SR October issue

Page 1

CELEBRATING 10 YEARS 2000–2010

Strategic RISK www.strategicrisk.co.uk

LATEST RISK AND CORPORATE GOVERNANCE SOLUTIONS

SEPTEMBER 2010

SPECIAL SUPPLEMENT inside

MEET LEGO’S RISK MAN

RISK MANAGEMENT AT A DANISH TOY HOUSE SPECIAL REPORTS ENVIRONMENTAL RISKS pages 33-40

PROPERTY RISKS pages 43-50

RATING YOUR RISK

BEE-WARE

CROOKED COUNTRIES

HOW TO IMPRESS THE JUDGES

A WORLD WITHOUT HONEYBEES

PLAYING FAIR IN CHINA

001_Cover_Sep10.indd 1

16/08/2010 15:13


GZejiVi^dc

6i @^ac lZ jcYZghiVcY gZejiVi^dcVa g^h`! YZa^kZg^c\ ^chjgVcXZ hdaji^dch [dg idYVnÉh Xg^i^XVa Wjh^cZhh XdcXZgch l]ZgZ igVY^i^dcVa egdYjXih [Vaa h]dgi# >[ gZejiVi^dc ^h Xg^i^XVa id ndjg Wjh^cZhh hjgk^kVa! iVa` id jh# Id\Zi]Zg lZÉaa ÒcY V higViZ\n id bVcV\Z ndjg bdhi ^bedgiVci ^ciVc\^WaZ VhhZih#

8aZVg i]^c`^c\# @^ac# AZVY^c\ egdk^YZgh d[ ^chjgVcXZ VcY gZ^chjgVcXZ ^c i]Z AadnYÉh bVg`Zi h^cXZ &.+'# 8dciVXi/ 9Vc IgjZbVc/ YVc#igjZbVc5`^ac\gdje#Xdb G ? @^ac 8d A^b^iZY &%+ ;ZcX]jgX] HigZZi AdcYdc :8(B *CG I )) % '% ,--+ .%%% ; )) % '% ,)-- &-)- lll#`^ac\gdje#Xdb


LEADER

Taking over the reins Ever since Standard & Poor’s said it would start looking more closely at ERM, risk managers have been asking us to investigate

Just over three years ago, I joined StrategicRISK and my career as a specialist risk journalist began. Today, taking the helm of a renowned business journal like StrategicRISK, with a history of editorial excellence, is an incredibly exciting opportunity and one that I relish. One of the goals of the magazine has always been to profile risk management accomplishment and share best practice. Continuing the drive, I travelled to Denmark to meet LEGO’s head of strategic risk, Hans Læssøe, who is trying to embed risk management early on in the toy-making cycle. You can read more about his model risk management career on pages 14-16. Elsewhere, I’ve introduced a new People & Opinion section (page 12-13), where we’ll be canvassing risk experts from across the globe and asking them to share their views and insights with our readers. This time, China specialist Chris Torrens looks at corruption in the People’s Republic. On the risk front, two issues have been occupying our minds. First, the biggest risk management story of the moment is still the oil spill in the Gulf of Mexico. BP has been all over the press since one of its oil drilling platforms exploded, sparking a disaster of unfathomable proportions. Our infographic on pages 28-29 pulls the whole story together. Second is that one-third of the food we eat arrives on our plates courtesy of the industrious honeybee, which is a vital pollinator. Worrying, then, that some sitting in the UK’s House of Lords think bees could

be wiped out in 10 years. We look at the impact this could have on society and the global economy on pages 22-23. In other developments, ever since Standard & Poor’s said it would start looking more closely at ERM when it assesses corporates, risk managers have been asking us to investigate. So we asked around and put your concerns to the rating agency. See pages 24-25. We’ve also got two special reports: one on emerging environmental liabilities (turn to page 33) and one on property risks (page 43 onwards). Add to that the results of our regular online poll – this time tracking ERM maturity (pages 18-19) – and you’d have to agree that we’ve not been slacking off over the summer. I plan to keep the momentum going, with a number of exciting projects lined up. Highlights include an event at the fast-approaching Ferma forum in London in September, German-language daily publications at the DVS conference in Munich, as well as special reports on renewable energy and social media. It is my fourth year reporting on risk and I’ve enjoyed every minute. I hope at least some of that enthusiasm shows through and you enjoy picking up StrategicRISK. If you have any scoops or suggestions about what you’d like to see in the future, send your letters to the editor at nathan.skinner@strategicrisk.co.uk. Nathan Skinner, Editor, StrategicRISK

ISSUE 65 SEPTEMBER 2010 www.strategicrisk.co.uk Editor Nathan Skinner Editor-in-chief Sue Copeman Market analysts Lee Coppack, Andrew Leslie Group chief sub-editor Áine Kelly Deputy chief sub-editor Laura Sharp Sales executive Sean Harry tel: +44 (0)20 7618 3082 Production designer Nikki Easton Group production manager Tricia McBride Senior production controller Gareth Kime Head of events Debbie Kidman Events logistics manager Elizabeth Copeman Publisher William Sanders tel: +44 (0)20 7618 3452 Managing director Tim Whitehouse To email anyone at Newsquest Specialist Media please use the following: firstname.surname@newsquestspecialistmedia.com

ISSN 1470-8167 Published by Newsquest Specialist Media Ltd 30 Cannon Street, London EC4M 6YJ tel: fax:

+44 (0)20 7618 3456 +44 (0)20 7618 3420 (editorial) +44 (0)20 7618 3400 (advertising) email: strategic.risk@newsquestspecialistmedia.com StrategicRISK is published six times a year by Newsquest Specialist Media Ltd., and produced in association with Airmic (the Association of Insurance and Risk Managers). The mission of StrategicRISK is to deliver the latest risk and corporate governance solutions to key decision-takers in UK and European companies. StrategicRISK is BPA audited with a net average circulation of 11,051.

For all subscription enquiries please contact: CDS Global, Tower House, Lathkill Street, Sovereign Park, Market Harborough, Leicestershire LE16 9HF tel: +44 (0)845 313 7557 email: newsquest@subscription.co.uk Annual subscription (incl P&P) £190 €295 $365 Two-year subscription £323 €499 $620 Three-year subscription £427 €663 $821 Printed by Headley Brothers Ltd © Newsquest Specialist Media Ltd 2010 Individual views are not necessarily those of the publisher or of Airmic.

Strategic RISK SEPTEMBER 2010 |

01_EditorsLetter_Sep10.indd 1

www.strategicrisk.co.uk

1

16/08/2010 11:50


CONTENTS

September 2010

22

Oh bee-hive

24

Stand up and be judged

REGULARS

28

Not many worse things have happened at sea

FEATURES

1 EDITOR’S LETTER Meet your new editor 4 RISK NEWS Best of the web

14 COVER STORY A MODEL CAREER Learn why LEGO’s risk manager thinks the

41 MOBILES: STILL CAUSE FOR CONCERN

financial crisis was ‘the best thing for us’

Protect your business from the risk of handhelds

6 RISK INDICATOR Globalisation, the swine flu scare and fending off zombies

22 PLIGHT OF THE HONEYBEE A third of our food comes from crops pollinated

8 NEWS ANALYSIS

by bees. What happens if they die out?

Buncefield lessons and a row over contigents

24 READY TO FACE THE JUDGES? 12 PEOPLE & OPINION Regulating culture and avoiding bribes in China

Standard & Poor’s puts the spotlight on ERM. What will this mean for your business?

33-40 SPECIAL REPORT ENVIRONMENTAL RISK Time to clean up your cover; vive la différence; continentall

28 TROUBLED WATERS

18 RISK REGISTER How is your ERM progressing?

52 AIRMIC PORTFOLIO

shift; no more excuses

The full BP disaster, blow by infographic blow

30 AUDITING RISK MANAGEMENT

Introducing the new chairman, the Corporate

Risk auditors should take their cue from

Governance Code and the poor state of

high-altitude birds of prey

43-50 SPECIAL REPORT T PROPERTY RISK Protecting your assets;

employers’ liability insurance

32 SECRETS OF SUCCESS

new world order;

AstraZeneca won ‘Best enterprise-wide risk

the hidden cost of fire;

programme’ at StrategicRISK’s 2010 European

the value proposition

Risk Management Awards. Find out why

SPECIAL SUPPLEMENT A GUIDE TO DIRECTORS’ AND OFFICERS’ INSURANCE AND THE NEW EXECUTIVE LIABILITY LANDSCAPE IN EUROPE

2

Strategic RISK SEPTEMBER 2010 |

02_Contents_Sep10.indd 2

www.strategicrisk.co.uk

16/08/2010 16:13


When things look worst, count on our best.

Whatever the risk, there’s always a Starr solution.

C.V. STARR & COMPANY (CALIFORNIA)

STARR AVIATION

STARR GLOBAL ACCIDENT & HEALTH

Whether it’s a ship caught in a storm, a fire on a drilling platform, or smoke conditions at a refinery, you can count on Starr’s unmatched expertise, service and experience to make the difference in a crisis. The deep knowledge of our specialized team of experts offers an unparalleled level of

STARR MARINE

STARR TECH

STARR SPECIALTY

attention through close customer relationships. We have more than 55 years of leadership in assessing complex risk, and managing real-life situations and conditions. The worst brings out the best, in the specialized companies of Starr Underwriting Agencies, LLC.

cvstarr.com


RISK NEWS The latest business roundup

For more news go to www.strategicrisk.co.uk

Best of the web TOP

10

3 | Probe launched into pharma bribery

E SS E NTIAL ON LI N E STO R I E S

Pharmaceutical companies suspected of foreign bribery in at least eight countries sprawled over three continents were the target of a corruption inquiry. US authorities reportedly probed four major pharmaceutical companies: AstraZeneca Plc; Baxter International Inc; Eli Lilly & Co; and Bristol-Myers Squibb Co. The investigation focused on bribes and kickbacks paid to healthcare workers in several countries including Brazil, China, Germany, Greece, Italy, Poland, Russia and Saudi Arabia. Under the US Foreign Corrupt Practices Act, it is illegal to pay foreign officials to obtain or keep business. tinyurl.com/SR-Pharma Also on strategicrisk.co.uk: Nathan Skinner reviews anti-bribery measures and the cost of corruption. tinyurl.com/SR-CostCorrupt

10

4 8

1 2

9 6

7

3

1 | The threat of a space tsunami The Earth braced itself for a solar shockwave after scientists warned of a huge incoming wave of electromagnetic energy, caused by an eruption on the surface of the Sun. The solar flare, called a coronal mass ejection, was spotted by high-definition cameras from NASA’s Solar Dynamics Observatory. Solar storms like these are infrequent occurrences, but NASA’s boffins predicted that in the run-up to a peak of solar activity in 2012, we could expect to see more. StrategicRISK first reported the threat from solar flares back in May. tinyurl.com/SR-SpaceStorm For more detail and images, see article: ‘The perfect space storm’ tinyurl.com/SR-PerfectStorm

Source: NASA

A solar eruption

2 | Five charged in al Qaeda plot The Justice Department announced charges against five members of an al Qaeda plot to attack Manchester in the UK and the New York subway. The suspects allegedly planned suicide bombings using improvised explosive devices made from hydrogen peroxide, acetone, flour, and oil. Coded emails between the men spoke of a large “wedding”. Assistant attorneygeneral for national security, David Kris, said: “These charges underscore the global nature of the terrorist threat we face.” tinyurl.com/ SR-TerrorPlot

€440m The amount BT saved since 2004 through its environmental programme

€6.8bn China spends this sum each month to diversify and improve its clean energy supply

-20% The target for reducing carbon emissions, which the UK is set to miss this year

Source: Aldersgate Group

5

4 | UK urged to act on carbon reporting In an open letter to the government, a business group called for it to act on its pre-election pledge to enforce mandatory carbon reporting. This would help drive carbon emission reductions and cement UK leadership on the global stage, said the Aldersgate Group. “A clearer, stronger signal is needed now for the introduction of mandatory carbon reporting in the UK that is consistent with international standards,” read the letter. Before the election, the UK’s Conservative Party outlined the benefits of carbon reporting and outlined its commitment to bring forward the date that the largest companies are required to report them. Chairman of the Aldersgate Group and author of the letter, Peter Young, said: “Greater transparency will help create a level playing field, drive emission reductions and address the growing concern over corporate green washing.” tinyurl.com/CarbonRep

ONLINE CONTENTS MOST READ

ONLINE ONLY

www.strategicrisk.co.uk ■ Infographic: The world’s riskiest companies ■ Regulatory risk back on top ■ Munich Re posts €1.2bn profit ■ Gulf leak is worst ever ■ Lessons in leadership

4

Strategic RISK SEPTEMBER 2010 |

04_05_News_Sep10 4

SPECIAL REPORT FROM NARIM Risk managers in the Netherlands need to up their game, delegates at the Dutch risk management association conference in Holland were told. Go to strategicrisk.co.uk for our Special Report from the conference.

TOP 10 BUSINESS RISKS Ernst & Young canvassed the views of more than 70 business executives to present a snapshot of the top 10 risks organisations are facing. The report provides content for challenging how smart your risk management capability is. Gerard Gallagher investigates. tinyurl.com/SR-SmartenUp

www.strategicrisk.co.uk

16/08/2010 11:19


Reuters

For more news go to www.strategicrisk.co.uk

6 | Summer war in the Levant feared Israeli military activity signals a significant risk of another war in Lebanon within the year, experts warn. The risk is likely to peak in the summer of 2010 or 2011, when weather conditions give Israel maximum advantage, they said, and targets would include Lebanon’s civil infrastructure. “The Israeli Defence Force would likely plan on achieving its objectives and completing its withdrawal from Lebanon within three weeks to a month; if this were not achieved, Israel would likely yield to pressure for a ceasefire after six weeks, rather than risk a protracted war of attrition,” judged Exclusive Analysis. tinyurl.com/SR-LevantWar

5 | Ruling clamps down on US class actions A US Supreme Court judgment could limit the ability of foreign investors to use the US legal system to sue companies and their directors. A ruling in Morrison v National Australia Bank said that investors who buy shares on non-US stock exchanges will no longer be able to exploit the favourable American class action system. “This judgment will substantially reduce the exposure of non-US companies to high-value damages awards,” Reynolds Porter Chamberlain partner Simon Goldring said. In 2009, there were 103 settlements in securities class actions, with a settlement value of $3.83bn (€2.99bn). tinyurl.com/USClass

7 | Fresh violence erupts in Kyrgyzstan Violence continued to flare in the central Asian republic of Kyrgyzstan as a wave of ethnic cleansing left thousands of people dead and hundreds of thousands fleeing for their lives. Ethnic bloodletting broke out in early June in Southern Kyrgyzstan, centered in the Uzbek village of Nariman in the Osh region. Human Rights Watch called for a UN-mandated force to assist the Kyrgyz government in providing protection and stopping inter-ethnic violence engulfing Osh and spreading to other cities in southern Kyrgyzstan. tinyurl.com/SR-Kyrgyzstan

The latest business roundup RISK NEWS

8 | Aon to allow contingents

9 | Public sector cutbacks will create exposure to new risks

Aon, the world’s biggest insurance broker, said that it would resume accepting contingent commissions. Chairman and chief executive officer of Aon Risk Solutions, Steve McGill, said in a statement: “We have decided to accept various forms of compensation available, which may include supplemental and/or contingent commissions in the geographies and client segments globally, where appropriate and legally permissible.” Fellow broker Willis responded in a statement that Aon was retreating to a “troublesome and ambiguous” position. The announcement sets out Aon’s position on contingents after officials in the USA appeared to lift a fiveyear ban on the big three brokers (Aon, Marsh and Willis) accepting such payments. tinyurl.com/ SR-AonContingency Willis chief executive Joe Plumeri said contingents should be stricken from commercial insurance. Read his interview with StrategicRISK online at: tinyurl.com/ SR-PlumeriInterview

Major changes in the public sector caused by government cutbacks will result in evolving risk profiles that could leave some organisations exposed, according to a new report from Zurich Municipal. Given European governments’ new austerity plans, tough times lie ahead for the public sector. Fiscally challenged parts of Europe will have to decide what services are core and which can go for the chop. Managing risk in the public sector will be critical in this uncertain environment, said Zurich. tinyurl.com/SR-PublicCutbacks Read our special report on risk in the public sector online at: tinyurl.com/SR-More4Less

Icelandic volcanoes

Krafla Askja Icecaps and glaciers Zone of recent volcanism Most active central volcanoes Less active central volcanoes

Bárdarbunga-Veidivötn

Reykjavik

Laki-Grimsvötn Öræfajökull Katla-Eldgjá

Eyjafjallajökull

10 | More Icelandic eruptions could prompt repeat of air traffic chaos Since the eruption of Iceland’s Eyjafjallajökull, there has been speculation about the triggering of its larger neighbour, Katla. Recent research from scientists at the UCL Institute for Risk and Disaster Reduction warn this is a strong possibility. The post-mortem into the eruption concluded that if any future eruptions combine with the right weather conditions, there is likely to be a repeat of the recent air transport disruption. But the unpredictability of volcanic activity and weather conditions make it difficult to predict when this might occur – and at what scale. The graphic above shows the location of the most active volcanoes in Iceland. “Volcanoes in Iceland have now become a key concern for the UK,” Institute for Risk and Disaster Reduction director, Professor Peter Sammonds, said. tinyurl.com/SR-Eruptions

Reuters

WHY RISK MANAGERS NEED A HIGHER PROFILE Managing director of risk and decision analysis at software provider Palisade, Craig Ferri, says risk managers now have an ideal window of opportunity to make their voices heard and their practices adopted. tinyurl.com/SR-Window

INFOGRAPHIC: THE AGE CRISIS Using UN world population figures, General Electric has produced an infographic that visualises the problem of ageing societies. Using the interactive infographic, you can choose from the seven different countries and see a bar chart that shows exactly how many people are in each age bracket. You can also see how the demographic is changing over time. tinyurl.com/SR-AgeCrisis Strategic RISK SEPTEMBER 2010 |

04_05_News_Sep10 5

www.strategicrisk.co.uk

5

16/08/2010 11:19


RISK INDICATOR

SWINE FLU Corbis

INTERDEPENDENCE

Epidemic did not meet expectations The UK’s response to swine flu was based on a massive overestimation of the possible victims of swine flu, as the graph below shows. It was feared that the number of clinical cases could rise to 160,000 at its peak. In reality, the number of cases peaked at

around 28,456, according to the UK’s Health Protection Agency. The first case was reported on 1 May 2009. But rather than surging twice. the number of cases rose steadily until October, before starting to drop off. 160,000

Estimate range Mid estimate Actual number of confirmed cases

140,000

Globalisation could spread risks faster

100,000

A surge in globalisation over the last two decades has brought immense benefits to business but also many new threats, according to a recent report from Lloyd’s. As a result of the rapid integration of societies and economies, the world is more interdependent than ever before. While businesses have reaped huge rewards from this, including the free flow of goods, capital and ideas, globalisation has also introduced new forms of risk, most notably systemic risk. And risks now flow much further and faster than before. Businesses must design internal risk management systems in order to develop resilience to these systemic shocks.

Total world stock of migrants increased from 100 million in 1980 to over 200 million in 2010 Number of Walmart stores up from 1,500 (all in the USA) in 1990 to 8,900 (worldwide) in 2010 Number of internet users was zero in 1990 but 1.6 billion in 2010 The top 10 ports in the world combined handle 50% of the world’s container traffic

80,000

Estimated clinical cases

120,000

60,000

40,000

peak 20,000

June 2009

July 2009

August 2009

September 2009 October 2009

November 2009

December 2009

Source: Health Protection Agency (with additions)

CATASTROPHES

Where are the costliest natural disasters? Haiti and Mozambique are the countries most vulnerable to economic losses from natural disasters, new research has found. A number of industrialised economies are ranked as ‘high risk’, according to Maplecroft’s Natural Disasters Economic Loss Index. The index rated the economic impact of natural catastrophes, such as earthquakes, volcanoes, tsunamis, storms, floods, landslides and epidemics, between 1980 and 2010. Seven countries are rated at ‘extreme risk’ in

the high-frequency index (see map below). Six industrialised countries (Italy, Japan, China, USA, Spain and France) are in the ‘high risk’ category. “When economic losses are taken as absolute figures, it is predominantly the industrialised countries, such as USA and China, that shoulder the greatest costs,” Maplecroft environmental analyst Dr Anna Moss explained. “But, when losses are calculated as a percentage of GDP, it is developing countries that are most exposed.”

In 2008, pine beetles destroyed 50% of Canada’s west coast pine forest Large-scale power cuts in North America in August 2003 deprived more than 50 million people of electricity In 2008, a ship mooring in Egypt cut a single cable that caused internet blackouts across the Middle East and India, affecting 75 million people In 1994, 25 acts of piracy were reported in the Strait of Malacca (Indonesia). In 2000, the total count rose to 220

6

Strategic RISK SEPTEMBER 2010 |

06_07_RiskInd_Sep10.indd 6

Extreme risk High risk Medium risk Low risk No data

Source: Maplecroft

www.strategicrisk.co.uk

16/08/2010 11:53


RISK INDICATOR

The amount of wheat crop destroyed by drought this summer in Russia, forcing it to temporarily ban grain exports

Cross-border financing has risen from $1.5 trillion (€1.14 trillion) in 1995 to over $6 trillion in 2007

97%

4,250

The portion of flagrant safety violations that two BP refineries in the USA accounted for in government inspections over the past three years (as a percentage of the whole industry)

The number of staff in The Royal Bank of Scotland’s risk management function in the run-up to the financial crisis.

istockphoto.com/Zurijeta

$1.4tn

The execution and frequency of successful large-scale terror attacks is directly correlated with the number of operatives involved in the planning, explains Dr Gordon Woo, a catastrophist at RMS. The probability of a planned attack being foiled is twice as high for a cell size of three compared with a lone terrorist, according to RMS.

