Sr mar11 lr by Nathan Hambrook-Skinner

VIEWPOINTS [ PEOPLE ] Aéroport de Paris’ chief risk officer Frédéric Desitter on spreading the word of risk resilience and ERM

RISKS [ THREATS ] Four future risk scenarios we could see in 2011 and what risk managers stand to lose and gain from them

European risk and corporate governance solutions

www.strategic-risk.eu [ March 2011 ] Issue 68 € 25

GOVERNANCE [ ETHICS ] A public relations disaster in Nigeria taught Shell some tough lessons on engaging with poorer countries. What can other companies learn from this?

THEORY & PRACTICE NEWS & ANALYSIS » Elevated political risk » Risk management salaries » Cyber payback » Food security

[ BEST PRACTICE ] Risk appetite is a tricky concept to deﬁne and use. Risk managers give us the lowdown on how to get your head round it

Bribery Act The top 10 things you need to know Risk Atlas Mapping out human rights risks worldwide Behaviour Five things you can do to inﬂuence people’s risk decisions

RAGE AGAINST THE MACHINE As government purses snap shut, civil unrest is escalating. When it comes to managing risk abroad, it’s not just the usual suspects you need to be worried about

LEADER [ MARCH 2011 ]

Issue 68 March 2011

Nathan Skinner, EDITOR, STRATEGIC RISK

www.strategic-risk.eu WELCOME

Editor Nathan Skinner Editor-in-chief Sue Copeman Market analyst Andrew Leslie Group production editor Áine Kelly Deputy chief sub-editor Laura Sharp Group sales director Tom Sinclair Business development manager Donna Penfold +44 (0)20 7618 3426 Redesign Joe McAllister Production designer Nikki Easton Group production manager Tricia McBride Senior production controller Gareth Kime Head of events Debbie Kidman Events logistics manager Katherine Ball Publisher William Sanders +44 (0)20 7618 3452 Managing director Tim Whitehouse Cover image Tunis revolt – Corbis Email: ﬁrstname.surname@ newsquestspecialistmedia.com

Ready for our close-up W ELCOME TO THE NEW-LOOK STRATEGICRISK MAGAZINE.

The changes we’ve made, based on feedback from risk managers across

Europe, go way beyond a cosmetic facelift. What we’ve tried to do is introduce distinct sections, so you can ﬁnd the content you’re looking for more easily. We’ve introduced sections, overhauled old ones and made much more effort to design features, analysis, stories and data in a way that’s easily digestible, highly informative and engaging. There are several exciting new sections, one of which is Theory & Practice (starting on page 40), in which real risk managers share practical advice and tips to help you do

Ferma president Peter Den Dekker

ISSN 1470-8167

your job better. We think you’ll like the

Published by Newsquest Specialist Media Ltd 30 Cannon Street, London EC4M 6YJ tel: +44 (0)20 7618 3456 fax: +44 (0)20 7618 3420 (editorial) +44 (0)20 7618 3400 (advertising) email: strategic.risk@newsquest specialistmedia.com

improvements, but of course we will

and I will be taking part in an

continue taking steps to help the European

80km ice skating race in February,

risk profession achieve its potential. I’d be

following an old Viking route

StrategicRISK is published eight times a year by Newsquest Specialist Media Ltd., and produced in association with Airmic (the Association of Insurance and Risk Managers). The mission of StrategicRISK is to deliver the latest risk and corporate governance solutions to key decision-takers in UK and European companies. StrategicRISK is BPA audited with a net average circulation of 10,046, June 2010.

delighted to hear your views on the relaunch. Over the next few months, we will also

upgrade www.strategic-risk.eu. We aim to incorporate the best technology to help you communicate with your peers and update yourself on European risk management developments between issues of StrategicRISK. Now on to new business: I’d like to tell you about a trip that Ferma president Peter Den Dekker and I are making to Sweden in February. We will be taking part in the

For all subscription enquiries please contact: Newsquest Specialist Media, PO Box 6009, Thatcham, Berkshire, RG19 4TT, UK tel: +44 (0)1635 588868 email: customerservice@strategicrisk.eu Annual subscription (incl P&P) £249 €399 $499 Two-year subscription £449 €649 $849 Three-year subscription £427 €663 $821 Printed by Warners Midlands Plc © Newsquest Specialist Media Ltd 2011

Vikingarännet – an 80km ice skating race following an old Viking route along the edge of Lake Mälaren, from Uppsala to Stockholm. Why? To promote the Ferma risk management conference in Stockholm in October – a great opportunity to mix with your peers from around Europe. By the time you read this, I hope to have completed the race in one piece. SR [CONTACT THE EDITOR] Email nathan.skinner@strategic-risk.eu or follow me at twitter.com/StrategicRISK

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

CONTENTS [ MARCH 2011 ]

News & Analysis

Risks

[ THE LATEST BUSINESS ROUND-UP ]

[ THREATS ][ OPPORTUNITIES ][ MANAGEMENT ]

8-14

‘Successful involuntary homocide prosecutions are rare’

[ PEOPLE ][ OPINION ][ COMMUNITY ]

News Matrix The biggest online stories, including the risk of corporate asset expropriation, Nasa’s security blunder and the Russian crackdown on abusive market practices Risk Indicator Could a solar storm overshadow the London Olympic Games? Plus the rising cost of nat cats, and risk managers’ pay packets News Analysis Online ‘revenge’ technologies; controversial banking stress tests; linking food shortages with political instability; and compulsory terrorism insurance News Feature Our ‘just enough, just in time’ economy has le the world vulnerable to new risks, says a WEF report. Spotting connections between risks and preparing for the unexpected will be vital to withstanding the blows

Viewpoints

Sue Copeman, editor-in-chief, StrategicRISK >> see Viewpoints page 19

Take responsibility: the lessons to be learnt from the social and environmental abuses by the oil industry in Nigeria

Panos

Violence trigger: what would an acceleration in the drug cartel conﬂict in Mexico mean for businesses?

Corporate manslaughter – a hard case to prove Why do involuntary homicide investigations so rarely result in a conviction? Flying high Aéroports de Paris’ Frédéric Desitter on going from ‘messenger of doom’ to risk management champion Forced to play by the house rules; community update How can companies entering emerging markets compete when the playing ﬁeld is so uneven? Plus news from around Europe Headspace Alex Hindson from Amlin talks about his fear of routine, board game tactics and what it feels like to take personal risk

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

Foreseeable futures With the help of Exclusive Analysis, we outline four potential risk scenarios for 2011 – from a debt default in Ireland or Greece to Israeli air strikes COVER STORY: Unusual suspects Recent civil unrest has put parts of western Europe on the risk radar for the ﬁrst time. What can be done to minimise the problems of doing business in any high-risk country? RISK FINANCING: A er the crisis Latest benchmarking data on the D&O market reveals high capacity in commercial while ﬁnancial institutions struggle

Governance [ ETHICS ][ COMPLIANCE ][ REPORTING ]

How not to behave Corporate responsibility is not optional. What can multinationals learn from the mistakes made by oil giant Shell in Nigeria? End of the party? The new Bribery Act will mean a total rethink of corporate hospitality. Here’s what you need to know ahead of the deadline RISK ATLAS: Put the world to rights Mapping out the extent of human rights abuses across the globe

Theory & Practice [ INSIGHT ][ CASE STUDIES ][ BEST PRACTICE ]

Risk strategies with bite; the human side of the risk equation Quantifying risk appetite; plus using behavioural science to think about risk Lessons in leadership NOVA Chemicals risk boss Joe Restoule on how to be an educator to the board

ahe ad a nd mak e th e

TOU DEC GH ISIO NS. D&O insurance that will be there for you. The risks faced by directors, officers and companies are constantly changing. That’s why we’ve enhanced our Directors and Officers liability insurance to safeguard individuals’ personal assets and protect the organisations they serve in today’s changing risk landscape. It’s market-leading coverage built on 40 years of D&O experience. Learn more and find out if your current insurance is doing enough. Europe: www.chartisinsurance.com/BusinessGuard UK: www.chartisinsurance.com/uk/d&o

All products are written by insurance company subsidiaries or afﬁliates of Chartis Inc. Coverage may not be available in all jurisdictions and is subject to actual policy language. For additional information, please visit our website at www.chartisinsurance.com.

NEWS MATRIX [ THE LATEST BUSINESS ROUND-UP ]

Top 10 essential online stories 09 10 01 RISK MAP

Extractive industries face ‘extreme’ asset risks

Volvo machines used in Israeli demolitions

03 CIVIL UNREST

Economic volatility pushes up countries’ political risk While the world economy is broadly on the road to recovery, the level of political risk has risen in more countries than it has declined, according to Aon’s latest political risks map. Associate director of Aon Risk Solutions’ crisis management team Beverley Marsden said: “We believe political risk will remain elevated while the markets are unstable, but will return to traditional levels as the economy improves.” Aon measured political risk in 211 countries, ranking them from ‘low risk’ to ‘very high risk’. Nineteen countries were downgraded on the 2011 map, while 11 countries were upgraded. Marsden said: “The perceived or actual risk of sovereign non-payment continues to be an issue … The negative effects of the global ﬁnancial crisis have had an impact on the economies of nations with traditionally low levels of risk. Iceland this year became the ﬁrst western European country to be downgraded to medium.” web. goo.gl/sJ7HA

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

Volvo machines have been photographed being used in the destruction of around 45 Palestinian homes, leading to the displacement of 300 people. The Swedish machine builder’s equipment and trucks were seen in action on the construction site of Israel’s wall near Al-Walaja village in the occupied West Bank in June 2010. Palestinians living in Al-Araqib also witnessed the destructive power of Volvo’s machines when their village was destroyed for the third time by Israeli forces on 10 August, according to the campaign group Activestills. Some three years ago, in 2007, Volvo informed the Business and Human Rights Resource Center that it does not condone the use of its products for “destructive purposes”. The company stated it had no control over the use of its products. web. goo.gl/VhK2y

Getty Images

US authorities charged Paris-based telecoms company Alcatel-Lucent with bribing foreign government officials to win contracts in Latin America and Asia. Alcatel agreed to pay $45m (€33m) to the US Securities and Exchange Commission (SEC) to settle the charges and $92m to the Department of Justice. The SEC claimed Alcatel broke Foreign Corrupt Practices rules by paying $8m to government officials to secure business. SEC director of enforcement Robert Khuzami said: “Alcatel and its subsidiaries failed to detect or investigate numerous red ﬂags … Alcatel’s bribery scheme was the product of a lax corporate control environment at the company.” web. goo.gl/WnWUm

04 PALESTINE

Reuters

Alcatel-Lucent settles bribery charges

Companies with operations in the resource-rich countries of the Democratic Republic of Congo, Turkmenistan, Sudan, Venezuela and Angola face “extreme” asset expropriation risks. This is according to Maplecro ’s Legal and Regulatory Risk Map 2011, which places these ﬁve nations in the top 10 out of 172 countries. The map rates 23 countries as “extreme risk”, with Myanmar (1), North Korea (2) and Somalia (3) topping the ranking. But it is the resource-rich countries of DR Congo (4), Turkmenistan (5), Sudan (7), Venezuela (8), Angola (9), Bolivia (13) and Central African Republic (14) that hold most interest for the extractive sector. The expropriation of corporate assets is acting as a deterrent to foreign investment from many industrialised economic powers. In Venezuela, between October and December 2010 around 200 businesses were forcibly acquired by the government across a wide range of sectors, including oil, cement, telecommunications, steel, power and ﬁnance. web. goo.gl/0EtnB 02 BRIBERY

LINKS TO THE WEBSITE About goo.gl Type the goo.gl address into your web browser to access our recommended articles from strategic-risk.eu

05 TERRORISM

Passengers thwart Turkish jet hijack Passengers on a Turkish Airlines jet overpowered a man who tried to hijack their flight from Norway to Istanbul. The man tried to force his way into the cockpit, saying he had a bomb and demanding the plane return to Oslo, but he was subdued by passengers. Gordon Woo, architect of RMS’s Terrorism Risk Model, said: “For a hijacking to be successful, there needs to be about five or more operatives involved to gain entry to the flight deck and repel passenger reaction. But there is around a four in five probability of a conspiracy of this size being interdicted by the intelligence services.” web. goo.gl/ljHQt 06 DATA LOSS

Reuters

Nasa sells computers holding shuttle secrets

An internal inquiry has le Nasa red-faced amid revelations that computers storing top secret information about the Space Shuttle programme were being sold off. In addition, some computers were put up for sale containing digital information that could be used by hackers to attack Nasa’s network. When Nasa disposes of computer equipment, it usually undergoes a thorough ‘sanitisation’ process to clean the machines of all digital data. But during an audit of its processes, Nasa discovered “signiﬁcant weaknesses in the sanitisation and disposition processes” for IT equipment at four Nasa centres. Kennedy Space Centre released to the public 10 computers that still contained Nasa data. web. goo.gl/2tlVr

10 REGULATION

Guernsey won’t seek Solvency II equivalence

‘I can only multiply and divide in French’

Alex Hindson, head of group risk at Amlin >> see Headspace page 44 07 HURRICANES

Cat modellers overestimate losses Catastrophe models designed to project insured losses in the USA from Atlantic hurricanes signiﬁcantly overestimate their losses, independent cat modeller Karen Clark & Co has claimed. So-called ‘near-term models’ were introduced by the three major catastrophe modellers in 2006 following the costly 2004 and 2005 hurricane seasons. Each of the companies initially projected insured losses at least 35% above the long-term average for the period 2006 to 2010, claimed Karen Clark. No hurricanes made landfall in the USA in 2010 and as a result US-insured property losses were minimal. This is in spite of the fact that the 2010 season was one of the busiest on record. web. goo.gl/JJ0pt 08 SPY FEARS

09 INSIDER TRADING

Renault acts in suspected secrets leak

Russia enforces crackdown on ﬁnancial crime

French car giant Renault sacked three senior managers, including a board member, following an investigation into the possible leaking of electronic vehicle secrets. The investigation was triggered in August a er an ‘ethics alert’ was sent to the internal compliance department. Renault is concerned that its work in developing electric technology has been compromised. “The actions are serious enough to damage the company,” Renault spokeswoman Caroline De Gezelle said. web. goo.gl/sWBpM

Russia has enacted a law enforcing criminal and administrative penalties on companies and directors that use ‘abusive market practices’. Russian legislation had hitherto not recognised or prohibited the use of ‘inside information’ and ‘insider trading’ as legal concepts. The Russian ﬁnancial regulator began tracking illegal activity at the end of 2010 and almost immediately picked up three cases of illegal trading. web. goo.gl/LWcXb

Guernsey’s ﬁnancial authorities have no plans for the island to seek equivalence under Solvency II. Guernsey Finance chief executive Peter Niven said: “We have carried out a thorough evaluation of Solvency II and believe that … seeking equivalence would not be right for our insurance market.” Guernsey International Insurance Association chairman Dominic Wheatley added that his members were happy the position has been clariﬁed. “We believe that the position the island has adopted will enhance Guernsey’s attractiveness as a domicile to captive owners,” he said. web. goo.gl/E5iC2

