Utah RIMS Spring Workshop. Chris Mandel SVP, Strategic Solutions, Sedgwick Director, Sedgwick Institute

Transcription

1 Utah RIMS Spring Workshop Chris Mandel SVP, Strategic Solutions, Sedgwick Director, Sedgwick Institute

2 Why Me? The USAA dilema Fixing what s broken Creating an advanced strategy A less than qualified candidate Aspirations trumped the deficit Traditional points on the board Designing and deploying ERM at a DFI Results that made a difference

3 Judging Criteria Criterion 1: Established and implements an effective risk management program within the organization. Criterion 2: Tackled and solved one or more major problems for his or her organization. Criterion 3: Innovatively applies the diverse tools of risk management and insurance. Criterion 4: Creatively and effectively uses risk financing/insurance to structure a risk financing and risk transfer program that serves the needs of the organization. Criterion 5: Established a workable intelligence system inside and outside the organization that culminates in a flow of information about events and activities that affect the organization s risk management and exposures. This can include an enterprise risk management process, as well as how the risk manager secures information on risks from other departments and use or risk management information systems.

4 Judging Criteria Criterion 6: Skillfully performs the functions of management in the overall organization and within the risk management/insurance department. The functions include planning, organizing, directing and controlling. Criterion 7: Achieves the most effective program at the optimum cost over the long term. Criterion 8: Developed technical expertise in any or all of the broad categories included within risk management, leading to a better managerial grasp of the operations aspects of the job. Criterion 9: Exhibits an attitude and performs activities fostering the advancement of the risk management profession, such as professional activities, speaking engagements, teaching and related activities. Criterion 10: Is developing his or her career, as exhibited by job history, including current job description, education, honors and memberships.

5 BUSINESS FINANCIAL OPERATIONAL USAA Enterprise Risk Management Center of Excellence Chris Mandel, CCSA, CPCU, ARM, AVP, Enterprise Risk Management January 2004

6 Risk Management Corporate Core Competency Accurate and timely identification, assessment, and management of material or significant risks that could adversely affect the association, its members, or its employees; especially those risks that could jeopardize the continuation of USAA as a world-class company. Process for Managing: Enterprise Risk Management Model Process Owner: AVP, Enterprise Risk Management Core Competency Assigned To: All CoSAs 6

7 Core ERM CoE Objectives Changing DFI culture to be more risk assumptive through better risk adjusted decision making Executing the core competency Structured, disciplined and consistent management of all aspects of risk Proactive engagement on risks through awareness More effective post-loss response through risk event readiness Consistent and actionable risk metrics Value added management and governance reporting Analytical and data supported risk assessment Communication clarity through common risk vocabulary 7

8 ERM Strategy Initial High Level Timeline Starting Point = Silo Risk Mgmt Embed risk management discipline in operations Focus on most significant risks Monitor & continuously improve ERM Process Enhance employee risk decision making skills Objective = Institutionalized Risk Process 8

9 Short Term: Value Proposition Drives structured, disciplined and consistent approach to risk management: Provides methodology for measuring business risks Increases awareness of risks and potential risks Long Term: Ability to aggregate risks and benefit from enterprise effects Better capital allocation and competitive position More effective strategic and operational planning Ensures execution of the Core Competency 6/2/2017 9

10 Functional Alignment EBO ERM Enterprise Planning Compliance Legal ERM Process Safety Physical Security Internal Audit Business Continuity Planning IT Security 6/2/

11 ERM Model Process Risk / Owner ID Key Assumptions Assessment (Initial Valuation) Probability/ Severity Controls & Mitigation Strategies Control Efficiency & Effectiveness Cost of Controls Refined Valuation Management & Governance Reporting 6/2/

12 Targeted ERM Process Outcomes Institutionalization of the core competency Improved competitive position Improved strategic planning process Comprehensive association PML Optimal capital allocation Continued rating agency confidence Effective critical event response Acceptable approach measuring intangible or softer risks Better decision making relative to risks assumed Satisfied governance relative to need for risk information Minimization of surprises 6/2/