Life’s not fair

The outgoing BP chief executive Tony Hayward says he feels “demonised and vilified” over the Gulf of Mexico oil spill as the firm posts one of the biggest corporate losses in history.

The Greek cuts have made remarkable progress

STRATEGY

When zombies attack

Servaas Deroose, a representative for the European Commission, applauds Greece’s public austerity measures, which have sparked violent protests. Another loan is due in September and is dependent on the government meeting targets.

Florida State University oceanographer Ian MacDonald expresses doubts over a claim presented by the National Oceanic and Atmospheric Administration (NOAA) that three-quarters of the 4.9 million barrels of oil that entered the Gulf of Mexico following the Deepwater Horizon disaster has been dealt with.

Carleton University’s zombie invasion model

Strategic RISK SEPTEMBER 2010 |

06_07_RiskInd_Sep10.indd 7

Sources: Sky News, BBC News

Reuters

There’s some science here, but mostly it’s spin, and it breaks my heart to see them do it ... I’m afraid this continues a track record of doubtful information distributed through NOAA

Shutterstock

Ever wondered how to stop a zombie invasion? Canadian researchers have created a mathematical model that offers the solution by describing the best way to fight them off. The best course for human survival is to hit hard and fast, according to the paper from maths wizards at Carleton University in Ottawa. The paper examines three possible scenarios for dealing with an outbreak of the undead: quarantine of the zombies, treatment of the zombies so they revert to being human, and impulsive eradication whenever possible. A properly co-ordinated strategy to eradicate all the zombies could wipe them out in 10 days, according to the research. “An outbreak of zombies is likely to be disastrous, unless extremely aggressive tactics are employed against the undead,” the paper’s authors say. “It is imperative that zombies are dealt with quickly, or else we are all in a great deal of trouble.” The simple model is displayed in the diagram, right, where S = susceptibles, Z = zombies and R = removed. If an infection breaks out in a city of 500,000 people, the zombies will outnumber the susceptibles in about three days, according to the model.

Too many terrorists can spoil the plot

Reuters

20%

SOUNDBITES

Reuters

The good news

Sources: Toronto Star, Lloyd’s, Occupational Health and Safety Administration

The bad news

www.strategicrisk.co.uk

7

16/08/2010 11:53


NEWS ANALYSIS by Andrew Leslie

For more analysis go to www.strategicrisk.co.uk

What risk managers must learn from Buncefield

Liability and remoteness In StrategicRISK November 2008, we highlighted the legal concept that liability is usually limited to damage that is foreseeable (‘Climbing the Wagon Mound’, tinyurl.com/SR-Wagon). The overpressures generated by the explosion at Buncefield appear to have been highly unusual and not easily explained. Initially, Total seemed to be relying on this to deny liability for damage caused beyond a 451-metre radius from the Buncefield storage tanks – something described by Justice Steel as “a rather remarkable contention”. However, as the report of the Major Incident Investigation Board states: “The circumstances that led to the event were predictable even if the consequences were not.” Total eventually decided to concede liability beyond the 451-metre radius, perhaps with its reputation in mind. But organisations sited close to hazardous industries need not expect an insurance premium reduction merely because of this one concession. Also, risk managers would do well to check that, if they are ever likely to rely on the “foreseeable” defence in court, their models of the potential damage their operations may cause stand up to detailed scrutiny.

Business interruption In January 2007, a little more than a year after the explosion, loss adjusters Cunningham Lindsey summarised how they felt businesses and their insurers were coping. The chief point was that typical business interruption (BI) insurance terms of 12 months had proved to be too short in many instances. The nature of the explosion meant that many buildings in the nearby Maylands industrial 8

Strategic RISK SEPTEMBER 2010 |

08_10_NewsAnalysis_Sep10.indd 8

estate (containing 630 businesses) had to be assessed for structural stability; there were planning issues; there was a shortage of builders; and firms were finding their insurance running out before they were anywhere near to reoccupying their premises. Cunningham Lindsey also noted that those with good business continuity plans (BCP) were quicker to secure resources such as alternative premises or IT capability, while others had to scramble for what they could find. This emphasises the seriousness that risk managers should attach to having inadequate BI or an outdated BCP.

Firefighters look at one of the fuel storage tanks at the Buncefield oil depot

Joint ventures and operators The Buncefield tank farm was a joint venture between Total and Chevron, with an operating company Hertfordshire Oil Storage Ltd (HOSL) set up between them to manage the plant. The bulk of evidence before Justice Steel concerned Total’s contention that Chevron should be liable for its share of the damage. Chevron’s contention was that, in effect, Total was in control of day-to-day operations, and that HOSL was not in any position to influence matters. In the end, the judge agreed with Chevron – noting that certain key witnesses who might have been expected to throw light on who was in charge had not been called – and drawing inferences from that fact. The raft of legal authorities cited on both sides of the case will be of interest only to lawyers, but risk managers should note that a clear statement of how liabilities will be assessed between joint venture partners ought to be a fundamental keystone of any joint venture agreement.

Human nature The investigations into what caused the accident at Buncefield have uncovered a catalogue of sloppy practice, lack of written procedures and general slackness of vigilance – so often the case following industrial accidents. But unintended consequences played their part. The storage tanks at Buncefield had various alarms that sounded when a tank reached capacity. The American Petroleum Institute (API) standard 2350 – which deals with measures to prevent storage tank over-filling – specifically states: “Caution: high-level detectors and/or automatic shutdown/diversion systems on tanks containing Class I and Class II liquids shall not be used for control of routine tank-filling operations. These devices are intended to signal a potential emergency and initiate certain manual responses or activate automatic response mechanisms.” But Justice Steel concluded that “on many occasions the relevant controller must have been deliberately filling to a level at or above the high-

Reuters

Almost five years on from the December 2005 explosion that destroyed much of the Buncefield oil storage depot in Hertfordshire, England – and which injured 43 people and led to an estimated £1bn (€1.2bn) in claims for loss and damage – the end result is slowly becoming clear. On 16 July, fines and costs totalling more than £9m were imposed by St Albans Crown Court on five of the companies involved in the disaster, with oil giant Total bearing the brunt of the punishment. The question of who is liable for the claims for loss and damage was resolved in a High Court action in March last year. Over the years of tangled litigation, many points have arisen that should be of interest or concern to risk managers, especially those dealing with hazardous industries. Here we summarise a few of the issues. You can read about the disaster in detail in Justice David Steel’s judgment, dowloadable from strategicrisk.co.uk (see tinyurl.com/SRBuncefieldJudgment).

The inquiry uncovered sloppy practice, lack of written procedures and slackness of vigilance level alarm”. In other words, operators started waiting for alarms to sound before shutting off the flow, rather than watching the gauges. It is human nature to take the easy option, made more likely by the absence of written instructions or risk assessments, as was apparently the case at Buncefield. The safety device became a tool. When that device failed, the assumption was made that the tank was not yet full – not that it was overflowing and about to explode. At the heart of all real risk lies mistaken human assumptions. ■

www.strategicrisk.co.uk

16/08/2010 11:26


Different views, different risks: We help you put it all together.

Different clients face different challenges. We at Allianz Global Corporate & Specialty work in partnership with our clients to develop the tailored cover they need – whatever the challenge. Find out why we are the choice of so many Fortune Global 500Ž companies, and discover a partnership you can rely on. www.agcs.allianz.com

Allianz is a registered trademark of Allianz SE, Germany. Allianz SE is the parent company of entities around the world. The range of services in different markets may vary.


NEWS ANALYSIS by Sue Copeman

For more analysis go to www.strategicrisk.co.uk

Pros and contingents C

ontingent commissions are, it seems, always to be surrounded by controversy. The debate over whether brokers should accept such an incentive payment to ensure insurers’ sales volumes or profitability targets – on top of the usual insurer commission payments or servicing fees from clients – heated up in July. Two of the world’s three leading brokers made their opposing positions very clear. First in the ring was Willis, which on 19 July unveiled a third-party authored white paper deploring contingent compensation. This followed its ‘Clients before contingents’ campaign, launched at the US RIMS conference in April. Hot on the heels of Willis’s move came an announcement from Aon on 21 July that it was “working with markets to explore the various forms of alternative remuneration available to Aon”. Aon Risk Solutions’ chairman and chief executive officer, Steve McGill, said: “We have decided to accept various forms of compensation, which may include supplemental or contingent commissions in the geographies and client segments globally, where appropriate and legally permissible.” Aon’s stance is that additional remuneration is acceptable if clients know about it.

Gloves are off

Corbis

Willis wasted no time in responding to this, saying Aon was “retreating to a troublesome, ambiguous position on contingent commissions”. It also branded Aon’s announcement “a wake-up call to all risk managers and buyers of insurance to re-evaluate whether their broker really works for them or the insurance carrier”.

In a statement, Willis added: “Another competitor has opted to put contingents before principle.” It also claimed that Willis was now the world’s only insurance broker to refuse to accept such payments in its retail business. Its statement asked: “Who is convinced that taking back-door payments from carriers at the end of a year, based on profitability and growth of a book of business, is an example of, as Aon’s Steve McGill says in the company’s news release, ‘doing what is right to serve the best interests of our clients’?”

Twists and turns Contingent commissions were accepted for years as part of the way the industry did business. But they were challenged in 2004 by the then New York attorney-general, Eliot Spitzer, on the basis that they created a conflict of interest. His focus was on the largest insurance brokers, which subsequently stopped accepting contingent commissions. However, continued pressure from brokers resulted in a volte-face, with the New York attorneygeneral’s office and the New York Insurance Department agreeing to lift the prohibition on contingent compensation in February this year. So are risk managers prepared simply to spectate while the big brokers fight it out? Clients, too, have a say – after all, it’s their money at stake. But whether they are prepared to voice it is another matter. Risk managers who don’t believe incentive payments from insurers create a conflict of interest often cite the fact that they have transparency from their broker as to any contingents payable on their business. However, a report commissioned by Willis from international law firm Edwards Angell

Palmer & Dodge suggests brokers should clarify how much money is involved, not just in respect of their own business but collectively from one insurer. This could be an eye-opener. Some big brokers may argue that they haven’t been operating on a level playing field because the contingency commission ban did not affect their smaller competitors. But their balance sheets over the past two years suggest that the large brokers are doing pretty well, given the recessionary pressures. Do they really want to be seen putting their investors’ interests above those of their clients? Why are many risk managers reticent in deploring contingent commissions? A cynical view might be that many of them started working life as an insurer or a broker and that there’s still certain old boys’ club operating. And, as companies come under pressure and make cuts to their risk management

The whole structure of reimbursement in the industry has to change or there will always be conflicts of interest staffing, some redundant risk managers have taken roles in insurance and broking firms. The whole issue of broker remuneration in its current form perhaps raises a separate debate. Brokers supposedly act as the representative of the insured but their costs are generally paid by insurers. In most countries, if you are paid a commission by someone, you’re regarded as being their agent.

Conflict of interests There’s a conflict of interest in the present circumstances before you even get on to the thorny subject of contingent commissions – but it’s a situation that suits most insurance buyers very well because it minimises their company’s costs. The unpalatable truth is that the party who pays your fees and contributes to your business’s profits is the one that is most likely to take priority. Few companies want to pay a service fee to their broker instead of allowing their broker to be remunerated by insurers’ commissions. But that has to be the way ahead. Otherwise brokers can – and perhaps do – end up simply as insurers’ agents. Arguably, the whole structure of reimbursement in the industry has to change or there will always be conflicts of interest. Finally, perhaps the biggest argument for risk managers against contingent compensation is that the client will end up paying. Any money that insurers pay out will result in higher premiums for businesses. These days, we are very conscious of the term ‘value added’. Contingent commissions don’t add any value for the client – but they’re likely to add to the cost of buying cover. ■ Sue Copeman is editor-in-chief of StrategicRISK

10 Strategic RISK SEPTEMBER 2010 |

08_10_NewsAnalysis_Sep10.indd 10

www.strategicrisk.co.uk

16/08/2010 11:26


At t ime s lik e

THE SE It’s nice to know you’re not alone. D&O cases can wear down even the toughest individuals: they can run for years, be stressful and expensive to defend, and a courtroom can be a terrifying sight to the uninitiated. Help is at hand though. When it comes to defending directors we have one of the most experienced teams in the industry and we know exactly what steps to take. Our new CorporateGuard D&O offers more protection than ever; if your clients ever have to face their own moments of truth, they’ll thank you for your foresight in arranging their D&O protection with Chartis. www.chartisinsurance.com

All products are written by insurance company subsidiaries or affiliates of Chartis Inc. Coverage may not be available in all jurisdictions and is subject to actual policy language. For additional information, please visit our website at www.chartisinsurance.com.


PEOPLE & OPINION

IN MY OPINION

Bribes are not a necessity for doing business in China Bribery has long been endemic in China, yet recent developments mean it is possible to do business with the Asian giant without resorting to corrupt activities, says Chris Torrens

I

ts economy is three times the size of the other BRIC countries – Brazil, Russia and India – added together, so it’s no surprise that China is already home to 480 of the Fortune 500 companies. More than half of these multinational firms say China is critical to their global strategies. Economic development has brought with it increasingly complex political, social and environmental challenges for the country’s central government. As well as the persistent problem of local protectionism, intellectual property violations and the government’s frequent use of nationalism as a political and commercial tool, the age-old issue of endemic corruption causes the biggest headaches for foreign businesses in China. From an operational perspective, many executives see corruption as a cost of doing business there. However, it is possible to work in China without resorting to bribes – which is just as well given the increasingly bright spotlight being directed at multinationals and their affiliates in China. Like other emerging markets, China suffers from official corruption and financial crime. Yet the scale of the bureaucracy and the pace of economic development have created conditions ideally suited to the growth of corruption. China ranked 72nd out of 180 nations profiled in the 2009 Corruption Perceptions Index published by Transparency International (the most corrupt ranking highest).

Road to corruption Corruption can be attributed to two factors: opportunity, presented to officials in their dual role as regulator and allocator; and motivation, caused by low salaries and few alternatives for selfenrichment. Rapid economic development has also benefited private entrepreneurs far more than it has government officials, which has been an additional source of aggravation. The privatisation of state assets has put opportunities for corruption within tempting reach of poorly paid bureaucrats. At the same time, central government has decentralised much of the decision-making process for investment, as well as law enforcement. Hidden costs present considerable challenges. These often appear in the form of unofficial “fees”, which, according to one businessman, cover issues such as birth control, public health, public security, traffic

12 Strategic RISK SEPTEMBER 2010 |

12_13_P&O_Sep10.indd 12

control, tree-planting and the fire department. Multinationals setting up operations in China often discover that internal controls are weak, company records incomplete (particularly given the high employee turnover rates) and the compliance environment not robust. In many cases, concepts such as corporate governance, fiduciary duty and business ethics have yet to evolve. One multinational manager in Shanghai says: “The Chinese have being doing business with family and friends for hundreds of years.” It should come as no surprise, then, that bribery in commercial dealings is routine. The picture is made worse by the actions of multinational companies’ senior managers who, having a limited understanding of local conditions and the language, opt to leave operational decisions to their local Chinese managers. The head of a Japanese manufacturing operation in China discovered that its most senior local manager was defrauding the company on a massive scale by selling surplus, reject and returned products in the market. The Japanese senior managers’ ignorance of Chinese and English had forced them to rely too heavily on one individual within the company. Unfortunately, if fraud is uncovered the local legal system is not always of great assistance. China’s written laws are generally good, and the police are typically dedicated and ‘clean’, especially in big urban areas. But interpretation of laws can vary dramatically from one jurisdiction to another and whitecollar crime is not a high priority. Further reducing the chance of success is the fact that the judiciary is underdeveloped and not beyond political influence. Judges are Chinese Communist Party appointees and are usually not trained lawyers. But hope is not lost. Efforts are being made to combat the problem. Persistent high-level

corruption scandals prompted the ruling Communist Party to set up the National Bureau of Corruption Prevention (NBCP), in line with the United Nations Convention Against Corruption. The NBCP’s website crashed hours after its launch as hundreds of thousands of visitors sought to register their complaints.

Five-year strategy Beijing also published a five-year plan (2008-12) to build and complete the system for punishing and preventing corruption, and has tabled an anti-money laundering law and regulations on the disclosure of government information. Furthermore, China’s membership of the World Trade Organisation since 2001 has increased transparency and reduced red tape. According to a World Bank report, entitled Doing Business 2010, China was ranked highest of all the BRIC countries for ease of doing business. It came 89th out of 180 countries – ahead of Russia (120th), Brazil (129th) and India (133rd), but lagged far behind regional neighbours Singapore (1st) and Japan (15th). The backdrop for these tougher actions is the

www.strategicrisk.co.uk

16/08/2010 10:50


PEOPLE & OPINION

T H E S OA P B OX leadership’s concern that official corruption is eating away at the Chinese Communist Party’s standing in the eyes of the public. In a survey of nearly 50,000 people carried out by the Xinhua news agency before the 2009 annual session of China’s parliament, the National People’s Congress, more than 75% named corruption as the most important issue facing the government. International laws are having a positive effect. The US’s Foreign Corrupt Practices Act (FCPA), which outlaws bribery of government officials worldwide, is enjoying a new lease of life. The US Securities and Exchange Commission is using it to fine companies registered, invested or listed in the US for noncompliance in countries around the world. As a result, more than 90% of US businesses are worried about the potential for FCPA violations while doing business in China, according to a report published last year by accountancy Deloitte. Tighter enforcement of Europe’s anti-corruption legislation – notably the Paris-based OECD’s Convention on Combating Bribery of Foreign Public Officials in International Business Transactions – has also done much to eliminate corruption since its launch in 1999. Subsequent legislation, such as the UK’s long overdue Bribery Act (2010), sets even more stringent standards for companies registered, invested or listed in the UK in their dealings around the world. The key to effective compliance is prevention. In order to comply with the FCPA, companies should consider establishing corporate compliance programmes in a bid to raise awareness within their organisations and so minimise the risk of improper payments being made. According to the local head of an international risk consultancy in Shanghai, most compliance programmes comprise two parts: a clear, concise corporate compliance document made available to all local staff (who should be tested for their knowledge of the guidelines); and training of all staff (particularly those in sales, marketing, distribution and accounts) to raise awareness of the compliance. Many multinational companies operate global compliance lines as part of their regulatory obligations. Companies can launch awareness campaigns to encourage staff to speak up about corrupt activities by advertising the compliance line number on posters around the factory and offices, on credit card-sized memos distributed to individual workers, and on official receipts sent to the company’s partners and suppliers. ■ Chris Torrens is a China specialist at global consultancy Control Risks and author of Doing business in China: a guide to the risks and rewards

READ MORE ONLINE

Company culture should be regulated Many of the causes of the financial crisis were deeply rooted in behavioural issues, so regulators should play a greater role in judging how culture drives firms’ behaviour. Even after all the supposed ‘lessons learned’ exercises, we still see decisions in major firms that we would judge not to be prudent. Greater intervention is needed from regulators to ensure decisions deliver the outcomes society expects. Historically, regulators have avoided taking action on culture and behaviour as it has been seen as too judgmental a role. However, given the issues we continue to see over time, I believe this one-dimensional approach should be questioned. Every other aspect of the regulatory framework is under scrutiny and we should not shy away from debating the culture question. The focus for regulators should not be to define one acceptable culture; there are many different forms a positive culture can take. Rather, they should focus on what an unacceptable culture looks like and what outcomes it drives. The following are some of the mechanisms by which regulators could intervene to ensure firms have the right culture: • Ensure firms hire managers who act with

By Hector Sants, chief executive, FSA

integrity, by judging competency but also by checking they understand the need to act with integrity to deliver the right culture, and that they are equipped to do so. • Ensure firms have the right governance and behavioural framework to facilitate good judgment by their staff. • Assess the actions against society’s wider expectations, not just shareholder value. Company directors should have a stronger and more explicit obligation to wider society. There must be clear recognition of the need for institutions to contribute to the common good. Determining an ethical framework is for society as a whole, not an unelected regulatory agency. However, it is, I believe, our role to police behaviour and expect firms to have the right culture that facilitates the delivery of the outcomes we expect. This viewpoint is taken from a speech Hector Sants gave at the Chartered Institute for Securities & Investment conference in London in June

Letter to the editor DON’T BLAME RISK MANAGEMENT Andrew Leslie’s article on the recent Eurostar train failures (StrategicRISK May 2010, pages 8-10) was interesting and informative. But he made a common mistake of blaming inadequate risk management for what happened. After detailing the events that led to hundreds of Eurostar passengers being stranded in five trains last December, Leslie asks: “What went wrong with the risk management to allow this to happen?” He answers his own question by suggesting that there was “a cascade of risks that were not fully anticipated”, and then lists eight of these factors. Unfortunately almost every one of the eight factors listed was not a risk but an unforeseen problem. The key characteristic of risk is that it is uncertain. But there is no uncertainty about the facts that more people travel in the pre-Christmas period, Eurostar trains are sealed for customs and immigration purposes, train managers cannot speak directly to the rail control centre, and different trains have different platform heights. All of these are known facts. Given these facts, the situation was inevitable once the triggering event had occurred. As risk professionals, we need to take responsibility when risk management fails. But we should not be blamed for simple poor planning or oversight of known facts that aren’t risks – and especially not in a magazine dedicated to risk. There was another inaccurate statement at the end of Nathan Skinner’s article on solar flares (StrategicRISK, May 2010, page 18). His closing sentence says “Ultimately, solar storms are a low-probability, high-impact event …”. No they aren’t! They may be low-frequency, but they are not low-probability. The probability of a solar storm is 100%. It will certainly happen; we just don’t know when. You can only assess the degree of uncertainty by linking it to a duration – the chance of one happening in the next 10 years, say – which is a frequency, not a probability. One of the main problems with communicating about risk to the general public is their lack of understanding of probability and frequency. I think it’s important to get this right in a risk-based magazine such as StrategicRISK. After all, if we can’t get it right among ourselves, how can we talk about the issue to the public? Dr David Hillson, Risk Doctor, Hampshire, UK

X Doing business in Russia: tinyurl.com/SR-RussiaBiz X Doing business in India: tinyurl.com/SR-IndiaBiz

• If you have a letter for the editor, please email nathan.skinner@strategicrisk.co.uk

Strategic RISK SEPTEMBER 2010 |

12_13_P&O_Sep10.indd 13

www.strategicrisk.co.uk

13

16/08/2010 10:50


COVER STORY

A

theme park full of the childish screams of revellers might seem a strange place for a StrategicRISK correspondent to find himself on assignment. But there’s an easy explanation: LEGO Group’s headquarters are smack bang opposite LEGOLAND in Billund, a small provincial town in Denmark, about 250km west of Copenhagen. And this is where you will find Hans Læssøe, head of strategic risk for the legendary Danish toymaker. While Billund is not built out of LEGO, it does more or less owe its existence to the famous plastic bricks. Around one-third of the population work for the LEGO Group, one of Denmark’s most famous brands. This is the toymaker’s creative and production powerhouse, birthplace and spiritual home of a product that stretches back to a small carpenter’s workshop in the early 1930s. Over the past 80 years it has grown into the world’s fifth largest toymaker. Læssøe is by no means a conventional risk manager, having spent most of his professional career (more than 25 years) working for the toy manufacturer – and never for an insurance company.

