RISK MANAGEMENT FORUM 2007 GENEVA, 30 SEPT 3 OCT 2007 The development of a Risk Management strategy: The development of a Risk Management strategy: what is E and has the insurer a role in it? what is E and has the insurer a role in it? Workshop 4 October 1st, 2007 Maurizio Castelli Sales Director - Continental Europe and Asia XL
Agenda What is E? Matrix of Risk Management Activities E versus Traditional Risk Management Practical steps for the Development of a Risk Management strategy The role of the insurer and the virtuous circle of Risk Management
Added value of Risk Management and ownership of risk: The Risk Management disciplines matrix Activities Strategic Actions Mitigation/ Prevention Engineering ART Mapping Type ( activities ) of involvement Analysis Areas ( risks ) of involvement Transfer Insurable "Semi-Ins." Crisis/ Major M&A Financial Operational Strategic Risks Risks Business Projects Risks Risks Risks Continuity Risks When discussing the role of the risk manager there is a risk of focusing just on his areas of involvement (which risks does he manage? Is it just insurable risks, or a broader range of risks?), or to focus just on his level of involvement (which activities he performs to manage his risks? Is he just involved with insurance, or also with mapping, prevention etc...?). In reality, for a correct job description of each risk manager, both dimensions have to be considered, thus looking in reality at a matrix of risk management disciplines.
Matrix of the Risk Management disciplines The traditional (advanced) Risk Management profile Strategic Actions Mitigation/ Prevention "Advanced" Risk Management Engineering Traditional Risk Management ART Mapping Analysis Management Transfer Buying Insurable "Semi-Ins." Crisis/ Major M&A Financial Operational Strategic Risks Risks Business Projects Risks Risks Risks Continuity Several traditional risk managers starting in the 90 s, have been involved in additional areas, such as Crisis Management and Business Continuity Management, Risk Management of Major Projects, M&A activities. Additionally, many Risk Managers have been brought higher in the company hierarchy, and have been involved on decision making processes relevant to strategic actions (such as the decision to continue or not a given project).
Matrix of the Risk Management disciplines The ( pure ) Enterprise Risk Manager profile Strategic Actions Mitigation/ Prevention "Advanced" Risk Management Engineering Traditional Risk Management ART Mapping Analysis "Pure" Enterprise Risk Management Transfer Buying Insurable "Semi-Ins." Crisis/ Major M&A Financial Operational Strategic Risks Risks Business Projects Risks Risks Risks Continuity Mainly because of emerging new rules, regulations and laws, many major corporation felt they had (or were forced) to look at a broader spectrum of risks with an integrated and holistic approach, and the role of the Enterprise Risk Manager emerged. In its more strict definition, the E is not involved with managing the risks, but only facilitating a process of Analysis and Mapping, with the subsequent process of management left to the owners of individual risks. Therefore the pure E is involved with a broader range of risks, but with a smaller range of activities.
Matrix of the Risk Management disciplines OVERALL SCENARIO Strategic Actions Mitigation/ Prevention "Advanced" Risk Manager Engineering ART Traditional Risk Manager HSE Manager Security Manager Mapping Analysis Manager Treasurer Enterprise Risk Manager Transfer Buyer Insurable "Semi-Ins." Crisis/ Major M&A HSE Security Financial Operational Strategic Risks Risks Business Projects Risks Risks Risks Continuity
Matrix of the Risk Management disciplines NOW TO THE DISPUTE Strategic Actions Mitigation/ Prevention "Advanced" Risk Manager Engineering ART Mapping Analysis Enterprise Risk Manager Transfer Insurable "Semi-Ins." Crisis/ Major M&A Financial Operational Strategic Risks Risks Business Projects Risks Risks Risks Continuity Is it better to be a T or an E? Better Pink or Green? What about the patchwork guy? The green guy has more boardroom visibility, but the pink guy has a broader range of activities, and he is the guy of the day in certain specific situations. The green guy proudly declares I m not involved with insurance. What is he proud about? Loosing some know-how which is the hystorical legacy of traditional risk management?
Matrix of the Risk Management disciplines: the challenge Strategic Actions Mitigation/ Prevention "Advanced" Risk Manager Engineering Traditional Risk Manager ART Mapping Analysis Manager Treasurer Enterprise Risk Manager Transfer Buyer Insurable "Semi-Ins." Crisis/ Major M&A Financial Operational Strategic Risks Risks Business Projects Risks Risks Risks Continuity The dispute about true risk management is meaningless There are different disciplines that require wide competences, almost never available in one single function or department. Integrating and coordinating such different functions is the challenge that has to be won in order to achieve a real optimization of the added value produced by the risk management process.
