Risk management for an enlarged EU

Jeff Manners says that companies operating in the Central European countries that joined the EU this year will need a structured approach to risk management to gain competitive advantage

Important risk issues are emerging in connection with this year's enlargement of the EU.

- EU membership is likely to increase the cost of risk for most organisations operating in accession countries. Much of this cost will result from the need to comply with harmonised national and EU legislation.

- Failure to address risk with a structured management approach will increase still further the total cost of risk for business and threaten business survival. The costs of risk include factors such as uninsured losses, self-insured losses, insurance premiums, compliance costs, investment in risk control and loss of corporate reputation.

- There are three key areas of risk that will have a disproportionately heavy impact for most industries: product liability, employee protection and environmental liability. Managing these risks well can lead to competitive advantage.

- The insurance market in new member states is also likely to face significant change, as higher claims costs, increased competition and new financial reporting and capital reserve requirements are absorbed.

The challenge of change

Change always has an impact on the risk profile of a business. For companies operating in the new member states of the EU, new risks are likely to translate quickly into new costs. Regulatory compliance has a significant price tag attached. The EU Commission estimates that compliance with environmental legislation alone could cost up to EUR120BN - and the costs of non-compliance could be higher still. Despite these increases in costs, businesses in accession countries also need somehow to guard their cost advantages in the Union in order to maintain competitiveness.

Maintaining competitiveness is a major goal of businesses in the Central and Eastern European region. In a recent survey of 686 businesses in the region, conducted by Marsh, increasing competition was identified - not surprisingly - as the most significant risk to business success. This concern is not, however, being reflected in changes to risk management activity.

While 60% of businesses in the CEE region review risk more frequently than they did two years ago, 40% of company boards still only review risk once a year or less. Over 40% of businesses have no formal risk management procedures in place, and fewer than half seek external help in identifying and quantifying risks.

Since well-structured, systematic risk management programmes are a source of competitive advantage, why are more companies not actively addressing and co-ordinating risk management activity? Operating costs can be reduced, product quality and reliability can be improved, employee productivity can be enhanced.

Those companies which fail to take the necessary steps to identify and manage risk may incur significant cost increases, lose their competitive advantage and face the added threat of insolvency. Unless companies display a greater sense of urgency in assessing the upside and downside of commercial decisions in the boardroom, they may jeopardise their business and the livelihood of their people.

Sound risk management will become an increasingly important success factor for businesses in the new EU member states. The greatest risk may be that companies realise and embrace this too late.

Risk as an opportunity

EU membership will impact all areas of risk, but three in particular present substantial challenges:

- product liability and consumer protection
- health and safety/employee protection
- environmental liabilities.

The costs of non-compliance or poor risk management will be significant.

Getting the management of these risks right can therefore be a source of real competitive advantage.

Product liability and consumer protection

Consumer protection is an integral part of the EU's single market legislation and is regulated by 14 directives. The most recent, the General Product Safety Directive, imposes strict liability for damage or injury to consumers and broadens the scope of liability to include not only manufacturers, but also suppliers.

As a result, product recalls will increase. Many companies in the new EU member states are ill-prepared for the operational challenges of a product recall, not to mention the associated costs of reputation loss.

Furthermore, the cost of product liability insurance is likely to rise, as the frequency and severity of claims increases.

Multinational companies generally have the necessary internal control measures in place already. Smaller, local companies will have the steepest learning curve. A recent survey showed that approximately 35% of companies in the East European candidate countries were not yet compliant with the acquis(1) on consumer protection and product liability - this rises to over 40% for SMEs(2).

Adopting best practice product safety controls will enable businesses in the new EU member states to:

- build partnerships with other EU businesses more easily
- support entry/growth strategies into Western Europe
- generate external financing/investment more efficiently
- develop a reputation for quality and reliability with customers
- pick only the best suppliers to meet business goals
- target investment in risk management measures, such as product liability insurance.

Employee protection

There has been no quantification of the total costs of implementing the EU's employment and social policy, but they are high. Industries whose activities pose the greatest threat to employee health and safety will have the highest compliance costs. These include the mining industry and manufacturers of chemicals, metals, machinery and equipment. While legislation will be costly to implement and monitor, more of a concern and threat to competitive advantage will be some of the behavioural risks that may emerge.

For example, according to a 2001 survey by the European Foundation for Improvement of Living and Working Conditions, 40% of workers in accession countries consider their health and safety to be at risk in the workplace.

As employees become increasingly aware of their rights in the workplace, these concerns are likely to translate into litigation.

Workplace stress, which accounted for 13.4 million lost working days in the UK in 2001/02, is also likely to damage productivity. The UK Health and Safety Executive calculates that an employee off work with stress is typically absent for around 30 days, compared to nearer 20 days for a back or muscular-skeletal problem.

In Marsh's Survey of Risk, only businesses in Hungary ranked lost productivity due to staff absenteeism and stress among their top three risk issues.

No other accession country identified this as one of the primary business risks. Yet, in questioning businesses in 11 Western European countries, absenteeism and stress were consistently ranked the third most significant risk. By implication, behavioural risks of this nature will become an issue of increasing cost and management attention in businesses in Central and Eastern Europe.

Tools exist to diagnose and manage employment and behavioural risks.

The most important part of the risk management process, though, is to ensure ownership in one place of all employee risk-related data and activity.

For example, operational management may see absenteeism as an HR problem, while health and safety staff feel disconnected from overall business decisions. Without specific management attention, none of these functions is likely to have a complete picture of costs, or clear evidence of how risk management will contribute to performance.

Environmental liability

Environmental liability is consistently identified as the most costly risk facing companies in the new EU member states. The environmental chapter of the acquis comprises over 200 legal instruments, and serves to regulate any activity that may impact the wellbeing of human or environmental health.