13 Keys to Success Full support of senior management Appointment of Risk Leaders in the BMU s Alignment of risk mgt strategy to strategic and operational challenges & priorities Focus on only most critical ( key ) risk issues Creation & perpetuation of proactive risk culture Successful alignment across functional areas Recognition as a customized evolutionary process 6/2/

14 Achieved Benefits of ERM Partial Listing $130M reduction in required risk based reserves Elimination of siloed risk mgmt integrated and embedded in the business Elimination of redundancies in risk mgmt efforts Single integrated risk and control technology platform Better, more informed risk based decision making, especially in planning, capital mgmt and governance 14

15 Concerns & Opportunities Balancing customer expectations with limited dedicated resources to fulfill goals and objectives Potential disconnect between accountability and authority for the performance of RMOs Inability to guarantee that all significant risks have been identified Difficulty in quantifying business risks Availability of good benchmarking data for ERM 6/2/

16 6/2/

17 Summary of Risk by Probability (Combined Probability & Severity Emphasis)* Severity Range Low = L Medium = M High = H Extreme = E Catastrophic = C All Risks View L- 8% M- 1% L- 24% M- 8% H- 1% L- 33% M- 8% H- 9% E- 5% C- 3% Probability Range Low Medium High Financial Residual Risks L- 10% L- 20% M- 20% H- 10% E- 10% L- 8% M- 3% Business Residual Risks L- 23% M- 9% H- 6% E- 6% Operational Residual Risks L- 49% M- 3% H- 11% E- 2% C- 9% L- 6% L- 20% L- 26% M- 10% M- 16% L- 20% -Percentages are the product of *Risks where CoSAs are still measuring the severity and 6/2/2017 probability of their controls are not included H- 3% probability & severity on main slide 18

18 Likelihood Matrix Rating Label Probability Operational Strategic 5 Highly Probable % Very likely to occur within the next week, is affecting USAA now or has just occurred Very likely to occur over a six-year period 4 Probable 21 50% 3 Improbable 6 20% Likely to occur within the next week or has already affected peer organizations May occur within the next month Likely to occur over a six-year period May occur over a sixyear period 2 Highly Improbable 2 5% Unlikely to occur, but may within the next year Unlikely to occur over a six-year period 1 Rare 0 1% Very unlikely to occur, but may within the next two years Very unlikely to occur over a six-year period 6/2/

