defying journeys, to modern entrepreneurs and innovators who change the lives of millions through groundbreaking discoveries and inventions. The broader sweep of human development has included risky phases as hunter-gatherers and agrarians, leading to the establishment of such great civilisations as the Ancient Egyptians or the Mayans, to the present day.

Science Photo Library

Risk is everywhere Seen from a certain perspective, risk is everywhere. The world we inhabit is unpredictable, strange, incomprehensible, surprising, mysterious, awesome, different, other. This is true from the macro level of galaxies to the exotic nano-realm of subatomic particles, and everywhere in between. Irrefutable evidence forces us to accept the truth that we neither know nor understand everything, and we cannot control everything. Consequently, the word risk has become a common and widely used part of today’s vocabulary, relating to personal circumstances (health, pensions, insurance, investments), society (terrorism, economic performance, food safety), and business (corporate governance, strategy, business continuity). And it seems that mankind has an insatiable desire to confront risk and attempt to manage it proactively. Many of the institutions of human society and culture could be viewed as frameworks constructed to address uncertainty, including politics, religion, philosophy, technology, laws, ethics and morality. Each of these tries to impose structure on the world as it is experienced, limiting variation where that is possible, and explaining residual uncertainty where control is not feasible. Sensemaking –seeking patterns in apparent randomness – seems to be innate in humans. People apply a variety of approaches, both overtly and subconsciously, to reach an acceptable

36 Strategic RISK NOVEMBER 2010 |

36_37_PastPresent_Nov10.indd 36

Jason insured? Humans have been taking and managing risks since the dawn of time, not only on epic quests but to ensure daily survival. David Hillson considers risk’s role in our future degree of comfort in the face of uncertainty. As a result, not only is risk everywhere, but so is risk management. Perhaps it is not too far-fetched to describe risk management as offering an integrative framework for understanding many parts of the human experience, if not all. Just as the presence of risk is recognised and accepted as inevitable and unavoidable in every field of human endeavour, so there is a matching drive to address risk as far as possible. This has led to a proliferation of areas where the phrase ‘risk management’ is used to describe efforts to identify, understand and respond to risk, particularly in various aspects of business. There seems little doubt that risk management has been part of human activity for a very long time, and it is today a vital component of business. As a result, anyone asking the simple question “what is risk management?” will not find a simple answer. Even the most cursory exploration reveals a huge variety of perspectives, all claiming to represent the best way to address risk. In fact risk management is not a single subject at all; it is a family of related topics. These business applications range from project and technical risk management through operational and financial risk management up to strategic and enterprise-wide risk management. Other disciplines could also be included under the risk management umbrella, such as health and safety, business continuity or corporate governance. These various types of risk management share many common elements, but each has its

own distinctive language, methodology, tools and techniques. They vary in scope from the broadest application to very specific areas of risk. They are at different levels of maturity, with some types of risk management being quite recent developments while others measure their history in decades or longer. But each is important in its own way, representing part of the response of business to the uncertain environment within which it operates. All of this leads to one essential question: if risk is everywhere and risk management is so important, why don’t we do it for our business? We are constantly confronted with business and project failures, and in the rare cases where postmortem reviews are held, causes of failure often include unforeseen but foreseeable risks. Threats that should have been spotted and tackled turn into avoidable problems, and opportunities to create additional value or minimise waste and rework are missed. This continuing catalogue of failure indicates an

www.strategicrisk.com

21/10/2010 13:03

INSIGHTS

ongoing lack of effective risk management. If we believe that our uncertain world can be managed proactively, then we need to find and address the missing critical success factors that are preventing risk management from delivering its promised benefits. Mankind has always faced risk, from our earliest beginnings and throughout our history. Our survival and success as a species has largely resulted from our ability to understand and manage our uncertain environment, rising to each new challenge and

view is exemplified by some risk management practitioners, whose motto is ‘manage the risk = manage the business’. This implies that normal planned activity needs no special attention, and all that is required is management of variations from the plan. By looking ahead to identify potential variations, both positive and negative, and focusing management attention on addressing just these aspects, proponents of this position claim that success is ensured. While the ‘Infinite Expansion’ option emphasises the importance of risk management, it is an extreme position that doesn’t match reality. The risk element is not the whole picture in a

Our survival and success as a species has largely resulted from our ability to understand and manage our uncertain environment adapting our behaviour to meet it. Perhaps we need to apply the same approach to how we manage the risks inherent in our business. We began with a long view back, charting the role of risk management from cave dwellers to the 21st century. Now it is time to look into our crystal ball and take the longer view forward. Surveying the risk management futurescape, there are three possibilities for how risk management might develop. Drawing parallels from cosmology, we might call these three options ‘Infinite Expansion’, ‘the Big Crunch’, or ‘Ongoing Oscillation’.

