23/06/2010

By Peter Davy

When the Federation of European Risk Management Associations (FERMA) last conducted its bi-annual benchmarking survey it was the first half of 2008. The collapse of Lehman, diving stock markets, and the worst of the financial crisis and worldwide recession were still to come. And that ‘before the deluge’ aspect was probably reflected in the survey findings. Asked to report on the most important categories of risk facing their companies, only a third of more than 500 respondents from 16 countries identified financial risks, including debt, cash flow, the financial markets and foreign exchanges, as key risks. A mere 15% pointed to risks linked with corporate governance and internal control.
Two years on, and with the launch of FERMA’s 2010 survey in April – with the results due to be published in late September – it will be interesting to see how the perspective of Europe’s risk managers has since changed. However, many of the their immediate concerns are easy enough to identify, and present few surprises.
Take credit risk, for example. “In 2008 it was a new risk for many,” says Benedicte Huot de Luze, scientific director at France’s Association pour le Management des Risques at des Assurances de l’Enterprise (AMRAE), which is Europe’s biggest risk management association. “In 2010, it’s no longer new but it continues to be a key issue. For the past 18 months companies have been focussed intensely on checking the financial strength of their suppliers and clients.”
Similarly, the aftermath of the financial crisis is all too evident in the concerns of risk managers over Solvency II, an issue on which FERMA has been lobbying. Fears in Germany reflect those across Europe, and focus on two issues: the impact the new regime will have on captives and the potential for it to lead to tightening capacity and rates in the wider market. For German insurance buyers it’s a real concern,
says Hans-Otto Geiger, president of the Bundesverband firmenverbundener Versicherungsvermittler und gesellschaften (BfV); not least, he argues, because they are hardly spoiled
for choice in the insurance market as it is. Germany itself has just two players that can take on major international accounts – Allianz and Gerling. Even when you add in the foreign players, the likes of Zurich, Axa and XL, it’s not an overwhelming range.
“There are just five or six international companies who can offer coverage worldwide,” says Geiger. ”It's not a lot.”
At the same time, coverage for emerging risks is also an issue, says Ellen Rekker, chair of the Dutch Nederlandse Associatie van Risk en Insurance Managers (NARIM) and risk manager for NS Dutch Railways. Too many insurance and reinsurance companies are risk averse when it comes to new and emerging risks, she says, echoing complaints aired in France at AMRAE’s most recent conference. “Most of the time they look to find ways to exclude the risk from the policy cover. It might be better to look at what possibilities there are for solutions, if you have embedded good risk management, to cover the remaining risk.”
Risk managers are also more demanding in another way when it comes to their insurers, says Stéphanie Augustin, marketing and innovation manager at AXA Corporate Solutions, one of the FERMA survey’s two sponsors. They are calling for better, and speedier, claims management. “The expectations of risk managers are changing, and they want claims handling to be more effective because they are under increasing internal pressure to generate cash.”

A changing face
However, as Augustin confirms, the more fundamental change in risk managers’ expectations is wider: they are looking to insurers not only for capacity, but also for support and solutions in terms of risk analysis, risk assessment and risk consulting. “Risk managers themselves are changing because risk management is increasingly embedded in all the different aspects of their companies,” she adds.
For many continental European countries that’s a significant shift. As Huot de Luze explains, most companies in France still don’t have a risk manager, only an insurance manager and internal audit, while in Germany insurance managers employ many risk management tools but the focus is on insurable risk.
“What we’re seeing in both countries is a move towards integrating insurance buying with a more comprehensive risk management approach,” says Marc Paasch, general manager for Marsh Risk Consulting GmbH in Germany, who cites three main reasons.
The first is possibly the financial crisis itself. In Spain, for instance, last year’s Congress of the Asociacion Espanola de Gerencia de Riesgos y Seguros heard from delegates that risk management was moving up the agenda as a result of the
crisis, with increasing interest in enterprise risk management. Likewise, the development of international standards, particularly ISO31000, is serving to increase a trend towards standardising practice.
Most important, however, is regulation, which has helped focus organisations on their risk management systems over the past couple of years. Take Poland as an example; risk management association Polrisk says there has been a boom in demand for risk management expertise. It attributes this largely to the country’s Public Finance Act last summer that obliged public sector bodies to put in place robust risk management systems. More widely in Europe, the focus on risk management has been driven by the Eighth Directive; the timing of which – in the midst of the crisis – reinforces its demands that boards give attention to their risk management monitoring and controls. As Huot de Luze puts it: “The primary reason businesses started to really engage with risk management was to respond to the legal requirements, but in doing so it’s proved useful in responding to the challenges of the financial crisis.”
Of course, it’s important not to overemphasise this. Not everyone, for instance, is convinced that economic difficulties have done much to bolster the profile of risk management. As Rekker points out, the first question for NARIM’s risk managers posed by the crisis was how they could have missed it. “It wasn’t a risk that was on the list,” she admits.
Nor is everyone a fan of international standards. At the Belgian Risk Management Association BELRIM, board member Carl Leeman, also chief risk officer for Katoen Natie, says the move to certification makes risk management more likely to become a box-ticking exercise. “We were against ISO31000 because we knew that one day ISO would go for certification. Everybody said ‘no, it’s just a guideline’, but two years later and they are already openly talking about certification.
“Some people like it because they say it will be a way to add risk management to the board. Personally, I think it’s sad if you need an ISO certification to put someone in the boardroom. They should be on the board due to their performance, not because a standard obliges you to put them there.”
It’s also true that significant differences in risk management remain between countries – and will probably continue. If you want to explain the discrepancy in the development of risk management between Germany and France, says Paasch (who regards France as slightly ahead) one factor is the differences in their economies. France has significant numbers of large conglomerates, with everything centralised in Paris. Germany remains decentralised with more middle market corporates, many of them family-owned. Those differences reflect in their approach to risk management.
“In France there are procedures and processes in place to satisfy the shareholders. Germany, however, is coming from a background of family-owned business where the risk management was very intuitive and is slowly transforming into something more professional,” he explains.
Nor, perhaps, should British risk managers feel too pleased with themselves. One key to understanding why risk management is more developed in the UK, argues Olivier Salvi, general manager of emerging risks organisation the European Virtual Institute for Integrated Risk Management, is because there is simply more call for it. Consider industrial practice, for example. “The Anglo-Saxon model very often operates at the edge of what the systems can deliver in terms of performance. Latin countries in general are more prudent and keep the margins wider between the limits of the system and their operations.” Put simply, the British system is more risky.
Nevertheless as companies, regulations and standards increasingly operate internationally, so risk management challenges across countries are increasingly similar. As Augustin puts it, “There are some market specificities but the concerns and the issues are Europe or even world-wide.”
As the challenges increasingly conform, so too do companies’ attitudes to risk management. While there are still pioneers in risk management and those that follow them, says Augustin, increasingly everyone is moving in the same direction. That can only be good news for the profession.

Peter Davy is a freelance contributor to Risk Management Professional