19 Low Medium High Extreme Catastrophic Rating Label Reputation/Brand Enterprise Consequence Matrix Member Service/ Impact Employee Processes / Technology/ Systems Financial Extraordinary event or action that would cause a significant number of USAA members to lose trust in the company or believe the company risks insolvency. Media: Heavy extended national coverage and maybe international coverage. Large natural catastrophe that the number of claims would cause USAA to use all of its reserves and other assets, a terrorist attack on one of our campuses An action or event that affects member trust or company solvency in an adverse manner more so than other financial services companies. Media: 2-3 days of heavy national coverage, with recurring coverage as events warrant. Heavy extended local coverage. Corporate mismanagement, or ethical scandal; consumer reaction to USAA activity causing large number of members to end relationship with USAA (cancel policies, withdraw investments, change banks, etc.) An action or event that by the very fact it is publicized, could cause great embarrassment to USAA or negatively impact member trust. Media: Short term national coverage, reoccurring regional and local coverage. External class action lawsuit, individual employee alleging mistreatment or misconduct, business practice that only USAA follows that is perceived to be unfair A standard financial services industry practice that USAA also follows, but is receiving negative media attention. An action or event that brings to light a mistake (or perceived mistake) by the company. Media: Heavy local coverage. Maybe some regional, maybe some national. Billing error causing numerous member complaints, improperly handled emergency situation, EEOC complaints, policy perceived as unfair to consumers Negative editorial or article about USAA in a local market where there are large number of members and/or employees. Media: Heavy, but short-lived local media coverage. Job cuts, poor handling of an individual claim An event that causes us to lose or fail to acquire >660K households or >4M products An event that causes us to lose or fail to acquire 100K-600K households or 700K-4M products An event that causes us to lose or fail to acquire 10K-100K households or 100K-700K products An event that causes us to lose or fail to acquire 1K-10K households or 7K-100K products An event that causes us to lose or fail to acquire <1K households or <7K products Any mass employee life threatening situation. Regional, CoSA, off-site, Executive Council or Board of Directors casualty Employee health or safety issue involving non-fatal injuries to large number of population. Building, environmental, chemical or health incident Employee welfare issues involving small-medium number of employee population. Workers Compensation claims, job adjustment requests, repetitive motion injuries, flu/viral pandemic Adverse impact on morale of large group of employees. Company reorg, employee class action litigation, widespread union threat, excessive attrition, industry competition, inconsistent policy/procedure administration with employees, supplemental benefit issues, non-compliance with state or federal regulations Adverse impact on morale of small-medium group of employees. Isolated union threat, volatile employee situations, poor employee training/development, improper performance incentives/metrics, inadequate employee selection/retention 72 hrs unplanned downtime of any critical application or process with 24 hr or less RTO or >8 critical application or processes impacted for more than 12 hrs hrs unplanned downtime of any critical application or process with 12 hr or less RTO or 7-8 critical applications or processes impacted for more than 12 hrs hrs unplanned downtime of any critical application or process with 2 hr or less RTO or 5-6 critical applications or processes impacted for more than 12 hrs hrs unplanned downtime of any critical application or process with 2 hr or less RTO or 3-4 critical applications or processes impacted for more than 1 hr 1-12 hrs unplanned downtime of any critical application or process with 2 hr or less RTO or 1-2 critical applications or processes impacted Threatens company as a going concern Threatens financial strength ratings Threatens achievement of financial performance measures over the strategic planning horizon Threatens achievement of financial performance measures over the operational planning period Low to no impact on financial performance measures over the operational or strategic planning periods 6/2/

20 Catastrophic High Low Risk Level Escalation Matrix Risk Level Definition Risks that are likely to: materially affect the achievement of strategic objectives, impair financial strength ratings, or threaten the company as a going concern as a result of damaging reputational impact, excessive member/product loss, employee life threatening situation, extended unavailability of critical applications and/or processes, natural disasters, or other financial or nonfinancial impacts of the most significant type; Any risk with Catastrophic consequences, regardless of likelihood, has an overall Catastrophic Risk Level/Score Risks of all consequence levels depending on likelihood of occurrence: o Risks with low to medium consequence but high degree of likelihood o Risks with moderate likelihood and consequence o Risks with low likelihood but high to extreme consequences Risks that are unlikely to: impact strategic and/or operational objectives, cause reputational damage, adversely impact members/products and/or employee morale, or have even a minimal impact on critical applications or processes Risk Score Escalation/Response CoSA head and ERM department are immediately notified of risk. ERMC to review risk and mitigation strategies before escalating to Executive Council. CEO and Executive Council are made aware of the risk and mitigation strategies. Risk is included on CoSA universe of risk list. RMO and risk owner to ensure plan is in place to mitigate risk to lower level unless acceptable by management. CoSA head and ERM department are immediately notified of risk. ERMC to review risk and mitigation strategies to determine if further escalation and notification to Executive Council is necessary. Risk is reported to ERMC and is included on CoSA universe of risk list. RMO and risk owner to ensure plan is in place to mitigate risk to lower level unless acceptable by management. Risk is added to CoSA universe of risk list and reported to ERM department and/or ERMC as necessary and determined by CoSA RMO relative to other CoSA risks. Risk is managed at Company or Staff Agency (CoSA) Level. RMO and risk owner to ensure plan is in place to mitigate risk to lower level unless acceptable by management. 6/2/

21 ERM Evaluation Components Excellent Strong Adequate Weak Well established capabilities to identify, measure & manage all risk exposures & losses within tolerances. Consistently optimize risk adjusted returns. Risk and risk mgmt always important considerations. Capabilities to identify, measure and manage all risk exposures & losses within tolerances. Not fully developed process to optimize risk adjusted returns. Risk and risk mgmt usually important considerations. Capabilities to identify, measure and manage all risk exposures & losses within tolerances. Not fully developed process to optimize risk adjusted returns. Risk and risk mgmt usually important considerations. Unexpected losses more likely. Limited capabilities to identify, measure and manage all risk exposures & losses within tolerances. Losses not expected to be limited. Risk Mgmt Program non-existent or totally compliance.