Highlighted below are two examples, chosen for their impact on a wide range of industry sectors and potentially severe cost implications.

First, the Integrated Pollution Prevention and Control (IPPC) Directive imposes strict guidelines on the granting of permits to industrial installations.

In order to obtain a permit, operators must quantify all emissions and not treat separately emissions affecting air, water or soil. Of greater significance is the directive's requirement to operate according to best available techniques; for many firms this will necessitate major investment in restructuring and upgrading installations.

Second, the Directive on Environmental Liability is the first law based on the 'polluter pays' principle. The definition of environmental damage in the directive includes damage to plants, animals, natural habitats, water resources and contamination of land. Operators of activities deemed risky will face strict liability for any damage and will have to prove they were operating in accordance with their permit conditions. Operators of any other activity could be liable for biodiversity damage if found to be negligent. The directive also mandates that public authorities ensure operators prevent or remedy any damage they cause. Increased access to legal channels by public bodies is likely to ensure that this requirement is enforced.

Finally, it is of note that insurance does not currently exist to protect a company against some of the areas of liability the Directive on Environmental Liability enforces. Member states are obliged to encourage the development of financial guarantees such as insurance. It is envisaged that a system of mandatory financial guarantees will be required in future.

Best practice

What can businesses do to manage these increasing risks and costs? Best practice risk management is based on two principles:

- Successful businesses are successful risk takers. In other words, risk represents opportunity
- If success is to be sustained in the face of external change, a systemic approach to risk management is critical. Otherwise risk becomes an obstacle to meeting business objectives.

For example, a business needing to recruit quickly to meet new orders may not have time to train staff in all internal safety or control procedures.

Hypothetically, this could have an impact on product quality and result in injury to members of the public. The likelihood and severity of this exposure needs to be quantified, even as the commercial imperative demands new employees are deployed quickly.

A framework that allows decision-makers to understand how much risk a business can withstand means that commercial needs can be responded to quickly.

A structured approach to risk management requires leadership by the most senior team within a business and involves:

- understanding which organisational objectives, business activities and environmental risk factors are most critical to a business's success
- identifying and quantifying risk across the business in a consistent format that leads to clear prioritisation. A catastrophic risk might, for example, be quantified in terms of multiple deaths, heavy loss of assets, production stoppage for a specified period of time, national media headlines and government investigation
- assessing existing risk management arrangements in the light of prioritised risk requirements
- building a profile of which risks require critical attention and which may be absorbed by the business
- designing a programme of action that matches investment in risk management with prioritised risk needs.

Establishing this type of risk management programme quickly requires expertise that few firms have internally. Our survey of businesses in Central and Eastern Europe tells us that 60% of businesses are considering taking external advice on different aspects of risk, although fewer than half already buy advice for parts of their risk programme. In seeking external expertise, businesses should look for advice that focuses on the achievement of business goals and delivers reduced costs of risk.

Being able to benchmark risk management measures against other businesses should be a key benefit of buying external expertise.

Insurance market change

Transferring risk to insurance companies is one of the most widespread risk management tools. The more a company understands its risks, the better its use of insurance as a targeted risk management mechanism will be.

However, risk transfer may not be the best solution in many cases.

Insurers themselves will face significant changes in the new member states over the coming years. Increased competition will obviously have an effect, as for the first time insurance buyers gain direct access to products available in all 25 EU countries. In addition, outside insurance providers will be able to attack the market share of local operations, without the expense of setting up and registering new entities.

Some insurers in the region believe increased insurance market competition will keep the lid on premium increases, even as claims rise. It is felt, though, that new EU financial reporting standards for insurers, being introduced from 1 January 2005, will be a catalyst for consolidation in the region.

This may be the point from which international insurers will start to make further inroads. While some insurers have been present in the region for some time, others will take time to establish their reputations locally and are likely to be initially cautious in their underwriting approach.

In practice, this means that outside insurers will be drawn first to larger corporate businesses in the region, for whom an international presence, specific industry expertise and niche insurance products will be most attractive.

In conclusion

Sound risk management is not just about fending off disaster - it can also be a source of competitive advantage. By reducing the cost of risk, firms reduce their overall cost base and therefore improve their competitive position. Furthermore, firms with sound risk management are more attractive candidates for investment, and companies with a clear understanding of risk-adjusted returns are more likely to create sustainable value. Among the benefits that enlargement brings, better risk management may turn out or be among the most important.

1) The Community acquis is the body of common rights and obligations which bind member states together within the EU. It is constantly evolving

2) Corporate Readiness for Enlargement in Central Europe - A company survey on the state of preparations for the single market 2003. Eurochambres and SBRA, May 2003

NEW MEMBERS

The Central and Eastern European countries admitted into the EU earlier this year were:

- CZECH REPUBLIC
- ESTONIA
- HUNGARY
- LATVIA
- LITHUANIA
- POLAND
- SLOVAKIA
- SLOVENIA.

Cyprus and Malta also became part of the enlarged EU.

Risk management for an enlarged EU

Topics

Related articles

Malta may regulate for Islamic finance

Willis opens Maltese captive operation

Movers and Shakers - Bloomberg, Saxo Bank, Evelyn Partners, Zurich, WTW, Gallagher

Spotlight on: German construction industry supply chain risks

Cyber tops risks concerns in Asia Pacific - top tips for building resilience

Interview: Five minutes with David Arick, the new president of RIMS

More ESG Risks

The unintended consequences of ‘green’ initiatives

Sector spotlight: how mining companies can manage growing ESG, regulation, and talent risks

Regulation watch: How to manage the risks created by the Supply Chain Due Diligence Act

Interview: how to become a modern risk manager

Technical briefing: risk management challenges in India

Financial services firms increasingly concerned about the risks of implementing disruptive tech, including AI