Corporate governance regimes are gradually reshaping risk management, according to a recent informal survey of members of the associations that comprise FERMA. The picture varies from country to country, but some risk professionals are clearly taking on more enterprise-wide responsibilities.
The survey indicates there are growing responsibilities for some risk managers, especially where their companies have implemented enterprise risk management (ERM). Others are increasingly pure insurance specialists, and some see little change.
European corporate governance regimes may be statutory (France's Loi de Securite Financiere, Germany's KonTraG), or codes of best practice (UK Combined Code, Dutch Tabaksblat Code). Companies with a US presence are also taking account of the Sarbanes-Oxley Act. A comment from the Netherlands indicates that some privately owned companies are also adopting the provisions of the local corporate governance regime.
The impact
The impact of corporate governance measures on risk management varies across the countries surveyed.
Discussing the French situation, Thierry van Santen, FERMA president, said that there is a growing divide in the profession of risk management between those who work in companies which are effecting ERM and the others. "Many members are being bypassed by newcomers (with more seniority and power) and going back to insurance purchasing only."
In Germany, corporate governance law has made risk managers' work more formalised and structured. "The risks have to be more clearly defined in some formalised way so that the need to insure becomes more obvious."
In the other countries surveyed, the impact of corporate governance appeared to vary according to the companies concerned. The Swiss respondent said that some members' roles would not have changed - "it depends who is driving the corporate governance direction." And when Swiss risk managers are affected, this may take the form of linking risk management to corporate governance and reporting up through the organisation.
Similarly, in the UK, the impact on members of AIRMIC varies, with some of them involved with formatting corporate governance processes. And, although the change is not dramatic, in the Netherlands some risk managers have become involved in ERM projects or even taken responsibility for them. Most are said to be still insurance managers with partial ERM responsibility. A similar response came from Sweden: corporate governance is part of some risk managers' job descriptions, while for others it has had no effect. In Italy, only a few risk managers are affected, and only to a limited extent.
Most risk reporting for corporate governance purposes is done through the CFO, although chief risk officers (CROs) are emerging in France. Other reporting lines include the company secretary, compliance officer, legal counsel or treasurer.
Corporate governance and demands for internal control systems are creating varied challenges for the risk management community. These include:
- presenting D&O risks effectively to the market (UK)
- Basel 2 solvency (Germany and Italy)
- viewing corporate governance in light of corporate social responsibility and how best to organise an effective internal control structure (Sweden)
- identifying responsibility for driving the risk management elements of corporate governance. (Switzerland)
- legislative change with growing shareholder and supervisory board influence (Netherlands)
- the relationship between social and enterprise responsibility and their insurability (Germany)
- implementation of ERM, Sarbanes-Oxley and board reporting, plus new organisations (France).
Emerging risks
Risk managers are increasingly involved in the management of non-insurable risks, particularly as part of ERM.
Business continuity planning and supply chain risks were among those most frequently mentioned. The comments show that, again, there is considerable variation.
- Those taking the ERM route are working heavily on it, but it affects only 20-25% of members (France).
- For those who have an ERM structure in place, this will form a natural part of the risk map (Sweden).
- In Germany, the risk management process already encompasses non-insurable risks, but separately from the insurance buying function.
- Most of these issues are related to business continuity planning and a more structured approach to this subject. In most cases, it is controlling or operations and insurance functions who carry out these projects (Netherlands).
- It depends on the company. The risk manager may well be involved in supply chain, environmental, reputation risks etc (Switzerland).
- It varies greatly - supply chain, definitely, some areas of regulation and reputation, but data rarely (UK).
- Members of the Italian risk management association ANRA deal almost exclusively with insurable risks.
In respect of the new risks on which they are focusing, regulatory issues, European legislation and reputation management were the most commonly mentioned by the European risk managers. The following were specifically highlighted:
- political/reputational (Italy)
- regulatory, identity theft, car use as workplace (UK)
- crisis management (Sweden)
- compliance and regulatory (Switzerland)
- terrorism, EU directive on brokers and reform of insurance contract law (Germany)
- mainly strategic, reputation and compliance (France)
- new European laws/directives and their impact on national laws (Netherlands).
Endurance is delighted to be associated with this year's FERMA conference.
Whilst still a young company we have over the past two years begun to talk with key individuals and associations within the risk management community.
Our company, initially formed in Bermuda, has also expanded rapidly both in America and globally, using London where we have established a local FSA authorised insurance company as a gateway to develop a wider presence.
Europe is an important marketplace for us. An area where we believe our dedication to understanding risk, through insight and analysis really will pay dividends.
Our strategy is simple: in every market in which we choose to compete, we will be a leader in our ability to analyze, understand and assume risk. Respected industry leaders head each of our operating subsidiaries and product lines.
We focus our underwriting expertise on select, profitable, specialty product lines, supported by a legacy-free balance sheet and centralized, state-of-the-art analytic expertise and technology. We identify and act on suitable external opportunities to grow our specialty insurance and reinsurance businesses.
Endurance is just past the half-way point of its initial five-year development phase. No business plan is ever realized exactly as written, but at this stage Endurance has achieved or exceeded all the goals we set when we founded the Company. Endurance is coming of age in a turbulent world, in an industry that faces challenge and change.
To achieve our purpose, which is to create a lasting organisation that will deliver on all its promises, our plans must be sufficiently flexible to accommodate change without sacrificing consistency. Our principle and philosophy based culture will continue to guide our strategic development.
We believe our strategic approach dove tails very well with the direction the European Risk Management community is taking. The selection of insurance carriers willing to reward excellent risk management through risk pricing being the key.