22 S&P ERM Rating of Excellent USAA ERM Recognized as an Industry Leader 2006 All ERM Scores Global 241 Insurers Weak 5% Excellent 3% Strong 10% Adequate 82% Key Observations: Excellent ERM framework, fully embedded in processes/culture. Maintains excellent risk mgmt culture, risk & operational controls. Greatly reduced credit & investment risk. Strong risk management practices, tools. Various committees integrated into USAA to monitor exposures. No noted concerns or deficiencies.

23 24

24 25

25 26

26 27 6/2/2017

27 Sedgwick 2013 Confidential Do not disclose or distribute.

28 Thank you. Questions?

29 THE TEN BUILDILNG BLOCKS OF RISK LEADER SUCCESS Chris Mandel, RF, RIMS-CRMP, CPCU, ARM-E SVP Strategic Solutions, Sedgwick Director, Sedgwick Institute Utah RIMS June 1, 2017

30

31 Career Snapshot BS Business Management MBA Finance Insurance Co. Claims 4 years Broker/Consultant 2 years Risk Sub-functions 5 years #1 Risk Leader 21 years ERM Consultant 3 years Strategic Role current Industry Contributor 25+ years AIC CPCU ARM CCSA RIMS Fellow ARM-E 2015 RIMS-CRMP

32 The First 5 Building Blocks Educational Strategy The Right Experience Industry Involvement Breaking In Risk Leader Success Credibility& Influencing 33

33 The Next 5 Building Blocks The Two Sides of Risk Vision & Strategy Collaboration & Stakeholders Bench Development Risk Leader Success Giving Back 34

34 What do risk professionals want to be known for? Growth comes from innovation which can t be achieved without taking risk anonymous V I S I O N A R Y B U S I N E S S P E R S O N T E A M P L A Y E R E X C E P T I O N A L E X P E R T M I S S I O N

35 Things to avoid along the path Appearances of being too close to your vendors Disregard for the pecking order or rank Knowing when your soapbox has been kicked out from under you Hiring poorly (having high attrition or incompetent staff) Failing to develop a sufficient bench Failing to validate results with objective benchmarking Failing to take appropriate initiative for risk related issues Excessive self promotion Failing to align objectives and priorities with those of the enterprise Failing to build a resilient enterprise Allowing risk to negatively affect results

36 What really matters to sr management? Influence and gumption Consistency Process rigor Data interpretability Communication clarity Reliable measure-ability Downside protection Job 1 Value creation Job 2 Embedded risk culture Managing to appetite and capacity Aligning, if not integrating with strategy and objectives Managing risk for performance

37 Key drivers of long term success Delivering results Influencing and perceptions of expertise & strategic skills Technical competence Competencies for all leaders Stakeholder management Developing & motivating teams Communication effectiveness

38 Contact information Chris Mandel, RF, RIMS-CRMP SVP Strategic Solutions, Sedgwick & Director, the Sedgwick Institute The Ten Building Blocks of Risk Leader Success Available for free at Visit the agenda of the Sedgwick Institute at: Sedgwick Institute group Other References of Interest: Latest thinking in the industry at: WC Option Legislation:

