Sr july2011 lr by Nathan Hambrook-Skinner

VIEWPOINTS [ PEOPLE ] Sub-sea cable layer and industrial giant Prysmian’s group risk manager reveals all

RISKS [ THREATS ] In an increasingly divided world, global consensus is hard to come by. This poses problems for multinationals. What should risk managers do?

European risk and corporate governance solutions

www.strategic-risk.eu [ July 2011 ] Issue 71 €25

GOVERNANCE [ COMPLIANCE ] Global insurance programmes are a challenge for many risk managers. We explore the issues

THEORY & PRACTICE NEWS & ANALYSIS » War risk management » Apple’s worker rights » Al-Qaeda a er Osama » Forest ﬁres

[ BEST PRACTICE ] Criminals do a lucrative trade in kidnap and ransom. Here’s our essential guide to help you avoid being kidnapped

RISKY WATERS Ship and cargo owners need to toughen up their defences – piracy is one industry that just keeps on growing Risk Atlas Bribery and corruption are hot topics. Our map shows where the risks are greatest Special Report Almost everything you need to know about forming a captive insurer StrategicRISK Awards The winners of this year’s risk management accolades

LEADER [ JULY 2011 ]

Issue 71 July 2011

Nathan Skinner, EDITOR, STRATEGIC RISK

www.strategic-risk.eu WELCOME

Editor Nathan Skinner Editor-in-chief Sue Copeman Reporter James Bray Market analyst Andrew Leslie Group production editor Áine Kelly Deputy chief sub-editor Laura Sharp Group sales director Tom Sinclair Business development manager Donna Penfold +44 (0)20 7618 3426 Production designer Nikki Easton Group production manager Tricia McBride Senior production controller Gareth Kime Head of events Debbie Kidman Events logistics manager Katherine Ball Publisher William Sanders +44 (0)20 7618 3452 Managing director Tim Whitehouse Cover image Sven Torﬁnn/Panos Pictures Email: ﬁrstname.surname@ newsquestspecialistmedia.com

Conﬂicting issues W

E LIKE TO COVER THE BIG ISSUES IN STRATEGICRISK. THIS ISSUE IS no exception. As companies struggle back to growth there’s one industry

that’s still booming – piracy. Attacks at sea hit an all-time high in the ﬁrst three months of this year. There were 142 attacks worldwide, with 97 of these off the coast of Somalia. Hardly surprising, since Somalia has been a failed state for decades. It also has the largest coastline of any African country and it just so happens that the Gulf of Aden is the busiest shipping lane in the world. The honey pot is just too tempting. Of course, ship and cargo owners can always buy insurance to protect themselves against the risk. But as Catlin Asset Protection’s Peter Dobbs told me recently: “Insurance

ISSN 1470-8167

might protect your balance sheet but risk management is what saves people’s lives.” He

Published by Newsquest Specialist Media Ltd 30 Cannon Street, London EC4M 6YJ tel: +44 (0)20 7618 3456 fax: +44 (0)20 7618 3420 (editorial) +44 (0)20 7618 3400 (advertising) email: strategic.risk@newsquest specialistmedia.com

thinks ship owners (and their insurers) have a responsibility to ‘harden’ their ships’ defences

StrategicRISK is published eight times a year by Newsquest Specialist Media Ltd., and produced in association with Airmic (the Association of Insurance and Risk Managers). The mission of StrategicRISK is to deliver the latest risk and corporate governance solutions to key decision-takers in UK and European companies. StrategicRISK is BPA audited with a net average circulation of 10,046, June 2010.

with sophisticated weaponry to keep the pirates at bay (read the cover story on page 15). Another topic this issue tackles is the breakdown in global governance. President of risk analysts Eurasia Group Ian Bremmer told StrategicRISK: “2011 looks to be the year that our understanding of how the world works becomes out of date.” Bremmer uses the term ‘G-Zero’ to describe the inability of the G-20 group of nations to respond effectively to the economic chaos. In his view, it’s a recipe for political posturing at best and, at worst, more conﬂict (read the full feature starting on page 39). Speaking of conﬂict, we’ve highlighted some of the key business risks and opportunities stemming from the regime-changing revolution in Egypt. While the risks

For all subscription enquiries please contact: Newsquest Specialist Media, PO Box 6009, Thatcham, Berkshire, RG19 4TT, UK tel: +44 (0)1635 588868 email: customerservice@strategicrisk.eu Annual subscription (incl P&P) £249 €399 $499 Two-year subscription £449 €649 $849 Three-year subscription £427 €663 $821 Printed by Warners Midlands Plc © Newsquest Specialist Media Ltd 2011

are signiﬁcant, not least down to economic stagnation, relative normality may not be too far away (read more from page 30). Also, see our online exclusive on what the death of Osama Bin Laden means for international terrorism. Read what the experts have to say here: goo.gl/6wJs0

[CONTACT THE EDITOR] Email nathan.skinner@strategic-risk.eu or follow me at twitter.com/StrategicRISK

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

CONTENTS [ JULY 2011 ]

Nicolas Righetti/Panos Pictures

Prysmian’s Alessandro De Felice talks super cables and mega mergers

Expectations of the revolution in Egypt are running as high as emotions have been

News & Analysis

Risks

[ THE LATEST BUSINESS ROUND-UP ]

[ THREATS ][ OPPORTUNITIES ][ MANAGEMENT ]

8-12

The Best of the Web The biggest stories online, including al-Qaeda’s leadership battle, Spain’s earthquake and why Sony may have incited a cyber attack Risk Indicator The world a er Osama; radioactivity fears as forest ﬁres sweep Europe; and the top ﬁve money-grabbing cyber criminals News Analysis What risk managers can learn from army generals; poor working conditions at Apple; Tepco’s compensation bill; and the lessons to be had from the BP disaster COVER STORY: A king’s ransom What can businesses do to protect their cargo, ships and staff from the growing risk of piracy attacks?

Viewpoints

30 32

Governance [ ETHICS ][ COMPLIANCE ][ REPORTING ]

[ PEOPLE ][ OPINION ][ COMMUNITY ] SPECIAL REPORT

Captives 35 The case for captives What can a captive do for your organisation?

36 Going for the hard cell When setting up a captive cell facility, ‘one size ﬁts all’ won’t cut it

36 Location, location Onshore or offshore, that is the question when choosing your domicile

19 20

Well connected Cable manufacturer and layer Prysmian’s group risk manager Alessandro De Felice knows the value of good links It’s ﬁnally time to reap what we’ve sown John Hurrell is eager to announce the results of Airmic’s recent labours When the mighty fall … What hope for the meek? As Sony suffers a security breach, Sue Copeman asks how smaller companies can ﬁght hackers Meet the winners Presenting the roll of honour from the StrategicRISK European Risk Management Awards Headspace What’s on John Hurrell’s mind? The Airmic chief executive talks heroes, embarrassing moments and the joy of a decent pint

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

Fault lines Economic woes, civil unrest and natural disasters are just some of the increasingly global risk factors threatening businesses Revolution solutions? How long until Egypt can get back to stability and a promising future? RISK FINANCING: Captives Little is beyond the remit of a captive when it comes to books of business – how are parents making them work harder?

Get it together A global risk programme can bring transparency of cover, consistency of approach and save you money RISK ATLAS: Corruption Nearly three-quarters of the world has a serious corruption problem. But large companies are cracking down

Theory & Practice [ INSIGHT ][ CASE STUDIES ][ BEST PRACTICE ]

Coping with kidnapping You don’t have to be rich or involved in criminal activities to be kidnapped. Here are ﬁve ways to protect your employees A career from start to ﬁnish We picked the brains of individuals on all rungs of the risk management career ladder. Here’s what they told us For better and worse: the tricky nature of collaboration Relationships between organisations can be complex. How do you prevent problems from slipping through the gaps?

Know more. Achieve more. Building the world’s largest passenger aircraft – the A380 – is a challenge that requires a trusted partner. That’s why Airbus, an EADS company, trusts in the expertise of Allianz Global Corporate & Specialty – covering the most complex business risks worldwide. www.agcs.allianz.com

With you from A-Z Ingo Zimmermann, Head of EADS Corporate Insurance Risk Management

NEWS MATRIX [ THE LATEST BUSINESS ROUND-UP ]

Top 10 essential online stories 09 08 10 01 TERRORISM

Al-Qaeda leadership battle to ensue

For the ﬁrst time in this survey’s history, strategic risks such as failure to innovate and attract top talent ranked highly as a problem. web. goo.gl/KIynI

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

03 JAPAN

Tepco struggles with earthquake compensation bill Japanese power company Tokyo Electric Power Co (Tepco) is currently involved in a heated debate over how much in damages it is liable to pay for the nuclear accident at the Fukushima Daiichi power plant. The Japanese government has already ordered Tepco to pay the 48,000 families who live within the 30km exclusion zone approximately €12,000 each, marking the start of a huge compensation bill. Even a company of Tepco’s size will struggle to pay these losses, which means the Japanese government will have to intervene. Tepco is too integral to Japan’s electrical infrastructure to fail. Tepco has presented a formal written request to the Japanese government, asking for ﬁnancial help to deal with the spiraling compensation costs. Since the earthquake, many of the key infrastructure problems in Japan have been caused by disruptions in the power grid and the knock-on effect this has had on the business supply chain. web. goo.gl/Z8nNC

Reuters

Economic slowdown Regulatory/legislative change Increasing competition Damage to brand Business interruption Failure to innovate/meet customer needs Failure to attract or retain top talent Commodity price risk Technology failures or system failures Cashﬂow or liquidity risk

Spain rocked by earthquake On 11 May, two earthquakes hit the Murica region of south-eastern Spain. The town of Lorca was the worst affected, with extensive damage to buildings, 120 people injured and eight people killed. It was the ﬁrst earthquake to cause fatalities in Spain since 1997. Lorca has a population of approximately 92,000 people, most of whom spent the night out in the open due to fear of a ershocks. Spanish newspaper El Pais reports that a further 10,000 people were evacuated from their homes. Teams have begun to evaluate the damage caused by the quake, but an official statement has been issued conﬁrming that the region’s transport network is not badly affected. web. goo.gl/OgDNG

Top 10 global risks

1 2 3 4 5 6 7 8 9 10

04 DISASTER

02 COMPANIES

Aon Risk Solutions surveyed 960 companies from 58 countries and found the top 10 risks to businesses today are:

04 01

Reuters

Members of the terrorist cell in Yemen are most likely to exploit the death of al-Qaeda leader Osama Bin Laden, according to experts. Following the killing of Bin Laden by the US military, a self-destructive battle for succession within al-Qaeda is likely, which al-Qaeda in the Arabian Peninsula (AQAP) in Yemen is best-placed to exploit, said the Global Jihad Analysis team at Exclusive Analysis. Since 2001, the death or capture of several senior ﬁgures associated with al-Qaeda has gradually reduced the core of older veterans in top leadership positions. Before his death, Bin Laden had slowly been sidelined as an operational commander, explained the analysts. His communiqués were frequently out of date and in some cases contradicted other senior al-Qaeda leaders. Exclusive Analysis believes that Yemen’s AQAP will take a greater role in planning al-Qaeda’s overseas attacks, following involvement in the deployment of a would-be bomber on a Detroit-bound passenger jet on Christmas Day 2009, which showed intent and capability for mass casualties. web. goo.gl/DbGeI

LINKS TO THE WEBSITE About goo.gl Type the goo.gl address into your web browser to access our recommended articles from strategic-risk.eu

Sony’s cyber woes Sony’s determined pursuit of a famous hacker last year may have incited a breach of the Playstation security systems that put the network offline for a week in April. The recent Playstation Network hack is one of the biggest cyber attacks of all time. As a result of the intrusion, Sony is now “rebuilding its security system from the ground up”, CAPITA information security manager Dave Whitelegg explained. Last year, Sony reportedly settled a legal battle with notorious hacker George Hotz, who gained fame a er hacking the iPhone. Whitelegg suggested that Sony’s aggressive pursuit of the case may have incited the April attack on its network. web. goo.gl/eXNCb 06 CIVIL UNREST

Reuters

Anti-austerity protests in Greece

Strict austerity measures implemented by the Greek government have sparked large protests in Athens. According to Reuters, on 11 May 3,000 people took to the streets, resulting in several violent clashes between protesters and riot police. The majority of the protest passed peacefully, but a minority broke away from the main group and began throwing stones at the police. According to Greek police reports, 17 demonstrators and two police officers were hurt as a result of these clashes. Three Greek policemen have since been suspended due to a police brutality investigation that began a er a video showing the violent altercations appeared on Youtube. web. goo.gl/4apjn

10 INSURANCE

Reuters

05 HACKING

D&O policies are ‘unwieldy beasts’