A cheerful and chatty man, he lives surrounded by a large family and his two Shetland ponies on a ranch just a stone’s throw from Billund. (He admits that his job makes him popular with his grandchildren; he’s been to LEGOLAND – now owned and operated by the Merlin Entertainment Group – more times than he cares to admit.) “Big company, small town,” he says, greeting me as I marvel at the huge LEGO bricks towering over the entrance to the company’s headquarters. Behind a tall fence, children scream as they hurtle down one of the rides that loop above LEGOLAND just behind the corporate head office. About 37 billion LEGO bricks were made in Billund last year, equivalent to around four million elements an hour. “That’s 72,000 a minute,” says Læssøe – just one of the statistics he can rattle off. Another that sticks is that LEGO built 233 million mini-figures last year, which is enough, if they were stood side by side, to stretch from Billund to Boston in the USA. Læssøe demonstrates the mass production as he escorts me around the moulding facility, where the bricks and mini-figures are crafted. Each room has lines of automatic moulding machines that churn out hot little coloured plastic bricks every couple of seconds. This is the real Santa’s workshop.

Crisis, what crisis? The LEGO Group has had an impressive few years, experiencing huge growth between 2005 and 2008. The success of the toy market is inversely proportional to the state of the overall economy, says Læssøe. “The best thing that can happen to us is a financial crisis,” he says. That’s because parents tend to buy fewer expensive high-tech gifts for their children but still enjoy showering them with cheaper toys, particularly at Christmas. Læssøe is eager to point out that LEGO toys can be educational; building a model from his company’s products helps young children to develop spatial awareness, he says, while older children must be creative, imaginative – and patient. In a virtual world of PlayStation and Xbox games, this is a powerful message for a generation of parents keen to watch their children play in a more traditional way. LEGO has also avoided some of the problems that have hampered its competitors. In 2007 Mattel, a huge US toy firm, was forced to recall more than 18 million Chinese-built toys after fears that they were contaminated by paint containing dangerous levels of lead. The toys were made by one of Mattel’s contract manufacturing facilities and the recall hit its reputation and stock price hard. Most of LEGO’s products are built in Europe, although there is a facility in Mexico that supplies the US market. That’s helped the company to avoid some of the negative reactions to some ‘made in

‘South Korea is contemplating a law that bans the education of children under 15 after 10pm’ Hans Læssøe

14 Strategic RISK SEPTEMBER 2010 |

14_16_Lego_SRSep10.indd 14

China’ products. Major retailers (such as Walmart in the USA, which exerts immense influence) are increasingly reluctant to stock toys made in China. This has boosted companies whose products are built in countries perceived to be more reliable and with stricter standards. It is not all rosy though. Toymakers operate in a highly competitive market with some of the most fickle consumers in the world, children. “Two-thirds of all the toys sold in the world are new,” Læssøe says. But the average product lifecycle is 20 months – which is why the company needs to stay ahead of the curve. “We are dependent on being able to again and again to come up with toys that children think are fun. In this industry, you are never more successful than your current product portfolio,” he says.

Playing styles The toymaker benefits from an established tradition in Europe, with many families entering their third LEGO-playing generation, while in the USA, there’s been a steady growth of second-generation users. “Our growth in the USA has been phenomenal: more than 30% a year over the past few years,” Læssøe says. It’s a success that is helped by a Los Angeles office responsible for tie-ups with Hollywood blockbusters. The Middle East, however, is a small market. In fact, when a Danish newspaper published satirical drawings of the prophet Muhammad, Muslims were told to boycott Danish products, including LEGO. “We found we were selling more in London than the Arab countries all together so we could live with it,” Læssøe says. Researchers have identified several cultural differences between the way children play. They make for interesting reading but are based, somewhat, on stereotypes. Children in Asia, for example, typically don’t have much free time to play because they are focused on work. “It is so intense in some countries that South Korea is contemplating a law that bans the education of children under 15 after 10pm,” says Læssøe. Toys sold here, he explains, need to have an educational angle. German children, on the other hand, are brought up to be thorough, meticulous and focused. This means technically complex LEGO toys that take hours to build are more likely to be popular. American youngsters, meanwhile, are typically more outgoing, social and competitive. “They want smaller models that are faster to build.” Læssøe says that designers must bear these different styles of play in mind when they come up with a concept for a new toy. As a further safeguard, LEGO uses children to ‘sanity check’ the toys before they go to market. Sometimes this results in a redesign, as was the case when, after testing a new LEGO train on toddlers, designers realised they would have to overhaul and strengthen the wheel mechanism because when children played with it they found it much more to fun to wheel the train across carpets, walls – and the back yard – than to keep it on the official track.

www.strategicrisk.co.uk

16/08/2010 12:06


COVER STORY

A model career

Times are bountiful for the LEGO group; last year it churned out more than 37 billion of those little plastic blocks. But it’s not all rosy, as Nathan Skinner found when he met Hans Læssøe, the company’s head of strategic risk Strategic RISK SEPTEMBER 2010 |

14_16_Lego_SRSep10.indd 15

www.strategicrisk.co.uk

15

16/08/2010 12:06


COVER STORY

LEGO is the world’s fifth largest toy manufacturer TThe name LEGO is an abbreviation of the two Danish words ‘leg godt’, meaning ‘play well’ LEGO has factories in four countries: Mexico, Hungary, Czech Republic and Denmark. The newest one is in Mexico; it opened last year Net profit for 2009 was 2,204m DKK (€382m) LEGO has around 8,000 employees TThe world’s children spend five billion hours a year playing with LEGO bricks It would take 40 trillion LEGO bricks to reach the moon On average there are 62 LEGO bricks for every O person on Earth

Seasonality is another major problem, and one where LEGO is more vulnerable than its peers. “We do not have any outdoor, summer toys,” Læssøe says. “Sand and LEGO bricks are a bad combination.” Hence the company is more dependent on Christmas sales than its competitors. “Half of our sales on the shop floor are during the seven weeks preceding Christmas and, even then, we have some 20% of our full-year sales during weeks 50 and 51,” he says. This makes relationships between LEGO and its retailers vitally important. “In the good old days, toys were sold through small specialist stores, which were as dependent on us as we were on them,” he says. “Not so anymore. An ever-increasing volume of sales is through general stores such as Target or Walmart in the USA, Tesco in the UK, Metro in Germany, and Promodes in France. For them toys are only a few per cent of their total sales and the sale of LEGO is but a few per cent of that. This makes us vulnerable to retailer prioritisation, including the significant risk of being pushed out by a private label copycat product.”

Risky business It’s in this environment that LEGO bosses asked Læssøe to take on the job of strategic risk manager. He set out trying to figure out the best approach. “We needed something to address our strategies … something pragmatic and simple.” Four years ago he started working one day a week on risk management. In late 2006 he was ready to have a risk identification workshop. “I called in some 25 senior practitioners from legal, control, product development, sales and marketing. We sat down and identified 90 strategic risks that could hit us.” In early 2007 he started compiling a risk database to form the basis of his risk management information system. With the help of two other experienced colleagues, he then assessed each of the risks on a probability versus impact matrix. “Then we threw it out to each line of business for them to assess, and asked them whether they agreed with us.” The idea of the project was to build strategic risk management on top of an already well-established

16 Strategic RISK SEPTEMBER 2010 |

14_16_Lego_SRSep10.indd 16

tradition of operational risk management. “I wanted to get ahead of the decision-making process,” says Læssøe. “We’ve done strategic risk management before but it’s always been implicit, ad hoc and unsystematic; now we have a standardised process so that we know it’s getting done properly. I seriously hope I can install it as a piece of culture. Strong risk management for me is strong mental awareness of the concept of risk and opportunities.” Currently the scope is being expanded. Since 2009 he’s been working on a two-stage process that he’s called Active Risk and Opportunity Planning (AROP). The idea here is to get business managers to consider the risks and opportunities at an early stage in their project planning, rather than after the business decision is made. By the end of last year, Læssøe was ready to launch a training project to embed risk culture within the organisation. Several things mean life as a risk manager comes naturally to Læssøe. Understanding the company inside out is obviously handy. But right from the start, his bosses have given him a free reign; they’ve always been on board with the idea of risk management and have given him all the time he’s wanted to implement it. Læssøe is thankful that the private LEGO, still owned by a grandson of the founder, is not bound rigidly to a compliance-based approach to risk management. He compares a company that has its risk reporting in line with legal requirements and no more to a car whose driver is competent enough to avoid an accident but unable to realise opportunities by avoiding snarl-ups. His mantra is for risk management to be forward looking, believing that it can add real value by spotting problems before they arise. It’s a successful mantra; Læssøe was a runner-up in StrategicRISK’s 2009 European Risk Management Awards. LEGO’s rapid growth between 2005 and 2008 brought problems, however: he says it made it difficult for some of the middle managers who joined LEGO in 2004 to fathom downside risks, because they had never experienced anything other than an upward trend. Being a LEGO lifer, he

remembers the dark days between 2002 and 2004 when the company’s turnover dipped by a third.

Future gazing Læssøe does a lot of scenario planning. By outlining mega trends in the global economy – political, social, technologial and environmental – he has identified four future risks. The business planning process is then tested against each one. “None will materialise, but we will probably get parts of all of them,” he says. Scenario one sees economic growth continue slowly but steadily. Few changes are required, he says. Scenario two, a ‘brave new world’, forecasts massive growth in the global economy, mainly driven by China. Here, European families that feel under threat from their Chinese counterparts limit their children’s play time and increase the emphasis on hard work. LEGO would have to take this on board when designing new products but would be in a strong position to compete, he says. Individualism also features – or, as Læssøe says, “one size fits me”. Products would have to be tailored with this in mind and mass production would become harder. The third scenario is characterised by cut-throat competition. A decline in trade here will cut out all but the most professional retailers, threatening many of the specialist stores where LEGO sells its products. Countries eager to protect their economies might also go into “legislative overdrive”. “We’re starting to see this already with product safety rules,” he says. Læssøe has called his last scenario ‘Murphy’s surprise’. This one is based on a double-dip recession: the euro has collapsed and the dollar is down. All the major banks have been nationalised and the free-flow of money and goods has frozen. High unemployment has also sparked social unrest. But he is confident of managing such a scenario: “The value of strategic risk management is that it supports a business system that will prevail and succeed, even if the world around us is facing hard times and high uncertainty.” ■ Nathan Skinner is editor of StrategicRISK

www.strategicrisk.co.uk

16/08/2010 12:06


Project1:Layout 1

11/6/10

12:01

Page 1


RISK SURVEY

Still some way to go StrategicRISK’s latest benchmarking survey indicates that, while many organisations are seeing the benefits from enterprise risk management, a significant number still have some distance to cover before it is firmly embedded in their corporate culture A lack of support from senior management is the main thing that stops businesses properly implementing enterprise risk management (ERM), according to StrategicRISK’s latest reader poll. The 100-person web survey also identified “unclear ownership and responsibility for implementation” as well as “lack of tangible benefits” as other significant barriers to successful ERM execution. Unsurprisingly in the current cost climate, the respondents added that a lack of capital to invest in risk management was also negatively affecting their ERM efforts. The study was designed to give a snapshot of how ERM is being implemented across organisations so that risk managers can benchmark their efforts with peers.

Encouragingly, over half (57%) had identified their organisation’s risk appetite, defined as the sum of assets that the organisation is willing to put at risk in pursuit of its corporate objectives. Although many of the risk management standards state that organisations should understand their risk appetite, the application of the concept remains difficult. Successfully identifying an organisation’s risk appetite is an essential part of effective risk management.

Making an impact Even more positively, almost three-quarters (70%) of the survey participants said that their ERM programme does improve business decision-making.

40

Rest of the world

Europe

19 North America

23

19%

How would you describe the level of maturity of your ERM programme?

Stage 1

25%

Stage 2

33%

Stage 3

UK

Stage 4

10%

Stage 5

13%

What best describes the sector your organisation operates in?

1 Materials

Stage 1

Initial/lacking

Activities are limited in scope and may be implemented on an ad hoc basis.

Stage 2

Basic

Limited capabilities to identify, assess, manage and monitor major risks.

Stage 3

Defined

Sufficient capabilities to identify, assess, manage and monitor major risks. Policies are also defined and used across the organisation.

Stage 4

Operational

Consistent ability to identify, assess, manage and monitor major risks. Policies are consistently applied across the organisation.

Stage 5

Advanced

Well-developed ability to identify, assess, manage and monitor major risks. Processes are dynamic and able to adapt to changing risks. Explicit consideration of risks in management decision-making.

5 Healthcare 6 Telecommunications 6 Information technology 8 Utilities 9 Energy

Source: Aon’s Risk Maturity Model

18

In what region are you based?

A third of the respondents indicated that their ERM programmes were sufficiently mature that they could identify, measure, manage, report and monitor their major risks, adding that their policies and techniques had also been clearly defined. A quarter of the respondents described their ERM programmes as slightly less mature – in other words, they had limited capabilities to identify, assess, manage and monitor their main risks. And fewer still (19%) were in the initial stages of ERM. Only a handful of respondents had ERM programmes that were either consistently applied at an operational level (10%) or at an advanced level (13%). This indicates that risk managers still have some way to go to fully embed ERM within their organisations.

16 Industrial 17 Consumer 32 Financial Have you identified your organisation’s risk appetite?

18 Strategic RISK SEPTEMBER 2010 |

18_19_RiskSurvey_Sep10.indd 18

57 43 No

Yes

Does your ERM programme improve business decision-making?

30

70 Yes

No

www.strategicrisk.co.uk

16/08/2010 14:26


RISK SURVEY in association with

Over a quarter (28%) said that their ERM programme also has a “significant” influence on their organisation’s strategic planning. More than one in 10 (15%) said that it has a “very significant” impact on strategic planning. But, equally, a similar proportion (14%) said that it has “very little” influence. The biggest proportion of respondents (36%) said that ERM only “partially” influences their strategic planning. In a connected finding, ERM is only moderately successful at helping organisations achieve their objectives, according to almost half (46%) of the respondents. Over a quarter (28%) reported isolated success with this. Only 20% of respondents said that their ERM programme is “very successful” at helping them achieve their commercial objectives. Only a small number (10%) of the respondents said that their organisation (including all its employees and senior management) “entirely” understands the objectives of ERM. Around a fifth (21%) said their organisation understands the ERM objectives “significantly”.

7

How significantly does ERM influence your organisation’s strategic planning?

36

Not at all

Partially

14 Very little

15

Very significantly

Company secretary/ treasurer

5

Internal audit No ERM champion

4

28

Significantly

Only 10% of the respondents aid that their organisation understands ‘entirely’ the objectives of ERM

How well does your organisation (including all its employess and senior management) understand the objectives of ERM?

27

16

Who is the prime sponsor of the ERM programme?

5 10

Not at all Entirely

21

Significantly

64 Partially

The biggest ‘prime sponsor’ of ERM is the chief financial officer, according to our survey. Next in line is the chief executive, followed by a risk management director, and then the board. Neither the company treasurer nor the internal audit department are popular sponsors of ERM, according to this group of respondents. Overall, the findings of our survey indicate that there is work to be done in terms of establishing ERM as standard business practice. Encouragingly, though, the survey shows that many organisations are past the initial stages of ERM programme development and a number of organisations have already been successful in embedding a culture of risk management and influencing strategic decisions through the use of ERM. ■

How successful have you been at embedding ERM into the corporate culture so that everyone in the organisation understands their risk accountabilities?

7

54

Not at all

17

Partially

Entirely or significantly

22

Very little

9 Lack of skills and capability to embed ERM business 12 Lack of access to key people

22

Chief executive Director of risk management

20

Board

Company champions

The biggest proportion (64%), however, said that their organisation only “partially” understands the overall objectives of ERM. Complementing this finding, over half of the respondents (54%) said they were only partially successful embedding ERM into the corporate culture so that everyone in the organisation clearly understands their risk accountabilities. This

Chief financial officer

6

goes to show that embedding a risk culture is an ongoing challenge for many firms. Just 17% of the respondents said that they had achieved this “entirely or significantly”, indicating that at least some firms are confident about their risk management cultures.

What are the main barriers to implementation of ERM?

16 Failure to clearly communicate the case for change 18 Lack of clear plan 20 Unclear ownership and responsibility for implementation 21 Lack of tangible benefits 21 Lack of capital to invest in risk management 32 Lack of senior management sponsorship

How successfully does the ERM programme help your organisation meet its corporate objectives?

6 20

Unsuccessful Very successfully

46 Moderately successful

28 Isolated success

Almost three-quarters (70%) of the survey participants said that their ERM programme does improve business decision-making Strategic RISK SEPTEMBER 2010 |

18_19_RiskSurvey_Sep10.indd 19

www.strategicrisk.co.uk

19

16/08/2010 14:26


20_21_FantasyRugby:Layout 1

16/8/10

17:24

Page 20

AVIVA PREMIERSHIP RUGBY FANTASY CHALLENGE

GLORY, PASSION, PRIDE – WHA Register your Aviva Premiership Rugby Fantasy Challenge team to win great prizes at:

strategicrisk.co.uk/avivapremiershiprugby BRING ON THE PAIN (AND THE GLORY!) StrategicRISK has teamed up with Aviva to bring you an exciting Fantasy Rugby thrill fest. Enter online and compete with your risk and insurance friends for the chance to win fantastic prizes, including exclusive tickets to the Aviva Premiership Final.

SCORING STARTS 3 SEPTEMBER 2010 SO HOW DO YOU PLAY? IT’S EASY. YOU CAN JOIN IN THREE STEPS:

1 GO TO: strategicrisk.co.uk/avivapremiershiprugby 2 CHALLENGE COLLEAGUES, MAKE TRANSFERS, ENJOY THE GAME! 3 REGISTER AND PICK A TEAM, OR JUST USE THE ‘LUCKY DIP’ OPTION

Once you have registered, you can set up your own private league to challenge your friends and workmates. Scoring for the new season of the Aviva Premiership starts on 3 September 2010, so make sure you have your team selected by then. You don’t want to miss out on those all-important early-season points!


20_21_FantasyRugby:Layout 1

16/8/10

17:25

Page 21

AVIVA PREMIERSHIP RUGBY FANTASY CHALLENGE

HAT WILL YOU BE PLAYING FOR? RULES: YOUR TEAM FORMATION Your team must consist of 15 players and include eight forwards, a scrum half, fly half and five backs, with not more than four players from the same club. One of your players must be designated as a kicker. Managers have 40 transfers for the season and unlimited kicker changes.

HOW TO SCORE POINTS Your team will score points based upon how your chosen players perform in the Aviva Premiership during the 2010/11 season. The points-scoring system is as follows: Try Assist Penalty kick, conversion or drop kick (designated kicker only) Full appearance (starts and finishes game) Part appearance (starts but doesn’t finish game) Substitute appearance (doesn’t start, but comes on as substitute) Yellow card Red card

5 Points 3 Points 1 Point 3 Points 2 Points 1 Point -1 Point -2 Points

PRIZES 1st prize The winner plus their three guests will get the full VIP experience at the Aviva Premiership Rugby Final on 28 May 2011. We’ll include a signed club shirt of your choice and a behind-the-scenes tour of Twickenham.

2nd prize Two tickets to the Aviva Premiership Rugby Final on 28 May 2011.

3rd prize A signed rugby ball from the Aviva Premiership Rugby club of your choice.

