INSIDE: Exclusive interview with Ian Livsey, the new CEO of the Institute of Risk Management | Pages 6-7 YOUR AWARDWINNING SUPPLEMENT
RISK MANAGEMENT
March 2015 | business-reporter.co.uk
The risk enforcers MAIN PORTRAIT: DAVID PARRY
Joanne Freason talks to three experts about how they transfer their specialist skills into the corporate world
THE HOSTAGE NEGOTIATOR THE POKER PLAYER
DISTRIBUTED WITHIN THE SUNDAY TELEGRAPH, PRODUCED AND PUBLISHED BY LYONSDOWN WHICH TAKES SOLE RESPONSIBILITY FOR THE CONTENTS
THE FIGHTER PILOT
Business Reporter · March 2015
2
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Risk management
Opening shots René Carayol
A
LTHOUGH there are many people, both contemporary and from history, who are no doubt well placed to write a book about “Winners”, Alastair Campbell, Tony Blair’s former spin doctor, is unlikely to be one of the first names that comes to mind. However, that is exactly what he has done and, it needs to be said, it is an absolutely cracking read. Having worked with Alastair a few times in the past, mainly conducting the most tenacious of interviews with the most tenacious of men, I know him to be strongwilled and unbelievably assertive. His manner has given him the most polarising of profiles. Put simply, you either love him or hate him, there is no middle ground. As life would have it, I was to lock horns with Alastair again, on the back of the launch of his new book Winners – And How They Succeed at Hult International Business School. Initially, the management of the school was deeply sceptical and felt it was potentially high-risk to have Alastair address the students. It should be stated here that Hult claims to be the biggest business school in
THE ESSENTIALS
Publisher Bradley Scheffer | Editor Daniel Evans | Production Editor Dan Geary
Winning ways: Why listening to Alastair Campbell’s story was worth the risk the world, with five campuses in Shanghai, Boston, San Francisco, Dubai, and, of course, London. It has the most diverse of students coming from more than 90 countries, and rightly takes good care of them. In liaising with Alastair over the format and focus of the interview, I felt something about him had changed. He was still larger than life, with a strong view on just about everything, but there was some sort of inner calm that many who have met him would doubt that he could ever have. The management of Hult soon realised that having Alastair on the premises was probably a good thing, even if he was going to be outspoken and never on-message. The word spread to the students. Hult has had many business leaders and dignitaries on its premises but never has it had such
an overwhelming response from their students to attend. Within 20 minutes, the event was oversubscribed so the organisers decided to beam the interview live into as many lecture theatres as could be made available. Now to the interview itself. It’s always a burden to be the interviewer for a book launch, mainly because you can’t get away from having to read the book in advance. As I’ve already mentioned, the book was excellent with brilliant observations, key insights, and just plain old great storytelling – I was hooked. I had prepared for a tough old battle and a decent scrap with Alastair but nothing could have been further from the truth. He arrived early, along with his son, and his partner Fiona was to join us a little later. From the moment we started, he was generous, attentive and honest without ever being earnest. He took questions from the students on anything and everything. No one who was in the auditorium or any of the adjacent lecture rooms will ever forget the most compelling of storytellers with nuggets of learning in every anecdote. The easy decision would have been to have placed Alastair in the “too difficult” box, and found someone more malleable and consequently perhaps less interesting. It’s quite easy to learn from the errors of others, but so much more powerful to learn from your own errors; now that’s real risk management.
For mo re inform ation a bout attend ing Ris k to Rewar d 2015 p l e ase call +4 4 (0)2 0 8349 4363
Risk to Reward 2015
Wednesday, April 29 • The British Museum • London THE ALLEVIATION of risk is big business and business leaders increasingly need to incorporate risk management strategies into their everyday decision making. By mastering risk, CEOs can increase their market share and corporate value, and create wealth.This summit, being held at the iconic British Museum in central London, will look at the best ways to reduce risk in a range of areas, including credit, fraud, payment, liquidity, compliance, cyber and even the weather. www.risktoreward.co.uk
Themes
P Risk and innovation P Risk man agement strategy P Global operating exposure P Talent manageme nt P Corporat e risks P Risk gov ernance P Counter ing fraud P Cyber c rime
Business Reporter · March 2015
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Client manager Emma Sutherland e.sutherland@lyonsdown.co.uk | Project manager Emmanuel Arthur | Contact info@lyonsdown.co.uk
Risk management
3
Failing to factor in reputational risk could ruin your company By Joanne Frearson REPUTATIONAL RISK can be one of the most damaging consequences of a catastrophic failure for a company. The insurance industry is looking at ways to help protect firms from this damage and seeing if it is possible to launch new products in this area. John Hurrell, CEO of the association of risk management and insurance (Airmic), says: “We have about 1,200 individual members in the UK who are risk and insurance managers who sit in about 500 companies. We survey our members every year about what is keeping them awake at night. Reputational risk has come up in the top three in the last five years. “You can replace the assets. That is straightforward and in some cases insurance will pay for it. But will the public trust you afterwards? Is there a question mark over your brand? Is it safe? Are these the sort of people you want to do business with?” In conjunction with these findings, Airmic has undertaken additional research in risk management which has showed that after every catastrophic consequence – whether a bank, oil company, facility, airline or railway – the organisation suffered reputational damage. “It is the reputational damage that kills you,” he says. In Airmic’s Roads to Ruin 2011 research undertaken with Cass Business School, 23 high-profile crises over the last decade which left the firms’ reputations in tatters were examined. This involved many well-known organisations such as BP, Airbus, Northern RockandAIG.Onlyafewfirmsemergedwithout any obvious immediate damage. Six firms collapsed and while three of these were revived, this was achieved only through a state rescue and/or what amounted to nationalisation. Most suffered large, uninsurable losses and their reputationsweredamaged,sometimesseverely. The position of most chief executives and chairmen were put into question. Anotherpieceofresearch,RoadstoResilience 2014, which Airmic undertook with Cranfield School of Management, looked at companies with a good reputation for safety management and governance to help firms avoid corporate catastrophes. It demonstrated that these companies had drilled risk management practices down into their behaviour and culture and were able to identify risks better. They were also able to be more responsive to their customers and markets, their staff and suppliers were motivated and loyal, they gained trust by being more dependable and achieved better results for shareholders. Hurrell believes one thing that could help firms protect themselves is to put reputational risk as
The effects of catastrophes such as the Northern Rock collapse in 2007 could have been mitigated with closer reputational risk management, says Airmic’s John Hurrell (below)
one of the factors that could cause financial damage in their risk map spreadsheets. “We started working with a few organisations and asked, why don’t we put reputation in the first column of the spread sheet?” he says. This involved listing all the people that reputation damage would impact, such as stakeholders, with the number one being customers as regulators, employees, suppliers and press. “In the second column would be what could damage your reputation to that particular stakeholder,” Hurrell says. “What can damage your reputation with your regulator may be completely different to what would damage your reputation with your customers or employees? Looking through the reputation lens gives you a whole different set of perspectives on t he r isk s facing your organisations.” Some insurers have begun to think about insuring for reputationaldamage.Hurrellsays: “We are sitting down with the Reputation Institute at the moment to see if there is any way we can bemoreobjectiveabout
measuring the actual financial value of reputation and the consequences of a failure of risk management. If that is the case, we can then start to talk to the insurance industry about how they can underwrite the risk and at which point we help the people buying those policies to focus on different ways to manage the risks more effectively.” Hurrell thinks the insurance market could eventually develop products around events that involve loss of life, such as an air or train crash, or a product failure such as a car tyre bursting. Insurance could help compensate a company reputational damage, he explains, or enable the company to spend money to fast track the reinstatement of its reputation. Although Airmic is not in the business of giving advice, Hurrell generally believes that if a company suffers reputational damage it should get its house in order first. He says: “Most organisations are totally transparent but they do not realise it. The mentality that you are sitting in a highly protected environment with lots of layers of compliance and protection around you is an illusory one. If boards behaved as if they were in a greenhouse, they would be actually much more cognisance of the risks, particularly reputational risk, ahead of time.”
