StrategicRISK by Nathan Skinner

CELEBRATING 10 YEARS 2000–2010

Strategic RISK LATEST RISK AND CORPORATE GOVERNANCE SOLUTIONS

The spies came out

Industrial espionage has entered a new era. Are you ready for it?

Plus _ Analysing the Yemeni terrorist threat _ Learning from British Airways’ risk managers _ Growth opportunities and political risks in Africa _ Lessons from Hungary’s toxic ﬂood _ A proﬁle of insurance in the Gulf states

www.strategicrisk.co.uk

JANUARY 2011

Alongside you in corporate business At Aviva we write insurance for thousands of corporate businesses, from retail to construction, professional services to transport. As one of the UK’s largest and most stable insurers, we can offer world-class expertise in your sector, coupled with all the support you need at a local level and the long-term commitment you deserve.

Our appetite for the business is extensive and we’re keen to work with you. To find the Aviva cover that’s right for you, talk to your broker. Or simply find a broker at www.aviva.co.uk/corporate-risk

We’re in business to keep you in business

Aviva Insurance UK Limited. Registered in England No. 99122. Registered office: 8 Surrey Street, Norwich NR1 3NG. Authorised and regulated by the Financial Services Authority.

LEADER

Battling cyber assaults Any large organisation that relies on the internet or digital communications and isn’t investing in its electronic defences is living on borrowed time

As StrategicRISK was going to press, the founder of the whistleblowing website WikiLeaks, Julian Assange, was handing himself over to police on Swedish sex crime charges. Assange’s reputation is under attack, just as the organisation he founded is responsible for assaulting the reputation of the US government, among others. The publication of 250,000 classiﬁed diplomatic cables by WikiLeaks at the end of November is unprecedented in the history of journalism. It shows just how much our world has changed. It would have been unimaginable 10 or 20 years ago for so many top-secret documents to appear overnight in the public domain, available for anyone to download. The message for large organisations is that you can’t always expect electronic information to remain secret forever. And there’s another side to this story too. Faced with a barrage of electronic (or cyber) attacks, WikiLeaks has been forced to move the location of its website and change the way it transmits some of its leaked documents. The suggestion is that international agencies are attempting to shut the website down through cyber assault. The lesson here is about the sophistication, anonymity and power that hackers now wield in the electronic economy. Any large organisation that relies on the internet or digital communications and isn’t investing in its electronic defences is living on borrowed time. We’ve explored these and many other issues in much more depth in this month’s StrategicRISK. On

page 24, you can read how cyber spies are digging for secret information that they can exploit. Terrorists operating from the Arabian Peninsula are taking the limelight, with a sophisticated plot to blow up transatlantic airliners with bombs disguised in printer cartridges. Turn to page 32 to see what our analyst thinks about the threat. Speaking of aviation risks, in our latest risk manager proﬁle we’ve investigated BA’s risk systems and asked what other industries can learn from an inherently risky but incredibly well risk-managed industry (see page 20).

StrategicRISK

European Risk Management Awards That time has arrived once again. StrategicRISK is accepting entries for the European Risk Management Awards. We hope you’ll find the time to visit our website www.strategicrisk.co.uk/digital/srawards2011 and complete our short 10-question entry form. If you win, you stand to receive a well-deserved profile boost, plus it’s a great way to build confidence with your stakeholders, team morale and to recognise achievements. You can also nominate a client or colleague, which is just a nice thing to do. StrategicRISK is delighted to be able to support, recognise and reward the risk management industry’s achievements. We think it’s more important now than ever. Nathan Skinner, editor, StrategicRISK

ISSUE 67 JANUARY 2011 www.strategicrisk.co.uk Editor Nathan Skinner Editor-in-chief Sue Copeman Market analyst Andrew Leslie Group production editor Áine Kelly Deputy chief sub-editor Laura Sharp Business development manager Donna Penfold +44 (0)20 7618 3426 Production designer Nikki Easton Group production manager Tricia McBride Senior production controller Gareth Kime Head of events Debbie Kidman Events logistics manager Elizabeth Copeman Publisher William Sanders +44 (0)20 7618 3452 Managing director Tim Whitehouse To email anyone at Newsquest Specialist Media please use the following: ﬁrstname.surname@newsquestspecialistmedia.com

ISSN 1470-8167 Published by Newsquest Specialist Media Ltd 30 Cannon Street, London EC4M 6YJ tel: fax:

+44 (0)20 7618 3456 +44 (0)20 7618 3420 (editorial) +44 (0)20 7618 3400 (advertising) email: strategic.risk@newsquestspecialistmedia.com StrategicRISK is published six times a year by Newsquest Specialist Media Ltd., and produced in association with Airmic (the Association of Insurance and Risk Managers). The mission of StrategicRISK is to deliver the latest risk and corporate governance solutions to key decision-takers in UK and European companies. StrategicRISK is BPA audited with a net average circulation of 11,051.

For all subscription enquiries please contact: CDS Global, Tower House, Lathkill Street, Sovereign Park, Market Harborough, Leicestershire LE16 9HF tel: +44 (0)845 313 7557 email: newsquest@subscription.co.uk Annual subscription (incl P&P) £190 €295 $365 Two-year subscription £323 €499 $620 Three-year subscription £427 €663 $821 Printed by Headley Brothers Ltd © Newsquest Specialist Media Ltd 2010 Individual views are not necessarily those of the publisher or of Airmic.

Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

CONTENTS

January 2011

36 100m

Floating ring

0.3m 1 Wave raises the water level inside the sink 200m

2 Gravity then pulls the water down through a tube

A runway success

REGULARS

Yemen’s terrorist threats

The device that cools hurricanes

FEATURES

1 LEADER The ﬁght against cyber attacks 4 RISK NEWS Best of the web 6 RISK INDICATOR Malware; the worst countries for bribery; and Somali pirates

20 ‘THINGS GO WRONG’ The risk bosses at British Airways on

The Salter Sink device could take the wind

being prepared for (just about) anything

out of devastating hurricanes’ sails

24 COVER STORY KNOW YOUR ENEMY Can you defend against the silent threat of

8 NEWS ANALYSIS

36 THAT SINKING FEELING

37 AHEAD OF THE GAME What cricket’s match-ﬁxing controversy can tell us about employee misconduct

cyber spying?

38 ENGULFED

Toxic sludge; national security fears; the EU’s sat-nav project; and the WikiLeaks saga

28 AVATAR ECONOMY Money laundering in a virtual world

The impact of the Gulf of Mexico oil catastrophe on BP’s captive Jupiter

16 RISK REGISTER Protecting against the next ecological disaster

18 PEOPLE & OPINION

32 RAISING THE STAKES

40 ARABIAN SIGHTS

The growing proﬁle of al-Qaeda group

Do the Gulf states have what it takes to

AQAP brings ever-greater terrorist fears

establish as captive domiciles?

Doing business in Africa; corporate manslaughter; and when risk gets wicked

44 AIRMIC PORTFOLIO

34 GOING UNDER?

43 THE ITALIAN JOB

Climate-related events threaten to sabotage

Italian companies must be convinced of the

emerging economies’ efforts to grow

value of risk management, says ANRA

StrategicRISK Awards 2011 OPEN FOR ENTRIES Turn to page 29 or go to www.strategicrisk.co.uk/digital/srawards2011 for more details 2

Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

RISK NEWS The latest business round-up

For more news go to www.strategicrisk.co.uk

Best of the web TOP

3 | Latest Facebook security worries

E SS E NTIAL ON LI N E STO R I E S

6 3

1 | Rise in disability benefit seekers predicted The economic downturn will likely lead to a rise in the number of people on disability benefit, according to a new OECD report. The report claims that governments should reform their sickness and disability benefit systems in order to help people get back to work and reduce the burden on public finances. OECD secretary-general Angel Gurria said: “Countries need to speed up their reforms to help people with a disability to find a job.” Once people move onto disability benefit, they almost never leave it for a job, according to the report. Mental health issues are becoming the main cause of people claiming disability benefit, with up to one-third of all new disability benefit claims over the past 15 years being due to a mental health condition. goo.gl/PDKj9

10% The propertion of public social spending disability beneﬁts represent in most OECD countries.

of the working-age population claim disability beneﬁt.

2 | Cargo theft warning Cargo theft poses “a real and rising threat” to the economy and national security of the USA, the FBI has reported. Criminal groups targeting cargo have become more organised and more violent over the past few years, causing losses from thefts to increase. The exact dollar losses due to cargo theft are unknown, as companies often fail to report such crimes in order to avoid bad publicity and higher insurance rates. However, industry experts estimate the losses to be up to $30bn (€22.66bn) per year. According to the FBI, current high-value favourites being resold on the black market include: cigarettes, pharmaceuticals, computer and other electronic components. goo.gl/NBJFl

Facebook’s new messaging system may have serious security implications, experts have warned. The social networking site’s new system brings together instant messaging chat, Facebook messages and SMS, with many fearing that hacked accounts could be used to create web 2.0 botnets. “Facebook accounts will now be linked with many more people in the users’ social circles, opening up new opportunities for identity fraudsters to launch attacks,” internet security ﬁrm Sophos said. Spam – including ‘malware lures’ and survey scams – can be sent across Facebook using compromised accounts, with users more likely to trust links sent from Facebook friends. Facebook is the world’s most famous social networking site, with over 500 million users online, and is increasingly utilised by companies. It has been reported that 54% of businesses have already banned Facebook usage during working hours. Follow the link for a guide on how to deal with threats posed by Facebook’s new messaging system. goo.gl/gQTnc

4 | Open trade is key to growth More open trade and well-designed employment policies are the key to supporting growth, according to a joint report presented to leaders at the G20 summit in Seoul on 11-12 November this year. The report argued that more open trade can “provide stimulus for the world economy” at a time when many temporary stimulus measures taken during the crisis are being unwound. The organisations behind the report argue that governments must resist protectionism in order to tackle the high unemployment rates persisting in many countries, in addition to contributing to economic recovery. In order to avoid protectionism and adjust to free trade, countries need new education and trade policies to help workers who risk losing their jobs due to increased international competition. An open market allows countries to free themselves from the constraints of their local economies, promote greater efﬁciency and help develop and spread technological progress, added the OECD. goo.gl/yqUrr

ONLINE CONTENTS MOST READ

ONLINE ANALYSIS

www.strategicrisk.co.uk

WEB-ONLY ANALYSIS FROM STRATEGICRISK

Q Infographic: Hungary toxic spill Q Skills to see off a crisis Q The world’s most (and least) corrupt countries Q Yemen terrorists prepare for more attacks Q Cyberspace is the ﬁfth battleground 4

Strategic RISK JANUARY 2011 |

THE HEAT IS ON Planet Earth faces a new threat as severe space storms are predicted to hit us over the next few years. During an 11-year solar cycle, the sun reaches an energy peak, whereby it produces more powerful solar

www.strategicrisk.co.uk

ﬂares, which affect the magnetic ﬁelds surrounding our planet. The next peak is due to hit between 2012-15 and is expected to be the most violent ever recorded, said Lloyd’s in new research. And our over-reliance on technology means that the effect of a solar storm could be much worse than ever before. Continues online … goo.gl/WodhR

GLOBAL JIHAD UPDATE Exclusive Analysis released its ‘Global Jihad Quarterly Update’, which provides an overview of key trends in global terrorism affecting international companies and organisations. US drone strikes have taken a heavy toll on Pakistan-based al-Qaeda leaders. However, Yemen-based al-Qaeda in the Arabian Peninsula (AQAP) is increasingly

The latest business round-up RISK NEWS

For more news go to www.strategicrisk.co.uk

5 | Obesity threat in developing countries Obesity levels are increasing in developing countries, according to the OECD. Obesity is a signiﬁcant problem for developed OECD countries, where around half of the population is overweight, and one in six is obese. However, developing countries also face this threat, though are not as equipped to tackle obesity-induced health issues, such as diabetes and cardiac disease. Russia, South Africa and Brazil were found to have similar levels of overweight adults to the OECD average of 50%, while roughly 70% of Mexican adults were reported as being either overweight or obese. goo.gl/g14zk

9 | China, Australia top water stress index

7 | Armenian cyber criminal nabbed The suspected mastermind behind a virus that infected 30 million computers worldwide has been arrested in Armenia, the Dutch National Crime Squad has said. The 27-year-old alleged hacker was arrested in Yerevan international airport. Bredolab botnets, named after the notorious Bredolab criminal network, are reportedly utilised by criminals to distribute spam and viruses – and have infected millions of computers since its inception in 2009. Back-door Trojans like these enable hackers to secretly access computers, modify ﬁles, and run programmes – with the potential of stealing conﬁdential data. goo.gl/3dgYz

6 | US workers’ ‘comp’ is getting cheaper Data published by the state of Oregon shows in which parts of the USA employers pay the most for workers’ compensation. The average cost of workers compensation has dropped 10% since 2008. The most expensive states $1.50-$2.49 Under $1.50 $2.50-$3.49 are Montana, Alaska, Illinois, per $100 of payroll per $100 of payroll per $100 of pay Oklahoma and California. North Dakota, Indiana, Arkansas, the District of Columbia, Virginia and Colorado are the cheapest. goo.gl/d1b0P

taking on more of the core overseas attack-planning functions, claimed Exclusive Analysis. Meanwhile, al-Qaeda in the Islamic Maghreb (AQIM) claimed responsibility for the kidnapping of seven mining employees in Niger on 16 September 2010. Continues online … goo.gl/hvXhp

INFOGRAPHIC: RISK MAP Control Risks released its annual Risk Map that analyses the critical risks facing multinationals in the year ahead. The 2011 report predicts increasingly aggressive anti-corruption enforcement by authorities in the USA (who use entrapment) and the UK when the

8 | Businesses unprepared for social media risks A third of companies are unprepared to deal with threats stemming from social media, according to an annual poll by Weber Shandwick and Spencer Stuart. Thirtyfour percent also said they suffered a reputation threat due to social media over the last year. Yet with over 50%of companies identifying social networking as tomorrow’s most valuable communication device, Spencer Stuart warned companies that they need to be prepared. Earlier this year, Coca-Cola was forced to withdraw a Dr Pepper advertising campaign on Facebook after its allusions to pornographic movies drew complaints. goo.gl/B8iEp

Huge areas of the USA, Australia, India and China are at ‘extreme risk’ from water stress, new research has revealed. Areas in many developed countries are at ‘high risk’ of water stress as demand often exceeds 80% of total renewable water resources. The Water Stress Index, developed by Maplecroft, is calculated using the ratio of a country’s total water use against the renewable supply of water. The worst-affected countries, at ‘extreme risk’, include those in the Middle East and northern Africa, such as Egypt, Kuwait and the UAE. Of particular concern is competing user demand for surface and ground water from agricultural, domestic, industrial and mining sectors. Plans to transfer water from the south of China, where water is plentiful, to Shanghai and Beijing, where the demand for water exceeds supply, have been proposed to combat this. Parts of south-west USA also face these dangers because ground water is consumed at a faster rate than it is replenished, noted Maplecroft. goo.gl/3mFCa

10 | Consumers want stricter data rules Consumers in the UK want tougher penalties for organisations that lose customer data, according to research results released by LogRhythm. In a poll of 5,000 consumers, four out of five felt that companies should be subjected to a US-style breach disclosure law, compelling them to publicly declare data loss incidents. The research stated that 70% of consumers believe more prescriptive regulations need to be put in place, and many think that punishments should be tougher, for example large fines, or even being subject to criminal proceedings. Europe has recently shown support for wide-ranging reform of data protection laws, including the execution of mandatory data breach notifications. The research suggests that the public strongly supports these moves. Vice-president and managing director of international markets at LogRhythm, Ross Brewer, said: “There is now a common desire to see definite steps taken to force organisations to clean up their act.” goo.gl/EOAOc

Bribery Act comes into effect next spring—it is described by Control Risks as the US regime “on steroids”. Other key risks to manage are a reordering of geopolitical inﬂuence and intensifying urbanisation in emerging markets. Go online to access the report and more analysis. goo.gl/GbrjX Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

RISK INDICATOR

POLITICAL RISK

STUXNET WORM

Five states to watch The political risk landscape in parts of Africa and Asia is set to shift fundamentally over the next 12 months, creating major political and economic changes, according to a new analysis. The ﬁve countries most likely to experience ‘acute political upheaval’ or be transformed from underachievers into signiﬁcant regional players in 2011 are Iraq, Nigeria, Pakistan, Sudan and Turkey, according to Control Risks. Investors should monitor closely the political risk landscape in each country, it added.

1 2 3

IRAQ A new government that was formed in n November 2010 could, for instance, be the start of Iraq’s long road to political and economic recovery. The urgent task, according to Control Risks, is for Iraq to integrate Sunnis into the state apparatus and deﬁne relations with the Kurds, as well as overhauling the country’s oil laws.