Online Contents Most read stories Broker welcomes bribery act delay web. goo.gl/UxCk3 French risk industry gathers in Deauville web. goo.gl/EQk20 ERM more valuable than insurance web. goo.gl/UKcI3 Non execs warned on personal liability web. goo.gl/B8Sie

Online analysis The escalating civil unrest in Egypt poses an ongoing risk to commercial assets, warned political risk analysts. Political instability could also adversely affect the price of commodities by slowing ships through the Suez. web. goo.gl/XVGE0

Amrae dailies The 19th annual conference of Amrae took place at Deaville in February. Warm sunshine and the so insurance market meant delegates were cheerful, although concerns over Egypt and Tunisia served as a reminder that the future is never certain. Download our local language newsletters online. web. goo.gl/9VTOP

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

RISK INDICATOR [ VISUALISING DATA AND TRENDS ]

Coronal mass ejection

1. Solar storm erupts off the surface of the sun 4. Two to four days later the shockwave is deﬂected around the Earth’s magnetosphere, disrupting communications and navigational equipment, damaging satellites and even causing blackouts 2. A coronal mass ejection blasts off the sun’s surface headed in the earth’s direction

3.The magnetic plasma cloud sails through space Magnetic ﬁeld

Jamie Sneddon

Coronal mass ejection

Not to scale

SPACE RISKS

Solar storms could hit Olympics We’re all well aware of the dangers of sunburn, but when the sun reachest its ﬁercest within the next couple of years, it’ll take a lot more than sunscreen to protect the earth’s population

Key points 01: The last major space storm cost €1.5bn 02: The next solar maximum is expected to hit between 2012 and 2013

OUGHLY ONCE EVERY 11 YEARS, THE SUN REACHES AN energy peak, when it produces an unusually high volume of powerful solar flares – or coronal mass ejections, to give them the proper name. When these explosions take off from the surface of the sun in the direction of earth they can affect the magnetic fields surrounding our planet, knocking out communications satellites and even electronic equipment on the earth’s surface. And because passengers flying in planes over the Arctic sometimes risk being exposed to radiation during these solar peaks, aircra travelling over the poles or oceans sometimes get diverted to avoid these effects. The next solar maximum – when the sun is at its most fierce – is expected to hit between 2012 and 2013. That means the next solar

Strategic RISK [ MARCH 2011 ] www.strategic-risk.eu

storm could happen during the London Olympic Games – a situation the organisers are said to be monitoring closely. The threat of a solar storm is now included on the UK’s National Risk Assessment, giving an indication of the heightened sense of the threat. The most recent major space storm seriously affected power grids in Quebec, Canada, in 1989, forcing them to shut down for hours. The total costs were eventually put at more than €1.5bn. But with businesses nowadays being much more interconnected, the effects of violent space weather could be far worse. A power grid shutdown would be catastrophic for transport, medicine, sanitation and ﬁnance, to name but a few sectors. And the cost of space-weatherprooﬁng buildings and infrastructure is expensive.

EXTREME WEATHER

2010 nat cat costs come in at €80bn

Top ﬁve

USSIA’S HEATWAVE, WHICH KILLED 56,000, and the Haiti earthquake, responsible for 225,000 deaths, were last year’s deadliest disasters. Figures released by the UN showed that 208 million people were affected by natural disasters last year, costing the world €80bn. “These figures are bad, but they could be seen as benign in years to come,” warned the UN’s disaster risk reduction unit assistant secretary-general, Margareta Wahlström. Weather-related disasters are sure to rise in the future, she said, as a result of climate change, unplanned urbanisation and environmental degradation. Europe accounted for nearly one-fi h of the year’s total deaths from disasters, mainly brought on by the Russian heatwave. Other events in Europe included Windstorm Xynthia in the west (February 2010), flooding in France (June 2010), and extreme winter conditions all over Europe (December 2010). Of the top 10 disasters with the highest death counts, five occurred in Asia: in China, Pakistan and Indonesia. Nearly 2,000 people were killed by flooding in Pakistan, following heavy rains during July and August. The costliest natural catastrophe last year was the Chilean earthquake in February, which cost €22bn.

THE BIG NUMBER

60%

This is the probability that intelligence agencies will be able to stop a plot like the one in Moscow, in which a bomber killed 35 people at Domodedovo airport on 26 January. That is according to risk analysts at Risk Management Solutions, (RMS), who add: “The small size of this conspiracy would have made it hard to interdict.” A terrorist acting alone is less likely to be discovered than a larger cell, says RMS. “The probability of a planned attack being foiled is twice as high for a cell size of three compared with a lone terrorist.”

Corbis

NAT CATS

[ EUROPEAN STORM LOSSES ]

3 4

NATURAL DISASTERS IN 2010 OCCURRENCE : 373 TOTAL DEATHS : 296,800 TOTAL AFFECTED : 208 MILLION

OVERHEARD

ESTIMATED DAMAGE : €80BN

DATABASE

It pays to be strategic France: ERM manager €120,000

France: Insurance manager €60,000

Lothar (26 December 1999, €5.8bn) On Boxing Day 1999, central Europe was struck by a severe storm causing damage in France, Germany, Switzerland and Italy Kyrill (18 January 2007, €3.7bn) This unusually violent European storm with hurricane-strength winds ﬁrst hit Ireland and the UK, then crossed to the continent Martin (27 December 1999, €2.5bn) The heavy storm affecting central Europe followed Lothar Anatol (3 December 1999, €1.9bn) Equivalent to a category 1 hurricane, this storm hit Denmark, south-west Sweden and north Germany Jeanett (26 October, 2002, €1.3bn) This affected Belgium, Switzerland, France, Germany, the Netherlands and the UK Source: Perils

“Soundbites” ‘Total used to call me the messenger of doom. But by the end, they looked forward to our meetings’ Frédéric Desitter, Aéroports de Paris >> see Viewpoints pages 20-22

UK: Head of group risk £107,000

UK: Insurance manager £60,000

‘There are some inherent similarities between the concepts of risk and psychology’ David Hancock, London Underground >> see Theory & Practice page 40

‘Corporate responsibility is no longer voluntary; it is pseudo-mandatory’ Professor Steve Wallace, National Grid >> see Governance pages 33-35

Source: Airmic, Amrae

Two risk manager salary surveys – one in France and one in the UK – showed that risk managers who are involved with ERM earn up to twice as much as their insurance manager colleagues. The highest earners work in the leisure, hotel and travel industry, and the lowest paid risk managers are in the chemicals or pharmaceuticals sectors, according to Airmic’s survey of UK risk managers.

‘It’s not enough to not take part in bribery; you have to show that you’re no longer taking part’ Helen Humphreys, ABC Compliance at Rolls-Royce >> see Governance pages 36-37

www.strategic-risk.eu [ MARCH 2011 ] Strategic RISK

NEWS ANALYSIS [ CONTEXT & INSIGHT ]

INTERNET

Revenge of the cybermen As reaction to the WikiLeaks affair shows, online users expect websites to protect their privacy at all costs. And with ‘payback’ technologies increasingly available if they don’t, companies will need to decide which side they’re on

HEN, A YEAR AGO, WE HIGHLIGHTED

the danger of thinking that

Operation Payback: sites that refused to support WikiLeaks – founded by Julian Assange (pictured) – were hit by revenge acts by ‘hacktivists’

Panos

traditional legal remedies could be applied to online allegations (‘Don’t reach for the lawyers’, December 2009), we could not have foreseen that 2010 would end with the US government battling it out with the proponents of free speech following the publication of conﬁdential diplomatic cables on the whistleblowing website, WikiLeaks. Our judgment of the risk remains the same: the US Department of Justice may win some legal battles, but it is likely to lose the war. And this particular war may have far-reaching consequences. To recap: on 7 January this year, it emerged that the US justice department had obtained a court order demanding that social network site Twitter hand over details of a number of people linked to WikiLeaks, among them Icelandic parliamentarian Birgitta Jónsdóttir. It had thrown a gagging order into the bargain. Twitter challenged the gag, and won, allowing it to notify the named users that their data had been requested and giving them time to prepare. Wired magazine’s comment that “by standing up for its users, Twitter showed guts and principles” was echoed globally by the network’s users. As a result, the US ambassador to Iceland was called in to explain why Jónsdóttir’s details were being sought. Bloggers are now keen to know whether Facebook and Google received similar court orders and, if so, why they had not been challenged.

On the battleground

The spread of user-friendly technologies means that the risk of cyber attack will no longer be conﬁned to sophisticated hacking attempts

Protest blockade Immediately before releasing the series of leaked cables, WikiLeaks suffered several distributed denial of service (DDOS) attacks, which succeeded in putting the website temporarily offline. In an apparent act of revenge, sites that had refused to support WikiLeaks were targeted in return, with Mastercard brieﬂy being forced offline and Amazon also targeted. The ‘hacktivist’ group Anonymous, which has hitherto conﬁned its

sites are starting to appear where you can just point and click, and the website of your chosen target begins to suffer overload. The spread of similar user-friendly technologies means that the risk of cyber attack will no longer be conﬁned to sophisticated hacking attempts. Already the ironic vocabulary beloved of the web is tagging such disruptive behaviour ‘online riots’. The WikiLeaks saga is driving concerned social network users to the perception that their privacy may not be safeguarded by the websites they use if government lawyers step in. While this has long been the case in many countries, users mostly felt that the big US-based social networks, such as Twitter or Facebook, were safe. As the Guardian put it: “President Obama has urged repressive regimes to stop censoring the internet, yet a bill before Congress would allow the attorney-general to create a blacklist of websites. Is robust democracy only good when it’s not at home?” The hostile reaction to Amazon and PayPal disowning WikiLeaks by refusing to host its servers or pass on donations shows that this opinion is widely shared.

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

actions mostly to anti-pirate organisations and the Church of Scientology, is widely believed to have had a hand in these attacks, dubbed ‘Operation Payback’. The growing ease with which DDOS attacks can be mounted is a huge concern. Risk managers not familiar with the Low Orbit Ion Cannon (LOIC) might wish to track it down. This downloadable program allows a user with virtually no technical knowledge to conduct DDOS attacks – and

So, we have reached a point where concerns about online privacy are growing at the same time as ‘revenge’ technologies are becoming more widely available. Consumers already expect websites to handle their personal data carefully, but will now be increasingly concerned as to how far website owners are prepared to go to stand up to the authorities on their behalf. Do you defend your customers’ right to privacy at all costs, or do you cave in to the first legal demand? On the one hand lies a hostile battery of lawyers, possibly backed by government fiat; on the other a network of citizens prepared to take your website down or trash your reputation if they feel betrayed. Commercial organisations may find themselves having to tread very carefully in deciding where their loyalties lie. SR

NEWS ANALYSIS [ CONTEXT & INSIGHT ]

CORPORATE GOVERNANCE Michel Barnier “I am clear that we will not be able to rely on voluntary codes. In the future rules will need to be clearer and more speciﬁc.” A EU Green Paper on corporate governance is expected this year

FINANCIAL CRISIS

The rules are not there to be broken Stress tests are all well and good, but only if European companies and regulators treat them as more than box-ticking exercises

WO YEARS INTO THE HARD BITE of the financial crisis, European companies and regulators are still scratching their heads over the tooth marks, and wondering how to cleanse the risk management factors – financial, corporate governance and global – that triggered the downward spiral. How far does the progress made to remedy risk assessment inspire confidence that there will be no repeat? Brussels is not the most edifying place to start. The EU’s internal market commissioner, Michel Barnier, is still considering the whole area of corporate governance in the financial services sector. A consultation paper, issued last June, has yet to result in anything concrete. Meanwhile, the most solid risk assessments introduced by the EU – stress tests in the banking sector – have turned into an ongoing farce. Two rounds of tests implemented last year were insufficiently stringent: just months a er ‘passing’, Allied Irish Bank and Bank of Ireland suffered a liquidity crisis that brought on the EU-IMF bail-out of Ireland.

As the EU embarks on fresh stress tests, there is disagreement about whether these should investigate liquidity and sovereign debt exposure. Earlier this year Barnier said there was an overall need to make the tests “more robust and credible”, but would not reveal whether the parameters and results should be made public.

Learning lessons Meanwhile in the private sector, Airmic chief executive John Hurrell says those dealing in operational risk are digesting the chief lessons emerging from the crisis. But he adds that many companies tend to ring-fence the banking crisis, believing it to be “all about subprime” and irrelevant to their own risk exposure. As recent events affecting BP and Toyota have

‘Rules simply promote a period of conformity followed by playing tricks to get around the rules’ Jorge Daniel Luzzi Pirelli

Reuters

Under pressure: Irish Taoiseach Brian Cowen was forced to ask for a bail-out despite the country’s banks ‘passing’ stress tests

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

demonstrated, reputational risk spreads beyond the banks. Moreover, Hurrell says that the crisis has forced companies to overhaul new technology, intellectual property, product and supply chains, all of which entail new risk. But he believes that there has not been a proportional injection of risk management restructuring to accompany these. The holy grail for risk management – incorporating a strategy that will derive a competitive advantage from the downside risk – remains elusive, and can only really be attained by chief executives who deal directly with risk management, he says. Ferma’s vice-president and group risk managing director at Pirelli in Milan, Jorge Daniel Luzzi, says that there have been some improvements. “The voices of warning relating to risk are now being heard within companies, and committees for internal risk control are being set up,” he says. But just as unity over stress tests eludes Europe’s leaders, unity within companies is proving one of the most challenging issues. Luzzi says that one of the main challenges is for groups to assess risk across the whole of their structures. “Avoiding silos is very important. The danger remains that different subsidiaries will be assessing risk according to separate criteria, without equalising risk across the corporate structure,” Luzzi says. Nor will regulation from Europe or individual countries do much to assist. According to Luzzi, rules “simply promote a period of conformity followed by playing tricks to get around the rules”.

Greatest dangers Hurrell agrees that companies can still use the rules as little more than a box-ticking exercise. But this means that they will have little impact unless backed by a genuine desire to integrate risk management. But perhaps the greatest dangers for companies and regulators remain out of their control. At a recent UK corporate governance symposium, Anne Kvam, investment head of Norway’s $500bn (€362bn) sovereign wealth fund, had a question. She owns stakes in 1,100 Chinese companies and 400 in the UK, so why was she being asked to reform strategy for the UK, where corporate governance standards are already excellent, rather than China? No true assessment of risk in the wake of the global crisis can avoid this poser. SR

We have to make big decisions every day. Knowing Zurich is protecting us, we can make them confidently. Global Directors & Officers coverage. We provided a customized D&O policy to protect a major corporation’s executives working in 75 countries. Knowing that we’ve been in business for more than 130 years and that our solution is in accordance with regulations everywhere they operate, their management has the confidence to focus on what’s in front of them: running the company effectively. It’s an example of how Zurich HelpPoint delivers the help businesses need when it matters most. To learn more about cases like this visit www.zurich.com/globalfinanciallines

Zurich Insurance plc, a public limited company incorporated in Ireland Registration No. 13460. Registered Ofﬁce: Zurich House, Ballsbridge Park, Dublin 4, Ireland. UK branch registered in England and Wales Registration No. BR7985. UK Branch Head Ofﬁce: The Zurich Centre, 3000 Parkway, Whiteley, Fareham, Hampshire PO15 7JZ. Authorised by the Irish Financial Regulator and subject to limited regulation by the Financial Services Authority. Details about the extent of our regulation by the Financial Services Authority are available from us on request.