Business Reporter · March 2015
4
Risk management
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Find us online: business-reporter.co.uk | Join us on LinkedIn: Business Reporter UK
Should shoppers pay a price to avoid fraud?
| Follow us on Twitter: @biznessreporter
Criminals are going to keep trying different ways to get in and when they do, a one-size-fits-all approach from your business is not the best solution.” It is important that companies constantly monitor their systems for breaches, not only from the outside but also from the inside. Bhalla believes that the use of biometrics such as fingerprints or a device which needs a one-time password will become an important step in the authentication process when a customer is buying something. Firms like MasterCard have already been testing biometric payment technology and there is even greater emphasis now that emerging regulatory and government rules are leading towards a requirement for two-form authentication process. Bhalla says: “There has been a move away from the need for passwords and towards more dynamic security elements such as face- or voice-recognition. This will help consumers purchase more easily, and with stronger security. We know if people use good authentication
Providing an easy shopping experience does not mean online retailers need to compromise on security
A
s everyone knows, technology is changing the way we can spend our money, but moving to new methods of payment is not always an easy leap. Online shopping, tablets and mobile phones have all made shopping easier, and while we expect security, there are concerns that it can slow down the purchase and frustrate consumers. Equally, new payment technologies can also make us feel exposed and hesitant. Even though people may worry that a digital payment using new technology might not be secure, it’s worth noting that the same fears were expressed about cash machines and online banking some years ago. Yet most of us could not live without these innovations today. Ajay Bhalla, president of enterprise security solutions at MasterCard, is clear about the benefits of new technology but is aware of the dangers. “There has been a rapid change in the way people are paying for things,” he says. “The world of payments will see more change in the next five years than it has seen in the last 50. There is the move from card to mobile devices and shopping on the go, which provides new consumer opportunities, but it also provides criminals with new opportunities.” Fraud rates online are three times higher than in the real world, because identification is more of an issue. Chip & PIN cards have all but removed the issue of in-store fraud, but with e-commerce the fraudsters migrated to the web and can effectively roam anonymously. As the number of ways people can pay for things increases, so does the risk of fraud. “When the payment model shifts, the fraud shifts with it,” says Bhalla. “The challenge for banks is how to deal with fraud in the area of e-commerce and m-commerce. “Mobile is another step down the technology line. We are no longer shopping online from our homes, but with mobile and tablet devices in multiple locations and with multiple retailers. It creates ample opportunity for criminals who want to defraud the system. We need to
make sure the payment system remains safe, accessible and workable for everybody. It’s now the norm to type your card number into a payment machine or keep a card in your wallet, but we’re not far away from the norm being cards stored on our phones.” Banks need to make their security systems as easy as possible for consumers to use. “A challenge for the retailers and banks is keeping the shopping experience slick without compromising on security,” says Bhalla. “Consumers want speed and simplicity, not frustrating prompts for passwords. This is where we need to innovate to meet the demand for simpler and safer payments.” However, there is no easy solution when it comes to stopping fraud. “There is no silver bullet. We live in a complex world and there are many ways for criminals to try to break into things,” adds Bhalla. “We very much support a multi-layered approach based on the idea that if we don’t catch you here, we will catch you there. “One problem is that criminal activity is evolving in a very fluid fashion. You need to be agile to respond to it.
systems today, approval rates go back up to the same rate as if you were standing face-to-face with the merchant. “There are systems available and new tools coming out which means you don’t have to run more risk online, but you need to be able to adapt and use the new systems and opportunities that come along.” MasterCard has a global network which is able to see incidents or trends in criminal activity. “We bring in new tools and services and inform our partners about what is going on,” Bhalla says. “We try and make sure we understand how payments are being affected to make sure we continue to set new standards in cardholder safety. Making all these things secure is one thing, but making sure they work for the people who are trying to use them is vital as that is how you improve customer loyalty.” Research shows that 45 per cent of people are less likely to shop in places that have suffered a breach of data. After an incidence of fraud, it is also important that card providers can show support for their customers. Bhalla says: “It is not just about prevention, it is the protection afterwards. It is how we try to close things down so people are not defrauded.” Protecting consumers from fraud helps to retain customers but payment firms need to make sure they put in security systems which make the whole payment journey seamless. You may want to spend your money on high-risk pursuits such as skydiving or white-water rafting – but that doesn’t mean the way you decide to pay for those activites should be risky too. 020 7557 5000 www.mastercard.com
Business Reporter · March 2015
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Risk management
Like us: www.facebook.com/biznessreporter | Contact us at info@lyonsdown.co.uk
Joanne Frearson talks to Jonny Shimmin, one half of breakfast pioneers Spoon Cereals, about how industry peer groups can help take the sting out of working in what can be an exceptionally risky sector
Spoon Cereals co-founders Jonny Shimmin and Anna Morris
T
HE FOOD industry can be an especially risky one, because business owners a re at t he whim of customer tastes that can be in a more constant flux than other industries. Margins can be tight and firms need to be able to fund themselves to put a product on a shelf before they have even made a sale. Jonny Shimmin, who co-founded Spoon Cereals with Annie Morris after meeting at a family barbeque, tells Business Reporter about the risks of running a small business in the food industry and how industry groups such as Fresh Banter are helping firms face issues in the sector. The pair’s business rose to fame after their appearance on Dragons’ Den in May 2014, where they eventually won backing from Deborah Meaden and Peter Jones. Their business idea grew from Morris’s inability to get a decent breakfast on the way to work, while Shimmin had an interest in the area, having covered food manufacturing in equity research. Shimmin had been living in Amsterdam at the time but was looking to move back to London and, after a test launch of their product, decided to take the plunge to concentrate on Spoon Cereals full time. He says: “We went into the Den with a good idea of our brand and what we wanted from the business, because it had morphed from a pop-up concept. We knew the business would take off only if we could get into the wholesale market and have a broader distribution through national retail chains as well as the independents. “At the time we were working on launching our product. When we went in there we only had £5,000 in sales and we were asking for £50,000 for a share in our business. That was a risk definitely worth taking.”
Meaden introduced the pair to food industry peer group Fresh Banter. The group meets once a month – its next meeting is due to take place on the March 24 at the IFE Exhibition, London ExCeL – to talk about industry issues. Spoon Cereals was invited to speak to the group in February. “It is a very informal and open environment,”
Shimmin explains. “They sit around a table and talk about issues that their businesses face, and how they are dealing with that both from a business perspective and personally. “I found it pretty inspiring how open they were about the issues they faced. It was a great forum to be able to present to them because it felt so relaxed and
5
people were able to be so open. It means the praise and criticism flows in equal measure – you can really learn from that type of experience. “Issues that came out of it varied, from trying to get funding in the current environments and the best routes, to getting funding for expanding your business. There is a changing dynamic in the retail sector, particularly with the multiples.” The main challenge for Spoon Cereals has been funding. Shimmin says: “Volumes are so high that you need a lot of business. It is a huge risk because you have to buy all your packaging up front for your business. You have to have the manufacturing run done. All of those things mean your cash is consumed before one packet has even hit the shelf. “For us as a small business, it is a very large decision and a huge risk. We are very positive on our product and brand. We have spoken to about 15,000 people at events, festivals and markets – we have seen people react to the brand and we know they love the taste of our product. “But that doesn’t stop the slight nervousness in the pit of your stomach when you are going out to a much broader audience and the money is out the door – knowing that if people don’t take product off the shelf and it is not re-ordered, the money is out. That is the biggest challenge we face and the biggest risk is the cash flow risk of getting involved with the big guys.” From Spoon Cereals’ experience at Fresh Banter, Shimmin believes the food industr y is exceptionally collaborative and supportive because of these inherent risks they face. And things are looking up. Since winning backing on Dragon’s Den and getting in touch with Fresh Banter Spoon Cereals has gained a distribution deal with Harvey Nichols as well as local delis, and is planning a wider distribution deal this summer. The company is also looking at hiring its first employee. The food industry can be a tough market fraught with risk, but being able to discuss issues with industry peers seems to be helping businesses overcome the problems they face.