NIGERIA Elections in Nigeria in April 2010 will be hugely important for its future, Control Risks noted. President Goodluck Jonathan is the most likely winner, and pressing matters for him include overhauling the country’s oil industry laws and reconciling grievances with the Niger Delta insurgents. Control Risks also warned that parts of the country will experience violence during the election campaign.

SUDAN

It infects PCs that use Microsoft’s Windows operating system through the USB drive The worm then searches the computer for specific Siemens software that controls industrial components

If it cannot detect the software, it spreads to another computer in a company’s internal network and searches there

Once the virus finds the Siemens software, it can then send new instructions to industrial machines. For example, the virus can disrupt temperature monitors or pressure gauges

Source: Financial Times

What is Stuxnet and how does it work? Stuxnet represents a significant leap forward in malware (malicious software) by the fact that it specifically attacks software used in industrial infrastructure. Writing in the Observer newspaper, John Naughton provided a handy run-down of the Stuxnet worm, a computer virus that disrupted nuclear facilities in Iran in October. The virus spreads mainly via infected USB sticks. Once it infects a machine, it spreads to others on the network until it finds and attacks Siemens software, usually found in industrial operations. As well as reportedly infecting controllers at Iran’s Bushehr nuclear facility, there are rumours that Stuxnet may have caused the failure of India’s INSAT-4B satellite in July. It is likely that Stuxnet is the work of a state agency because its sophistication suggests it would take several highly qualifi ed programmers six months to create.

INTERNET CRIME

Worst places for online crime $559.7

YEARLY DOLLAR LOSS ($M) OF REFERRED COMPLAINTS

A referendum in January 2011 will likely lead to southern Sudan seceding, but many uncertainties remain, continued Control Risks. “A return to conﬂict is highly possible. If so, the impact could be felt well beyond Sudan’s borders,” it warned.

$125.6 $17.8 2001

$54.0 2002

2003

$264.6 $239.1 $183.1 $198.4 $68.1 2004

2005

2006

2007

2008 2009

PAKISTAN Plagued by natural disasters, insurgency, ency, terrorism, poverty, corruption and religious extremism, Pakistan is a nation on the brink. But with international troops looking to start pulling out of Afghanistan in 2011, investors will want to watch the political and security risk outlook even more closely, Control Risks warns.

TURKEY Finally, Turkey will consolidate itss role as the rising power of the ‘Near East’ in 2011, Control Risks predicted. It will also become an increasingly important interlocutor between the West and volatile regional neighbours, such as Syria and Iran.

TOP 10 COUNTRIES FOR INTERNET CRIME COMPLAINTS 1 USA 6 Ghana 2 UK 7 South Africa 3 Nigeria 8 Spain 4 Canada 9 Cameroon 5 Malaysia 10 Australia

Internet crime comes in many forms (including credit card fraud, computer intrusions, spam or unsolicited email, and child pornography), but it is all logged by the US-based Internet Crime Complaint Centre. The results from its 2009 analysis showed a 22% jump in complaints received and the value of losses, which leapt from $264.6m (€199.7m) in 2008 to $559.7m in 2009. Source: Internet Crime Complaint Centre, 2009 Internet Crime Report

Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

RISK INDICATOR

SOUNDBITES

BRIBERY

Reuters

Corruption continues to plague ﬂedgling states, hampering their efforts to build and strengthen institutions, protect human rights and improve livelihoods, says Transparency International (TI). The results of TI’s 2010 corruption perception index show that corruption thrives in instable governments or countries with a history of conﬂict. Africa, the Middle East and Asia are the worst offenders. “Allowing corruption to continue is unacceptable; too many poor and vulnerable people continue to suffer its consequences around the world,” said TI chairman Huguette Labelle. “We need to see more enforcement of existing rules and laws. There should be nowhere to hide for the corrupt or their money.”

“

Somalia

2 Myanmar 3 Afghanistan 5 Uzbekistan 6 Turkmenistan Sudan

8 Chad 9 Burundi 10 Equatorial Guinea

“

Julian Assange [the founder of WikiLeaks] may be directing his efforts at the United States but he is placing the interests of many countries and regions at risk. This is irresponsible

PIRACY

YEMEN DJIBOUTI

GULF OF ADEN

”

Reuters

Somali pirates have intensified attacks away from their own coast, hijacking a chemical tanker in the Red Sea in October. The infographic opposite shows the sites of ship hijackings in the busy Gulf of Aden shipping lanes this past year. Somali pirates were responsible for the 289 piracy incidents on the world’s seas in the first nine months of 2010, according to the International Maritime Bureau. In the nine months to October, the world’s pirates boarded 128 vessels and fired on 52. A total of 70 vessels reported thwarting attacks.

YEMEN ERITREA

Philip Crowley, US assistant secretary of state, condemns the Wikileaks publication of Washington’s 2008 list of key infrastructure and resources overseas. Several underwater pipelines are listed in Japan, China and Britain, while Indonesia is ﬂagged up for its tin mines and Iraq for its oil.

Reuters

Pirates extend reach

“

SOMALIA

ETHIOPIA

INDIAN OCEAN KENYA

Reuters

Mogadishu

Suspected Somali pirates sit in the dock inside the law court in Mombasa

Major shipping lanes

Position of hijacked ships

75 150

Where we have concerns, we do take action

”

Britain’s foreign minister, William Hague, defends his government’s decision to arrest a 25-year-old Russian parliamentary aide over concerns she may have been engaged in spying.

300 km

Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

Sources: Financial Times, BBC, The Times, BBC

Source: Transparency International’s 2010 Corruption Perceptions Index

”

Health and Safety Executive inspector Gillian Rodaks says workers on a North Sea drilling rig were at risk of exposure to radiation. Schlumberger Oilﬁeld was ﬁned £300,000 (€360,000) after it admitted breaching health and safety laws.

4 Iraq

Olivier Metzner, a lawyer for the US airline Continental, denounces a verdict that found his client guilty of negligence after Concorde crashed in 2000, killing over 100 people. The Concorde hit a titanium strip that had fallen off a Continental DC-10 jet minutes before. The strip burst one of the Concorde tyres and the debris punched a hole in the aircraft’s wing fuel tank.

Had someone held it, even just for a few minutes, they would have received a signiﬁcant radiation dose

TOP 10 WORST COUNTRIES FOR BRIBERY 1

“ ”

It only protects French interests

No place to hide

NEWS ANALYSIS by Sue Copeman

For more analysis go to www.strategicrisk.co.uk

What we can learn from the toxic Åood In French, Italian and Spanish, the word ‘mal’ signifies something really bad. ‘Evil’, ‘harm’, ‘disease’ and ‘wrongdoing’ are just some of the definitions. The bosses of MAL Hungarian Aluminium Production and Trade Company may well regard this as an omen, following what has to be Hungary’s worst environmental disaster. A toxic flood, following a dam bursting at the holding lake of one of the country’s aluminium processing plants, devastated eight villages, killing at least eight people and injuring about 150. MAL has now come under state ownership and managing director Zoltan Bakonyi has been detained under suspicion of endangering lives and the environment. However, holding Bakonyi under preventive custody could also be regarded as a move to protect him against public anger, which is rife – particularly as he comes from one of the three rich Hungarian families that owned the plant. These owners can expect fines of up to €73m if they are found guility of negligence. Most corporate risk management processes involve identifying, analysing, planning for and managing risks. However, there are some risks that, if they occur, are just going to be too devastating, widespread and fast-moving for a single company – or even a government – to control. They come under the category ‘prevent or else’: a category that may not be found on the typical risk analysis charts of many corporations. Even if it is, cost pressures may limit the amount of capital devoted to risk prevention.

Reuters

Prevention over cure Hungary’s disaster could well prove to be Europe’s wake-up call regarding prevention of industrial accidents. As Polish freelance risk manager and former president of risk management association Polrisk Rafal Rudnicki stresses, mitigation measures with a disaster on this scale does not provide an

The ﬂood of toxic red sludge created by a dam bursting at the holding lake of one of MAL Hungarian Aluminium Production and Trade Company’s processing plants

effective answer. “Once a ﬂow like this starts, there is no easy way to stop it, even with the intervention of government and its resources,” he says. Reports suggest that MAL had no emergency plans. While Rudnicki concedes that these are essential, he points out that prevention should be the focus. “It is important to know the underlying cause of this disaster. Heavy rainfall has been the main driving force but, with the effects of climate change, irregular weather and rainfall can be expected more frequently, so that’s not really an excuse,” he says.

‘It is important to know the underlying cause of this disaster. Heavy rainfall … is not really an excuse’ Rafal Rudnicki There could well be underlying causes relating to construction, maintenance and inspections. Reportedly, a company spokesman said that an inspection just two weeks before the disaster revealed nothing wrong. Rudnicki suggests that this does not show the construction was sound but that the inspection was not carried out properly or was not looking at the right things. Studies of similar disasters elsewhere show that the underlying causes tend to be associated with bad maintenance, corrosion or faulty repairs of cracks. Perhaps this is the problem for central and eastern European (CEE) countries such as

Hungary, where money for safety protection is scarce. Rudnicki points out that MAL operates in a sector that has been under signiﬁcant cost pressures in recent years, particularly in respect of nonprivatised operations. In an industry that consumes a great deal of power, costs have escalated and some CEE companies have had to close part of their operations as a result. For those that continue, shortage of capital may well result in a lack of investment in protection measures.

Tighten up Rudnicki also stresses that there is a place not only for sensible risk management but also for very strict regulation, applying pressure to comply with EU environmental and safety directives. And there is no doubt some EU members have been slow in ensuring compliance with requirements. The European Commission recently asked Spain to comply with a ruling by the European Court of Justice on emergency planning for major industrial accidents. In March, the court found that Spain was failing to implement the Seveso Directive, legislation that obliges member states to draw up emergency plans to cover major accidents involving dangerous substances. The commission is concerned that six months on, no such plans exist for 24 potentially dangerous industrial installations. If the Spanish authorities do not take the required action, they may be subject to ﬁnancial penalties. It is imperative for governments in Europe to double-check their plants. A disaster such as that in Hungary is not just a corporate problem but becomes a national one – maybe even an international one. Rudnicki concludes that once the underlying causes of the MAL disaster are established, all CEE governments will be looking at their own plants to ensure there is no duplication of similar malfunctions. Q Sue Copeman is editor-in-chief of StrategicRISK READ MORE ONLINE

For satellite images that show the damage caused by Hungary’s toxic ﬂood, go to strategicrisk.co.uk

goo.gl/znHZP

Different views, different risks: We help you put it all together.

Different clients face different challenges. We at Allianz Global Corporate & Specialty work in partnership with our clients to develop the tailored cover they need â&#x20AC;&#x201C; whatever the challenge. Find out why we are the choice of so many Fortune Global 500ÂŽ companies, and discover a partnership you can rely on. www.agcs.allianz.com

Allianz is a registered trademark of Allianz SE, Germany. Allianz SE is the parent company of entities around the world. The range of services in different markets may vary.

NEWS ANALYSIS by Andrew Leslie

For more analysis go to www.strategicrisk.co.uk

Early bird gets the worm In places, the UK government’s National Security Review (NSR), published in October, reads more like the annual report of a board of directors whose predecessors have been sacked en masse. Eager to get the company turned around, the new board wastes no time in throwing the blame for past failures on the previous administration, and presents a picture of renewed energy, better decision making and better value for money. This is as one might expect, but the government’s perceptions of the threats facing the country, and their proposed countermeasures, have serious implications for risk managers – especially since the NSR has used classic risk management methodology to conduct its risk assessment. The risks are split into three tiers, which take into account probability and impact. Terrorism remains at the top of the list. The NSR recognises that in the nine years since 9/11, an under-pressure al-Qaeda has been changing its operating methods, not only by seeking havens in failed states such as Somalia, but by encouraging individual ‘untrained’ adherents in western countries. “Such lone terrorists,” says the review, “are inherently unpredictable and their plots difﬁcult to detect.” The NSR also re-emphasises al-Qaeda’s desire to acquire chemical/biological/nuclear capability. In the absence of serious terrorist incidents directed at organisations, risk managers may have become complacent over the years. But the NSR’s concern should come as a reminder that anti-terrorism precautions should remain high on the list of priorities for any large organisation.

Cyber alert What should really make risk managers sit up and take notice is the NSR’s assessment of the danger of cyber attack. “Cyber security has been assessed as one of the highest priority national security risks to the UK,” it reads. (For more on the

‘Stuxnet is a working and fearsome prototype of a cyber weapon that will lead to the creation of a new arms race in the world’ Kaspersky Labs risks posed by cyber attack, turn to page 22.) It cites the $1 trillion (€747.9bn) a year businesses lose to cyber crime and the 12 million cyber attacks a day on China during the Peking Olympics. It also refers to the Stuxnet worm, discovered in June this year, which was described by IT security specialist Kaspersky Labs as “a working and fearsome prototype of a cyber weapon that will lead to the creation of a new arms race in the world”. By infecting the programmable logic controllers used in many automated processes, malicious software such as Stuxnet can directly attack and damage industrial manufacture. Although Stuxnet is estimated to have taken teams of coders and many

man-months to create, precedent suggests that such directed cyber attacks are likely to become cheaper and more prevalent. The NSR’s response to this threat is vague. It says the government will “develop a transformative programme for cyber security, which addresses threats from states, criminals and terrorists; and seize the opportunities cyber space provides for our future prosperity and for advancing our security interests”. This either means the government does not yet have a clear idea what to do or it has an idea but does not wish to go into detail. As ever, the risk manager’s ﬁrst line of response has to be to attempt to quarantine vital processes (Stuxnet was spread through infected USB ﬂash drives). But setting up contacts in Whitehall to discover what the “transformative programme for cyber security” might entail can do no harm.

Come together Finally, tucked into the introduction of the NSR, is a further strand of government thinking. “We need to build a much closer relationship between government, the private sector and the public when it comes to national security … Business and government will need to work much more closely together to strengthen our defence against cyber attack and to prepare For more on for the worst.” Stuxnet, Fine words perhaps. But the see page 6 quick-thinking risk manager may nevertheless recognise an opportunity to pick up the phone and see what contribution they can make – and perhaps what funding is available in return. Q

Careful how you squeeze In 2006, the Guardian newspaper described services company Serco as “the biggest company you’ve never heard of”. That all changed this October. The company, responsible for running a multitude of public facilities, from prisons to trains, had been called in by the British government and asked to make savings. Rather than reduce margins, it wrote to its suppliers: “I am asking you to offer us a rebate of 2.5% [exclusive of VAT] on Serco’s fullyear spend with you for the 2010 calendar year in the form of a credit note. “Like the government, we are looking to determine who our real partners are that we can rely upon. Your response will no doubt indicate your commitment to our partnership.”

10 Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

Serco provides services for the public sector, including health, education, transport, science and defence.

When the letter was leaked to the press, the government, Serco’s biggest customer, was not impressed. The company was forced into climbing down and apologising. But the damage was done, and the company’s shares fell sharply. Asking suppliers to share some pain is hardly a new practice, but the clumsy way in which Serco went about it and the government’s negative reaction, hit the security group’s reputation badly. As we have emphasised many times, riskmanaging the supply chain is better conducted through a genuine sense of partnership, especially if there is a danger of the affair becoming public. Q Andrew Leslie is a market analyst for StrategicRISK

There’s a lot more to Swiss Re than reinsurance. Isn’t it time you found out how much more? Don’t let the name mislead you; there’s a lot more to Swiss Re than reinsurance. Commercial insurance, industrial insurance, large corporate risks and specialty insurance. Insurance for aviation and space as well as environmental and commodity markets. Financial tools like insurance-linked securities and catastrophe bonds. Yet every service we oﬀer and every challenge we face for our clients receives the same commitment and the same hands-on expertise. Why? Because across all industries, risk is the raw material with which we work; what we create is opportunity.

Visit swissre.com/AMRAE to learn more and to schedule a meeting with one of our experts.

Swiss Re est un ﬁer partenaire de la 19ème conférence annuelle des Rencontres AMRAE à Deauville.