NEWS ANALYSIS [ CONTEXT & INSIGHT ]

FOOD

Why we all suffer when the larder is empty A

SERIOUS FOOD SHORTAGE IS HIGHLY likely this year, according to the World Economic Forum. It is a risk linked to a host of other threats, warned the WEF’s Global Risks 2011, including geopolitical conﬂict, biodiversity changes, migration, price volatility, disease, water scarcity, climate change and ﬂooding. Countries affected by famine are usually blighted by one or more of these risks. Extreme weather, poverty and failing infrastructure makes sub-Saharan Africa particularly vulnerable. Algeria, Somalia, the Ivory Coast and Haiti have all faced political and economic instability as a result of food shortages. In other countries, hunger is a widespread symptom of political problems and poor government. But the corporate sector has its own set of dangers. “Companies face risks to their reputation for exporting commodities from countries with limited domestic food supplies,” says Maplecro environmental analyst Anna Moss. Companies also experience disruption from political instability as a result of food insecurity. Food price riots shook 35 developing countries in 2007-08. And last year’s decision by the Kremlin to ban grain exports challenged commodity traders and any company that relied on a stable wheat supply. Russian prime minister Vladimir Putin brought in the ban to stave off domestic food riots, but the long-term result was a crippling price hike on the world market, as Russia is one of the biggest grain exporters. Hailing from a country with a history of governments toppled by the price of bread, Putin understood the link between rumbling tummies and social unrest. His politically motivated move had far-reaching consequences and shows the interconnectedness of the global risk landscape.

Corbis

Food shortages – and rising prices – now have an effect on every economy. Just look at the results from last year’s Russian ban on grain exports …

The Risk Index

25%

of US grain crops are now used to produce biofuels

2008

The year record food prices sparked riots in several countries, including Egypt, Haiti and Cameroon

African nations make it into the top 50 in Maplecro ’s food security risk index

“Of course it is possible to sympathise with a government’s need to feed its people, but the ban showed there are many governments that, for a mixture of political and economic necessity, are willing to renege on contractual obligations and adopt protectionist strategies,” says Elizabeth Stephens, head of political risk at Jardine Lloyd Thomson. With shortages and rising prices now directly or indirectly affecting all economies, food security has become critical and unavoidable. SR

Vladimir Putin brought in the export ban on grain to stave off domestic food riots, but the result was a crippling price hike on the world market

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

11%

The percentage of global wheat exports from Australia currently blighted by severe ﬂooding

50%

of crop land in Queensland has been ruined in this year’s ﬂoods

100m

people face extreme poverty due to higher food prices

Photos : Creatas, Photodisc, Enrique Algarra/PIXTAL, DigitalVision, Juliet White/Gettyimages -

a redeďŹ ned vision of service

a reliable company available teams attentive advice

www.axa-corporatesolutions.com

Corbis

NEWS ANALYSIS [ CONTEXT & INSIGHT ]

TERRORISM

Terrorist threats: is it time to change course? An OECD conference has put forward the idea of compulsory terrorism insurance. It will cost companies dear, but what will the beneﬁts be?

S 2011 DAWNS, THERE IS NO diminution of the global terrorism risk. The number of toxic spots that shelter training camps for terrorists and act as fertile recruiting grounds for bombers grows no smaller. Yemen, the apparent source of the bombs placed on cargo planes in October, was added to the list last year to join Afghanistan, Pakistan and Somalia. And the recent bombing of Moscow’s Domodedovo Airport is a reminder that the Caucasus remains a running sore, while Al-Qaeda in the Islamic Maghreb has turned the huge Sahel region into a virtual no-go area for Westerners. In February last year, Time magazine estimated that the number of militants in that area had swollen from a few score to more than 200. Now, Lebanon is looking fragile once again, while the popular revolt against president Ben Ali in Tunisia, with copycat protests in Egypt, places a question mark over the future of northern Africa, and whether these countries, too, will remain stable and secure, or

whether they will give aid and shelter to the terrorist. There are as many pundits on the subject as there are ﬁsh in a shoal. But, almost 10 years on from the attack on the World Trade Center, no one can claim that the ‘war on terror’ is going well, at least in the sense of putting an end to the risk. New solutions to the same old political problems are thin on the ground. As a result, no risk manager can any longer think that terrorism is a short-term problem.

Airborn dangers Global transport remains the most attractive target; in general, that means aircra . But increased security measures in one area merely force the terrorists to change tactics, rather than stop their activities.

A er the bomb in Moscow, airport operators already will be thinking of ways to introduce security screening for anyone waiting to meet a ﬂight

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

If it is hard to get a bomb aboard a passenger aircra , terrorists may switch the target to cargo planes – as we saw in the foiled plot in October last year, which may have been designed to blow up cargo aircra over US cities. The bombing of the arrivals’ hall in Moscow has illustrated yet another vulnerable area. RMS lead catastrophist Dr Gordon Woo comments: “It appears that Russian intelligence might have had some prior notice of an impending attack, but the small size of this conspiracy would have made it hard to interdict. The chance of stopping a plot like this is only about 60%.” As a direct result, airport operators will already be thinking of ways to introduce security screening for anyone waiting to meet a ﬂight. The result will be added delay, inconvenience, and ﬁnancial loss – and another small victory for the terrorist.

Make cover compulsory? But risk managers may be encouraged by signs that the insurance industry is slowly getting its act together. In June of last year, the Organisation for Economic Co-operation and Development (OECD) held a conference to discuss ways of ensuring that terrorism risk could remain adequately covered. It concluded by establishing a permanent international platform on the ﬁnancial coverage of terrorism risk, whose main focus would be “to monitor the evolution of national systems of terrorism insurance as well as market trends”. The organisation considered the kind of public/private partnerships established by nine out of the 31 OECD countries, and may well look upon such schemes as ‘best practice’. The conference also discussed introducing compulsory terrorism insurance to maximise the size of the risk-sharing community, and to increase the “stability, resilience and affordability” of insurance. The idea of compulsory terrorism insurance indicates that no one expects the risk to become smaller in the foreseeable future; risk managers should keep an eye open to see whether the idea gains traction. If it does, companies may be faced with an unwelcome extra ﬁnancial burden, but if the result is increased certainty of the availability and extent of coverage, the effect may not be all bad. SR

The 5th annual MultaQa Qatar conference will be held from

Monday 14 March to Tuesday 15 March 2011 in

Doha, Qatar at the

Sharq Village & Spa MultaQa Qatar 2011 offers a unique platform for senior risk and insurance professionals from around the world to discuss the prospects and challenges of growth, competition and regulation in the GCC.

Hosted by

Good corporate governance, risk management and compliance are essential to survive and thrive in the post ﬁnancial crisis world. Among this year’s speakers, MultaQa Qatar brings together ﬁve leading experts to examine the risk management challenges facing regional corporates. Speakers will address: z How to establish a risk culture z Traditional risk management though insurance z Risk retention and captive insurance Don’t miss this opportunity to hear the views of: z

James Portelli, Executive Vice President – Head of Strategy & Planning, Oman Insurance

Ronny Vellekoop, Senior Executive Ofﬁcer and Ofﬁce Manager, Marsh

Lee Scargall, Director of Enterprise Risk Management, Qtel International

Rahat Latif, Enterprise Risk Management Lead – Corporate Planning, Qatar Gas Risk and Chairman, IRM Middle East Group

Stephen May, CEO, Kane

This year, MultaQa Qatar is pleased to welcome representatives and members from the Institute of Risk Management.

Attendance to the event is strictly by invitation only. You can register your interest and also view full details of the programme and speakers at www.globalreinsurance.com/qatar

supported by

In association with

NEWS FEATURE [ GLOBAL RISKS ]

Degrees of separation The WEF identiďŹ ed 37 global risks and mapped the connections between them

Liquidity/ credit crunch Retrenchment from globalisation

Slowing Chinese economy

Asset price collapse

Global imbalances and current volatility Fiscal crises

Regulatory failures Illicit

Extreme consumer price volatility

Extreme energy price volatility Political corruption

Extreme commodity price volatility

Global governance failures Economic disparity

Organised cr

Fragile states

Demographic challenges Infectious diseases Migration

Water security

Geopolitical conďŹ&#x201A;ict

Terrorism

Food security

Chronic diseases

Weapons of mass destructio

Biodiversity loss Threats from new technologies Climate change

Air pollution Ocean governance Flooding

Storms and cyclones Economic Risks

Jamie Sneddon

Geopolitical Risks

Environmental Risks Societal Risks Technological Risks

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

Higher perceived likelihood

Higher perceived impact

Higher perceived interconnectivity

Earthquakes and volcanic eruptions

GLOBAL RISKS

Stand and ﬁght The world is now so complex and interdependent that it is impossible to predict or avoid risk completely. Instead, companies have to brace themselves for the impact

trade

Space security

Five risks to watch

rime

Online data and information security

Critical information infrastructure breakdown

Infrastructure fragility

01: Cyber-security issues ranging from the growing prevalence of cyber the to the little-understood possibility of all-out cyber warfare 02: Ageing population adding to ﬁscal pressures in advanced economies and creating severe risks to social stability in emerging ones 03: Extreme volatility and sustained increases in energy and commodity prices if supply is no longer able to keep up with demand 04: Retrenchment from globalisation through populist responses to economic disparities, if emerging economies do not take up a leadership role 05: Weapons of mass destruction, especially the possibility of renewed nuclear proliferation between states

F YOU COULD PICTURE THE WORLD ECONOMY and its institutions as a boxer in a ring, it would be one big punch away from a knock-out, according to the World Economic Forum’s (WEF) Global Risks Report 2011. The financial crisis has reduced global economic resilience and increased geopolitical tensions, leaving the world economy weak, vulnerable and in no position to withstand new shocks. Governments and societies, the WEF says, are less capable than ever of coping with these challenges. If that worrying prognosis is true, then there is surely more pressure on the private sector to withstand and manage risks. Airmic chief executive John Hurrell says so. “Boards have to face the fact that governments are not going to fix the problem. Organisations have to look at mitigation.” They need contingency plans in place, he adds, and – most of all – resilience. “Fiscal crises have severely constrained what Western governments can do to help,” agrees Lucy Nottingham, a corporate risk consultant for Oliver Wyman, a partner in the WEF research. Alex Wittenberg, also from Oliver Wyman, adds that many of the world’s problems are a result of population growth and the resulting strain on resources. “Consumption in China in particular is stretching world stocks of commodities,” he says. These problems are exacerbated by the fact that the world is more interconnected than ever before, which means risks can spread rapidly worldwide – just look at the way violent civil discontent recently spread in a matter of days from Tunis to Cairo and beyond, probably fuelled by emotive 24-hour television and YouTube videos. “There must be 50 other countries out there that have similar problems of social deprivation and corruption where you could have another rapid change in government,” Hurrell says. “Organisations have to react very fast to political risk changes.” Independent global risks specialist and consultant Rear Admiral Chris Parry is not surprised that the WEF thinks the resilience of the world’s system is low. “It’s because we have a ‘just enough, just in time’ economy. All the expense has been squeezed out of it.” As a result, when wildfires devastate crops in Russia or floods do the same in Canada, it affects the whole world to a much greater degree. There’s less slack in the system and therefore, “resilience is going to have to be the order of the day”, he says.

Source: WEF Global Risks Report 2011

Source: World Economic Forum

Risk interconnections There’s no escaping the fact that globalisation has made the world more interdependent than ever before. The graphic on this page attempts to show how seemingly unrelated risks are linked – say, for

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

NEWS FEATURE [ GLOBAL RISKS ]

Liquidity/ credit crunch

Asset price collapse

» example, the link between corruption and

virtually impossible. Global governance food shortages: countries that can’t feed frameworks are unable to rise to the Global imbalances themselves are often poorly governed, and challenge. Failure at the UN Copenhagen and current volatility each problem exacerbates the other. “You climate summit in 2009 and the inability of can’t focus on just one risk in isolation any world leaders to come to an agreement to Fiscal more,” Nottingham says. tackle climate change is testimony to this. crises But identifying the connections is hard. “It is because we do not have the right “Interconnectivity is critical. What we find in structures in place,” Parry says. The UN was corporate risk maps is that everything is designed to overcome the challenges of a postjoined up with everything else,” Hurrell says. war world, which was different to the world ‘It’s not in the interests “The interconnectivity is not just between today, he explains. risks but between those affected by the risks.” “The things that are happening to the of China to curtail its “Risk managers, boards and heads of risk world do not affect us all equally. It’s not in committees are very good at tracking the the interests of China to curtail its emissions, emissions, but if the potential consequences to probably the second if the USA and Europe want to hobble USA and Europe want to but or third degree of impact of major events,” he their economies, that’s fine with them. Until continues. Risk managers and their boards there are immediate common interests, we hobble their economies, may well have modelled the top two or three are never going to tackle these problems.” that’s fine with them’ ‘known knowns’ throughout their entire So what can companies do to overcome Chris Parry strategic risk expert organisation, but digging any deeper than that these challenges? “One thing that we focus becomes much more challenging. our clients on is risk resilience,” Wittenberg “If you modelled all of these interconnections it would get so says. “Business continuity management and disaster recovery is incredibly complex, both between risks and the impact on normally structured around events, but we cannot necessarily stakeholders,” he says. “Organisations don’t have the luxury of contemplate all of the events. Let us, instead, understand what the being able to do that. In real life, that just doesn’t happen.” organisation is capable of withstanding and what we are going to do Risk manager at Paris-based retailer PPR and Amrae spokesman to make sure the organisation survives instead.” Anne-Marie Fournier is interested to see that even the WEF has “You can’t possibly understand all of the what-ifs, so it is not problems forecasting emerging risks and modelling their interaction. about assessing the perfect list of risks,” Nottingham adds. “Rather “We are in the same situation in the business world,” she observes. it is trying to understand how risks will affect the business.” Despite the difficulties, it’s something organisations will need to “In a more dynamic, unstable and volatile world you need to be do better in future. That’s why the risk manager role is so prepared for the unexpected,” Parry says. He thinks companies that important. “Organisations need to understand the relationships go for sustainable success will be the winners of the future, and and the factors that drive risks and whether their organisation is they’ll be the ones attracting investors. This is precisely where risk designed to take them,” Wittenberg adds. management can help out. And so one heartening thought for the future is that, as the Governance gaps world gets riskier, there’s even more need for a good risk manager. SR “As the world grows together it is also growing apart.” This is the [READ MORE ON-LINE] To download the World Economic Forum’s paradox the WEF report threw up. There are too many competing Global Risks Report 2011, go to goo.gl/DNbJq interests and values across the world, making global co-operation

Cross-cutting global risks Economic disparity and global governance failures were highlighted by WEF as the two most highly connected risks. They inﬂuence the context in which global risks evolve and occur in two critical ways: 01: they can exacerbate both the likelihood and impact of other risks; and 02: they can inhibit effective risk response.