Business Reporter · March 2015
6
Risk management
Joanne Frearson
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Find us online: business-reporter.co.uk | Join us on LinkedIn: Business Reporter UK
| Follow us on Twitter: @biznessreporter
The big interview Ian Livsey, CEO, Institute of Risk Management
E
VERY business in all sections of the economy has risks. Companies need not only look within their own organisation when it comes to managing risk, but also to things that could influence it on the outside. In his first interview since joining the Institute of Risk Management (IRM) as its new chief executive, Ian Livsey tells me companies should be looking at the wider issues in the supply chain when it comes to managing risk. And one of the key risks he believes businesses face there is from human trafficking and modern-day slavery. Figures from the International Labour Organisation show almost 21 million people worldwide are been victims of forced labour, generating $150 billion in illegal profits per year, with almost 19 million of these being exploited by private individuals or enterprises and two million by state or rebel groups. In the UK, a survey last year by the Chartered Institute of Purchasing and Supply (CIPS) of British businesses revealed nearly 75 per cent of supply chain professionals admitted they had “zero visibility” of the first stages of their supply chain. Eleven per cent acknowledged it was “likely” that slave labour was used at some point in the process. Says Livsey: “Wider society does not quite understand human trafficking is a serious issue. You could be a hotel, restaurant, food manufacturer or a construction site – it is quite possible you’ll have a risk in your supply chain on trafficked labour. Businesses need to think forward about what these risks might be. “You do not want to be a retail company selling on the high street and have clothes made by people who have been trafficked or exploited. You do not want to be a major supermarket that has in its supply chain exploited labour.” For example, while a construction company will have risks associated with project management, it will also have them as well in regard to the supply chain. Livsey says: “Construction has risks in terms of subcontractors. Are they using the right skilled labour? Are they experienced and skilled and trained in the right way? Let’s hope they are not trafficked and exploited. “ You h ave to r e cog n i s e t he environmental factors. Take, for example, construction and food – you deal a lot in migrant labour. There are dangers there if people do not manage that risk properly.” Any disruption to a company’s supply chain can cause them considerable financial damage. A 2013 report by the World Economic For um showed significant supply chain disruption
In your supply chain it is important you are not getting trafficked people working in your fields, factories and farms cut the share price of affected companies by 7 per cent on average. Budget clothes retailer Primark paid the equivalent of $11million in compensation to workers and families involved in the Rana Plaza building in Savar, Bangladesh, in 2013. One of the company’s suppliers was working in this building when it collapsed – the building had been deemed unsafe after cracks appeared the day before the accident, but workers were forced to return or not get paid. Livsey believes it is important for companies not to delegate responsibility when it comes to managing risk in the supply chain, rather that the company should take it upon themselves to check things are above board. “In your supply chain it is important to know you are getting the right product, so you a re not get t i ng trafficked people working in your fields, factories and farms,” he says.
“You have to inspect and work with people who you trust. You have to build up relationships. You have to have confidence in people who are in your supply chains, and you have to be able to check and verify that what they are doing is right. “Maybe people do not think about price pressure as a source of risk, but it is. If you force low prices and unfair contract terms in the supply chain you create risk, as people respond to what you are doing.”
U
NFORTUNATELY, statistics show human trafficking and forced labour is increasing. In the UK, figures from the National Crime Agency showed last year there was a 47 per cent rise in this compared with the previous year. The IRM has been looking into ways to help mitigate risk in the supply chain. Its report late last year show companies need to do more than just tick compliance boxes to mitigate risk. According to the IRM, putting systems and processes in place obscures the real problem and companies should go about trying to understand human behaviour and build trust with others.
Irish clothing retailer Primark lost $11million in compensation to victims of its supplier’s involvement in the Rana Plaza disaster in 2013
The IRM has recently released a set of functional standards for the risk profession for consultation by its 5,000 members. In April, the IRM will issue another consultation on behavioural standards. Taken together, the studies will cover not only the technical stuff of managing risk, but also the importance of having a behavioural and ethical approach. The final framework will be made up of functional standards which define the knowledge and skills needed to do the job, and behavioural
Business Reporter · March 2015
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Risk management
Like us: www.facebook.com/biznessreporter | Contact us at info@lyonsdown.co.uk
A human trafficking art installation in Kiev, Ukraine, by the International Organisation for Migration. Ian Livsey (pictured bottom left) believes forced labour in the supply chain must be more closely dealt with, to prevent harm to both the companies involved and the victims themselves
Changing times: The challenges of managing risk at board level
I
VICTIMS OF FORCED LABOUR, 2014
19m
exploited by private individuals or enterprises
exploited by states or rebel groups
$150bn
in illegal revenue generated standards – or the personal qualities and behaviours needed to operate effectively. Livsey says: “It is a question of getting everyone to understand that they have a role to play in controlling risk. What businesses should do is get it right with the people. If you are going to control risk then you can do that with procedures. If you are going to eliminate risk as much as you can you can do that with the people. “We want to build up to a situation where we can certify risk management professionals. It is an outward recognition that this is a profession. It is raising the level. “My view is that we need certified risk professionals in all parts of the economy. When you look at the spectrum you are talking about construction, you are talking about rail, food, all of those sectors. You are talking global, because your supply chains are global. “O u r v iew i s t hat, soc iet a l ly a nd organisationally, you need this group of people who do get the technical stuff, who are qualified and meet the standards, but you also need individuals in the organisation to get it. I am not saying a person doing some admin work
2m Source: Chartered Institute of Purchasing and Supply
needs to have the same level of expertise in risk-management as, say, someone turning the gas on. But what we ask is for everyone, from the receptionist, telephonist to the computer programmer to the board – particularly the board – to understand their role in the organisation to manage risk.” The UK government is also stepping up to put measures in place to stop modern-day slavery. The Modern Day Slavery bill is going through its third reading in the House of Lords, and will be the first of its kind in Europe. Once the bill is passed it will create two new civil orders to prevent modern slavery, establish an Anti-Slavery Commissioner, and make provisions for the protection of modern slavery victims. Its aim is to make sure it is easier to prosecute the criminals behind the majority of instances of modern slavery. Companies must look at the wider issues when assessing business risk, Livsey believes. If they do not look at behavioural standards as well as functional ones, it will be harder to address issues such as human trafficking or modern-day slavery in the supply chain.
7
n an age in which communication goes global instantly, unwelcome publicity is a pervasive and constant possibility for company directors – and the level of error required nowadays need not be as “spectacular” as economist JK Galbraith once envisaged it.1 The burden, particularly for non-executive directors, continues to increase. Changes in the Financial Reporting Council’s (FRC) Corporate Governance Code will raise the requirements across all companies with a premium listing on the London Stock Exchange, and directors of banks are now additionally subject to a new personal liability regime. The challenges for non-executives broadly fall into three areas:
Bandwidth The volume of material to absorb can be overwhelming, particularly if you are a member of one of the board committees. The skill for directors is to identify those risks that are actually important, which requires both time and effort. If reading board packs on the train was ever acceptable, then that era has now passed.