07 TORNADO

Up to $6bn for US storm damage Insured losses from the US tornado outbreak in April are estimated to be between $3.5bn ($2.46bn) and $6bn, according to Risk Management Solutions. The storms took place from 25 to 28 April, with the state of Alabama hit by the majority of the violent tornadoes, accounting for approximately 70% of the overall loss. Over 300 tornadoes touched down during April, breaking the previous April monthly record of 267. The April average is 161. Risk Management Solutions project manager Matthew Nielsen stated: “This tornado outbreak is set to become one of, if not the, costliest severe convective storm event in US history.” web. goo.gl/2wrNH 08 CORRUPTION

09 INSIDER TRADING

Campaigners slam the Bribery Act

Volcano threat to European airspace

A leading anti-bribery group has severely criticised the official guidance to the Bribery Act, published by the UK government in March. The organisation said that the guide undermines key features of the Act, which will come into force in July. According to Transparency International, parts of the guidance indicate that the UK government has surrendered to business lobbyists, which could allow corrupt practices to continue. web. goo.gl/ZeGtL

A volcano in Iceland began erupting on 20 May, sending large amounts of ash and steam into the atmosphere. According to Reuters, the country’s main airport just outside of Reykjavik has been closed due to fears that ash from the Grimsvötn volcano will interfere with engines. The eruption was more violent than that of the Eyjafjallajökull volcano in April of last year, which caused extended periods of chaos in European airports. web. goo.gl/1zLI9

For risk managers, D&O policies need to be clearer about what cover they offer and in what circumstances they will respond, according to Sedgwick Claims Management managing partner Edward Smerdon. D&O coverage can be problematic, said Smerdon. “D&O policies are unwieldy beasts, with lots of clauses and too many deﬁnitions.” He added that the lack of clarity in D&O policies increases the likelihood of disputes between policyholders and insurers, leaving directors stranded. Coverage issues stem from ‘dra ing problems’ in the policy itself. Directors’ and officers’ liability has become an increasingly important issue since the global ﬁnancial crisis of 2008. web. goo.gl/q1dfk

Online Contents Most read stories Risk Management Award 2011 winners web. goo.gl/cP8fP VIDEO: Volcano threatens European airspace web. goo.gl/7QE9e Risk management career advice web. goo.gl/h9hLo StrategicRISK Report 2011 web. goo.gl/csbdi

Online analysis Al-Qaeda and other Islamist militants may seek to exploit the insecurity in Libya generated by current civil war. While Libyans show little sympathy towards such terrorist organisations, support for al-Qaeda could increase if the war proves to be protracted and bloody. web. goo.gl/KIil8 StrategicRISK spoke to two al-Qaeda experts to analyse the threat from international terrorists a er the killing of Osama Bin Laden. Both agreed that while al-Qaeda’s organisation has changed, it still represents a key threat. web. goo.gl/bCqI6

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

RISK INDICATOR [ VISUALISING DATA AND TRENDS ]

Madrid, Spain

London, UK

Sharm el-Sheikh,

Bali, Indonesia

July 2007, UK (London). Public transport bombing: 56 people killed.

July 2005, Eqypt (Sharm el-Sheikh). Ninety people killed, over 200 wounded.

October 2002, Bali (Kuta). 202 people killed.

March 2004, Spain (Madrid). Public transport bombing: 191 people killed/1,800 people wounded. A l-Qaeda are attributed with the attack but did not accept responsibility.

Ammam, Jordan

Manilla, Philippines

November 2005, Jordan (Ammam). Sixty people killed, 115 wounded.

February 2004, Philippines (Manilla Bay). Ferry bombing: 116 people killed.

London, UK – Jul 2007

Ammam, Jordan – Nov 2005

Madrid, Spain – Mar 2004 Manilla, Philippines – Feb 2004

Sharm el-Sheikh, Eqypt – Jul 2005

Bali, Indonesia – Oct 2002

TERRORISM

Al-Qaeda a er Osama Countries worldwide are on high alert following the death of the USA’s most wanted terrorist Key points 01: Osama Bin Laden was killed on the 2 May 2011 in Abottabad, Pakistan 02: There have been 51 terrorist attacks inspired by or suspected of al-Qaeda since 9/11

HE DEATH OF OSAMA BIN LADEN, WHO WAS KILLED BY NAVY Seals in a daring raid in Pakistan on 2 May 2011, could increase the likelihood of further international terrorist attacks. India, the Philippines, the UK and the USA are all on high alert and a global travel advisory has been put in place. The death of Bin Laden is a symbolic victory for the USA, but al-Qaeda’s cell structure means it is a highly decentralised organisation. As such, experts believe it won’t stop planning attacks even a er the death of its ﬁgurehead. Al-Qaeda conﬁrmed the death of Bin Laden in a statement posted on various Jihadist websites, warning that his death would be avenged and the group would continue in their war against the USA and its allies.

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

In the statement, al-Qaeda also claimed that it would soon broadcast a recording of Bin Laden that was made one week before his death. This recording reportedly shows Bin Laden “sharing with the Islamic nation the joy caused by the Arab revolts” and giving advice to his followers. The US government said that a search of Bin Laden’s compound revealed evidence of the early stages of a planned attack on the US rail network. In the short term, analysts say, the risk of terror attacks has probably increased but the situation could change in the long term. For example, the recent political revolutions in North Africa could potentially offer a legitimate social and political alternative to terrorism, which could damage al-Qaeda’s credibility and its ability to recruit new members.

EUROPE

CYBER CRIME

Forest fires blazing across Europe could create radioactivity risk SERIES OF FIERCE WILDFIRES have blazed their way across Europe, causing damage to homes and businesses in the UK, Switzerland, the Netherlands and the Ukraine. Low rainfall, wind and high temperatures created the ideal conditions for the fires, which occurred at the end of April and beginning of May. Some of the regions affected are not accustomed to dealing with such large-scale forest fires and may struggle to protect property and infrastructure. In the Ukraine, forest fires were reported inside the exclusion zone that surrounds the site of the Chernobyl nuclear disaster. There have been over 1,000 forest fires in this area since 1992 and an international consortium of scientists are now warning that a high-intensity fire in the exclusion zone could result in the release of a significant amount of radioactive material. Last year, higher-than-usual temperatures in central Europe resulted in devastating wildfires that burned across Russia. Fires were blamed for the death of approximately 55,000 people due to the smog and increased temperatures.

[ MONEY-GRABBING CYBER CRIMINALS ]

Rex

Top ﬁve

2. 3.

Valdir Paulo de Almeida – March 2005, €37m The ‘phishing kingpin’ accessed Brazilian bank accounts by sending a trojan horse virus to thousands of the bank’s clients via email. Alberto Gonzalez – April 2001, €7.9m Gonzalez, a serial Cuban-American hacker, stole the details of 130 million credit and debit card holders. Yevgeny Anikin and Viktor Pleshchuk – November 2008, €5m A Russian gang of hackers stole millions of payroll account details from RBS Worldpay. Ivan Biltse, Angelina Kitaeva and Yuriy Rakushchynets – January 2008, €2m The group hacked into the server controlling Citibank cash machines located across the USA. Unknown – January 2007, €670,000 Customers of Swedish bank Nordea lost a combined €670,000 when fake anti-virus so ware recorded their bank details. The hackers responsible were never found. Source: CNET.com

NATIONAL SECURITY

THE BIG NUMBERS

OVERHEARD

‘Europe and the UK is still an attractive target for al-Qaeda’

Japanese earthquake statistics

“Soundbites”

Exclusive Analysis head of Global Jihad Analysis Anna Murison explains that while al-Qaeda’s organisation and its capabilities have changed, it still represents a key threat. Following the death of Osama Bin Laden, al-Qaeda may attempt to mobilise an attack planned well before his death, but may not be able to execute a new plan in a short time. Transport networks have the highest risk of being affected. But Murison also says Bin Laden’s death “is likely to accelerate the fragmentation of al-Qaeda”.

Tohoku earthquake was the ﬁ h-largest earthquake since 1900

5 *Figures conﬁrmed by the Japanese National Police Agency

15,019 people killed

9,056 people missing

88,873 homes damaged/destroyed

3,970 71

‘Piracy is just another risk that needs to be managed and planned for. I wouldn’t want it overstated. There are dangers but also ways to be prepared’ Paul Taylor Morgan Crucible risk director >> see Cover story pages 15

‘My most embarrassing moment was arriving at an Airmic dinner about 15 years ago with my dinner jacket but no trousers’ John Hurrell Airmic chief executive >> see Headspace page 48

roads damaged/destroyed

bridges damaged/destroyed

‘In the long term, Egypt will be a hugely attractive market’ Lucy Jones Control Risks Middle East analyst >> see Risks page 30

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

NEWS ANALYSIS [ CONTEXT & INSIGHT ]

POLITICS

When to attack, when to defend The boardroom is a battleground, risk managers are generals and raw materials are the lives of soldiers; important risk management lessons can be learnt from history’s greatest wars ISK IS AS INSEPARABLE FROM warfare as it is from business. In war the stakes are high, for failure may mean the defeat and subjugation of a nation, while the principle raw material of warfare is the lives of the soldiers who must do the ﬁghting. It is logical enough to therefore expect a successful general to be an expert in managing the risks he faces, and a glance through military history indeed shows that many of them, from Hannibal to Montgomery, knew how best to deal with the risks of their trade. What can business learn from them? The world of risks faced by business is remarkably similar to that faced by those in charge of an army. Familiar military concepts such as logistics, domination of ground, command and control, and strategic or tactical balance have their civilian equivalents in supply chain, market penetration, management hierarchies and resilience. Communication is of as much importance to the general as to the risk manager, and clarity of purpose is central to both. Take this from Montgomery, on assuming command of the eighth army in 1942: “I want to impose on everyone that the bad times are over, they are ﬁnished! Our mandate from the prime minister is to destroy the Axis forces in North Africa … It can be done, and it will be done!” Clear and to the point – there is no mention of ‘deliverables’ or ‘drilling down’.

History lessons Reputation is also important for the general, to give his troops conﬁdence in his leadership and to strike fear into the enemy. The Duke of Wellington said of Napoleon that his presence on the battleﬁeld was worth 40,000 men, and the same could be said of Rommel, whose reputation for aggressive risk-taking could induce paralysis in the British eighth army during the Second World War. Generals have always spent time cultivating their reputation – a lesson which should not be ignored by business.

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

Sun Tzu, author of The Art of War, wrote: ‘Victorious warriors win ﬁrst and then go to war, while defeated warriors go to war ﬁrst and then seek to win.’ It is a maxim that anyone seeking to push their brand should take to heart.

Corbis

Cutting your losses It is in the ﬁeld of risk appetite, however, that military history can bring most enlightenment to the risk manager. The UK Treasury’s guide ‘Managing your risk appetite’, says: “Risk appetite is about taking well thought through risks where the long-term rewards are expected to be greater than any short-term losses,” and since this is precisely the mindset of the general approaching battle, it is worth looking at how generals manage this risk. The obvious example of how not to do it is to be found in the sanguinary battles on the Western front during the First World War. In one offensive a er another, British and French generals took the ‘one more heave’ mentality, whereby the commitment of ever greater resources to a failing attack merely resulted in a massive increase in casualties rather than the anticipated breakthrough. The same failure to assess risk properly and to let risk appetite get out of control is to be found in many a corporate M&A battle. It is again to be found in Operation Citadel, Hitler’s last attempt to attack on the Russian front in 1943. “Whenever I think of this attack, my stomach turns over,” Hitler said, but the planning was too far advanced to be easily cancelled, and the attack was duly crushed. Here, loss of prestige became a factor in risk assessment, distorting the appetite for

Fly it up the ﬂagpole and see who salutes: history’s great generals used clear, commanding rhetoric, not management speak

‘Victorious warriors win ﬁrst and then go to war, while defeated warriors go to war ﬁrst and then seek to win’ Sun Tzu author of The Art of War

risk, with disastrous consequences. Napoleon, on the other hand, usually got it right. At Austerlitz, he gave up a defensive position and weakened his right wing to tempt the Russian and Austrian armies to attack (they could have forced a retreat just by waiting). The Russian general Kutuzov knew attack was the wrong option, but was overruled and the allied armies were duly smashed by Napoleon’s counter attack. Napoleon assessed the risk correctly and deliberately deceived his opponents into thinking their risk was much smaller than it was. In boardrooms, less may be at stake than on the battleﬁeld, but many of the pressures that can distort a general’s view of risk are similar. It is the risk manager’s task to present the correct assessment, and looking at where military men get it right and wrong can be a useful guide. SR

ahe ad a nd mak e th e

TOU DEC GH ISIO NS. D&O insurance that will be there for you. The risks faced by directors, officers and companies are constantly changing. That’s why we’ve enhanced our Directors and Officers liability insurance to safeguard individuals’ personal assets and protect the organisations they serve in today’s changing risk landscape. It’s market-leading coverage built on 40 years of D&O experience. Learn more and find out if your current insurance is doing enough. Europe: www.chartisinsurance.com/BusinessGuard UK: www.chartisinsurance.com/uk/d&o

All products are written by insurance company subsidiaries or afﬁliates of Chartis Inc. Coverage may not be available in all jurisdictions and is subject to actual policy language. For additional information, please visit our website at www.chartisinsurance.com.

