Profile: Carl Leeman

The chief risk officer for Katoen Natie understands the risks facing us in the digital age … and he’s keen to spread the message

In a rapidly changing world, the challenge for risk managers is clear: “Both their profile and their skills need to change,” says Carl Leeman, vice-president of Belrim (Belgian Risk Management Association), board member of Ferma, president of Ifrima (International Federation of Risk and Insurance Management Associations) and chief risk officer at the Belgium-based multinational logistics firm Katoen Natie, which now has operations in 28 countries across five continents and employs more than 9,000 people.

“Those who stick to just buying insurance will be the losers,” he adds. “We all need to adapt to this new situation; this is a new world. We are living through volatile, uncertain and complex times. This is what we have to deal with.”

Everyday business operations in a globalised world have become complex and multi-faceted and it is often hard to adapt fast. Take, for example, so-called facilitating payments: an accepted part of business life in some countries; a criminal offence in others.

“At the moment the US rules and existing international regulations accept that these payments can be made in some instances, while the UK absolutely forbids them,” says Leeman. “So, you have a real challenge: how to operate internationally when, in some countries, in Asia and elsewhere, making facilitating payments is common and not illegal – it is not considered bribery, we are just talking about payments to make things move faster. Yet, in the UK there can be high fines for companies and imprisonment for the people involved.

“This comes on top of the fact that the UK rules are very young – from 2011 – so there is not a lot of experience of court cases and how prosecutors will behave. They really know how to scare off businesses! You can’t just say, ‘I’m okay, the company will take care of the fine’. That’s not how it will go down.”

Cyber risk is another area where international regulation is complex. “Take cloud computing,” says Leeman. “A lot of things are not clear: the location of data, local regulations, the role of governments in accessing data. A lot of companies step into clouds without really thinking these things through. The EU is not asleep, it is developing rules on cyber crime. But again, the EU’s response will be a directive, so it could be implemented differently in every country, and then that will pile on top of local regulations, and that can be a problem for firms to manage.”

Taking the lead
Clearly, good guidance is critical and a key objective for Ferma is to help its members make sense of international rules and regulations. “We try to give our members as much information as possible and we lobby on their behalf in Brussels,” he says. “For example, we don’t believe the recent proposed schemes for catastrophe insurance will work for members and Ferma clearly states that it is not in favour of them. Our main tasks in coming years will be to inform and lobby in favour of our members.”

But Leeman also believes the association has to rise to the challenge of providing leadership in other areas – not least of which is guaranteeing professional standards. “On a European level Ferma is working to co-operate with all the member states and work on a certification for risk managers,” he says. “This will not be the whole solution, but it will be part of the solution. We are also working with Ifrima and hope that, in the end, there will be a globally recognised certificate. This will not take one or two years, but a long time. It is an important benchmark to establish.”

Professional bodies also have another duty to the wider risk management community: helping the little guy. “National associations really need to embrace small and medium-sized enterprise (SMEs),” he says. “They have a moral duty to do so. But this is hard. SMEs will not come to the capital for a midweek meeting – they are too busy and cannot spare the resources. But we need to reach out to them and help them improve their risk management function. Belrim has had some success by organising meetings in the evening or using webinars. We need to help SMEs develop things that they can use: good contingency planning, advice on cyber risk.”

Despite a wealth of ideas and energy, Leeman is modest when it comes to offering advice from his own experience. “I really would not want to say that I am the one from whom everyone can learn,” he says. “I just try to do my job and assist professional associations to help spread the message of good risk management.”

But when pushed he has plenty of guidance drawn from his experience of managing operational contracts, legal issues, claims handling, safety, security, insurance and environmental issues at Katoen Natie. “As a risk manager, you should give added value to your employer,” he says. “You don’t want to be seen as the guy who walks into the room with problems for everyone to solve. You need to be the guy who sees the problems - that’s critical - but also the guy who has the solutions, the ideas.”

Key to doing this is embracing the realities of the modern world and not working in denial of risk. “The mentality of a lot of people has to change,” says Leeman. “Ten years ago you could keep things behind closed doors or maybe brush them under the carpet if things went wrong, but that has changed; there is nothing safe or off the record anymore.

Strategy can be easily copied; culture cannot. It is a much more difficult approach, but it is essential’

Carl Leeman, Katoen Natie

“Everything will be in the public domain sooner or later and you have to be able to deal with that; there is no choice.

“For example, people now talk a lot about ‘privacy’ and how important it is. But there is no privacy anymore. You just have to take it for granted that what you do is out in the open. You know, people fight for privacy but then they put on social media whatever they are doing. They protect with one hand what they are putting in the public domain with the other.”

Cultural shift
In this environment, risk managers need to move from management to leadership, and from strategy to culture, he says. “Strategy can be easily copied; culture cannot,” says Leeman. “It is a much more difficult approach, but it is essential. A proper risk culture is much more valuable and efficient than a risk strategy that just comes from the top down.

“Where everyone is aware of risks it is easier for everybody – and much more efficient than just having a strategy that has to be ‘managed’ by someone.”

Ending the isolation of risk management within the firm and opening up communication is an essential part of achieving this. “[At Katoen Natie] I feel that what I am doing is adding big value to the company – we are not operating in a silo; we have legal, we have claims, environmental, security, safety – those are all within risk management. There is a very good, very quick exchange of information. No one hangs on to information. It is hard to put such a thing in place in a big organisation, and it is a challenging time for risk managers, but they need to add to their skills and work hard.

“They need to cultivate the leadership qualities that mean people will listen to them, and ensure that they have skills and experience that mean they respect you as well.”


  • Carl Leeman studied at the Nautical College in Antwerp, and holds degrees in risk management, marketing, forwarding and insurance brokering.
  • Before being appointed as chief risk officer at Katoen Natie he worked as a risk manager, claims manager and surveyor.
  • As well as writing about risk for various newspapers and magazines, he has addressed national and international conferences and teaches on several risk management and crisis management programmes.

Carl Leeman on …

… Political and economic instability
“This is a major issue in all European countries.

“Look at the economic crisis, look at the ‘Arab Spring’. These were not predicted. No one saw that things would go so wrong in the Middle East.

“Again, look at the US. Just a few years ago it was a net importer of energy, but now, thanks to shale gas it will soon become a net exporter, which will have quite a dramatic impact on the economic balance between the western countries and the
Middle East.”

… Cyber risk
“Cyber crime is on the rise. The barrier is much lower for cyber crime than any other crime. Today, about 40% of the global population is online. By 2017 it is predicted to be 50%. That is a huge amount of people – 3.5 billion – and not all of them have good intentions. Nearly 30% of tablets seem to be affected by malware; 86% of PCs seem to be infected in one way or another; 80% of hacking is done through poor passwords.

“Plus, it’s not just stealing information, it’s blocking of your website and even sabotage. Competitors might steal information, and of course blocking of a website is a nightmare for an online business, but sabotage is something else. Speaking to European aircraft manufacturers that is their absolute worse-case scenario, that someone, a terrorist or a foreign power, might maliciously plant a bug in one of their aircraft and perhaps cause it to crash.”

… Supply chain
“Supply chain continues to be a major issue.

“Not only with climate change, but social change. There will be unrest in certain countries and this kind of risk is very hard to predict. It starts more quickly, because now people can mobilise large crowds through social media much more easily than in the past.

“Natural resources remain a supply chain issue, not only energy but water, both in terms of price and availability. Certainly this is not a daily issue for risk managers, but on a global level resource availability can have an impact on social unrest, and that can hit your supply chain.”