Ongoing change in the regulatory environment Directors have questions to ask themselves. What must I do? What should I do? What must I not do? Regulators have the right intent – they want to improve risk management and corporate culture after a wave of scandals and in a world where uncertainty has become the new norm. There has been a surge of regulations affecting the risks that the board
1. JK Galbraith: “Immortality can always be assured by spectacular error.”
must address – both at national and EU level – such as the FRC guidance, UK Listing Authority requirements, accounting standards and requirements from a company’s international activities.
Management support Management may not have access to good quality risk information for their own decision-making and it is even more likely that they will not have it in a form useful to non-executive directors – concise, pertinent, comprehensive and comprehensible. Outside of financial institutions, the “risk department” may be a very small team or even a single person. Creating risk information for the board may therefore fall to internal audit teams, whose focus is on control issues, rather than on articulating the broader risks to a company’s survival. Realistically, the board can only truly control this third issue. The need then is for risk information that can be used both to address major risks and to benefit the business through better strategic planning. The board has to be put in a position where it can sensibly meet the FRC’s “robust assessment of risks” criteria, as well as be confident that the risk management processes in place really do manage the company’s risks. This is more than just better risk information, it is giving a deep understanding of the risks and how they are being managed – and thereby providing insight and transparency to the board. Patrick Healy is executive director, EY +44 20 7951 7026 phealy@uk.ey.com
Business Reporter · March 2015
8
Risk management
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Find us online: business-reporter.co.uk | Join us on LinkedIn: Business Reporter UK
THE HOSTAGE NEGOTIATOR
You can eliminate risk by getting complete clarity over what people need
T
HE SKILLS a top businessman or political negotiator uses to do business are no different to those used by a hostage negotiator, Richard Mullender, the former lead trainer at the National Hostage and Crisis Negotiation Unit at Scotland Yard tells me. Talking to Business Reporter at a hotel in London Bridge, Mullender explains that business negotiation is all about having effective listening skills and knowing how to decipher the subtext, to pinpoint the values and beliefs that drive the speaker. “The definition of effective listening is the identification, selection and interpretation of key words that turn information into intelligence,” he says. “Hostage negotiation is around understanding the people you are dealing with and not applying your own values, so you have to understand the other person’s values. In business it is exactly the same thing.” Mullender is a man who has mastered the art of effective communication and listening. He has trained the Federal Bureau of Investigation (FBI) and police forces in Brazil, the Philippines and Cyprus, and advised the United Nations and the Indian secret services. In 2004, he was part of the team that negotiated the high-profile release of three UN workers being held hostage by the Taliban. Businesses come to Mullender to help them get a greater understanding of their customers and staff, which not only keeps employees happy and retains business, but also reduces risks to them. He assesses leadership risk by looking at leadership theorist John Adair’s model of ActionCentred Leadership, which describes a situation according to the goal of the task , t he tea m performing the task and the individuals in the group.
Mullender says: “If you are applying risk, you ask at the moment where is the greatest risk? Is it with the task? Do I need to get this task done? Is it with the team – is it falling apart, or is it with the individual is there someone in there that is falling apart? “If I have got to build business it is all very well looking after the team, but if no money is coming in it is not effective, I’ve got to have that in mind – you always have to be central to what you are doing. Then there is a risk if you introduce a change to the team. What is the risk to the motivation of the team – will they work as hard and buy into it? “Then, looking smaller than that, what is the risk to the individual. Does that person buy into it, and can I lose that particular individual?” Mullender believes leaders should really know what is going on within their organisation to stop resistance to change. The closer you are at the top, the more likely it is to buy into change whatever ideas come in, and the nearer you get to the bottom, the more likely you are to have resistance. “The biggest creator of resistance is lack of clarity,” Mullender says. “As the message comes down it gets distilled and gets misinterpreted. The biggest risk in any organisation internally is misinterpretation. “You can eliminate risk by getting complete clarity over what people want, what people need, what people’s complaints are, what their worries and fears are. Once you have clarity, understand their motives for feeling those fears, and work towards where you can, because it is not always possible to take away their fears, then you dispel the risk.” Good negotiation skills are sought after in the business world, Mullender believes. Using listening skills will enable you to understa nd people’s values and beliefs, which can help take the risk out of business.
| Follow us on Twitter: @biznessreporter
THE
Joanne Frearson talks to three experts on risk in different fields about how their experiences translate to managing difficult business scenarios THE FIGHTER PILOT
When you genuinely own the risk, you do not think about it as a separate item
T
HE split-second decisions fighter pilots have to take in the cockpit can engender a life-or-death situation. It is a demanding environment with very high standards, and the RAF spends many years teaching its officers skills to be able to react appropriately to high pressure situations. But these are skills which are not only useful for fighter pilots, but can be adopted by the corporate world to help make better risk and safety decisions. This is a subject which is close to the heart of Justin Hughes, managing director and founder of Mission Excellence and a former RAF fighter and Red Arrows pilot. Now wearing a
corporate suit rather than a pilot uniform, he meets Business Reporter over coffee where he talks about how he uses what he learned from a militar y env ironment to help companies manage risk and safety. “Safety in the world we come from is not a separate department or something that is outsourced,” he says. “It is owned by the operators and is the day job. People who are doing operations own risk, and not in a token way. When you really genuinely own the risk you do not really think about it as a separate item.” Unfortunately, Hughes explains, most companies only get interested in
risk management as soon as something bad happens, such as people dying in an aircraft accident, a financial crash or an oil disaster. He believes problems come for companies when they take a systematic view of minimising risk. He says: “You need to not just give people a system and a process, but actually equip them with the tools and the decision-mak ing sk ills to make informed, sensible, balanced judgments in the heat of the moment, faced with some difficult and ambiguous situations that you have not seen before.” Hughes has been doing a lot of work in the oil and gas industry, and says
Business Reporter · March 2015
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Risk management
Like us: www.facebook.com/biznessreporter | Contact us at info@lyonsdown.co.uk
9
THE POKER PLAYER
Poker throws into relief the different parts of the decisionmaking process
FACTORY
that recent disasters, such as the Macondo Deep Water Horizon oil spill off the Gulf of Mexico in 2010, have been a tipping point for the sector to review their risk and safety practices. “ T he oi l a nd gas industry has recognised to some extent that they will never systemise the risk out of the challenges they face,” he says. “I am not saying it is not important, but in addition to that they have also started to concentrate quite heavily on human and organisation factors. “In most organisations, you only get taught technical stuff, but you might get some behavioural stuff added on in bits and pieces later on in your
career. One way to mitigate risk is to train people in behavioural and cultural issues at an early stage in your career. “You get what you train for to some extent. If you only train people in technical risk why would they be any
good at decision making? Why would they be any good at common sense?” In the military, before they teach you functional skills of a fighter pilot, Hughes explains, you have to pass a six-month course – effectively a course in brand values, team and organisational behaviour, and leadership. Only after passing that behavioural course will the RAF teach candidates the functional skills. “People often call this stuff the soft skills,” says Hughes. “It is not that soft – all pilots do it and it is an intrinsic part of the organisation and a massive driver of safe performance.” If companies do not undertake ap pr opr i ate r i sk a nd s a f e t y management, Hughes believes, the consequences can be disastrous. The military environment is an example of how important it is to own that risk and take a human approach to managing it.