39 Influencing Change in the Industry Join the Conversation

40 Christopher E. Mandel, RF, RIMS-CRMP, CPCU, ARM-E SVP, Strategic Solutions, Sedgwick, Inc. & the Director of the Sedgwick Institute Christopher E. Mandel is the SVP for Strategic Solutions at Sedgwick and the Director of the Sedgwick Institute. In both roles he is engaged in helping Sedgwick chart its future through the long term planning for products, services and strategic solutions for this claims and productivity management firm. He is also co-founder and EVP, Professional Services for rpm3 Solutions, LLC as well as founder and president of Excellence in Risk Management, LLC. both independent consulting firms specializing in governance, risk and compliance, with a special emphasis on enterprise risk management. rpm3 Solutions holds a patent for a unique risk measurement process known as ARQ. Prior to electing early retirement and for ten years from , Mr. Mandel was head of enterprise risk management for USAA Group, a $165 billion diversified financial services organization. At USAA, he designed, developed and led the enterprise-wide risk management and corporate insurance centers of excellence. He also served as President and Vice Chairman, Enterprise Indemnity CIC, Inc., an Arizona based alternative risk financing facility. Mr. Mandel has more than 25 years of experience in risk management and insurance in large, global corporates. He has pioneered the development of cross-enterprise risk management capabilities resulting in S&P rating USAA as excellent and a leader in ERM from 2006 through In 2007, Treasury and Risk Magazine bestowed the Alexander Hamilton Award for Excellence in ERM on USAA. Mr. Mandel has been a long term senior leader in the Risk and Insurance Management Society including being elected President and Chief Risk Officer and was named Risk Manager of the Year in He also received RIMS Goodell Award (2016) for lifetime achievement. Mr. Mandel s deep, wide and diverse experience in all facets of risk management and insurance allows him to offer those interested in managing risk with excellence to engage him to provide everything from a comprehensive strategy and complete ERM framework to targeted guidance, tools, techniques and/or training. Mr. Mandel s innovative approach to making risk a key strategically placed and results oriented function results from solidly connecting risk management outputs to a company s key performance metrics and ultimately, mission accomplishment. Mr. Mandel received his B.S. in Business Management from Virginia Polytechnic Institute and State University and an MBA in finance from George Mason University. He holds the CCSA, CPCU, ARM and AIC designations and is a frequent industry speaker, teacher and writer. He writes the Risk Innovation column for Risk and Insurance magazine and in 2008 was elected a member of Risk Who s Who (RWW). He also wrote the Ask a Risk Manager column for Business Insurance from 1996 through CONTACT: Chris.Mandel@sedgwick.com o m 41

41 Breaking in 1 Coming from the insurance industry 2 Skill requirements and transfer 3 Industry experience and backgrounds 4 Success/failure more than where you start

42 Educational strategy 1 Getting to # 1 2 No one right educational strategy 3 Criticality of leadership skills 4 Reporting structure challenges/opportunities 5 Continuing education

43 The right experience 1 Industry nuances 2 Increasing skill expectations 3 Experience in specific exposures 4 Getting dirty in the trenches

44 Industry involvement 1 Building higher order skillsets 2 Broadening knowledge 3 The HIPO dilemma 4 Trade and professional organizations 5 Developing governance skills

45 Credibility and influencing 1 The critical skill path to success: overcoming no 2 TCOR or strategic impact Credibility and contributing Timing and politics Communicating and risk-speak 6 Don t I already manage risk well?

46 Bench development 1 The small team dilemma People and aspirations Recruitment and retention strategy Skill development for the enterprise Vendors as partners 6 Interns can do more than make copies

47 The two sides of risk 1 Value preservation >>>> creation 2 Connecting risk and strategy 3 A seat at the table (S) 4 Educating management 5 Risk owner focus

48 Vision and strategy 1 Risk and innovation 2 Innovation in risk process 3 Continuous improvement 4 Strategies/frameworks/models 5 Long term view

49 Giving back 1 Next generation focus 2 Community matters Enhancing the profession Sharing knowledge Broadening your network 6 Building political/social/cultural understanding 7 Personal satisfaction

50 Collaboration and stakeholders 1 Becoming essential 2 Criticality of relationships 3 From traditional to progressive 4 Tying to strategic priorities 5 BU priorities vs. your priorities

51 2016 Sedgwick Claims Management Services, Inc. - Do not disclose or distribute.