Managing risk in a volatile world

The COVID-19 pandemic, combined with US elections and the uncertainty of Brexit negotiations made 2020 a year of risk like no other. It also reinforced two critical points for risk professionals: 1) the velocity of change is increasing dramatically and 2) sometimes we tend to underestimate the severity and length of a crisis, hoping that we can manage it successfully in an unrealistically short period of time.

This is the reality of the V.U.C.A. (Volatile, Uncertain, Complex, Ambiguous) world we live in.

Let us not forget that this pandemic reached a global scale in just a few months and over a year later, we still find ourselves in a “changed” reality. It will likely take several months until a sense of normality returns.

Furthermore, economic challenges lie ahead, driven mainly by the pandemic outbreak, and ESG risks that are now becoming a focus area. At the same time, board expectations from risk and insurance professionals are growing, with active discussions and engagement with leadership on ways to monitor emerging risks and opportunities becoming the norm.

With all this in mind, the questions that have materialised frequently in the past few months are how risk and insurance professionals must think and plan for 2021 and beyond, and what is the best strategy to support and protect the business?

Risk leaders need to work on strategies and business models that will aid organisations to meet their business objectives under this new environment, including tangible (extreme weather events), and non-tangible (silent cyber) exposures.

Resilience is not only about safeguarding, but also being able to adapt and seize the respective growth opportunities. Crisis management capabilities must now evolve to ensure collaboration of all related streams/functions to create a resilient business.

The close collaboration of the ERM, Insurance and Crisis Response and business continuity planning professionals is paramount, as working in silos under different departments will be counterproductive. This is the only way the crisis response pillars (readiness, identification, response and recovery) can be effectively coordinated.

A strong tone from the top and a clear communications strategy are essential to move things in this direction and embed this holistic approach into the business. We must accept that inevitably things may go wrong, even when taking smart risks to grow the business.

The business approach of the specific streams or functions must also evolve to adapt to such a V.U.C.A landscape. Specific focus areas in brief:

• ERM: Frequency of risk dialogue must increase to at least a bi-monthly basis as quarterly or bi-yearly sessions are no longer adequate. Invariably, participation from all functions is critical to have a comprehensive view of the environment. For listed companies, principal risks must be disclosed and must be reviewed through C-Suite engagement. Developing an early warning system for emerging risks (and opportunities) will be important, perhaps by including velocity as a key metric in the risk identification methodology. The visibility of risk professionals to various projects being implemented is of critical importance, to support risk identification and decision making.
• Insurance: The hard market is going to stay for a few years and corporate risk appetite needs to be reviewed. We need to challenge ourselves and ask the hard questions. Which are the essential policies to have? Are we buying the correct limits with the appropriate deductible? A legacy approach of ‘this is the way we have always done it’, needs to change. A risk financing optimisation exercise can validate the placement strategy against the company’s risk appetite and market capacity. Captive involvement is the way forward in a few lines of business now. If there is no captive in place, establishing one may be a time-consuming process depending on the jurisdiction that will be considered. Yes there are costs involved but a captive will allow greater flexibility and less market dependency when formulating risk transfer strategies and when trying to introduce innovative insurance solutions. Insurers must be urged (also through the respective risk management associations) to step up to the challenge and provide innovative cover solutions to address the risks faced by businesses, including enhanced parametric solutions, embedding cyber under property damage business interruption, etc. 
• Crisis Response: teams need to be trained frequently, ensuring readiness to respond and recover. Understanding the new world of cybercrime and non-damage BI losses will be critical, so new skillsets need to be considered. Reviewing the supplier footprint down to Tier 3, securing that end-to-end BCPs are in place, is important to ensure business continuity and contractual terms must also be strong, including loss of profit provisions where applicable.

Looking on the bright side:

• The risk management profession has demonstrated exceptional resilience already, managing the Covid-19 pandemic under circumstances that we have not encountered in the last few decades, and,
• The importance and role of the risk management profession will be viewed under a different lens. Moving forward, risk and insurance managers can be considered as strategic enablers allowing them to play a more crucial role in business decisions. This requires ensuring that we market the value add of the process and how it enables businesses to grow and be resilient.

Vasilis Drakopoulos is group insurance manager and captive CRO, Coca-Cola HBC