Large Venues Reviewing Security Measures

Venues that attract crowds, such as large sports events and concerts are reviewing their security measures, both inside and out, to prevent an attack such as the suicide bombing after an Ariana Grande concert in Manchester, England, that killed at least 22 people.

Most venues have strict rules about bags, backpacks and coolers. Some check items thoroughly before allowing them inside an arena and others do not permit them at all. Venues also employ security detail to check those attending events as well as plainclothes detail to monitor the crowd. In the Unites States, the Department of Homeland Security warned that the U.S. public may experience increased security at public events.

Hong Kong’s AsiaWorld Expo, where Ariana Grande is scheduled to hold a concert in September, said it plans to improve security at all concerts and events. Besides baggage inspection, there will also be metal detectors and search dogs, it said in a statement.

According to the South China Morning Post, the Hong Kong venue said it will begin using metal detectors to screen for potential threats, in addition to its usual backpack and baggage inspections. It also said it would consider using search dogs for any suspicious items or requiring visitors to wear security straps to track them while in the venue.

One mega event, the annual Indianapolis 500 over Memorial Day weekend, took to heart the task of keeping attendees safe. Adding to security planning measures for more than 300,000 attendees was the safety of Vice President Mike Pence, who was expected to attend—and arrived on Sunday morning.

Indy 500 crowd, May 26, 2017. Photo by Dana Garrett

Reuters reported that the Indy 500 has a Homeland Security SEAR 2 (Special Event Assessment Rating) designation, which means federal assets can be brought in to enhance security efforts during the event.

The Indy 500 is regarded as the world’s largest single day sporting event. Only venues on par with the Super Bowl and the Democratic and Republican conventions are given higher security ratings. Local, state and federal agencies contributed to security efforts at the Indy 500, including sniffer dogs, license plate recognition equipment and multiple security checkpoints to enforce restrictions.

There are those who believe, however, that even with enhanced measures, terrorist acts cannot be completely anticipated or stopped.

“Whatever is done—and in this case it’s British intelligence which is considered among the best in the world—it won’t prevent such incidents happening,” Jean-Charles Brisard, president of the Centre for the Analysis of Terrorism told Reuters. “You can bring back the perimeter, add security gates and as many controls as you want, but that will not change the fact that a determined individual will carry out his act if he is not caught before.”

In a Changing World, Questions For the CRO

Before the financial crisis in 2008-2009, many businesses didn’t think of risk as something to be proactively managed. After the crisis, however, that paradigm shifted. Companies began perceiving risk management as a way to protect both their reputations and their stakeholders.

Today, risk management is not just recommended, it is considered crucial to successful operations and is required by federal and state law. The SEC’s Proxy Disclosure Enhancements, enacted in 2010, mandate that organizations provide information regarding board leadership structure and the company’s risk management practices. Company leadership is required to have a direct role in risk oversight, and any risk management ineffectiveness must be disclosed.

The CRO’s role

Volatility in the current business environment—a confluence of factors including transfers of power, the world economy and individual markets—is nothing new. Political transitions have always been accompanied by new agendas and shifting regulations, economies have always experienced bull and bear markets, and the evolution of technology constantly changes our processes.

Even so, recent events like Brexit, the uncertainty of a new administration’s regulatory initiatives, and thousands of annual data breaches have contributed to an unprecedented atmosphere of fear and doubt. To navigate this environment, the chief risk officer needs to adopt a proactive risk management approach. Enterprise-wide risk assessments grant the visibility and insight needed to present an accurate picture of the company’s greatest risks. This visibility is what the board needs to safely recognize opportunity for innovation and expansion into new markets.

To grow a business safely—by innovating and adding to products/services and expanding into new markets—risk professionals should not focus on identifying risk by individual country. This approach naturally leads to a prioritization of “large-dollar” countries, which aren’t necessarily correlated with greater risk. Countries that contribute a small percentage of overall revenue can still cause major, systemic risk management failures and scandals.

A better approach is to look at risk across certain regions; how might expanding the business into Europe, for example, create new challenges for senior management? Are there sufficient controls in place to mitigate the risks that have been identified?

When regional risks are aggregated to create a holistic picture, it becomes possible for the board to make sure expansion efforts are aligned with strategic goals.