NEWS ANALYSIS by Jeremy Fleming-Jones

For more analysis go to www.strategicrisk.co.uk

Last issue, StrategicRISK examined the increasing global tensions over maritime boundaries. But the planet’s surface is not the only possible battlefield: a new front is opening up in space. The details that are emerging about the EU’s Galileo project should lead to alarm both over future EU satellite development and the bloc’s ability to manage large-budget projects. Galileo aims to create a European version of the American GPS satellite navigation system. With an accuracy of one metre compared with GPS’s 10 metres, Galileo will be useful for car drivers and farmers, and will have military applications. However, political infighting and unrealistic expectations have meant that almost every stage of the project has been plagued by delays and cost increases. In October, EU industry commissioner, Antonio Tajani, announced that SpaceOpal, a joint venture between German company GfR and Italian firm Telespazio, had won a €194m contract for the operations of the ground and space infrastructure. It was the fourth of six contracts to be awarded for the project. The final two contracts will be decided early next year, and there will be lucrative pickings for technology companies. German government documents leaked in October cast doubt on the cost of the satellite project to European taxpayers, however. Galileo had been due to be in operation in 2008 with financial backing mostly from the private sector, but the private investors pulled out, citing a lack of commercial prospects. Consequently, the project became wholly funded by the taxpayer, and is now not expected to be running till 2017/2018. The German government estimates that the deployment cost will be up to €1.7bn above previous estimates, bringing the cost of deployment alone to as much as €5.1bn. These figures led the think-tank Open Europe to estimate the increase in the cost of Galileo. From an original estimate of €2.6bn at inception in 2000, Open Europe says the total will be €22.2bn. Tajani rejected such figures as “exorbitant” and “unimagineable”, insisting that the price for the system remained at €3.4bn. He said the satellite system is expected to bring €90bn to the European economy over 20 years. These figures, however, are purely speculative, based on estimates of what the system could be worth as a result of increased traffic efficiency, agricultural improvements and other technical efficiencies likely to emanate from the system. Although Galileo will generate benefits if ever completed, it is far from clear how far-ranging these will be. In 2005 and 2006, the Commission estimated the market for Galileo to potentially consist of three billion users worldwide with revenues of some €275bn per year by 2020.

12 Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

European Transport Commissioner Antonio Tajani addresses a news conference on the Galileo navigation system at the EU Commission headquarters in Brussels

The relationship between Galileo and the new Chinese Beidou Navigation System casts light of the inefﬁciency of European project building However, with the Americans, Russians, Chinese, Indians and Japanese having either launched, or about to launch, their own sat-nav systems, it is doubtful that Galileo will come anywhere near such a market share. The relationship between Galileo and the new Chinese Beidou Navigation System casts light

on the inefficiency of European project building. When Galileo was a private-sector development with public financial participation, the EU sought Chinese participation. The collapse of the private financing side of Galileo led the Chinese to focus on their own system. Chinese satellites are now using frequencies that have been allotted to Galileo, leading to further uncertainty. Dr Nicola Casarini, a fellow at the Robert Schuman Centre for Advanced Studies at the European University Institute Florence, says that cooperation in the Galileo project has assisted China in the development of its own system. These tensions are bubbling under during the development phases of the satellite systems. Once up and running, the potential for disputes will increase. Satellites remain subject to alarmingly little regulation. The UN convention on satellites launched into outer space — which came into force in the 1970s — has never been upgraded. With increasing competition, and a record number of satellites in orbit, problems overhead are likely to compete in size with those at sea. Q Jeremy Fleming-Jones is a Brussels-based correspondent for StrategicRISK

Reuters

Soaring costs mean Galileo will not be new Renaissance

When things look worst, count on our best.

Whatever the risk, there’s always a Starr solution.

C.V. STARR & COMPANY (CALIFORNIA)

STARR AVIATION

STARR GLOBAL ACCIDENT & HEALTH

Whether it’s a ship caught in a storm, a fire on a drilling platform, or smoke conditions at a refinery, you can count on Starr’s unmatched expertise, service and experience to make the difference in a crisis. The deep knowledge of our specialized team of experts offers an unparalleled level of

STARR MARINE

STARR TECH

STARR SPECIALTY

attention through close customer relationships. We have more than 55 years of leadership in assessing complex risk, and managing real-life situations and conditions. The worst brings out the best, in the specialized companies of Starr Underwriting Agencies, LLC.

cvstarr.com

NEWS ANALYSIS by Nathan Skinner

For more analysis go to www.strategicrisk.co.uk

Exposure in a Wiki world The whistleblowing website WikiLeaks has been causing something of a stir. First came the publication of the Iraq War Logs in October. This marked the largest ever classified military leak in history. A mass of 390,000 reports by US Army soldiers document the war and occupation of Iraq from January 2004 to December 2009. The reports, available for anyone to download on the WikiLeaks website, detail 109,000 deaths in Iraq – the majority of which (66,000 or 60%) are civilians. Then, on 28 November, WikiLeaks began publishing the first tranche of what is says are 250,000 secret US diplomatic cables. WikiLeaks said on its website: “The documents will give people around the world an unprecedented insight into the US government’s foreign activities.” WikiLeaks has been accused of endangering the lives of army personnel, threatening national security (in particular of the USA and UK) and damaging international relations. Its rogue approach to publishing classified documents has also been criticised by the media. Although some papers, notably the Guardian, have capitalised on the leaks and the website’s notoriety, other media companies have taken a more guarded approach. In a story covering the diplomatic leaks, CNN felt the need to clarify its position on WikiLeaks. It said: “CNN is committed to carefully and responsibly

WikiLeaks is symbolic of the new user-generated media landscape, which has no barriers to entry and empowers consumers with a strong voice reporting on the documents already published by WikiLeaks, focusing not only on what the leaked documents say, but also what their publication means for global relations and US diplomacy.”

Publish and be damned So far, WikiLeaks founder Julian Assange has focused his disclosure efforts on US foreign policy (much to America’s disquiet) – but the website was set up to expose “government and corporate misconduct”, so big businesses can expect to be on the hook too. He’s been the subject of rape charges

in Sweden, which he vigorously denies, claiming he is the subject of a CIA witch hunt. Lawyers in both the USA and his native Australia are trying to bring criminal charges against him. Meanwhile, the WikiLeaks website has been the subject of electronic sabotage, including a denialof-service attack. These normally involve ﬂooding a website with external communication requests. A hacker called Jester – who describes himself as a “hacktivist for good” – has claimed responsibility for the attack. Attempts to shut down the site have so far failed and, in any case, WikiLeaks claims to have “an insurance policy” against its site going down. Ultimately, WikiLeaks is just one information outlet but it is also symbolic of the new usergenerated media landscape. It is joined by blogs, social media and other online publishing platforms, all of which have no barriers to entry and empower consumers with a strong voice. The US government has borne the brunt of WikiLeaks’ ‘publish and be damned’ approach to democracy and free speech. But it could just as easily have been a major corporation on the receiving end of the negative press. With the kind of proﬁle WikiLeaks now enjoys, it could easily become a powerful enemy of the corporate world too. Q Nathan Skinner is editor of StrategicRISK

Aviva Premiership Rugby Fantasy Challenge In association with StrategicRISK Top 10 managers so far

Top 10 players sold

Manager

Team name

Adrian Simpson Dan Broome Jonathan Meyers Michael Fletcher David Perry Cameron Yeo Peiter Hurt Helen Morrissey Brian Spinks Scott Anderson

Andy Powell’s Ryder Cup XV Odd shaped balls The Cruncher Rucking Hell Millwall Mavericks RFU Cam’s Crusaders Bloomin Carp Potters Rugby Spinks Stars sweet saints

Points

624 615 614 603 602 601 597 596 595 593

Name

Club

James S-Daniel Michael Claassens Olly Barkley Tom Croft Paul Hodgson Riki Flutey Soane Tonga’uiha Luke Watson Nick Abendanon Steffon Armitage

GLO BAT BAT LEI LIR WAS NOR BAT BAT LIR

Top 10 players bought Sold

25 20 18 16 12 12 12 10 10 10

Name

Club

Ben Youngs Tom Varndell Chris Ashton Alesana Tuilagi Ben Jacobs Billy Twelvetrees Nick Easter Courtney Lawes Tom Johnson Ben Foden

LEI WAS NOR LEI WAS LEI HAR NOR EXE NOR

Bought

39 19 17 14 13 12 12 11 11 10

StrategicRISK has teamed up with Aviva to bring you an exciting Fantasy rugby thrill-fest. Enter online and compete with your risk and insurance friends for the chance to win fantastic prizes*, including exclusive tickets to the Aviva Premiership Final.

strategicrisk.co.uk/avivapremiershiprugby *T&Cs apply, please visit strategicrisk.co.uk/avivapremiershiprugby

14 Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

www.ferma-forum.eu

RISK SURVEY

Flood warning Recent ecological disasters are keeping the multitude of environmental dangers at the front of risk managers’ minds Despite this awareness of the risk, a smaller portion of the companies surveyed thought that environmental risk is a ‘very high priority’ in their organisation (43%). Almost a quarter (23%) said that it is a ‘high priority’ and around the same (28%) said it is a ‘medium priority’. A few (6%) – probably the ones whose operations don’t pose much risk to the environment – said that it is a ‘low priority’. Proving that we now live in a reputation economy, most (42%) respondents said that the single biggest environmental risk to their business was the reputational hit they would receive following an environmental slip. This trumped regulatory ﬁnes (14%) and carbon reduction targets (3%). In a related ﬁnding, a ‘better reputation with customers, investors and regulators’ was cited by 55%

In the wake of a devastating ﬂood of toxic slurry from a major aluminium processing plant in Hungary, StrategicRISK readers indicated in our latest poll that the threat of rising environmental liabilities is a serious concern. Almost all of the 89 risk managers polled (85%) said that they are concerned by the threat of rising environmental liabilities in Europe. Our reader research on environmental risk comes at a time of heightened awareness of the threat on land and at sea posed by heavy industrial operations. BP is still counting the cost after its Macondo oil well exploded in the Gulf of Mexico, devastating the pristine natural habitats of hundreds of species and making life very difﬁcult for coastal communities too. This may have contributed to the heightened awareness of environmental risk demonstrated by our survey.

What do you see as the single biggest environmental risk? Regulatory fines as a result of pollution Partners or suppliers’ environmental performance

of the survey as the biggest benefit to be derived from environmental risk management. The physical effects of the changing global climate and weather patterns were also highlighted as environmental risks, but none featured as prominently as the potential for bad press following an environmental upset. The impact and effects of climate change (17%), disruption caused by extreme weather (14%) and water scarcity (7%) all figured as risks. Interestingly, very few respondents (3%) were concerned about their partners’ or suppliers’ environmental performance. Either they are happy that their suppliers have their environmental controls wrapped up, or they did not see this as having an adverse effect on their own operations. Uncertainty around environmental liabilities is still seen by a significant number (39%) of readers as a big obstacle to managing environmental risk – this despite all of the communication from insurers about the potential risk. The finding probably reflects the fact that Europe has yet to see many significant test cases

How serious an issue is environmental risk in your organisation?

Reputational hit after an environmental slip, such as adverse impact of your operations on a local community

High priority

43 Very high priority

Low priority

Medium priority

3 14 3 7

Disruption from extreme weather events

17 Costs of managing environmental risks The impact and effects of climate change

Carbon emission reduction regulations

Water scarcity

Most respondents said the biggest risk was the reputational hit following an environmental slip 16 Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

What’s the biggest obstacle to managing environmental risk? Uncertainty about environmental liabilities

Lack or awareness of the risk among employees

39 10

Lack of commitment from senior management

11 Lack or regulatory harmonisation between regions

Potential for liabilities to be hidden within the supply chain

RISK SURVEY in association with

EXPERT VIEW

to judge exactly how strict the regulators will enforce environmental liabilities, as well as how big the ﬁnes and remediation costs will be. Don’t be fooled though. The message from industry experts is that these will be large. From an insurance perspective, less than half (45%) of the organisations queried in this survey said they had already purchased a specialist environmental insurance policy – one indicator that there is still substantial room for growth in the environmental insurance market. Executive management are the ones who exert the most pressure on organisations to improve their environmental performance, according to 42% of the survey. Business leaders are more inﬂuential in doing so than regulators (16%), NGOs (10%), local communities (9%) and customers (5%). Finally, asked whether climate change is a bigger risk or opportunity, 42% said it is a risk. Half (48%) see climate change as equally a risk and an opportunity. Just one in 10 see only an upside in climate change. Q

Are you concerned about the threat of rising environmental liabilities in Europe?

Following the toxic ﬂood from an aluminium processing plant in Hungary, I expect businesses to be taking environmental issues more seriously. Companies that are not investing in safety and environmental performance, perhaps because they don’t see the cost beneﬁt, should consider the sustainability of their business. The Hungarian disaster was the result of a lack of investment in safety and environmental controls. If companies are not investing in safety and environmental issues, then they could get into serious trouble in the future. One of the biggest environmental risks in Europe at the moment is ground water and soil pollution. There are many factories that have been operating in Europe for 40 years or so. But now the regulatory environment is much stricter and the factory may have changed hands because of a merger or acquisition. This leads to confusion and uncertainty over the liabilities. Companies often only become aware of the potential problems when they are faced with an environmental issue themselves.

Since the introduction of the Environmental Liability Directive (ELD), many companies have purchased insurance solutions to cover the uncertainties and to be compliant with local laws. In Spain and Portugal, for example, operators are obliged to purchase environmental securities, which includes insurance. Implementing environmental controls is a good way of analysing your business and looking for ways to improve performance. Sometimes there are just a few changes in systems or processes that can improve environmental performance considerably. Often these improvements are driven internally, but they can also come from shareholders. More and more investment funds are choosing to invest in green businesses. The shareholders have their own agenda in investing in companies that prioritise environmental safety, because it reduces the risk of things going wrong – and all the expensive reputational damage that can follow. Dorothee Prunier, environmental risk manager, ACE European Group

What is the biggest beneﬁt that you could derive from better environmental risk management?

15 No

85 Yes

6 Increased profitability 8 Greater operational efficiency 9 Reduction in carbon footprint 10 Enhanced competitive positioning

Has your organisation purchased a specialist environmental insurance policy?

12 New business opportunities 55 Better reputation with customers, investors, regulators

Don’t know

26 No

45 Yes

Which stakeholder exerts the most pressure on your organisation to improve environmental performance? 42

4 Non-executive management 5 Customers 9 Local communities

48 Is climate change more of a risk or an opportunity?

4 Investors

Equally as much a risk as it is an opportunity

Risk

Opportunity

10 Government 10 Non-governmental organisations 16 Regulators 42 Executive management

Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

PEOPLE & OPINION

IN MY OPINION

The scramble for Africa Institutional fragility and civil conﬂict remain concerns, but Africa has the potential to become the new China. Robert Amsterdam observes how growth opportunities bring new kinds of political risks

frica is often disregarded in favour of markets bearing trendy acronyms, but foreign investors have been closely eyeing opportunities on the continent. As competition for critical resources ramps up, investors are discovering that there is much more to Africa than oil, diamonds and gold. A report published in November by the World Bank concluded that, thanks to soaring growth, stabilising politics and a steady reduction in poverty, Africa could be “on the brink of an economic take-off, much like China was 30 years ago and India 20 years ago”. So far, these big words have not been followed by big actions. Capital inﬂow remains constrained by uncertain perceptions of political risk. Not a month goes by without core assumptions being picked apart. The unassailable Chinese juggernaut has staggered under repeated scandals and runins with local authorities, while new state-to-state relationships edge out corporate investments. It is important that businesses identify the key trends that have an impact on risk, develop a coherent and locally focused strategy in handling the situation, and avoid the pitfalls that have damaged other ventures.

Some important elections took place last year and will take place in the coming year, leading many observers to conclude that Africa’s risk proﬁle is improving. Success stories include the Ivory Coast, Zambia and the Democratic Republic of Congo. Guinea’s election, which pitted Guinea’s two largest ethnic groups against each other, started much better than it ended, when a state of emergency was called over the escalating violence. But heightened public enthusiasm for the democratic process will make it difﬁcult to turn back the clock to military dictatorship.

Africa’s risk landscape

Thanks to soaring growth, stabilising politics and steady reduction in poverty, Africa could be on the brink of an economic take-off

There are obvious reasons why Africa has attracted a high level of interest from traditional extractive industries as well as state-owned corporations from China, Russia and India, among others. With a growing population of around one billion, and robust proven and undiscovered reserves of oil, bauxite, cobalt, copper, iron ore, manganese, palladium and uranium, African markets can provide the industrial and manufacturing inputs required to fuel the new economy. Before the 2008 ﬁnancial crisis, the average growth of sub-Saharan African countries had steadied at about 6% a year in the period 2004-08. But post-crisis growth rates of many key markets have been even more impressive – Angola, for example, is expected to grow 7.6% in 2011. Although poverty rates have declined 10 percentage points over the past decade to 50%, institutional fragility and civil conﬂict remain the key concerns for investors. Democratic elections have become the focus for many of these countries. Popularly elected governments featuring independent institutions and rule of law are seen as the best tools to attract foreign investment.