Risk across the universe The first option is that the scope of risk management will continue to expand and include more and more elements of personal, business and social life. Ultimately all decisions will be taken in light of the identification and assessment of relevant uncertainty. This expansionist

business or project, and concentrating wholly on managing risk to the exclusion of other aspects is detrimental and counter-productive.

Crunch or conquest It is probably true that the scope and influence of risk management will continue to expand, at least in the short term, as more areas of application are found for risk-based approaches. But is such expansion limitless, or will some critical point be reached when further growth is unsustainable, to be followed by a collapse and eventual ‘Big Crunch’? It is possible that risk management might just be the latest management fad, although it is already rather more long-lasting than most. The recent emphasis on risk management started in the 1970s, and though it shows little sign of reducing, it is conceivable that our future colleagues might place less emphasis on risk than we do today. If risk management goes the way of other fads, it could disappear from the scene very quickly, becoming just a memory or a footnote in the annals of history.

There is another way in which risk management might disappear, rather than fading away into oblivion. If risk management becomes allpervasive to the point where it is absorbed into the nature of business at all levels, it could become invisible as a result. If everyone naturally and habitually thinks about risk and manages it as a normal part of daily life, then it might no longer be necessary to have a separate discipline called risk management, since this would be accepted and practised by all. Risk management could vanish as a result of its own success, leaving risk specialists and practitioners as outdated purveyors of a universally recognised self-evident truth.

Cycles into inﬁnity A third option for the future of risk management is possible, combining expansionism and catastrophism into ‘Ongoing Oscillation’. Maybe the size of the risk management universe might vary cyclically, increasing for a time then contracting. A review of the broader story of risk management across the span of human history reveals periods when it was more prominent than others. Social commentators suggest that advances in technology, law and religion can be seen as human responses to uncertainty, seeking to make sense of the ineffable, and attempting to impose control wherever possible. If this is true then the major changes in civilisations might be interpreted as cycles of risk management, though not within the same process-driven framework we see in modern business. And maybe the expansion we are witnessing today is merely part of the latest cycle. Only time will tell whether we’ll see ‘Infinite Expansion’, with the risk management universe expanding indefinitely until it encompasses everything, or whether a turning point might be reached to be followed by collapse where risk management disappears, or perhaps an ‘Ongoing Oscillation’ cycle of growth and decline might occur. What is certain is that, like our physical universe, risk management is not in a steady state. The reason that risk management is such a fascinating topic is precisely because it is constantly changing. New approaches and application areas emerge, new dimensions of risk management are discovered, and new insights into the meaning of risk are revealed. Explorers of this intriguing universe can be sure of an exciting journey as the future of risk management unfolds before them in novel and unexpected ways. ■ Dr David Hillson, also known as The Risk Doctor, is a risk consultant

Strategic RISK NOVEMBER 2010 |

36_37_PastPresent_Nov10.indd 37

www.strategicrisk.com

21/10/2010 13:04

RAISING THE PROFILE OF THE RISK MANAGER

Every little helps E

The UK’s biggest supermarket has no single department to co-ordinate and manage risk, and risk management is embedded in the day-to-day running of the business. Will such a model suit your company, asks John Hurrell

Taking it seriously

Different strokes

As the report makes clear, the risk architecture at Tesco is highly effective for that particular organisation, and helps explain why it is one of the UK’s most successful companies. The Tesco approach to risk management is closely aligned to the company culture, which in turn is defined by a strong leadership team, clear systems of management and control, a flat structure and one simple objective: customer satisfaction. Risk management at Tesco is driven at a strategic level from the top and then devolved to line managers with considerable contributions from different sections such as treasury, internal audit, and health and safety. Despite its title, Tesco’s insurable risk unit spends only a small amount of time purchasing insurance. One of its key roles is to help identify insurable risks and prevent bad occurrences as part of a policy based on retention, which is risk management by another name. This is a great model: how many times have we heard the lament that company boards do not take risk seriously enough? Tesco’s success in this area reflects strong leadership and excellent internal communication. Rather than seeing it as a threat, ERM practitioners