Reuters

NEWS ANALYSIS [ CONTEXT & INSIGHT ]

HUMAN RIGHTS

Report undermines Apple’s code of conduct COMPENSATION

Despite a ‘rigorously’ enforced code of conduct, new research highlights the continuation of poor working conditions standards

Reuters

YEAR AGO, A SPATE OF SUICIDES AT Foxconn’s plants in China were followed by pledges by the company’s customers, notably Apple, HP and Dell, to work with Foxconn to help it achieve higher international labour standards. However, a report from Students & Scholars Against Corporate Misbehaviour (SACOM) claims that poor working conditions continue. SACOM researchers visited two Foxconn production facilities in Chengdu and Chongqing municipality in Western China, which manufacture Apple iPad 2 and HP laptops. They also revisited Foxconn’s ﬂagship plants in industrial towns Longhua and Guanlan in the Shenzhen, where employees are still housed in dormitories surrounded with anti-suicide nets. The report states: “Workers always have excessive and forced overtime in order to gain a higher wage. Workers are exposed to dust from construction sites and shop ﬂoors without adequate protection. Even worse, they are threatened by potential harm of occupational diseases in various departments. Additionally, military-styled

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

management is still in practice, characterised by ‘military training’ for new workers.” The report’s ﬁndings contrast sharply with Apple’s own statement on supplier responsibility in its 2011 progress report: “Apple is committed to driving the highest standards of social responsibility throughout our supply base. We require that our suppliers provide safe working conditions, treat workers with dignity and respect, and use environmentally responsible manufacturing processes wherever Apple products are made. “Suppliers commit to the Apple Supplier Code of Conduct as a condition of doing business with us. Drawing on internationally recognised standards, our Code outlines expectations covering labor and human rights, health and safety, the environment, ethics, and management commitment. “Apple monitors compliance with the Code through a rigorous programme of onsite factory audits, followed by corrective action plans and veriﬁcation measures … By making social responsibility fundamental to the way we do business, we ensure our suppliers take Apple’s Code as seriously as we do.” SR

Multibillion-dollar costs for Tepco Experts believe Tepco’s compensation bill will reach upwards of €17bn

EUTERS REPORTS THAT JAPAN’S GOVERNMENT plans to hold Tokyo Electric Power (Tepco) liable for unlimited damages resulting from its crippled nuclear power plant. Government officials, Tepco and creditor banks have been attempting to design a scheme to enable the company to cope with the massive bill for compensating displaced residents and still remain in business. Japanese law allows nuclear plant operators exemption from paying damages if an accident was caused by “a grave natural disaster of an exceptional character”. But chief cabinet secretary Yukio Edano does not believe that Tepco’s plant qualifies for that exemption since the earthquake, although large, was not on a previously unexperienced scale. On 10 May, Tepco’s president Masataka Shimizu met with cabinet ministers to ask for financial help from the government. He said that Tepco will try to finance compensation for victims of the accident by selling its stockholdings and property, as well as by streamlining its operations. Tepco has started making compensation payments to residents and local governments near the plant who were forced to evacuate. But it has yet to determine how much it will have to pay in total. J.P. Morgan has estimated that Tepco could face Y2,000bn (€17bn) in compensation claims, but some reports suggest that the figure could be double this. According to the Financial Times, Tepco raised Y2,000bn from its banks in March, but much of that is needed to decommission Fukushima’s damaged reactors and to buy natural gas, oil and coal to make up for lost nuclear capacity. The government rescue plan would keep Tepco out of bankruptcy and prevent shareholders from being wiped out. But the value of Tepco’s stock – already down by three-quarters since the crisis started – would likely remain depressed as operational profits would be diverted for years. SR

creating

choice through specialist

insight At JLT Specialty we provide our clients with specialist insurance broking, risk management and claims consulting services. By focusing on clearly defined industry and risk sectors we have become a strong global market performer with a distinctive culture and style of service that gives our clients the power of choice. Let us show you how choice creates the opportunities to help you make more profitable insurance and risk management decisions.

For further information please contact: Tony Tyler +44 (0)20 7528 4133 Tony_Tyler@jltgroup.com www.jltgroup.com

Our specialist service and expertise: SECTORS Aerospace; Communications, Technology & Media; Construction; Corporate Recovery Risks; Engineering & Manufacturing; Entertainment; Financial Institutions; Food & Drink; Leisure; Life Science & Chemicals; Marine; Oil & Gas; Ports & Terminals; Power & Utilities; Professional Services; Real Estate; Renewable Energy; Sport; Transport; PRODUCTS AND SERVICES Accident & Health; Business Continuity & Supply Chain Risk; Captives; Claims Consultants; Credit & Political Risk; Cyber & IT Risks; Directors' & Officers' Liability; Global Insurance Management; Kidnap & Ransom; Professional Indemnity; Risk Consultancy; Terrorism & Political Violence.

Birmingham • Leeds • Liverpool • London • Maidenhead • Manchester • Southampton

JLT Specialty Limited. Lloyd’s Broker. Authorised and Regulated by the Financial Services Authority. A member of the Jardine Lloyd Thompson Group. Registered Office: 6 Crutched Friars, London EC3N 2PH. Registered in England No. 01536540. VAT No. 244 2321 96. 263764

NEWS ANALYSIS [ CONTEXT & INSIGHT ]

DISASTER

One year on from Deepwater The scale of the environmental damage for the Deepwater Horizon disaster is yet to be fully realised and blame has not yet been formally attributed. The only certainties are the lessons that can be learnt from it

Reuters

HEN THE DRILLING STATION Deepwater Horizon exploded and sank last April, killing 11 workers and seriously injuring 16 others, the world looked on helplessly as thousands of gallons of crude oil gushed into the Gulf of Mexico. Numerous failed attempts by BP and the American government to stem the ﬂow saw massive economic and ecological damage done to the area and, by the time the leak had been capped nearly three months later on 15 July, almost ﬁve million barrels (210 million gallons) had leaked. Fuelled by the one-year anniversary of the disaster, attention has refocused on the necessity of proper risk management and effective fallout mitigation. Yet the recent announcement that BP has issued $40bn (€28bn) worth of lawsuits against its contractors Halliburton, Cameron and Transocean, means that a comprehensive overhaul of risk prevention and mitigation systems is unlikely to occur any time soon. In an internal 193-page investigation into the incident published late last year, BP cited “a complex and interlinked series of mechanical failures, human judgments, engineering design, operational implementation and team interfaces” as the cause of the disaster. However, the lack of interaction and co-operation between the companies has seen ineffective mitigation and therefore a failure to remedy the situation.

Damaged blowout preventer on an oil rig

who responded in turn by dismissing the report as fundamentally ﬂawed. This evasion of responsibility has seen a failure to adhere to risk mitigation practices that could have signiﬁcantly limited the environmental and economic costs. In June 2010, the US House Committee on energy and commerce criticised BP for its failure to test cement at the well, which would have cost around $150,000 and taken around 8-12 hours.

What we know now Despite the prolonged and ongoing fallout, though, lessons have been learnt from the disaster. Institute of Risk Management head of thought leadership Carolyn Williams told StrategicRISK that “since the BP oil spill, many companies have been asking themselves: ‘What could be our Deepwater Horizon?’ and subsequently building this sort of reverse scenario planning into their risk management. “Whereas the BP situation underlined the need for a stronger emphasis on process

Start talking A January 2011 White House national commission report on the oil spill urged “better communication within and between BP and its contractors” and demanded “internal reinvention … and sweeping reforms that accomplish no less than a fundamental transformation of its safety culture”. Yet fallout from the disaster has been met with only a blame game from the companies involved: BP’s internal report laid signiﬁcant blame on its contractors,

‘Since the BP oil spill, many companies have been asking themselves: “What could be our Deepwater Horizon?”

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

Carolyn Williams Institute of Risk Management

safety – as well as individual safety measures – it is also recognised that Black Swan-type accidents can still happen, even with industry-standard risk management in place. “This shi s the focus to resilience and recovery – ensuring that the organisation can recover quickly from an incident and that its impact – human, ﬁnancial, environmental and reputational – is minimised.” The government has also taken steps to prevent such disasters in the future, splitting the agency that oversees offshore drilling by segregating the divisions responsible for safety regulations and the collection of industry royalties. The government also temporarily suspended deep-sea drilling to investigate and reinforce design and safety requirements. And, despite the impending legal furore, BP’s new chief executive, Bob Dudley, has hinted towards progress. In an op-ed in the Wall Street Journal he indicated that BP was “creating a central safety and operational-risk organisation reporting directly to me”. Dudley insisted that this organisation would have “the authority to intervene in our operations anywhere in the world … linking the management of employees’ performance and reward directly to safety and to compliance with BP’s standards”. Yet though measures have and are being implemented, the situation is still a long way from being resolved. A recent environmental report suggested that it could be decades rather than years before the full extent of the damage becomes clear, while the legal battle between BP and its contractors is set to obfuscate an already complex web of systematic problems underlying the economic and environmental fallout of the disaster. Lessons have been learnt from the Deepwater Horizon disaster: whether improvements will be fully and effectively implemented remains unclear. SR

Bravely exploring uncharted territory in the world of specialty insurance and reinsurance.

Specialty solutions. Worldwide.

awac.com

A world without a road map is a world full of opportunity. At Allied World, we aren’t afraid to journey off the beaten path to ﬁnd new markets or explore new opportunities. Our skill at navigating uncharted terrain enables us to work closely with clients to ﬁnd innovative ways to balance risk with reward. When it comes to specialty insurance and reinsurance solutions, sometimes the road less taken is the one well worth traveling.

INSUR ANCE | REINSUR ANCE | S Y NDIC ATE 2232

Insurance coverage is underwritten by member companies of Allied World. Coverage is subject to underwriting. Member companies may not be licensed in your state or jurisdiction. To ﬁnd out if coverage is available, please contact your insurance broker.

NEWS FEATURE [ COVER STORY ]

Dutch battleship Hr Ms Evertsen can be seen in the background as a member of the Dutch Special Forces stands guard aboard the Fade I cargo ship, a World Food Programme vessel delivering 5,000 tonnes of food aid to Somalia

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

PIRACY

A king’s ransom Piracy exists outside the law and continues to grow every year. As political conﬂicts increase the situation is set to get worse, creating new and potentially dangerous risks to manage Key points 01: Piracy attacks are at a record high, with 70% taking place off the coast of Somalia 02: Average annual earnings in Somalia are around €350, making piracy an attractive option 03: The main driver of piracy is the increased ransoms being paid 04: There is limited political will to tackle piracy, which means private companies are le to take action 05: Businesses with interests in the region should consider ways to lessen the risk of piracy attacks

S BUSINESSES AROUND THE WORLD ASSESS THEIR prospects, one industry at least can be confident that 2011 will be another bumper year: piracy. Attacks at sea hit an all-time high in the first three months of this year. There were 142 attacks worldwide, with 97 of these off the coast of Somalia where, with no central government (see box, overleaf), pirates are free to operate at will. The country, which fronts onto some of the most valuable shipping lanes in the world, is rapidly becoming the world centre for piracy with at least 18 commercial vessels and around 500 hostages currently held by Somali pirates, according to Maritime & Underwater Security Consultants. “This is a problem that will definitely persist in the near-medium term,” says Control Risks global issues analyst Karlin Younger. “There will be no solution until the situation on the ground improves. Whatever the international community or mariners do to protect themselves, the pirates shift their tactics and find new ways to stay in business. They react. They read what people are writing about them in the media. Plus, the pirates now operate over such a huge area, it’s almost impossible to police it properly.” Even where naval forces do engage pirates, their hands are often tied. “The legal framework for the military is not helping,” says Global Risk Solutions’ Sean Woollerson. “They often have to operate a capture and release policy. Plus, it’s not a crime to be sailing around with a few guns. A lot of fishermen have guns – if only to protect themselves from pirates – and it can be hard to identify the aggressor. It’s a constant frustration for commanders when you talk to them; there’s no courts or jails to accommodate the pirates, no judicial infrastructure.” ECONOMICS

Sven Torﬁnn/Panos Pictures

A lucrative career path “Piracy is the only game in town,” says Control Risks analyst Karlin Younger. Somali pirates earn up to 150 times the national annual wage – $79,000 (€55,000) in a region where average earnings are $500 or less – according to a recent study by the political and economic intelligence consultancy Geopolicity. The study estimates that Somali piracy was worth $238m in 2010 and could hit $400m by 2015, while the costs of piracy to the international community could almost double, from $8.3bn in 2010 to more than $15bn by 2015.