ANALYSIS

What’s missing from the WEF report? The World Economic Forum’s Global Risks Report sets out to describe the global governmental, societal, geopolitical, environmental, and technological risk framework, but it is not speciﬁcally aimed at corporations. “Organisations have to take their own view,” says Airmic chief executive John Hurrell. Rear Admiral Chris Parry, a strategic risk consultant for the government and large enterprises, thinks the report suffers from a

common error – that “the future is like the present, only more so”. “Lots of the risks in the report are very linear,” he says. “There are very few long-term trends and nothing in there that would give organisations a competitive edge.” He thinks there are certain omissions, including the fragility of the Chinese economy and the possibility of the USA making a strong return to its leading position on the world stage. “There’s an

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

assumption it will go down a certain route,” he says. “There should be more on South America coming on strongly over the next decade,” Parry continues. “And more on state-backed criminality, which means the state using illegal means to assert its economic and political interests.” Parry also thinks that the WEF overlooks maritime risks. “In future, there will be a much more concerted effort to exploit the commons like

the sea and space,” he says. “The sea is the real physical manifestation of the worldwide web.” Finally, cyber risks are not given the attention they deserve, Hurrell adds. “Cyber risks are rapidly heading up the risk register of many organisations and it is genuinely a global risk, both in terms of interruption of business but also the potential for the or manipulation of data. I don’t think the report made enough of this.”

Viewpoints

[ PEOPLE ] [ OPINION ] [ COMMUNITY ]

Successful involuntary homocide prosecutions are rare – and the French are ﬁnding it no easier than their UK counterparts to secure a conviction Sue Copeman, EDITOR-IN-CHIEF, STRATEGICRISK IN MY OPINION

Corporate manslaughter – a hard case to prove A

industrial disasters of recent years. In February 2009, charges were made against energy company Total’s Grande Paroisse subsidiary, which owned the AZF mechanics were guilty of involuntary homicide chemical fertiliser factory, and the plant’s former for their role in the 2000 crash of an Air France director, Serge Biechelin. These alleged, among other Concorde jet that killed 113 people. The following things, involuntary homicide and causing injury and week, Continental Airlines confirmed that lawyers destruction of property. Total paid €2bn in had filed its appeal against the verdict. compensation but without acknowledging any In the previous month, lawyers had prepared criminal liability, and both the company and its criminal suits for negligence and involuntary former chief executive were cleared of responsibility homicide against Servier, France’s second biggest by the French court later that year. pharmaceutical company, in connection with weight Even in the cases of successful prosecutions in loss drug Mediator. The amphetamine-derivative France, it seems to have been drug allegedly caused about 500 difficult to get sentences to stick. deaths from heart damage and In November 1996, Church of 3,500 hospital admissions. Scientology leader Jean-Jacques Involuntary homocide in Even in the cases of Mazier was convicted of France is defined as a negligent successful prosecutions involuntary homicide and killing punishable by a fine and/ fraud, following the suicide in or prison sentence. In the UK, in France, it seems to 1988 of a member who, the equivalent charge would be have been difficult to prosecutors said, was under manslaughter or corporate financial pressure to pay for manslaughter. In France, the get sentences to stick Scientology ‘audit sessions’. offence dates back to the French Mazier was sentenced to a Penal Code of 1810. Perhaps three-year prison sentence with 18 months suspended more early prosecutions met with some degree of and a 500,000 Franc fine. On appeal, the entire prison success but in modern times this is not the case. sentence was suspended. The most dramatic involuntary homicide It appears that French prosecutors are having the investigation – certainly the one that hit the most same difficulties as those in the UK when it comes to international headlines – was that surrounding the car bringing successful prosecutions, particularly against crash that killed Diana, Princess of Wales, Dodi Fayed corporations. The risk is not one that companies on and their driver Henri Paul in August 1997. French either side of the Channel can afford to ignore. But it police arrested photographers and a driver on suspicion will be interesting to see whether the conviction of of involuntary homicide and non-assistance to persons Continental Airlines and its mechanic still stands in danger. But it would appear that involuntary following the airline’s appeal. SR homicide is a hard charge to make stick. The September 2001 explosion at a Toulouse [READ MORE ON-LINE] Sue Copeman also writes a regular chemical factory, which killed 31 people and injured column at www.strategic-risk.eu more than 2,000, was one of western Europe’s biggest FRENCH JUDGE RULED IN DECEMBER

that Continental Airlines and one of its

> Proﬁle Frédéric Desitter......... 20 talks about the challenge of promoting risk management > The Other View China .......... 22 Stuart Poole-Robb: some markets will never be a level playing ﬁeld

INSIGHT

China uncovered Prone to natural disasters, China is proving a tough place to get catastrophe risk insurance. How can companies get around this? DESPITE CHINA’S burgeoning economic success, some foreign investors are ﬁnding it hard to buy the insurance cover they need. Catastrophe risk remains the big question mark, particularly in respect of earthquakes. Earthquake protection is unlikely to be included in a standard property policy. For large companies with a corporate master global policy, there are ways around this. But they must take care not to contravene China’s national insurance legislation. One route is using a master policy to cover the company’s ‘insurable interest’ in its Chinese assets. The insurable interest remains outside China, so shouldn’t come under regulatory scrutiny. Western companies may be able to arrange their own catastrophe cover satisfactorily but they also depend on possibly uninsured local workforces, customers and suppliers. Promisingly, both government and insurers are trying to address the problem. Beijing has a governmentfunded agricultural insurance scheme in place. And the China Insurance Regulatory Commission is encouraging insurers and brokers to provide catastrophe insurance against agricultural risks as well as earthquake, typhoon, ﬂood or other natural disasters.

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

VIEWPOINTS [ PEOPLE ][ OPINION ][ COMMUNITY ]

PROFILE

Flying high During 13 years in risk management, Frédéric Desitter has gone from being perceived as a ‘messenger of doom’ to being an indispensable part of Aéroports de Paris’ operations

Key to success 01: Always link risk management with the business’s strategic objectives 02: Make sure your company is not just doing risk management because it is told to do so by regulators 03: Even with a clear mandate from the top, you have to be able to sell the beneﬁts of risk management at all levels of the business 04: Use concrete examples to help show how risk management makes life easier and clients happier 05: Risk management is a step-by-step process: don’t set your goals too high

OR A TIME, BACK IN THE 1990s AND 2000s, FRÉDÉRIC Desitter was something of a risk management missionary. Spearheading the 12-strong French risk management consulting team at UK-based Euro Log, it was his task to promote the discipline within many of France’s largest companies. “At that time, risk management in France was not as widespread as it was in the UK. It was something new, and promoting it within companies was quite a challenge, but also very interesting.” To speak to Desitter now, it seems clear that the challenge has been overcome. Since 2008 he has been the chief risk officer of Aéroports de Paris, which owns and operates three Parisian airports: continental Europe’s number one hub, Charles de Gaulle; France’s number two airport, Orly; and the mainly business aviation centre, Le Bourget. Far from the missionary days of the 1990s, risk management has become integral to the airport operator’s business model: Desitter was hired directly by Aéroports de Paris chief executive Pierre Graff and given a strong mandate from the top to put systems in place. But it has not been an overnight transformation. As Desitter says, risk management is “a step-by-step process”. Here, he talks us through some of the crucial steps he has taken on the way …

Man on a mission “My background helps me,” says Desitter. “I’ve been directly involved in operations for many years and worked on some major international projects as a risk manager.” After graduating from France’s prestigious Essec business school in Paris with an MBA and starting his career in a number of operational jobs and corporate functions, Desitter spent seven years from 1997 as a consultant with Euro Log. There he worked with a range of businesses throughout France, including the nation’s railway (SNCF), oil multinational Total and energy giant EDF. In all his 13 years in the field, the experience that has stuck with him most is when he was helping to develop offshore oil drilling platforms for Total in Angola. Desitter was responsible for putting in place risk management procedures to help secure several massive floating oil platforms off the coast of the south-central African country. Each project was worth upwards of $5bn (€3.67bn), with drills operating at sub-sea depths of 1,300m (BP’s disastrous Macondo oil well in the Gulf of Mexico operated at roughly the same depth). These projects, he says, were among the world’s first in such severe environments and the pioneering engineering work was shrouded in risk. Safety was obviously a serious concern, as was making sure the equipment could keep going. But one of the biggest difficulties to be overcome, he recalls, was procuring the huge quantities of steel required to construct the oil

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

‘At Total, they used to call me the messenger of doom. But by the end, they looked forward to our meetings’ Frédéric Desitter Aéroports de Paris

pipes and platforms at a reasonable price. Then, just as today, a booming construction industry in China was fuelling a huge spike in steel prices, which meant that Total’s suppliers were breaching their contracts in order to sell at a much higher price elsewhere. Desitter implemented risk management procedures that became the company standard and which were spun out to Total’s many contractors all over the world. “I made sure that the contractors on these projects, ranging from Norway to Korea, used the same risk management system. There was a lot of training involved and embedding the culture of risk management.” Trying to formalise the procedures as part of the company culture was the most challenging part of it, he says. “At Total, they used to call me the messenger of doom.” But by the end of it, he says, “they looked forward to our meetings”. “I was able to show the businesses that proper risk management allowed them to control the project and fulﬁl their company’s objectives.” Desitter also used Monte Carlo simulations to show that in the long term it was cheaper for the company to invest in maintenance rather than wait for something to go wrong. By linking risk management with real ﬁnancials in this way, he was able to win support for it.

Landing at Aéroports de Paris In 2008, following four years with the infrastructure company Alstom, where he worked on projects all over Paris, Desitter joined Aéroports de Paris. The organisation is responsible for developing and managing the airport installations in France’s capital city (but not air traffic control or the flights themselves). “We are a single point in a very complex chain, which is the overall airport system. That’s a challenge,” he says. Airports are, of course, risky operations: there are all the huge operational challenges of moving thousands of people safely around the world every day (Charles de Gaulle handles more than 60 million passengers a year), combined with the serious technical issues related to the hi-tech equipment. And there’s the added pressure that airports are critical aspects of infrastructure, with international significance, which also happen to be the favoured targets of attention-grabbing terrorists. And yet when Desitter came on board, even though risk management was an intrinsic part of the way Aéroports de Paris operated, the company had no dedicated risk management department. Desitter was hired by Graff to design a systematic and structured approach, or enterprise risk management (ERM) system. “It was the will of the chief executive to put in place an ERM system,” he says. “I designed and produced the first risk map and presented this to the chief executive and to the board. I am also responsible for developing the company’s risk culture.” In all, Desitter leads a team of 25 people, who deal with: ERM (including the crisis management division and business continuity); information security; global security (reflecting the vital role that the airports play in France’s critical infrastructure); and fire prevention.

A change of approach Raphael Dautigny

Navigator: Desitter brought the ﬁrst risk map to Aéroports de Paris – he now works with different business units to create their own

A few years into the job, Desitter is helping different business units to create their own risk maps. At the moment he is working on one for Charles de Gaulle airport. “We have moved from a top-down to a bottom-up approach,” he says. He has a network of 30 risk co-ordinators across the business who champion risk management at a grass-roots level and take ownership of it. “The risk owner is in

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

VIEWPOINTS [ PEOPLE ][ OPINION ][ COMMUNITY ]

Markets such as China will never be a level playing field for Western companies until effective legislation is put in place » charge of defining the risk and deciding on the right actions. My role as CRO is to facilitate that, along with the co-ordinators, and to make sure that things are done properly.” “One of the keys to risk management is transparency,” he says. “You need to be able to explain how risk management will help the business to reach its operational or strategic objectives.” The next step is to link risk management with the decisionmaking process. “When we work on a new investment, part of the process is to show what risks this new project will mitigate and what risks it will generate for the business. Then you invest most of your risk management efforts where the risk is highest.” Even with a clear mandate from the top, you still have to sell risk management within your business, says Desitter, and how you do that depends on the audience you are communicating with. “You can sell it at the top by saying it gives a clear vision of the risks and issues at a strategic level. It helps the company’s decision-making process and it helps to anticipate problems before they arise, because it’s more easy to step back and see what the long-term risks are. It is a strong management tool to make sure the company fulfils its objectives.” But it is tough to get people lower down the organisation to admit where the problems are within their area if they think they are going to get the blame. “That’s why you need to promote a blame-free culture on risk issues,” says Desitter. And, he adds, you need to find concrete examples to help you get people on side. “You have to be able to show people that the time and money they invest in risk management is actually worth it because it really will make their life easier and clients happier, which in our case means the passengers and airlines. You need to take a gradual approach.” So what does he think others can learn from Aéroports de Paris? “Here we are very operational. We manage risks because we need to for security and it is a good thing to do for the business. I think the trick is to go from something that is centred around compliance to something more dynamic and operational, which is used to improve the overall performance of the company.” SR

IN MY OPINION

Born salesman: you need to sell the importance of risk management to all levels of an organisation

[READ MORE ON-LINE] There is an archive of risk management proﬁles on www.strategic-risk.eu

COMPANY PROFILE

83m

passengers passed through Aéroports de Paris’ installations in 2009 travelling on one of about 740,000 aircra

€59.97 7,000 price of ADP’s shares trading on the Euronext exchange in January

hectares of land managed by ADP – the largest airport domain in Europe

2.1% 12,000 60m traffic decline due to last year’s Icelandic volcano eruption

employed at ADP, Europe’s number one airport group in terms of cargo and mail handled (2.39 million tonnes were handled in 2008)

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

passengers a year handled by ADP’s Charles de Gaulle airport (Europe’s number one hub)

Forced to play by the house rules E

UROPEAN COUNTRIES ARE SLIPPING

down the charts in terms of competing for

international contracts, particularly in the emerging markets. In fact, and particularly since the 2008 ﬁnancial crisis, many emerging markets now have the upper hand in terms of purchasing and exporting power. It is not that Europe doesn’t produce good inventors or manufacturers, but that companies based here are losing out on vital export sales and coming up against countries where the rules of engagement are quite different. The reason for the lag in some cases is that governments have kept out of trade negotiations while ministers from other nations (particularly China) have taken a direct part, reaching government-to-government agreements and backing valuable contra-deals and joint ventures. Moreover, Western companies on the whole do not offer bribes and inducements. Practices that used to fall under the euphemism ‘useful expenditures’ are now illegal. Some companies that have rigidly adhered to these rules have missed out on valuable contract renewals and add-ons. But at the same time, there are some countries in the emerging world that ﬂaunt their indiscretions. A perfect example of this is China and its rail manufacturing. When the Japanese and European companies that pioneered high-speed rail agreed to build trains in China, they thought they would gain access to a booming new market that would be worth billions of dollars. They also thought they would be involved in the creation of the most ambitious rapid rail system in the world. They did not realise that they would be competing with Chinese organisations that would adapt the original technology and claim it as their own, making millions in the process. The Chinese administration has effectively usurped international intellectual property rules and is making a killing out of doing so. It is gloating to the world about inventing the very systems with which it was provided, while the chiefs of some of the overseas companies involved in providing that