Nigeria, the most important economy in the region, heads toward its third consecutive election next year, but there are concerns about the abilities of a number of candidates. Every year, more and more countries look to join the democratic royalty of Botswana, Ghana and Tanzania, and hold their public ofﬁcials accountable. While some of these elections may lead toward more predictable legal regimes and property rights enforcement, the investment methods of new state players pull in the opposite direction. Kenya, which even after the adoption of a new constitution has engaged in arbitrary seizures of assets, underscores the necessity for taking no state’s reputation at face value. In many countries, including South Africa, a change of leadership, combined with rising transnationalism, has resulted in substantial contract review and amendment, particularly in mining. In other countries, such as the Democratic Republic of Congo, a Wild West environment persists. The Chinese have revolutionised how they work in these emerging markets. A few years ago, China took over as Africa’s number one trading partner,

18 Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

while Angola became China’s largest oil supplier (with Sudan and Nigeria not too far behind). No country owns as much African debt as China. In addition to trade, investment, and ﬁnance, China has emphasised a new series of inter-state relationships and packaged side projects, which have repeatedly defeated the bids of competitors. According to deputy commerce minister Chen Jian, China has built 60,000km of roads and 70 million sq m of housing in Africa since 2000. Other countries have followed China’s ambitious expansionism and sought to establish relationships and institutions that exclude the traditional powers of the USA and western Europe. In 2003, the IBSA Dialogue Forum was convened in Brasilia, consisting of India, Brazil and South Africa, a grouping focused on enhancing trilateral co-operation on trade and other issues. In 2009, Brazil and India accounted for close to 8% of all of Africa’s exports. Russia, the ﬁnal remaining BRIC member, has also moved ambitiously into Africa. State-controlled companies such as Gazprom have set up joint ventures in Nigeria, while Rusal, Norilsk Nickel, Alrosa and Renova have invested more than $5bn (€3.79m) in Africa in a handful of years.

Sore points What marks out China’s aid for Africa is its willingness to remove practically all conditions from loans and grants – a sore point for critics, who say unconditional aid results in radical corruption and deteriorating human rights. Take, for example, the

PEOPLE & OPINION

A V I E W F RO M . . . Despite the hype, the UK’s Corporate Manslaughter Act isn’t up to much Sue Copeman Editor-in-chief, StrategicRISK

recent case of two Chinese managers in Zambia who were arrested and then released on bail, after shooting a dozen of their employees in a labour dispute. As the Zambian opposition leader Michael Sata commented: “We know we can’t be protected by this government because it has been heavily corrupted by the Chinese” – often through the use of unconditional aid and legalised bribes. This is a good illustration of how such a government would treat the rights of a business competitor to the preferred state partner. All parties have an interest in promoting universal rule of law standards in order to bring a level of moral clarity and predictability in these hotly contested, loosely regulated markets. In the interim, investors can take steps to avoid common pitfalls. It is important to choose the right partners – ideally, co-operating with a state-organised ﬁnance project or creating a joint venture with an inﬂuential local group. And a comprehensive investment strategy is needed to protect assets, taking into account the day-to-day political developments, culture and social challenges of each country – intelligence that can only be obtained through trusted operators on the ground. Compliance with the Foreign Corrupt Practices Act, as well as upcoming corruption legislation in the UK, requires a shift in corporate culture and understanding of how to communicate transparently with key constituencies in these markets. These often extend beyond the elites who hold the ministry positions. It is critical to understand that the cost of corruption accrues to the corruptor as well. New British and American initiatives may improve the lot of competitors who take the cultural change seriously. Africa is an essential region, offering high returns and access to critical resources, and participation is not a question of if, but when. The success of any new relationships will depend greatly upon a carefully nuanced understanding of the methods of the new players and the social needs and human rights of each country’s citizens. Robert Amsterdam is a founding partner at Amsterdam & Peroff READ MORE ONLINE

For more political risk updates, go to strategicrisk.co.uk

goo.gl/mQ6G

The Zeebrugge ferry disaster in 1987, which killed 187 people, and the Clapham Junction rail crash the following year, in which 35 people died and about 500 were injured, emphasised the idea in the UK at the time that penalties for organisations were insufﬁcient and failed to blame the people in those organisations who should be held accountable. Out of this was born the Corporate Manslaughter Act. The draft legislation started with high hopes. It tackled the knotty problem of prosecuting and punishing those in an organisation seen as responsible and the managers, who should face personal charges. However, in the intervening years before the Corporate Manslaughter Act came into force in April 2008, its original intent was watered down considerably. The aim of getting top management into the dock disappeared. Directors or other senior executives cannot be prosecuted under the act, although existing health and safety offences and gross negligence manslaughter (which carries a maximum sentence of life imprisonment) continue to apply to individuals. Under the Corporate Manslaughter Act, an organisation can only be found guilty if the way in which its activities are managed or organised by its

‘senior management’ is a substantial element in its gross breach of duty. It is surprising that the first case under the act involves a relatively small company, Cotswold Geotechnical Holdings, in relation to the death of its employee, junior geologist Alexander Wright, on 5 September 2008. There is little prospect of a significant fine being levied on any conviction and it is unlikely there will be any meaningful guidance on how the Corporate Manslaughter Act is to be interpreted. The trial for corporate manslaughter of Cotswold Geotechnical Holdings has been adjourned until January 2011, and the charges of gross negligence manslaughter against its managing director, Peter Eaton, dropped, due to concerns about his health. Despite the criticisms levied at the Corporate Manslaughter Act, risk managers can’t afford to ignore it – no organisation wants fatalities at work, and an investigation can be very unpleasant. Despite this inauspicious start to prosecuting under the act, at some point a large organisation could be prosecuted, fined millions of pounds and suffer huge reputational damage. In the meantime, a Corporate Manslaughter Act once hailed as a tiger has yet to show that it has real teeth.

Insight TAME, MESSY AND WICKED RISK

The general perception among most project and risk managers that we can somehow control the future is one of the most ill-conceived in risk management. The biggest problem is how to measure risks in terms of their potential likelihood, their possible consequences, their correlation and the public’s perception of them. The situation is further complicated by identifying different types of problem – ‘tame’ problems (straightforward linear causal relationships that can be solved by analytical methods) and ‘messes’, which have high levels of system complexity and interrelated or interdependent problems that must be considered holistically. When an overriding social theory or social ethic is not shared, the project or risk manager also faces ‘wicked’ problems. These are characterised by high levels of behavioural complexity, but what confuses real decisionmaking is that behavioural and dynamic complexities co-exist and interact, leading to wicked messes. In my new book, Tame, Messy and Wicked Risk Leadership, I’ve explored these problems with an eye to helping professionals understand the limitations of the present project and risk management techniques. The book introduces the concepts of societal beneﬁt and behavioural risk, and illustrates why project risk has followed a particular path, developing from the basis of engineering, science and mathematics. I argue for, and offer, complementary models from the worlds of sociology, philosophy and politics to be added to the risk toolbox, and provide a framework to understand which type of problem – tame, messy, wicked, or messy and wicked – may confront you and which tools will provide the greatest potential for success. O David Hancock, the author of project risk management book Tame, Messy and Wicked Risk Leadership, is the head of risk at London Underground. He has previously worked for the London Development Agency and in the construction sector on large-scale projects such as Heathrow Terminal 5.

Strategic RISK JANUARY 2011 |

www.strategicrisk.co.uk

PROFILE

‘Things go

wrong’

Airlines are exposed to an extraordinary number of risks. StrategicRISK asked British Airways’ risk bosses to explain what other industries can learn from them

xpect the unexpected, British Airways’ risk leaders say, and be prepared to deal with the consequences – which probably means having deep enough pockets to manage your way out of a crisis. Talking to StrategicRISK at the airline’s Heathrow headquarters, risk and internal control boss Philip Osmond explains: “You can put all sorts of controls in place to mitigate what you know about, but there are often risks that you simply don’t know about.” This was the challenge BA faced in April, when a huge ash cloud spewed out of Iceland’s Eyjafjallajökull volcano and air safety authorities imposed a blanket ban on ﬂights in northern European airspace. It was an “understandable overreaction”, says Osmond. But what helped BA get through the crisis – albeit not completely unscathed – was that it had decent plans in place to deal with disruption, even if it hadn’t anticipated that particular scenario. “I’ll be honest, it wasn’t on our risk register,” Osmond admits. His risk and control colleague, Maurice Sammut – also at our meeting – adds: “But we did forsee that there could be a disruption that could have a similar impact.” “The result of it was a stopped operation,” Osmond continues, “which could also happen from a massive IT failure, a massive power failure at Heathrow, fuel disruption or ﬂooding. Sometimes you can’t stop the event, so you have to put procedures in place to deal with the effects of that event.”

20 Strategic RISK JANUARY 2011 |

www.strategicrisk.com

This business resiliency is critical for an airline, he says, because running a ﬂeet of aircraft is hugely complex and many activities are inter-related. “A BA aircraft takes off or lands somewhere in the world on average every few minutes, 24 hours a day, every day of the year. That’s complicated. Things go wrong. So you start with the premise that you expect things to go wrong. That’s part of the risk of running an airline. It’s part of the risk of running any business.” Sammut adds: “Disruption is inevitable in any business. The key thing is that you prepare for it when it happens.” “And the chances are you won’t be able to stop what it is. What you have to do is to be prepared for it. And part of that risk mitigation is as simple as having the cash,” adds Osmond. Terrorism is another big risk facing the airline industry. It’s an unlikely one, but it can’t be ruled out – no matter how many precautions are put in place to stop bombers stepping onto a plane and blowing up the aircraft and everyone in it. October’s printer cartridge bomb plot is the latest example. Bombs concealed in printer toner cartridges were discovered on separate planes bound for synagogues in the USA from Yemen. “You have obscure factors to contend with in this industry that many others would not have to face,” Osmond says. “We go from having to think about what a terrorist might do next through to what happens when part of an engine doesn’t do

what it’s supposed to – as in the Sydney-bound Qantas A380 incident.”

Career path These are just a few of the challenges he has had to contend with since joining BA three years ago. After a successful career in finance, Osmond received a call from BA chief financial officer Keith Williams in 2007. He recalls: “Keith said: ‘Willie Walsh [BA chief executive] and I wondered whether you might like to talk to us about an opportunity we have here.’ I thought it was one of my mates pulling my leg, to be honest. I came in at 7.30am on a Monday morning and walked out at 9am with a job.” One of his first tasks was to overhaul BA’s “oldfashioned” approach to risk management and install a top-down strategic approach to overlay and complement the bottom-up, operational system. In real terms, it meant integrating risk with the overall assurance and audit programmes. Among other things, the change meant that rather than auditing airports on a cyclical basis every four years, no matter what their risk profile, BA could take a risk-based approach to its audits. This would focus on the sites, or risks, that represented the biggest exposure or threat to critical business operations. The system Osmond and his team installed looks across the whole risk spectrum – anything from the strategic risk of Heathrow’s third runway not

PROFILE

‘You have obscure factors to contend with in this industry that many others would not have to face’ Philip Osmond

‘Disruption is inevitable in any business. The key thing is that you prepare for it when it happens’ Maurice Sammut being built to the operational “iceberg risks” around terrorism and air incidents. “We started the whole process with some honest discussions with our leadership team, with Willie and his directors,” Osmond says. “We asked them the simple question of what keeps them awake at night.” After implementing the system, he benchmarked BA against peers such as Samsung, John Lewis and Barclays. “The bit that was missing for me was that we didn’t really have that view of risk appetite. We didn’t therefore have the view of which controls were the most important ones,” Osmond says. “We have a huge amount of control over our operations at Heathrow, for example, but less so over the catering operations down route, particularly in certain destinations.” So rather than treating all of the sites in the same way, Osmond is now able to prioritise controls so that high-risk “down route” locations have the appropriate risk and assurance resources allocated to them. “You’re never going to eliminate all risk, but you’ll do more to eliminate certain risks than others,” he says.

Crew safety Another area that Osmond has paid particular attention to is crew safety. “We are going through a lot of the hotspots at the moment – the places we think the greatest risks are to our crew when they are down route for several days.”

Sammut, also an accountant by trade, joined BA five years ago from Qantas. As well as helping the team with the risk and assurance frameworks, he is also responsible for BA’s anti-bribery programme – particularly important now that the new Bribery Act is significantly toughening the UK’s stance, says Sammut. “We have put together a programme, which will take two years to implement. “For BA, it is serious because we operate in high-risk parts of the world such as West Africa, the Middle East, Asia and the Far East. So it presents a risk for us, particularly when we do a deal in parts of the world where the culture thinks [bribery] is normal practice.” Despite all this good work, the complexity of the airline business means things can and do still go wrong. Sammut says: “Moving aircraft around the world in large numbers on a regular basis is not easy to do. It only takes one small thing to go wrong and you can’t move the metal around.” Take BA’s flagship Terminal 5, which opened in March 2008. Despite the fact that the construction project was delivered on time and within budget, it was overshadowed by a relatively simple error with the baggage-handling system and data from transfer flights. It caused 48 hours of chaos when the airport opened. “Unfortunately, the press love a bad story,” says Osmond. And this bad story, coupled with

the travel disruption it caused, seriously tarnished BA’s reputation. “We go back to the fact that things go wrong,” he adds. “You can understand this if you go downstairs into the baggage-handling area of Terminal 5 and see the complexity of it – we handle 30 million-odd bags a year and every single one goes from one place to another in a 15-minute window on a baggage belt.” Given this complexity, and the fact that most passengers take off and land with their baggage intact, it’s easy to sympathise with the view of some in the airline industry that passengers’ expectations can be unreasonable. So do many other businesses start, like BA, with the premise that things will go wrong? In Osmond’s opinion they do not. “I don’t think they start with that simple view. The fact is that there are risks in your business. If there aren’t any risks at all, you’re probably not going to make any money, because risk is opportunity.” Sammut agrees. “In the airline industry, we constantly have shocks, so we are constantly expecting the worst. In some industries, such as ﬁnancial services, they don’t expect the worst; they have a bump maybe every 50 years. “We have a bump every three or four years, so the mindset is to always think worst-case scenario – other industries aren’t like that.” That’s a fact that risk managers at ground level may want to consider. Q

Strategic RISK JANUARY 2011 |

www.strategicrisk.com

l a r e v e S . a i d n I n i s d o o ďŹ&#x201A; e r e v e e r â&#x20AC;&#x153;S a s r e r u t c a f u n a â&#x20AC;? m r e K d U n u e n o g e v a h o t d e t r o p re

These days, there’s no such thing as a local incident. If you lose production in India, you can lose market share across Europe. That’s why FM Global takes a different approach. We base your property insurance on the site assessment of our engineers, not the calculations of actuaries. We work with you to look at critical sites in your supply chain. And we don’t just insure against loss, we help you to prevent it. You can actually save up to 85% of the cost of ﬂooding, with the right precautions. So your business can stay in business. Speak to your FM Global representative or contact your broker, and visit www.fmglobal.co.uk/touchpoints to read our latest White Papers.

Secure the value you create

CYBER SPYING

24 Strategic RISK JANUARY 2011 |

www.strategicrisk.com

CYBER SPYING

pying is one of the oldest tricks in the book – if you want valuable information, pinch it off someone else. And the revolution in global communications and technology has put today’s espionage firmly in the realm of cyberspace. The UK’s National Security Review recently claimed the threat of “attacks on UK cyberspace by hostile states, or large-scale cyber crime” was one of the top two risks to the country, international terrorism being the other. It says: “Government, the private sector and citizens are under sustained cyber attack today, from both hostile states and criminals. They are stealing our intellectual property, sensitive commercial and government information, and even our identities, in order to defraud individuals, organisations and the government.” Unless action is taken, this threat could become even worse, the report says. However, computer forensics firm Stroz Friedberg’s managing director, Seth Berman – a former assistant US attorney in the computer crime unit of Massachusetts – thinks few companies outside the defence and financial services sectors take the risk seriously. “They don’t realise until after they’ve become a target how serious and damaging it can be,” he says. Companies generally see cyber attacks as a remote risk that is expensive to defend against. Yet the risk managers StrategicRISK spoke to – all of whom wished to remain anonymous – said the threat of cyber attack or cyber espionage was something their company took very seriously. “For many, cyber risks will be a number one priority,” confirms KPMG head of audit risk and compliance David Defroand. The reason for this divergence in opinion is that organisations, individuals and governments are exposed to different levels of risk, depending on the value and attractiveness of the information or assets they hold. Companies operating in strategically important industries or hi-tech areas, such as nuclear, defence and energy, are the most vulnerable, according to Massimo Cotrozzi, an IT risk expert with security consultancy KCS.

Cyber risk hotspot One of the most high-profile cyber risk hotspots is China. Companies with operations, subsidiaries or valuable secrets in China are firmly in the firing line. Several recent attacks have originated from the country and the Chinese government is widely regarded, although not officially condemned, as a sponsor of cyber crime. It is rumoured that China stole Japan’s high-speed rail technology to use in its own rail expansion plans, for example.

Phone hacking Criminals are using technology to spy on companies by hacking into mobile phones and listening in on calls. The issue caused a stir in the UK when national newspaper the News of the World allegedly hired private investigators to illegally gain access to mobile phone messages, generating big stories,

Know your enemy Computer crime is becoming ever more sophisticated and widespread. Nathan Skinner traces the scale of the problem and asks whether businesses are switched on to solutions US-based watchdog Shadowserver suggests that Chinese cyber spies are systematically targeting and compromising computer systems, particularly in India and several other countries as well as the ofﬁces of the Dalai Lama and the United Nations. Investigators uncovered large quantities of stolen material belonging to governments and businesses, including encrypted diplomatic letters and secret documents. The attackers made use of social media systems such as Twitter, blogs and Yahoo Mail to steal the information. Although the identity and motivation of the attackers remains unknown, the report provides evidence they operated or staged their operations from China’s Chengdu Province. “Clearly, this investigation and our analysis tracks back directly to China, and to known entities within the criminal underground of China. There is also an obvious correlation between the victims, the nature of the documents stolen and the strategic interests of the Chinese state,” said the Shadowserver report.