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

NEWS FEATURE [ COVER STORY ]

“There is a lack of political will to do anything; a lack of appreciation for the importance of the issue. Unfortunately, I think there is a dim view of mariners: if we were talking about a couple of 747s being held hostage then the reaction would be, I think, quite different.” The pirates have been quick to take advantage of the situation. One recent tactical shift is the use of ‘mother ships’, large vessels that are used as a base to launch multiple attacks, re-supply and conduct hijackings. “These vessels – often hijacked themselves – greatly increase the amount of time pirates can stay at sea,” says Younger. “They are also less reliant on good weather.” manufacturing, where the In addition, the remarkable success of the shipping is outsourced, the big risk ‘For businesses it’s a triple pirates – and the reporting of high ransoms in is loss of merchandise, loss of sales the global media – has attracted more aggressive and any penalties for absent whammy with rising criminals from across the region, which some deliveries. analysts blame for a recent increase in violence premiums, longer transit “With retail increasingly towards crews. In 2011 hostages were executed sourcing huge amounts of goods times and the costs of for the first time, and released hostages are from Asia, whether it’s clothes increasingly reporting torture and mistreatment. additional security’ or iPods, the potential for But the main driver of piracy – the issue disruption could be considerable, Karlin Younger Control Risks no-one wants to talk about – is the increased especially if it were a Christmas ransoms being paid to free captive seafarers. supply,” notes Taylor. This is a hugely sensitive issue, and few involved will discuss “However, there is a lot of good information out there and risk figures, but according to Maritime & Underwater Security managers should very quickly be able to look at the risk to their Consultants, the average ransom has increased from $2.1m (€1.47m) companies, and then the task is to work out how to mitigate that in the first quarter of 2009 to $4.6m in the first quarter of 2011. risk. They should be asking what routes ships are taking and “The key issue is: should there be payments?” says potentially look at breaking up the cargo over different vessels to Maplecroft associate director Anthony Skinner. “No one is willing spread the risk. There are a lot of preventative measures you can to discuss this, but ultimately it is ransoms that are perpetuating take and good crisis prevention training available.” the problem.” In short, be prepared. Whether it’s by installing water cannon With so much money at stake, some see piracy spreading to the and razor wire, or scrutinising contracts and thinking tactically, all other side of the Gulf of Aden as the political situation in Yemen businesses with an interest in the Gulf of Aden need to realise that deteriorates and the country becomes increasingly lawless. “It bodes the Jolly Roger will be flying high for some time to come. SR ill for a potential solution,” Skinner says. “While the vast majority of PIRATE HAVEN pirates are from Somalia, Yemen is becoming an important factor. “Although the responsibility does really lie with the shipping companies to manage this, it is a matter of international concern. Although the pirates themselves are not ideological, there is Somalia is a classic ‘failed state’, one of the poorest and most violent places on Earth – and evidence that al-Shabab in Somalia are ‘taxing’ pirates for a safe the perfect berth for pirates who want to operate outside all law. berth and that money is effectively funding Islamic extremism, It has been without a central government since 1991, when president Siad Barre was which potentially has a global security dimension.” overthrown and the county descended into the war, famine, disease and anarchy that has But for the moment, industry is shouldering most of the characterised it ever since. burden. “For businesses it’s a triple whammy with rising Although there is an international recognised authority – the Transitional Federal premiums, longer transit times and the costs of additional Government – it only controls part of the capital, Mogadishu, while the al-Qaeda affiliated security,” Younger notes. al-Shabab rules much of the south. However, for all the dangers some argue that cool pragmatism The northwestern region, Somaliland, has declared itself autonomous, as has the will win the day: “Piracy is just another risk that needs to be northeastern region of Puntland. In much of the country, the only real authority is with managed and planned for,” says The Morgan Crucible Company’s localised clans and warlords. director of risk assurance, Paul Taylor. “I would not want to get it With easy access to weapons, desperate poverty and a generation who have only ever overstated. There are dangers but also ways to prepare. known war, it was only a matter of time before young Somalis turned their attention to the “When you’re talking about shipping firms, then it is wealth floating by offshore. potentially big; you’re talking about the potential loss of ships, people and goods under their care and custody. With

The politics of Somalia

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

Viewpoints

[ PEOPLE ] [ OPINION ] [ COMMUNITY ]

> Association The big reveal.... 19 Airmic has some signiﬁcant announcements up its sleeve > In my opinion Hack attack...20 The Sony debacle shows that ﬁrms need to sharpen up their security

PROFILE

Well connected Manufacturing and laying sub-sea cables is a complex, big-money business. Luckily for group risk manager Alessandro De Felice, Prysmian takes its risk management very seriously

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

VIEWPOINTS [ PEOPLE ][ OPINION ][ COMMUNITY ]

T’S A WARM MAY MORNING as StrategicRISK arrives in Milan to meet Alessandro De Felice, group risk manager for Prysmian, the world’s largest manufacturer of industrial cables for energy and telecoms. We’re lucky to snatch some time with De Felice, who is in the midst of a major integration programme following Prysmian’s merger with Dutch cablemaker Draka. Buried in papers at his office on the fourth floor of Prysmian’s Milan HQ, he welcomes us with a friendly and firm Roman handshake and reclines comfortably behind his desk. Dotted on the rear wall are pictures showing De Felice enjoying one of his favourite pastimes, yacht sailing. Skiing is another passion. He’s also a family man with a wife and two young children. But we came to talk business. Following the recent merger, Prysmian has overall sales of some €7bn, with subsidiaries in 50 countries, 98 plants, 22 research and development centres and 22,000 employees. Its cable-laying ship Giulio Verne has also recently finished one of the most ambitious energy cable projects in the world, laying a 435km sub-sea energy cable between Sardinia and Italy. “Project risk management is very important to us,” De Felice explains. “Laying these cables is a complex operation and costs a huge amount of money.” The project to connect the cable from Sardinia to Italy was worth €480m, for example. The risks associated with the project were vast, being in a part of the world where the seas are both tempestuous and busy with commercial ships and fishing vessels. “It’s also a very deep water cable,” De Felice says. “In some places, the sea is 1,600 metres deep and in other places the cable had to be buried into the sea bed.” The project itself is also extremely complex owing to the nature of the machines used to perform the operation. With the range of potential risk so large and complicated, it’s no surprise that Prysmian takes risk management so seriously. Fortunately, the company had completed a number of these difficult installations before, including in San Francisco and Tasmania. “The cables are used a lot in large offshore wind platforms like in the North Sea,” De Felice explains. “We have a large project in the North Sea out of the Netherlands at the moment, which is one of the largest sea power projects ever realised. These projects allow our customers to transmit power so that it can be used where it’s needed and when it’s needed.” Prysmian’s energy cable division is a large and growing part of the business, says De Felice,. “The claims associated with these projects could be very large, and the underwriting is very technical and it goes into great detail.” Risk management is a vital part of this. And it is this that puts De Felice in an enviable position. The emphasis on risk management makes his job a little easier. “I don’t need to explain to my colleagues why we are doing risk

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

management activities and what the beneﬁt of it is,” he says. “That is already well recognised.”

The early years But things weren’t always this simple. De Felice followed a traditional route into the risk management profession, via several years working in insurance. After graduating from the University of Rome with a degree in politics, he started professional life as a broker. “Most people with a degree in politics in Italy go on to something like law,” he says. Instead, as a student De Felice worked for an insurer in Rome doing mainly administration. His break came in 1994 when he had the opportunity to move to London as a broker in the Lloyd’s market. “I was involved in the underwriting process, preparing submissions for large commercial risks,” he remembers. “Then I moved back to Milan as an account handler, mainly helping large foreign clients arrange their local insurance programmes.” He spent most of the 1990s working as a broker and risk consultant, for a time working in aviation. “At that time, there were lots of small carriers operating from minor airports in Italy,” he says. “The aviation industry is historically one of the most developed in terms of risk management. There are a series of protocols, checks and balances to ensure safety.” In 1999, De Felice took the biggest step of his career, leaving the insurance broking world behind and joining huge Italian brand Pirelli. The tyre maker is famously a breeding ground for risk management talent in Italy. De Felice is personal friends with Pirelli’s group risk manager Jorge Luzzi (proﬁled in the October 2009 issue of StrategicRISK). “I had worked with them before because they were one of my clients,” De Felice says. “Moving from being a consultant to the perspective of a company risk manager was attractive to me. Pirelli was a great experience – I had the

John Hurrell,

CHIEF EXECUTIVE, AIRMIC

chance to travel a lot, as Pirelli’s subsidiaries were dotted all over the world. The activities in those days included tyres, cables and real estate, which was booming.”

Time for an upgrade De Felice was soon promoted to the position of risk manager for Europe, the Middle East and Africa. In 2005, Pirelli sold its industrial activities in the telecom and cables sector to Goldman Sachs, and De Felice was offered the group risk manager job for the new entity that was born out of the spin-off and took the name Prysmian. His priorities were setting up the risk management department, writing the company’s risk management procedures and standards, issuing loss prevention policies and reorganising the insurance programme. ‘I don’t need to explain to Prysmian became my colleagues why we are When a listed company in 2007, De Felice’s doing risk management department took on activities and what the more responsibilities and the emphasis on beneﬁt of it is. That is risk management already well recognised’ increased even more. “There were a lot Alessandro De Felice Prysmian more reporting requirements,” he says. “We had to upgrade the insurance risk management to a more enterprise risk management approach, because we had to start reporting about risk management efforts in the annual reports, which were public and audited.” This increased workload led to the risk management team swelling to ﬁve people. Just three years after the spin-off from Pirelli, De Felice set up Prysmian’s very own reinsurance captive, domiciled in Dublin. “The captive deals with the major risk transfer programmes for the group. It has had a hugely positive effect on our dealings with the insurance market.”

The Draka merger Currently, De Felice is in the process of integrating his department with Draka’s risk management team. “It’s one of the biggest mergers in Europe in recent years,” he says. “Fortunately, the company cultures are not that different. Both companies have a similar emphasis on risk management.” “The merger won’t ultimately change the risk proﬁle of Prysmian, because the product portfolio is the same,” De Felice adds. “The merger has increased the size of the portfolio, but not the risk exposure. We already know what the main business risks are. Our plants, for example, are similar. And our product liability is the same. “The main issue is to integrate the risk management procedures and the insurance programmes. We have to eliminate potential overlaps. They may be using different insurers, so we need to evaluate who has the better conditions and claims handling capacity. The best of both worlds is the motto for the merger. This activity will continue for the next couple of years – it’s a big challenge.” In that time Prysmian will continue to expand its energy cable network, helping to keep the lights on in Europe and elsewhere in the world – provided, that is, De Felice can keep up the good work. SR

IN MY OPINION

It’s ﬁnally time to reap what we’ve sown All the hard work of the past year is about to yield results as Airmic delivers a number of landmark changes at its annual conference

NYONE WHO HAS TENDED A VEGETABLE GARDEN WILL KNOW the feeling. You toil for months with little to show for it, then, if all goes to plan, you’re suddenly awash with the rewards of your labour. This is how it feels now at Airmic. We have been working hard for the past year on a range of projects, many of them quite ambitious, and they are starting to yield impressive results. Let’s begin with the issue of non-disclosure, because it’s so important to our members. A slight confession might be in order here. At the 2010 conference, we announced our intention to produce a model clause to get around shortcomings in the Marine Insurance Act 1906 by the end of last year. Well, making good the failings of a complex and entrenched 100-year-old piece of legislation has taken a bit longer than we originally hoped. Nonetheless, at our conference in Bournemouth expect us to unveil our new clause, which has been drawn up by Herbert Smith for insertion into insurance contracts. The intention is to help members overcome the draconian nature of UK insurance law, which makes it virtually impossible for commercial insurance buyers to fulfil their disclosure obligations. For those who use it, there will be a greater degree of certainty that legitimate claims will be paid. We believe it will also underpin the credibility of the UK insurance market. Airmic will also be publishing its disclosure best practice guide, drawn up by technical director Paul Hopkin. Another landmark at the conference will be publication of the first part of the Cass Business School study into ‘major risk events, their impact and implications’. This research has made tremendous progress over the past 12 months and contains valuable insights into the qualities that make firms resilient (or not) when events take a turn for the worse. Crucially, it is supported by 18 case histories, which will be published later this year. While there is no one way to guarantee success in adversity, we believe that this publication will be of tremendous value to risk managers. Returning to insurance, if you have attended our briefings you will appreciate what a headache the compliance of global insurance programmes can be. We are fortunate that our board member Helen Hayden is a recognised expert on global compliance and is helping us to produce a guide. It is a great example of Airmic and its members spreading knowledge to the benefit of our community. Anyone who has reached the top of their career will recall people who helped them at crucial times – more experienced colleagues who were happy to share their knowledge. Airmic will use the Bournemouth conference to launch a mentoring scheme that seeks to formalise this type of relationship. It involves senior risk managers partnering younger people from other organisations, and is being overseen by board member Elaine Heyworth, an experienced mentor, who says that the learning is very much a two-way process. Any volunteers please come forward. There are many other things I could discuss were there more space. Our latest property benchmarking survey for example, or StrategicRISK’s own work on careers in the industry, so it’s genuinely exciting to be able to show off the work of the association and the many, many people and organisations that support us. I hope you will agree that this year brings a good harvest. SR