Three processes that require ERM

Risk management is an objective process, and best practices, such as pushing risk assessments down to front-line process owners who are closest to operational risk, should be adhered to regardless of the current state of the international business arena.

While today’s political climate has generated a significant amount of media strife, it’s important not to let emotion influence decision-making. By providing the host organization with a standardized framework and centralized data location, enterprise risk management enables managers to apply the same basic approach across departments and levels.

This is particularly important when an organization expands internationally, which involves compliance with new sets of regulations and staying competitive. Performing due diligence on an ad hoc basis is neither effective nor sustainable. Instead, the process should follow the same best-practice process as domestic risk management efforts:

  1. Identify and assess. Make risk assessments a standard part of every budget, project or initiative. This involves front-line risk assessments from subject matter experts, revealing key risks and processes/departments likely to be affected by those risks. For example, financial scrutiny is no longer a concern just for banks. Increased attempts to fight terrorism mean transactions of all kinds are becoming subject to more review. Anti-bribery and anti-corruption processes estimate and quantify both vulnerability and liability.
  2. Mitigate key risks. Connect mitigation activities to the resources they depend on and the processes they’re associated with. ERM creates transparency into this information, eliminating inefficiency associated with updating/tracking risks managed by another department. Control evaluation is the most expensive part of operations. Use risk management to prioritize this work and reduce expenses and liability.
  3. Monitor the effectiveness of controls with tests, metrics, and incident collection for risks and controls alike. This ensures performance standards are maintained as operations and the business environment evolve. Evidence of an effective control environment prevents penalties and lawsuits for negligence. The bar for negligence is getting lower; technology is pulling the curtain back not only internally but (through social media and news) to the public as well.

Lastly, the CRO role is increasingly accountable for failures in managing risk along with other senior leaders and boards—look no further than Wells Fargo.

Total Cost of Risk Drops for Third Straight Year, RIMS Finds

Despite the challenges of a slowed economy in an election year, a shifting risk landscape as a result of technological advances, and a slow to negative growth rate in some sectors, 2016 saw the total cost of risk (TCOR) decline for the third consecutive year, according to the 2017 RIMS Benchmark Survey.

Even in the face of such uncertainties, the TCOR per $1,000 of revenue continued to drop, ending at $10.07 in 2016. The main drivers were declines in all lines excluding fidelity, surety and crime costs, according to the report. TCOR is defined in the survey as the cost of insurance, plus the costs of the losses retained and the administrative costs of the risk management department.

The survey encompasses industry data from 759 organizations and contains policy-level information from 10 coverage groups, subdivided into 90 lines of business.

Uncertainty around policies in the new presidential administration will continue to dominate in 2017, as the nation’s trade policy, regulatory reform and tax system could see changes, RIMS reported. The new political regime is also expected to reduce regulatory oversight at the state, federal and international levels.

Key findings from this year’s RIMS Benchmark Survey include:

  • Technological advances have caused a seismic shift in the risk landscape, creating new types of claims and forcing insurers to consider new products and solutions for customers.
  • Insurers ended 2016 with average capital and surplus at the highest level in 10 years. However, excess capacity is undermining profitability, as seen by falling net income and return on average equity.
  • The personal insurance space is in the midst of a consumer-centric revolution, offering customers new transaction platforms, better metrics and more flexible pricing and coverage options. Commercial insurance is expected to adopt a similar focus, transforming the way business is transacted.
  • Predicted rate increases for cyber, E&O and workers compensation failed to materialize across the board. Projections for 2017 are more moderate, with property and most liability lines flat to down 10%.
  • Emerging trends in the 2017 risk landscape include the tech revolution, security issues, natural catastrophes and political upheaval.

“The RIMS Benchmark Survey chronicles the evolution of corporate risk management costs over time. This year’s edition highlights how risk managers have effectively managed costs in a time of evolving risks and demands, enabling them to do more with less,” said Jim Blinn, executive vice president of client solutions at Advisen.

It’s a Great Time to Be a Risk Manager

2017 has so far been a wild ride of change. Companies are navigating through a new U.S. administration, Brexit and cyber risks that are more daunting each day. We are bombarded with uncertainty and unchartered waters. Nevertheless, it’s a great time to be a risk manager.

