The financial crisis made risk management a board-level issue. Some of Europe’s top risk managers explain why the perception of the profession is now changing

Future risk

Monday’s workshop ‘Is risk changing or is our perception of risk changing?’, presented by Willis, made for some interesting debate about the factors that contribute to the changing risk landscape. Before the debate began, StrategicRISK asked some of Europe’s leading risk managers whether businesses’ perception of risk is changing.

“Without the shadow of a doubt, the financial crisis helped risk managers to take a more serious role in business,” says Elaine Heyworth, Airmic board member and safety and assurance director at Heathrow Express.

Before the banks failed, risk managers were mostly concerned with a narrow field of risk. Afterwards, suddenly, company executives wanted to talk about risk at a senior level. Moreover, regulators went into overdrive.

“What is changing dramatically in many companies now, driven partly by the 2008 banking crisis, is that there is a lot more board-level focus on what risk management means,” says John Scott, chief risk officer at Zurich Global Corporate.

Managing Risks: A New Framework, a Harvard Business Review paper written by Robert Kaplan and Anette Mikes in the aftermath of the crisis reviewed why risk management had failed. Scott explains that the paper concluded that “the people involved in risk management were looking at very detailed aspects of risk… and were not in a broader role looking at a whole lot of other things”. He adds that senior risk professionals now consider a “360-degree” view of risk or enterprise risk management to be more effective than narrow-focused, traditional risk management activity.

One way to understand the shift is through Kaplan and Mikes’ concept of the three buckets of risk.

First is the hygiene factor bucket, in which sits operational risk or property or business continuity-type risk. This is day-to-day risk that should be managed as a matter of course.

The next bucket is business and strategic risk, which is where risk and strategy begin to align; it may concern competitive strategy, allocation of resources, new products or new geographies and acquisitions. The third bucket is risks in the environment within which an organisation operates. A global corporate trades in global macro-economic, environmental and sociopolitical environments, and this bucket is about understanding how such global risks interact with each other and change over time.

“A senior risk manager really has to be doing all those three buckets of activity, but often most risk managers are down in the hygiene factor stuff,” says Scott.


Globalisation is also contributing to the rise of enterprise risk management, because it introduces a level of complexity into running a business that did not exist a generation ago and that cries out for an enterprise-wide approach to risk.

“Risk management is getting more and more complex,” says Carl Leeman, chief risk officer of global logistics company Katoen Natie, based in Belgium. “In the past, many risk managers came out of insurance, which can be useful, but risk management is now much more than this.”

Overseas expansion, increasingly common for companies of all sizes in the West’s low-growth economies, brings numerous new global risks, from macro-economic, to socio-political, to environmental.

“Corporates are expanding into environments that are more hostile from a political and environmental point of view. You go into regions where the same information is not available as in the West. In some parts of the world, statistics on flooding, earthquake or wind velocity are not available,” Leeman says.

Cloud computing

The adoption of cloud-based, enterprise-wide software solutions is perhaps the third biggest contributor to the rise of enterprise risk management. Companies using these sophisticated data capture and management technologies are exposed to a new tranche of dataand content-related risk.

“You really need to understand technology trends, cloud computing, outsourced data management,” says Peter Hacker, chief executive of JLT Specialty Ltd’s global communications and technology practice.

“For intangible risks relating to intellectual property, data or content, it is not a product that you want, it’s a tailored, bespoke solution,” says Hacker.

“The more the end result is required to be bespoke, the more valuable enterprise risk management is, because there are multiple stakeholders.”

Into the future

The next significant waypoint for the profession, most senior risk managers agree, is to attract the next generation, young people from a diverse range of backgrounds, with the talent and skills to develop a robust, technologically savvy and business-relevant risk culture for the future.

Julian James, president of Allied World Assurance Company (Europe) throws down the gauntlet to the profession, saying that “risk management and insurance share the biggest challenge: talent. Do we have enough and where will the next generation come from? We can all debate standards and training from dawn to dusk, but if we can’t attract young people, that will be a sterile debate.”