Several risk managers came together at a roundtable organised by Asia Insurance Review in Hong Kong to dialogue on various issues and challenges from loss prevention, coping with reputational fall-outs, managing enterprise risks, applying risk management in supply chains and creating an environment for mutual exchange of ideas to better manage risks.
Risk professionals extol the value of risk management to a business and view it as an integral part of the decision making process. However, several panellists at the roundtable felt risk management is still yet to be given due prominence by some businesses in Asia, particularly with the rise of emerging new risks and the potentially severe consequences.
Mr Desikan Bhoovarahan, Group Insurance Director, Noble Group, said that risk management has at times been viewed more as a compliance issue in parts of the region.
Dr Vincent Ho, Chairman of the Hong Kong Association of Risk Management and Safety, says that while large companies tend to have a more robust enterprise risk management (ERM) framework, there is a gaping hole when it comes to the SME sector here in Asia.
“SMEs are a large group who have been left out of the internal governance and risk management programme. If we looked at Asia, that is the big unknown.
“You have some of the smaller companies in China that are profitable but they struggle with implementing things like ERM. You can’t remove the risk but you can manage it, and that’s what we’re trying to help them realise,” he said.
Mr David Ralph, Senior Vice President, Risk Management at PCCW, felt that larger corporations have an important role in influencing the risk management attitudes of firms within their supply chain.
“I think now there’s a greater movement in putting in requirements to demonstrate that those in your supply chain have some form of risk management. So if you want to contract or sub-contract with us, you got to have some of these things in place. I think it’s something that you have to try to introduce slowly,” he said.
Risk Management – who takes the lead?
Mr Tyn van Amelsfoort, Regional Head of Security at Panalpina, said it was important to instil a mindset which is attuned to risks right across an organisation.
“It’s different when you talk about it to management compared to the rank and file. But it’s important to train all of your people to think about risks, and it’s about putting across your message in ways that people can relate to in their day-to-day lives.”
Mr Bob Sweeney, Vice President, Risk Management for DFS Group said that an organisation’s leadership ultimately has to set the right tone for risk management to become part of the company fabric. If a Risk Manager has the opportunity to present to the Board, or be a Board member, he or she should speak about value-added Risk Management, not solely about premium savings. Doing so elevates it from being transactional to being more tactical or, hopefully, strategic.
Dr Ho, on the other hand, urged companies to go one step further to include risk experts to be part of the board.
“How many companies have risk managers on their boards? You’d probably see CFOs there but you rarely see a risk manager. So the board isn’t educated on risk-based thinking and they don’t have a professional there to guide them in making a risk-informed decision.”
Advocating loss prevention
Presenting the insurance perspective at the roundtable, Mr Mark Mitchell, CEO of Greater China for Allianz Global Corporate Specialty, said that with 10% of its employees being loss prevention engineers, it speaks volumes to the fact that Allianz takes risk management seriously within its organisation.
In order to better assist clients in risk prevention, Mr Mitchell said data quality is important in order to allow insurers to monitor risks and exposures. He said events such as the Thai floods and Japanese tsunami in recent times have helped increase awareness of the risks of geographical clustering.
“Risk managers are responding to this challenge and we’re seeing a more integrated approach on the client side to managing this risk. As insurers, we’re looking for more information from our insureds to calculate accumulation exposures and to manage supply chain risks beyond first-tier suppliers.”
He added: “It isn’t always easy for risk managers to fully track the supply chain and get the appropriate level of information you desire from those suppliers. However, companies are making much greater endeavours to try and do that and be as transparent as possible with their data.
“Without good quality data, the models have to make assumptions which are sometimes far off the reality with misleading results. Better data will create a genuine win-win situation as both the client and insurer benefit.”
Responding to this, Dr Ho was encouraged that insurers were putting in a lot of effort into risk prevention which goes a long way in preserving an organisation’s brand image.
“It’s the right move for insurers to encourage loss prevention as it helps mitigate reputational risk. Companies who manage their risks effectively will also enjoy lower premiums in the following year and will become good long-term clients,” he said.
Reputation risk a growing concern
The threat of reputational damage has become a growing concern for businesses in recent times. Mr Mitchell cited Allianz’s annual survey of corporate clients, which compiles the 10 most pressing risks faced by businesses, and found reputation risk having moved up the most in the list of concerns. (See Table 1.)
Relating the issue from DFS’ perspective, Mr Sweeney said: “The prevalence and lightning speed of social media have increased the reputation risk potential in the retail environment. As a result, we’ve developed reputation-themed exercises to our BCP scenario library. Reputation risk is growing and the impact could potentially be nasty; particularly if handled poorly.”