Manager of the Month awards Two tickets to a game of your choice during the season. *T&Cs apply, please visit strategicrisk.co.uk/avivapremiershiprugby

SEVEN PLAYERS TO WATCH StrategicRISK predictions: Schalk Brits, front row forward, Saracens Jim Hamilton, second row forward, Gloucester Rugby Steffon Armitage, back row forward, London Irish Michael Claassens, scrum half, Bath Rugby Jimmy Gopperth, fly half, Newcastle Falcons Ben Jacobs, centre, London Wasps Chris Ashton, outside back, Northampton Saints Don’t know your Tigers from your Harlequins? Don’t worry. Choose our lucky dip option and let fate determine your line-up

FACT FILE: LAST SEASON Top try scorers 16 tries Chris Ashton, outside back, Northampton Saints 11 tries Joe Maddock, scrum half, Bath Rugby 10 tries Matt Banahan, outside back, Bath Rugby Top try assists 6 try assists James Simpson-Daniel, centre, Gloucester Rugby 5 try assists Joe Simpson, scrum half, London Wasps 4 try assists Chris Ashton, outside back, Northampton Saints Top goal kickers 78 goals Toby Flood, fly half Leicester Tigers 73 goals Jimmy Gopperth, fly half, Newcastle Falcons 67 goals Nicky Robinson, fly half, Gloucester Rugby How they lined up last season Team Win Draw Loss Points 1 Leicester Tigers 15 1 6 73 2 Northampton Saints 16 0 6 71 3 Saracens 15 1 6 69 4 Bath Rugby 12 2 8 61 5 London Wasps 13 0 9 57 6 London Irish 10 3 9 52 7 Gloucester Rugby 10 1 11 48 8 Harlequins 9 2 11 46 9 Newcastle Falcons 6 4 12 37 10 Leeds Carnegie 7 1 14 36 11 Sale Sharks 6 1 15 32 12 Worcester Warriors (R) 3 4 15 28


T Plight of the

honeybee

he master of all the pollinators – the honeybee – is dying out on a global and frightening scale. In the UK alone, the last annual survey carried out by the British Beekeeping Association showed bee losses of 17% over this year’s winter. This is nearly double normal yearly losses. Over the last two decades, it is estimated that nearly half of the UK’s bee hives have vanished. For the USA, the figures are even more worrying – the winter of 2009-10 saw a loss of 33.8% of US bees. It is a similar picture in many other European countries, including France, Germany, Italy, Belgium and Switzerland. Scientists believe there is a real risk that bees could disappear altogether. This emerging risk – labelled ‘colony collapse disorder’ – could leave the world with a potentially imminent ecological and financial catastrophe. In 2007, Britain’s then minster of environment and rural affairs, Lord Rooker, gave a stark warning in the House of Lords that if things went on as they were, “the honeybee population could be wiped out in 10 years”. Judging by recent figures, this grim forecast could come true sooner rather than later.

image: istockphoto.com/Antagian

ENVIRONMENT

What does this mean for us?

Pesticides, parasites, disease – the growing list of aggressors against the humble honeybee is causing the population to die out and, Emily Miller warns, the ramifications will be huge 22 Strategic RISK SEPTEMBER 2010 |

22_23_Bees_Sep10.indd 22

As bees become extinct, so too will the Earth’s flora, fauna and a large part of our diet. This is a worrying fact for a financially challenged world trying to feed an ever-expanding population with highly stressed resources. In Europe alone, €14.2bn is generated from insect pollination every year. Twelve per cent of the earth’s land is cultivated for crop growing, and 90 types of commercial crops (including cotton plantations, orchards and vegetable beds) owe their existence to bees. If the bees disappear, so will these crops. Vital forage, like Alfalfa, which feeds cattle and pigs, could also disappear. Meat, milk and cheese could become prohibitively expensive. The pharmaceutical and cosmetic industries would be deeply affected. Etopside, a drug used to treat skin cancer, comes from a chemical found in the May apple. Beeswax has over 120 industrial uses in drugs, polishes, lubricants and skincare products. “Bees pollinate a third of the food we eat,” says Naomi Davies, environment adviser in the social goals division of the Co-operative Group, the UK’s largest farmer and a major retailer. “Research shows that the bee population in the UK halved between 1985 and 2005. Nobody knows for certain what is causing bees to die off in such large numbers, but many factors have been implicated, including pest and disease, pesticides, the importing of non-native bee species, wet summers and loss of wildflowers.” With so many commercial products at risk, the extinction of the honeybees could foretell the unravelling of the world economy. The UN’s Food and Agriculture Organisation puts the annual value of pollination services worldwide at $200bn (€154bn). According to the World Economic Forum, over one billion people, or one in six globally, do not have access to adequate food and nutrition today. By 2050, the global population will grow to a projected 9.2 billion people, and demand for agricultural products is expected to double.

www.strategicrisk.com

16/08/2010 14:02


image: istockphoto.com/KW400

ENVIRONMENT

In 2007, the price on the global markets of soya beans rose by 87%, corn by 31% and wheat by 130%. The reliable production of staple foods already appears increasingly fragile and escalating prices on these foods across the globe have provoked riots in more than 30 countries. Severe shortages brought about by the decline of the bees could provide a catalyst for global civil unrest.

Mass pesticide

10 In 2007, Lord Rooker predicted that bees will die out within a decade

Pesticides, genetically modified crops, invasive parasites, malnutrition, mites, disease, inter-breeding and climate change are all cited as possible causes of the decline in bee population. Many scientists agree it may be the combination of all of these factors that leaves the bees vulnerable and unable to survive. “The problem,” Manchester Beekeeper’s Association microscopist John Charlton says, “is that bees have a very weak immune system. If they get three upsets, they won’t survive.” These upsets could be anything from the stress caused by pesticides to parasites, viruses or mites. The spread of pests and diseases has been compounded by the international trade in honeybees to bolster supplies. Pesticides remain the biggest concern, as many of those used on bee-pollinated crops are toxic to honeybees. Systemic pesticides like Imidacloprid work their way up through the plant into the flowers’ pollen and nectar and are consumed by bees at low, yet dangerous, levels. Studies in France and Italy have found that imidacloprid can disorientate bees, impair their memory and communication, and cause nervous system disorders. “Pesticide usage is possibly a factor behind the collapse of bee colonies,” Co-operative Group senior technical manager Simon Press says. “Certainly some pesticides are recognised as having an effect on how the bees can find their way back to their hives and communicate with the other bees in the hive. There was a case in Germany last spring, and in France prior to that, where neonicotinoids and the use of them has caused the complete collapse of bee populations in certain areas.” In January 2009, the Co-operative Group launched its campaign, Plan Bee. “It’s a ten-point plan to help reverse the decline,” Davies says. “It will research the effect of neonicotinoid pesticides on bees and take action by prohibiting these types of pesticides.” Since 2009, Co-operative Food has imposed a temporary prohibition on the use of four of the neonicotinoid pesticides on its own-brand fresh and frozen produce. The shift in global agricultural practice more generally has played a role in the decline of the bees. The mixed farming landscapes of the past

1/3 A third of the food we eat is pollinated by bees

120 The number of industrial uses beeswax has, in drugs, polishes and skincare products

have been replaced by heavily industrialised monocultures, which represent a hostile pollination ground for bees. Farmers who mass produce bee-pollinated crops have come up with ways to increase their harvest to meet burgeoning commercial demands. For example, in the USA 80% of the world’s almond production takes place in California. Almonds are the country’s most profitable export. And pollinating these orchards requires some 40 billion bees. Half of all the honeybees in the USA have to be transported to California to facilitate this commercial success. As a result, pollination has become a global business worth £30bn (€36bn) and honeybees are treated more like machines than animals. Shipping them around the country in the back of trucks lowers their resistance to disease and pests and may account for their rapid disappearance. In southern Sichuan in China, the mountains are covered in pear trees but there are no bees in the region to pollinate them, as pesticides killed them all 20 years back. Instead, humans must pollinate the trees by hand. Every April, thousands of people climb up the branches with bamboo sticks with chicken feathers attached to the end that have been dipped in pollen, manually collected from the trees beforehand. Laborious and slow, it is signficantly less efficient than a colony of honeybees, which would be able to pollinate up to three million flowers a day. The cost of employing humans to hand-pollinate across the world, should the bee population die out, would be unfeasable and unsustainable. In the USA alone, to employ labourers to hand-pollinate 3.5 million acres of crops that are normally fertilised by honeybees would cost an estimated $90bn.

threats to insect pollinators. The ultimate objective is to mould the development of mitigation strategies that will then ensure that the pollination of agricultural and horticultural crops is protected and biodiversity in natural ecosystems is maintained. “The initiative will help some of our worldclass researchers to identify why bee numbers are declining,” says Lord Henley, a Conservative peer and Defra minister. “It is crucial that we better understand the complex relationships between biological and environmental factors that affect pollinators’ health and lifespan.” This funding and research is hugely important, but what seems glaringly obvious is that the world’s biodiversity is at risk because of the unsustainable way agricultural land is managed. Research shows how pesticides play a key role in inhibiting the bee’s ability to pollinate and survive. But, as one aggravating factor amid so many, pesticide companies maintain that they don’t shoulder all the blame and so pesticide use continues. Pesticides are just one component of intensive farming methods that have caused the loss of habitat and flowers that scientists know are killing bees. The UK alone has lost over three million hectares of habitats rich in wildflowers since the Second World War, but wildlife schemes have only recreated 6,500 hectares. A report on the implications of biodiversity loss, put together by PricewaterhouseCoopers in collaboration with the Global Risk Network in 2010, warned how dependent agricultural systems are on key ecosystem services, including pollination. The report anticipates the world’s population will increase significantly. “This will place huge pressure on scarce land resources and will severely test the ability of ecosystems to deliver the services on which agriculture relies,” the report said.

Bee happy

What can be done?

Some companies, like the Co-operative Group, are adopting a positive approach. Leading by example with their ban of certain pesticides, the group continues to fund research and support the fragile industry of bee-keeping. “We are in our second year of a three-year trial to research a wildflower seed mix that will be planted alongside crops on our farms,” Davies says. “On top of this, we have invited beekeepers to keep hives on our land with over 600 in place to date. We have given away over 600,000 packets of wildflower seeds and are funding urban beekeeper projects in London, Manchester and Inverness.” The bee dilemma is real and brings with it a worrying outlook of connected risks. Compounded by disease and pests, the real challenges lie in the failing environment and the destructive way landscapes are farmed. Restoring ecosystems and overhauling pesticide use are essential initiatives if we are to safeguard an industry that the world is so reliant on. It requires radical action and it needs to be taken soon before the honeybee vanishes for good. ■

On 22 June 2010, the UK’s Department for Environment, Food and Rural Affairs (Defra) announced the funding of nine projects, worth £10m, to explore the causes and consequences of

Emily Miller is a freelance contributor to StrategicRISK. For further reading on the topic, see A World Without Bees by Alison Benjamin and Brian McCallum

Strategic RISK SEPTEMBER 2010 |

22_23_Bees_Sep10.indd 23

www.strategicrisk.com

23

16/08/2010 14:02


RATINGS

Ready to face the judges? When Standard & Poor’s added risk management to its credit rating assessment, some doubted it had the credibility to properly judge the discipline. But as a good rating is vital to success, says Nathan Skinner, does your ERM do enough to impress the panel?

Illustration: Paul Daviz

O

n 7 May 2008, the credit rating agency Standard & Poor’s announced that it would “enhance” its rating process for non-financial companies by conducting a “review” of enterprise risk management (ERM). It began discussions with firms in the USA and Europe, and by July 2009 had spoken to around 300 firms. “ERM will add an additional dimension to our analysis of management and corporate governance, creating a more systematic framework for an inherently subjective topic,” S&P’s official statement said. The decision to start including a review of ERM in ratings immediately sparked interest from the risk management community. Some risk managers were outraged at the development, feeling that a rating

24 Strategic RISK SEPTEMBER 2010 |

24_25_Ratings_Sep10 24

agency would not have the independence, expertise or resources to properly evaluate ERM. Others saw it as an opportunity to raise the profile of risk management and a welcome move that would add credibility to the discipline outside the financial world.

Slating agencies Given that the rating agencies failed to spot problems in the financial system as part of their “forward-looking” assessments of banks and other financial firms, leading to the global banking crisis, those doubters may have felt vindicated. But credit ratings are still vitally important, both inside and outside the banking world, hence the level of interest in these risk-rating developments.

In particular, capital-intensive companies, like large manufacturers, car makers and mining companies, are acutely aware that their credit rating has a direct bearing on borrowing costs: the lower the rating score, the more borrowing costs escalate. Investors also demand the assurance and transparency of a highly rated company. A substandard evaluation can be a severe disadvantage in the competition for investment. So, what does S&P’s decision mean for risk managers? How will the new rating dimension affect them and corporate credit ratings overall? And do rating agencies have the credibility to “judge the effectiveness of whatever risk management processes are in use”, as the agency promises on its website?

www.strategicrisk.co.uk

16/08/2010 14:05


RATINGS

Some senior risk practitioners doubt commercial rating agencies will ever provide the best way of assessing an organisation’s management practices. Fundamental to their concerns is the fact that companies must pay for their own assessment. Such systemic problems with the rating agencies’ inner workings were explored in ‘Lifting the lid’ (StrategicRISK, January 2010). Former senior analyst at Moody’s Investor Services, Eric Kolchinsky, told StrategicRISK that in the run-up to the financial crisis, conflicts of interest within the rating agency led analysts to issue overly optimistic outlooks on subprime-backed financial instruments, which later turned out to be toxic. “At the end of the day, you could never say ‘no’ to a deal,” he said. Many within the industry continue to believe that these conflicts of interest prevent rating agencies from issuing a truly objective opinion. Another concern with assessing ERM in a corporate is that each company tends to do things very differently – and this makes comparing one system with the other very difficult. S&P does appear to accept this and has developed a strict set of criteria, which limits the scope of their investigation to an “extension of the management assessment”.

Judge and be judged Despite these structural issues, risk managers are keen to understand how the rating process works. Credit rating agencies are an influential force within the financial system and jumping through their hoops could deliver some important benefits. After all, if a company is on the cusp of a rating upgrade then an outstanding ERM assessment could bump them up. But ERM issues alone are unlikely to drive up a particular rating for most non-financial companies, the rating house says. S&P analyst Amra Balic explains: “We don’t really expect ERM to move very many ratings. What we do believe is that it could reflect on the rating in a positive way, by showing that the management is looking into the main risks. The companies that are embracing ERM are doing so for reasons beyond merely hoping to boost their credit rating, however. The value of strong risk management, believes S&P, is more likely to emerge during extraordinary or unexpected circumstances, such as a financial crisis for example, as shown in recent years. It is this sort of unanticipated risk that makes ERM indispensable. In terms of the assessment itself, S&P says that a company’s ERM review will just be another part of its normal credit review. S&P will look at public information, such as the risk management information in the annual report, in addition to putting questions to management directly (see box, above, for examples). In the review, the rating agency will look at two main strands of ERM: risk management culture and strategy. Additional analysis will also look at the

SING FOR SURVIVAL: QUESTIONS YOU CAN EXPECT TO BE ASKED

might have been misinterpreted by some people in the market as signalling a drastic change in the rating process. We do not intend nor have we ever intended to rate ERM in the corporate credit rating.”

What are your company’s top risks, how big are they, and how often are they likely to occur? What is management doing about top risks?

Practice makes perfect

Describe the staff responsible for risk management programmes and their place in the organisation chart. How do you measure the success of risk management activities? How would a loss from a key risk affect incentive compensation of top management and planning/ budgeting? What discussions about risk have taken place among top management when strategic decisions were made in the past? Give an example of how your company responded to a ‘surprise’ in your industry.

firm’s risk controls and emerging risk management. S&P will assess culture based on internal and external risk management communication, the frameworks and structures currently in use, the influence of risk management on compensation and how well a firm’s risk appetite has been identified. Analysts will explore: management’s view of the biggest risks the firm faces, the frequency and nature of updating the identification of these top risks and the role of risk management in strategic decisionmaking. Risk managers say the rating agency won’t rate highly new processes that still need to become embedded in the organisation, governance frameworks that are unclear, and opaque risk ownership and accountability. Opinion is divided over the stringency of S&P’s judging process. One chief risk officer with a major insurer, who has experienced the process first hand, describes it as “fairly thorough”. while another senior risk manager, for an information services firm, is not so kind, dismissing the assessment as “fairly light”. An important distinction to make is that, under S&P’s rules, insurers get a separate ERM score as part of their full analysis; corporates, on the other hand, do not have a specifically assigned or published ERM score. Balic stresses that “ERM is simply an extension of our management assessments”. She adds: “The way the term has been discussed

So what can companies do to prepare for their time under scrutiny? According to advice from PricewaterhouseCoopers, steps include: performing a robust risk assessment, including emerging risks; evaluating and being able to articulate the inherent strengths and weaknesses of your current ERM; and assessing your company’s risk management culture. As always, successful companies will want to go beyond just getting a round of applause and positive feedback from the raters. In order to realise all the benefits of ERM, they’ll have to integrate a thorough understanding of risk throughout their organisations. S&P says: “Very few companies that we have reviewed seem fully imbued with a culture that integrates risk assessment into strategic decisionmaking, clearly communicates risk appetite to internal and external stakeholders, and has a fully engaged and risk-astute board of directors overseeing risk.” So plenty of room for improvement, then. Yet, worryingly, few risk managers are aware of how they should be engaging with these agencies. They need to become more familiar with this new dimension of assessment or risk losing out to others within the company with a better understanding of the issues, such as corporate treasurers or finance professionals. Be warned – in five years’ time, S&P believes risk management will no longer be a distinct discipline, but a part of every senior executive’s skillset. If that’s the way the future is heading, risk professionals must make sure they are ready to perform when the spotlight shines on them. ■

Strategic RISK SEPTEMBER 2010 |

24_25_Ratings_Sep10 25

www.strategicrisk.co.uk

25

16/08/2010 14:06


Special supplement

A GUIDE TO

Directors’ &Officers’ Liability in Europe The financial crisis has shaken the European directors’ and officers’ (D&O) insurance market. Claims have shot up in accordance with the high number of corporate failures and the apparent neglect by directors of their duties. Awareness of D&O insurance has grown accordingly and company bosses are demanding greater insurance protection. The heightened activity means risk managers need to be more aware of the key issues when drafting their insurance agreements. To help them, StrategicRISK presents A Guide to Directors’ and Officers’ Liability in Europe

26_27_ChartisDPS_Sep10.indd 2

The state of the market Implications of recent developments in executive liability and how this affects the D&O market

Buyers’ guide Key considerations when drafting a D&O insurance programme, including the pros and cons of global versus local programmes

Country analysis A detailed country breakdown, including analysis of the latest legal issues and D&O situation in the following markets: UK, Germany, France, Italy, Spain, Portugal, Netherlands, Belgium, Austria, Russia, Czech Republic, Hungary, Poland, Romania, Sweden, Denmark and Norway

Future implications What’s on the radar for corporate law reform and how this will affect the future provision of D&O

SPONSORED BY

26 Strategic RISK SEPTEMBER 2010 |

I N SI D E OUR SP ECI A L G UI D E

www.strategicrisk.co.uk

16/08/2010 11:02


Special supplement

€100m

on D&O claims The amount Siemens’ insurers agreed to pay und one-third following a bribery scandal. It amounts to aro of estimated D&O premium income in Germany

$338m The amount French enginee ring firm Technip paid US authoritie s to settle corruption charges

… If your StrategicRISK guide to D&O in Europe is not here please visit www.strategicrisk.co.uk to download a copy or contact william.sanders@strategicrisk.co.uk for a printed version.

12

The number of entities against which the Bank of Spain took action last year. In most cases, an undisclosed fine was paid

€400m

The settlement by Dexia following alleged mis-selling of investment products

Strategic RISK SEPTEMBER 2010 |

26_27_ChartisDPS_Sep10.indd 3

www.strategicrisk.co.uk

27

16/08/2010 11:02


BP OIL SPILL

Troubled waters

The full BP disaster story, from record-breaking oil rig explosion to the frenzied clean-up operation

Fast facts

€13.1bn

BP’s reported loss for the three months between April and June – a UK record

Drilling pipe

€25bn

The amount BP says it has set aside to cover the costs linked to the oil spill (this includes €15.6n to pay compensation claims)

Size of the spill THE SIZE OF THE SPILL is hard to estimate at present, but worst-case figures suggest that up to 200 million gallons have been released into the Gulf. This compares to: 520 million gallons released from Iraqi oil tankers on purpose, to impede US troops during the Gulf War (1991) 140 million gallons spilt over nine months from the Ixtoc well blow-out off the coast of Mexico (1979) 11 million gallons spilt into Alaska’s Prince William Sound in the Exxon Valdez disaster (1989)

€78bn

BP’s total value lost since the crisis began, exposing it to the risk of a takeover

Exxon Valdez

11m

Ixtoc 140m

BP Gulf spill 200m

Gulf War deliberate spill 520m

2 2-16 May: BP begins drilling work on two relief wells. The aim is to connect with the original well and then pump in mud and cement to stem the flow of oil. The drillers are expected to reach the Macondo oil well between 13 and 15 August.

28 Strategic RISK SEPTEMBER 2010 |

28_29_BPSpill_Sep10.indd 28

3 7 July: Experts suggest using nuclear shockwaves to close the oil well leak in the Gulf. Explosive crimping has reportedly been used successfully four times in the past by Russian engineers to seal oil and gas leaks. It is intended to break the necks of runaway oil wells by sealing the long narrow columns shut with tonnes of rock.

Experts believed nuclear shockwaves could be used to try to seal the well shut with tonnes of rock

www.strategicrisk.co.uk

16/08/2010 11:43


BP OIL SPILL

Surface clean-up

Recovered oil is funneled and pumped to a surface vessel

1

5

20-22 April: The Deepwater Horizon oil rig, operated by BP, explodes and sinks to the bottom of the Gulf of Mexico, killing 11 people in the process. Oil continues to gush from a hole in the sea bed, at a rate of between 1.5 million and 4.2 million gallons of oil per day, and rises to the surface causing a huge slick.

6 August: Government scientists release a report that claims that the majority of the BP oil spill has been cleaned up (though some researchers say it’s more spin then science). Around three-quarters of the leaked oil was recovered, burned, skimmed or treated with dispersants, they say.

4

Robotic subs helped to install the cap Special cap stops flow of oil on 15 July

15 July: BP installs a special cap and the leaking well is sealed for the first time, stopping the flow of oil into the Gulf. Later, cement is poured in to permanently seal the well. President Obama warned the public not to get too excited and said there was still an “enormous clean-up job”.