But a solution suitable for one organisation may not work for others. Research published in 2008 by CNV, the risk management experts, looked at studies of 25 different organisations. It found that the vast majority of companies derived measurable benefit from having formal risk management functions. These benefits included substantially reduced risk exposure, improved decision-making and better-informed risktaking, leading to a greater capacity for enterprise. Most readers could also name firms, some no longer in existence, that suffered because they had neither an adequate risk management function nor a risk-savvy board. Nevertheless, the CIMA report challenges risk managers in a number of ways, not least to demonstrate that their approach to their job is right for their organisation. One of the key messages from the CIMA research is the need to have the right approach to risk management processes, and to understand their limitations as well as their value. Much to its credit, The Royal Bank of Scotland also agreed to take part, providing an insight into what can go wrong. The CIMA report, which looks at the bank’s practices before a new management team had taken far-reaching steps to remedy matters, identifies several shortcomings at RBS.

38 Strategic RISK NOVEMBER 2010 |

www.strategicrisk.co.uk

Reuters

dward de Bono, the originator of the term ‘lateral thinking’, once suggested that a great way to reduce staff numbers would be to appoint somebody with instructions to delegate – until their job disappeared. Once achieved, that person could take a new position and repeat the exercise, and so on until all unnecessary roles were eliminated. I was reminded of this idea by a report into risk management from the Chartered Institute of Management Accountants (CIMA), and especially some of the case histories that appear in it. Tesco is a well-managed company where risk management is embedded in day-to-day operations. Several units look after different aspects of risk management, yet no single department has responsibility for co-ordinating and embedding the discipline businesswide. Tesco’s apparent success has led people to ask if good risk management can be self-perpetuating, removing the need for a separate risk management function. The short answer is ‘no’, although CIMA’s report poses challenging questions for professionals. Airmic has always believed that, just as there are many ways to achieve virtue, there is no single risk template. So much depends on the nature of the organisation, including the business it conducts, its size, history and culture.

One of the key messages is to understand the limitations of risk management processes, as well as their value should consider the way it works and ask if there are any lessons to be learnt.

One important factor was that RBS tried to quantify and model all risks to the exclusion of making subjective judgments, when the two approaches need each other. Another was the bureaucratic, box-ticking mentality that many of these processes created. This explanation fits exactly with comments by HBOS whistleblower Paul Moore (to read StrategicRISK’s interview with Moore, go online: goo.gl/l00D) about the demise of his bank. He said that processes actually got in the way of risk management. Although both these firms are in financial services, the lesson applies across the board: risk managers should regard process as a useful tool, not as a master or a security blanket or a substitute for independent thought. Above all, though, the lesson from RBS and HBOS is that good risk managers are limited in what they can achieve unless they have the full support of the board. The outcomes at both companies would have been different if senior executives had heeded the advice from risk management colleagues. Even if these two banks represent extreme examples, it is a widespread problem. And it underlines the value of softer skills, especially the ability to wield influence at board level. If you work for Tesco, however, that is not an issue. ■ John Hurrell is chief executive of Airmic

RISK COMMITTEE

Assess yourself When Amlin’s head of group risk, Alex Hindson, was asked to evaluate his organisation’s risk committee, he found a distinct lack of guidance on offer. In the second in our series of practical guides, he explains how you can tell if your risk committee is not delivering

ost organisations have had a risk committee for a number of years, but have they considered whether the committee is delivering any value to the organisation? Not all risk committees are equal and they come in a variety of different forms. Most common are executive risk committees but there is a growing trend, particularly in banks and insurers, towards the creation of a full board-level sub-committee, on a par with the audit committee. This is largely as a result of the poor performance of risk committees during the financial crisis.

Purpose of the committee It is wise to reflect on why your organisation has a risk committee and what its role is meant to be. Clearly setting down on paper what the risk committee is meant to do helps to later determine whether it has been successful. But it is surprising how many risk committees do not have a clear remit. The typical roles and accountabilities of a risk committee could include: • corporate governance through the challenge and review of risks and their management;

• setting and monitoring risk appetite and tolerances; • establishing a risk management framework as well as policies and procedures; • oversight of risk management and internal control systems; • receiving reports on risk events or external reviews; • sponsoring the development of an ERM programme; and • consideration of new and emerging risks.