This kind of disruption is the reason many of us got into the risk and insurance industry.  Addressing disruption is what we do best. According to a recent CNN report, in fact, Risk Management Director is the number-two Best Job in America for 2017. Recognizing the meaningful contributions and rewarding work of a risk manager, the report highlighted the role in “identifying, preventing, and planning for all the risks a company might face, from cybersecurity breaches to a stock market collapse.”

In the midst of a riskier environment, the insurance industry that serves risk managers faces highly competitive market conditions. The result is more choices and better services for the risk management community. Now is the time for the risk manager to take the lead.

As thousands of risk professionals soon head to the RIMS Annual Conference in Philadelphia, it’s a good time to consider the opportunities in this growing profession.

Why the time is right for risk managers:

  1. 2017 brings a new risk profile. Every company, regardless of industry or size, needs to evaluate the new risks from the shift to nationalist policies in the U.S. and abroad. Our new administration’s efforts to increase America’s manufacturing raises a host of new insurance needs—more U.S. production means more U.S. liability. We are also seeing a shift in global supply chain and an increase in the political risks of operating outside our borders. These changes require board-level and C-suite attention. We expect to see risk managers play a more significant role with management in building risk mitigation into their company’s strategic direction.
  2. Rise in specialists. This is your time to be selective about specialists that understand your business and the specific challenges you face. Insurers are differentiating through specialization. Work with an underwriter that knows the risks, regulations, complexities and nuances of your industry. Many industries, such as construction and health care, will experience rapid change this year. Find partners that have been in the same trenches and can help you navigate changes.
  3. Tailored products and solutions. The highly competitive insurance market is also driving product innovation for clients with more tailored solutions. Take the time to learn about less-understood products, such as accounts receivable insurance, which protects companies from non-payment risks and gives them the ability to borrow, receive loans, and as a result, improve their credit quality. In Europe, 70% of companies purchase this coverage, compared to only 8% of U.S. companies. Understand the risks across your supply chain and work with your broker to customize insurance programs and bring innovative solutions.
  4. At the center of technology and innovation. The insurance industry is on the front lines of the cutting-edge technologies: internet of things (IoT), robots and drones. These advances will only grow and thrive with the right risk and insurance programs. For example, the technology surrounding drones or unmanned aerial systems is rapidly evolving. The ability to collect and analyze aerial data has improved efficiencies, enhanced safety and lowered costs within the construction, agriculture, telecommunications, oil & gas and real estate industries. As usage  grows, risk managers will be central to the successful operation of drones by understanding and managing the risks and compliance needs.
  5. Ability to leverage the best in data analytics. Risk managers have the data, tools and skills to anticipate the risks from this tumultuous environment. The insurance industry views these challenges with a different lens, drawing on past catastrophes and predictive analytics to plan for the challenges ahead. Risk professionals who know how to leverage this information can bring a sense of preparedness and control at a time of heightened uncertainty. There is also a role for risk managers to advise senior management on the use of data. But because models are continually amended and updated after losses occur, it is important to avoid an over-dependence on data and false sense of security.
  6. Opportunity to participate in growing your business. Risk managers do not just protect a business, they grow a business. Companies are reevaluating strategies based on new policies. Will they build manufacturing plants? Will they buy a strategic target? Risk professionals have an important role in mergers and acquisitions deals as insurance can be used to help quantify contingent liabilities and allow for accurate pricing models. The most common is representation and warranties insurance, which can help strengthen and facilitate a transaction.
  7. Better risk management services. Insurers realize it is not enough to write a check for a claim. Take advantage of risk mitigation services that are built into your insurance policies. They include education, training, tabletop exercises and risk assessments.
  8. A thriving profession. With more and more universities offering undergraduate risk management majors, we will see a dedicated, high-caliber talent pool focused on careers in risk and insurance. The Spencer Foundation, for example, has completed an eight-month competition between students of 29 universities from around the country, analyzing, developing and presenting the most comprehensive risk management solutions for a case study. The top eight teams will be in Philadelphia to present at RIMS.

The risk and insurance industry is made up of some of the most agile and level-headed professionals. Risk managers have always moved with the changing environment and crisis situations, developing programs to address their entity’s risk profile. Hopefully, we will see more companies include risk management in their strategic planning and leverage the experience and skills of their risk managers.