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

VIEWPOINTS [ PEOPLE ][ OPINION ][ COMMUNITY ]

Sue Copeman, EDITOR-IN-CHIEF, STRATEGICRISK IN MY OPINION

When the mighty fall, what hope for the meek? StrategicRISK’s editor-in-chief Sue Copeman considers what it means when a global giant falls foul of increasingly adept hackers, despite there being seemingly rigorous protection in place

OLLOWING HACKERS OBTAINING SOME 70 million gamers’ personal details from its PlayStation Network recently, Sony’s chief executive apologised for the security breach and said that there was ‘no conﬁrmed evidence’ that credit card details or other personal information had been misused. A later report suggested that hackers may have stolen the personal information of 24.6 million Sony Online Entertainment users, with more than 20,000 credit card and bank account numbers put at risk. The company has been criticised not only for its lack of security but also for failure to alert customers immediately. Apparently it now plans to cover each video games user with a $1m identity theft insurance policy. I wonder which insurance company is prepared to cover this risk? Could it be Sony Corporation’s own Bermuda-based captive PMG Assurance? The risk would hardly seem attractive to conventional commercial insurers.

immaterial. The crucial point is that they were able to do it in the ﬁrst place. A number of technology security companies have responded to the news of the Sony debacle with comments suggesting that current corporate security defence strategies are no longer enough. They are clearly right. But do any of them actually have the deﬁnitive security answer? Sony is ranked among the world’s top 100 global companies. If a company that big can’t protect its online customers with the aid of the big bucks that they can pay consultants, what hope is there for smaller businesses? Unfortunately for them, the Sony story followed news that Epsilon Interactive, an email service provider with hundreds of clients such as Best Buy and JPMorgan Chase, suffered a data breach, potentially compromising millions of names and email addresses. I spoke to a self-confessed hacker, who said he

Where there’s a will, there’s a way Sony is blaming members of the ‘hacktivist’ group Anonymous for the episode, calling it retaliation for action that Sony took against a hacker in a US court in January this year. But that really isn’t good enough. Who did it and why they did it is

‘Who hacked Sony is immaterial. The crucial point is that they were able to do it in the ﬁrst place’

does it “for fun”. He doesn’t steal, he doesn’t stage ‘denial of access’ attacks on websites, but he knows how to do it and he’s in touch with other people that do. He estimates that 90% of websites are easily hacked into. The exceptions are those belonging to governments and ﬁnancial institutions, he says.

Ensuring cyber security So what are the risk management lessons here? As someone who is certainly no expert in technology, I would suggest some common-sense rules. First, talk to your IT people about passwords and security. For example, don’t let them accept the standard mother’s maiden name as a security check. Anyone who has access to a customer’s name and date of birth will be able to get that information with not too much digging at a genealogy site. Secondly, look at the kind of security measures that banks are employing. Card readers that issue a different access number every time a company card is inserted seem to be pretty failsafe. Your company may have to undertake some customer education. I talked with the risk manager of one large European store chain who said that customers were generally not concerned about data security when they entered credit card numbers

AWARDS

Industry leading lights shine at StrategicRISK awards I

WOULD LIKE TO EXPRESS huge congratulations to all of the winners of this year’s StrategicRISK European Risk Management Awards. We tend to say this every year, but it’s really true that the standard of entries just keeps on getting better. Against a backdrop of tough economic times and a tricky operating environment, we received a record number of entries this year, well over a hundred. This list was independently

whittled down to a shortlist of 50 – you can’t win an SR award by buttering up the editor, sadly! Next, our expert judging panel sat down together for a day to mull over the entries and decide on a winner in each of the 10 award categories: • Best Business Continuity Approach • Most Innovative Use of IT or Other Technology • Best Risk Communication of the Year

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

• • • • • • •

Enterprise Risk Management Programme of the Year Risk Management Team of the Year Risk Management Product of the Year Best Risk Training Programme Best Risk Management Approach in the Public Sector Risk Management Young Achiever of the Year European Risk Manager of the Year

Tough customers I sat in on the awards judging and I can testify that the judges were not easily impressed. To win an award, you have to demonstrate innovation and clearly show what beneﬁts your

Defy the odds: you only bag a StrategicRISK Award if you show serious innovation

Community update online. If they wanted to buy something, they were happy to assume that the website was safe. This attitude is very likely to change in the next few years as more and more people learn a hard lesson. But in the meantime if something goes wrong, it’s your company that will get the blame and your business’s reputation that is on the line. There’s a need to balance ease of transaction for customers with providing them with a secure transaction platform. Don’t let your company be tight-fisted when it comes to proposals relating to protecting your customer base. Customers are the life blood of a business. Don’t ignore the threat from within. Discussions that I’ve had with risk managers suggest there is very little monitoring when it comes to joiners and leavers of the company. Could someone within your business be leaving with the details of your client base on a memory stick tucked in their back pocket? If that’s possible, you need to do something about it, fast. Finally, if something does go wrong, let your customers know as soon as possible. This gives them the chance to cancel credit cards and be alert to any possible identity theft. We can assume that Sony had all the firewalls and safety nets they believed they needed to protect their sites. That didn’t work. Hackers are proving far more intelligent and resourceful than the consultants that many businesses employ to safeguard against them, so precautions are vital. SR [READ MORE ON-LINE] For a profile with Jorge Luzzi, worldwide director of risk management for Italian tyre maker Pirelli, go to strategic-risk.eu or goo.gl/GcLTO

organisation has derived from the risk management initiative that has been undertaken. A full list of judging criteria is available at www.strategicrisk.co.uk/digital/srawards2011/ judging.asp. There is not always a clear winner and, in that instance, the judges were not afraid to eliminate the category from the competition rather than reward an entry that doesn’t quite live up to the strict standards. Having said that, there were plenty of entries that simply blew the judges away. These were the organisations that had deﬁed the odds and demonstrated excellence in the face of a really tough business environment. Rentokil, Sonae Sierra, SAP, Sibur,

Trimble, Amlin and Woodleigh Outreach Support Service are all organisations that deserve to be commended for their tireless efforts. Meanwhile, Rachelle Banham from Hertfordshire Constabulary Group and Igor Mikhaylov of Russia’s Mobile Telesystems are individuals who shone through as exceptionally high achievers. Not to forget the special commendations that the panel felt compelled to dole out. These are awarded when the judges feel an entry is so good that it deserves to be recognised but it narrowly misses out on the top spot. The high number of these just goes to prove how many

On 17 May, French risk managers met in Paris for the annual CARM conference. The theme of the event was Web 2.0 – Threats and Opportunities. The event was overseen by Ferma director Michel Dennery and featured variety of speakers from the French risk management world. Issues highlighted at the conference included internet activism, identity fraud, internet security, changing business dynamics and web socialisation.

In May, 30 risk professionals from across Germany launched the German chapter of the Institute of Operational Risk (IOR). Risk expert Walter Dutschke will head the chapter. The IOR will promote the development of risk management and give support to risk managers. Dutschke, said: “In Germany, operational risk is increasingly regarded as a key management function. But there are still areas that need improvement.”

great entries we received this year. In recognition of their special achievements, plaudits must go to: the London borough of Lambeth , Aéroports de Paris, Maplecroft, London Underground, and John Ludlow from InterContinental Hotel Group.

Stand up and be counted Now in their eighth year, StrategicRISK’s European Risk Management Awards will continue to provide a platform for risk management professionals to showcase their talents and demonstrate excellence. We consider it our mission to support, promote and help to develop risk management talent around Europe,

On 26 and 27 May, risk managers from around the Netherlands met in the coastal town of Noordwijk aan Zee at the Hotel van Oranje for the annual Narim conference. The main theme of the event was branding, and keynote speeches were given by Sharepeople board member Paul Stamsnijder, Blogo Media chief executive Stephan Fellinger and Dutch television presenter Anita Witzier.

and the awards are a vital part of that programme. The awards platform will exist for as long as risk management achievers are willing to put themselves forward, to stand up and be recognised. It can be tough sometimes, and I understand that some risk managers prefer not to stick their heads up above the parapet in case something does go wrong and they’re left rather red-faced. But I encourage anyone in the risk management profession who has achieved something remarkable to enter next year’s StrategicRISK European Risk Management Awards and let the industry recognise and reward their achievements. SR

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

VIEWPOINTS [ PEOPLE ][ OPINION ][ COMMUNITY ]

AWARDS

Meet the winners In May, well over 200 risk management professionals joined StrategicRISK to pay tribute to the industry’s high achievers and reward some excellent work. Here is the 2011 roll of honour

Risk Management Team of the Year FINALISTS • Arcadia Group Ltd • Capital Shopping Centres Plc • Dixons Retail Plc • Tesco Plc • Tetra Laval WINNER Arcadia Group JUDGES’ REMARKS Team synergy and collaboration are the hallmarks of Arcadia’s risk management efforts, the

judges felt. They noted how Arcadia has addressed diversiﬁed risks under very tough ﬁnancial circumstances in a merger environment.

Enterprise Risk Management Programme of the Year FINALISTS • Aéroports de Paris • Amlin Plc • Hoerbiger Holding AG • Sibur Holding • UK Power Networks

Colin Campbell, Arcadia Group

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

WINNER Sibur Holding JUDGES’ REMARKS The judges felt that Sibur’s ERM programme was very thorough. They noted particularly the attention paid to cultural aspects. “Embedding risk management into the culture of an organisation is how you make it work,” was one comment. Sibur uses a network of key risk administrators to help embed risk management throughout the organisation.

SPECIAL COMMENDATION Aéroports de Paris JUDGES’ REMARKS The judges appreciated the fact that the ERM programme at Aéroports de Paris had the full support of the chief executive. It is a comprehensive programme that includes ﬁnancial risk as well as operational risk, the judges said.

SPONSORED BY

SPECIAL REPORT [ WHAT IT IS THIS MONTH ]

STRATEGY

The case for captives Ask not just what your captive can do for you in terms of avoiding higher premiums but also how it can work as a central mechanism for controlling risk across the whole organisation

ISTORICALLY, COMPANIES tended to consider forming a captive insurer when premiums were high in the conventional market. But increasingly they now view captives not simply as an answer to a hard insurance market but as part of their overall risk management strategy. “The captive is above all a risk management tool,” Adageo principal Chris Lajtha says. He explains: “The primary reason for having a captive is to provide a method for a company to recognise the different risk appetites of its various activities round the world and their varying abilities to retain risk.” It is quite common in global programmes for the parent company to wish to assume a high deductible in its insurance covers. However, its operational business units may not want to self-insure to the same extent. “Local management with responsibility for generating a certain level of profit, and with a bonus structure linked to that target, will often wish to buy insurance with a low retention to cover what they perceive as non-core risks that could have an impact on their operating result. If they are forced to take a large deductible and then suffer a significant loss, bonuses will be affected, with the possibility that key personnel will leave the business,” Lajtha says. “A captive provides a vehicle to allow subsidiary operations operating in different parts of the world and with different exposure profiles to protect themselves at a commercial price for the insurable risks, with the company clawing back insurance premium into the captive vehicle.” Hugh Rosenbaum, retired principal from Tillinghast-Towers Perrin, and acknowledged ‘guru’ on captive insurance, believes the primary reason for companies taking the captive route is the imbalance between the cost of external insurance and

the corporates’ perception of their risk management. “They believe that their risk management is better than that for which they’re being charged.”

Controlling from the centre Kane Middle East managing director Shaun Brook sees captives primarily as facilitating risk management in order to provide a central mechanism to control risk within the organisation. “It’s also about control of costs. Companies have a better handle on the risks in their organisation and the total cost of risk.” Brook explains that captives can be a mechanism for covering risks that are currently uninsured or uninsurable. “Risk managers transfer a certain amount of risk through conventional means but there may be other risks that they understand but do not transfer. A captive can provide a way of holding that risk off the balance sheet. “Captives provide the ability to retain risk that is already on balance sheet in a more formalised way, with subsidiaries paying appropriate premiums. It’s a way of managing and monitoring risks in the business that are currently uninsured. If required at a later stage, the company can go into the conventional market with a track record that demonstrates that it understands and manages these risks, and negotiate coverage and terms that might not have been available before.”

Lajtha also supports this view of increased visibility. “Companies within large complex groups can often find ways of ‘squirrelling away’ reserves in case of particular losses that aren’t insured. If that money is paid into a captive, the parent can see what is really going on,” he explains. Once a company has established its captive, it can use it to encourage behavioural change in respect of risk, encouraging and rewarding best practice, Lajtha adds. “It can remove or add coverage, raise or lower deductibles, charge more or less premium. All of these strategies can influence the behaviour of subsidiary operations.” He also stresses that captives can generate real operational efficiencies. “For many years, HR departments have been responsible for employee benefits programmes. But they have also been managing the financing of these benefits – and by and large they have not done this particularly well. The captive can be used to reinsure employee benefit pools, producing significant efficiencies,” Lajtha says. PricewaterhouseCoopers global actuarial leader Bryan Joseph believes companies must view captives as part of their risk management strategy. “When deciding whether or not to form a captive, they should ask how it will contribute to their risk management and provide real value in the long-term.” SR

WHAT’S IN IT FOR ME? • • •

• •

Reduction and stabilisation of premiums. Insuring the uninsurable. Controlling your own insurance programme (in other words stability of premiums). Positive impact on risk retention, risk management and loss control. Cashﬂow beneﬁts.

