Risk management takes centre stage

?In the movie Collateral, Tom Cruise’s contract killer character asks his LA cab driver to run an errand for him. The driver, Jamie Foxx, asks him, “How come you don’t get to meet people?”

“Risk management,” a greying Cruise says in response. “Anonymity – and I protect mine. You’re not going to screw that up.”

While the big bad world that risk managers inhabit may not necessarily be that dangerous, their profile is getting sexier by the day, just like Cruise’s wrinkled eyes. The profile of risk managers has never been higher, as rating agencies and analysts are putting risk management practises under the spotlight.

In a report released by Pricewater-houseCoopers (PWC) in March, the role of the risk manager was stripped down – and what lay beneath was a heavy layer of regulatory compliance corseting the true role of the job – enabling sustainable investment performance, improving customer and shareholder satisfaction, delivering better management data and allowing for more competitive pricing.

The results of the online survey conducted by the Economist Intelligence Unit and PWC showed that 55% of respondents felt that a better relationship with regulators conferred effective risk management. A quarter felt that their organisation’s risk management functions was very successful at ensuring regulatory compliance.

The report focuses predominantly on the financial services sector, where compliance has become a growth industry. “Compliance is only a very small part of risk management. It is about protecting customers and shareholders,” says David Gamble, executive director of the Association of Insurance and Risk Managers (Airmic).

Gamble goes on to say that the challenge nearly all risk managers face is to define and communicate what they do and how risk management can add value to the business. “It is sometimes seen as a box ticking, defensive exercise, whereas it should be a proactive process that helps companies become more competitive.”

A significant number of respondents recognised this and were keen to see risk management take on a more value-based function.

Of the 421 respondents surveyed, 42% judged measuring and monitoring risk as the most important objective of risk management.

Coming in a close second was communicating key risks to the executive team, followed by instilling a culture of risk awareness throughout the organisation.

Interestingly, ensuring regulatory compliance registered a low 14%.

Marcia Cantor-Grable, president and chief executive of Genworth Financial Mortgage Insurance Europe, believes risk managers should have a seat at the decision-making table, predominantly to detect, describe and prevent damage to the business. She says that risk managers should be seen as “catalysts for change”.

“When we think of growing any business, the risk manager’s role is critical. The role is very much front end. In an industry that is about recognising risk, we have more than 40 risk professionals across Europe alone.

“Their roles cut across the board – products, investments, market risk and counter-party risk. If we detect that modifications are needed in products, underwriting or pricing, they have a voice at the table.

“Risk management has a much broader enterprise-wide perspective, brought to bear on all drivers in the business. It looks at all the drivers that could cost business interruption, shareholder value and employee satisfaction.”

Taking a similar stand, Ian Wainwright, group chief surveyor of Ecclesiastical Insurance, believes the role of the risk manager is improving. “But not where we want it necessarily,” he qualifies.

“Having the regulatory framework in place and the FSA helps but a lot of focus has been placed on the regulatory side, and on compliance in particular. I’d like to see more involvement in the day-to-day side of business, in terms of pricing, risk acceptance and the exposures organisations are accepting,” he says.

Embedding risk managers within individual business lines could lead to greater understanding and awareness of risk and its link to performance.

Wainwright likens risk management to health and safety. “We wouldn’t need health and safety officers if observing health and safety in the workplace was second nature. Similarly, risk management needs to be embedded in the culture of the organisation,” he explains.

“Risk management is sometimes seen as a box ticking, defensive exercise, whereas it should be a proactive process that helps companies become more competitive

David Gamble, Airmic

However, he does not foresee this happening soon as changing the culture of an organisation can be quite difficult.

Supporting the call to embed risk managers is Phil Grace, casualty risk manager at Norwich Union. “It’s a good call. The difficulty of my work is that I work with an insurance firm, not the people we insure.

“We don’t know what our policyholders do; we only know enough to price the premium. The people who know best are those who run the risk.

“I firmly believe that risk management, like health and safety, is best managed by someone within the organisation.”

The PWC report revealed that while embedding risk managers is a strategy that has been employed by companies for some time, there is still room for improvement. Only one in eight respondents believed that their organisations’ business units and risk management function are currently well integrated.

Speaking from an Ecclesiastical perspective, Wainwright acknowledged that risk managers do play an important part, especially in long term strategic direction. “That’s why a number of risk managers hold board positions in an organisation. That indicates that businesses do value them.”

With only 41% of respondents believing that risk management adds substantially more value to the business than it did three years ago, it does raise the question of risk management and its future role.

The effectiveness of risk management will not fade away though. One of the challenges for risk management is to constantly question how it can push a business to see opportunities for growth and sustainability, says Cantor-Grable.

In fact, figures show that there has been an increase of more than 25% in the levels of investment in risk management-related resources (such as people, technology and data) made by companies over the past three years.

Gamble says risk managers have become savvier in the control of their information and in the presentation of risks to their boards and the market. “Many now have additional financial qualifications and there is a growing band with MBAs.

“They are being asked to contribute to the strategy of their organisations and are adding value to the company by not only reducing costs but also enabling their colleagues to move into new areas,” he says.

While regulatory pressures have been driving change in most organisations’ risk management practises over the past three years (voted by 67% of respondents) this is expected to decrease over the next three years, with more importance being given to increasing the value of risk management to the business, cost reduction and efficiency and securing competitive advantage over competitors.

Although insurers are generally acknowledged to be behind the banking industry in managing risks, a number of leading companies have done much to demonstrate the link between proactive risk management and accurate pricing, states the report.

As a result, there is now a gap between insurers that have a clear idea of the price of certain risks and those that lose money because they are too quick to underwrite in the hope of making a profit from investing premiums received.

Mark Train, partner at PWC’s actuarial and insurance group, says: “Smaller regional brokers may be behind the multinationals in terms of risk management functions, which are possibly less embedded in their organisations, but they may be more intuitive in their understanding of risks. All regulated companies are being driven to stronger risk management practises.”

What has been seen as a lack of commitment from senior managers regarding a more central approach to risk management is beginning to change now that rating agencies have begun to score insurers on their approach to risk management.

Wainwright says ratings by an agency like Standard and Poor’s are almost imperative these days. “Before rating agencies, the client or insurer would go on the reputation of the marketplace, or person, or on past business transactions. They wouldn’t know about financial security.

“These days the broking community may not do business with a BBB-rated insurer because it is an indication that that insurer may not be financially secure,” says Wainwright.

In a survey of North American insurers last year, Standards & Poor’s found that only 23% of firms had strong or excellent risk management. It would be interesting to know what the picture of the UK insurance market would look like.