Agenda What is E? Matrix of Risk Management Activities E versus Traditional Risk Management Practical steps for the Development of a Risk Management strategy The role of the insurer and the virtuous circle of Risk Management
Development of a Risk Management strategy Two scenarios: Bottom up Top Down Because of laws, rules, regulations, and/or concern on occurred or potential losses, the company commits to E and forces it upon the organization As a natural development of T and/or because of concern on existing level of management of risks the business and/or the existing dept. convinces the company to commit to E
Development of a Risk Management strategy Top Down Often E function entrusted to Internal Audit, Compliance, Legal departments Often completely disconnected from Often academic approach, done just to thick a box and not to really solve a problem or create new value Practical steps for the : Contact the department entrusted and offer your cooperation Explain them that (what you do) is not just insurance (this is not obvious at all to non people). This to include case-studies and success stories. However also do emphasize what (and other T tools such as ART, Risk Engineering, etc) can do for them. Offer and propose, to them and to top management a team (e.g. Risk Committee) approach, and emphasize that true E cannot be performed by one single function and does naturally involve such a team approach Do emphasize the proposition of creating value, vs thicking boxes attitude, and that you can truly help to manage some of those risks, and to take ownership. Offer additional resources that can be used for optimizing the implementation of such a complex process (internal and external)
Development of a Risk Management strategy Bottom up Often E function entrusted to existing Traditional Risk Manager Often too much bound to the traditional role and therefore not really taking off as a true E approach Practical steps for the : Assess which other depts. should be involved and ask for their cooperation Offer and propose, to them and to top management a team (e.g. Risk Committee) approach, and emphasize that true E cannot be performed by one single function and does naturally involve such a team approach Explain them that T (what you used to do) is not just insurance, otherwise they ll continue to refer to you as the insurance guy. This to include case-studies and success stories. However also do emphasize what (and other T tools such as ART, Risk Engineering, etc) has done and can still do for them, and don t be ashamed of your insurance back-ground Be aware that, although you will continue to be involved with some of the activities you were managing before, the change in culture and methodological approach is very significant.
Development of a Risk Management strategy Bottom up Top Down In both cases: don t build (or maintain) chinese walls
Agenda What is E? Matrix of Risk Management Activities E versus Traditional Risk Management Practical steps for the Development of a Risk Management strategy The role of the insurer and the virtuous circle of Risk Management
Matrix of the Risk Management disciplines: The role of the insurer Strategic Actions Mitigation/ Prevention Engineering Risk Engineering Services ART Mapping ART provider (e.g. XL F.S.) Future Role e.g. MR E Initiative Analysis Professional Underwriting Professional Underwriting ART Provider Transfer Selling Selling Insurable "Semi-Ins." Crisis/ Major M&A HSE Security Financial Operational Strategic Risks Risks Business Projects Risks Risks Risks Continuity
Matrix of the Risk Management disciplines: The role of the insurer: challenges Strategic Actions Mitigation/ Prevention Engineering Risk Engineering Services ART ART provider (e.g. XL F.S.) Future Role? Mapping Analysis Professional Underwriting Professional Underwriting ART Provider Transfer Selling Selling Insurable "Semi-Ins." Crisis/ Major M&A HSE Security Financial Operational Strategic Risks Risks Business Projects Risks Risks Risks Continuity Probable interaction with multiple internal functions involved in the Risk Management process, and relevant coordination challenges and possible internal disputes in respect of ownership of risk Need to understand new approaches and new models of Risk Management (e.g. E vs. Traditional ), with different values and priorities and different understandings in respect of added values Competition vs. cooperation with other providers of Risk Management services, such as brokers and consultants. Cooperation (vs. we know it better attitude) with client s internal resources more and more professional and more and more relevant in the company s hierarchy and structure
The Risk Management process and the contribution of insurers Company s s Strategic Objectives Risk Mapping Risk Reporting Risk Treatment Loss prevention/control Risk financing Risk transfer Modification Risk Assesment Risk Analysis Risk Identification Risk Description Risk Estimation Risk Evaluation Risk Reporting Threats and Opportunities Decision Risk Treatment Formal Audit Monitoring Residual Risk Reporting Monitoring
Risk Control: Cooperation among insurer and insured The common goal of insurers, insured, shareholders and stakeholders is the avoidance of claims Many claims can be avoided or their consequences mitigated by reinforcing the cooperation and partnership among insurers and insured in the field of industrial loss prevention Why is this cooperation so important? Long term commitment Trust Transparency Service excellence Each party understands his role
Risk transfer Traditional Toolbox International Programs Coordinated Integrated and fully compliant (XL WorldPass) FOS policy (XL EuroPass) Alternative Risk Transfer: Captives Alternative Risk Financing programs SERVICES: Risk Engineering International Network Administrative Services CLAIMS HANDLING
Conclusion: the Virtuous Circle of Risk Management Best practices allow insurers to offer best possible product Best product allows to maximize protection at lowest cost of risk Risk Assessment Loss Prevention Risk Engineering Risk Transfer ART Claims management Optimization factors Understanding risks Reducing risks Controlling risks Optimizing cost of risks Financing risks Managing adverse consequences How is this possible? It s just good Risk Management! COST OF RISK
FUNDAMENTAL STRENGTH CAPITAL AND PEOPLE