• • • • •

Direct access to the reinsurance markets. Diversification into a profit centre. Potential tax benefits. Consolidation of deductibles. Reducing dependence on commercial insurers and insulating from market cycles.

Source: Royal Bank of Canada fact sheet ‘Understanding Captive Insurance Companies’

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

SPECIAL REPORT [ CAPTIVES ]

FACTORS

Going for the hard cell A captive insurance facility can add value to a risk management strategy, but there’s no ‘one size ﬁts all’ solution. Issues of control and taxation must be considered before making an expensive decision

HEN A COMPANY BELIEVES that a captive insurance facility will add value to its corporate risk management strategy, a feasibility study is generally the next step. In order to be objective, this should cover not just the impact of the captive but also assess alternative risk funding solutions. Setting up a captive can be expensive, so it is important to justify the decision. According to the Royal Bank of Canada, the study can include: • a review of coverages and whether they are appropriate for captive inclusion; • an analysis of deductibles and loss trends, • the preparation of estimated pro forma ﬁnancial statements relating to the proposed captive;

•

a review of possible captive domiciles; and/or • general commentary on the ‘ﬁt’ of a captive in the parent’s risk management strategy/philosophy. Normally the company will appoint a professional adviser to conduct the study and it will have to supply them with a fairly comprehensive amount of information relating to its current insurance and self-insurance programme, claims data, and its strategic objectives and risk management philosophy. As well as ascertaining if a captive is the best option, the study should also give some guidance on the way that it should be structured. Generally, this involves a choice

between a fully ﬂedged captive company dedicated to one enterprise or a protected cell captive insurance company. According to professional advisers Dixcart: “There is no single ideal means to own a standalone captive or cell within a captive; each proposition has its own speciﬁc characteristics and needs to be examined individually.” Factors that come into play here include control. The ownership of the captive vehicle and its share capital will determine the

‘There is no single ideal means to own a standalone captive or cell within a captive’ Dixcart

GEOGRAPHY

Location, location Choosing the right domicile and management for a captive can be crucial for its success and thus its ability to meet corporate strategic objectives. What are the main selection criteria?

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

RICEWATERHOUSECOOPERS global actuarial leader Bryan Joseph says that what companies want to do with their captive generally drives the choice of whether they locate on or offshore. “If the company intends writing any compulsory lines directly through its captive, it will probably look to have it located onshore. If it will be writing reinsurance or will not be covering any compulsory lines, offshore domiciles lend themselves. There are a number of jurisdictions which are onshore to the EU and which are favourable from a regulatory tax point of view, for example Luxembourg, Malta and Gibraltar,” he says. Consultant Hugh Rosenbaum believes the main criteria are regulation, accessibility and expertise. “Regulation is probably the number one and comes way before cost,” he says. Kane Middle East managing director Shaun Brook considers an important issue is the depth of expertise that exists in a potential domicile. “Generally, in most cases the signiﬁcant consideration is the management of the captive by a third party. Companies usually prefer not to manage it

themselves but leave it to the experts. And they also need to consider the quality of the additional professional advice available in the location, such as accountancy and legal. “The ﬂexibility and strength of the regulations – and the reputation of the domicile – are also key factors,” he adds. Brook, based in the Middle East, expands on the subject of domiciles in the region and why these are growing in importance. “It’s a matter of geography – the position that they have in relation to local markets – plus the fact that they are looking to create an attractive regulatory climate. “For example, Qatar is working hard to create legislation at a level on a par with the best in the world, implementing conducive capital and solvency requirements, as well as a framework to attract the professional ﬁrms needed to provide the right infrastructure.” As well as providing a natural location for the fast-growing companies in the region, Brook believes that a Middle East captive presence may also appeal to global companies that have expanded into this area and are considering a multi-domicile strategy.

Annual average GWP Asia Paciﬁc 2007 Asia Paciﬁc 2010 Continental Europe 2007 Continental Europe 2010

level of management control the owner can exercise over that captive vehicle, says Dixcart. Consultant Hugh Rosenbaum comments: “With a cell captive, a company can lose some of the control in the sense that it may not have its own board of directors and will be subject to the decisions of the underwriting committee, which considers every risk submitted to the cell. In terms of management and regulation, the costs may be less with a cell, but I think they are only really attractive for companies that have a low premium spend. Generally, big companies will look for ownership and control.” Dixcart also makes the point regarding businesses with a diverse shareholding: that the accumulated profits of the captive vehicle will be required to flow back directly to the insured business. “Shareholders of this insured business will consider the potential profits from the captive vehicle to be part of their total investment return. In such a situation, the shares in the captive vehicle would most effectively be held by the insured business.” Dixcart adds that owner-managed businesses also have an option where, rather than the insured business owning the

According to FiscalReps chief executive Mike Stalley, the lack of a uniform EU insurance premium tax code is a particular headache for captive insurers. “Insurance premium tax (IPT) is an often overlooked source of risk for captives and their parents. Now that the tax beneﬁts of self-insuring through offshore parties are generally eroded, the captive industry is largely dependent for its success on a high level of risk transfer and risk management expertise. “The requirements of IPT payment in the EU complicate these processes and can be an unwelcome and time-consuming distraction for captives not adequately informed or prepared.” He explains that complying with EU IPT tax laws is an issue for all captives – and traditional insurers – that insure risks within the EU, regardless of where they are domiciled. This is because EU law determines liability for IPT according to location of risk – the speciﬁc country where the insured risk is situated. But there is no harmonised system of IPT settlement and collection within the EU itself. Individual countries are free to decide how and whether to tax insurance premiums. SR

UK and Ireland 2007 UK and Ireland 2010 USA and Canada 2007 USA and Canada 2010 $0

$12.5m

$25m

captive vehicle, the captive vehicle is owned by the various shareholders. “This enables an effective split between the ownership of the economic beneﬁts of the business and the captive vehicle, with potentially differing initial capital contributions and ongoing investment returns.” Rosenbaum points out that group captives, jointly owned by a number of companies, can be very successful. However, he admits that they can be difficult to establish and that there can be friction, for example relating to the standards of risk management employed by the different owners. Companies also need to take taxation considerations into account. These are usually complex and are affected by the choice of domicile.

VALUE OF CAPTIVES IN A HARSH ECONOMIC ENVIRONMENT ONE OF THE CORE BENEFITS OF CAPTIVES – OVER TIME – has been their ability to allow organisations to manage their insurance risks and costs with more certainty and predictability, despite sometimes erratic insurance market cycles. This allows risk managers to be consistent in underwriting and risk retention, and permits them to adjust pricing internally to better support their business units and ensure these business units can focus on improving market position and proﬁtability. The captive allows the risk manager to adjust to insurance market demands more efficiently, responsibly and proactively.

Captives have proven over time to be highly adaptable, with great survivability. Among all the economic gloom, there are other factors that encourage the use of captives. For example, in more than 50 domiciles worldwide – spanning nearly every continent – and in emerging domiciles like Qatar and Dubai, the economic recovery will deﬁnitely stimulate risk-taking and captive formation and usage.

“It’s a way of giving their local risk management – who may find it difficult to communicate with and understand a captive based in say, Bermuda or Europe – greater control over the significant risks in the region. They can also then organise their own reinsurance purchase with reinsurers that they feel completely understand the inherent risks in the Middle East,” he says. Wherever companies decide to locate their first, second or even third captive,

there seems to be fairly widespread concern about the impact of the forthcoming Solvency II insurance regulations. Brook believes existing and potential captive owners are concerned about a possibly onerous requirement that might be placed on captives and the cost associated with managing a captive within a Solvency II regulated environment. Joseph believes that Solvency II could encourage captive owners to go offshore

Source: Darwinism at Work? How the current economy and the market impacts captives and risk managers, by Carol A Frey and Linda Kane, December 2010, ACE Progress Report

because they will not want to provide capital to the level that is required by the solvency regulations. Rosenbaum is even more outspoken, referring to the “heavy-handed and negative influence of Solvency II”. “Captive insurance companies were always considered a means of do-it-yourself risk financing. Solvency II looks as though they will be regarded as true insurance companies, which was never the intention when they were established.” Adageo principal Chris Lajtha takes a different view. He does not believe that Solvency II will put people off from domiciling in Europe. “It’s too early to say because we have not heard enough about how captives are going to be treated in Europe. We need to see how the proportionality principle will be incorporated in the final guidelines,” he says. “Overall, Solvency II makes good sense and should encourage better practice.” Lajtha believes that Solvency II will not be fully implemented by January 2013 and that there may be a phase-in period. “Hopefully Solvency II regulations for captives will be supple and light enough to allay fears,” he says. SR

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

UÊ,>Ìi`Ê – for ﬁnancial strength by Standard and Poor’s† UÊ"vwViÃÊ ÊÎnÊV Õ ÌÀ iÃ UÊ"ÛiÀÊ1-Êf£nÇÊL Ê Ê>ÃÃiÌÃ UÊ-Ì V `iÀÃÊiµÕ ÌÞÊ vÊ ÛiÀÊ1-ÊfÓÎÊL UÊ"ÛiÀÊ1-ÊfÓ ÊL Ê Ê«Ài Õ Ê V iI

Standing strong in an uncertain environment A spirit of trust

*,"* ,/9

* ,-" Ê

www.tokiomarine.co.uk † Rating correct as at 25 March 2011 * Sum of net premiums written and life insurance premiums / Ê >À iÊ ÕÀ «iÊ ÃÕÀ> ViÊ Ìi`ÊÊ i LiÀÊ vÊÌ iÊ ÃÃ V >Ì Ê vÊ À Ì Ã Ê ÃÕÀiÀÃÊ ÕÌ À Ãi`Ê> `ÊÀi}Õ >Ìi`ÊLÞÊÌ iÊ > V > Ê-iÀÛ ViÃÊ ÕÌ À ÌÞÊ À Ê,iviÀi ViÊ Õ LiÀÊÓäÓxÇ{ÊÊ,i} ÃÌiÀi`Ê"vwVi\Ê£xäÊ i>`i > Ê-ÌÀiiÌ]Ê ` Ê Î6Ê{/ ÊÊ,i} ÃÌiÀi`Ê Õ LiÀ\Ê n {Ó£Ê } > ` / Ê >À iÊ À Õ«Ê v À >Ì ]ÊV ÀÀiVÌÊ>ÃÊ>ÌÊÎ£Ê >ÀV ÊÓä£ä

/, 6

> Compliance Global ............... 39 Getting local management buy-in for a global insurance programme

Jamie Sneddon

Governance

[ ETHICS ] [ COMPLIANCE ] [ REPORTING ]

> Risk Atlas Corruption ........... 42 Bribery and corruption are rife. Our risk map shows the hotspots

INSURANCE

Get it together A global risk management programme can help multinational companies win on cost-effectiveness and consistency while building risk awareness

Âť

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

GOVERNANCE [ ETHICS ][ COMPLIANCE ][ REPORTING ]

Key points 01: Any programme must start with in-depth knowledge of all the territories’ risk appetites 02: More awareness of global risks beneﬁts the whole group 03: Premiums can be a tool to encourage best practice. Captives can help here 04: The bigger and more centralised the company, the more effective the programme 05: ‘Wriggle room’ to woo reluctant territories is essential

GLOBAL POLICY CAN PROVIDE SIGNIFICANT benefits for organisations with the appropriate risk management philosophy. How do you decide if a global programme is right for you – and what are you likely to gain from this approach? “One of the best ways is to start from the vantage point of what the company’s risk philosophy is around risk management,” says ACE Overseas General president Michael Furgueson. “It is very important to begin by thinking about how you buy insurance and what you are buying it for.” Structures, profit and loss requirements vary enormously between companies, he adds. For example, a property management business that manages property on behalf of investors will have a very different approach to insurance from that of a large globally integrated multinational. Considerations include the various locations of the company’s operations and the cost of risk, continues Furgueson. “What kind of risk appetite does the company have for local retentions or deductibles? What is its approach to the use of risk financing tools like captives?” he asks. Certainly, while some companies are keen exponents of the captive approach, the potential implications of the forthcoming insurance regulation, Solvency II, has given some European risk managers food for thought in terms of the types of risk they would place with a captive, and with associated governance and capital requirements. A company’s risk management philosophy may also be influenced by cultural differences, says Furgueson. He explains: “Some cultures around the world are very risk-averse. Companies in these regions tend to take very low deductibles, preferring to pay more premium to transfer the risk. Others have more appetite for risk.”