The global cost of cyber crime is put at $1 trillion (€757bn) a year. There are two types of cyber attack. The ﬁrst involves generalised viruses that exploit so-called ‘zero-day’ weaknesses in applications – vulnerabilities unknown to even the software developer. Good-quality virus software and up-to-date security patches are required to protect against this. The second type, which has developed over the past few years, involves targeted hacking aimed at stealing information such as credit card details or intellectual property. Hackers today are highly professional and operate almost with impunity online. Some even work for the military or government – conspiracy theorists believe the MI6 ofﬁcer found dead in a London apartment recently may have been a hacker. Companies should be wary of being spied upon by competitors looking to steal trade secrets or get the upper hand in a contract bidding war. One corporation could be spying on another to gain access to a secret product design, for example. Berman thinks this is the risk companies are least prepared for. In Europe, such activity is rare because the consequences of being caught are serious, he says. But in China there is almost no legal recourse and the line between government and business interests is blurred. Some even say this kind of spying on western competitors is encouraged. A recent investigation by the Canadian-run organisation Information Warfare Monitor and

China is not the only culprit. In October, a cross-border investigation involving ofﬁcers from the USA, UK, Ukraine and the Netherlands led to several arrests in one of the largest cyber criminal cases ever launched. Using a Trojan horse virus known as Zeus, hackers in eastern Europe infected computers around the

including some about the Royal family. By March 2010, the paper had spent more than £2m (€2.38m) on settlements with victims of phone hacking. A report by information management specialist Ponemon Institute revealed that businesses are putting themselves at risk of mobile phone interception. According to the survey, 67% of IT professionals are not conﬁdent that conﬁdential information conveyed during cellphone conversations is secure in their organisation.

In response to this threat, some companies have begun using technology to secure their voice calls. Manchester-based Henderson Risk, for example, which has a subsidiary Kosovo and provides risk management services to international banks, uses Cellcrypt Mobile to enable staff to discuss commercially sensitive issues securely. Other solutions include PhoneCrypt from SecurStar, Cryptophone from Berlin-based GSMK and Gold Lock, which is licensed by the Israeli military.

European trail

Strategic RISK JANUARY 2011 |

www.strategicrisk.com

CYBER SPYING

world. The virus was spread via an e-mail and, when opened, installed itself on the victim’s computer, capturing passwords, account numbers, and other data used to log onto online bank accounts. The hackers used this information to make unauthorised transfers of large sums of money, often routing the funds via a network of ‘money mules’. See our infographic opposite for how the cyber crime worked. Weysan Dun, FBI special agent in charge of the investigation, said: “International tolerance for this kind of criminal activity is decreasing. Our partners overseas are dealing more aggressively and effectively with cyber crime than ever before.”

Malware exploiters

Cyber theft ring

Mules Victims Malware exploiters purchase malware and use it to steal a victim’s banking credentials

Money mules transfer stolen money for criminals, shaving a small percentage for themselves

Homegrown hackers But KCS warns that China is protecting an everincreasing web of homegrown hackers, capable of cyber warfare and industrial espionage. “Chinese hackers – many of them young – are being offered large financial awards to infiltrate western computer systems, with military targets in particular being attacked,” said the consultancy in a statement. “Some of the hackers are backed directly by government organisations, while others are tolerated by the Chinese authorities, which turn a blind eye.” KCS claimed to have contact with “those most active in targeting critical European and US infrastructures” through its Asian offices, as well as being aware of attack methods. “Our intelligence sources have disclosed that some of the hackers are being requested to specifically attack military targets in the west, which is a cause for alarm,” says KCS chief executive Stuart Poole-Robb. Within the next 18 months, he says, Chinese hackers will easily be able to exploit weaknesses in western computer systems – mainly military command centres and commercial targets such as phone producers, aerospace, health and nuclear organisations. “Recent intrusions, we have learned, have been performed through ‘botnets’ – a collection of software agents or robots – which run autonomously and automatically,” he adds. Even though many companies are aware of these risks, they are not employing the right techniques and managing the risk appropriately, says Cotrozzi. “Know your enemy and know the value of the assets you are defending,” he says. “Then invest in the appropriate level of mitigation activities.” It is often the case that the IT manager responsible for security cannot secure the board’s backing for the right level of investment, he adds. The bigger a company, the more likely it is to have measures in place to combat cyber espionage. Rolls Royce recently won a lucrative $1bn contract to supply jet engines to China Eastern Airlines so, given the value of its technology, it is no doubt well aware it is a target for espionage, both old and new. Those not taking the risk seriously do not consider themselves a target. And as hackers become more sophisticated and able to cover their tracks, the problem is growing. A company may be the victim of an attack without even knowing it. Q Nathan Skinner is editor of StrategicRISK

26 Strategic RISK JANUARY 2011 |

www.strategicrisk.com

Victims include individuals, businesses and financial institutions

How the fraud works

Hacker

2. 1. Malware coder

Compromised collection server

3. Targeted victim

Compromised proxy

5. Money mules

Hacker

8. 7.

Targeted victim’s bank

Fraudulent company

1. Malware coder writes malicious software to exploit a computer’s vulnerability and installs a Trojan. 2. Victim infected with credential-stealing software. 3. Banking credentials syphoned. 4. 5. 6. 7. 8.

Hacker retrieves banking credentials. Remote access to compromised computer. Hacker logs into victim’s online bank acount. Money transferred to mule. Money transferred from mule to organisers.

Can you keep your Balance without Risk and Insurance Software ?

Risk and Insurance Management Software In todayâ&#x20AC;&#x2122;s challenging environment corporate risk and insurance managers need effective data management. Identify and evaluate your risks, track your loss control recommendations,manage your policies, allocate your premiums and manage your losses: WebRisk handles all of these aspects of your activity and provides you with features such as on-line data collection and sharing of data, on-line notifications, simulations and summary reports to assist decision making. Fully web based, the software is accessible whenever and wherever in real-time. Find out how we can help you to manage risk more effectively.

www.effisoft.com rmis@effisoft-group.com

MONEY LAUNDERING

Avatar economy The lack of formal regulation of ﬁnancial transactions between players in virtual worlds such as Second Life leaves the gaming system open to abuse, reports Nathan Skinner

inancial transactions in virtual ‘worlds’ such as Second Life should be subject to the same reporting and monitoring requirements that apply to real-life financial services firms, an expert has warned. For the best part of a decade, since the terrorist attacks of September 11, banks and other financial firms have been required to monitor their customers more strictly to crack down on the financing of terrorist organisations. These powers have also been used to restrict the ability of criminals to use financial services as a means of money laundering. The more rigorous climate, however, has meant that terrorists and criminals are looking for new ways to move their money around. Second Life is one of the most popular of the online gaming worlds that have sprung up over the past decade. Developed and launched by Linden Lab in 2003, Second Life is a 3D virtual world environment. Its ‘residents’ (estimated at more than 6 million) can create content, interact with each other and launch businesses. Players use ‘Linden dollars’, which are converted from real currencies. Anti-fraud experts warn that participants in online communities can transfer money with little risk of detection. There are few checks to ensure these transfers are legitimate and criminals can hide behind their avatars (the virtual identities they create for themselves). In September 2009, Linden Lab announced that transactions between Second Life users added up to the equivalent of more than $1bn (€755m). The Second Life economy grew 94% between 2008 and 2009. Now, with nearly $50m each month in user transactions, the Second Life economy is on an annual run rate of more than $500m, making Second Life the largest virtual economy in the online gaming industry.

Open to abuse As in the real world, there is scope for both legitimate and illegitimate activity. Several entrepreneurs have built successful businesses in Second Life. But Mark Johnson, who heads risk management firm TRMG, is concerned about players’ ability to trade currency online with fictitious identities. “It is impossible to say how much misuse is happening but the model is open to abuse. That’s the concern.” The game companies say there are caps on the permitted number of transactions per day per account. Linden Lab says it has a fraud protection mechanism and works hard with law enforcement authorities to counter illegal activity. Second Life’s economy is dominated by small transactions, it says, and therefore large transactions would stand out. But Johnson believes the controls are “rudimentary”. The key issue, he says, is players hiding behind virtual identities. “If you look at the financial world, the important thing is identity: knowing the

28 Strategic RISK JANUARY 2011 |

www.strategicrisk.com

identity of your customers and being able to track transactions. Although these worlds set up limits on what you can do to set up an account, they don’t do anything to make sure that the account is tied back to a real person in the real world,” Johnson says. On the need for better regulation of online credit systems, he says: “It is an economic mechanism for storing value and transferring value between individuals and therefore it is money and should be subject to the same controls and reporting requirements as any other set of ﬁnancial transactions. Then the regulators can get involved.

‘It’s very simple to move funds through an online game and not be monitored’ Mark Johnson, TRMG But, as it’s not yet clear if this is money in a legal sense, the regulator has no interest. Technology is just staying ahead of the legislation as it always tends to do.”

Terrorism Financing of terrorism is another concern. The sum of money transferred tends to be much smaller than money launderers, but terrorists have the same motivation for concealing their transactions from the authorities. Given the amount of surveillance and supervisions of real-life ﬁnancial transactions to prevent terrorist ﬁnancing, it appears that online money laundering presents a “massive loophole”, says Johnson. “It’s very simple to move funds from one part of the world to another through an online game and not be monitored.” Paedophilia is another concern related to virtual identity monitoring. Since online worlds are popular with young people, there’s a tremendous scope for grooming and stalking. Johnson believes that little will change until there’s a big money laundering case or funding for a terrorist operation is linked back to an online community. “Law enforcement authorities are far more aware of the issue than they were previously and are sensitive to the threat, but until a big case hits the headlines and gets political attention I don’t expect to see any change.” Q

Have you done something exceptional in 2010? Introduced or built a new risk management strategy, which is demonstrating excellent results? If so, you could be a WINNER.

DATE W E D N E SDAY 25 M AY 2 0 1 1

VENUE WHY ENTE R? Being shortlisted or winning an award is a fantastic opportunity to raise the proﬁle of your work. It can also help you raise awareness of risk management within your organisation and boost team morale. Most importantly, it boosts your stakeholders’ perception of risk management in your organisation and contributes to the overall development of the profession, showcasing the vital role that risk management plays in today’s businesses.

E NT E R I N G I S E A SY We know how busy you are and that completing awards entries isn’t always top of your priority list. So to assist you and speed up the process, we’ve introduced new entry criteria. Turn over for more details.

LO O K AT W HAT O U R P R EV I O U S W I N N E RS S A I D

“The risk management awards by StrategicRISK are crucially important to further elevate the importance of risk management. My award has helped to increase the visibility and importance of risk management in my company and made the embedding of risk management best practices into the businesses even more successful” Arnout van der Veer, Reed Elsevier Group, European Risk Manager of the Year 2010 “We find it very motivating that our loss control strategy obtained the acceptance of an independent organisation like StrategicRISK. It really gives a boost to our team and the whole organisation” Sabine Prechtl, Hugo Boss AG, winner of Best Loss Control Strategy 2009 “This award confirms our stakeholders’ perception of Sonae Sierra’s leadership in this field and enhances their confidence in our approach” Elsa Monteiro, Sonae Sierra, winner of Risk Training Programme 2009

TH E WA L DO R F HOT E L , LO N DO N Now you’ve decided to enter, turn over for our complete guide to submitting an entry. We’ve updated the process for 2011, making it quicker and easier.

AWARDS ENTRY HELPLINE +44 (0)20 7618 3088 DEADLINE FOR ENTRIES 18 February 2011 APPLY ONLINE AT www.strategicrisk.co.uk/digital/srawards2011

A GUIDE TO COMPLETING YOUR ENTRY Now it’s time to bring together all the information that you will need to substantiate your entry. At StrategicRISK we recognise how busy you are and that preparing an entry form may not be top of your to-do list. With this in mind, we’ve revised the entry process, making it quicker and easier for you to tell us about your achievements. To help you submit an entry, we’ve prepared a ﬁve-step guide.

ST E P 1 – F I N D TH E R IG HT C AT E GO RY Check each category deﬁnition to make sure you are entering the correct award. You can read the full criteria for each category online at www.strategicrisk.co.uk/awards2011

ST E P 2 – R E AD TH E QUE ST ION S We’ve done away with the need to write lengthy submissions. To enter, simply complete our awards questionnaire comprising no more than eight questions, which make up your entry. Our judges want to compare the entrants’ answers against each set question. Make sure your answers are succinct, avoid wordy, vague explanations and remember, where possible, to back up your answers with facts and testimonials.

ST E P 3 – T I M E SC ALE AN D T E AM Establish what data, evidence, testimonials and examples you will need to support your entry. Delegate to members of your team and make each responsible for completing a section of the form. Entering, and especially winning, awards is great for team building.

ST E P 4 – D O YOU R HO M EWO RK Take a look at previous winners and ﬁnd out what they did to gain their award. A list of recent winners and a summary of the entries can be found on our website www.strategicrisk.co.uk/awards2011 under Roll of Honour

ST E P 5 – START TO DAY ENTER ONLINE AT WWW.STRATEGICRISK.CO.UK/DIGITAL/SRAWARDS2011

AWARDS ENTRY HELP LINE +44 (0)20 7618 3477 DEADLINE FOR ENTRIES – 18 February 2011 APPLY ONLINE AT www.strategicrisk.co.uk/digital/srawards2011

AWARDS C ATEG ORI ES E U RO P E A N R I S K M A N AG E R OF TH E Y E A R This category is open to any individual who currently has responsibility for corporate risk management and whose work in 2010 has achieved a signiﬁcant difference for his or her organisation.

E U RO P E A N R I S K M A N AG E M E N T T E A M OF THE YEAR

B E ST B U S I N E S S CON T I N U I T Y APPROACH OF TH E Y E A R Our judges are looking for a company that can show that it initiated or implemented a well-thought-out new business continuity approach in 2010 that reﬂected current challenges.

B E ST R I S K TR A I N I N G PRO G R AM M E

This category is open to risk management teams that achieved demonstrable success with one or more initiatives in 2010.

This award is for organisations that have introduced a demonstrably effective risk training programme in 2010.

E N T E R P R I S E R I S K M A N AG E M E N T P RO G R A M M E O F T H E Y E A R

B E ST R I S K M A N AG E M E NT APPROACH I N TH E P U B L I C S EC TO R

This category is open to any organisation that has introduced or improved on an existing enterprise risk management approach in 2010.

B E ST E NVI RON M E NTAL R I S K M A N AG E M E N T Our judges are looking for a individual or team that has demonstrated an outstanding risk management initiative related to the environment in 2010. This can comprise: a provable commitment to ensuring sustainable economic development; a social responsibility initiative; a new operational risk management process designed to enhance environmental health and safety; or an innovative method of treatment to deal with historic contamination.

B E ST R I S K CO M M U N I C AT I O N OF TH E Y E A R This category is open to organisations that can show they implemented an effective and outstanding risk communication strategy that raised awareness of risk, and resulted in improved risk treatment in 2010 – internally, externally or both.

M O ST I N N OVAT I V E U S E O F I T O R OT H E R T E C H N O LO G Y This category is open to organisations that have introduced new technology or improved existing technology to produce a demonstrable beneﬁt for their risk management programme or strategies in 2010.

Judges will reward public sector bodies that can demonstrate a comprehensive, successful and cost-effective risk management initiative in 2010, either across the entire organisation or focusing on a particular aspect of their operations.

R I S K M A N AG E M E N T P RO D U C T OF TH E Y E A R This award is open to risk service providers who have developed a new risk management service or product in 2010 or improved on an existing one.

R I S K M A N AG E M E N T YO U NG ACH I E VE R OF TH E Y E A R This is open to risk professionals up to the age of 35 in the private and public sector who can demonstrate that they have made a signiﬁcant contribution to their organisation's risk management.