Ms Dorothy Chan, representing the Hong Kong Association of Risk Management and Safety said the multiplier effect from social media makes it even harder to control events which are potentially damaging to the image of an organisation.
“Social media makes it worse as things get posted almost instantly, and it could still look bad even if you had resolved the situation at an early stage,” she said.
She cited the recent case where contaminated horse feed from the Jockey Club was fed to freshwater fishes resulting in a media storm in Hong Kong. Even though it was something attributed to one of its third-party vendors and found not to be at a health-threatening level, the damage to its image was significant even though it originated indirectly through its supply chain.
It goes beyond money
Mr Ralph was encouraged by the fact that insurance covering reputational risk goes beyond monetary compensation, and seeks to provide practical help to limit the effects of any reputational fall-out.
“They don’t just pay you money but also see what you actually need during the crisis situation. For example with regards to social media, they may provide you with PR firms which can help you to manage social media to try and rebuild your reputation and mitigate the risks in the event of a crisis. That’s one way insurers are offering more value to risk managers,” he said.
From an insurer’s perspective, Mr Mitchell said his company pays close attention to reputation risks and seeks ways to limit its impact rather than merely paying out claims.
“Our research shows that companies who managed a crisis well have seen their share price rise by as much as 10%, while companies who don’t manage it well have seen as much as a 30% impact on their share price in the following 12 months.
“So for us, it’s not just about paying claims but ensuring that a crisis is well managed and key lessons are learnt for future prevention,” he said.
Managing cyber risk
Another area growing in prominence is that of cyber risk, with research showing that Asia is most exposed to cyber threats compared to any other region. In 2013, Singapore registered the highest losses per capita from cyber-crime than anywhere else in the world – at an average cost per victim of US$298 which ranks four times more than the global average.
However, Mr Mitchell observed that even as Asia is highly susceptible, cyber liability products have not taken off as well as in the United States.
The reason may be the fact that cyber losses do not have as huge a ramification in Asia, said Mr Ralph who pointed to much stricter data privacy laws in the US for instance.
Ms Chan wondered how much companies in Asia would be willing to pay to protect against cyber exposure, in a common risk versus reward scenario.
“You throw the question to the Board and they say, ‘OK, we understand but how much do we pay for it? How much money do you want me to invest to mitigate this and what would justify spending this amount?”’
Dr Ho felt there can be a paradigm shift should there be greater implied damage to an organisation’s reputation than is usually the case today.
“Cyber loss is not yet linked to reputation, there’s no direct financial loss here but once you link it to reputation and branding then it becomes a different issue. It becomes a case of how much are you willing to pay to preserve that reputation,” he said.
Lessons from the financial crisis
Looking back at the experience from the global financial crisis, Dr Ho said risk managers in general should try and be more proactive than reactive.
For Mr Bhoovarahan of Noble, he said that underlying framework for running business involves how various types of risks are managed and risk management is the entire basis of business. The value of risk management shone through for the organization in the wake of the crisis.
“We increased our tonnage following the global financial crisis as we witnessed a flight towards quality. Good risk management helped us to effectively manage crisis at that time, increase the business and subsequently be prepared when several banks exit commodity business.”
For Mr van Amelsfoort, the post-financial crisis environment has seen him having to assess risks within an operation more closely.
“I’ve seen an increase in requests from some insurers for us to do more risk assessments, so we as a team have learned to ask the right questions when looking at a facility for example.”
Building lasting relationships
In assessing the ideal insurer, the issue of having strong relationships with an insurer was raised more than once.
“My early experiences in risk management taught me the value of developing long-term collaborative relationships with your insurers. Being collaborative and providing opportunities for everybody to learn about the risk is important,” said Mr Sweeney.
“But at the same, there have also been occasions of post-event underwriting when insurers didn’t understand the risk well from the start,” he added.
Mr Ralph also underscored the strategic worth of a good long-term relationship between both insurer and risk manager.
“You can’t underestimate the importance of a long-term relationship with the insurer, for large complex claims, contentious or ‘grey areas’ are much more likely to be dealt with favourably where the relationship is a long-term partnership rather than an opportunistic transaction,” he said.
While insurers request more transparency from the insured, Dr Ho similarly felt that insurers and brokers can also be more forthcoming in how they rate particular risks.
“I think we can have more technical exchange into how insurers do their risk assessment and be more transparent with their models. We can exchange views and learn from each other so that we can raise the standard.
“Clients also have a view on the risk and it will benefit both sides if we are able to transfer all the silo knowledge. At the end of the day, insurers will get a better client coverage and we will also stay with them longer and they will pay for less claims,” he said.