Why go global? An effective global insurance programme can produce substantial beneﬁts. Karen Gorman, a partner in the Jardine Lloyd Thompson global support team based in London, summarises these as: • assisting with corporate governance; • maintaining greater control and consistency with comprehensive communication;

• • •

helping to control cost through economies of scale; providing a broader scope of cover on a global basis; enabling inclusion of non-standard covers that may not be available in some countries; and • enabling standardisation of insurance processes. Willis International’s global network practice leader, Claude Gallello, says that a group that has a fragmented insurance programme – in other words, allows its local businesses to make all the decisions – can be putting itself at a disadvantage compared to its competitors with global programmes. “Dealing with different underwriters is likely to produce non-competitive pricing and a lack of uniform coverage,” he explains. “There are some qualifications in certain countries but in general you are maximising your buying power when you have a global programme.” Gorman agrees, although she suggests that it’s a wise move to ensure that the costs associated with the global programme are benchmarked against what it would cost to purchase insurance in the various countries involved. Gallello also highlights the fact that a company can generally obtain broader coverages through a global programme than it can achieve individually, country by country. “Some countries like Germany may have broader coverage than is generally available, for example in the area of environmental insurance. But, as a rule of thumb, the coverage you can acquire locally by buying your policies individually are not as broad as they are if you buy centrally,” he says. Consistency is another major benefit of the global approach. Miller Insurance Services’ Matt Grimwade explains: “Companies that have a centralised approach to insurance will want to try to develop a system where there is as much consistency as possible between the different operations.” And he says that this is where rolling out best practice across the group can come in. “If they have very good quality systems and processes in place around risk identification and management in certain territories and other territories are more lax, one of the big benefits of the global programme is that they can use best practice to bring the lower standard locations up to the higher level,” he says.

LOCAL BUY-IN

It’s not for everyone … Balanced against the cost and consistency beneﬁts are some considerations that might erode the effectiveness of the global approach for some organisations. Perhaps one of the greatest of these is the need for local management buy-in, which is not always easy to obtain. Gorman says that this is a common problem. She cites the example of a company that made an overseas acquisition whose risk appetite was very different from its new parent. “The parent’s risk management policy was to insure property against catastrophic losses, so it was taking a huge deductible. But the acquisition was historically very risk-averse and had been buying property cover with a zero deductible. When it came into the global programme,

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

it insisted on buying a deductible inﬁll programme, effectively just pound-swapping with the insurer concerned.” Local entities are also likely to have established relationships in their national markets while their local brokers may tell them that their existing arrangements are cheaper than those provided by the global programme. This is clearly where Grimwade’s “wriggle room” in respect of premium allocation may help. Risk managers considering global programmes should also be aware that there may be considerable administrative work involved. And Gallello doubts that a company without central control will be able to make a global programme work.

Conversely, companies without a looking for a suitable loss adjusting firm to be centralised insurance approach are likely to nominated that can provide a global service.” ‘Master policies are experience greater inconsistency about the However, perhaps one of the greatest benefits designed to be flexible quality of risk management across their that a global programme offers is increased risk various locations. to meet multinationals’ awareness. Gallello says: “Companies need to Related to this is the consideration of know what the risks are around the world, different needs’ how a company can charge the cost of risk to particularly when they are considering Matt Grimwade Miller Insurance its individual subsidiaries in a way that reflects acquisitions in different territories. A global its risk management focus. “Captives can play approach creates more awareness so that a big role in that, helping to highlight the cost of risk and the companies can ensure they have appropriate practices in place.” benefit of good risk management practices,” Furgueson says.

Premium pressure Grimwade explains that risk managers with a global programme can use their premium allocation model to instil best practice. “Companies generally apply a number of criteria when deciding premium allocation. For example, these can include loss history, the physical protections that are in place and how many historic risk management recommendations have been completed. “All these criteria can be developed into a model to make the approach to premium allocation more sophisticated,” he continues. Ideally, risk managers should make their premium allocation model as objective as possible, so that there is less basis for local entities to take issue with why they are being charged certain amounts. However, Grimwade also stresses that risk managers and chief financial officers may also be looking for some flexibility in the model. “They may want some wriggle room to allow them to charge their operations in some territories more or less than the model suggests – for example, a preferential premium because they want to convince them of the benefit of embracing the global approach.” Agreeing that a multinational approach helps in implementing a global loss control programme, Gallello also points out that claims can be handled more efficiently through a global programme. In connection with this, Oval Insurance Broking director of global accounts Chris Leage says: “A global programme allows you central co-ordination from the country where it’s been issued, which is usually the domicile of the client’s head office. Generally, this means you have greater control of how claims are handled and you would be

Flexibility

The global master policy that sits above locally arranged covers is usually very flexible, says Grimwade. “It reflects the fact that global companies have very different characteristics and will want their insurance programmes to operate in different ways. “Some are very centralised and want to have their insurance programmes operate in the same way, with central control over coverage retention levels, risk management approaches and how premium is allocated across the territories. Other companies are far more regionalised or territorially decentralised. “So while company A may want a clear, consistent, rigid and regimented global programme, with every territory included, company B may want more flexibility to leave some operations to buy locally or to buy insurance at lower levels. Master policies are designed to be flexible to meet multinationals’ different needs,” Grimwade explains. Similarly, a global master policy can accommodate the needs of companies with their own captive insurers. The company may have the option of using its captive to underwrite risks directly in the territories where it is legally allowed, with the global master policy acting as reinsurance, or the global master policy can be the direct underwriting tool, reinsuring with the captive and then covering the balance of the risk that exceeds the captive’s desired retention. Generally, the bigger and more centralised the company, the more streamlined and consistent its global programme will be. And it will enjoy the maximum benefits from transparency of cover, consistency of approach and economies of scale. SR

[READ MORE ONLINE] For more information on global programmes, download StrategicRISK’s Executive Report at www.strategic-risk.eu or goo.gl/ijG0K

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

GOVERNANCE [ ETHICS ][ COMPLIANCE ][ REPORTING ]

RISK ATLAS CORRUPTION

Dodgy dealings Corruption is rife around the world, but larger companies are no longer turning a blind eye

RIME AND CORRUPTION IS STILL A HUGE PROBLEM IN many parts of the world, and corruption remains an obstacle to progress, claims Transparency International (TI), a leading anti-bribery lobby group. According to TI’s latest corruption perception index nearly three-quarters of the world has a serious corruption problem. “These results signal that significantly greater efforts must go into strengthening governance across the globe,” said TI chair Huguette Labelle. Despite this, most risk managers recently surveyed by StrategicRISK in the Risk Report 2011 said that corruption is becoming rarer in large companies because of the need to comply with legislation, coupled with fears of the damage to reputation and potential penalties that would almost certainly result from being found out. The USA’s Foreign Corrupt Practices Act has been ensnaring miscreant companies far beyond American shores for years. And now, with the UK’s even tougher new anti-bribery regime being enforced, companies have even fewer places to hide (for detailed information on the Bribery Act go to strategic-risk.eu). No international trading operation is immune from America’s main agent, the Securities and Exchange Commission (SEC), which is now much more powerful and better-funded than it was before the Madoff scandal of 2008 revealed its weaknesses. The SEC is also involving similar international authorities, such as the UK’s FSA, in its pursuit of offenders much more than it has done previously – as Italy’s energy giant ENI and Germany’s Daimler discovered. ENI and its former Dutch subsidiary Snamprogetti were fined $365m (€258m) last year for violations of the act a er bribing Nigerian officials. “This elaborate bribery scheme featured sham intermediaries, Swiss bank accounts and carloads of cash as everyone involved made a concerted effort to cover their tracks,” says SEC Division of Enforcement director Robert Khuzami. “But the billion-plus dollars in sanctions paid by these companies show that ultimately there is no hiding or profiting from bribery.” (The unseemly scramble for Nigeria’s oil and other assets has netted the SEC no less than $1.28bn in sanctions.) ENI, which used a UK solicitor among other go-betweens to pay Nigerian officials through secret bank accounts, did not respond to StrategicRISK’s request to explain how it had reformed its governance procedures in light of the fines. As for Daimler, its $91.4m disgorgement penalty – not counting $93.6m in fines on related charges – was for ‘a repeated and systematic practice’ of bribing government officials across half the world. NB: The CPI is a composite index, drawing on 13 different expert and business surveys. Source surveys for the 2010 CPI were conducted between January 2009 and September 2010. SR

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

Spain Europe’s biggest money

30 laundering operation

was found in Spain, where an international network was accused in 2005 of laundering €250m through real estate investments in the Costa del Sol. The money had been illegally obtained from drug trafficking, prostitution rings, international arms trading, kidnapping, blackmail and tax evasion.

USA

Romania

One member of 22 Lockheed Martin’s board of directors earned his position shortly a er retiring from the US government, where he served as under-secretary of defence for acquisition, technology, and logistics. During his time in this position, he approved the contract to purchase Lockheed Martin’s controversial F-22 ﬁghter jets.

high-level government officials must disclose – on a website accessible to the public – their ﬁnancial and property holdings, as well as any positions they hold in associations and businesses, any paid professional activities and their personal investments in companies.

Philippines

Solomon Islands

A 2005 survey of 701 134 companies in the Philippines asked managers if they had solicited a bribe in the past year. One-ﬁ h of respondents had when dealing with government agencies, either to request a local government permit (36%), pay income taxes (30%), petition for a national government permit or licence (28%) or import goods (21%).

In Romania, the law

69 stipulates that all

Since the 1990s,

110 multinational

corporations have allegedly bribed key politicians in the Solomon Islands to create a favourable operating environment for logging and to weaken national-level timber management. This provides advantages such as a decrease in export taxes and postponement the logging export ban. Source: Transparency International

IN ASSOCIATION WITH

Key 9.0 – 10 8.0 – 8.9 7.0 – 7.9 6.0 – 6.9 5.0 – 5.9 4.0 – 4.9 3.0 – 3.9 2.0 – 2.9 1.0 – 1.9

0.0 – 0.9 No data

1 = ﬁrst place (least corrupt), 178 = last place (most corrupt) Source: Transparency International

134

Top 10 most corrupt countries Rank Country

Clientelism An unequal system of exchanging resources and favours based on an exploitative relationship between a wealthier and/or more powerful ‘patron’ and a less wealthy and weaker ‘client’.

Debarment Procedure where companies and individuals are excluded from participating or tendering projects. Governments and multilateral agencies use this process to publicly punish businesses, NGOs, countries or individuals found guilty of unethical or unlawful behaviour.

Facilitation payments A small bribe – also called a ‘facilitating’, ‘speed’ or

Score

Somalia

1.1

Myanmar

1.4

‘grease’ payment – made to secure or expedite the performance of a routine or necessary action to which the payer has legal or other entitlement.

Afghanistan

1.4

Iraq

1.5

Grand corruption

Uzbekistan

1.6

Acts committed at a high level of government that distort policies or the central functioning of the state, enabling leaders to beneﬁt at the expense of the public.

Turkmenistan

1.6

Sudan

1.6

Chad

1.7

Burundi

1.8

Equatorial Guinea 1.9

JARGON BUSTER

State capture A situation where powerful individuals, institutions, companies or groups within or outside a country use corruption to shape a nation’s policies, legal environment and economy to beneﬁt their own private interests. Source: Transparency International

110

Source: Transparency International

www.strategic-risk.eu [ JULY 2011 ] StrategicRISK

Theory & Practice

[ INSIGHT ] [ CASE STUDIES ] [ BEST PRACTICE ]

SECURITY

Coping with kidnapping No longer reserved for movies and millionaires, kidnapping is a very real possibility for executives working and travelling in risky environments abroad. Make sure you know how to keep yourself, and your staff, safe

ISTORICALLY, LATIN AMERICA WAS the most likely place to be kidnapped, but the proportion of abductions there has decreased in recent years as other parts of the world have begun to see more cases, with some parts of Africa now seeing increases year-on-year. The precise nature of the risk varies from place to place, with opportunistic criminal gangs, militants and paramilitaries all having different modus operandi, which in turn demand different strategies to mitigate the threat. What all kidnappers have in common, however, is that they want a ransom payment in cash or kind (usually some kind of political concession). And while there is willingness to pay ransoms, the threat will be perpetuated. In addition, the rising price of

commodities is encouraging companies to work in increasingly risky environments as higher proﬁts pay for the increasingly sophisticated – and expensive – risk mitigation strategies needed to keep staff safe. So, while context is always king in understanding the threat, what are the general rules for keeping staff safe in high-risk environments?

CONDUCT A FULL RISK ASSESSMENT The entire corporate approach to kidnapping should be risk-based and a full assessment is essential. From there it’s possible to move on and make sure that effort and resources are concentrated on the key areas, individuals and projects that are most in need.

ENSURE ALL STAFF ARE PROPERLY TRAINED As well as conducting regular brieﬁngs with staff to inform and guard against complacency, security managers should be making sure any staff that need it have up-to-date hostile environment and hostage survival training. This will help them to develop a ‘survivor mentality’ by teaching techniques to understand and limit the psychological impact of being kidnapped – such as how trauma affects the mind and body – as well as offering information about what will happen: the phases of a kidnap; what support their family will be getting; and what will be going on in the outside world.