Damaged blow-out preventer around one mile below the surface

Source: National Oceanic and Atmospheric Administration (NOAA)

the oil spill at its worst

A total of 409 controlled burns have been carried out, removing an estimated 261,400 barrels of oil from the sea’s surface. Over 11 million feet of boom was deployed offshore to reduce the amount of oil reaching the shoreline. BP sprayed 1.8 million gallons of Corexit dispersant to break up the oil. The practice was strongly criticised for the chemicals’ impact on the environment. More than 6,390 vessels (including skimmers, tugs, barges and recovery ships) have been involved in the clean-up. Sources: Telegraph and BBC

(not to scale)

Macondo oil well

Environmental risks

Soundbites

• Oystercatchers, terns, pelicans, spoonbills, egrets and herons are among the birds that nest in the immediate area of the spill

“We’re going to learn a lot from this incident and this accident ... There’s no question that we will change as a company”

• The Gulf down current of the spill is one of the most important breeding grounds for many shark species

Robert Dudley, BP’s new chief executive, who replaced Tony Hayward, says BP will emerge from the crisis smaller and leaner

• There are an estimated 45,000 bottlenose dolphins in the Gulf • Highly endangered sea turtles are currently migrating along the Louisiana coastline Source: Reuters

“There’s always going to be that one chance in 10 million there’s an accident” Jay Pryor, Chevron’s global vice-president for Jay business bus bu s development, says no oil company can reduce its risks to zero red Sources: BBC, Fox News

Reservoir of oil Strategic RISK SEPTEMBER 2010 |

28_29_BPSpill_Sep10.indd 29

www.strategicrisk.co.uk

29

16/08/2010 11:43


AUDITING

Develop Nimble, observant, precise: risk management auditors have much to learn from our feathered friends. Liz Taylor urges them to do a spot of bird-watching

R

isk management auditors could learn a thing or two from a bird of prey. The bird scans its area, understands the ground cover and knows the context for its search. It is methodical in its understanding of the terrain but continues at height, checking this way and that as if using a grid pattern. The bird looks for clues to help it spot its prey, just as an auditor would seek to fine-tune their understanding of the brief and the organisation they are dealing with. The bird needs a second set of skills to determine when to swoop and the speed and access needed to get it to ground level. A third skill is then needed when the bird reaches its target, plucks it up and dissects it morsel by morsel. Let us now dissect those three skills to analyse more closely what they mean to the process of auditing risk management.

Skill 1: scanning the territory First and foremost, an auditor must understand the ground rules: the context of the risk management audit that determines the brief. In our experience there are four kinds of organisation, and each needs a different approach. Is this an organisation that is using risk management on a defensive basis (risk-naïve)? Or is it for compliance (risk-aware) or for balancing opportunity and threat (riskmanaged)? Or is it an overt risk-taking organisation (managed risk-taking)? This step is important, as you need to

30 Strategic RISK SEPTEMBER 2010 |

30_31_Auditing_Sep10.indd 30

determine the current culture of risk management and the organisation’s ambitions for moving forwards. A defensive organisation is risknaïve. It does not seek to change much – in fact, it is averse to change – but suffers many changes that are not of its doing. It operates tactically and might have cloudy or mixed strategic statements; certainly there is no dynamic vision for change or development. When auditing such an organisation, you would probably

likely to want a systems-based audit for operational risk management as opposed to a full-blown enterprise risk management audit. If you start to delve into areas beyond operational risk management, you need to ensure your sponsor is aware of and comfortable with that. Look out for clues that might help you widen the brief to do a more value-added audit. The client might say: “We are looking for ways of using risk management to reduce surprises” or “We want to know if

A defensive organisation is risknaïve. It does not seek to change much – in fact, it is averse to change – but suffers many changes that are not of its doing find a risk management programme that is mainly operational with a heavy focus on safety and prevention programmes. There will not be much awareness or leadership of risk management from the top. Leaders pride themselves on their reactive skills, saying things like: “We manage best when our backs are against the wall”. These organisations’ business continuity skills are not well developed, as that would need strategic leadership. As with all audits, you have to be sure about your brief – but particularly so in this case. They are

risk management can help us respond better to crises.” When an organisation is using risk management on a compliance basis, you can open up the conversation to wider enterprise risk management areas – the new UK Corporate Governance Code requires risk management to be embedded in the business. Compliance (risk-aware) organisations are slightly more developed than defensive ones – but only just. They are looking for risk management that will keep the regulatory monkey off their backs and no more. They have not yet

understood that there is a reason why the regulators insist on risk management being in place and that it can add a huge amount of value to what they are doing. As you circle this organisation, you should listen out for requests such as: “We want to move risk management beyond just box-ticking” and “We need risk management to be embedded but we don’t know what this means or how to do it.” Risk-managed organisations that balance opportunity and threat are much more developed in their understanding and use of risk management. They understand that risk can be good and bad. They are also likely to have a more rounded approach to risk management, including it in performance management, planning and budgeting at the strategic level, and in project and departmental management at the operational level. Your audit approach can be much more robust with these types of organisations and you can anticipate mature conversations on how well risk management is adding value and where controls can be relaxed to allow more innovation. The final type of organisation embraces and seeks out risk – the risk hunter. They expect to get caught out every now and then, but view that as the price of business. Your audit approach with this type should be based on ensuring they have the right strategies in place and that they are committed to contingency planning and business continuity management for those low-probability,

www.strategicrisk.co.uk

16/08/2010 14:07


AUDITING

an eagle eye high-impact events that threaten their wellbeing. That means a thorough understanding of the business and regulatory environment, as well as the sanctions available to the regulators and claimants.

Skill 2: moving in on the target Having established the brief and type of organisation you are dealing with, it’s time to develop your second skill: how to plan the audit to work out the

Questions to guide the auditing process 1. Risk leadership – is the right kind of leadership in place for risk management at all levels? Is it appropriate to the culture of the organisation? Is it appropriate to the regulatory environment and market of the organisation? 2. Risk strategies and policies – is there a strong link between performance management and risk management? Are all actions in managing performance that has an impact on risk cross-referenced to the risk in the risk register? Does the strategy deal with the difference between managing threat and opportunity? Is there appropriate recognition of the gaps when demand is forecast to outstrip supply? Are they explicit about the roles and responsibilities for managing risk throughout the organisation? 3. Internal resources, people, and communication – has there been sufficient training? Has the training been at the right level with the appropriate learning outcomes? Are people able to manage risks with skill and confidence? Is there sufficient internal expertise to plan, guide and facilitate risk management at all levels? Is the risk management culture appropriate to the expectations of the organisation? 4. External resources and partnerships – are the risk of and risks to external resources and partnerships appropriately managed? Is there enough of a riskmanaged culture to allow innovation in the use and deployment of external resources and partners? 5. Risk processes – how good are these? Is there a proper analysis of the causes and the outcomes of risk? Are the control actions sufficient to respond to these causes and outcomes on a prioritised basis? Are risk registers being used properly? Are they live and active on a day-to-day basis? Is risk management linked firmly to the goals and objectives? Is there ownership of risk and of risk controls? Is there a good business continuity management system in place and adding value? 6. Risk handling and assurances – is there evidence that risk management is being effective? Are there ongoing measures to ensure that effectiveness can be tracked? 7. Outcomes and delivery – is there evidence that risk management is helping to deliver successful outcomes?

triggers for diving down for an in-depth analysis. In order to do so, you need to examine the organisation from all the angles. There are a number of key questions that can help to guide this planning process (see box).

Skill 3: ground control Just as a bird of prey dissects its prey expertly, so should an auditor conduct its dissection, but very much directed towards the organisation in question. So, if you are looking for evidence that risk management contributes towards determining the strategic and operational business plans, this would be for the more risk-mature organisation. Again, looking for a strategic gap analysis that looks at the mismatch between demand and supply to determine where the pinch points are, is a pretty mature attribute of a riskmanaged, risk-taking organisation. But all organisations should be able to show a hard soldered link between risk and goal. Further, there should be a root cause analysis methodology applied to each risk over time to determine that the actions are the right ones, and used frequently to ensure that a reverse engineered approach to managing risk through scenario planning determines the risk control strategy. All risks should be ‘owned’ by a risk owner, with reference to stakeholder owners (those who need to be informed on progress) and control action owners (one for each action). Often when we are auditing risk management and we find a high scoring risk on which nothing has been done for a long time, it will be because risk action owners have not been identified and the risk owner is very senior. We call these the ‘hot

potato risks’ because ownership changes frequently but nothing gets done about them. In the best risk-managed organisations, risk control actions are prioritised to ensure best value – they look for simple, elegant solutions first. Moreover, risk control should be appropriate for the risk presented – neither undercontrolled nor overengineered. As auditors, we love and hate risk registers. They give us a great audit trail for what’s happening to manage risks, but they so often end up killing off risk management. Continuous overview and update of the risk registers must be evidenced and ideally linked to performance management. If the risk register is just woken up every quarter and dragged through a risk review process, the risk management programme needs reviving. In the most mature organisations, budgeting and resource allocation are driven by the prioritised risk actions; timing of risk is determined for critical risks so you can see when the risks will peak and readjust the business plan accordingly, and risk appetite is well developed and articulated. There is also a culture of accepting mistakes as learning opportunities – the opposite to a blame culture. Some people see birds of prey as dangerous, fearsome creatures; others see a beautiful emblem of freedom and grace. However you view them, an audit should be regarded as a positive, value-added process that frees up the organisation to move gracefully to the next stage of embedding risk management. And that means valuing what they have done so far and getting the client to take ownership going forward. ■ Liz Taylor is managing partner at Liz Taylor Risk Consulting

Strategic RISK SEPTEMBER 2010 |

30_31_Auditing_Sep10.indd 31

www.strategicrisk.co.uk

31

16/08/2010 14:37


SECRETS OF SUCCESS SECRETS OF SUCCESS

Winning treatment L

ike most companies, AstraZeneca is under increasing pressure to produce more for less and to do so faster. While facing challenges particular to the pharmaceuticals industry – increased generic competition, more regulation, demanding healthcare reforms – we are also subject to common industry pressures and those resulting from the global financial downturn. But although there are more challenges, this evolving environment also offers opportunities: new technologies, new abilities to target medicines and, through acquisitions – such as AstraZeneca’s takeover of MedImmune – the potential to benefit from increased expertise and resources. We have implemented a business-wide programme to help us develop medicines for respiratory and inflammatory (R&I) diseases, which places risk management at the heart of our strategy. As a large, international organisation, our aim was to deliver a programme that would allow the broader teams – not just risk-management professionals – identify and manage the risks associated with our projects. We wanted to implement a consistent approach across functions (research and development), continents (Asia, Sweden, UK and USA) and companies (AstraZeneca and MedImmune). As a result, we could efficiently deploy and align our resources to manage the risks and meet the needs of patients and physicians, while delivering value to the business. We undertook an interactive, collaborative process to build on AstraZeneca’s risk management track record and an existing integrated riskmanagement tool, using an organisation-wide business improvement approach (LeanSigma).

Team effort Having scoped our leadership’s view on risk, we delivered a framework and integrated tool at the level of individual drug projects. This drove a structured and standardised approach across the business. We added a common, structured vocabulary and risk categories across our AstraZeneca research and development functions and MedImmune. This gave us a way to collate and calibrate our interpretation of events, allowing us to benchmark the likelihood of an event happening and its impact. At this stage, our project teams assessed the risks associated with their parts of the business and began to use them to make rapid, robust decisions at a project level. This not only gave us some quick wins but strengthened our team-working and increased understanding about risk across the project teams. “The main benefit of this work was the dialogue stimulated within and between project teams and with the portfolio management. It got people thinking and talking about risk (threats and opportunities) in a structured way and encouraged honesty about the state of projects. The risk-

32 Strategic RISK SEPTEMBER 2010 |

32_Success_Sep10.indd 32

Launching a series of first-hand accounts of practical risk management, Mike Florence, who led AstraZeneca’s programme, explains how the team’s strategy has breathed new life into its respiratory and inflammatory efforts

AstraZeneca won an award for best enterprise-wide risk programme at StrategicRISK’s 2010 European Risk Management Awards. (Left to right: AstraZeneca’s Roger McMillan, Holger Adelmann, Mike Florence, Thomas Eichholtz)

management tool also helped governance bodies with their decision-making at project transition points, presenting clearly visible and scored risks, with associated impact and likelihood values,” says AstraZeneca (UK) R&I team leader David Nicholls. MedImmune (USA)’s senior director for product development, Micki Hultquist, adds: “Our team discussions were invaluable, as people challenged the impact and likelihood scores established by the individual technical experts, explored mitigation and contingency plans, and identified and assessed new potential risks. Team members emerged with a clear understanding of the risks from other areas, as well as others’ perspectives on those risks. The discussion made us ultimately better prepared to face those risks and, perhaps more importantly, more aligned as a team on our overall strategy.”

Common risk areas Our next step was to look at the risks at a portfolio level. R&I project managers and directors identified common risks – in particular, the fast-moving risks and ‘big hitters’ – across the portfolio and assessed the impact versus our strategic objectives. This made our portfolio objectives, needs and risk level much more visible and allowed us to prioritise and develop plans to address the common risk areas across the portfolio and more effectively align our resource. Finally, we took what turned out to be a relatively simple step in aligning with the company’s objectives

and timelines (the outputs and deadlines that AstraZeneca expected from the R&I business) to ensure they were delivered through the R&I portfolio. AstraZeneca (UK/Sweden)’s strategy and portfolio director, R&I therapy area, Holger Adelmann, says: “Proper risk management allows transparent mitigation planning across all supporting functions, thereby maximising efficiency in terms of both resource (by minimising duplication of effort) and time (by efficient scheduling of work).” Chris Kell, senior director, product development, MedImmune (USA), adds: “The risk programme provides a common and consistent framework and tool that allows teams to improve performance by taking a more rigorous and integrated approach to risk management. This is particularly important in relation to drug development, which is an inherently complex, risky and costly undertaking.”

Results This risk management project has given us a clearer picture of the risks associated with our R&I portfolio and a plan of action to address the threats and opportunities. It promises to support AstraZeneca in moving projects forward at the right level of risk, facilitating faster and more robust decision-making and aligning resource more appropriately. Because our approach has involved colleagues from across the business, the programme has helped us embed risk management within the organisation. The process has generated a surprisingly simple, yet powerful, business cycle that can be naturally integrated into the day jobs of our R&I teams, as well as the AstraZeneca corporate risk and compliance framework. In linking company, portfolio and riskmanagement objectives, we have created something that adds value. This is the secret ingredient that will add value not only to the business, but also to the patients and physicians who are awaiting our new generation of medicines. Rodger McMillan, global vice-president, R&I, at AstraZeneca says: “You know you are on to something when, in hindsight, it looks obvious. When you play it back, this solution seems clear; but it didn’t seem so at the time. The result is a programme that is ‘value-added’ rather than an ‘add-on’, which can so often be the case with risk management.” Mike Florence is a global product manager, respiratory and inflammation therapy, for AstraZeneca

www.strategicrisk.co.uk

16/08/2010 14:07


SPECIAL REPORT

SPECIAL REPORT:

Environmental risk contents 34

TIME TO CLEAN UP YOUR COVER Companies face ruin if they rely on public liability cover in an environmental crisis

36

VIVE LA DIFFÉRENCE

38

CONTINENTAL SHIFT

40

NO MORE EXCUSES

The European Liability Directive has its own distinct flavour in each country

Multinationals across Europe are still adopting a ‘wait and see’ approach to the ELD

Firms must not let environmental risk slip down their priority list

This special report has been produced with input from AXA Corporate Solutions:

Sponsored by

Philippe Jouvelot philippe.jouvelot@axa-cs.com Sylvie Monereau sylvie.monereau@axa-cs.com

Strategic RISK SEPTEMBER 2010 |

33_AXASRCover_Sep10 33

www.strategicrisk.co.uk

33

16/08/2010 11:31


SPECIAL REPORT

Time to clean up your cover While regulations bringing in the ‘polluter pays’ principle came into force in the EU some three years ago, experts fear many companies think only ‘heavy’ industries are at risk. Just relying on your public liability policy could end in financial disaster

T

he EU Environmental Liability Directive 2007 – which has been transposed into law across the 27 member states – holds companies financially responsible for preventing environmental harm to water, air, land and protected animal species, and to remedy the damage if disaster strikes. This goes as far as paying to establish a new site if the area has been irreparably damaged owing to a company’s operations or recklessness. Companies also have a positive duty to notify the authorities of any actual or threatened pollution. There are defences available – the damage was caused by a third party; the operator was complying with a compulsory order or with an official permit; the activity was not considered likely to cause environmental damage according to the scientific knowledge at the time – but most companies accept that their financial health relies on sound risk management and risk awareness. It also depends on comprehensive insurance cover. Yet experts argue that many companies may be at risk because they misguidedly believe their public liability policies will cover all remediation and damages costs should an event take place. Some organisations are under the impression that

the directive largely does not apply to them because they are not involved in ‘high-risk’ industries such as transport or manufacturing pesticides or chemicals. As a result, insurance brokers and lawyers believe companies need to review the legislation, and re-examine their risks and controls. Johnston Park McAndrew insurance broker Dale Collett says: “A common perception is that it is only those businesses involved in heavy industry – such as petrochemical, manufacturing and waste management – that need to protect themselves against the threat of pollution. But if you have an office on a brownfield site, you could be responsible for any clean-up costs caused by a previous owner or occupier if they cannot be tracked down.”

Long-term risk Collett adds that although public liability insurance does protect against one-off accidents, repeat or gradual pollution is not covered. And the protection such insurance provides is becoming increasingly limited for instances involving environmental damage.

He warns that the higher fines for legislation breaches imposed by enforcement agencies such as the UK’s Environment Agency mean that the risk of exposure to significant costs is increasing for all businesses – even those involved in the professional service sector.

TEST CASE Mid Devon District Council is the first council in England to make use of the Environmental Damage (Prevention and Remediation) Regulations 2009 – or EDR – mainly because it was easier to bring enforcement action under the new regulations than other UK-based legislation. Late last year, a road tanker spilled kerosene heating oil outside a residential property. The oil subsequently entered the ground and soaked through the wall and floor into the living space inside. Shortly afterwards, the residents suffered nausea, headaches and sore throats as a result of the kerosene vapours. Following a site visit and risk assessment, the council’s environmental protection officers decided that the new regulations applied because a dangerous substance had entered the ground; the spill was caused by an economic activity (the fuel company was trying to refill the resident’s oil tank); none of the exemptions under the regulations appeared to apply; and there were adverse effects on the health of the residents.

34 Strategic RISK SEPTEMBER 2010 |

34_35_AXASR_Sep10.indd 34

“Having determined that environmental damage had occurred, as defined by the Environmental Damage (Prevention and Remediation) Regulations, the onus was on us, as the enforcing authority, to use the regulations to put that damage right,” says the local authority’s lead officer for environmental protection, Simon Newcombe. “Following a case review, we concluded that EDR was relatively quick and straightforward to use and it certainly focused attention on dealing with the incident promptly and effectively. It also provided clarity as to the requirements on relevant parties.” Newcombe adds: “The definition of ‘adverse effects on human health’ is certainly more flexible and easier to apply under EDR compared with the complex significant possibility of significant harm (SPOSH) or actual harm requirements regarding human health risk assessment under Part 2A of the Environmental Protection Act 1990.”

www.strategicrisk.co.uk

16/08/2010 14:08


SPECIAL REPORT

Law firm Pinsent Masons insurance law specialist Colin Read says: “Traditional liability policies are ill-equipped to meet the challenges posed by the new legislation because the directive does not introduce a liability regime in the traditional sense. “A standard public liability policy, for instance, will cover the insured’s legal liability to pay damages to a third party for accidental injury, damage to property, nuisance or interference with some other right. It will not normally cover the cost of clean-up operations that the insured is statutorily obliged to pay.” Lawyers point to a ruling from 2006 that highlights the problem. In 2003, UK-based solvents manufacturer Bartoline had a fire at its east Yorkshire premises, which led to fire-fighting foam and chemicals polluting two nearby watercourses. The Environment Agency billed the company for the subsequent clean-up, while Bartoline tried to recoup the costs – around £770,000 (€935,000) – from its insurer, Royal & Sun Alliance (RSA), which rejected the claim. At the crux of the case was the definition of “damages”. The High Court ruled that a public liability policy covering legal liability for damages did not cover liability to repay clean-up costs incurred by the Environment Agency exercising its statutory powers, or the insured’s own costs in complying with the agency’s work notices. Consequently, Bartoline was responsible for the remediation costs. Valerie Fogleman, a consultant at law firm Stevens & Bolton and professor of law at Cardiff University, says: “Public liability policies may cover some of the liabilities under the 2009 Regulations, provided that the incidents causing environmental damage are sudden, unintended and unexpected.” But she adds: “It is highly unlikely that a court would consider that a public liability policy provides cover for all such liabilities, or liabilities under other environmental legislation, and may consider that it does not provide cover for any of them. Although the wording of some public liability policies may cover risks under environmental legislation, it is unlikely that most will do so. “Endorsements designed to provide cover for statutory liabilities – known as Bartoline endorsements – are virtually all highly restrictive in scope. Insureds are thus faced with substantial environmental risks that are not insured under their public liability policies.”

Bespoke policies Insurance, risk management experts and lawyers instead recommend that companies opt for specialist environmental liability insurance and ensure the policy is tailored to their particular needs and levels of exposure.

Chairman of Airmic’s manufacturing special interest group Gary Marshall says: “It makes good sense to buy a specialist environmental liability policy. It provides much greater protection than a public liability policy and will fill in any gaps in coverage. “Some companies have understandably tried to cut back on their insurance spend in the wake of the financial crisis by purchasing endorsements – essentially coverage extensions – to add to their public liability policies. But these will not cover all the environmental risks, and most focus on pollution cover, which is only part of what the directive is about. “There are a number of non-pollution risks – such as fire – that these policies will not cover, which can also be cripplingly expensive to remedy. Companies need to review their potential exposure to risk before they simply cut their insurance spend.”