L I F E T I M E AC H I EV E R This award will be given to an individual(s) who has been an outstanding contributor to risk management not only within their own organisation but in the wider risk management community and/or commerce and industry at large. If you know someone who ﬁts this description, nominate them now at www.strategicrisk.co.uk/awards2011

C A L L F O R N O M I N AT I O N S Has one of your colleagues or clients implemented a new innovative risk strategy? If so, they could be eligible to win one of StrategicRISK’s coveted risk management awards. StrategicRISK is now accepting nominations for its European Risk Management Awards 2011. All nominations are made anonymously and can be submitted online at www.strategicrisk.co.uk/digital/srawards2011 or by calling our entry hotline on +44 (0)20 7618 3477

TERRORISM

Raising the stakes Yemeni-based al-Qaeda group AQAP is leading a resurgence in global terrorism. As Jordan Perry reports, the pressure is on for western organisations to work together to stay one step ahead

Two Islamic militants from the radical group Jaish-e Mohammed (Army of the prophet). Source: Yannis Kontos / Polaris / Panos

hen a plot to smuggle bombs disguised as printer cartridges aboard transatlantic cargo ﬂights was uncovered in October, it thrust the international spotlight onto the threat posed by al-Qaeda in the Arabian Peninsula (AQAP), a militant group based in Yemen. But what was the motivation behind this latest foiled attack on the west? What’s the overall risk outlook? And what are the intelligence services doing to prevent them? AQAP is a terrorist group that was established in January 2009, when the Saudi Arabian and Yemeni branches of al-Qaeda merged. AQAP is opposed to the Saudi monarchy, viewing it as counter to al-Qaeda’s vision of a pan-Islamic political system free of western inﬂuence. It is also opposed to the regime of Yemini president Ali Abdullah Saleh

32 Strategic RISK JANUARY 2011 |

www.strategicrisk.com

and its co-operative relationship with the USA. Many Saudi Arabian members of al-Qaeda moved across the border to Yemen after a suppression campaign by the Saudi authorities. It is estimated AQAP is comprised of several hundred fighters. Of particular concern is Anwar al-Awlaki, who provides significant spiritual and operational guidance to AQAP. A Yemeni American who lives in Yemen, he is thought to be the organisation’s leader. He is also highly influential abroad. MI5 director general Jonathan Evans notes that al-Awlaki delivers his messages in English. This includes online sermons thought to have inspired the attempted Christmas Day 2009 Detroit-bound plane bombing by Umar Farouk Abdulmutallab. Al-Awlaki is also thought to have influenced army psychiatrist Nidal Malik Hasan – the man behind the

shootings at Fort Hood military base in November 2009, which killed 13 – and was the spiritual adviser to at least two of the hijackers involved in the 9/11 attacks of 2001. Deputy national security adviser to president Barack Obama John Brennan says that, with the exception of the Afghan-Pakistan border region, AQAP is alQaeda’s “most active operational franchise right now”. Brennan made this statement shortly after the 29 October cargo plot in which plastic explosives loaded into printer toner cartridges, bound for the USA from Yemen on separate planes, were intercepted in Britain and Dubai. The bombs were thought to have been built by AQAP chief bomb maker Khalid Ibrahim Ahmed Alasiri, who is also thought to have assembled the device used in the Christmas Day 2009 plot.

TERRORISM

Top 10 risk hotspots COUNTRY

TERRORISM RISK 2011 CATEGORY

TERRORISM RISK 2011 RANK

Somalia

Extreme

Pakistan

Extreme

Iraq

Extreme

Afghanistan

Extreme

Colombia

Extreme

Thailand

Extreme

Philippines

Extreme

Yemen

Extreme

Russia

Extreme

Palestinian Occupied Territory

Source: Maplecroft

TERRORISM

Europe’s most exposed countries COUNTRY

TERRORISM RISK 2011 CATEGORY

TERRORISM RISK 2011 RANK

Greece

High

Spain

High

France

Medium

United Kingdom Medium

Germany

Low

Source: Maplecroft

Both parcels were addressed to synagogues in Chicago, indicating the traditional al-Qaeda belief that western states are in league with the Jewish community in a ‘Zionist-Crusader alliance’ to undermine Islam. However, UK authorities believe the device that was intercepted at West Midlands airport was designed to detonate while the UPS freight plane was ﬂying over the USA.

Undermining confidence As with other plots carried out by al-Qaeda and its affiliates, the plan is likely to have been to increase pressure on western states to withdraw their influence from the Middle East and provide a just and lasting solution for the Israeli Palestinian conflict. But on an operational level, the plot

Businesses operating and investing in Yemen and Saudi Arabia should be aware they risk becoming complicit in human rights violations was probably designed to undermine confidence in air transport to the USA, particularly transport of freight. Undermining the USA’s commercial prospects has been a strategy of al-Qaeda and AQAP, as the attempted bombing of cargo planes and plots to target the oil industry in Yemen and Saudi Arabia prove. US companies investing in Yemen and Saudi Arabia, or even those that do business with the USA and are active in the Gulf region, face a threat to their operations. Brennan’s statement is a clear indication of AQAP’s status as an emerging terrorist threat. An indication of the heightened frequency of AQAP attacks is evident in the work of the US National Counterterrorism Center’s incident tracking system, which shows that while there were only 31 terrorist attacks recorded in Yemen between June 2008 and June 2009, there were 109 recorded between June 2009 and June 2010. As attacks throughout 2009 and 2010 have shown, AQAP is prepared to strike beyond the Arabian Peninsula, reflecting the ambitions of al-Awlaki and others in the organisation to transform AQAP into al-Qaeda’s pre-eminent international terrorist branch. The most recent attack in October also reveals AQAP’s efforts to come up with ever more ingenious ways to overcome the safety measures that govern flight security and avoid being detected. Concealment has been critical to the group’s endeavours. The plastic explosives used by Umar Farouk Abdulmutallab were sown into his clothes and activated using a syringe to inject acid. The use of plastic explosives was also intended to pass through the usual airport security checks. And October’s printer cartridge plot placed explosives in an everyday household object that was unlikely to attract scrutiny. In addition to flights, the oil sector has been targeted by AQAP. In September, Yemini security forces surprised a group of alleged AQAP militants who were attempting to blow up a gas pipeline in Shabwa. Militants linked to al-Qaeda also attacked an oil refinery in the port city of Aden in May 2008 and attacked an oil refinery in Safir, Maarib province, east of Sana’a, in June 2008. Al-Qaeda

afﬁliates have also plotted to attack Saudi Arabia’s oil infrastructure in recent years. Back in February 2006, there was an attempted suicide bombing on the world’s largest oil processing plant at Abqaiq, Eastern province. The attackers prematurely detonated their explosives when ﬁred on by security guards, resulting in only minor damage to a small pipeline but severe injuries to some of the guards present. As recently as March 2010, the Saudi authorities arrested 113 al-Qaeda militants purportedly involved in planning attacks on the country’s oil facilities. The danger to the oil industry in both Yemen and Saudi Arabia remains elevated and a serious consideration for investors in the region.

Human rights issues Widespread political instability throughout Yemen has also been accompanied by rising scrutiny from international human rights organisations. Amnesty International believes the government has “sacrificed” human rights in the “name of security” as it confronts threats from AQAP, Houthi rebels and a secession movement in the south. Amnesty published a report called Yemen: Cracking Down Under Pressure in August, documenting human rights violations, including arbitrary arrests, torture and unfair trials committed by state and non-state organisations. Businesses operating and investing in Yemen and Saudi Arabia should be aware they risk becoming complicit in human rights violations committed by subcontractors or agents of the state. They may also unknowingly fund terrorist activities. The presence of AQAP in Yemen is particularly troubling for domestic business operations but it has regional implications. The oil sector, which remains in the cross-hairs of AQAP, fuels Yemen’s economy. The US Energy Information Administration (EIA) noted in March 2010 that oil accounts for around 70% of government revenues, more than 90% of export revenues and 25% of GDP. Pressure placed on the oil industry by AQAP attacks may have a destabilising effect on the rule of Yemeni president Ali Abdullah Saleh, which explains why he co-operates closely with the USA and Saudi governments in the fight against terrorism. The USA, UK and their regional allies must be prepared for the alterations AQAP will make to their plots to circumvent the security restrictions in place. This may involve second-guessing the militants. While the role of the USA is critical in securing a stable security environment in Yemen, it is vital that western states seeking to protect their populations from attacks by AQAP continue to co-operate strongly with regional allies. The intervention of the Saudi authorities was critical in uncovering the October 2010 plot – the Saudi Interior Ministry contacted John Brennan, giving him tracking information for the two packages and told Brennan to look for toner cartridges. The local, regional and international threat posed by AQAP in Yemen is not one that will significantly diminish in the foreseeable future. Q Jordan Perry is a political risk analyst at Maplecroft

Strategic RISK JANUARY 2011 |

www.strategicrisk.com

CLIMATE CHANGE

Going under? Emerging economies are proving their worth on the global stage, but their vulnerability to climate change threatens to undermine their progress. Sue Copeman assesses the damage already caused

ome of the world’s largest and fastest growing economies, including India, face the greatest risks to their populations, ecosystems and business environments from climate change over the next 30 years. And in today’s global economy, the effects will be felt across the world. Maplecroft’s new Climate Change Vulnerability Index rates 16 countries as being at ‘extreme risk’, including nations that represent the new Asian economic power that’s forecast for significant growth. Bangladesh (ranked at 1), India (2), Philippines (6), Vietnam (13) and Pakistan (16) all feature in the highest risk category. They are of particular importance as they are big contributors to the ongoing global economic recovery and are vital to the future expansion of Western businesses. Maplecroft principal environmental analyst Dr Matthew Bunce explains: “Organisations with operations or assets in these countries will become more exposed to associated risks, such as climaterelated natural disasters, resource security and conflict. Understanding climate vulnerability will help companies make their investments more resilient to unexpected change.” With developing countries most at risk, the effects of climate change could annihilate the winwin situation that developed countries have so far achieved with their emerging counterparts. The first win was the ability to outsource production to countries with lower wages and less restrictive regulation that wanted to boost their economies. The second win was the consequent improvement in standards of living in those countries, which transformed them into growing markets for goods and services in their own right. As PricewaterhouseCoopers head of climate change services Richard Gledhill points out: “The countries least able to cope with the effects of climate change – higher temperatures, water scarcity, increased severity of some natural catastrophes and the resulting health implications – tend to be those that face the biggest impact.” Ian Coleman, head of PwC’s emerging markets group, adds: “If you have a less well-developed infrastructure at the outset, you’re likely to be more affected by a climate-related event than wealthier countries with a resilient infrastructure. For example, a country such as Japan with high earthquake risk – admittedly not a climate change phenomenon – has the engineering competence and ability to construct its infrastructure in a way that mitigates some of the risks. Poorer countries do not.” The impact of climate change not only varies in respect of different countries: some sectors are more vulnerable than others. Gledhill cites agriculture, which faces the combined pressures of climate change, such as higher temperatures,

34 Strategic RISK JANUARY 2011 |

www.strategicrisk.com

and land use from growing populations and industrialisation. “These challenges will read across into European markets because of the increasing globalisation of the agricultural sector,” he says. Social and industrial developments in many countries are also adding to potential climate change impacts. The shift towards very large conurbations in countries such as Brazil, China and India is presenting sustainability issues – for example, in terms of water and power, as well as increasing CO2 emissions, Coleman explains.

Controlling the change If climate change cannot be halted in the foreseeable future, at least it may be slowed. International protocols on greenhouse gas emissions and a greater focus on renewable and environmental protection are generally government-backed initiatives. But businesses must also play their part in mitigation by adapting to a changing climate. The design, construction and location of long-life plants, such as energy-generating facilities, must reﬂect the reality of what life is likely to be like in 30 or 40 years’ time, when climate change has really started to bite. A key issue for many businesses is the impact that climate change will have on their supply chains. Carbon pricing, introduced as a means of minimising emissions, may distort the economics of distribution and have implications for strategic decision-making, for instance. And while businesses in developed countries may be aware of the effects of climate change on their operations and therefore build in resilience, less well understood are interdependencies with other sectors. Nor do they fully appreciate the effect of

The effects of climate change could annihilate the win-win situation developed countries have so far achieved with their emerging counterparts

a vulnerable regional infrastructure on the supply chain, particularly on suppliers based in high-risk countries. Marsh EMEA environmental practice leader Cliff Warman points to the importance of contingency planning. Companies should be able to ﬂip to another model, should a major supplier be affected by a catastrophe and unable to produce. However, taking in the wider implications of climate change and the environment, he also stresses the need for natural resource efﬁciency. “Companies should consider how they are using up natural resources and what they are going to give back to less well-developed communities in terms of environmental and social improvements,” he says. Warman advocates a best-practice approach. “Companies with stringent environmental performance and improvement criteria in Europe and the USA should be prepared to apply these worldwide.” While controlling environmental impacts may not alleviate the effects of climate change, it can stop a potentially bad situation becoming much worse. He continues: “In poorer countries, the entire economy generally relies heavily on ecosystem resources, such as plants and animals. Their populations have far less resistance to the ecodamage that might result from climate change and, unlike their western counterparts, they are unlikely to be insured against catastrophic events.” Coleman and Gledhill agree that there are both opportunities and threats for emerging markets and the companies that deal with them. “Markets will change,” Gledhill says, “but there will still be demand for new products and services in a world where the global average temperature is higher.” Q

The 5th annual MultaQa Qatar conference will be held from

Monday 14 March to Tuesday 15 March 2011 in

Doha, Qatar at the

Sharq Village & Spa MultaQa Qatar offers a unique platform for senior (re)insurance and risk management executives from around the world to discuss regional and global industry issues of strategic importance. Turn boundless opportunities into proﬁtable realities: • Evaluate the regional (re)insurance landscape and discover new business opportunities • Examine how global (re)insurers are taking advantage of regional growth in Qatar • Keep up to date with the latest capital investment projects and understand their insurance requirements • Understand the regulatory framework in the GCC • Identify opportunities for captive insurance in Qatar Qatar ‘Case Study’ Clinics: Talent • Lifestyle • Takaful • Ratings

Join us at our next rendezvous in Doha and discover the perfect place to ‘do business’

“I do attend many conferences and MultaQa Qatar is extremely well organised, compared to others.” Yassir Albaharna, chief executive, Arig – Bahrain

“In comparison with other events I believe that MultaQa Qatar has positioned itself as one of the ‘serious’ forums.” Ian Sangster, chief executive, QIC International LLC

Attendance is by ‘invitation only’ and you can register your interest to attend @ www.globalreinsurance.com/qatar or by calling Debbie Kidman on 0044 [0]20 7618 3094 Hosted by

In association with

CATASTROPHES

That sinking feeling A groundbreaking new undersea device could help to limit the devastating effects caused by hurricanes. But, as Max Hibling discovers, the Salter Sink comes with its own set of problems

with the cooler water deeper in the ocean. It says it will increase nutrient levels and improve cientists believe that global warming Previous attempts to do this involved pumping oxygen concentrations. Salter agrees and says is creating hotter oceans and more cool ocean water up from the depths, a costly environmental and ecological effects “should be in destructive weather. Hurricanes in the exercise. Salter says his device relies solely on the the right direction”. Gulf of Mexico are a big concern, but there power of gravity. But more research is needed to fully understand are also fears of a huge storm like Katrina hitting The Salter Sink incorporates a large, buoyant ring, the consequences. It is not yet clear whether the New York. Katrina flattened huge parts of the USA’s up to 100 metres in diameter, with a long tapered effects will be good for all sea life. southern states and a similar event in New York tube beneath it. As waves force water over the sides could be even more costly as the city is of the ring, gravity takes hold and pushes the warm so unprepared for a storm of that magnitude. water down and out of the bottom of the tube. This One way to combat these tropical cyclones is allows more water to enter at the top and the process the Salter Sink. Named after its inventor Professor repeats itself. Stephen Salter, this device, which resembles a huge Backers expect the Sink to reduce the temperature floating doughnut, is powered by gravitational forces of the surface water by at least a couple of degrees and is designed to cool the ocean’s surface water to – enough to reduce a category 5 hurricane to a weaken hurricanes. category 3 or 4. That would save thousands of lives “The Salter Sinks are not designed to eliminate and prevent billions of dollars of damage, they say. all hurricanes, but rather reduce the strength of In addition, the device is cheap to make and them,” Salter tells StrategicRISK. For instance, using easy to use, set up and maintain, say advocates. the Salter Sink could reduce a category 5 hurricane Straightforward deployment could be a major to a category 4. selling point for the Sink, as unpredictable and Salter points out he would not want to stop all violent weather makes working in the Gulf of hurricanes because this could have a big knock-on Mexico very difficult. effect for other weather systems. Hurricanes are Salter explains that to have any meaningful believed to have the positive effect of alleviating effect thousands of the rings would need to be out rising temperatures around the equator. at sea at all times. As a result, there are concerns Nevertheless, hurricanes are one of the most over who would be responsible for paying for their destructive weather phenomena, particularly in the It is also understood that hurricanes alleviate deployment and maintenance. One option could be USA, where they can cause widespread death and rising temperatures around the equator by the insurance industry, which loses huge sums each destruction. Therefore, any invention that could transferring the heat and moisture to other parts year because of hurricanes. weaken their impact must be considered. of the world. If human interference were to abate Of the 10 costliest hurricanes ever to hit the the power of tropical cyclones, then climates in USA, six have occurred since 2004. The most higher latitudes could be deeply affected. Human interference well known, Hurricane Katrina, hit the USA in For instance, half of Japan’s rainfall comes as a There are also concerns about the environmental August 2005, causing more than 1,500 deaths result of tropical cyclones – or typhoons, as they are impact of using Salter Sinks. Intellectual Ventures, and costing at least $90bn (€67bn). In September which owns the patent, believes the transfer of warm known in that area. If Salter Sinks were used in the and October of the same year, Hurricanes Rita Pacific, they could have a drastic effect on Japan’s water to deeper sea levels will benefit marine life. and Wilma also hit – two of the most agricultural industry. destructive in recent memory. Science Daily reports that dust storms The damage caused by hurricanes is so occur more frequently during times 100m devastating that, over the past 20 years, when there are fewer hurricanes. And 0.3m Floating ring 50% of all insured losses in the USA can the dust storms that blow over the be attributed to them. As the number of Atlantic from the Sahara Desert are 1 Wave raises residents and buildings in coastal zones another natural means by which heat is increases, the already high human and diverted from the equator. Attempts to the water level economic toll is set to rise steeply. weaken hurricanes could therefore inside the sink increase the strength of dust storms in 2 Gravity then the Gulf area. Getting warmer … pulls the water As a result of these problems, Intellectual Reaching trillions of watts in power, down through Ventures does not yet advocate the use of hurricanes form and draw their strength a tube Salter Sinks. However, as hurricanes grow from warm surface water far out at sea. In ever stronger, so does the need to find ways order to develop, hurricanes need surface of diminishing the devastation they cause. ocean water to be at least 26°C (80°F). The The Salter Sink could offer a solution, but warmer the water, the more intense the clearly its possible repercussions need hurricane will be. careful consideration. Q Salter’s invention claims to be able to tone down the intensity of hurricanes. Max Hibling is a reporter for StrategicRISK It does so by mixing warm surface water

