A company needs a risk manager. That was the clear conclusion of the plenary session of day 2 of the FERMA European Risk Management Seminar 2020, which considered the growing risks that companies are facing.
Amid the ongoing pandemic, there is increased uncertainty, and insurance market conditions are tougher…
Companies prioritise their risks in different ways, and they may or may not combine the risk and insurance function, but there was agreement on the fundamental principle that risk management is critical to defining exposures.
The panel members were Tobias Bunz, Group Insurance Expert and Legal Counsel E.ON. and a member of the FERMA digital advocacy committee; François Malan, Chief Risk and Compliance Officer, Eiffage; and Olivier Moumal, Director Internal Audit Risk & Compliance Proximus, and Rebecca Tielemans, newly appointed CEO, Marsh Belux.
Their wide-ranging discussion, stimulated by plenty of questions from the delegates, covered the relationship between risk and insurance functions, the use of scenarios, stress testing, and the current state of the insurance market and insurer quality in global programmes. Panel members also talked about complexity of estimating liability exposures which are unlimited when liability insurance is definitely finite and the need, illustrated by COVID-19, to include cash flow in impact metrics.
A fundamental starting point, however, is that the risk manager must know the company very well: its activities, its organisation and its culture. Only about 20% of the risks on the risk register are insurable, so the risk manager has to focus on those which are the most important to the success of the organisation. Ultimately, the key is to focus on avoiding damage and mitigating the consequences of an adverse event.
Risk needs to be assessed from a global perspective. Some risks will be external and common to other organisations, such as political unrest, and others will be internal and specific to the organisation – operations, governance and HR, for example. The risk analysis also needs to be by sector and territory.
There are many sources of information, interviews with top management, workshops, peer-to-peer discussions and even competitors’ public documents. Loss databases are useful but have limitations because they capture only what has happened, not what could happen. The growth in inter-dependencies adds another dimension so risk managers should bring together different departments in their brainstorming.
But there was a warning: “A risk register is not a bullet-proof result.”
Scenario exercises are popular ways of teasing out implications of things that can go wrong and which consequences might be insured. There was, however, bound to be a degree of subjectivity in assessing implications – trying to work out the loss experience if a service interruption affected a customer’s business continuity “could be a nightmare.”
Having a thorough risk analysis is likely to help in negotiations with insurers, especially if they are overly dependent on technical pricing models. Transparency on insurance cover is essential. The pandemic has highlighted the importance of avoiding “grey zones” in insurance coverage. The company needs to know what is covered and what is not.