P
OKER IS the ultimate example of how people make decisions under pressure. It not only brings out people’s appetite for risk tolerance, but also conveys how people physiologically react in the decisionmaking process and how it can influence what they choose to do. A good hand of poker can bring about a rush of adrenaline, surging the hormone dopamine to the reward and pleasure centre of our brain trying to draw us in to gamble towards the upside, says Caspar Berry, professional poker player and motivational speaker. He tells Business Reporter how he uses the metaphor of poker to help people, and companies, take better risks and decisions. “Poker throws into relief the different components of the decisionmaking process – upside, downside and probability – as well as the scarce resources we have. A big part of my work is based on the debate that we live in a less certain world than we think. Poker allows us to see the dif ference bet ween objec t ive calculations and emotional bias.” Berry has delivered speeches on how business can use the metaphor of poker to make better decisions to some of the world’s biggest companies including Google, Visa, KPMG, HSBC and IBM. He is currently working with the English Institute of Sport, using poker to demonstrate to athletes how the autonomic nervous system reacts when you are put under stress. “To learn how to make decisions you need to put yourself in situations,” he says. “You need a certain level of cognitive awareness of the things you should be considering and then put yourself into emotional situations where you can analyse what you are actually doing. “The key is, are you making the best decisions in those moments to get to where you want to get to, or is your brain chemistry drawing you in a different direction?” Berry’s pre-poker career is certainly colourful. He started his career as an actor in the first two series of children’s
TV series Byker Grove on BBC1, alongside Ant and Dec. He then went on to read economics at Cambridge before becoming a screenwriter for Miramax and Columbia Tri Star. Wanting a new challenge, he became a professional poker player and after a three-year stint in Las Vegas, returned to the UK, using his winnings to start up a company he later sold to Bob Geldof’s media giant, Ten Alps. It was here that he saw the similarities between poker and business. He says: “You have to make a decision which is in the best context of the business. When you break this down, what you find is there are always
potentially more risky ways which you can go about something which has potentially greater returns. “They usually involve greater time frames and greater volatility. In order to have an optimum, you have to establish with all of your shareholders what kind of time frames to embrace. I have done this with boards of big companies. They came out and said, that is a conversation we need to have. “The question I ask people is this: What do you really want enough that you are prepared to lose what you have in order to achieve it? That is the big conversation about risk management – that people do not have, because all they ask is what they want. The next stage is when you want it, and the next stage is, how much do you want it? Do you want it enough that you are prepared to risk and lose?”
Business Reporter · March 2015
10
Risk management
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Find us online: business-reporter.co.uk | Join us on LinkedIn: Business Reporter UK
| Follow us on Twitter: @biznessreporter
Greater co-operation needed to combat cyber-crime, says report By Joanne Frearson BANKS NEED to take a collaborative approach when it comes to mitigating cyber-risks, as well as look at the issue from global perspective. Matt Allen , director of financial crime at BBA, says: “Cyber-crime is clearly a global threat. Many risks to our members emanate from threat actors operating outside the UK. We are also seeing a trend towards cyberc r i m i n a l s t a r get i ng ba n k i ng customers.” There are also cyber threats potentially looming for the banks in their supply chains. A report by PWC and the BBA stated the supply chain threat has been demonstrated most recently through the high-profile Ta r get dat a br eac h a nd t he identification of the Heartbleed bug vulnerability. Both examples illustrate the indirect impact of cyber incidents on banks. “Many of the risks to banks come from the outside,” Allen says. “There are other types of businesses and industry sectors which hold lots of data. If individuals businesses outside of banking have weak controls, there is a risk to banks that criminals may access data which is relevant to banking.” According to the report, threats are evolving rapidly with the development of new technologies and the ever changing geo-political landscape. Allen says: “The biggest challenge is the fact many of the cyber-criminals
The BBA’s Matt Allen (below right) is calling for a multi-sector approach to combatting cyber-crime
are operating outside the UK. We need a robust international law enforcement response. There has been a lot done over the last few years to strengthen cont rols in ban k s and create partnerships with public authorities, but there is more to do. “T here has been a massive investment by banks into systems and controls and expert staff, as well as campaigns to educate customers on the risks. There are a range of things banks need to do. They need good analytical capabilities, and expert staff in cyber-security and financial crime. Also a workforce aware of the risks.”
The BBA has been working with its members and other partner bodies to look at how the sharing of information and experiences can help guard the banking industry against emerging cyber-threats Allen says: “Within the banking industry what I think has been most impressive is the fact it is a genuine industry-wide approach. What the BBA does is bring together a very large number of banks of all shapes and sizes, both in terms of policy discussions and also sharing of experience and best practice. It is really important as in the banking industry we cannot
have any weak spots. The industry has been very proactive in engaging the public authorities. “A really useful initiative has been the agreement between the European banking industry and European police authority to collaborate on cybercrime. That is the type of thing we like to see progress even more broadly at the international level.” The PWC/BBA report highlights this importance of
international collaboration. It states that as the political focus on cyberissues increases, it is important that the banking sector is proactive in the development of new policies and strategies. Also according to the report, there is a need for a more joined-up international banking industry approach, and it suggests that the European and International Banking Federation need to influence and align global regulations. As cyber-threats evolve it is likely there will be legislative/regulatory changes that develop. He says: “Our view is quite clear, and it was set out in a public report April last year. The challenges in this area are multi-sectorial, multijurisdictional and which can change quickly. Therefore the response cannot be from one sector on its own. The banking industry cannot solve this by itself and the public sector cannot solve this on its own. “We need a range of sectors to come together internationally. That is happening in Europe – we were very pleased to attend the joint Interpol-Europol Cybercrime conference in Singapore and there were some stark discussions around collaboration in the sector. We are looking forward to continuing those discussions to see how t hey w i l l help.”
Business Reporter · March 2015
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Risk management
Like us: www.facebook.com/biznessreporter | Contact us at info@lyonsdown.co.uk
Inspector Dogberry
11
GUESTS had flown in from all areas of the world, from South
The Inspector enjoys a night out at the IRM gala dinner
Africa to India to Abu Dhabi, to celebrate the night. It was a good opportunity to find out what risk management professionals around the world really got up to in their day jobs. It seemed that the life of a risk management consultant is nothing but adventure and excitement – car rallies in beaten-up motors across Europe, jumping out
ALWAYS ONE for the big occasion, The Inspector was keen
of airplanes and running with
to look his best at The Hilton for the glitzy Global Risk
bulls in Spain were just some
Awards 2015 dinner. But, as things were getting underway,
of the activities they did
he found himself struggling with his bow tie in the
x
on team days out.
cloakroom. Worried that he could end up spending the
Making Peking duck
entire evening with a poorly-tied dicky, a look of panic
from scratch was another
slowly spread across his face. But help was at hand in the
choice but, as the dish is
shape of IRM board member Clive Thompson, an elegant
so hard to perfect, it is a
gent if ever there was one. With a flourish, he transformed
risky option
Dogberry’s dog’s dinner of an accoutrement into one suitable
for a dinner
for the five-star surroundings. Take a bow, Clive…
Twitter: @dogberryTweets
Putting on the risk MORE THAN 400 risk leaders from
But the most prestigious Lifetime
It was also a time to reflect on Steve
across the world attended the Institute of
Achievement Award went to Lord Currie
Fowler’s 11 years as the IRM’s chief
Risk Management Global Risk Awards at
of Marylebone for his work in shaping
executive officer. He stepped down a
the Hilton, Park Lane, London to celebrate
the regulation of an incredibly diverse
year ago, but during his reign he was
innovation, creativity and excellence in
range of sectors, as a founding member
able to grow IRM’s membership
risk management across all sectors
of Ofgem, Ofcom and the Competition
by more than 600 per cent,
and countries. The winners were a showcase
and Markets Authority. Lord Currie
taking the message of risk
was recognised for
professionalism across the
of the full range of business risk,
bringing a new clarity and
world – to Africa and
from how risk professionals
transparency to regulation,
Eastern Europe, Asia
can tackle security risks to
raising standards of industry
make communities safer, to helping small farmers in Africa adapt to climate change.
and the Middle
practice in the face of new
East. He is
risks and uncertainties and
replaced by
fast-evolving technology.