200m

There are concerns over who would pay for the Salter Sinks. One option could be the insurance industry, which loses huge sums each year because of hurricanes

36 Strategic RISK JANUARY 2011 |

www.strategicrisk.com

SPORT

Ahead of the game Even if the game of cricket leaves you stumped, all businesses could learn something from the match-ﬁxing scandal of last summer’s test season, says Matt Ford

t just wasn’t cricket. Except, unfortunately for fans of the gentleman’s game, it was. Last August, journalists for British newspaper the News of the World recorded a Pakistani player – whom they identified as Mazhar Majeed – apparently taking £150,000 in cash in return for predicting when three “no balls” would be bowled in the fourth and final test against England at Lord’s. Sure enough, when the match came, two Pakistani players, Mohammad Amir and Mohammad Asif, bowled the no-balls exactly as predicted. The newspaper seemed to have exposed corruption at the heart of cricket. Its story stirred up a worldwide media storm that has cast a long, dark shadow over a game that prides itself on its reputation for gentlemanly conduct and fair play. It was a public relations disaster and a very difficult situation for managers to handle effectively. Across the world, fans were shocked and dismayed. In Pakistan, even the president expressed his “disappointment”, while in the UK fans protested outside the team’s hotel.

Defensive play It’s impossible for businesses to fully protect themselves against the risk of individual employees behaving illegally. But we all need to remember that criminal behaviour in companies – be it rogue traders working in financial services or employees taking bribes – poses a serious risk to the hardwon reputation of brands, particularly once it’s picked up by the media. When faced with such gross misconduct, often the best course for employers is to create as much distance as possible between the company and those at fault by suspending them and initiating a full investigation, including close co-operation with the police. This was certainly the approach of the various cricketing authorities following the match-fixing controversy. The three players at the centre of the scandal were suspended from the sport indefinitely. To ensure any criminal activity was properly dealt with through the courts, the International Cricket Council (ICC) repeatedly made clear that a police investigation would take priority, and that the ICC would not proceed with an internal tribunal until instructed to do so by Scotland Yard. For their part, Scotland Yard investigators submitted a dossier of evidence to the Crown Prosecution Service.

The issue underlines the need for all businesses to ensure they have robust procedures in place for investigating employee misconduct

But there remains a problem: it’s still far from clear whether the players will actually face trial, which would effectively throw sole responsibility for dealing with the matter back on the cricketing authorities. Despite the moral outrage, it’s hard to establish what laws have actually been broken. Although the players may face trial for conspiracy to defraud bookmakers, there doesn’t seem to be any evidence a bet was placed on the no-balls in question. And the other option, a charge of cheating under the Gambling Act, has so far been untested in court. If there is no court case, the cricketing authorities will have to ﬁnd a way of dealing with the matter while under intense public and media scrutiny.

Team tactics Either way, the issue underlines the need for all businesses to ensure they have robust and transparent procedures in place for investigating employee misconduct. This will be vital for the game of cricket if it is to move on with its reputation intact, especially as there seems to be no end to the bad news. On 16 November another Pakistan player, Zulqarnain Haider, fled to the UK saying that an unknown man had approached him and threatened to kill him and his family if he didn’t co-operate with match fixing. The fact that Haider fled the country without seeking help within the cricket community – the first his teammates knew about it was an update on the player’s Facebook page – suggests that the cricketing authorities could do more to reassure whistleblowers. They should feel safe to come forward and make their allegations to management before going public. There’s an important lesson here for all businesses. It’s crucial to have in place a clear route for employees to expose internal wrongdoing, both to enable a rapid response and manage media interest. While not every company has the profile of international cricket, we should remember that criminality will always be with us and it can be hard to predict the scale of its impact. To minimise this risk, clear procedures to investigate allegations are essential and all employees, from the press office to human resources, should be fully prepared to use them. Then when the unexpected happens, no one will be too surprised. Q Matt Ford is a freelance journalist

Strategic RISK JANUARY 2011 |

www.strategicrisk.com

CAPTIVES

Engulfed With a reserve limit of $700m, BP’s captive insurer is unlikely to make much of a dent in covering the oil major’s losses from the Deepwater Horizon oil spill, but Jupiter has still proved its worth, reports Helen Yates

hen an explosion on the Deepwater Horizon oil platform occurred on 20 April this year, killing 11 platform workers and injuring 17 others, it quickly became apparent that the ensuing oil spill had the potential to become a major environmental disaster. For nearly three months, an estimated 53,000 barrels of oil a day spewed into the Gulf of Mexico before the wellhead was ﬁnally capped on 15 July. The clean-up is expected to take months, if not years. BP is the energy company at the centre of the disaster. The clean-up costs, reputational damage and related litigation are expected to cost it billions of dollars in claims for years to come. Had BP purchased its insurance from the commercial market, it is likely that such a loss would have caused a sharp contraction of capacity in the energy markets and a resulting hike in rates. But BP has a Guernsey-based captive insurer called Jupiter, which has a policy limit of $700m and does not buy reinsurance protection. Instead, BP, with its deep pockets, is expected to shoulder the bulk of the loss, announcing in June that it was establishing a $20bn (€15.27bn) claims fund over the next three and a half years to “satisfy legitimate claims, including natural resource damages and state and local response costs”. But not all parent companies have such ﬁnancial capabilities. So, in these circumstances, what is the role of the captive insurer, and is it compromised by the parent’s potential for loss on a catastrophic scale? The situation of BP and its captive insurer is fairly unique within the captive arena, explains Kane Global consultant Clive James. “As a rule, the company buys very little insurance, as much of its cover goes through its captive Jupiter in Guernsey and they take very high limits within that captive. As a consequence of this, they don’t tend to access the reinsurance market an awful lot. The direct impact of the disaster on the captive will be fairly substantial, particularly as it will have to cover the costs of the massive clean-up operation. There

38 Strategic RISK JANUARY 2011 |

www.strategicrisk.com

will therefore be a relatively limited impact on the reinsurance market, as BP’s captive will take the majority of the hit.” “In general, most captives have fairly strong reinsurance programmes so that they limit their potential liabilities in the event of catastrophe losses,” he continues. “But BP is unique in terms of the size of the company, as it has enormous amounts of reserves. A lot of captives can take fairly big hits, but it would be unusual to see exposures greater than $100m in terms of aggregate losses and, in the vast majority of cases, the ﬁgure will be a lot less because they simply wouldn’t have the capabilities to cover such losses.”

Downgrade woes In June, AM Best and Standard & Poor’s downgraded Jupiter’s financial strength rating, citing concerns over the full potential impact of the oil spill on parent company BP. “Although BP has recently agreed to establish a $20bn claims fund, given the magnitude of this event it is currently impossible to assess the ultimate impact on BP, both in terms of financial liabilities and reputational damage,” AM Best wrote. To a certain extent, the rating of a captive insurer is dependent upon the rating of its parent. In the case of a catastrophic loss, which undermines the capital position of the parent, a captive will be more susceptible to a downgrade even if its financial position is not really in question. However, AM Best assistant vice-president Steven Chirico says: “Is it wholly reliant on the parent company? Absolutely not. If the parent company were to get dragged down to a BBB-, it wouldn’t necessarily be a stress on the captive’s A- rating. It would only be if we felt the parent company’s business profile is compromised.” One reason for the guarded attitude towards BP was the potential hit to its reputation risk – a difficult factor to quantify. The widespread media attention and political wrangling involved in what

CAPTIVES

was the worst US environmental catastrophe since the Exxon Valdez oil spill in Alaska in 1989 had a huge impact on BP’s share price, which had lost almost half its value by June. While Jupiter did not have a reinsurance layer to absorb losses above its reserve maximum of $700m, the additional liability was retained by the parent company. In such a situation, the captive is not intended to deal with catastrophic-scale losses, explains Chirico.

‘One of the reasons BP moved away from the insurance market was the capacity was not there for this type of environmental loss’ Alan Fleming, Airmic “We are not necessarily experts in analysing the oil industry. We understand from dealings with oil industry captives that when you’re talking about the numbers from a surplus and capital perspective and the ability to obtain liquidity in the marketplace for large oil companies, it’s hard to imagine how big a loss needs to be for a company to become compromised. The oil companies are so large and have such large capital [cushions] they can withstand a very severe ﬁnancial loss.”

Transferring the risk Typically, the captives of energy ﬁrms or large drug companies, for example, would look to transfer catastrophe risk beyond the ﬁrst $100m or $200m to the reinsurance market. Here, the value of the captive is demonstrated by it taking a share in the loss, rather than being set up to shoulder the entire burden. By taking a material line, the captive demonstrates it has a vested interest in taking risk mitigation and control more seriously than if it were ceding 100% of the risk into the commercial (re)insurance market. “When you have your own captive and you’re retaining risk, the bet is you’re not going to have a loss and, if you do, you’re going to pay for it severely,” Chirico says. “With commercial insurance, you’re betting that you are going to have a loss, so right from the get-go you’ve misaligned your interest – you’re paying money for a premium and if you don’t have a loss, all you’ve done is you’ve lost money.”

Just because a captive is not set up to take the burden of catastrophe loss does not negate its value, argues former Airmic chief executive and chair of the Airmic captive interest group, Alan Fleming. He was risk manager at chemical giant ICI during the liability crisis of the mid-1980s when premium rates for covers like general liability and medical malpractice soared. “I don’t think a loss like this is necessarily bad news for captives – it is bad news for BP,” he explains. “Sometimes when something like this happens, the market reacts very defensively. That’s what happened in the 1980s with the liability crisis: everyone just shut up shop. Because we had our own captive insurance company, we were able to continue to offer cover up to a demand that we could ﬁnance and then on the basis of that we could continue to try to buy reinsurance protection.” Similar-sized losses in the commercial insurance and reinsurance market have caused serious dislocations in the past. After Hurricane Katrina in 2005, which cost the industry in excess of $40bn, prices increased by 100% on some catastropheexposed lines, while capacity for retrocession was almost impossible to ﬁnd. “One of the reasons BP moved away from the insurance market was the capacity was not there for this type of environmental loss,” Fleming continues. “When I was at ICI, the environmental exposures were not readily insurable either but there were enormous potentials in relation to a particular event.”

Keeping your independence The key lesson for captives to take from the BP experience is to maintain their independence from the parent company. As long as a captive is separately managed and does not expose all its capital to one event, in theory it should be able to absorb a loss on the scale of the Deepwater Horizon explosion and oil spill, regardless of whether the lion’s share of the loss is transferred to the reinsurance market or retained by the parent. “When you think back to the days of Maxwell, about the only solvent part of the business in the longer term was the captive insurance company,” Fleming says. If anything, he thinks the bigger risk is that of the counterparty. “Unless it’s a non-insurable event, I would imagine that the biggest risk to the captive would be counterparty risk, where they’ve taken on a fairly severe natural catastrophe type exposure and the reinsurance doesn’t perform. “The captive needs to be managed as an independent entity and it shouldn’t be exposing itself to catastrophe risk, even if the parent company is.” Q READ MORE ONLINE

Big oil unprepared for cat risks goo.gl/ECDac BP spreads blame for Gulf disaster goo.gl/eOoyy No more excuses goo.gl/xCJ5E

Strategic RISK JANUARY 2011 |

www.strategicrisk.com

CAPTIVES

Arabian

sights

With proven ﬁnancial resilience and impressive insurance growth, the Gulf states are now keen to attain captive domicile status. But, Liz Booth asks, can they prove they have something unique to offer?

he economic powerhouse that is the Middle East has emerged almost unscathed from the financial crisis that beset the rest of the world. High oil prices helped most Middle Eastern economies sail through the turbulence – and even the crisis in the Dubai’s construction sector has hardly dented the overall picture. This picture has been reflected in the insurance markets, with AM Best head of market analysis and author of a recent report on the region, Yvette Essen, agreeing that the insurance markets of the Gulf Co-operation Council (GCC) “have demonstrated a degree of resilience and are well placed to continue to grow”. Essen says that the United Arab Emirates (UAE), Bahrain, Saudi Arabia, Oman, Qatar and Kuwait have seen the take-up of insurance rise significantly, and while reduced spending on infrastructure may slow that rate of progress in the short term, she is convinced there are other opportunities for insurance growth. She says: “In particular, there is the prospect of an increase in personal lines business, flowing in part from the introduction of compulsory motor and health cover. Changing requirements are expected to drive premium volumes, and tougher rules will alter the insurance landscape. Local insurance regulation shows early signs of adopting global standards, and regulators are introducing higher capital requirements. More foreign insurers and reinsurers are considering entering this region, which could lead to some takeover activity or the creation of joint ventures.”

considering the low insurance penetration and high potential in each of these countries. “However, as an increasing number of international companies move into this territory, competition will intensify.” Putting the growth into perspective, Essen explains that although insurance grew 27% year on year in 2008 to $10.6bn (€7.76bn), the GCC’s total 2008 insurance premium volume was only slightly more than two-thirds Singapore’s total premium volume. With that background, it is no surprise that captive insurance is a relatively new concept for the region. However, in light of the competition between the Gulf states, captive insurance is developing fast, with Dubai, Qatar and Bahrain leading the way in terms of regulation and incentives to attract business.

THE GULF

IRAQ IRAN

KUWAIT

Bahrain

Doha

OMAN

Dubai

GUL

F OF

UNITED ARAB EMIRATES SAUDI ARABIA

OMAN

Common attraction Essen continues: “The GCC insurance markets are potentially among the world’s most dynamic,

40 Strategic RISK JANUARY 2011 |

www.strategicrisk.com

SOUTHERN YEMEN

ARABIAN SEA

Unusually, the UAE and Qatar each have two regulatory regimes in place. As Essen explains, in the UAE, the ISA supervises all aspects of the domestic insurance industry. Meanwhile, the Dubai International Finance Centre offers a zero tax rate on proﬁts, 100% foreign ownership and no restrictions on foreign exchange or repatriation of capital. Qatar’s original 1966 regulatory regime is administered by the ministry of business and trade, and its principal laws relate to the insurance operations of domestic and foreign companies, marine insurance and compulsory third-party liability motor insurance. In 2005, the Qatar Financial Centre (QFC) was established, and companies and individuals are authorised and supervise by the Qatar Financial Centre Regulatory Authority (QFCRA).

Regulatory framework Both the Dubai and Qatar ﬁnancial centres are in early phases of development and are trying to attract companies. Each centre has taken steps to become a key insurance market in its own right. The QFC, for example, in February unveiled intentions to become a captive, reinsurance and asset management centre. However, Essen warns: “The attraction of establishing itself as a captive domicile and offering opportunities to self-insure is not unique to Qatar. Nevertheless, there is still a lack of awareness and understanding surrounding captives, as they are a new offering. “A common attraction of the captive structure is the ability to lower premiums, but with GCC insurance prices already being generally low, there is little incentive to self-insure. Nevertheless, optimism

CAPTIVES

surrounds the prospects for captives.” So while the regulatory framework is being developed, the number of captives remains low. Dubai, for example, has just two in place, although two more should be operational by year end; Qatar has one; and Bahrain (the first in the region to embrace captives) has two. Saudi Arabia has yet to develop a regulatory framework for captives, although rumours abound about possible changes in the near future. Saudi is home to three major companies that operate captives elsewhere – one each in Bermuda, Guernsey and Qatar. It is the low numbers that occupy the minds of those involved in the sector. Senior regional adviser at Kane, Fetooh Al Zayani, and Marsh captive consulting leader Jonathan Groves both say the current focus is on raising awareness. Al Zayani has been quoted as saying: “The concept of retaining risk is already a well-established one in the Middle East. What now needs to happen is that we look to generate greater awareness that using self-retention vehicles is a much more efficient, cost-effective way of managing those risks.” Meanwhile, Groves says interest has picked up as the regulators have developed new frameworks. Marsh has spent a lot of time, he says, prospecting in the region and completing feasibility studies in countries such as the UAE and Saudi Arabia. The past year has brought results, with Abu Dhabi-based development firm Mubadala setting up a captive insurance vehicle in the Dubai International Finance Centre. Mubadala owns Masdar, a future energy firm that is developing the world’s first carbon-free residential city in Abu Dhabi. It is understood that the captive will be used to help manage risk management provision for those renewable and green energy development ventures. Meanwhile Dubai Holdings has set up a protected-cell captive in the Dubai International Finance Centre, and two more operations are under formation, expected to be licensed by the end of the year. Groves says: “Essentially, captives based in the region are used no differently to those in Europe or the USA. They are tools to manage risks in a cost-effective way and to provide access to the reinsurance markets.”