Self-assessment

Board review

Why it’s so important

The effectiveness of boards has been formally considered for a number of years. Section B of the new UK Corporate Governance Code issued in 2010 restates the principle that “the board should undertake a formal and rigorous annual evaluation of its own performance and that of its committees and individual directors”. In light of the emphasis given to risk management over the last three years, it is hardly surprising that risk committee effectiveness should be high on the agenda of non-executive directors and their advisers. Additional review and oversight should be encouraged as a strengthening of overall corporate governance arrangements.

The effectiveness of a risk committee is an important diagnostic for the health of an organisation’s overall risk culture. Risk culture is an issue of increasing interest to regulators and credit rating agencies. This type of exercise if undertaken by a risk function raises risk professionals’ profile in the eyes of senior management, company secretaries and directors. And, most importantly, it repositions the risk function as a chief player in the overall management and governance of risk issues, not just their technical evaluation.

Risk committee types and features

Key features

Strengths

Weaknesses

The majority of board evaluation is done by selfassessment, with the creation of a questionnaire. Typically, these comprise 15-20 questions, covering: • committee processes, structure, information and conduct of business; • business transacted and its relevance; • committee delegation and reporting processes; • risk committee member knowledge and skills; and • overall conclusions and free commentary.

Alex Hindson is the head of group risk at Amlin plc. He is a fellow and deputy chairman of the Institute of Risk Management

A structured approach Here is a simple 10-point plan for developing and implementing a risk committee evaluation process.

Executive risk committee

Board committee

Advisory group

Executive-led committee with one or more executive directors and functional heads represented.

Non-executive-led committee often with only non-executive members.

Less formal grouping of divisional representatives with risk accountabilities.

Clear decision-making and ability to understand key business drivers. Ensures executives are fully briefed on key risk issues prior to engaging with non-executive directors.

Driven by Walker Report, some ﬁnancial institutions are adopting this approach to give greater oversight and transparency to stakeholders. Provides more time for consideration of risk issues than available to an audit committee.

Strong engagement from business and focus on practical steps required to manage risks. Very strong at co-ordinating activities across functions and divisions. Can be used in combination with one of the other two committees.

3. Issue questionnaires and collect anonymous information.

These committees often lack senior representation from business divisions who own and manage the risks. This can act as a barrier to embedding risk management.

Ability of non-executives to gain sufﬁcient information and hold executives to account. Potential for conﬂict with audit committee over internal control evaluation.

Can lack the resources and authority to act and be reduced to a talking shop.

Agree with chairman and committee members a process for committee review.

2. Develop questionnaires and checklists in conjunction with the company secretary or governance function.

4. Complete technical benchmarking of risk committee against best practice frameworks, peer organisations or other risk committees in the group (if there are several). 5. Analyse information and identify themes. 6. Communicate themes to chairman and agree proposed conclusions and improvement actions. 7. Communicate ﬁndings to committee and gain support for ﬁndings. 8. Integrate improvements into overall ERM development plan. 9. Communicate the overall conclusions to the board. 10. Track delivery of improvement plans over time and repeat the process.

Strategic RISK NOVEMBER 2010 |

www.strategicrisk.com

ASSOCIATION Airmic Portfolio

ANNUAL LECTURE

Matters of life and death R isk management as a matter of life and death could have been the title of Airmic’s 2010 annual lecture, given by Baroness Eliza Manningham-Buller, former director-general of Britain’s internal national security agency MI5. Manningham-Buller, who headed the agency between 2002 and 2007, presented the lecture in the exceptional setting of display rooms at Christie’s, full of decorative furniture and art works for a sale the following day. The host for the evening, Airmic chair Nicola Harvey, is group risk director for the auction house. Manningham-Buller told around 200 guests that it was impossible to have complete security. Preventing terrorist attacks was a risk management process and the security services sometimes couldn’t anticipate everything that terrorists might conceive. During her time as head of MI5, there were 15 signiﬁcant plots, of which three were not detected in advance, Baroness Manningham-Buller stated. Only the London transport bombs on 7 July 2005 caused loss of life to the public. The 2003 shoe bomber Robert Reid was overpowered and arrested,