Ian Livsey.
party…
THE EVER-GLAMOROUS Joanna Lumley was the host of the auspicious evening. Having travelled down the River Nile, ridden on the Trans-Siberian railway and braved danger in the search for Noah’s Ark, she wooed the crowd with her travel risk stories. It all makes for a better TV documentary if she is hanging off the side of the mountain, Lumley’s production people tell me. Lumley adds: “I’ve been lucky enough to travel to many countries and meet people from so many different communities. And I’ve seen the impact the decisions of governments and companies can have on them. That’s the coalface of risk. “If more organisations planned better, we’d all have a more sustainable world. Better for business, for governments and for everyone.”
Risk Management Monitor
Chris McClean’s Blog
www.riskmanagementmonitor.com
blogs.forrester.com/chris_mcclean
Run by Risk Management magazine, this blog provides articles and interviews on a daily basis. Recent posts explore the risk associated with wildfires in the US, and the reasons why C-suite executives have not adopted the internet of things more quickly. The site also has its own podcast.
Forrester analyst Chris McClean serves security and risk professionals, and can provide a unique perspective on risk management. His blog posts cover subjects from corporate responsibility to how to communicate risk to others in your company. The blog has an extensive archive going all the way back to 2007.
By Matt Smith, web editor Risk Management Course Blog
CEB Blogs www.executiveboard.com/blogs/business-lines/legal-risk-compliance This section of the CEB website provides analysis from its legal, risk and compliance experts. What should information security professionals have learned from 2014? What do hackers want with your inbox? The answers to these questions and more can be found in recent posts.
risk.garven.com This blog is run by Dr James Garven of Baylor University in Texas. Sift through the course-related messages to discover clear explanations of risk-related issues, along with relatable examples and diagrams to illustrate important points. There are even some amusing cartoons to bring some colour to the subject.
Business Dictionary (FREE, Android) Navigate the jargon of risk management with this free business dictionary, which contains definitions of some of the field’s most commonly-used terms.
Kaspersky Internet Security (FREE, Android/iOS) Minimise the risk of a mobile data breach with Kaspersky’s free core features, even if your firm lacks a big budget for mobile security.
Business Reporter · March 2015
12
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Risk management
Find us online: business-reporter.co.uk | Join us on LinkedIn: Business Reporter UK
| Follow us on Twitter: @biznessreporter
The moral maze: How poor company ethics can cost investors By Joanne Frearson
S ON PO T AU LIG DI HT T
FTSE100 COMPANIES are failing to provide investors with clear measures of how they maintain robust ethical standards, according to a study by the Chartered Institute of Internal Auditors. The Chartered Institute of Internal Auditors’ study shows that while 91 per cent of the FTSE100 refer in their annual reports to their high standards of business ethics and integrity, only 8 per cent provided a specific metric of their company’s ethical performance. This low level of reporting comes despite the mounting evidence from scandals, such as the mis-selling of financial products, that a company’s poor ethical standards can cost shareholders dearly. Dr Ian Peters, chief executive of the Chartered Institute of Internal Auditors, says: “Recent corporate scandals have provided ample demonstration of the material risk that poor ethical standards can pose to businesses.” The Chartered Institute of Internal Auditors points out that performance metrics, whether
financial or non-financial, are crucial in enabling shareholders to understand whether a company is improving in a particular area or getting worse. The specific measures on ethical performance provided by companies included indicators of employee awareness of ethics, and industryspecific measures such as supplier and factory visits. Although 56 per cent of FTSE100 companies that stated in their annual report that they have an ethical code or policy, only 3 per cent of them provided information to demonstrate that their employees had actually read and understood the code. A further 4 per cent of companies provided figures showing what proportion of their workforce had undergone some form of training on proper ethical standards, and one company said that it monitored employee awareness of ethics, without explaining how. Internal auditors are responsible for providing an independent opinion to the company’s board on how the organisation’s risk management and governance is working, including systems to manage reputational and legal risks.
Research suggests that a lack of clear ethical standards can be linked to high-profile corporate scandals
But it is not all bad news. A separate survey showed internal audit departments in the financial services sector scored higher than other sectors on measures which ensured they were independent from their organisation’s executive management. The IIA notes that since the introduction of its Code (Effective Internal Audit in the Financial Services Sector) in July last year, there have been significant improvements in financial services internal audit teams’ strength and ability to provide the board with independent assurance on the effectiveness of the organisation’s risk management. The Code was introduced to help financial services firms improve their management of
risks as they respond to intense public, investor and regulatory pressure to improve corporate governance. Peters says: “The level of regulatory and public scrutiny of the financial services sector, including moves to increase the personal accountability of directors means that boards will need to rely on their internal audit team even more to ensure they have a tight grip on risks. “But it is important that organisations in other industries learn from the experiences of financial services and the increase in the numbers of internal audit chiefs reporting to non-executives suggests this is happening.”
Recognising the true value of audit
S
adly, the word audit is synonymous to many with accountants poring over spreadsheets, totting up numbers. However, audit should never be viewed this way. Born in the 19th century primarily as a safeguard to “those with money” (now called investors) who wanted to invest their money in companies without the burden of having to manage them, statutory auditing – the process by which an independent party forms a view of the truth and fairness of accounts – was a fundamental protection to shareholders. Today, auditors have accepted to be led in a direction that focuses much on the minutiae of compliance with a set of accounting standards ever more opaque for the users of accounts, often at the expense of critiquing the soundness of controls governance, and business performance. The concept of truth and fairness has lost some of its original meaning. The result of this evolution in auditing is that many companies now see audit only as a compliance burden. So, at a time when discussions are taking place on whether around 7,000 companies with a combined turnover of close to £60billion should be taken out of the scope of external auditing, the challenge for the audit profession is to
take steps to demonstrate the value of audit. Beyond the clear duty to shareholders and its significant contribution to a well functioning economy, it is crucial to stress the value of audit to the company being audited, particularly where the shareholder is also the manager as in many SMEs. If audit has true value, then the issue of exemptions from audit should be superfluous. Companies need to see the business value of audit and not audit as an imposition. The value of external audit should primarily be derived from: Independence The auditor exercises an independent mind on the affairs of a company. An auditor is somebody who has no conflict of interest, and is therefore able to form a clear view on how the company functions and the financial performance it presents in its accounts. Experience To be successful, businesses need to benchmark themselves against best practice – for example, in terms of having effective controls and procedures in place. The external auditor brings to the table his/her experience of other businesses.
