Airmic 2023: Three new tools to help risk managers

Airmic kicked off its 2023 annual conference in Manchester with the launch of four new reports.

Each one is tailored to help risk managers do their jobs more effectively, whether that’s running captives, building cyber resilience, scenario planning, or mergers and acquisitions.

 

• Guide to scenario analysis

As businesses are ditching decades of forecasting habits in view of increased uncertainty and unpredictability globally, Airmic has released a new guide on scenario analysis for risk professionals. The guide was produced in collaboration with ORIC International and Barnett Waddingham.

“The world is experiencing a step change as the power of artificial intelligence becomes more visible. Scenario analysis will help organisations to make better-informed decisions in support of inevitable changes to their strategy and business models,” says Julia Graham, CEO, Airmic.

What does it mean for risk managers

The guide provides a framework as part of an organisation’s risk management system.

It will help risk professionals lead scenario analysis with peers and experts within and outside their organisation to help them understand possible visions of the future that could affect the organisation’s strategy, operations and financial health.

Scenario analysis can be used to test the strategic and operational plans and activities within the organisation, and how they fit together.

“Many boards are blindsided by risk events that come out of the blue. In a world where the pace of change is continuously increasing, anticipating and responding effectively to nonfinancial risks is a growing challenge. The use of scenario analysis helps firms identify blind spots and to better understand and respond to nonfinancial risk, ” says Caroline Coombe, CEO, ORIC International.

“One of the critical skills a risk professional typically possesses is the ability to adapt their communication style to their audience. The use of scenario analysis provides an opportunity to engage and interact with people across an organisation in a fresh and dynamic way,” adds Karla Gahan, head of resilience, Barnett Waddingham.

• Guide to captive governance

Airmic has updated its Captive Governance Guide in response to the increasing size and sophistication of captive insurance companies, as well as the fast-changing corporate and regulatory environment they operate in.

Originally published in 2019, in partnership with Aon plc, and updated in 2023, the Guide is designed as a resource for individuals currently serving as directors on captive boards, or considering an appointment in the future.

‘A Practical Guide for Independent Non-Executive Directors on Captive Boards’ also contains valuable information for captive managers and captive owners when considering new appointments to the board.

What does it mean for risk managers

The guide is relevant for risk managers who want to re-evaluate the effectiveness of their captive’s board and iNEDs.

“A lot has changed for captives over the past four years,” Julia Graham, Airmic CEO, said. “The hard insurance market has re-emphasised the relevance and value of captives, seeing them grow in premium size and enter new business lines.

“Trends in ESG, cyber and D&O have also presented new challenges and questions for captive boards to get to grips with.”

Areas covered by the guide include:

• the benefits of an independent view on the board of a captive
• what experience to look for
• how to go about appointing an iNED
• best practice in areas like performance measurement and the development of service level agreements
• what iNEDs should consider regarding cyber, ESG and D&O.

• Benchmarking resilience guide

A new research paper on building cyber resilience by Airmic, in association with insurance broker Marsh, finds that insurers are increasingly selective about the risks they underwrite, amid increased cyber-attacks and related claims.

As with any risk, taking time to understand your cyber risk profile and how this compares to peers across a sector can reap material dividends, Airmic’s chief executive noted.

Nine out of ten clients deploy five basic account monitoring and protection controls, according to analysis of data from Marsh UK clients conducted by the Marsh McLennan Cyber Risk Analytics Center.

• Account monitoring: Accounts are disabled upon termination of an employee
• Protection capabilities: Incoming emails are filtered/ scanned for malicious attachments and links
• Account monitoring: Minimum password requirements are in place
• Protection capabilities: Anti-malware solutions are installed on at least 75% of endpoints and are regularly updated
• Protection capabilities: Firewalls are configured to prevent unauthorised access, and the firewall configurations are reviewed at least annually.

What does is mean for risk managers?

Moves to improve cyber hygiene through stronger governance, systems and controls can help an organisation demonstrate to its insurer that it has a better grasp of cyber risk, as well as boosting the strength of risk management and resilience more generally.

Adopting cyber risk controls can be crucial in determining terms and pricing – and even whether coverage is secured at all.

“Organisations that understand the drivers of cyber risk and opportunity in the context of key stakeholders and their sector will be better equipped to successfully navigate the complexities of the evolving cyber threat landscape,” said Julia Graham, CEO of Airmic.

“Presenting your organisation to insurers in the best possible way, demonstrating knowledge and awareness of the relevant risks and controls, makes good business sense — and is more likely to achieve cyber insurance cover at a price you are prepared to pay,” she added.

“In turn, controls built on proactive, threat-led cyber security solutions and well-rehearsed and realistic crisis scenarios can prevent increasingly capable criminals from forcing your business into situations that are difficult to navigate.

“In the long term, this approach will also prove the most effective and sustainable in building a secure, compliant, and resilient organisation in the digital age”

• M&A guide

In a Spring 2023 poll of FTSE 250 chief executives, 94% expected to make acquisitions during this year (up from 86% last year). The same poll found that 88% of FTSE directors regard British companies as vulnerable to takeovers.

This comes at a time when several listed companies have disclosed that they have been targeted by private equity firms looking to take them private and this trend looks set to continue as debt markets recover.

Against the backdrop of persistent market volatility and uncertainty surrounding the likelihood of a global recession, boards are more focused than ever on cash flows and the financial health of each of their organisation’s divisions.

Divestures of non-core assets through corporate carve-outs are already a popular feature of the M&A landscape as businesses look to streamline. At the same time, competition and security concerns and the regulations to which they give rise, including the recent National Security and Investment Act, could act as a barrier to deal-making.

Mergers and acquisitions present boards with a myriad of threats and opportunities, among which one of the few certainties is that remaining on the sidelines is not a realistic option. That is as true for profitable companies with substantial cash reserves as it is for companies experiencing more challenging trading conditions.

The UK has largely avoided the surge of litigation in the US in which allegations that companies either paid too much to acquire other companies or allowed themselves to be bought too cheaply were commonplace. Nevertheless, that risk still exists.

One of the most notorious examples is the transatlantic takeover by Hewlett Packard of Autonomy pc in the UK. The consequences of that still linger on with the unsuccessful battle by Mike Lynch to fight extradition to the US to face charges of wire fraud (among others) following one of the largest civil fraud cases ever in the UK. 

“M&A activity offers the opportunity for spectacular growth and expansion, but also carries the threat of damaging shareholder value and litigation if things go wrong. The aim of this guide is to provide a high-level roadmap for board members, to help them navigate this complex landscape, ” says Francis Kean - Partner, Financial Lines, McGill and Partners

“A lack of symmetry between Corporate Purpose and Culture can lead to the failure of even the most logical mergers and acquisitions viewed purely through the lens of balance sheets. Culture has staying power long after the ink of signatures on the deal have dried. Consequently, when M&A risk assessments are organised, the people issues must not be underestimated and must be factored in the overall profile of risks and opportunities,” adds Julia Graham - CEO, Airmic.

What does it mean for risk managers

The aim of this Guide is to provide a toolkit to assist risk managers in understanding and keeping pace with this fast-changing and increasingly complex landscape.

It takes the form of 12 questions designed to break the diverse set of issues down into a manageable series of topics. The list is not exhaustive and answers to each question will vary tremendously depending on the size, maturity and nature of an organisation’s operations.

Nevertheless, in response to each question, the guide identifies a range of issues which are likely to be relevant.