Stuart Poole-Robb, CHIEF EXECUTIVE,

Community update

KCS GROUP EUROPE

initial technology and design are left to lick their wounds. Kawasaki of Japan was just one of the many international companies whose designs, innovations and know-how have been cloned. As one Kawasaki executive said in November: “Claiming most of the recently developed bullet trains as China’s own may be good for national pride, but it’s nothing but deceitful propaganda. How are you supposed to fight rivals when they have your technology and their cost base is so much lower?” As emerging markets develop, they are increasingly favouring domestic suppliers, meaning they are able to demand even more from companies who want to do business with them, and in the process they gain access to even more advanced technologies. Yet companies, in the search for new and more lucrative markets, continue to queue up to offer their technology, which can be copied and turned around to the world market again. The Chinese These are serious risks to international administration has business. And they pose a difficult question: is it effectively usurped time that Western international companies stopped playing the good guy? intellectual property The answer is no. rules and is making a But the playing field has to be levelled. This will killing out of doing so not happen until the EU, the Russian Federation and Asia Pacific agree to a set of rules and legislation. Organisations need to become more aggressive in their attitude to doing business overseas, but they must also acknowledge that certain sectors are rife with corruption and do their homework first before tendering. Effective due diligence must be applied. In my experience, the industries that demand caution include pharmaceuticals, communications, defence, nuclear, oil and energy, while in geographical terms the corruption hot spots are the Russian Federation, Asia Pacific, India, China, Latin America and the Middle East. SR Stuart Poole-Robb has served in the Royal Air Force as well as the British secret service. He founded Merchant International Group in 1985 and is now chief executive of KCS Group Europe [READ MORE ON-LINE] For more opinions by our other columnists, go to www.strategic-risk.eu

France’s annual risk management conference, Les Rencontres AMRAE, was held for a second year in the seaside resort of Deauville, Normandy, on 2-4 February. AMRAE president Gerard Lancner welcomed almost 2,000 risk professionals to the Centre International de Deauville. For full coverage of the event, download StrategicRISK’s French language dailies. Go to goo.gl/3HDcH

E.ON risk manager Klaus Greimel has been appointed acting president of German risk management association DVS, following the departure of Stefan Sigulla in September last year. Sigulla stepped down from his post at Siemens to join German industrial insurer HDI-Gerling as a member of the board. DVS will elect a new president at a general assembly on 5 May 2011.

At the time of going to press, Sweden’s annual Vikingarännet (or Viking Run), an 80km ice skating challenge, was scheduled for 13 February. Ferma president Peter Den Dekker will take part along with a host of risk and insurance professionals. Den Dekker hopes to promote the risk profession and the annual Ferma conference, which takes place at Stockholm’s Waterfront Congress Centre on 2-5 October.

HOT ISSUE

Get your skates on In anticipation of the Ferma conference in Stockholm this year, Ferma president Peter Den Dekker and StrategicRISK editor Nathan Skinner prepare for the annual Vikingarännet race. The 80km ice skating race, otherwise known as the Viking Run, is an annual event on the frozen surface of the Mälaren, a freshwater lake outside Stockholm. Also competing in the race are representatives from IF Group, Zurich, Hannover Re, Lloyd’s, Crawford & Company, and Aon.

Breaking the ice: Den Dekker (right) and novice skater Skinner warm up for the Viking Run on an ice track in Holland

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

Strépy-Thieu, Hainaut, Belgium

XL Insurance is the global brand used by XL Group’s insurance companies.

Companies around the world trust us to insure their business risks Expert – technical expertise to manage your most complex business risks Global – supporting clients in over 100 countries Client-focused – addressing your speciﬁc business risk management needs

Please visit us at www.xlinsurance.com

Risks

> Feature Political risk ..............28 Western Europe isn’t always less politically risky than the likes of, for example, Somalia, Sudan or the Democratic Republic of Congo

[ THREATS ] [ OPPORTUNITIES ] [ MANAGEMENT ]

Revolution Day: Mexican schoolchildren dress as revolutionaries for a parade. Struggles between drug cartels could bring indiscriminate violence to the streets

RISK SCENARIOS

Foreseeable futures Future gazing is tough but it’s something risk managers have to do with conﬁdence. Here are four risk scenarios that could materialise in 2011

1 2 3 4

→

Corbis

HAT WILL BE THE KNOCK-ON EFFECT OF CAPITAL migrating fast to emerging economies, as Western economies continue to suffer the effects of the ﬁnancial crisis? Exactly what would happen if a country actually defaulted on its debts? What would an escalation in Mexican drug violence mean for international trade? And how would Iran respond to Israeli air strikes against its nuclear facilities? We asked intelligence company Exclusive Analysis to assess the likelihood of these four scenarios. If you’re worried about any of them, turn over to ﬁnd out more.

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

RISKS [ THREATS ][ OPPORTUNITIES ][ MANAGEMENT ]

Stricter capital controls

LIKELIHOOD 85% FACT BRAZIL’S REAL 39% UP ON US DOLLAR

EVENT: Increased use of capital controls in emerging markets to limit upward pressure on exchange rates and their diminished trade competitiveness. TRIGGER: Central banks in the West are running stimulative monetary policies (printing money and keeping interest rates low). Excess capital is ﬁnding its way into emerging markets to ﬁnd higher returns. This is pushing up the value of emerging market currencies – for instance, Brazil’s real has risen 39% against the dollar since January 2009. Exporters have been vehemently lobbying governments in countries like Brazil to stem their rising currencies. IMPLICATIONS FOR BUSINESS: Central banks are intervening in foreign exchange markets to offset currency appreciations. This results

in an expansion of the monetary base and makes it harder for monetary authorities to control inflation in economies that are already close to overheating. Countries where additional capital controls (for example, taxes on inflows) are most likely include Brazil, Thailand, South Korea and Indonesia. In spite of a ra of measures to weaken the won in 2010, foreign holdings of Korean bonds were 60% higher at the end of 2010. South Africa, Taiwan and Chile are also considering taxes on capital inflows. Businesses operating in these countries should realise overheating is an increasing risk. LIKELIHOOD IN 2011: 85% It is extremely likely there will be much more capital control, especially given the wide growth differential likely to persist between the developed and developing world.

A country can’t pay its debts

Brazil’s currency is rising in value and additional capital controls are likely Corbis

LIKELIHOOD 25% FACT GREECE/IRELAND RENEGOTIATING CREDIT

TRIGGER: The triggers are already present, as both Greece and Ireland have debt burdens so great they will very likely be forced to renegotiate with creditors at some point. German popular and political will to support countries viewed as excessively proﬂigate could well snap in the face of mounting eurozone commitments.

IMPLICATIONS FOR BUSINESS: Large losses would occur across European banks holding this defaulted debt and they would become more risk averse in their lending policies. Companies with assets and contracts in a devalued or so eurozone country would see their values sharply diminished. Devaluation, if it were to accompany default, would mean extensive insolvencies and sharp economic contraction in these countries. However, a er a period of considerable pain, stronger growth rates would probably emerge thanks to a more competitive currency. LIKELIHOOD IN 2011: 25% A muddle through this year is most likely, although each request for additional, larger budgetary support strains this further.

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

Greece and Ireland are set to default and will renegotiate with creditors Panos

EVENT: Greece and/or Ireland announce that sovereign bond holders will not receive full repayment of their capital. This causes a new wave of aggressive selling as bond investors factor in an increased risk that other nations (for example, Portugal and Spain) will be forced to follow suit. It becomes clear that one or more existing members will withdraw from the eurozone, or that the single currency will fracture into ‘hard’ and ‘so ’ eurozone areas.

Drug wars in Mexico LIKELIHOOD 60% FACT 8,000 PEOPLE KIDNAPPED EVERY YEAR

EVENT: A marked deterioration in the security environment resulting from an escalation in the drug cartel conﬂict in Mexico. TRIGGER: The collapse of existing alliances between drug cartels and splits within individual cartels – for example, a ﬁerce struggle between the Sinaloa and Juárez cartels for control of Ciudad Juárez and surrounding areas has made Chihuahua the most violent state since 2008. Pressure from authorities on the cartels since president Calderon came to power has also been a major trigger for violence.

Panos

Mass shootings and grenade attacks in bars are expected in Mexico

IMPLICATIONS FOR BUSINESS: More than 60% of manufacturing facilities exporting to the USA are located in the six border states, where 45% of all cartel-related killings happen. Many manufacturing

operations have reported reduced productivity. Customers and vendors are reluctant to visit some areas and some expansions and investments are being put on hold. Security forces are unlikely to be able to halt the increase in cargo the s. Household and electrical goods are favourite targets, with access roads around Mexico City the most affected. Corporate security managers need to be aware that the violence is becoming more indiscriminate. In 2011, it is likely to include mass shootings and grenade attacks in bars, including in tourist resorts like Puerto Vallarta in Jalisco and Cancún in Quintana Roo. LIKELIHOOD IN 2011: 60% Most indicators (for example, the number of killings and kidnappings) suggest a continued marked deterioration.

Air strikes against Iran LIKELIHOOD 20%-25% FACT IRAQI SHIAS SYMPATHETIC TO IRAN

EVENT: As Iran makes progress in uranium enrichment and ballistic missile development, and Israel sees its window of opportunity for pre-emptive action narrowing, Israel launches air strikes targeting Iran’s nuclear infrastructure in 2011, to set back its nuclear programme. by years TRIGGER: Iran obtaining enough enriched uranium to progress quickly. A further trigger would be the imminent Iranian acquisition of an advanced air defence capability similar to the Russian surface-to-air missile system S-300, which would make a future Israeli strike difficult.

Corbis

Israel is likely to launch air strikes against Iran’s nuclear infrastructure

IMPLICATIONS FOR BUSINESS: It is likely Iran would retaliate by

attacking shipping in the Persian Gulf and mining in the area. Iran would launch ballistic missiles at Israel and energy and military assets in Gulf Arab states. Hezbollah in Lebanon could launch rockets into Israel, conduct cross-border raids and activate militant proxy cells to carry out bombings of military installations and strategic assets in Gulf Arab states. The residual US military presence in Iraq would come under sustained attack by Iraqi Shia militia groups sympathetic to, and in some cases funded by, Iran, and by special groups tasked by the Iranian Revolutionary Guards’ Al-Quds force. LIKELIHOOD IN 2011: 20%-25%

Source of all data: Exclusive Analysis, an intelligence company that forecasts political and violent risk worldwide

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

RISKS [ COVER STORY ]

according to their organisation’s activities. Managing director of Lockton political and credit risks division Peter Hornsby explains that large oil and mining companies, for example, regard managing political risk as intrinsic to their day-to-day business. “It’s just part of what they do and their The global recession and recent civil and political unrest have meant return on equity reflects how good they are at it,” he says. For example, in potentially doing business in western Europe isn’t always less problematic than in volatile areas, they will borrow money locally to fund assets to reduce the financial impact the likes of Somalia or Sudan. What can risk managers do to protect of government confiscation. both their company’s reputation and their employees on the ground? “At the other end of the scale are companies that access particular countries, HILE THE ‘USUAL SUSPECTS’ OF RECENT YEARS perhaps as sources of cheap labour or essential raw materials, and such as Iraq and the Democratic Republic of the Congo don’t have the same level of experience,” he adds. (DRC) remain high on the list of most analysts’ high political risk areas, recent months have thrown up some surprises – and it’s the Know who you’re dealing with Maplecroft associate director Anthony Skinner names the top six unexpected that could catch out risk managers. countries in the analyst’s political risk dynamic index – which “There’s no such thing as a ‘bad’ country – but there are bad identifies countries that could experience business-risky political risks within countries,” says Jardine Lloyd Thompson head of credit changes in the short term – as Somalia, DRC, Sudan, Myanmar, and political risk analysis Elizabeth Stephens. She says the broker has Afghanistan and Iraq. He has some tips for risk managers thinking arranged some deals relating to the notoriously high-risk Sudan that of going into such countries. have gone smoothly, “while some clients have had problems with “You need to do as much due diligence as possible, particularly transactions in western Europe where one might not think there would be a problem”. when embarking on a joint project. Know the people you are going to The whole area of political risk is a difficult one for most risk be working with and find out as much as you can about their business practices,” he says. While companies may only be able to exert managers because it encompasses such a wide area – basically influence at a local level and not be able to influence government, anything that can affect your assets, people, contracts or consumers Skinner stresses that it’s important to ensure that your company is not in another country. And the way risk managers view the issue varies POLITICAL RISK

Unusual suspects W

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

Delesenit quat qui eugait augiacon sed tat iriusci tet vero consecte ming etptat ut

endorsing or associated with unacceptable government practices, such as human rights violations by security forces, and as far as possible to protect your employees on the ground. Stephens agrees that it’s important to understand the market in which you are operating and to know your local partner. “Are they independent or do they have connections with government that might mean they could be politically motivated?” she asks. Local business partners that might be involved in corrupt practices should be avoided. “News of this can significantly damage your business, lose consumers’ and clients’ confidence and have a negative impact on brand value,” Stephens says. Such bad publicity can even result in investors selling their shares, she adds. Contingency planning is important in a situation that flares up suddenly, such as in Tunisia, according to Hornsby. “You should know in advance how you’re going to get people out of any country quickly,” he says.

SPOTLIGHT

Tunisia: the revolt that no one expected

Cover yourself

Corbis

Predict a riot: Tunisia was seen as relatively stable until recent protests over what is seen as a corrupt political system led to widespread unrest

Key points 01: The area of political risk is difficult for risk managers because it encompasses such a wide range of issues 02: The global recession, credit crisis and political unrest have created a much more complex risk landscape 03: Risk managers need to do as much due diligence as possible, particularly when embarking on a joint project 04: Understand the market in which you operate and know your local partners 05: Risk managers could ﬁnd themselves out of a job if a major loss occurs

Leaving aside the acknowledged high-risk countries, European nations are by no means immune to political risks. Budgetary pressures have led to some unpalatable economic decisions by governments and painful price increases. These have ‘Corruption by local resulted in civil unrest, such as the violent protests in the UK against business partners can increased university fees and nationwide demonstrations in Greece damage consumers’ last year against the results of cuts in and clients’ confidence public spending. Hornsby recommends that risk and have a negative managers whose companies don’t impact on brand value’ accept political risk as an everyday Elizabeth Stephens threat to doing business should Jardine Lloyd Thompson consider transferring the risk. Although insurance may appear expensive, there are ways of minimising the cost, he says. An uninsured loss could jeopardise relationships with shareholders – and, unless an active decision not to insure has been taken at a senior level, risk managers could find themselves out of a job if a major loss occurs. If you do decide to insure, Hornsby recommends a noncancellable policy that will extend over the period before there’s a payback on investment. For a company building a facility overseas that could take five years to complete, this guarantees the insurer can’t refuse to renew in the interim should the political risk worsen. So is such political risk increasing? Marsh international head of political risks and structured credit business Julian Macey-Dare said, when introducing the launch of an expropriation policy in December: “The global recession, credit crisis, increased terrorist activity and political unrest have created a more complex risk landscape for companies investing, manufacturing and trading overseas. Combined with a lack of liquidity and lending constraints, companies now have much higher levels of risk on their balance sheets.” It will be up to the risk manager to navigate their company through this changing landscape. SR [READ MORE ON-LINE] For up-to-the-minute political risk analysis as the crisis unfolds, go to www.strategic-risk.eu

On 17 December 2010, college graduate Mohamed Bouazizi committed public suicide by self-immolation outside the Tunisian civic centre in the main square of Sidi Bouzid. Bouazizi was protesting against what he saw as a corrupt political system that prevented him making a livelihood even as a street vendor. His extreme protest triggered a revolt in the country, with violent protests in the streets of several cities, including the capital, Tunis, and the departure into exile on 14 January of Zine El Abidine Ben Ali, who had been the country’s president for 23 years. Ben Ali had pursued an aggressive policy of stiﬂing potential opposition and alleged ‘terrorist’ movements, also inﬁltrating independent institutions such as trade unions and universities. In January, Tunisia’s interim president, Foued Mebazaa, gave a televised speech promising “a complete break with the past” to calm fears that the revolution was being hijacked by the presence of the dictatorship’s ruling party in the interim government. In the meantime, Switzerland has frozen Ben Ali’s assets. Tunisia’s situation has taken much of the world by surprise. It had been regarded as relatively stable, with a reasonably successful and buoyant economy, much of which is based around external investment in manufacturing, offshore services and tourism. At the time of writing, a question mark hangs over what will be the eventual outcome for the country.

