Paul O'Dwyer, Insurance Risk Manager, Atos Origin, France:
I believe that a key issue for European risk managers is coming to terms with corporate governance and the effects of developments like the French AMF regulations and the US Sarbanes-Oxley Act. Another problem is understanding and applying enterprise risk management across organisations.
My impression is that many companies have not fully embraced ERM. Risk managers tend still to be focused on insurance, although much depends upon the size of the risk management team.
I firmly believe that it is essential to structure risk management to suit the needs of the industry sector in which an organisation operates.
In my own company, supplying IT services, there are only two people dealing purely with insurance and specific qualitative risk management projects.
However, there is a much larger team of 25 dedicated risk managers, whose prime role is to assess risk at the bid and delivery stage of projects.
They are very experienced IT professionals who analyse the complexity of a project and the ability of the company to fulfil clients' expectations.
If they have significant reservations, it is unlikely that a bid submission would proceed. An IT company's reputation rests on its ability to deliver solutions that work; it is therefore crucial to produce a balanced risk analysis for senior management, to assist in their decision-making.
This large risk management resource enables me to focus on other risk management projects, such as business continuity policies, business impact studies, disaster recovery plans and crisis management. All these areas need common policies and procedures in place and internal auditing of them.
H Gruneauld, Chief Risk Officer, Preem Petroleum AB, Sweden:
A key problem facing risk management in Europe is to get the whole company to understand the importance of having a structured risk management process. Although my own position is that of chief risk officer, you do not find many people with that title in Sweden, and it is difficulty for management to understand what a chief risk officer's duties should be.
I think the most important quality for risk managers is experience - and not simply of risk management. They should have a really good knowledge of the field that they are working in, and that is not easy for people at a junior level. Risk managers also need to be respected and trusted within the organisation. Managing risk is one of the most important things for all the managers in an organisation and it is important that they should not view the risk manager as interfering in the way they run things.
Adrian Clements, Risk Engineer, Arcelor, Luxembourg:
The main issue facing risk managers today is the overuse of the phrase 'risk manager'.
Financial wizards are called risk managers, insurance managers are risk managers, holistic risk managers are risk managers. Risk covers all areas and facets of business, in fact every decision contains risk and every risk reduction step contains risk. Most people who have given themselves this title are risk managers but they do not manage risk. The true risk managers are never heard about because they do the job correctly. We need a definition of what a risk manager is to avoid this confusion in the future.
Many managers fail to quantify or qualify the individual risks, or are unable to handle the modelling of risk in an effective manner. They therefore tend not trust the answers given by theoretical studies.
There is a general inability to see that risks accumulate and are not independent of each other. Take the examples of the World Trade Center loss or LTCM. The likelihood that accumulations could occur was ignored or underestimated.
To effectively handle risk you need to know your own risk appetite. Many do not know or cannot quantify. This grey zone of guesswork needs to be taken out of the equation.
One of the top problems facing risk managers is the ability to sell the concept to the financial institutions. I will probably not obtain the same discounts in insurance premium if I describe my risk management programme as if I explain how I plan to install sprinklers. The fact that my program encompasses many more areas of risk, which indirectly affect my loss ratio is beyond many insurance companies' pricing models.
The result of all these factors is that when a company hires a risk manager they will get either an insurance expert or a financial expert, but not someone who runs a team of experts specialised in each of these fields.
The risk awareness of each organisation will therefore be biased towards their expert's own centre of competence. If one person handles the financial risk and another the insurance risk there is typically no coordination, and the accumulation effect goes missing. In other words, companies typically do not know what they want.
Another area of concern is the risks of M&As, which are often looked at only from a cost saving standpoint. The fact that the companies might not fit together culturally or productively is ignored. This can result in the loss of knowledge from the companies, loss of competitive advantage and too much cost cutting over the longer term.
The watering down of risk management by all this confusion will lead to the lack of a counterweight in discussions with consultation companies or rating agencies. The belief that consultation companies are experts can push a company into problems. Without the necessary counterweight to their recommendations, based upon insider knowledge, risk can increase even when we want it to be reduced.
There are many universities now offering training for risk managers, and our peers should be able to help. The Institute of Risk Management is creating courses in this area, and there are societies and magazines which explain potential problems but, as always, there is too much information.
We need more companies to appoint a chief risk officer (CRO) to work with the CFO and CEO. How can you expect CFOs and CEOs to do their jobs if they do not know both the positive and negative aspects of risk?
Typically insurance only repays 20% of the overall financial loss following a claim. This does not stop top managers asking if insurance has been purchased. Insurance is at the centre, due to the fact that top managers are uncomfortable with taking the word of one person or a risk model that says the risk is being managed and does not need to be transferred.
True risk managers need to have a grasp of all risks and have an open mind. They should also have the ability to put a price on the risk, in order to establish the cost benefit of transferring, reducing or eliminating it. They need to know the company's risk appetite in each specific case.
The risks a company is exposed to will always be changing, so we need to be flexible. The future risk manager will need to be at the top of the company to take the overall responsibility for the identified risks.
The risks exposure and appetite of the financial sector will also change, automatically varying the solutions developed for each company. I do not think that deals spread over years will be the trend; instead, there will be specific short term deals for those areas where risk is transferred.
The use of captives will grow, but here the risk lies in letting the captive stagnate. A captive must develop and be dynamic. Otherwise it is useless.
Lars Stenblom, Vice President Risk Management, Trelleborg.AB, Sweden:
Sweden, and indeed Scandinavia in general, is getting more and more involved with liability issues. The US legislative philosophy will have an impact on liability, with significant repercussions on the way we do business in the future. Being on top of information and data will be essential.
To cope with the future, we need to know the history, so companies will carry out more and more data trawls.
There is a greater focus on transactions and insurance, and therefore one skill that risk managers need is knowledge of internal structures and organisations. However, the need for a broader set of skills is likely to grow. Risk managers will need a technical understanding of the processes within the company as well as a financial understanding. Abilities in project management are also important, as more projects will be needed in the future.
Geoff Taylor, Risk Manager, Nike Europe, Netherlands:
One of the key issues facing risk managers in Europe is the effect of cultural differences.
These create issues for the understanding and acceptance of ideas. However, much depends on the parent company's style and culture. With this in mind, I believe that it is necessary to spend time understanding local issues and how you might sell your ideas into the local mindset.
I think that risk managers are too focused on insurance rather than considering risks as a whole. The more holistic risk managers are still in the minority and the majority are mostly insurance experts.
I do not think that the skills required of today's risk manager will change in the future. They will remain a mix of management skills, business knowledge and finance skills.
Everhard Van Dalen, Risk and Insurance Manager, Alcatel, Belgium:
European risk managers today have a number of important issues. They include: M&As, fraud, reductions in coverage and an increasing premium budget. The effect of all these factors is that companies have more risk and higher costs.
There are some solutions. The higher costs mean that more companies may consider a captive or higher retention, while to deal with the growing risks they may increase their risk transfer and loss prevention and focus on business continuity planning.
I think that more European risk managers are now considering all their organisations' risks. For this they need both a strong personality and empowerment to carry out reviews and changes. A legal background helps.