Directors beware Technical director at environmental due diligence consultancy Renaissance Regeneration, Angus Middleton, says another issue that companies may have neglected to consider is that directors, officers and individuals can be held liable and

‘It makes good sense to buy a specialist environmental liability policy. It provides much greater protection than a public liability policy and will fill in any gaps in coverage’ Gary Marshall, Airmic prosecuted for any damage caused to the environment or failure to comply with the legislation – even though the directive makes no reference to any criminal prosecution for a company or individual’s failure to comply. “Individuals and companies cannot be prosecuted under the Environmental Liability Directive,” Middleton says. “But, as the requirements of the directive are transposed into national legislation and can be covered by perhaps a dozen other laws, companies and their officers can be prosecuted for failure to comply with the directive under related legislation. “Traditional directors’ and officers’ policies may not cover all aspects of environmental damage and remediation. In short, directors need to be aware of this,” he says. Middleton says companies should carry out a full risk management review and proper environmental

due diligence before buying any insurance cover. “If you understand what risks you face, then you understand what risks you need to cover and what the extent of that coverage should be. “Too many organisations simply buy policies without any serious attempt to tailor them to their specific needs,” he adds. “This can often mean that directors think their organisation is insured against certain risks when in fact they are not.” ■

WHAT TYPE OF RISKS DO YOU FACE? The main types of environmental risks for which environmental liability insurance cover is typically required are: • The need to clean up pollution/contamination for which an organisation is held legally responsible (whether as polluter, current or former owner and/ or occupier, developer, contractor, and so on). • The potential for third-party claims for personal and/or property damage caused by pollution/ contamination. The costs of such claims can potentially dwarf the costs of clean-up. • The potential for fines and penalties (both for companies and for individual directors and officers) arising from non-compliance with environmental laws. • The potential to acquire/retain environmental liabilities through buying, selling or investing in business and property. • The potential for errors and omissions in the provision of professional services relating to pollution/contamination. • The need to protect against contractual environmental liabilities, including specific environmental warranties and indemnities resulting from, for example, sale and purchase agreements, PFI and other construction/ operation/maintenance contracts, and so on. • The need for organisations and their directors and officers to demonstrate to customers, shareholders, investors and other key stakeholders that environmental risks are identified and properly managed. Source: Johnston Park McAndrew

Strategic RISK SEPTEMBER 2010 |

34_35_AXASR_Sep10.indd 35

www.strategicrisk.co.uk

35

16/08/2010 14:08


SPECIAL REPORT

Vive la différence Don’t be fooled by the EU’s new environment directive. Like coq au vin, spaghetti and goulash, each member state has its own take on the new environmental accountability rules. And the onus is very much on multinational companies to get to grips with what each country is serving up – to ensure they are adequately covered across Europe

Y

ou’d be forgiven for thinking that the terms of an EU directive would be the same in all 27 member states. But while a directive must be transposed into the national legal frameworks of every EU country, each one can also interpret the regulations more widely if necessary. This puts multinational companies in danger of misinterpreting their levels of risk and exposure by assuming that all regulatory authorities in the EU will act in the same way. On 30 April 2004, the EU implemented the Environmental Liability Directive, whose primary objective is to hold companies financially responsible for preventing and remedying environmental damage caused by their operations. It has two main components: the ‘precautionary principle’, which requires companies to take preventative measures when their activities pose an ‘imminent threat of environmental damage’; and the ‘polluter pays’ concept, which makes businesses legally and financially accountable for environmental damage to water, air, land and protected animal species. The directive has been applicable in EU member states since 2007, even in those countries, such as the UK, that were late in putting it into effect. Experts agree that the terms of the directive are wide-ranging and can result in potentially ruinous costs for companies that fall foul of the regulations. Multinational organisations must ensure they do not simply comply with the directive itself, but with how it has been transposed into national legislation in each of the member states in which they operate.

Directive basics A directive is usually a minimum standard that can be made more onerous by individual EU governments and can contain more stringent requirements than those set out in the directive. Organisations that believe they have a blanket policy that covers all their sites throughout the EU may be mistaken. The directive has now been transposed into the national law of all 27 member states, each

36 Strategic RISK SEPTEMBER 2010 |

36_37_AXASR_Sep10.indd 36

costs, while the other is held liable for 30%. If one of these companies was not sufficiently financially viable to pay the costs, or became insolvent, the member state may decide to pay the missing share of the costs,” Fogleman adds. “This is a potentially massive difference that companies need to be aware of.”

Insurance implications

with its own variations. For example, the UK has extended damage to natural habitats as set out in the directive to include sites of special scientific interest. There are other key issues that organisations should be aware of. Valerie Fogleman, a consultant at law firm Stevens & Bolton and professor of law at Cardiff University, says there are differences between member states as to the extent a polluter should pay for the damage it has caused. “Most EU countries have transposed the directive to apply joint and several liability, whereby any person who caused the damage is liable for the entire costs of its remediation. “This can obviously be problematic: if five companies are liable for cleaning up a chemical spill and two of them subsequently go into liquidation, the remaining three are liable for the cost of remediating damage caused by the insolvent companies as well as damage caused by them,” she says. “Conversely, some EU member states – such as Bulgaria, Denmark, France, Slovakia and Lithuania – have applied proportional liability, which means a company would only pay the cost of remediating its share of the total damage. “This could mean, therefore, that one company could be held responsible for, say, 70% of the

Due to the extent of the risks involved – as well as the potentially massive clean-up costs – it is not surprising insurers are likely to set high premiums for some industries, while also scaling back on some areas of coverage. According to a report released in November 2009 by the European Commission, Study on the implementation effectiveness of the Environmental Liability Directive (ELD) and related financial security issues, some ‘high-risk’ companies – typically those identified in Annex III of the directive, such as those that transport dangerous goods, manufacture pesticides, manage waste or require environmental permits – may find it difficult to purchase comprehensive insurance cover. The study also found that when policies do not provide cover for certain activities, the lack of cover is not necessarily explicitly excluded in the policy document. For example, insurers may decide not to issue ELD-related or other environmental insurance policies to specified industrial sectors, such as waste handling. The most frequent limitations named are the exclusion of gradual environmental damage, sub-limits

Some ‘high-risk’ companies – such as those that transport dangerous goods, manufacture pesticides, manage waste or require environmental permits – may find it difficult to purchase comprehensive insurance cover

www.strategicrisk.co.uk

16/08/2010 10:56


SPECIAL REPORT

or exclusions for compensatory remediation. Cover for environmental damage may also be restricted to damage from pollution events rather than also including non-pollution events. As cover may not be explicitly excluded, some companies are at risk of having policies that give them inadequate protection. The directive specifically says that companies are liable for any environmental damage they cause, which is not limited to pollution. For example, building a car park on a field where rare flowers or wildlife thrived is not a pollution risk, but such damage is an environmental risk and therefore needs to be remedied under the directive. Risk managers need to make sure that their insurance cover is not limited to just incidences of pollution events, but includes all incidences of environmental damage.

Gradual effect Since the directive is still relatively new, there have been few landmark rulings. But a decision earlier this year concerning the contamination of Sicily’s coastline by a succession of petrochemical companies since the 1960s implies that companies can more readily be held liable for gradual pollution than was first thought. On 9 March this year, in its first rulings on the directive, the European Court of Justice (ECJ) concluded that a member state may establish a “weak causal link” between an operator’s activities and diffuse pollution – that is, pollution caused by many operators. A competent authority can then use that link to force companies to clean up the pollution they have caused. In the case of Raffinerie Mediterranee (ERG) SpA v Ministero dello Sviluppo economico, the ECJ ruled that a member state may establish a rebuttable presumption, if plausible evidence exists, to link an operator’s activities to diffuse pollution. As Fogleman concludes: “The number of companies that may have avoided liability under the directive for multi-source pollution is substantially less than would have been the case if the ECJ had ruled that the causal link was strong. The establishment of a weak causal link is especially relevant in cases of diffuse groundwater pollution due to the difficulty in tracing individual chemicals to their source.” The directive is unusual in that it prompts member states to take measures to encourage the development of appropriate financial security instruments – surety bonds, trusts, letters of credit, escrow agreements, corporate guarantees, insurance policies and financial tests to show evidence of the ability to self-insure – for businesses to use as guarantees to cover their liabilities. The majority of the member states have made it an elective decision to provide a financial mechanism for potential environmental liability, which has resulted in most deciding not to do so.

Financial guarantees As for those countries that have, multinational companies need to be aware of provisions they should factor in when carrying out risk management on their sites to prove that they have appropriate financial cover in place to offset any environmental damage they may cause. Bulgaria will introduce compulsory financial security from January 2011, covering all operators under Annex III. The scheme will be introduced to all operators at the same time and will allow for insurance, pools, bank guarantees and financial guarantees as proof of liability cover. It is envisaged that an operator will have to have financial security commensurate to the cost of potential remediation measures. A determination of financial security that is ‘commensurate’ will be determined through risk assessment. In the Czech Republic, meanwhile, financial security for all Annex III operators will become compulsory from January 2013. Greece, Portugal, Slovakia and Romania have also introduced provisions for mandatory financial security in their transpositions. However, for some countries, such plans are on hold. Hungary has indefinitely postponed the introduction of a mandatory financial security scheme

because of the economic crisis. Spain was expected to introduce a limited mandatory financial security scheme from April 2010 but has delayed it. The Spanish scheme will cover all operators in Annex III but it is not intended to cover all costs potentially arising from the law. The security provided by the guarantee covers the costs of primary remediation and a small percentage of prevention and avoidance costs. The compulsory guarantee refers only to damage caused by “pollution”, despite the law being based on the concept of “damage to natural resources” irrespective of whether the damage is caused by pollution or not. One environmental lawyer, who declined to be named, says companies need to check the details of mandatory financial security schemes where they exist. “As always, the devil is in the detail,” he warns. “Risk managers need to carry out thorough due diligence to see what their liabilities could be and to provide proof of being able to pay for any possible remediation costs. “If some authorities just want proof that you can pay for pollution remediation costs, rather than all environmental damage costs that you could be entirely liable for, you may have a nasty surprise.” ■

ENVIRONMENTAL LIABILITY INSURANCE The general assessment of current developments by insurers can be described as positive. Although the Environment Liability Directive (ELD) related insurance market remains small, it is growing, and most insurers say that there is good cover available. In many European states, national insurers compete with international groups and competition is described as healthy, at least across western Europe. On the other hand, it is noted that clients still show little interest in cover for ELD-related

liabilities, and this lack of interest is increased by the financial crisis. Furthermore, a number of insurers stressed that they will never cover 100% of ELD-related liabilities for all activities, as it remains one of the basic principles of the insurance sector that certain risks are excluded from cover. This overall positive assessment of the situation is mirrored by the assessments of member states, as the table below shows.

Member states’ assessment of their national environmental insurance market

Basic Belgium Bulgaria Cyprus Czech Republic Denmark Estonia

Hungary Ireland Malta Poland UK

Good

Advanced

France Italy Netherlands Sweden

Germany

Source: European Commission study on the implementation effectiveness of the ELD and related financial security issues, November 2009. Based on stakeholder consultation. Countries that did not participate are not included.

Strategic RISK SEPTEMBER 2010 |

36_37_AXASR_Sep10.indd 37

www.strategicrisk.co.uk

37

16/08/2010 10:56


SPECIAL REPORT

Continental shift The Environmental Liability Directive has been on the agenda for years, but now that it has reached all corners of Europe, multinational organisations no longer have any excuse for turning a blind eye to the consequences of their environmental actions

N

ow that the European Union’s Environmental Liability Directive (ELD) has been rolled out to all member states, companies should have a clear understanding of how the rules affect them. Yet, according to AXA Corporate Solutions chief underwriting officer Philippe Jouvelot, few European risk managers seem to be aware of the risks. The ELD, which came into force on 30 April 2004 (but has only recently been transposed into national law in all EU member states), has created new risks and exposures for companies that damage the environment. It is aimed at the prevention and remediation of environmental damage and builds on the ‘polluter pays’ principle by creating new legal concepts around compensatory and complementary remediation. Several cases have been working their way through the courts. In April, United Utilities became what is believed to be the first UK firm to be censured under the legislation, when it was given a €26,000 fine by the Environment Agency. But Jouvelot believes that risk managers are taking a wait-and-see approach. A major environmental disaster that exposes the costly nature of the risks under the directive is yet to stir their consciences, he says. His colleague, environmental underwriter Sylvie Monereau, believes most risk managers have yet to properly assess their exposures under the new system. Companies with facilities close to sites of special environmental importance are at a far higher risk, she says. “This is a new liability and a new situation for companies to take into account in their environmental management systems.”

Preventative strategy While Jouvelot is keen to stress that AXA Corporate Solutions has the capability to underwrite the costs associated with a major environmental disaster, prevention is always the top priority. “Having a policy that covers the costs associated with remediating environmental damage is one thing. But much more important is for the disaster not to happen in the first place.” The ELD introduces some big challenges for European companies, not least of which is interpreting how the rules will affect them in each of the countries in which they operate. There’s also doubt about how

38 Strategic RISK SEPTEMBER 2010 |

38_39_AXASR_Sep10.indd 38

to assess the level of cover required, because it’s unclear how regulators will interpret environmental remediation in a financial sense – how much they will charge a company for polluting an important ecosystem, for example. Jouvelot denies that insurers will have problems quantifying the environmental risks. “The range of cost associated with an environmental claim is not difficult to evaluate compared with the industrial risks that we underwrite frequently. It’s not a big problem. Particularly if you compare it with the standard deviation of costs associated with a bodily injury claim, which can be huge.” The new environmental regime also brings with it some important legal changes. Certain natural habitats and species now have their own legal rights. If damaged, there may be a requirement for compensation to the regulator in the form of material action – called compensatory remediation. In addition, complementary remediation may also be required if the polluted area cannot be brought back to its baseline condition after a clean-up. This could involve acquiring new land and creating a complementary habitat from scratch – potentially an extremely expensive undertaking. The table ‘The directive: remedial measures’, opposite, gives a detailed overview of the remedial measures provided for in the ELD. While the directive outlines the baseline legal framework, each EU member state has introduced its own set of rules. Some have stuck to the directive

closely, while others have implemented a stricter legal system. Some of them even insist that companies take out forms of financial protection, which could include insurance, bank bonds and asset deposits, to cover the costs associated with a clean-up (see box ‘Guarantees wanted’, below right). The minimum amount of financial guarantee is determined by the enforcing authorities – usually the regulator responsible for environmental protection – but it’s likely to range from a few hundred thousand euros to tens of millions. “In general, the countries where we know there will be compulsory financial security have been stricter,” Monereau notes. These countries tend to be in southern and eastern Europe, countries that prior to the introduction of the ELD traditionally took a more lackadaisical approach to environmental protection. The ELD has strengthened such environmental regimes along ‘polluter pays’ lines. In Spain, for example, a dam breach at the Boliden mine near Seville in April 1998 led to one of the most harmful environmental incidents in the history of the country. The rupture released around five million cubic metres of toxic slurry, containing lethal levels of lead and heavy metals. The accident devastated the local environment, contaminating a 40km stretch of two local rivers as well as vast swathes of the surrounding farmland. In total almost 40 tonnes of fish were killed, and around 5,000 geese and 20,000 water birds seriously harmed. Remedial activities required the excavation of 12 million tones of contaminated soil and resulted in a total economic loss in the region of €400m. The disaster was particularly damaging because the Doñana National Park is one of Europe’s most important natural sites of biodiversity, thanks to its lagoons, marshland and scrubland. It is also an important resting place for migratory birds and the accident occurred in the middle of nesting season. Perhaps because the Boliden incident looms so large in the Spanish collective memory, Spain has adopted the most stringent approach to the implementation of the ELD.

Varying approaches The differing approaches adopted by each member state adds complexity and means the risks vary

www.strategicrisk.co.uk

16/08/2010 10:57


SPECIAL REPORT

across Europe, depending on where a company has facilities. In addition, it is the responsibility of the enforcement authorities to determine how much a company will have to pay to remediate the environmental damage caused by pollution. This means identical pollution incidents could be treated very differently, depending on the country and its enforcement approach. In contrast to Spain, French environmental law was well established before the ELD came along. Recently France set in motion an imperative that will have major implications, particularly for oil companies transporting fuel via pipelines. In August last year, the French government declared an environmental disaster in another of Europe’s most beautiful nature reserves after oil spilled from an underground pipeline in the southern region of Bouches-du-Rhône. More than 4,000 cubic metres of crude oil spilled over five acres of agricultural land. The pipeline, operated by the South European Pipeline Company, reportedly carried 23 million metric tonnes of crude oil to refineries and petrochemical plants in France, Germany and Switzerland every year. The clean-up is ongoing and the costs still being worked out. In this case, the French courts ruled that the operator was not bound by strict liability. As a result of the incident, however, a change in French law means that such activities will in future fall under a regime of strict liability, explains Monereau. That means the burden of proof falls on the operator to show that it is not liable for the incident. Companies usually expect their public liability or property cover to protect them in the event

of pollution. It is unlikely, however, that any standard public liability, general liability or property insurance programme will provide cover for any of the losses and damages under the ELD, except perhaps for some elements of primary remediation. Even then it depends on the policy providing cover for damages imposed by a regulator and not the legal claims for damage of a third party. Public liability policies are usually limited to sudden and accidental pollution. Property policies only kick in when pollution results from an ‘insured peril’, such as fire or flood, and this is sudden or accidental. These policies may also exclude the removal of contaminated soil. Yet most pollution claims arise when damage occurs gradually, leading to a clean-up involving the removal of large amounts of contaminated soil at considerable expense.

Pay attention For those exposed to the risk of causing damage to the environment, protection is available through the environmental insurance market. This market has expanded coverage to include losses and damages under the ELD or by any national legislation or country law implementing the ELD. Operators can reduce the likelihood of ever being caught out by the regulations by minimising the risks to natural resources. Strategies should pay close attention to preventing damage to species, habitats or water and to minimising risks to human health from contamination of land – though any type of environmental damage is covered by the ELD if it significantly impacts humans or the environment.

‘Having a policy that covers the costs associated with remediating environmental damage is one thing. But much more important is for the disaster not to happen in the first place’ Philippe Jouvelot, AXA Corporate Solutions Companies may wish to audit their sites to make sure they are carrying out sufficient safety and risk mitigation activities. At the very least they should have assessed their exposures to see if they have any sites that run the risk of spilling poisonous effluence into areas of natural beauty. It’s also worth noting that if during an investigation a company finds environmental damage or the imminent threat of damage, then it is legally obliged to disclose this to the authorities. Regulators are likely to be more lenient with those companies that voluntarily confess rather than try to cover up a problem. Given the tough economic climate, it is possible companies – and perhaps even the regulators – will decide to focus on other issues at the expense of the environment. But perhaps as the environmental crisis in the Gulf of Mexico continues to unravel, companies will take a keener interest not only in preventing the worst from happening but also making preparations for dealing with the consequences if it does. ■

THE DIRECTIVE: REMEDIAL MEASURES

GUARANTEES WANTED

Remedial measure Primary remediation

The following European countries insist on financial guarantees – such as insurance or bank bonds – to cover the cost of environmental protection and pollution clean-up operations:

Complementary remediation

Compensatory remediation

Description Any remedial measure that returns the damaged natural resources and/or impaired services to, or towards, baseline condition. Any remedial measure taken in relation to natural resources and/or services to compensate for the fact that primary remediation does not result in fully restoring the damaged natural resources and/or services. Any action taken to compensate for interim losses of natural resources and/or services that occur from the date of damage occurring until primary remediation has achieved its full effect. Interim losses are defined as “losses that result from the fact that damaged natural resources and/or services are not able to perform their ecological functions or provide services to other natural resources or to the public until the primary and complementary remedial measures have taken effect. It does not consist of financial compensation to members of the public.”

• Greece • Romania • Portugal • Spain • Bulgaria • Czech Republic • Slovakia • Slovenia

Source: European Environmental Liability Directive

Strategic RISK SEPTEMBER 2010 |

38_39_AXASR_Sep10.indd 39

www.strategicrisk.co.uk

39

16/08/2010 10:57


SPECIAL REPORT

No more excuses The Environmental Liability Directive has brought with it a new urgency to take environment risk seriously. Despite other financial pressures, companies can’t afford to let green issues slip down the priority list

G

one are the days when companies could go about their business with little regard or respect for the environment. The public is no longer willing to accept environmental damage as a cost of doing business and this is increasing calls for compensation in the event of environmental destruction. The clearest manifestation of this trend is the EU’s Environmental Liability Directive (ELD). “Businesses that fail to assess their impacts and dependencies on biodiversity carry undefined risks and may neglect profitable opportunities,” claimed a recent report by the G8 and five major developing economies. Yet, worryingly, a review in 2008 by PricewaterhouseCoopers of the 100 largest companies in the world found that only 18 of them mentioned environmental biodiversity in their annual reports. Of these, only six reported action to reduce their impact on the environment and just two identified the environment as a key strategic issue. The concern is that, faced with a shocking financial slowdown, businesses have taken their foot further off the gas when it comes to environmental initiatives. Green issues dropped four places in Ernst & Young’s annual risk report (see box), which lists what firms see as the top business risks they are currently facing. “In the current economic climate, environmental issues are not at the top of the agenda, and have slipped down the rankings this year,” read the report.