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

RISKS [ THREATS ][ OPPORTUNITIES ][ MANAGEMENT ]

RISK FINANCING DIRECTORS’ & OFFICERS’ (D&O)

A er the crisis

Rate movement of London market commercial D&O risks

The ﬁnancial crisis has le its mark in distinct and different ways, as the commercial and ﬁnancial institutions sides of D&O prove. So how are these markets shaping up?

OLLOWING THE FINANCIAL CRISIS AND THE UPHEAVAL AND volatility it brought, two distinct trends have emerged in the European directors’ and officers’ (D&O) insurance market. While the commercial D&O market, which was largely untouched by the crisis, has remained awash with capacity, the financial institutions D&O market has been much more challenging. Willis’s financial, executive and professional risk division executive director, Julian Martin, says the European commercial market has so ened to pre-9/11 levels as carriers vie for business. “It is very competitive, like it was at the low point in 1999/2000, but without underwriters offering three-year deals. Capacity is there and well-run companies will be able to get good coverage and rates.” Aon financial services group managing director Enrico Nanni says European commercial D&O rates have fallen by between 10% and 15% since the crisis, depending on the industry sector and the level of competition in a particular local market. “In Turkey, a risk might receive a 10% deduction but in Spain, where there is more competition, the same risk might be 20% off,” he says. The market for financial institutions D&O has been much more difficult, particularly in the a ermath of the crisis, as banks’ balance sheets were impaired and major claims, such as those connected to the collapse of Lehman Brothers and the Madoff fraud, emerged. There were rate increases of as much as 100% for financial institutions risks, depending on how programmes were structured, the extent to which rate reductions had been achieved prior to the crisis and the level of competition in a particular market. Rates have recently started to so en as insurers’ appetite for financial institutions business has grown. Nanni says: “The market didn’t harden as much as expected. We haven’t seen any withdrawal of capacity. In fact, there’s been an increase in capacity, with new policy forms excluding credit crunch claims. Insurers are keen to underwrite but are looking more carefully at financial institutions risks.” Rates for major European banks have decreased by 5% to 7.5% over the past year, according to Nanni. Martin adds: “All the major banks have healthier balance sheets than 18 months ago. Underwriters want to maintain a healthy book of business and are writing good risks. But they are being more careful and employing a great deal of due diligence.” A key factor in recent D&O market trends has been a less aggressive claims environment than expected for both general commercial and financial institutions D&O risks. Beachcro partner Patrick Hill says: “Two to three years ago, there was an expectation of a tidal wave of claims because of major losses from Madoff, Stanford and Lehman Brothers.

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

The so market continues, with reductions starting to level out as minimum rates at which underwriters will commit capacity are close to being achieved Predicted Actual Premium % change

Q1 2007

Q3 2007

Q1 2008

Q3 2008

Q1 2009

Q3 2009

Q1 2010

Source: Willis, Executive Risks – A Boardroom Guide (no data for ‘actual change’ available past Q3 2009)

Underwriters are so keen to write commercial D&O business they will ‘take whatever is put in front of them’, although they are still scrutinising ﬁnancial institutions risks “These losses have hit most major European and US D&O insurers. But we haven’t seen the small and medium-sized D&O claims. You’d have thought there would be more claims as companies go under and liquidators look to bring claims for wrongful trading against the directors.”

Outlook for European D&O market Brokers and risk managers do not expect the so commercial D&O market to turn, as the glut of capacity remains and suppresses rates. However, in some markets, such as the London market, rates decreases have started to level off, as prices reach a floor (see chart). For financial institutions business, some say the D&O market may start to turn if insurers begin to suffer losses on claims incurred during the financial crisis or capacity levels decline. “Capital may decide that a better return on investment can be found in other classes of business or outside the insurance sector,” Nanni says. “This could happen in the second half of 2012 if rates continue to deteriorate. Insurers may say enough is enough.” SR

D&O rate movements

This shows the change in average D&O renewal premiums for cover renewed in a particular period x-axis: time period y-axis: premium change on renewal

Premium rates for directors’ and officers’ (D&O) insurance are generally stabilising or have had small reductions – with the notable exception of southern European countries, where there are some rate increases, according to Marsh

Ireland H1 2009 +20%

Ireland H2 2009 +10%

Spain H1 2009 +20% France H1 2009 -10%

Germany H1 2009 -10%

Spain H1 2010 -5%

France H2 2009 -10%

UK H1 2009 -10%

Ireland H1 2010 0%

Spain H2 2009 -10%

France H1 2010 10%

UK H2 2009 0% Germany H2 2009 - 5%

UK H1 2010 -10% Germany H1 2010 -10%

Source: Marsh, EMEA Insurance Market Report

PROGRAMME STRUCTURES

RISK PROFILE SINCE THE FINANCIAL CRISIS, THE RISKS facing directors have undoubtedly increased. The economic downturn has prompted a strengthening of legal and regulatory regimes. Directors and officers are being sued for accounting irregularities, issues arising from mergers and acquisitions and insolvency proceedings, employment-related claims, and breaches of health and safety, environmental and competition laws. Willis executive director of the ﬁnancial, executive and professional risk division Francis Kean says: “There have been a lot of notiﬁcations for claims relating to regulatory investigations and

inquiries. These have for some time been the greatest source of claims notiﬁcations and I don’t see that declining.” Aon’s Nanni says the heightened risk environment does not appear to be concerning underwriters. “While the risk is increasing in principle, the impact is not tangible yet. Underwriters are not worried and are not pricing these risks in. They are under pressure to make market share.” Some brokers privately say that underwriters are so keen to write commercial D&O business they will “take whatever is put in front of them”, although they are still scrutinising ﬁnancial institutions risks.

THE AFTERMATH OF THE FINANCIAL CRISIS HAS resulted in some changes to D&O programme structures. Brokers report increased demand for Side A coverage, which protects individual directors, as they become increasingly mindful of their own personal risks. “We are seeing more companies buying only Side A protection or buying a broad base of A, B and C coverage with a higher level of Side A,” Willis’s Julian Martin says. Aon’s Nanni adds: “The underlying [insurance programme] structures were o en reshuffled in the six to eight months a er the crisis. Directors want to have a buffer in case the underlying limits are eroded by other claims.” A further issue of concern to buyers is the compliance of multinational programmes with local regulations. This was a key area highlighted by Airmic in a survey of how risk managers are purchasing D&O cover. Airmic technical director Paul Hopkin comments: “There is greater awareness of the complexities of the D&O policies and of the weaknesses of international programmes in terms of meeting local regulatory regimes. Airmic members are going to the local regional office of their broker in order to buy a policy that satisﬁes the local regulatory requirements.”

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

Airmic Annual Conference 6 â&#x20AC;&#x201C; 8 June 2011 Bournemouth Embracing New Horizons

Can you afford to miss it? The Airmic conference is the UK risk management and insurance gathering of the year... more than 650 risk professionals coming together for two days of talks, lectures, training sessions and workshops. Plus, of course, plenty of social opportunities to share ideas, meet old friends and make new ones.

We look forward to welcoming you.

www.airmicconference2011.com

Together Leading in Risk

Panos

Governance

[ ETHICS ] [ COMPLIANCE ] [ REPORTING ]

> Bribery Top 10........................36 The Bribery Act is putting companies under even more pressure to ensure employees do not engage in corrupt practices. Here’s what you need to know

The human rights impact of Shell’s operations in the Niger Delta are under scrutiny

ETHICS

How not to behave Huge global companies have been used to having it their own way, often at great cost to local communities and the environment. What are the issues that should be on every multinational’s risk management agenda?

OYAL DUTCH SHELL WAS RANKED THE EIGHTH MOST

environmentally and socially controversial company last year

in a report by consultancy RepRisk. One area that continues to damage Shell’s reputation is the impact of its oil and gas operations in Nigeria. The long list of accusations levelled at Shell includes bribery, mistreatment of communities and environmental damage. Last year, Shell agreed to pay $48.2m (€35m) to avoid legal proceedings in the USA over accusations that it bribed Nigerian civil servants to gain access to the Boriga oil ﬁeld. Shell also came under ﬁre when it paid for a report by the UN Environment Programme that exonerated the company for oil pollution in the Niger Delta. An Amnesty International report states: “In over half a century of Shell’s operations in the Niger Delta, thousands of oil spills have left an appalling legacy of environmental harm.” And at the time of writing, Shell was under scrutiny by the Dutch parliament for the environmental and human rights impact of its operations in Nigeria. At best a public relations disaster and at worst a human rights tragedy, what lessons can other multinationals learn from this story?

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

GOVERNANCE [ ETHICS ][ COMPLIANCE ][ REPORTING ]

MOST ENVIRONMENTALLY AND SOCIALLY CONTROVERSIAL COMPANIES OF 2010 Rank Company 1

Transocean

Vedanta Resources

Exxon Mobil Corp

Foxconn Electronics

Chevron Corporation

BG Group

Royal Dutch Shell

Sinar Mas Group

Magyar Aluminium

Source: RepRisk

Take responsibility Don’t try to shirk responsibility. Organisations that make an effort to clean up after themselves will get much better credit and treatment from the media and public than those who try to avoid responsibility altogether. Companies should apply rigorous ethical standards. They cannot abandon their ethical codes when they leave their home markets. At home, in the developed markets of the West, the behaviour of multinationals is more likely to be scrutinised thanks to stronger legal control mechanisms and close media scrutiny. This does not mean that the same principles of fairness and accountability do not apply in far-ﬂung parts of the world. But all too often this is the case – companies can become embroiled in human rights abuses or other acts they would never consider at home. Ethical behaviour is becoming even more important as companies based in emerging markets grow and begin to compete with established Western brands. In the future, Western companies could fall by the wayside because of their perceived exploitation of less developed countries.

Corbis

Be accountable ‘Corporate responsibility According to Amnesty, the root cause of the is no longer voluntary, it conﬂict situation in Nigeria between the locals and the oil industry is a lack of effective accountability is “pseudo-mandatory”’ and redress for harm to the environment and Steve Wallace National Grid human rights. Aggrieved and frustrated, some locals have taken things into their own hands, committing acts of sabotage on oil pipelines and installations. “Violent action against the oil industry in the Niger Delta has emerged after years of poor practice, including failure to clean up pollution, a lack of transparency and payment of compensation,” says Amnesty.

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

Act responsibly Bad corporate behaviour feeds community distrust and anger, which can fuel conﬂict, notes Amnesty. “If a company believes that ﬁnancial results are all that are important then they have a view of their business which is entirely out of date,” adds former Conservative minister John Gummer, a member of the UK’s delegation to the climate change conference in Kyoto in 1997 and in Buenos Aires last year. Social and environmental issues should be intrinsic to how a company thinks of itself. This is important for staff morale, customers and increasingly for investors too. Corporate responsibility is no longer voluntary, it is “pseudo-mandatory”, believes National Grid’s head of environment and global standards, Steve Wallace. FTSE 100-sized companies should be acting responsibly because their customers, stakeholders and investors expect it.

Communicate clearly with your stakeholders A failure to keep key stakeholders informed is the most common reason for an incident running away from a company in the hands of the media. As every good PR consultant knows,

Under ﬁre: oil from a leaking pipeline burns in Goi-Bodo, a swamp area of the Niger Delta

conscious businesses to set their own targets. The corporate sector should not wait for carbon reduction commitments to be forced upon them. The best businesses think beyond the boundaries of corporate social responsibility. Doing the right thing doesn’t merely involve corporate philanthropy. Organisations should ensure that sustainability pervades everything that they do. That means, for example, making sure products in your supply chain are sourced from environmentally, as well as socially, sustainable places.

Human rights can’t be ‘offset’ A company might make positive contributions to an area by providing employment or development, but that does not mean it can act irresponsibly in other areas. As Amnesty puts it: “In human rights terms, positive action in one area does not absolve any actor of responsibilities for human rights harms elsewhere.”

Don’t think you hold all the cards Evidence recently released by the WikiLeaks website suggests that Shell once thought it had absolute inﬂuence over Nigerian officials. But it’s naïve for multinationals to believe they have the power to inﬂuence governments in poor countries. According to consultancy Maplecroft chief executive Alyson Warhurst, the balance of power is shifting and increasingly the governments of poorer countries are assembling a strong cadre of well-educated leaders who will do the best for their countries. This means giving contracts to the best bidders – and that will not include companies that ignore their environmental footprint or fail to engage properly with local communities. Companies that fail to accept this, convinced they can hold sway over the government in poor countries, will be dismissed.

Look to the past as well as the future Until past grievances are addressed properly, the people affected cannot close the door and look to the future. The way forward includes accountability and redress for past wrongs, where they exist.

proactive communication is the best way for a company to exert inﬂuence over the way news journalists treat a story. Although it’s not always possible to put a positive spin on issues, communicating in other ways – such as through company reporting – is also vital to prevent outsiders and the public getting the wrong impression about your company.

Avoid greenwash The media is increasingly shrewd about companies that spend more on publicising their green efforts than on the environmental initiatives themselves. Central to helping stakeholders make sense of the environmental and emissions-related claims a company might make is a simpler, more effective and reliable set of metrics. Yet investors and the public still don’t have access to transparent and comparable data on carbon emissions, which means they are still subject to greenwash. But the world is getting hotter and carbon emissions are believed to be the main reason. With the failure of the climate change talks in Copenhagen to come up with a strict set of rules to keep global warming within a 2°C increase, the onus is ﬁrmly on environmentally

Key points 01: Social and environmental issues should be intrinsic to how a company thinks about itself 02: Proactive communication is the best way for a company to exert inﬂuence over the way journalists treat a story 03: It is naïve for companies to think they can inﬂuence governments of poor countries

Address root causes as well as symptoms The oil industry in the Niger Delta faces serious security threats. It is one of the most dangerous oil-producing parts of the world. But the use of force against the militants, while in some cases unavoidable, may also exacerbate the problem.