EFFECTIVE JOURNEY MANAGEMENT Many kidnappers target individuals in transit and there is much that can be done to lower this risk by teaching staff how to travel. First, choosing the right vehicle is essential. “We advise a low-proﬁle vehicle without corporate logos,” Control Risks’ Alex Martin says. “Something not too excessive or impressive – something that will blend in.” He also advises good vehicle maintenance and training for drivers: “They need to know where they are going and the safe havens en route. Nobody wants

Concealment versus deterrence in transit

Jonathan Edwards

HERE ARE TWO BROAD SCHOOLS OF thought about managing the security of important individuals (VIPs) in transit through the war-stricken environment of Iraq. One of the main proponents of the concealment approach is Control Risks, whose

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

non-offensive tactics rely instead upon anonymity, and at times, subterfuge. The security ﬁrm uses a mixture of personal and commercial vehicles to disguise VIPs. The vehicles are all local, second-hand and armoured discreetly, if at all. The downside of this approach is that contingency plans (such as battling your way out of a sticky situation) are harder to effect once discovered, and without the capacity to go off road, it is harder to manoeuvre out of the situation. The beneﬁt is that this non-military approach can help avoid confrontation. In contrast, Blackwater Inc (now Xe) was best known for, but by no mean the only practitioner of, the opposite – the ‘all guns blazing’ approach to managing transit risk. Their conspicuously armed, armoured vehicles aggressively maintain an

‘exclusion zone’ around the vehicles. If another vehicle gets too close, they may immobilise it by ﬁring at the engine block. While they can cope with off-road conditions and therefore accept riskier assignments than their competitors, they also have a much higher mortality rate.

to have to stop and ask directions in a dangerous area.” Security managers need to know who is in the vehicle, the route they are taking, when they leave and when they arrive.

PERSONAL RESPONSIBILITY While most new staff will be vigilant, with time even the best can become complacent. Personal vigilance of the environment is an essential defence against kidnapping. Is anyone acting strangely? Do staff know where the safe dangerous areas are? “This can change within a couple of blocks in many cities around the world,” Martin says. Wherever possible, routes and routines should be varied and drivers should be aware that most attacks happen near places of work or residences. “Simple things like where you park or approaching your car with your keys ready can be very effective,” Control Risks’ Hannah Clark says. Security managers can support staff in this by conducting regular reviews of popular hotels, and even restaurants and shopping centres, to ensure everyone is up to date.

ESTABLISH A CORPORATE CRISIS MANAGEMENT STRATEGY What happens when things go wrong? “Risks can be reduced, but not eliminated,” Martin says. “Every company needs to make sure the staff and training are in place to spring into action if a kidnapping happens.” It’s essential that companies have well-established crisis management plans that are reviewed and drilled regularly both internally and, if possible, using a outside organisation, to apply specialist rigour and stress testing. This process must be fully embedded into in-country management. SR

WORLD OF WORK

A career from start to ﬁnish W

ITH THE ASSISTANCE of Airmic and its members, StrategicRISK looked at the various rungs on the risk career ladder. Insights were drawn from candid interview with individuals across the career spectrum, highlighting several overarching themes:

RISK MANAGEMENTSPECIFIC TRAINING IS NOT ALWAYS THAT ROBUST Building skills and experience on the job is essential. You may have to study hard at the same time as working. It’s not unusual for a risk manager to study a law degree or a MBA while working.

RISK RECRUITERS DON’T UNDERSTAND THE CORPORATE WORLD Risk recruiters’ knowledge doesn’t usually stretch to corporate risk. In some ways, they can’t be blamed – risk management tends to take on a different hue in each company. There are also so many facets to it, it can be hard to know exactly what a company is looking for.

SWITCHING INDUSTRY IS NO PROBLEM While the risks might change between industries, in general

the way a company deals with those threats does not change. The core skills of risk assessment, quantiﬁcation and treatment are highly transferable.

MENTORING CAN BE EXTREMELY VALUABLE, ESPECIALLY FOR JUNIOR MANAGERS It’s fairly common for senior risk managers to have a mentor of some description, but it’s not always that common for junior risk professionals to have the same opportunity. The best organisations today are bucking that trend. Junior risk management professionals beneﬁt from having a mentor outside the risk department who they can discuss sensitive political issues with.

JUST BECAUSE YOU STARTED IN INSURANCE DOESN’T MEAN YOU HAVE TO STAY THERE The skills that insurance professionals develop are highly useful when applied to the realm of corporate risk management – particularly in

terms of risk assessment and quantiﬁcation. But insurance risk managers should not be afraid to expand their horizons and grow their role to include enterprise risk management, strategic and business risks. Insurance will only ever be a niche within the business world. You don’t have to be stuck there forever.

BE BRAVE AND DON’T BE AFRAID TO MAKE A NUISANCE OF YOURSELF Part of the risk manager’s job is to ask tough questions of authority. A good organisation should recognise this rather than trying to silence the individual.

GETTING THE TOP JOB IS NOT EASY Risk managers who have reached the lo y heights of chief risk officer have had to walk a tightrope between managing the expectations of executive management and the realities at the business coal face. Communication is king. SR

[READ MORE ONLINE] For more insights into the risk management career path, download StrategicRISK’s Career horizons at www.strategic-risk.eu or goo.gl/jonym

ce the ake u u d q e h r t r o t a e How of an t c a p m i ﬁnancial ‘ Seismic Matters’. Our Free White Paper outlines a new engineering-based approach to minimising risk and loss. Download it now at www.fmglobal.co.uk/touchpoints

Secure the value you create

THEORY & PRACTICE [ INSIGHT ][ CASE STUDIES ][ BEST PRACTICE ]

KNOWLEDGE Risk registers can build a culture of awareness The dangers inherent in business collaboration cannot be fully mitigated by one party. But that doesn’t mean that they can be ignored. Risk registers need to identify ‘relationship risks’ along with actions to mitigate them. This means getting boards to pay attention to these less obvious – but no less dangerous – risks and building a culture of openness and awareness.

RELATIONSHIPS

For better and worse: the tricky nature of collaboration P

Work together: problems can be avoided if all components in a business relationship keep communicating

Credit

EOPLE HAVE ALWAYS KNOWN that the greatest risks in any system are at the boundaries – and that’s never been more true than in today’s interconnected business environment. Twelve months on from the BP Deepwater Horizon disaster, there are still many lessons to be learned. Reports from the Presidential Oil Spill Commission identified the causes as systematic failures of management rather than one-off technical problems, and at the heart was a failure of the “many ambiguous dotted line relationships with and between the companies involved”. It’s not just the oil sector that has this problem – consider the recent Railway Safety and Standards Board report on the UK’s Network Rail, which concluded “there is no open culture” between Network Rail and its contractors, leading to the underreporting of some 500-600 workrelated injuries leading to lost man hours over five years. Clearly the nature and quality of relationships between organisations can be a source of significant unquantified and unmanaged risk for many businesses that now have to work collaboratively. There are many reasons why these relationship risks are not identified and actively managed. Principally it’s because the risks are not under the control of a single organisation and therefore slip between the gaps. Relationship risks are complex and dependent on the nature, governance and operation of the

Reuters

Monitoring and nurturing relationships between collaborative businesses is no easy task, meaning vital – and beneﬁcial – components can slip through the net

collaboration – and crucially the behaviour of the leaders involved. Here are ﬁve things you can do to manage relationship-driven risks. Some of the solutions are structural, some procedural and others are attitudinal.

SET UP AN EARLY WARNING SYSTEM The key to any safety system is monitoring the precursors as advance warning signs of a major incident. But when a system involves several different organisations, like the rail industry or the Deepwater Horizon well, it’s much harder to identify cross-organisational warning signs. Experienced managers pick up signs intuitively within their own organisations, but between organisations these feelings are o en dismissed. Indicators of problems ahead might include difficult collective decision making, communication breakdowns,

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

should be periodically reviewed by the board, but o en these don’t focus on the real worries and fears of the directors. Issues as complex as the relationship between organisations are rarely identiﬁed in these documents so the whole board doesn’t get the chance to scrutinise this area of risk. If the future success of the business depends on building strong partnerships, then the UK Corporate Governance Code provides a vehicle for boards, during their annual board evaluation process, to check that the risk register reﬂects the need to manage relationship risks inherent in the business’s strategy.

non-attendance at critical meetings, or public arguments between leaders.

CREATE THE RIGHT SET OF INCENTIVES AND SANCTIONS In a complex system like rail transport or oil exploration, things will go wrong. Equipment will fail, people will make mistakes. A robust strategic risk system will incentivise partners to identify these small failures and communicate them early to others, and also have a sanctions regime that notices when something is out of expected bounds and acts quickly to highlight it via a proportionate penalty.

INCREASE THE ABILITY OF LEADERS TO WORK COLLABORATIVELY The Presidential Commission mentioned earlier said that ‘a culture of leadership responsibility’ was lacking on the Deepwater Horizon. They identiﬁed the need for a culture in which ”individuals take personal ownership of safety issues with a single-minded determination to ask questions and pursue advice until they are certain they get it right”. These cultures need leaders who build open relationships, encourage upwards communication of bad news and ensure that this communication happens with partners too.

REVIEW AND ACTIVELY BUILD PARTNERSHIPS Like any marriage, strong enduring relationships don’t happen by accident and they have their ups and downs. Relationships between businesses need tending carefully. This means: clear governance that identiﬁes how the parties will work together (and resolve their differences); a single, agreed dataset to avoid much of the arguments about joint performance; and collaborative leaders who recognise the need to invest time and resources in making the partnership work. SR

David Archer and Alex Cameron are both directors of business partnership consultancy Socia and authors of Collaborative Leadership – how to succeed in an interconnected world.

MAKE SURE YOU HAVE BOARD SCRUTINY OF RELATIONSHIP RISKS All businesses have risk registers that

VIEWPOINTS [ PEOPLE ][ OPINION ][ COMMUNITY ]

WHAT’S INSIDE YOUR HEAD?

Headspace Airmic chief John Hurrell couldn’t be happier with a nice car, a good pint and his iPhone – but getting this year’s annual conference right would make his summer

Who is your greatest hero? It’s got to be Winston Churchill – surely the best risk manager who ever lived.

What is your greatest achievement? Managing to stay a part of our great industry for more than 40 years. I have tried to add value wherever I can and to help the younger people coming through – they will pay my pension long into the future, I hope. What is the most important lesson you’ve learned? In this industry, reputation and integrity is everything. Any other development requirement can be ﬁxed. I think it’s amazing how many times in a career individual paths cross and re-cross each other. People always remember the good things – and, therefore, the not-so-good things – from the last time.

What is your greatest fear? A sustained economic downturn, possibly leading to further cuts in resources for risk managers. Many of our members are having to run faster to do more with smaller teams or fewer resources than they had four or ﬁve years ago . This means that the urgent tasks take precedence over the important tasks, and some things just do not get done. Any further threats to resourcing levels would have potentially very negative results for those companies concerned.

StrategicRISK [ JULY 2011 ] www.strategic-risk.eu

What makes you unhappy? Charlton losing again! But I’m learning to live with it.

What is the worst job you’ve ever done? Settling household comprehensive insurance claims for the Royal Insurance Company in Brixton, New Cross and Lewisham in south London during the early 1970s. I learned a lot about the real world, dealing with customers and human nature.

learned a lot about the real world’

What makes you happy? Spring in the English countryside, a pint of bitter and good company – hopefully all at the same time.

What’s the biggest risk you’ve ever taken? Coming to Airmic. But big risks can deliver big rewards – I’m having a great time working with an excellent secretariat and board and with our terriﬁc members.

What are you thinking about right now? Identifying what the most important issues are for our members at the moment and how we ensure we address these at Airmic’s annual conference in Bournemouth in June. We’ll have some valuable stuff for members at the conference this time around, on non-disclosure risks, career management, reputational ‘In Brixton, risks and property insurance benchmarking. New Cross At the other end of the scale, we are also looking at all the ﬁnal and Lewisham details of how the conference will in south run, down to the choice of lunchtime food, the timing London during of announcements and so on. the early 1970s, I These details are important.

What was your most embarrassing moment? Arriving at an Airmic dinner about 15 years ago wearing my dinner jacket but no matching trousers. My blue pinstriped trousers created quite a fashion statement – not one I’d care to repeat. Luckily, that didn’t come up in my interview for my current job.

What is your most treasured possession? My Mercedes SL – now closely followed by my iPhone.

Tell us a secret. Sorry, I did know one once but I blabbed it. SR

Illustration by Richard Phipps

John Hurrell is chief executive of Airmic

Photos: Creatas, Photodisc, Enrique Algarra/PIXTAL, DigitalVision, Juliet White/Gettyimages -

a redeďŹ ned vision of service

a reliable company available teams attentive advice

Visit us at stand 68&69 to see how we can help you! www.axa-corporatesolutions.com