Abu Dhabi-based development firm Mubadala owns Masdar, a future energy firm that is developing the world’s first carbon-free residential city in Abu Dhabi (pictured). Mubadala has set up a captive insurance vehicle in the DIFC

Dubai International Financial Centre CAPTIVE NUMBERS

Two captives are currently established (Dubai Holding Insurance Services PCC Ltd and MDC (Re) Insurance Ltd); two are in the process of being established

INSURANCE PREMIUM UAE $4.976bn (€3.59bn) CAPTIVE LEGISLATION

Dubai Financial Services Authority (DFSA) rulebook modules; Dubai International Financial Centre (DIFC) companies law (DIFC law number two of 2009); and DIFC companies regulations

LICENSING FEES

Captive normal application fee: $15,000. Annual fee: $15,000 plus $1,000 per $1m of gross premium income, capped at $150,000 annually. PCC normal application fee: $40,000. Annual fee: $40,000 plus $1,000 per $1m of gross premium income, capped at $150,000 yearly. A captive insurer of PCC will also need to register with the DIFC. Application for company name reservation is $800; incorporation of a company limited by shares is $8,000; and commercial licence fee is $12,000

CAPTIVE REGULATOR

DFSA and DIFC Authority

Bahrain CAPTIVE NUMBERS

Two captives currently established (Tabreed Captive Insurance Company B.S.C and Masheed Captive Insurance Company B.S.C)

INSURANCE PREMIUM

$497m (€359m)

CAPTIVE LEGISLATION

Central Bank of Bahrain (CBB) rulebook volume three and commercial companies law 2001

LICENSING FEES*

CBB fees: application fee of BD100 (approximately $265) and annual licence fee of BD1,000 (approximately $2,650)

Much to offer Clyde & Co partner Peter Hodgins agrees that the changing regulation is designed to bring more business into the region. “The establishment of captive managers also helps,” he says, “and overall the environment is more suitable, but it is still at a nascent stage. As a general rule, it is not a region ﬁlled with sophisticated insurance purchasers, so captives are not the ﬁrst structure that they think of.” The advantages of using a captive based in the region for local businesses is that they are able to exploit their local environment. In terms of

regulation, Groves says, supervisors “have tried to take the better regulation from elsewhere and bring it together in one place, which is a good thing”. Hodgins agrees that the regulators are moving “to facilitate captives and create awareness of what a captive can offer”. Because it is the Middle East, the captive structures have been developed along takaful insurance lines to ensure they are shari’ah-compliant, and it is a requirement that each captive is approved under an Islamic religious approach. Needing an understanding of the specialised local requirements, as well as having an understanding of the captive and insurance markets, may suggest that recruitment could be difﬁcult. Other captive jurisdictions make a virtue, for example, of being able to offer a range of experienced hands. Yet, Groves says, the Middle East does have an adequate talent pool; Dubai, for example, is home to a number of expatriates with signiﬁcant regulatory experience. In fact, he says, the downturn in the property market has helped in a small way to make it easier for expats to move to the region. The challenge instead has been to weld those coming from elsewhere into local teams. “It can take time to orchestrate a good system if

MINISTRY OF COMMERCE Application fee of BD20 (approximately $50) AND INDUSTRY CAPTIVE REGULATOR

Central Bank of Bahrain, and Ministry of Commerce and Industry

* Fees listed do not necessarily include all costs incurred in licensing a captive in Bahrain. The fee levied by the CBB and other local agencies can increase, without notice, and additional fees can be imposed at any time.

Strategic RISK JANUARY 2011 |

www.strategicrisk.com

CAPTIVES QATAR Financial Centre

EXPERT VIEW

CAPTIVE NUMBERS

None, but Kane was awarded the ﬁrst insurance management licence to establish captives in the QFC on 2 September 2010

Captive audience

CAPTIVE PREMIUM

None

CAPTIVE LEGISLATION

QFCRA Rulebook; QFCA Companies Rules; and QFC Companies Regulations

Akshay Randeva sees bright prospects for growth among captive risk operators in the GCC

LICENSING FEES

QFCRA fees: application fee of $10,000 (E7,200) plus $500 for each individual for whom approved individual status is sought; annual licence fee of $10,000, plus $500 for each approved individual employed by the authorised ﬁrm at 30 September in the previous year

CAPTIVE REGULATOR

QFCRA and Qatar Financial Centre Authority

Economic growth in the Middle East has traditionally been driven by its vast reserves of oil and gas. But in recent years many GCC states have been using revenues from natural resources to diversify their economies. Almost 40% of the world’s oil and 25% of the world’s gas reserves are located in the region. Saudi Arabia has the largest oil reserve and Qatar holds the world’s third largest gas reserve. These assets amount to more than $40 trillion. Growth, both past and projected, creates huge opportunities for the insurance sector. The sector is also driven by the huge pipeline of infrastructure and investment opportunities in a market where the necessary regulations and tax environment are in place. The GCC insurance market was worth $11bn in 2008, reflecting the development of a strong risk management culture as larger and more complex projects took place across the region. This has not gone unnoticed by large multinational insurers. Heritage, Marsh, Aon and Willis have established themselves in the region, as has captive manager Kane in the Qatar Financial Centre. Alongside reinsurance and asset management, captive insurance has been identified by the Qatar Financial Centre Authority (QFCA) as one of three financial services areas with significant growth potential.

QATAR CAPTIVE NUMBERS

One captive established (Al Koot Insurance and Reinsurance)

INSURANCE PREMIUM

$1.01bn (€729m) (2008)

CAPTIVE LEGISLATION

Law number one of 1966 supervision and control over insurance companies, and agents and council of ministers’ resolution No 27 of 2003 conﬁrming incorporation of Al Koot Insurance and Reinsurance

LICENSING FEES

Not available

CAPTIVE REGULATOR

Ministry of Business and Trade

Source: Clyde & Co LLP, Swiss Re and local sources

Global economic factors It is not just indigenous economic growth that is driving demand for insurance in the region. The insurance industry in the GCC will not only grow in absolute terms, but also take market share from elsewhere in the world. And captive insurance is becoming an increasingly attractive proposition to regional corporates, many of which are giving higher priority to seeking adequate risk cover following the global credit crunch of 2008. The large assets on the books of many companies has left many unable to secure the cover they require. This, coupled with the collapse of capacity in the international reinsurance market and the inability of local insurers to underwrite large, complex facultative risks, forces corporates to look to alternative solutions such as the establishment of a captive insurance vehicle. It is clear, too, that regulators, governments and market participants are supporting the expansion of this sector of the insurance market. New ﬁnancial centres to promote ﬁnancial services, the increasing sophistication of the regulatory framework and the availability of specialist captive managers in the region suggest that captive insurance is set to grow quickly in the GCC, capitalising on an increasingly competitive edge. Akshay Randeva is director, strategic development at the Qatar Financial Centre Authority

42 Strategic RISK JANUARY 2011 |

www.strategicrisk.com

people don’t know each other and how they work together,” he says.

Applauding efforts And the ultimate challenge for the region, according to Groves, is how it can differentiate itself from existing captive domiciles – onshore or offshore. “I think they are struggling to differentiate themselves in the market and a lot of businesses are very hesitant about being the ﬁrst into a new area,” he says. “Convincing your own management to set up a captive can be daunting at the best of times. Even the Saudi Arabian captives operating in Guernsey and Bermuda have not chosen to bring it closer to home because of the lack of differential.” However, now that captives are emerging, it may well become far easier for those overseeing risk management to convince their boards that it is a worthwhile move.

Hodgins applauds the efforts being put in by the captive managers who, he says, “are really trying to get out and talk to people. You need businesses of a certain scale but if people have not been aware of the solutions available, then you will not get anything off the ground. “Both Kane and Marsh have been putting time and effort into that education and I think that message is getting through.” He admits: “It is a little bit of a slow burn.” But with Qatar alone convinced it will have at least 15 operational captives in the near future, it looks like it is a concept that the market can expect to hear a lot more about. Q CAPTIVERISK – EXPERT ANALYSIS AND INSIGHT

You can view the most recent issuwe of CaptiveRISK magazine online, which includes features on offshoring, captive mergers, and a proﬁle of Heineken’s captive owner, at: www.strategicrisk.co.uk/captiverisk

Associazione Nazionale dei Risk Manager ASSOCIATION e Responsabili Assicurazioni Aziendali (ANRA)

The Italian job A recent ANRA conference in Milan highlighted the efforts by European association Ferma to improve the status of risk management among Italian companies

ne problem with risk management in Italy is not a dearth of rules on how companies should govern themselves, but a lack of understanding that risk management is worth doing for more than just compliance reasons. This was one of the main themes discussed at the Associazione Nazionale dei Risk Manager e Responsabili Assicurazioni Aziendali (ANRA) conference in Italy, held at the Palazzo Mezzanotte (Midnight Palace) in Milan. In front of about 120 attendees, a panel of industry experts said that although proper risk management can help organisations achieve their strategic objectives, it is often just seen as a tick-box exercise. “For me, it’s the culture,” Ferma president and group risk manager for Dutch manufacturing group Stork Peter Den Dekker said. “Do you really want to do it or are you being forced by a regulator who can penalise you? If executives don’t drive it then attitudes will never change.” However, he added that things were improving. Den Dekker pointed to the difference between shareholders and share-traders. Investors who hold onto stock for many years have more of an interest in the long-term stability of an organisation, and therefore how well it is risk managed. By contrast, investors pursuing

short-term gain are less interested in risk management techniques and how they are reported. ANRA president Paolo Rubini, who is also group risk manager of Telecom Italia, told StrategicRISK he was happy with the way his association had helped increase the professional role of the Italian risk management function. “We are providing help to our colleagues in dealing with their bosses,” he said. The results of Ferma’s benchmark survey of the risk profession (reported in the last issue of StrategicRISK and available online at goo.gl/O5v0y) are encouraging, said Rubini, and they show the continued progress of the profession. “However, there is still a lack of investment in risk management procedures,” he said. “On the one hand, the survey revealed increasing professionalism but there is still a lack of capital available for implementing risk management systems.” “We don’t need new rules,” Ferma board member and group risk manager for Italian tyre maker Pirelli, Jorge Luzzi, said. “We just need additional application of the existing regulations. We need to convince companies that risk management has value or it is worth doing.” Rubini plans to compare the answers given by his Italian colleagues to Ferma’s survey with the European average and explain his ﬁndings in March next year.

‘We don’t need new rules. We just need additional application of the existing regulations’ Jorge Luzzi, Pirelli “Risk managers need to learn to link their activities to the strategic objectives of their company,” he said. The profession in Italy is rarely called to action by their boards; it is more often the operational management within a company who sing their praises, he said. “We need the same attitude from the chief executive.” Luzzi agrees that while a few risk managers in Italy have visibility at board level, in general they do not. “But the visibility of Italian risk management is increasing a lot. I believe we are growing and improving. The Ferma survey shows the situation is better than before.” Q

SPOTLIGHT ON ANRA The Associazione Nazionale dei Risk Manager e Responsabili Assicurazioni Aziendali – or Risk and Insurance Managers Association – was founded in 1972 in response to a growing demand for the free ﬂow and exchange of information and knowledge among insurance managers. Initially ANRA focused purely on issues surrounding handling insurance policies. The professional experience gained over the years has lead ANRA to develop and promote a broader view of risk management, including education for both existing and new members. The association promotes excellence in the practice of risk and insurance management by: • issuing an online quarterly newsletter, Risk Management News, which includes information and opinion about topical subjects; • operating a professional development programme, via lectures, seminars and courses; and • promoting technical and ethical good practice among its members. ANRA members include risk and insurance managers as well as risk management consultants. Insurers and brokers are allowed to subscribe to ANRA. The association is managed by a board of directors, which is made up of at least seven members who are risk managers in some of Italy’s most important companies. The board, which includes the president of the association, remains in charge for three years.

Strategic RISK JANUARY 2011 |

www.strategicrisk.com

ASSOCIATION Airmic Portfolio

INSURANCE

Mediation directive review A irmic technical director Paul Hopkin is a member of the working party set up by the FSA to look at updating the European Insurance Mediation Directive (IMD). The European Commission aims to produce a legislative proposal for IMD2 in late 2011. The FSA has set up the working group of trade body and industry representatives to inform its views on the review requested by the Commission. The Commission is holding its own public consultation exercise on the revision of the IMD and has arranged a ﬁrst public hearing on 10 December in Brussels.

COMPENSATION CULTURE AND PERSONAL INJURY Airmic is backing calls from British insurers for an overhaul of the personal injury compensation system to provide faster, fairer and more cost-effective awards to claimants. The ABI states that the amount spent on costs is particularly high for employers and public liability claims under £5,000 – an average of 93p in every £1 goes on legal expenses. Airmic has always supported fair compensation for victims of injury or workplace illness when there has been

‘We welcome the Young Review. His recommendations should help foster a much more balanced and realistic view on all health and safety issues’ John Hurrell, Airmic 44 Strategic RISK JANUARY 2011 |

Paul Hopkin

The six top brokers used by Airmic members have said they do not accept contingent commissions in the UK commercial market

Among other measures, the review is looking at disclosure of broker remuneration. The six top brokers used

by Airmic members have said they do not accept contingent commissions in the UK commercial market. In

fault, but to press for procedures that will reduce additional costs? The ABI would like the government to set 31 December 2011 as a target for implementing in full the recommendations of the review of civil litigation costs by Lord Justice Jackson, published early this year. Airmic also shares the ABI’s welcome for the more recent report on compensation culture and health and safety in low-hazard occupations by former Conservative trade and industry secretary Lord Young. Airmic chief executive John Hurrell said: “We welcome the Young Review. His recommendations are very good news for industry and should help foster a much more balanced and realistic view on all health and safety issues without negatively impacting the tremendous improvements in performance over recent years.” Airmic would, however, like to see more attention paid to the strict enforcement of employer’s liability insurance as part of the broader health and safety environment. In its submission to the Young inquiry, Airmic described the current regime as “woefully inadequate”. It believes ﬁrms that save money by taking shortcuts on employee safety are not penalised because of inadequate enforcement of the compulsory insurance requirement.

CROSS-INDUSTRY WORK IN PROGRESS

www.strategicrisk.co.uk

Airmic continues to work with the UK insurance market to find more proportionate remedies for innocent non-disclosure of material facts by commercial insurance buyers. UK law currently allows insurers not just to deny a claim in these circumstances, but to avoid the policy entirely. Airmic is in consultation with legal reform body the Law Commission. It is also working with a leading law firm to develop wordings that members can use to cover situations where non-disclosure is unintentional or unrelated to the cause of a loss. Meanwhile, compliance with insurance regulations and tax rules in a multitude of jurisdictions across the world is a big issue for commercial insurance buyers. High-profile brokers are working with Airmic on the idea of a single database of laws and regulations for open use. Airmic will encourage insurance companies to take part. Ferma is exploring options to progress this initiative on a pan–European basis.

October’s Airmic Live Call phone-in, they explained that they charge insurers fees for services they carry out and for some products, but that they would be completely transparent on such matters in advance and without the client having to ask. They also said these charges were not related to proﬁt, growth or volume. Revision of the IMD stems from a requirement in the Solvency II insurance security directive. And the European Commission has suggested that consumer protection is not sufﬁciently transparent. IMD2 is therefore likely to set a minimum level of remuneration disclosure for all intermediaries in all EU countries.

GOING, GOING … The annual exhibition for the Airmic conference, which will take place in Bournemouth on 6-8 June 2011, is likely to be fully booked by the end of the year. Organiser Susi Ozkurt urges anyone still wanting a stand to book quickly. Delegate registration is expected to begin in mid-January and there will be discounts for early booking.

Photos : Creatas, Photodisc, Enrique Algarra/PIXTAL, DigitalVision, Juliet White/Gettyimages -

a redeďŹ ned vision of service

a reliable company available teams attentive advice