Fight corruption Multinationals continue to prop up corrupt regimes and support the division of society by paying bribes overseas. In developing countries alone, politicians and officials are estimated to receive bribes of up to $40bn a year, according to Transparency International. Efforts to combat this problem on the bribe-payers side have stepped up in recent years. Strict penalties have left some companies red faced and others looking over their shoulders. Almost one in ﬁve businesses claim to have lost business as a result of a competitor paying a bribe, according to Transparency International, which indicates the scale of the problem. Tackling this problem should be high on every company’s to do list – bribery is bad for business and society at large. SR

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

GOVERNANCE [ ETHICS ][ COMPLIANCE ][ REPORTING ]

COMPLIANCE

End of the party? The new UK Bribery Act is a big deal. It’s a complex and far-reaching piece of law and if something goes wrong, the buck stops at board level. Read on for the top 10 ways to protect your organisation

“I

Key points 01: The main defence against the Act seems to be showing that you have done all you can to comply 02: The legislation outlaws ‘facilitation payments’. Make sure you have guidelines on gi s and hospitality 03: It is useful to have one person working independently within the company to ensure compliance with the Act 04: It is not just what goes on within your company that matters, but what people do on your behalf

T NEEDS TO BE ON THE STRATEGIC RISK REGISTER. It needs to be on the board’s radar. It will affect every sector, as well as the way some companies do business. The whole corporate hospitality sector will need to be rethought.” Consultancy Moore Stephens partner in governance, risk and assurance Robert Noye-Allen is clearly in no doubt about the Bribery Act’s potential impact. He continues: “The accountability structure is complex and board members could ﬁnd themselves prosecuted for something that went on without their direct knowledge.” In addition, the act is enigmatic and its precise scope is difficult to grasp, which means ensuring compliance will require real vigilance. “There’s a hell of a lot that’s still unclear. I think it’s a case that as and when court cases appear, we will learn more,” Noye-Allen says. Although no company can completely protect itself against an employee going rogue and paying a bribe, the main defence against the act seems to be showing that you have done all you can to comply. KPMG head of UK forensic practice Alex Plavsic says: “You need to ask yourself: do we have adequate controls on personnel? Do we have a positive culture on the ground? If you get those things right, that will go a long way towards dealing with the requirements of the act. “You need to show you have the right controls within your business’s culture. It’s no defence to say that something was the action of an individual. Instead, you need to be able to say: ‘Okay, employee X did this, but we have put in place everything we can reasonably be expected to do as a company to eliminate this kind of behaviour’.” “It’s not enough to not take part in bribery. You have to show that you’re not taking part,” agrees Rolls-Royce programme director for ABC Compliance Helen Humphreys. So what should you do?

Risk assessment First, establish where the high-risk areas are in your business. Plavsic says: “It’s important to do a proper risk assessment, as a lot of companies won’t be particularly affected, such as those that don’t work in high-risk environments, don’t deal with big contracts and don’t use third parties or agents to make deals.” Those companies that do should establish when, where and why problems have arisen in the past.

Create policies that comply with the act Make sure all relevant internal policies and procedures have compliance with the Act written through them like a stick of rock. In particular, the legislation outlaws small ‘facilitation payments’. You should also make sure you have clear guidelines on gifts and corporate hospitality.

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

“It comes down to transparency,” Noye-Allen says. “If you are offering corporate hospitality, you will need to be able to show proper process and ensure your intention is clearly set out. “People say to me: ‘We’re not doing anything improper; we’re just doing what everybody does. It’s normal to offer hospitality in our sector’. But they need to rethink. The effects of the act will be psychological – they will change the way people work.”

Lead from the top … The board must be on board. “Leadership is vital,” insists Plavsic. “If those at the top appear to be equivocal about the Bribery Act, then the people on the ground may be confused about any changes they need to make.” … and the middle It’s not just those at the top who need to understand the importance of compliance. Acceptance and understanding of the Act must be displayed throughout middle, regional and local management as well. “Ensuring consistency around the world is vital,” says RollsRoyce’s Humphreys, “as is making sure that best practice is effectively shared.”

Hire a ‘bribery czar’ It is useful to have one person working independently within the company to ensure compliance with the act – someone who has a clear line of communication with the board, if necessary.

Investigate agents and third parties Under the terms of the act, it’s not just about what goes on within the four walls of your company that matters, but what others do on your behalf. Plavsic says: “If you use agents or third parties, a key question to ask is: how much do you know about the people you do business with? Most companies will work with less than 50 others, so it isn’t too onerous to spend some time looking at them again. Contractually, you should have the right to audit to see where your money goes. If they have a bad reputation, terminate the contract.” It’s also worth remembering that reviewing contracts is in itself a way of demonstrating compliance.

Follow the money Companies will need to demonstrate that they have proper accounting in place to show how funds are used. “You need to make sure you have documentary proof of how all funds are

And any wrongdoing must be dealt with. “When it comes to disciplinary procedure, actions speak louder than words,” Plavsic says. “It’s not good enough just showing that you have procedures in place, you need to be able to show that you are taking action.”

Tell everyone what you are doing Finally, publicise what you’re doing. Increasingly, those looking at your company will want to see how you are dealing with the Act. “It’s important to show compliance to stakeholders and investors through the annual report,” Plavsic says. “There’s no obligation to do this, but it shows good governance is in place.” SR

LATEST

Shutterstock/Jaroslav74

Bribery Act delayed

Kick back: a crackdown on levels of corporate hospitality will change the way everyone works

signed off and that everyone adheres to that procedure,” Humphreys says.

Training for everyone, even the board Make sure everyone understands exactly how the Act has changed working practices and procedures. Document this process. “Training is vital for staff working in high-risk environments,” Plavsic says. “They need to experience the kind of face-to-face scenarios they will see on the ground. But everyone in the company needs to be offered e-training, even those working at a lower risk.”

Reporting wrongdoing Many companies already have an external whistleblowing service for employees to report wrongdoing. But it’s also essential to create a positive culture within the company to ensure employees feel comfortable using internal reporting channels.

Discipline “The board will need to go out with a zero-tolerance approach and a ﬁrm tone and message,” Noye-Allen says.

At the end of January, the UK government put the kibosh on the controversial Bribery Act, giving companies more time to prepare for the new rules. The Act was meant to come into force in April a er already being postponed once by justice minister Ken Clark. The Ministry of Justice (MoJ) said that this time the delay was down to them failing to publish guidance for companies. The MoJ said that it is “working on the guidance to make it practical and comprehensive” and that once it’s been published, there will be a three-month notice period before the Act actually takes effect, which means the rules won’t be enforced until May at the earliest. Anti-bribery groups expressed concern at the delay. The Organisation for Economic Co-operation and Development (OECD), one of Europe’s foremost anti-bribery lobbies, urged the UK to honour its commitment. “If the Act’s entry into force is delayed, more bribe payments would be governed by the current, much weaker law,” it said. Transparency International executive director Chandrashekhar Krishnan described the news as “disastrous” and lambasted the government for failing to prepare or conﬁrm a revised time frame. “This raises serious doubts about the credibility of the government’s commitment to the Bribery Act,” she said. Krishnan added that the delay would put companies that conduct their business ethically at a competitive disadvantage. It is a feeling shared by many businesses who are worried that they will be punished for offering hospitality to potential clients or making routine ‘facilitation payments’. The argument goes that companies bound by the Act will be forced to act at a competitive disadvantage when pitching for work overseas. JLT partner Kurt Rothmann said that the delay gives the government more time to provide “comprehensive and clear guidance”. He added: “There is currently no indication that the Act itself is likely to be amended, but rather that there will be more detailed guidance for businesses on how to comply with the Act and, perhaps of more relevance, how a prosecutor will react to certain levels of gi s or entertainment and facilitation payments.”

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

GOVERNANCE [ ETHICS ][ COMPLIANCE ][ REPORTING ]

RISK ATLAS HUMAN RIGHTS

Put the world to rights Recent research spells out the scale of human rights abuses worldwide – and the role of multinationals in ﬁghting against it

EOPLES’ UNDERSTANDING OF WHAT CONSTITUTES human rights is different around the world. But in no country is it acceptable for multinational organisations to treat people poorly just because they are poor. Among the UN’s standard deﬁnition of every human being’s entitlements are the right to life, liberty and security. No one should be subjected to degrading treatment and everyone has the right to recognition before the law. However, human rights abuses and poverty tend to be interrelated, as research by risk consultancy Maplecro shown here demonstrates.

Vulnerable areas The worst countries for human rights abuse tend to be the ones suffering from conﬂict or which have weak governance structures and a poor rule of law. Many multinationals have a footprint in these places either through partnerships, supply agreements or through direct operations. Child labour is a big problem, particularly in Bangladesh, India, Nigeria and Pakistan. The economic crisis has contributed to a worsening of the situation; as companies are squeezed, they squeeze the workforce harder. There’s also less chance of money being spent on improving the lot of the average worker. Responsible companies should introduce labour standards into their supply chains, regardless of whether it is a legal requirement to do so in that country. Risk managers must monitor the effectiveness of these programmes and ensure that the rules are being followed throughout an organisation’s supply chain, its operations and distribution networks. “Companies need to be more strategic and look at the long-term reputation risks,” argues Maplecro chief executive Alyson Warhurst, who is also a member of the UN Global Compact’s human rights working group. “No one likes poor working conditions. And the media will continue to expose companies that fall short.” SR

Democratic Republic of Congo The Democratic

1 Republic of Congo is in the grip of a long-running civil war. Civilians, targeted by both sides, are frequently killed, raped, arbitrarily arrested or pressed into forced labour. Ongoing violence in 2010 le nearly two million people displaced.

Somalia Somali people

2 continue to endure some of the world’s worst human rights violations. Hopes of peace a er the establishment of a new government in 2009 were dashed. The capital Mogadishu is wracked by warfare and much of the country is in the control of armed groups.

Pakistan The security situation 3 in Pakistan is worsening, and killings are a fact of life in most of the big cities. The government gained headway recently but lost momentum as it tried to deal with human rights issues.

Sudan Almost six years

4 a er a treaty ending

‘No one likes poor working conditions. The media will expose companies that fall short’ Alyson Warhurst Maplecro

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

21 years of civil war, Sudanese civilians are still enduring human rights violations and insecurity. Accountability for human rights abuses remains practically nonexistent.

Myanmar The ruling junta in

5 Myanmar

systematically denies citizens even basic freedoms, including freedom of expression, association and assembly. It regularly imprisons activists and human rights defenders.

Chad Chad is destabilised

6 by conﬂict with

neighbouring Sudan. Government forces have carried out extrajudicial killings of rebels, gender-based violence and have used child soldiers.

IN ASSOCIATION WITH

Rank Country

9 10

Score Category

DR Congo

extreme

Somalia

extreme

Pakistan

0.32

extreme

Sudan

0.33

extreme

Myanmar

0.41

extreme

Chad

0.44

extreme

Afghanistan

0.47

extreme

Zimbabwe

0.49

extreme

North Korea

0.86

extreme

China

1.05

extreme

5 6

4 2

Key 1

Extreme risk High risk Medium risk Low risk No data

Number of places China dropped in Maplecro ’s human rights index

2 Number of child labourers in India

Proportion of children in Africa who are ‘economically active’

55m

41%

[READ MORE ON-LINE] Download a PDF of this risk map at www.strategic-risk.eu or goo.gl/mJ8Lr

Source: Maplecro

SPOTLIGHT ON CHINA + +

BEIJING

XINJIANG UYGUR

+ + +

XIZANG

SICHUAN + +

+ JIANGSU + + +

+ +

GUANGDONG+ +

+ +

Increasing risk

+ + + + + +

+++ + ++ +

+ + + + + + + +

+ +

Economic zones

CHINA HAS FALLEN TWO PLACES IN MAPLECROFT’S HUMAN RIGHTS RISK ATLAS from eighth last year to 10th. Its poor ranking is a reﬂection of its dire performance in terms of freedom of speech, the press and religion, minority rights, judicial independence, and arbitrary arrest and detention. The country also ranks extremely badly for trafficking and forced labour. Labour rights violations, especially in the manufacturing and agricultural sectors, are commonplace in China due to weak and inconsistent enforcement of labour laws. Despite this, Maplecro chief executive Alyson Warhurst sees the situation improving in the next ﬁve years. The introduction of a labour contract law in 2008 is already enabling Chinese workers to demand improved pay and conditions. As the Chinese economy moves into a domestic-led growth phase, “amazing things” are happening, says Warhurst. “China is at a point of change.”

www.strategic-risk.eu [ MARCH 2011 ] StrategicRISK

Theory & Practice

[ INSIGHT ] [ CASE STUDIES ] [ BEST PRACTICE ]

RISK APPETITE

Risk strategies with more bite In the wake of the financial crisis, regulators are paying more attention to how businesses quantify the risk they undertake. What approaches are being taken across the profession? COMMON EXPRESSION IN THE financial world is risk appetite – the amount of risk an organisation is willing to take in pursuit of its objectives. But its application outside finance is “patchy”, says Wellcome Trust enterprise risk manager Richard Archer. UK risk management association Airmic adds: “Risk management remains a specific, difficult to apply, o en ill-defined and much debated topic.”

Theory There are several reasons for this. One of the main ones is that there’s not much agreement on the implications of exceeding

risk appetite, nor whether, having defined one, it will act as a strict ceiling on the size of risk the organisation takes on. Regardless of the fact that their risk appetites were likely to have been formally defined, in the run-up to the financial crisis, banks were clearly biting off more than they could chew. The size of their appetite had no bearing at all on how much risk they were gobbling up. In light of this, evidence suggests that regulators are now focusing much more attention on risk appetite and how it is linked to strategic decision making. “For the risk appetite concept to have teeth, it must be enforced by the board,”

istockphoto.com/creacart

FIVE THINGS YOU CAN DO

The human side of the risk equation Why taking a social scientiﬁc approach to risk management can help you see into the future more effectively David Hancock, head of risk management, London Underground

ISK, IN MY MIND, IS HEAVILY inﬂuenced by behavioural and psychological factors. Risk management involves the interaction of people and their ability to solve future problems. But our concept of risk is simply a perception of what might happen in the future. Compounding this is the fact that the future has yet to happen. Therefore there are a wide range of possible future states, greatly outnumbering the single actual state that will occur. This all contributes to risk being

an illusory concept that exists in the consciousness of individuals. The link between this concept and reality comes through the experience of actual harm, in the sense that human lives are lost, the environment is damaged, buildings collapse or value is eroded. Which all begs the question: why is the world of risk dominated by quantitative measurements and scientiﬁc fact rather than qualitative philosophy and social science?