Intelligence Many SME managers have limited access to financial intelligence, such as being able to compare their financial indicators of business performance with other successful businesses. Auditors can deliver this insight. Value comes through an independent professional, with an untouchable sense of ethics and integrity, acting as a sounding board and a “business coach”. At Mazars, we champion this holistic view of auditing. Mazars is a uniquely integrated accounting firm working in 73 countries. Our UK firm has 1,500 staff across 20 offices. Mazars has audit at the heart of its business and audits thousands of SMEs as well as listed companies, not-for-profit organisations and governmental bodies. Plus, we audit seven of the biggest 100 companies in Europe, including the likes of AXA, BNP Paribas and Pernod Ricard. We pride ourselves on delivering value to many companies which choose us as their auditors because they want to, not because they have to. David Herbinet is head of audit, Mazars +44 (0)20 7064 4419 david.herbinet@mazars.co.uk
Business Reporter · March 2015 · 13
Business Zone
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
Why we need greater co-operation across the risk spectrum
The future
Turning risks to your advantage, T whatever the weather “Weather and climate knowledge isn’t just important because it helps avoid risks – it can also turn the elements to your advantage” – Cathy Durston, Met Office head of commercial business
A
s residents of these isles will agree, the UK weather system is complex and changeable. Now climate change impacts are making the picture even more complicated and will continue to do so in the future. The latest science, outlined by the Intergovernmental Panel on Climate Change, reports that human influence is not only driving long-term patterns such as global average temperature, but is also already impacting on the risk of weather extremes around the world such as heavy rainfall, drought and heatwaves.
Weather and climate present risks for governments and businesses around the globe. It is important to have the right information – not just because it helps avoid the risks arising from certain weather types – but because it turns them to an advantage. At the Met Office, we have a national and global perspective. Weather is a global system and responding to climate change requires international collaboration. Wherever an organisation is located, and whatever it does, business leaders can’t afford to ignore the challenges weather presents – it has the potential to affect the productivity and image of the company, as well as employee health and safety. Often working in partnership, we contribute to economic growth by helping businesses manage risks and opportunities. We work across a range of
Partner/national head, risk & advisory services, BDO, LLP
Coming soon: experts discuss the importance of global food security at http://business-reporter. co.uk/videos/category/ food-security
0370 900 0100 enquiries@metoffice.gov.uk
The debate What are the critical risks for 2015? Craig Wright
Video special
sectors – for example, we help major retailers keep the shelves stocked with the right products. We help insurance companies balance risks across their portfolios. Our work helps to protect essential infrastructure including transport and utilities networks. Extreme weather and increasing natural hazards are raising awareness of society’s vulnerability to environmental change. Global interdependency means that climate change doesn’t just have consequences in far-flung corners of the planet but also in our own UK economy and lifestyle. The key for today’s business leaders is getting the right information to avoid risks and make the most of the opportunities on the horizon.
Ajay Bhalla
President, enterprise security solutions MasterCard
At a global level, geopolitical risk ranks as high as it has been in a generation for 2015. Conflict, failures in national governance, terrorism and state crises are increasingly likely. We also note that environmental risks are ranking higher this year than economic ones in terms of likelihood, for example, extreme weather and water shortages. Interestingly, our experiences with UK businesses have showed that risk management arrangements are not mature enough to demonstrably consider these geopolitical and environment issues in all instances, with the economy, cyber-security, the political landscape in this election year and competition from disruptive technologies dominating the typical 2015 boardroom agenda. These are, of course, vitally important to the success or otherwise of UK corporate strategy. However, the prominence of geopolitical and environmental issues means that more attention to supply chain and business continuity may be warranted.
The US accounts for 50 per cent of global card fraud – however this year the issue will start to be addressed with the roll-out of 575 million chip cards with EMV security. This will no doubt reduce counterfeit fraud, but it’s likely to have a waterbed effect as criminals shift their approach to online fraud, and this will impact on more than the US alone. Mobile payments technology will continue to evolve as the industry seeks to make it easier for consumers to pay, but we must ensure that the secure standards for account information and consumer verification remain robust. It is one thing to access a phone with a simple swipe but another to permit the same movement to transfer funds from your account. We must expect ever-more sophisticated criminal activity, and the solutions of yesterday are unlikely to be the solutions for tomorrow. Agility will be key to how we all respond in protecting consumer payments.
+44(0)7800 682016 craig.wright@bdo.co.uk
020 7557 5000 www.mastercard.com
he digitisation of financial services and payments, as we’re seeing with newly introduced distribution channels, means banks are increasingly exposed to different types of risk, whether cyber, fraud, conduct, regulatory, reputational or operational. To effectively deal with this new digital world, banks must adopt a more integrated strategy than the traditional, often siloed, risk management approach. Risk management teams that previously handled different areas, such as fraud, financial crime, anti-money laundering, payments and compliance, now need to be better linked across the organisation, sharing information and platforms. This is challenging to achieve, but advances in technologies such as big data, analytics, mobility and robotics can help integrate and improve surveillance and control. As well as mitigating risk, the insights these tools bring can help banks improve services to their customers, develop more tailored products and ultimately grow revenues. For example, by using customer analytics more effectively, banks can craft products and services that respond to the needs of their customers while mitigating conduct risks. Making this shift is an essential part of becoming what we call the Everyday Bank, whereby banks become an integral part of their customers’ lives, not just their finances. Banks have the opportunity to use advanced technologies to provide embedded financial advice and simpler access to services, at the same time as managing their risks. Jamie Woodhouse is managing director of Finance and Risk for Accenture UK & Ireland
14 · Business Reporter · March 2015
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH
INSIDE TRACK Building for a more secure tomorrow
T Brand value: Insuring against reputational harm B rand value has long been the subject of debate, not least in terms of how to measure it – given that a brand is intangible – and how to protect it. According to the results of the Superbrands consumer survey for 2015, British Airways tops the UK list. But what does such an accolade actually mean, and how should BA be protected against brand damage? By way of example, at the beginning of last year Asia-Pacific airline companies were already struggling to cope with an uncertain global economic environment and volatile fuel prices. But then, with one plane of their number disappearing and one being shot down, flights MH370 and MH17 seriously damaged the reputation of Malaysian Airlines, possibly forever. The irony is that the airline was probably not culpable in either event. The ensuing loss of customer confidence gave way to a dramatic drop in bookings and, according to its last publicly reported results in December 2014, the carrier continues to make large losses as it struggles in a highly competitive
marketplace. This link between a cause – being the negative publicity arising from two incidents, and an effect – a reduction in bookings – is perhaps the simplest distillation of reputational damage. The same logic applies in reverse, where the greater the value of a company’s reputation, the more it helps drive profitable sales, especially where there are many alternative providers of the same product or service competing for the same business. Preserving competitive advantage from brand value is nowadays top of the corporate agenda; countless surveys see reputation and risk to reputation top the polls as issues for boardrooms. What happens if we have a data breach? Will our customers leave us? What if we break something valuable in someone’s luggage – will they use YouTube to release a video about it? Companies are very busy crisis-planning nowadays, and this helps to identify risk and opens up possibilities for risk transfer. At Tokio Marine Kiln, insurance has been developed to cater for these very scenarios. The idea being that if
a company can identify its main reputational threats and they subsequently occur, insurance can repair the associated fall in sales by paying for lost profit. Demand for such insurance is increasing rapidly, with clients embracing this new style of underwriting not bound by the need for physical loss or damage. HM Treasury estimates that in 2011, UK businesses invested £126.8billion in knowledge assets, compared with £88billion in tangible assets, with approximately 15 per cent of such spending on brand equity. So why not protect that investment? Malaysia Airlines may never recover, because to rebuild the brand the business needs significant investment. And yet without passengers, funding that investment becomes extremely difficult. An insurance policy covering reputational harm might have reimbursed the company for the decrease in sales, and might have funded a PR campaign to repair the reputational damage. It’s possibly too late now for them, but not for everyone. Thomas Hoad (left) is underwriter, enterprise risk at Tokio Marine Kiln communications@ tokiomarinekiln.com www.tokiomarinekiln.com
he banking industry has undergone major reform in the years since the financial crisis to make it more stable and secure. EU regulation has made banks safer by making them hold more capital, so that the taxpayer never again has to bail out a bank. Internationally agreed standards on “more capital, more liquidity” across the European Union are now being implemented. Today, UK banks hold five times as much capital as they did at the beginning of the financial crisis. There is now a cap on remuneration, and bonuses for those working in financial services and insurance have fallen by 50 per cent since the crisis. UK banks have also taken part in the Bank of England’s and the European Central Bank’s stress tests. The results of these
tests confirmed that the UK banking industry is in a much stronger position today and recent reforms are working. Financial risk has been mitigated further by the introduction of the Senior Managers Regime. This will take effect in 2016, and will strengthen accountability at the very top of our financial institutions, introducing more personal responsibility for executives when they take key decisions about their businesses. These measures are positive moves towards restoring public trust and confidence in the banking sector, and as a result the financial system is more stable and secure today. Anthony Browne is chief executive of the BBA www.bba.org.uk
Business Reporter · March 2015 · 15
AN INDEPENDENT REPORT FROM LYONSDOWN, DISTRIBUTED WITH THE SUNDAY TELEGRAPH YOU R AWA
VIDEO STARS! Join us as we expand our online business campaigns
RDW
ENT SUPPLEM INNING
The René Ca
YOU R AWA
Should top rayol colum n execs act professio more lik na l footba llers? | Page e2
Top 50… t wn to the Countdo ation of the ver y bes es 8-11 ebr A gala cel ser vice 2014 | Pag er in custom
RDWIN NING SUP PLE
August 2014
MEN T
The new fro
Global cyb ntier $445bn er-crime now every yea cos r | Page 7 ts
er.co.uk ess-report 2014 | busin December
| business -rep
24 SP -PAGE EDITECIAL ION
orter.co.u k
AS PART of Business Reporter’s ongoing video campaigns tackling the big issues facing the UK economy,wearecontinuingtohostaseriesof expert interviews at the Telegraph studios. Join us as we concentrate on the challenges of pensions and finance and risk management. To take part in either of these campaigns contact Emmanuel Arthur at e.arthur@ lyonsdown.co.uk
Pensions We investigate the main challenges facing pensioners as new legislation regarding auto-enrolment and how people access their pension pots come into existence. While these new freedoms should help people avoid a bad annuity purchase, they bring with them other challenges. Our studio interviews will help people make the most of this new-found freedom.