CONTINUING ACADEMIC SUCCESS Attendance at the short courses run by Airmic partners and preferred suppliers as part of the Airmic Academy has continued to grow. This is encouraging Airmic to

According to David Gamble, the former Airmic chief executive who runs the academy, around 20% of the total membership will have been to at least one event this year 40 Strategic RISK NOVEMBER 2010 |

40_AIRMIC_Nov10.indd 40

Host for the Airmic annual lecture, Nicola Harvey

and the bombs failed in a second attempt in London on 21 July 2005. There are many components to reducing the ultimate risk of terrorist attacks, Manningham-Buller

expand the programme further in 2011 in consultation with members. Next year, Airmic hopes to run at least 30 sessions and plans to ask members for their views on subjects, including possible new topics, and on levels of expertise. One possibility is that the academy will start offering topics at basic and more advanced levels. By September this year, 175 members had already attended at least one academy session, compared with 140 for the whole of 2009, with eight further classes to go before the end of the year. According to David Gamble, the former Airmic chief executive who runs the academy, around 20% of the total membership will have been to at least one event this year. The academy also plans to run a series of master classes conducted by Airmic members themselves. Enterprise risk management and broker parades are already scheduled.

described. Like other countries, the UK realised it needed to scale up its intelligence services in the aftermath of 9/11. She and her senior colleagues agreed that they needed to completely re-engineer the way the department operated. The issues surrounding this included the political risk of the restructuring not going right, recruiting the wrong people, plenty of projects risks, the normal issues associated with changing IT systems, as well as the physical and IT security. Overall, it was essential to ensure a system that everyone could understand for prioritising which leads to follow among the overwhelming number the department receives. The selection process to determine which leads mattered could be stressful, Manningham-Buller said, because there was always concern that an item that was deselected would turn out with hindsight to have been important. The department has risk registers. According to Manningham-Buller, they were useful for making people think about routine risks, but they could not be a substitute for thinking

about the possibility of other scenarios as they arose. Manningham-Buller believes that the security services get enormous support from almost all UK citizens, and so should be as open as possible about what they do. She agreed to take “all questions” from the Airmic audience – although not necessarily answer all of them. One guest found himself asked for his question when it turned out he’d

Baroness ManninghamBuller said it was impossible to have complete security; preventing terrorist attacks is a risk management process only moved his programme. A good thing he wasn’t there the following morning. He could have found himself unintentionally bidding for some very large statuary.

AN EVENING WITH NICHOLAS SOAMES Nicholas Soames MP will be the guest speaker at the annual Airmic dinner, which will take place on 30 November. Grandson of Winston Churchill, Soames served as an officer in the British Army, became an equerry to the Prince of Wales, worked as a stockbroker, and then became personal assistant to financier Sir James Goldsmith. He has been an MP for 27 years. En route, Soames also had a spell as a director of Lloyd’s broker Bland Payne, which became part of Sedgwick and then in turn, Marsh, where he remains a senior adviser. Bookings are now open for the dinner at www.eventsforce.net/dinner2010. It will be held at Lancaster London, the usual venue, which has had a slight name change.

www.strategicrisk.co.uk

13/10/2010 14:59

Photos : Creatas, Photodisc, Enrique Algarra/PIXTAL, DigitalVision, Juliet White/Gettyimages -

a redeďŹ ned vision of service

a reliable company available teams attentive advice

www.axa-corporatesolutions.com

Bringing Starr power to alternative energy.

For your energy needs, thereâ&#x20AC;&#x2122;s always a Starr Solution. C.V. STARR & COMPANY (CALIFORNIA)

STARR TECH

STARR MARINE

STARR GLOBAL ACCIDENT & HEALTH

From wind turbines to solar panels, from geothermal to hydroelectric to biofuels, the Starr companies can provide primary, excess, and environmental liability coverage, as well as property insurance products, to help develop the energy infrastructure. C.V. Starr & Company (California), Starr Tech, Starr Marine, Starr Global Accident & Health, and Starr Indemnity & Liability Company have formed a strategic relationship to offer a full suite of energy-related products and services for both alternative and traditional energy projects. Alternative energy will play a vital part in fueling our future, and the Starr companies are playing their part to insure it.

cvstarr.com

starr-international.com