The seeds of today’s economic woes can be found at the start of a decade that saw huge social change and the risk management profession come of age

Twin Towers on September 11

In many ways the moment that would define risk in the noughties – and the decade beyond – came in 1999 when US president Bill Clinton responded to heavy lobbying from the banking sector and repealed the 1933 Glass-Steagall Act.

This legislation was intended to remove forever the conditions that led in part to the Great Crash of 1929 by forcing the separation of the commercial and investment wings of banks.

“Customers no longer knew if they were walking into a safe haven or a casino,” says Katoen Natie chief risk officer Carl Leeman. The repeal opened the door for the trading and underwriting of complex financial instruments, including the subprime loans that would rise from around 5% of US mortgage lending in 1999 to nearer 30% by 2008, with credit default swaps supposedly eliminating risk.  

There has been a complete change from insurance handling to a purer form of risk management”

Anne-Marie Fournier,PPR


But the stormclouds gathering over financial services as the world celebrated a new century were just one example of how increasing complexity and interconnectedness came to shape risk management in the noughties - the decade when, in many ways, the profession came of age.

Boiling frog

“To me, the development of risk management has some similarities with that of the ‘boiling frog’ story,” says DLA Piper chief risk officer Julia Graham. The story says that if a frog is placed into boiling water, it will jump straight out and survive. But if it is put into cold water, which is then slowly heated, the frog doesn’t notice the change in temperature.

“Over time as the water heats up, the frog drifts into unconsciousness and isn’t aware when the water gets so hot it’s too late and dies. Risk management has evolved over the years and until the jolts of 2008 - and in 2010 - our profession was also, in some organisations and to some degree, gently going with the rise in the world’s natural and financial temperature.”

Communication is key

As the Millennium arrived, consumers were already getting excited about two products that would, in many ways, come to define the noughties: mobile phones and home broadband.

Together these technologies would change forever the way people communicated, both with each other and companies, opening a new front in corporations’ battle against reputational risk.

With the arrival of social media mid-decade, companies found that they had to rapidly move beyond the traditional PR executive talking to the press. Now every disgruntled customer had a megaphone to voice their opinions online, corporate mistakes found their way onto YouTube and Flickr, and employee indiscretions could live on forever on Facebook.

The game had changed – and it would keep changing.

In the 1990s, risk managers were still mainly insurance buyers and ‘risk management’ was mostly associated with manufacturing, local authorities, health and education. But all that was to change in response to the pressures and complexities of the new millennium.

French multinational PPR’s risk manager, Anne-Marie Fournier, says: “There has been a complete change from insurance handling to a purer form of
risk management.

Fully tailored solutions

“Risk prevention and risk mapping now form part of the tool set of modern risk managers. Meanwhile, insurance conditions have drastically changed from standard wordings to fully tailored solutions mainly based on ‘all risks’ mechanisms, as a result of pressure from risk managers.

“Better knowledge by risk managers of the exposures of their companies is enabling some to assess and potentially report to senior management on these issues. This includes presenting to audit committees and risk committees, and taking questions from the board on risks and insurance coverage.

“However, there is a need to be much more detailed in identifying and quantifying these exposures and for greater imagination relating to future exposures.”
Quite how much imagination would be required to appreciate the risks the new century presented was starkly illustrated early on the morning of 11 September 2001 when the first plane hit the Twin Towers.

For many risk managers, this event illustrated that risk was global and had wide repercussions.

Mining group Eramet’s director of risks and insurance, Gilbert Canameras, who is also Amrae president, says: “The events of 9/11 illustrated not just the dangers of terrorism risk but also the significance for other risks and for the insurance community resulting from just one event. This had consequences on limits of capacity in the market.”

9/11 highlights dangers

Canameras says 9/11 highlighted the need for risk managers and their companies to diversify. “It showed the potential dangers of concentrating key assets - people, information, equipment and so on – in a single location. Similarly, the event also highlighted for risk managers the need to diversify their insurance and to use several underwriters rather than a single insurer.”

This position was repeatedly reaffirmed as the increasingly globalised world faced up to the impact of globalised risk: from war in the Middle East to tsunamis in the Pacific, nuclear accidents in Japan and terrorism in Europe. All these events exposed the fragility of companies to disruptions in their increasingly complex, just-in-time supply chains, often occurring thousands of miles away.

Airmic chairman John Hurrell says: “[The Japanese tsunami] was a wide area incident, a huge number of interconnecting aspects of society were affected, and that’s something we need to prepare for.”

“In the UK, we’ve seen similar, if far less serious, events in recent years and we should take that on board when we look at risk. We’ve had largescale floods, we had the Buncefield fire and two winters where large parts of the country have been iced out - and who knows what’s on the horizon? There could be a pandemic, more floods.

Unquantifiable threats

“The core point to take away is that each time any of these events has occurred, it has exceeded our planning by some order of magnitude. It’s time to think the unthinkable and see where that leaves us.”

That seems good advice for all risk managers as we look at a future with serious, unquantifiable threats looming large over coming decades, from climate change to the eurozone crisis, the possibility of a hard landing for the Chinese boom, social disruption across the Middle East, rising energy costs, an ageing population increasingly reliant on care from heavily indebted states, skyrocketing youth unemployment and the threat of war with Iran.

For the first time in decades, parents across the Western world can no longer be sure that their children will have better lives than them. Good risk managers are needed to negotiate a troubling uncertainty at the heart of our society.

An era of over-confidence

The Noughties were a time when many business people seemed to ignore risk. With hindsight, it’s hard to believe that we didn’t prepare better for the two great crashes of the period - the dotcom bubble and the financial crisis - as the signs were there for all to see. Every bubble that has popped and every financial mania in history has been preceded by the same symptoms: an uncritically accepted growth story, easy credit and over-borrowing, an investment boom - and lots and lots of conspicuous consumption. All of which were present in spades throughout the noughties. It seems we just refused to believe it could happen again. And again.