BP – a lesson in consequences A big part of corporate environmental consciousness is being prepared to deal with the consequences of pollution or environmental degradation when things do go wrong, and not just walking away from it. The clean-up costs associated with BP’s disastrous Gulf of Mexico oil spill are expected to come to around $32bn (€24bn). The company has set aside $20bn to pay compensation claims alone. Most companies would be crippled by environmental liabilities of this magnitude. Even BP, which has huge cash reserves, has been forced to announce plans for an asset sell-off to raise around $8.7bn to help pay the liabilities. Furthermore, as part of the clean-up, BP has been forced to mobilise a fleet of ships to begin scooping up the huge oil slick, as well as an army of people to help clean up the oil as it washes ashore. This is not to mention the scale of the engineering project under way at tremendous depths in the

40 Strategic RISK SEPTEMBER 2010 |

40_AXASR_Sep10.indd 40

this trend is expected to continue over the next six months.

Change is in the air

Gulf to plug and permanently block the well (see our infographic on pages 28-29). The incident is a shocking illustration of how costly environmental disasters can be. There is a growing environmental insurance market in Europe designed to help companies deal with the costs of environmental clean-up operations, and a majority of countries report stable conditions despite economic problems and rising liabilities. That’s not to say that any of the risks faced by BP would have necessarily been insurable, because of the sheer magnitude of BP’s exposure. The ELD is leading to increased awareness of and interest in specialist environmental cover, particularly in Denmark and Spain, reported Marsh in its latest global insurance market outlook. The environmental insurance market is expected to remain relatively stable over the next six months, Marsh says. There are, however, exceptions. In France, for example, environmental liability insurance has recently become more expensive – some policies have increased in price by 10%-20%. This is mainly due to the fact that risk managers are seeking extended cover, which includes damage to biodiversity, on site clean-up costs and business interruption. “On the whole, the loss ratio is continuously increasing for environmental liability insurers and it is expected that there will be slight upward pressure on rates for the next six months,” Marsh stated in its outlook for France. In Italy, on the other hand, rates for environmental liability insurance declined marginally in 2009 and

The new environmental liabilities brought about by the ELD have created a new market for commercial insurance companies practically overnight. In Greece, for example, only two insurers are known to provide environmental liability cover locally and there has been little interest in the cover to date. Now that the ELD has been implemented in Greece, interest in specialist environmental products is expected to take off. There is also growing interest in underwriting environmental risks through a captive. Almost 60% of respondents to Aon’s 2009 Global Risk Management Survey expressed an interest in underwriting environmental risks this way. Despite the business climate, more and more companies are beginning to recognise the economic benefit of being environmentally aware. Rio Tinto, for example, reports on its website on the relative biodiversity value of its mining sites, the amount of land in proximity to biodiversity-rich habitats and the number of plant and animal species of conservational significance within each land holding. As Pavan Sukhdev, a leader in the UN’s Green Economy Initiative, says, the loss of biodiversity “leads to serious human and economic costs, which are being felt now, have been felt for much of the last halfcentury, and will be felt at an accelerating pace if we continue ‘business as usual’”. The business community must not abandon its commitment to the environment in the face of a tricky trading environment. ■

TOP 10 BUSINESS RISKS 2010 World’s top 100 companies’ ranking of risks: 1. Regulation and compliance (2) 2. Access to credit (1) 3. Slow recovery or double-dip recession (no change) 4. Managing talent (7) 5. Emerging markets (12) 6. Cost cutting (No change) 7. Non-traditional entrants (5) 8. RADICAL GREENING (4) 9. Social acceptance risk and CSR (new) 10. Executing alliances and transactions (8) (2009 ranking in brackets)

Source: Ernst & Young

www.strategicrisk.co.uk

16/08/2010 11:18


MOBILE PHONES

Not so smart … Using a mobile phone can be a risky business. But while any link with cancer is still to be proved, there is no doubt about the dangers of driving and using a hand-held and the phones’ vulnerability to security lapses, writes Andrew Leslie

F

ive billion people own mobile phones, according to the International Telecommunications Union. In many European countries, there are more mobiles than there are people. They are ubiquitous, annoying, enjoyable, reassuring and, above all, useful. It’s increasingly hard to contemplate a world without them. But they are not risk-free, especially when it comes to business. And with computer-inthe-pocket status virtually here, those risks are, if anything, increasing. In 2008, when the UK’s Independent headlined an article ‘Mobile phones “more dangerous than smoking”’, it brought to a head many of the concerns about the effects of the microwave radiation caused by mobiles. As well as cancer, mobiles have been tentatively (sometimes heavily) linked to memory loss, joint pain, headaches, cataracts and asthma. The problem is that mobile phones simply have not been around long enough for scientific research to reach any firm conclusions – especially in the case of cancer, a disease that can take decades to develop. Most investigations, including the recently released Interphone study of 13,000 people, interview a group of disease sufferers about their phone use and then compared them with a control group of disease-free phone users. What is needed is to track phone use accurately first, and then compare the development of disease. On the basis of such studies that have been done, the European Commission Scientific Committee on Emerging and Newly Identified Health Risks concluded in 2007 that “exposure to RF [radio frequency] fields is unlikely to lead to an increase in cancer in humans”. The results of the Interphone study are unlikely to affect this – although they suggest that there may be increased risk for heavy users.

Long-term view In an effort to put uncertainty to rest, a new study was launched in April this year by Imperial College, London. The ‘Cohort study of mobile phone use and health’ (COSMOS) is mailing 2.4 million phone users in the UK, aiming to sign up 100,000 people prepared to allow their health and phone use to be tracked over a period of up to 30 years. The project may be extended to Europe, with 250,000 people eventually taking part. Meanwhile, it may be as well for organisations that require their employees to use mobiles to think about what they should be advising in terms of

health risks. The Department of Health guidelines are clear that children should avoid excessive use, and that adults are better protected by hands-free apparatus and, again, by avoiding excessive use. They are equally clear that wi-fi and Bluetooth carry minimal risk. But every media health scare involving mobiles is bound to lead to worry – and finding the best way to reassure and promote best practice is only sensible.

On the road Since evidence clearly shows that using a handheld mobile phone while driving increases the risk of an accident by a third or more, most European countries ban their use. Only Portugal currently also bans hands-free devices, despite research showing that, in terms of distracting the driver from the road, there is little difference between the two. A 2003 study in Utah even suggested that a driver over the legal limit for alcohol consumption was actually less likely to have an accident than a driver using a mobile phone. The use of mobiles while driving is a clear and substantial risk. Furthermore, the annual survey carried out by the Department for Transport shows that van and lorry drivers (hence

often employees) are more likely to use mobiles than car drivers. If there is an accident, it is increasingly common for police to check phone records to see if a mobile might be a factor. If the mobile belongs to the employer, there is a direct danger that the employer may become liable in any criminal proceedings brought against the driver. There is only one sensible policy here. Ban your workforce from using mobiles when they are driving (the law also encompasses being stationary at traffic lights). Don’t invest in hands-free devices: the likelihood is that these too will be brought within the ban at some point. The Royal Society for the Prevention of Accidents (RoSPA) has a good example of the kind of policy employers should be using. It includes making staff aware of: • the dangers of using a hand-held or hands-free mobile phone while driving; • the organisation’s policy on mobile phone use; • the need to go to voicemail, or to switch the phone off while driving, and to stop in a safe place to check messages, or to allow a passenger to use the phone; • that good communication can easily be maintained without using a phone while driving; and • the importance of line managers not expecting staff to make or receive calls when driving.

Security concerns It’s easy to forget that today’s mobile phones can be as vulnerable to malicious attacks as PCs or laptops. They have two additional vulnerabilities – communication by radio, and the fact they are so easily lost or stolen (about 10,000 every month in the UK alone). Trying to ban business data from being carried on your organisation’s phones is probably a losing battle. It may be better to concentrate on core security issues, such as: • ensuring that everyone has the most up-to-date security applications installed – these should include the ability to wipe data from a phone remotely; • reporting lost or stolen mobiles immediately, so that the phone can be blocked; and • treating wi-fi hotspots with caution and making sure communications are encrypted. Finally, don’t forget that employees can use mobiles (and MP3 players) to ‘podslurp’ data. Make sure that your office network is sufficiently controlled to prevent this. ■ Andrew Leslie is an analyst with StrategicRISK

Strategic RISK SEPTEMBER 2010 |

41_Mobiles_Sep10.indd 41

www.strategicrisk.co.uk

41

16/08/2010 10:58


Project1:Layout 1

10/6/10

11:44

Page 1


SPECIAL REPORT

SPECIAL REPORT:

Property risk contents 44

PROTECTING YOUR ASSETS Better control, costs, consistency – how to get those elusive ‘three Cs’

45

NEW WORLD ORDER Global commercial property programmes require careful designing

HIDDEN COSTS 48 THE OF FIRE Protect both your business and the local community from the knock-on effects of a blaze

50

THE VALUE PROPOSITION Strengthen your property risk management and reap the rewards

This special report has been produced with input from FM Global:

Sponsored by

Martin Fessey martin.fessey@fmglobal.com Brendan MacGrath brendan.macgrath@fmglobal.com Malcolm Davis malcolm.davis@fmglobal.com

Strategic RISK SEPTEMBER 2010 |

43_FMGlobalSRCover_Sep10.indd 43

www.strategicrisk.co.uk

43

16/08/2010 11:32


SPECIAL REPORT

Protecting your assets Better control, costs and consistency – the ‘three Cs’ are there for the taking if risk managers can learn to manage their global loss protection programmes effectively and carefully

New hazards While having a global programme in place can produce real benefits, risk managers are only likely to reap the greatest rewards if they have robust loss protection and mitigation procedures in place. They need to look carefully at this area, as climate change is producing unforeseen weather extremes, which are affecting many countries in Europe. Losses from floods and windstorms have escalated in the past two years, affecting some areas not normally associated with such hazards. There are some basic relatively low-cost prevention strategies that can help risk managers avoid major problems, however.

44 Strategic RISK SEPTEMBER 2010 |

44_FMGlobalSR_Sep10 44

Shutterstock

P

remises, equipment, supplies, finished products – they all cost money and represent a large investment for most organisations. Commercial property loss protection clearly has to be high on the risk manager’s agenda. In this special report, we look at some of the considerations around this investment. For multinational organisations, a global programme can produce the ‘three C’ benefits – better control, costs and consistency. But risk managers need to take care regarding the design of such a programme and be aware of the potential pitfalls. The business arena is becoming ever-more complex and there are many risk management challenges. Not least of these is the need to convince subsidiaries that central insurance buying is a preferable alternative to them arranging their own cover, even though it may mean that they have to take a larger self-insured retention. Imparting the need for good risk management can also be difficult in territories where risk management does not feature highly in the business culture. For an organisation with operations in many areas, perhaps 50 or more, ensuring compliance with local insurance regulations is another challenge for both itself and its insurers. The penalties for failure to comply can be draconian, and a regulatory breach can also result in penalties for local directors and officers. While a global master policy may provide difference in conditions cover, with compensation beyond that provided by local policies, there can be tax issues if it is necessary to refund money to overseas subsidiaries. These are just some of the issues associated with multinational insurance programmes. If risk managers want to get the benefit of the ‘three Cs’, they need to tread carefully and take heed of the advice from their insurers and brokers.

Good risk management can give an organisation a competitive edge by convincing customers of continuity of supply and services Sustainability is also a key consideration for European companies. The need to reduce their carbon footprint is a major concern, and good risk management can help here too. Sustainability is not just about reducing power usage and adopting green supplies. For example, if a building burns down, the carbon footprint associated with fighting the fire and the subsequent rebuilding can be considerable. The loss of a facility can have major repercussions, not only for the organisation concerned, but also for its employees, suppliers and the local community – perhaps even for the country as a whole if that organisation decides to rebuild and relocate elsewhere.

Once again, the answer lies in preventing and mitigating losses. In the case of reducing fire losses, installing sprinkler installations is a ‘green’ solution, and there is considerable evidence to back up this claim (see ‘The first line of defence’, page 48).

Reap the rewards Companies need to invest in commercial property loss protection, but the money spent can produce financial and reputational rewards. Offsetting the costs are the reductions that businesses can realise in insurance premiums when transferring their risks to insurers. A well risk-managed company can expect to obtain better cover as well. There are other advantages too. Reducing losses also reduces earnings volatility, which will increase shareholder value. Demonstrating good risk management practices can give an organisation a competitive edge by convincing customers of continuity of supply and services. It can smooth the path of mergers and acquisitions deals. And as good risk management now has a bearing on companies’ credit ratings, this will help them to reduce the cost of capital. ■

www.strategicrisk.co.uk

16/08/2010 11:20


SPECIAL REPORT

New world order Corporate multinational property insurance programmes can provide significant cost and control benefits – but risk managers should be aware of the potential pitfalls

Shutterstock

T

he trend for going global started several years ago as organisations based in the more developed regions expanded their activities. However, a big economic shift is taking place between the emerging BRIC (Brazil, Russia, India and China) countries and the more developed ones, prompting a second phase of globalisation. FM Global operations vice-president Malcolm Davis says: “We are seeing new companies emerging in regions such as Asia, Latin America and the Middle East, which are becoming increasingly significant. They in turn are expanding into the USA and Europe, developing their operations there and in some cases looking to make acquisitions.” It’s a trend that looks set to continue, with some commentators predicting that the economies of BRIC countries will be larger than those of the industrialised G7 countries by 2030. Wherever the push for globalisation occurs, one thing is certain: it drives the need for flexible, far-reaching global services in which insurance buying plays a big part. But designing and operating a multinational commercial property insurance programme is far from straightforward. “The world is becoming a far more complicated place to do business,” Davis says. “If you are a risk manager in a big multinational corporation, there are significant challenges in operating in this increasingly complex world. And the more countries your corporation goes into, the more challenges you may have to grapple with in making sure your company’s assets are protected and also endeavouring to promote and encourage risk improvement activity.” There is an increasing realisation in the risk management community of the benefits in having a single programme that insures the company’s property wherever it operates. Aon UK’s managing director, property and casualty group, Andrew Laing, says: “A major benefit of global programmes can be cost efficiency, with the ability to leverage a larger premium as opposed to having individual smaller covers. “A centralised approach also gives the risk manager greater control. And there is efficiency associated with just having to manage one premium, while the risk manager enjoys the certainty that coverage is being purchased more consistently.” Simon Edge, a partner in JLT’s property team, agrees that a global programme gives the risk manager increased control and can often produce big cost savings. “When we are involved in setting up a global programme, we often find there has

been significant duplication of cover. This happens because local offices have been buying their own policies and in many cases additionally paying fees to local brokers. “Centralisation can often eliminate local brokers’ fees and remove duplication, which keeps down costs. The company will generally be able to obtain improved and more consistent cover worldwide.”

Challenges But while it may make economic sense for a business to expand into a country such as China, the move may raise many questions in the minds of risk managers. How can I extend our global programme to our new Chinese subsidiaries? Bearing in mind language and travel constraints, how do I communicate with managers in these new subsidiaries and talk to them about risk improvement or insurance protection? Seeking answers to such questions can present a real hurdle, says Davis, particularly in the current economic climate. “Many risk managers in big corporations are now working alone or with smaller teams, which can make it doubly difficult to cope

with this new landscape of extra countries and risk management challenges.” It can also be difficult to secure senior management backing to implement a consistent corporate risk management philosophy across an organisation. In theory, the cost savings should present a persuasive argument at head office, particularly at the moment, but will it be equally convincing for senior managers of subsidiaries around the globe? Much depends on the corporate culture, says Davis. “In a highly centralised corporation, the culture is very much that decisions on risk management and insurance purchasing are made by head office. These are then rolled out to subsidiaries around the world, which will generally adopt them with little, if any, argument. “However, other organisations – particularly those that have grown globally by acquiring companies – may not have that complete corporate control from head office because of differences in corporate and local cultures. “Businesses with key divisions in regions remote from head office may have quite senior management in place; it’s not unusual in terms of employee numbers,

Strategic RISK SEPTEMBER 2010 |

45_47_FMGlobalSR_Sep10.indd 45

www.strategicrisk.co.uk

45

16/08/2010 11:04


SPECIAL REPORT

turnover and profit contribution for these regional business units to generate a significant proportion of the entire organisation’s result. “In such situations, those regional senior managers may take the view that they should have a say in what happens in their regional area and may well question or even resist some elements of the policies that emerge from the corporate head office. With that sort of profile, it’s much harder for the risk manager in the head office to achieve consistent outcomes with all business units worldwide.” Aon’s Laing agrees, also citing problems with premiums and retentions. “Once you have put the global programme together, issues can arise with the allocation of costs back out to the subsidiaries. There may be problems with local divisions that believe they can buy cheaper in their local market. That may be true in some cases but overall the business would lose out on efficiency.” He adds: “When you are arranging a big global programme, the insurance markets are typically more competitive if the insured carries a sensibly sized retention to reflect what is essentially a much bigger organisation. There can be issues with the local organisations that are not used to having such a large retention, but there are ways in which we can structure a retention strategy that effectively addresses both the needs of the insurers and the local organisation.” Regional divisions may not just need convincing over central insurance buying. Davis explains: “In emerging countries such as Asia and South America, risk management philosophies and cultures are much less developed than in Europe or North America. This can present challenges for the sophisticated risk manager at head office who is trying to implement a global risk management programme and pursue loss prevention strategies. “It can be difficult to communicate the corporate risk management philosophy and plans to some business units around the world and persuade them that it’s in their local interests to adopt such approaches. While there’s certainly value in communicating consistent global risk management guidelines and policies, there are many benefits to be gained from helping employees globally understand why it makes sense to invest money in loss protection. Enterprise-wide learning can go a long way.”

Consistency and compliance Achieving consistency around the world should be an integral benefit of multinational programmes, whether in terms of the approach to loss prevention and risk management or insurance coverage. Yet it is not always possible to install in every country a local insurance policy that matches the corporate head office model of what they would like to see in place.

46 Strategic RISK SEPTEMBER 2010 |

45_47_FMGlobalSR_Sep10.indd 46

‘There may be problems with local divisions that believe they can buy cheaper in their local market’ Andrew Laing, Aon This leads inevitably to what many believe is the most important issue for multinational insurance programmes – compliance. Davis says: “Compliance is the issue that drives clients, insurance companies and brokers. Many organisations now devote substantial time and effort to making sure their insurance programme is compliant and that their assets across the globe are protected in accordance with local laws and regulations. Compliance can affect the way policies and premium invoices are issued and the currency in which premiums are invoiced – in fact, most elements surrounding the insurance contract and premium payment arrangements. Many countries have detailed regulations that set out how things should be done.” He continues: “All parties have to get this right, including ourselves as an insurer. In some countries, there are local regulations or tariff wordings that limit insurers from putting in place exactly the cover they would prefer. “At FM Global, we try to maximise the amount of locally admitted cover that we put in place in each country and thus minimise the amount of ‘difference in conditions’ or ‘gap’ cover included on the master policy. The aim is to make sure clients have a programme where they have a known amount of local coverage in place in each country that complies with any local regulatory rules, and that any identifiable gaps with the corporate programme specification can be made up in the master policy.” In recent years, many countries’ regulators have become increasingly prescriptive in terms of how they want insurance cover to be arranged. In some cases, arranging non-admitted cover (cover provided by an insurer that is not locally licensed) for assets in certain countries is illegal. Breaching regulations can result in severe penalties and fines for the local division involved and could also expose its directors and officers to fines and penalties. JLT’s Edge explains: “Insurers who have a locally licensed office – or a partner with a locally licensed office – in the territory concerned will ask that office to issue the local policy. But the master policy will generally be issued to the parent organisation in the country where their head office is located. Where required, a local policy will be issued to the local entity, which ensures compliance with local regulations. The master policy will generally cover differences in cover and limits.

Local policies are usually issued to what is known as ‘good local standards’.” JLT property partner David Powell adds: “Another reason for having a local policy is that it can be difficult for the insurer writing the master policy to pay a claim to the local subsidiary without the insured incurring an additional tax liability. Where a multinational has a truly global spread, there are not many fronting insurers that are licensed to issue policies in all the territories themselves. Some partner with a number of other underwriters to provide the necessary network.” But he warns: “The more people you have involved with issuing local paper, the more complicated it can become.” Edge adds: “The local office will often impose a minimum premium charge and may add a servicing fee, which means it is not always viable to cede to a global.” The inclusion of difference in conditions cover in the master policy might suggest that there’s no need to worry if the local policy doesn’t match the global one too closely. But Edge points to the danger in this approach. “In the event of a loss where the global master policy is called into play (because the local policy is restrictive in cover or limits), the local entity will be paid out by the local policy, and anything additional that’s covered by the master policy will normally be paid centrally to the parent. Reimbursing that money to the local entity may have tax implications because it may be treated as a capital payment – or asset – coming in, rather than an insurance payment. In order to minimise the likelihood of that kind of central payment, insurers such as FM Global have endeavoured to ensure that their local policies are as close to the master policy wording as possible.” It is possible to structure master policies so that they include payment of any additional taxes as a result of losses being compensated by the master policy.

Cost efficiency Cost efficiency rates high among the benefits of multinational programmes. So how exactly can this be achieved? Powell stresses that all large multinational programmes are different. “Most of the programmes we design are bespoke to suit our client’s needs. Each programme will have a different spread of territories involved, resulting in varying levels of catastrophe exposures that will, in turn, have aggregation considerations for risk carriers. “You also need to consider what level of loss limit the client is looking to buy or needs. Inevitably, the laws of supply and demand can have an impact. The higher limit you have to buy, the more you need to draw in slightly more expensive capacity to complete placement.”

www.strategicrisk.co.uk

16/08/2010 11:04


He also points out that it can be beneficial to arrange a layered programme rather than using purely quota share support. “Layering can help you to generate cheaper capacity because underwriters model risk exposures differently. When setting premiums, their models work on the basis that losses will be skewed towards the bottom of the limit of liability but not necessarily in the same proportions. “Taking a simple example, if you take the first 50% of the limit of liability, while one underwriter’s model might calculate it was worth 80% of the premium, another’s might calculate that it was worth 75%. Similarly, for the upper 50%, one insurer might require 20% of the premium and another 25%. If you put 75% and 20% together, there is clearly a saving to the insured – assuming both underwriters are working to the same base rate.”