Theory There are some inherent similarities between the concepts of risk and psychology. Psychology is deﬁned as

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

“the scientific study of the mind and behaviour of humans and animals”. Because of the practical problems of studying the mind directly, psychologists tend to concentrate on what is observable and measurable, including biological processes in the body. Risk is also a difficult concept to define and so we tend to study what is observable and measurable in terms of probability and consequence. It is well known among psychologists studying individual behaviours that those behaviours may become altered simply by the act of being studied. This was first demonstrated in a research project

at the Hawthorne Plant of the Western Electric Company in Illinois, US, in 1927. This research began by examining the psychological impact of physical and environmental changes in the workplace: brightness of light, humidity, breaks, working hours, leadership. The main ﬁnding of the study was that almost regardless of the intervention, the productivity of workers seemed to improve. One conclusion is that the workers were simply pleased to receive attention from the researchers. Similarly, in the case of risk management, the task of carrying out

KNOWLEDGE Revisions to the UK Corporate Governance Code In May 2010, the Financial Reporting Council published the UK Corporate Governance Code. It stated: “The board is responsible for determining the nature and extent of the signiﬁcant risks it is willing to take in achieving its strategic objectives.”

Archer says. “But it is easy to see how the risk appetite statement could be ignored if it conﬂicts with the chief executive’s preferred strategy. It is also possible to circumnavigate the risk policy by incorrectly downgrading risks or not allowing risks to be upgraded. “Another issue is that managers may favour palatable risk appetite statements over truthful risk appetite statements,” Archer adds. Both of these dirty tricks seem to have been systemic in the run-up to the ﬁnancial meltdown, which allowed risks to escalate out of control. There are other factors holding some companies back from adopting the risk appetite concept. Some might be concerned that the risk appetite statement will enter the public domain and be used against the company, explains Archer. “A national railway operator could expect some negative reaction if it stated explicitly that it was willing to accept any safety risk,” he says.

Practice Given all these issues, where is the value in the risk appetite concept? And is it actually worth the stress? Amlin head of risk management Alex Hindson believes it is. “It is core to how we manage risk in our business,” he says.

a risk workshop, concentrating on identified risks and developing mitigating actions means stakeholders become more aware of those known risks. This increased awareness also tends to assist in spotting the development of risks that have not been explicitly identified. The act of carrying out workshops has the potential to improve the risk profile of a project. This phenomenon explains why those risks against which financial contingency is placed during the early stages of a project tend not to be the areas where it is spent.

Here are some key points to remember if you are interested in applying a social scientiﬁc approach to risk management:

(without double counting) and evaluated correctly – which is a challenge. “We only quantify investment portfolio risks, which, due to their financial nature, are possible to quantify. Otherwise, we assess risk qualitatively. “The difficulties in estimating hard-toquantify risks, especially reputation risks, are a major barrier to developing holistic risk appetite statements. A er all, you can’t quantify the unquantifiable.” Hindson takes a slightly different approach. “We don’t quantify risk appetites specifically. These are high-level statements of risk preferences. Supporting appetites, we have specific measurable risk tolerances (the limits to which risks need to be controlled), which are set at group level and cascaded to each business and are what we hold risk owners to account for managing their risks within.” He is convinced of the benefits. “Risk appetite brings visibility and transparency of risk governance. We are also linking risk appetite to the allocation of capital and hence to business planning and return on equity considerations. “We want to understand whether we are being adequately rewarded for the risks we take, and understand the trade-offs and return on the risk taken.” SR

‘For the risk appetite concept to have teeth, it must be enforced by the board. But it could be ignored if it conflicts with the chief executive’s preferred strategy’ Richard Archer Wellcome Trust Risk appetite statements can be prepared with inherent (without controls) or residual (with controls) risk exposure limits, explains Archer. “Those who favour inherent risk exposure argue that it is a more conservative measure. Those who favour residual risk exposure argue that this is better as it is the level of risk actually faced.” Archer adds: “The risk appetite statement is only of value if the risk exposure is known. To produce an accurate estimate of the risk exposure, it is important that all significant risks are identified

THE PERCEPTION OF RISK VARIES FROM ONE INDIVIDUAL TO THE NEXT, EVEN UNDER THE SAME CONDITIONS Risk is illusory and the link between the mental concept and the real world only shows itself through actual harm. Therefore the range of risk possibilities is limitless and tends to be framed by an individual’s experience.

THE ROLE THAT DIALOGUE PLAYS IS OFTEN UNDERESTIMATED The personal dimension of risk means that allowing individuals, teams and stakeholders to explore and examine the problems analytically – under the guidance of a trained facilitator – can be very useful.

Science Photo Library

Practice

“We have a risk appetite framework based around six key risk categories: operational, strategic, insurance, market, credit and liquidity. This is linked to our risk management framework. Risk appetite is a key element linked to accountabilities of risk owners.”

KEEP AN OPEN MIND The ‘many possible futures’ aspect of risk means that we need to keep an open mind and avoid the pursuit of ﬁxed or predetermined solutions.

PSYCHOLOGY IS RELEVANT TO RISK MANAGEMENT There is a wealth of knowledge available in tools and methodologies

developed by social and behavioural scientists to uncover solutions to problems they have encountered. These can be of great assistance to risk managers, particularly when considering the qualitative and so er aspects of risk. At the same time, we must not ignore the use of evidence-based models and statistics but use them to inform and direct our decision making.

DON’T BE TOO PUSHY To be successful, facilitators of risk workshops need to take a neutral perspective and consciously avoid transferring their views and opinions to participants in seeking solutions. If they do, the resulting solution will be more tailored to the views of the person facilitating the session than of the team taking part. SR

www.strategic-risk.eu [ MARCH 2011 ] Strategic RISK

THEORY & PRACTICE [ INSIGHT ][ CASE STUDIES ][ BEST PRACTICE ]

PRODUCT RECALLS

How to minimise the drama of a crisis Product recalls are the stuff of commercial nightmare, but businesses can take several steps to handle the situation well rigorous testing processes at all stages of product development and production.

LEARN TO COMMUNICATE EFFECTIVELY WITH THE MEDIA AND ALL STAKEHOLDERS The media is quick to judge how a ﬁrm deals with a crisis, so managers must be able to communicate well with the media and other stakeholders. A properly prepared crisis management plan and an established recall management team are essential.

UROPEAN MANUFACTURERS MAY see product recalls as rare events but, says Zurich Global Corporate chief underwriting officer Patrick Amschwand, “Companies that don’t take it into account are in danger of not even living to regret it.”

Theory Changes to how goods are produced – outsourcing to countries such as China, the largest source of defective products – and stricter standards in developed markets have introduced more challenges. Recalls don’t just cost money, they can have a big impact on brand and reputation too. Handling a major recall well minimises its impact on costs and reputation. Here are some strategies that can be of value in minimising the likelihood of a recall:

COMPANIES MUST HAVE RIGOROUS CONTRACTUAL CONTROLS Contracts with suppliers ensure businesses can pass the risk back if a supplier’s components have caused the problem.

ALL GLOBAL PRODUCTION AREAS SHOULD HAVE CONSISTENT QUALITY AND CONTROL STANDARDS Organisations that push their suppliers to agree to very low prices might need to take more action on ensuring quality control, as those suppliers may try to cut corners.

COMPANIES SHOULD LIMIT BATCH SIZES AND IDENTIFY DEFECTIVE PRODUCTS SWIFTLY If companies reduce the quantities of products in each batch, they can identify affected products more easily and limit the impact. Efficient order and product tracking systems are equally essential.

Practice

GOOD RISK MANAGEMENT IS AN ESSENTIAL INGREDIENT This includes product safety controls, personnel training, auditing suppliers and [READ MORE ONLINE] For more on product recall risk management, download the Product Recall Executive Report at www.strategic-risk.eu

BUSINESSES SELLING DIRECT TO THE PUBLIC MAY BENEFIT FROM USING LOYALTY CARDS Sainsbury’s head of insurance and risk management Paul Howard says: “Loyalty card data can be valuable in identifying people who have bought a particular product, rather than relying on adverts and notiﬁcations.” SR

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

LESSONS IN LEADERSHIP

Chemicals leader gets the right reaction NOVA Chemicals risk management boss Joe Restoule shares the secrets of his professional success

FTER 10 YEARS WITH US INSURER STATE Farm, Joe Restoule was offered a position in the risk department at NOVA Chemicals. More than 20 years later, he’s still there, leading the risk management division. What’s the defining moment of your career? In 1992, NOVA had a significant pipeline failure, in which several million dollars worth of property was damaged. We had issues dealing with the public and their claims while managing our reputation and brand. The big lesson was that there is no insurance policy to rely on that can protect your reputation. How do you deal with conflict? Earning your spot at the table is a privilege, not a right. I would never say I’ve had conflict with the board, but I have had to deliver difficult messages. Don’t fight and compete with the business development people; make sure managers not only understand the rewards but also the risks. In an age of incredible accountability for the board, they are looking to be educated in risk management. I think it is a great opportunity for us. How can risk managers survive during cutbacks? We gather feedback forms to demonstrate the value we have added. The results are positive, which means it’s difficult for senior leaders to cut the service. NOVA’s risk management department is now seen as a significant contributor to the company’s performance. SR [READ MORE ONLINE] For more lessons in leadership from top risk professionals, visit www.strategic-risk.eu or goo.gl/rGpor and download the report, published by StrategicRISK for Airmic

Celebra te with Europe’s top risk ma na gement professionals

The St rate gi cR I S K Eu rope a n R is k Mana g e me nt A wa rd s 2011 are sponsore d by

The winners of the eighth annual StrategicRISK European Risk Management Awards will be announced as part of a networking lunch held at The Waldorf Hotel, London, on Wednesday 25 May 2011. MAKE SURE YOU ARE PART OF THIS PRESTIGIOUS EVENT Reserve your seat today and join our awards ﬁnalists, judges and risk management guests as we recognise those organisations and individuals who have demonstrated that they have gone the extra mile in 2010.

DATE

BOOK YOUR TABLE NOW

W E D N E S DAY 2 5 M AY 2 0 1 1

There are a limited number of places available. To book your place visit www.strategicrisk.co.uk/awards2011 or contact Katherine Ball on +44 (0)20 7618 3492 | katherine.ball@nqsm.com COST OF ATTENDING Single place: £150.00 + VAT Table of 10: £1,400.00 +VAT

TIM E 12:00PM

V EN U E THE WALDORF HOT E L , LO N D O N

W W W.STR AT E G ICR I S K. CO . U K/AWAR DS 2 0 1 1 Have you been selected as a ﬁnalist? Visit www.strategicrisk.co.uk/awards 2011 on 4 March to ﬁnd out who has made the shortlist for this year’s awards

VIEWPOINTS [ PEOPLE ][ OPINION ][ COMMUNITY ]

WHAT’S INSIDE YOUR HEAD?

Headspace Amlin’s Alex Hindson guides us through his life, loves, hopes and fears, by way of 18th century logistical planning and the joys of looking for effluent leaks in France

that handled hydrofluoric acid – which if spilled on your skin will kill you by reacting with the calcium in your bones. One night shift, we realised we had a serious leak and there were only two of us there. I had to get into a protective suit and breathing apparatus and help the plant operator fix the leaking pump. A risk I chose to take was moving from a corporate risk management role to a financial services role in 2009. I put together a risk-mitigation plan and after 18 months things look positive. It’s important for risk professionals to know what it feels like to take and manage personal risk. What is the worst job you’ve ever done? My first work placement, at a French petrochemical plant, involved an eight-week survey looking for hydrocarbon leaks in the effluent system. Given my interest in the environment, the operators nicknamed me “grin de piss” (as in Greenpeace).

What are you thinking about right now? How did I get myself into this situation? Enthusiasm probably. What is your greatest fear? Having the type of job that is the same every day. Groundhog day. What was your most embarrassing moment? Chairing a student union general meeting after the miners’ strike. Tempers were raised, the PA system failed and there was no way of controlling the meeting of 500 people. Where was my contingency plan? What is your most treasured possession? The Commander of the Order of St Michael and St George medal awarded to my father for his work in managing the construction of a major steel factory. What makes you happy? Playing ﬁendishly tactical board games with my children, ideally while holding a cold glass of white wine. What makes you unhappy? Bureaucracy, particularly of a short-sighted compliance type that gives risk management a really bad name.

Richard Phipps

Who is your hero? The Duke of Marlborough, Britain’s greatest general. He lived through the reigns of five monarchs and led a coalition army against the French and Austrians at the Battle of Blenheim in 1704. He marched an army from the Netherlands to Austria, which required not just military skills but also an understanding of logistics and Grand Alliance politics. He was far from perfect, but definitely unique. What’s the biggest risk you’ve taken? There are two answers to this: the risks I chose and the ones thrust upon me. One that was thrust upon me was during my first role at ICI. It involved commissioning a chemical plant

StrategicRISK [ MARCH 2011 ] www.strategic-risk.eu

What is your greatest achievement? At 28, managing a team of 35 operators, technicians and engineers through the commissioning of a multimillionpound chemical plant. Most things that could go wrong did go wrong, but we generally had a recovery plan. It was challenging technically, managerially and personally. And as I only task-managed rather than line-managed most of the team, my inﬂuencing ‘It’s important to skills were also tested. About that know what it feels time my daughter like to take and was born too, contributed manage personal risk’ which to the challenge. What is the most important lesson you’ve learned? Don’t worry – the worst might happen, but worrying about it never helps. Either do something about it, or relax and prepare to react. Tell us a secret? I can only multiply and divide in French. I am half-French and went to the French Lycée in London and was taught in French until I was 14. It is hard to unlearn French mathematics. SR Alex Hindson is head of group risk at Amlin and chairman of the Institute of Risk Management

AT JLT SPECIALTY LIMITED WE DON’T RELY ON OFF-THE-SHELF SOLUTIONS We take time to listen and engage with clients, markets and colleagues so that we can understand aims and objectives, put strategies in place and successfully deliver them. To learn more about our services email tony_tyler@jltgroup.com or call +44 (0)20 7528 4133

JLT Specialty Limited. Lloyd’s Broker. Authorised and Regulated by the Financial Services Authority. A member of the Jardine Lloyd Thompson Group. Registered Office: 6 Crutched Friars, London EC3N 2PH. Registered in England No. 01536540. VAT No. 244 2321 96. www.jltgroup.com.

a n i h C h ut o S ts i n i n u n o y r o to c a f , s “A typh e n i l r e ow p a d f e o k r c e e r e w ar c e h t ’ ’ n and o d n o L n i r e g a n a m risk A typhoon doesn’t just wreck buildings, it destroys production targets, goodwill and reputations. That’s why FM Global believes that the best insurance is the kind you never need. So, we don’t just insure, we help you to prevent. At our US $123 million research centre, we test just how well your buildings will stand up to a typhoon. We visit critical sites in your supply chain to make sure they’re structurally sound. And we work with you on a long-term strategy to lower risk. In short, we don’t just help to secure your roof, we help secure your future. For more information visit www.fmglobal.co.uk/touchpoints, speak to your FM Global representative, or contact your broker.

Secure the value you create