Finance and Risk Management These interviews will analyse the challenges facing UK businesses as the economy turns the corner and thoughts move from damage control to growth. The interviews will provide insight on how to use risk-management strategies and sophisticated technology to drive growth and take businesses to the next level.
EXCLU Nick SIVE Leeson, the orig rogue inal trader, on regret remorse s, and revi … Pages 11 val -15
L
SPECIA PENSIONS
the game er chang
y... ur cand nd keep yo e crush Wealth Fu a Citizens’ Avoid th y we need
n on wh ris Johnso INSIDE: Bo
WITHIN DISTRIBUTED
THE DAILY
AND PRODUCED TELEGRAPH,
OWN WHICH BY LYONSD PUBLISHED
TAKES SOLE
SIBILITY RESPON
FOR THE
TS CONTEN
RISK & FR
AUD
THE MAN BROKE THWHO E BANK
DISTRIBUTED WITHIN
THE SUNDA Y TELEGR APH,PRODU CED AND
PUBLISHED BY LYONSD OWN WHICH
TAKES SOLE
RESPONSIBILI TY FOR THE
CONTENTS
Hackers target vulnerable SMEs
A
Courageous leadership is needed to re-establish trust Business leaders must forge fresh connections at all levels
S
tories of corporate malpractice are grabbing headlines, damaging reputations, and impacting the share price of leading institutions on what seems like an almost daily basis. Some commentators believe that however loud the noise around these issues are, it will subside as soon as the recovery strengthens at which point we can all return to business as usual. But this perspective seems to overlook the sea change that has occurred in the public’s mind – that business can no longer be trusted to do the right thing. In fact, all the data shows that trust has been steadily draining from the system since the 2008 crash – and, like oil seeping
from a damaged gearbox, while at first its effects are minimal over time a system which once worked smoothly starts to grate and grind. Customers cease to be loyal, innovations get harder to back, employees never fully commit and the creativity and joy of working with partners on joint endeavours disappears. While trust is fast disappearing, of equal concern is that business leaders seem no closer to learning the lessons from the events since 2008, and have failed to get to grips with what is really going wrong. It isn’t as if our large banks and public companies haven’t been expending huge efforts to change their ways. After the Libor scandal it was perhaps too easy for a time to blame a few bad apples for the problems. But since then firms have doubled up on corporate governance efforts, augmented their ethics policies, beefed up on training and doubled the size of their compliance teams. Indeed, some have gone further by placing an
emphasis on changing their corporate culture. And yet real progress remains painfully slow. Why is that? Our efforts have, to date, focused on improving the existing system, a system which at its heart believes business can discharge its responsibilities by simply focusing on maximising shareholder returns. Such an idea must be declared past its sell-by date. Given that we now live in a completely connected world, the notion that satisfying the need of only one stakeholder is in any way adequate lies at the heart of the disconnection which has occurred between business and the needs of customers, employees and society as a whole. It explains why so many of the stances taken by business leaders today are jarring with the wider public, whether on the treatment of tax, on the treatment of workers or the treatment of the environment. To re-establish trust, business leaders will need to forge fresh connections at all levels. Connections between those in the boardroom and
those at the coalface; connections between those at head office and what’s really going on with customers and throughout global supply chains. For it is becoming increasingly apparent that without an ability to relate to those who feel the consequences of the decisions made by business, it will be practically impossible to successfully navigate in today’s turbulent economy. Learning to see your organisation as an entity which is not simply there for the benefit of shareholders but also for those that a company serves will require leaders to adopt a fresh outlook, to rediscover a sense of higher purpose and to demonstrate a willingness to reflect on what matters most. But above all, it will require courageous leadership. Norman Pickavance (left) is head of brand, culture and sustainability at Grant Thornton and author of The Reconnected Leader +44 (0)113 245 5514 norman.pickavance @uk.gt.com
s cyber-attacks are increasing in frequency and severity, it is not surprising that information security is now a top business priority. So what should SMEs do about these attacks, which seriously damage the reputations of some organisations and threaten the very existence of others? The temptation is to bury your head in the sand as it seems to be too complicated, too expensive and too time-consuming. But given that 33 per cent of SMEs experienced a cyber-attack last year (UK.Gov survey), that is no longer an option. But there are some comparatively easy things you can do. Your industry sector may ask for compliance to various standards such as ISO 27001, PCI DSS, IASME or Cyber Essentials. While compliance alone cannot stop a cyberattack, it will increase your resilience to them. These standards require simple measures, like choosing strong passwords and changing them regularly and ensuring security updates are implemented. Obvious really but, alarmingly for those companies’ suppliers and clients, many don’t bother.
A survey published in The Daily Telegraph last month showed that 96 per cent of senior execs said that ISO27001 plays an important role in a company’s cyber-defence. Encouragingly, the Telegraph also reported that 57 per cent were adopting ISO27001 to gain competitive advantages. Many executives believe that advanced cyber-risk management and compliance is complicated and expensive – but that isn’t the case. Companies such as Security Dialog are here to help SMEs that could benefit from a simple package of relevant cyber security services, tailored to meet their needs and budgets. As Dave Shearmon, CEO of cyber-security specialists Security Dialog, explains: “We can help firms with their security and compliance issues by evaluating the level of threats that they experience today and monitoring systems on an ongoing, pay-as-you-go basis with no commitment, tailored for what they need. ” Learn more at www. SecurityDialog.com or email contact@ SecurityDialog.com
Watch Dave Shearmon discuss the impact of hacking on SMEs at http://bit.ly/1GHZBZS