Security By their very nature, multinational policies involve insurers putting all their eggs in one basket – that of the fronting insurer. Not surprisingly, insurer security is an issue and there’s a great deal of focus on insurers’ ratings. For risk managers, a crucial part of arranging a multinational programme is supplying high-quality data to underwriters. Laing says: “Insurers and reinsurers are reliant on good-quality data – it’s absolutely essential for cat modelling – and brokers want to make sure they present the risk in the best possible way.” For organisations that are already centralised, providing the data is fairly straightforward because they already have it. For decentralised organisations it is much more challenging. Risk managers can call on their brokers to help here, while insurers such as FM Global, which have representatives in the various territories, can also assist. “As corporations grow and move into more countries, it becomes more difficult to stay on top of changes going on around the world,” Davis says. “For example, the risk manager of a company that has taken over several companies in a fairly short time may have great difficulty in getting information about their global locations, asset values and so on. Our local service personnel around the world can help get that information and report it back to the risk manager in the home country.” He stresses that even companies of a similar size with an equal number of subsidiaries in the same regions may have very different servicing needs. “In some cases, we are asked to visit each of a client’s local subsidiaries around the world, explain the new insurance policy, describe how the programme is designed to work and get feedback for the risk manager. In other cases, we manage the issuance and distribution of policy documentation but do not make face-to-face visits to local subsidiaries.”

Corbis

SPECIAL REPORT

Clients may also need assistance with risk improvement at their local facilities. FM Global’s approach is to have a consistently trained team of local loss prevention engineers around the world who know the languages and the cultures of the countries where they work. “They visit a client’s local facilities, help them understand the property risks they may have, and recommend appropriate risk improvements,” Davis says. Powell says there can be a number of advantages to a multinational company using a captive insurance

‘Layering can help you generate cheaper capacity because underwriters model risk exposures differently’ David Powell, JLT company to retain some of the risk. Specialist advice can be provided to ensure such a solution is properly tailored to the insured’s unique circumstances. One obvious advantage would be the insured group’s retention of part of their overall premium spend, especially where the premium being quoted at the primary level has been inflated by (re)insurers due to a recent run of losses. “When participating on a primary basis, the captive will normally need to be fronted because it is unlikely to be a licensed insurer in the territories where the primary paper needs to be issued,” he says. “This generally has credit implications because the fronting company will want to be confident that they will be reimbursed for any claims they pay out on behalf of the captive. Letters of credit or a parental guarantee are often therefore required.”

Jurisdiction The applicable jurisdiction for policy disputes is another area for consideration when designing the programme, says Edge. While the master

policy is usually subject to the law of the parent company’s home country, any local policies will be subject to local jurisdiction. If there is a conflict between the local policy and the global master, where the fronting company and the local policy issuing company are part of the same group a problem should not arise.” However, it’s important to ensure that the reinsurance cover is subject to the same law and jurisdiction for dispute resolution as the master policy, he adds. “Otherwise there is potential for disputes to be held in more than one jurisdiction and under conflicting laws, which could result in different outcomes for the fronting policy and the reinsurance contracts.” With a programme encompassing many client locations in a large number of countries, managing premium flow is an important consideration. “Many of our bigger clients have their own captive insurer,” David says. “We’re often asked to lead their global programme, issue local policies and collect premiums from countries around the world. “We then share an agreed amount of the risk and premium with the captive. We therefore need to manage the entire premium flow from the front to the back end, and we need to work quickly to get policies and premium invoices issued in the various countries, collect premiums and then pay the agreed share to the captive. “Obviously, the captive wants its money as quickly as possible after the policy inception or renewal date. We are often able to achieve payment to the captive within 30 and 45 days after the renewal date.” Global commercial property programmes can offer significant advantages to companies but clearly there’s a lot to consider when designing and arranging them. Davis concludes: “As a mutual organisation, FM Global has always focused on service delivery to clients. As more of our clients opt for multinational property programmes, we have extended that principle worldwide – to help clients navigate the challenges of going global.” ■

Strategic RISK SEPTEMBER 2010 |

45_47_FMGlobalSR_Sep10.indd 47

www.strategicrisk.co.uk

47

16/08/2010 11:04


SPECIAL REPORT

The first line of defence The effects of a blaze in a large building or facility go beyond just safety and structural damage, and can be ruinous – to the local infrastructure, economy and environment. But installing sprinkler protection could take businesses out of the line of fire, says FM Global’s Brendan MacGrath

A

t around 11pm on a Saturday night in February 2005, a small fire started in a room on the 21st story of the Torre Windsor high-rise office building in downtown Madrid, Spain. Despite the efforts of the permanent security staff and the professional fire brigade – which used 1.6 million gallons (six million litres) of water to prevent the blaze from spreading to adjacent neighbouring properties—the 32-story, 100-metre-high building became engulfed in flames; by morning it had partially collapsed. Fearing further collapse, the city set up a 500 metre exclusion zone around the building, forcing nearby businesses to shut. This affected some 30,000 workers. At the same time, many roads and railways feeding this important business district were shut down. And, because of the building’s central location, its demolition had to be a gradual dismantling – a process that led to significant disruption in the area for the next six months. The estimated cost of the fire, including insured damages to third parties, approached €300m. More difficult to measure was the damage this highly publicised catastrophe had on Madrid’s image as the business capital of Spain’s economy, and as an important tourist destination – especially at a time when it was considered a front-running contender to host the 2012 Olympics. A few years earlier, also in Madrid, on New Year’s Day 2002, a short circuit from an operating portable electrical heater started a fire in a seven-story office building. But unlike the Torre Windsor, this facility was fitted with a sprinkler system. Three sprinkler heads operated, successfully controlling and ultimately extinguishing the fire by the time the public fire brigade, notified by the water flow alarm, arrived. An estimated 26,000 litres of sprinkler water was applied; 230 times less than that consumed by hose streams during the Torre Windsor office fire. The estimated total loss cost was just €175,000. Perhaps most important, the building’s staff returned to

48 Strategic RISK SEPTEMBER 2010 |

48_49_FMGlobalSR_Sep10 48

work the following day, and there was no significant interruption to those in the immediate area.

Knock-on effects There are countless examples of fires in facilities in Europe and around the globe that have caused widespread disruption and ruin, and the wider effects can be disasterous to communities. In Denmark, for example, two separate fires destroyed two large pork-product processing facilities. During the time it took for demolition, rebuilding and repairs to be completed, more than 1,300 employees were forced to look for work elsewhere – not to mention the impact to the staff working at those companies supplying raw materials and services to

The sprinkler is a device for the protection not only of properties and their assets, but also of people, their livelihoods, the environment, the local community, the economy the facilities – creating a sense of uncertainty that put a strain on the local economy beyond the obvious unemployment costs. In addition, the interim and sometimes permanent closure of a facility will often cause a company to relocate jobs to another country with lower costs. Such was the fate of 200 jobs following a major fire at an electrical manufacturing plant in the UK: the plant closed and the operations were transferred to a facility in Greece. Indeed, fire affects the economy not just at the local level, but at the national level as well. In Treviso, Italy, a domestic appliance manufacturing facility with a staff of 800 suffered a catastrophic fire. With thick black smoke emanating from the plant, nearby schools were evacuated and closed, while

businesses and residences in the surrounding urban area were ordered to keep their windows closed. The toll on the community was so great that the manufacturing company involved was questioned by the authorities on whether it took the necessary measures to prevent this event and its consequences. Each of the above catastrophes has one thing in common: the buildings involved were not fitted with an automatic fire sprinkler system. Had an adequately designed, installed and maintained system been provided, the outcome and overall impact would almost certainly have been different. Contrast the above examples of uncontrolled fire with what happened in France one Friday evening in August 2007. Following an argument with a few colleagues, a disgruntled employee at an 8,000 sq metre spare parts warehouse set fire to some of the facility’s cartoned goods, which were in high-rack storage. Four sprinkler heads positioned above the fire operated promptly, limiting damage to one bay of the rack. All employees safely evacuated the building, and the fire brigade, upon its arrival, quickly extinguished what was essentially the size of a still incipient fire. There was no reported impact to the environment, and operations at the facility resumed as usual the following Monday.

The tip of the iceberg While the property insurance costs of major fire events are readily quantifiable, their total economic cost and broader impact on society – on the community, on the environment, on the safety of building occupants and emergency services – are not. Indeed, the property and business interruption loss costs represent only the tip of the iceberg; much of the total impact and cost of fire to society remain largely hidden from view. Observed from this perspective, the sprinkler is a device for the protection not only of properties and their assets, but also of people, their livelihoods, the environment, the local community, the economy – of sustainability in general. Given both the impact of fire on today’s society – estimated by several studies at the macro-economic level to be between 1% and 2% of a country’s gross

www.strategicrisk.co.uk

16/08/2010 11:33


Corbis

SPECIAL REPORT

domestic product – and the potential benefits of sprinklers, it is appropriate that legislation should regulate for positive change in this area. When it comes to the wider benefits of something as straightforward as automatic sprinkler protection, consider the following:

material and goods is liberated. Carbon is then consumed in treating the debris and in manufacturing replacement material. So, a fire in an unsprinklered facility might generate three to four times the carbon dioxide of a facility with sprinklers.

SUSTAINABILITY SOCIETY Building codes exist to protect society and third parties – namely, employees, responding fire services, and neighbouring properties – from the risk posed by activity carried out at a particular property. But shouldn’t codes also require the protection of the facility itself, considering all the value derived from that facility, value that contributes to society? If a major fire puts a production line out of operation for several months, what happens to the jobs of the people working there? What about the jobs of all the suppliers? The impact goes far beyond the fence line. Automatic sprinkler systems can reduce, even eliminate, the consequences a fire can have on society as a whole.

ENVIRONMENT Fighting a large, uncontrolled fire with hose streams can require much more water than controlling a fire with sprinklers. Plus, there are the products of combustion: contaminants, harmful gases. In a fire, the embedded carbon in a building’s construction

When we hear about the ‘sustainable design’ of a building, we tend to think of the environment. But it’s not just a green issue. A building provides important contributions to the local and macro economies throughout its life cycle. What’s more, sustainability is a key reputation driver, for both investor and authority stakeholders. For regulators, the question is how to protect the important contributions a facility makes to a region’s or country’s reputation. Sprinklers are a big part of the answer.

GLOBALISATION As emerging economies such as those in Asia see increased development due to foreign investment, they’re adapting more rapidly to newer protection philosophies and techniques. The more nascent or dynamic the market, in general, the quicker it is to embrace the concept and benefits of sprinkler protection via regulations. The sprinkler’s proven reliability allows all stakeholders to feel confident that a facility is better

protected than one relying solely on other, more passive methods of fire prevention.

SUPPLY CHAIN A facility in an emerging economy is no longer just another supplier turning out nuts and bolts; it’s now a critical link in the chain of an enterprise’s global production line. Countries with emerging economies, then, should help companies maintain the resilience of their supply chain, by having codes that mandate wellprotected facilities. If a company outsources production overseas to a facility where a big fire occurs, other companies may think twice about building a plant there. Insurance premium savings for an individual location alone will rarely justify the cost of adding an automatic fire protection if a traditional cost-benefit analysis is performed. Yet, a properly designed and installed sprinkler system will reduce both the probability and severity of a major fire. Companies, in turn, will certainly benefit from better and more stable insurance premium compared with those that do not see the value of sprinklers. Sadly, the latter approach will leave many unprotected facilities at increased risk of a major fire, as well as the many wider economic, societal and sustainability consequences. ■ Brendan MacGrath is manager of FM Global’s International Codes and Standards Group

Strategic RISK SEPTEMBER 2010 |

48_49_FMGlobalSR_Sep10 49

www.strategicrisk.co.uk

49

16/08/2010 16:51


SPECIAL REPORT

The value proposition Robust property risk management practices may call for serious investment in loss protection – but the benefits for the corporate bottom line can often more than compensate

C

ompanies that have a strong property risk management strategy in place are in a good position when it comes to transferring risk to the insurance market. And it brings other rewards too, in terms of enhanced shareholder value. “Strong risk management will help businesses secure better terms in the insurance market,” Marsh EMEA property practice leader Caroline Woolley says. She believes that providing as much information as possible about this can create competition in the insurance market and put the business in a better negotiating position. Marsh Risk Consulting senior vice-president Richard Waterer adds: “Those businesses that possess full information about their risks will ultimately reduce their cost of risk.” As Kate Loades, group insurance and risk manager of media company Pearson, said in FM Global’s 2009 annual report: “The costs of a risk management programme that places an emphasis on prevention and control can be offset in the form of lower insurance premium – not to mention increased capacity and higher limits – for property, casualty and business interruption insurance.”

Performance benefits It’s not just better insurance terms that await companies prepared to go the extra mile on physical loss protection. “There is a strong correlation between risk management and earnings stability,” says Dr Deborah Pretty, principal, Oxford Metrica, commenting on a recent research study on Fortune 1000-size companies. By adopting strong risk management practices to prevent fire, natural hazards and other causes of property loss and business disruption, the findings suggest a company will reduce the frequency and severity of these loss exposures, if not prevent them. They may also reduce their earnings volatility too, enhancing shareholder value. The Risk/Earnings Ratio study, commissioned by property insurer FM Global and conducted by Oxford Metrica, found that companies with best practices in managing property risks produced earnings that were on average 40% less volatile than companies with less advanced physical risk management. That’s persuasive evidence of a significant return on investment. Commenting in the report, packaging group Ball Corporation’s senior vice-president and chief financial officer, Scott Morrison, said: “The more volatility you take out of your performance, the greater the reliability

50 Strategic RISK SEPTEMBER 2010 |

50_FMGlobalSR_Sep10.indd 50

PHYSICAL RISK MANAGEMENT PRACTICES VS AVERAGE LOSS SEVERITY The average financial loss at a location deemed to have weak risk management practices exceeds $3m, compared with around $620,000 for a company that manages its physical risks well.

All property-related perils (2005-08)

$620,000 STRONG PRACTICES

$3m WEAK PRACTICES Source: The Risk/Earnings Ratio, FM Global

of earnings – which translates into a more consistent valuation by Wall Street. Likewise, the more resources a company earmarks toward reducing risk, the higher the opportunity for enhanced shareholder value.” FM Global’s own internal quantitative research shows that the average risk of property loss for companies with strong risk management practices is 20 times lower than for those with weak practices. Poorly prepared firms were more than twice as likely to experience a property loss and business disruption. And the average loss at a location deemed to have weak risk management exceeds $3m (€2.3m), compared with about $620,000 for a company that manages its physical risks well. Rating agency Standard & Poor’s now includes enterprise risk management (ERM) as one of its criteria when assessing companies, so high scorers are likely to be better able to control, if not reduce, their capital costs, in addition to strengthening investor confidence. And clearly robust risk management is a key part of ERM. Waterer believes good risk management can also give companies a competitive edge. “For example, customers buying logistics services prefer suppliers that can demonstrate a high level of loss control in terms of warehouses or fleets,” he explains. “It becomes an important part of the supplier’s selling proposition to customers, particularly with so many operating on a ‘just in time’ delivery basis.” There can be big benefits too for real estate and property companies, he adds. “If a property company

loses an asset completely, or even fails to maintain good security so that the property is vandalised, it will be harder to sell that space to tenants in the future.” Waterer also believes that good risk management controls can ease merger and acquisition activities. “The assets and the controls and risk management around those assets can form an important part of the due diligence process. If companies can demonstrate they are taking action to reduce the likelihood of major events and also have mitigation strategies, this will facilitate the deal.”

Spell it out With European companies looking to cut costs in the current economic climate, risk managers need to put their case for investment in loss protection succinctly but strongly. They have to impart the message that good risk management adds value in a way that the board understands. Spelling out the bottom-line benefits is a good strategy. FM Global’s The Risk/Earnings Ratio study concludes: “Preventing the potential of fire and natural disasters, which are the major drivers of property loss and related business disruptions, provides confirmable bottom-line benefits. Similarly, investing in preventing two other major contributors to property losses – human error and equipment breakdown – also can enhance corporate performance. “There are no guarantees, of course. But the findings demonstrate a significant return on investment in loss prevention.” ■

www.strategicrisk.co.uk

16/08/2010 11:34


Alongside you in corporate business At Aviva we write insurance for thousands of corporate businesses, from retail to construction, professional services to transport. As one of the UK’s largest and most stable insurers, we can offer world-class expertise in your sector, coupled with all the support you need at a local level and the long-term commitment you deserve.

Our appetite for the business is extensive and we’re keen to work with you. To find the Aviva cover that’s right for you, talk to your broker. Or simply find a broker at www.aviva.co.uk/corporate-risk

We’re in business to keep you in business

Aviva Insurance UK Limited. Registered in England No. 99122. Registered office: 8 Surrey Street, Norwich NR1 3NG. Authorised and regulated by the Financial Services Authority.


ASSOCIATION Airmic Portfolio

LEADERSHIP

New chair, new horizons N ew Airmic chair Nicola Harvey faces a serious risk at work – that of developing a taste of collecting sculpture. As the global risk director for the international auction house Christie’s, she regularly gets to look at the treasures coming up for sale. So far, however, she has resisted the temptation to signal to the auctioneer, and is concentrating on the job in hand, to which she’s comparatively new, having joined Christie’s less than two years ago, along with her role at Airmic. She has plenty of enthusiasm for both. Despite a background working for large companies, including what is now Lloyds TSB and Cable & Wireless before Christie’s, Harvey says one of her priorities for Airmic is to do more to support risk management in smaller businesses. She explains: “A key priority for me in my year as chair is to make Airmic more inclusive. Although the FTSE-350

companies will continue to be a large element of what we do, there is plenty of room for Airmic to be more relevant to other organisations that don’t employ a professional risk manager or a full-time insurance buyer. We could offer them training, guidance and networking, but often companies aren’t aware of us. We need to raise our profile and let them know about us.” Airmic’s continuing drive on training and development fits neatly into Harvey’s theme for the year of embracing new horizons. She is proud of the work Airmic has done over the past year, such as launching the Airmic Academy, and would like to see it enhance its range of topics, which so far have been mainly insurance-oriented. For example, Harvey knows how important it is for risk managers to be able to influence decisions. “If you don’t have the right skills, how are you going to have that difficult conversation with the chief executive or make an effective

AIRMIC PROACTIVE IN GOVERNANCE GUIDANCE

and even public sector organisations. The Financial Reporting Council (FRC) is now involving organisations like Airmic and the Institute of Risk Management in drafting guidance on best practice in implementation of the code. This document will replace what is colloquially known as Turnbull. The FRC hopes to release a consultation document in the autumn, with a final version some time in 2011. The new code requires a clearer statement of the board’s responsibilities in managing risk than the previous corporate governance rules, known as the Combined Code. It says that, to improve risk management, the directors should explain the business model and the board should be responsible for determining the nature and extent of the significant risks it is willing to take. Airmic technical director Paul Hopkin says that Airmic has also sent a copy of its publication, A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000, to the FRC “on the basis that a lot of what they are talking about in terms of risk is set out in that guide”.

Airmic is taking an active role in the revision of the guidance on the UK’s new Corporate Governance Code, which requires companies to report their risks and risk appetite more clearly for all financial years from the end of June 2010. The new code, published in May, is a required standard for all listed companies, and is highly influential for other businesses

Airmic’s guide to ISO 31000 has much to offer the new corporate governance guidance

52 Strategic RISK SEPTEMBER 2010 |

52_AIRMIC_Sep10.indd 52

‘Airmic can be helpful in highlighting role models in an uncompetitive environment’ Nicola Harvey, Airmic

EL INSURANCE ENFORCEMENT IS ‘WOEFUL’ Current enforcement of the UK’s compulsory employer’s liability insurance is “woefully inadequate”, Airmic believes, arguing that the government should come down more strongly on organisations that fail to buy the right protection for their staff or buy less than required. The comment came in response to the government’s announced review of health and safety and ‘compensation culture’. “Apart from the obvious moral and legal imperative to protect staff, it is unfair that our members are placed at a competitive disadvantage because they observe the letter of the law,” technical director Paul Hopkin said. “Firms that save money by taking shortcuts on employee safety are getting away with it because of inadequate enforcement.” The government has set up a scheme to trace missing employers’ liability policies, but the bill to create a scheme similar to the Motor Insurers’ Bureau, to compensate sick or injured workers when their

presentation? Soft skills are difficult to tackle, but are relevant and useful.” Finally, she draws attention to a need for role models in the business, especially for young women, pointing out that she’s only the third female chair of Airmic since it started in 1963, and that there are few women visible at senior level in the insurance industry. “Airmic can be helpful here in highlighting role models in an uncompetitive environment,” she says. Despite the higher profile of risk management since the financial crisis, individual risk managers today face considerable pressures in their jobs, Harvey says. “We live in pretty tough times, and risk managers can be really valuable to their organisations if they get known as someone that other managers can go to for advice and problem-solving.” Perhaps Harvey’s second theme for the year should be: I’m a risk manager and I’m here to help.

employer’s insurance cannot be traced, has not been reintroduced into parliament since before the general election.

‘Firms that take shortcuts on employee safety are getting away with it because of inadequate enforcement’ Paul Hopkin, Airmic

www.strategicrisk.co.uk

16/08/2010 11:00


Photos : Creatas, Photodisc, Enrique Algarra/PIXTAL, DigitalVision, Juliet White/Gettyimages -

a redeďŹ ned vision of service

a reliable company available teams attentive advice

www.axa-corporatesolutions.com

239x309_Strategic_risk.indd 1

10/04/09 14:56:36



Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.