Risks can go unnoticed, if the risk manager is not involved in planning a new product or a change to the business model

Board engagement

Any time a company decides to launch something new, alter its business model, or change the way it operates, the risk manager needs to be involved in discussions.

Even if the business does not realise this. And this is becoming more the case, according to Francois Malan, a board member at AMRAE, the French industry body for risk managers and commercial insurance buyers.

“The risk manager has become more involved in the long-term strategy of the company,” Malan told StrategicRISK.

“It’s a big issue when the business model of a company is changing, or the way we do business is changing,” added Malan, who is also chief risk officer at Paris-based real estate advisory Nexity. 

While this can relate to hot topics such as digitisation and cyber risks, Malan highlights the need for risk management involvement in a challenge faced by all companies – launching a new product.

“We have been working on the launch of a new product for France and then later in our other EU operations in Poland, Italy and Belgium. It is aimed at providing older people with new systems and technology in their house,” Malan explained.

“It was chosen to develop it in a special way with a special team and in a short period of time. Initially the team included legal, marketing, finance, IT, but no risk manager. I told them they needed someone to help assess the risks and to try to avoid those risks,” he continued.

Malan suggests risk managers need to find their voice to get heard. “The risk manager needs to be known and appreciated to be present in the company. You need to be aware of new products, to ask people, and sometimes to say, ‘You need me, even if you don’t know it already,’” he added.

This also needs some adaption of the risk manager’s toolkit, Malan thinks. “The way the risk manager is doing his job needs to change, adapting methodology to the project, such as using risk mapping. That means sharper issues of risk mapping and better presentation,” said Malan.

Two main risks had been identified for the project he referred to: the cost of the development; and failure to launch product on deadline. Risk manager input identified two others that had not been considered.

“Thanks to the risk mapping we discovered another risk – the risk of people not being able to sell the new product because they had not been sufficiently trained. The second one was about competitors; we hadn’t done a benchmark survey of what already exists within the country. Thanks to risk mapping, we were able to assess these risks they had not considered,” he said.

Digitisation and cyber risks for new products can also be important, Malan suggests. Previously, he had found it difficult to source cyber risk insurance coverage. “We can help the IT people properly understand the risk, and to transfer part of the risk, through cyber risk insurance,” says Malan.

“It is difficult, it took two years, but I managed to do it. The CEO previously said it was too expensive, and we had suffered no losses. However, after recent cyber-attacks elsewhere, he said we needed to buy it.”