In a Changing World, Questions For the CRO

Before the financial crisis in 2008-2009, many businesses didn’t think of risk as something to be proactively managed. After the crisis, however, that paradigm shifted. Companies began perceiving risk management as a way to protect both their reputations and their stakeholders.

Today, risk management is not just recommended, it is considered crucial to successful operations and is required by federal and state law. The SEC’s Proxy Disclosure Enhancements, enacted in 2010, mandate that organizations provide information regarding board leadership structure and the company’s risk management practices. Company leadership is required to have a direct role in risk oversight, and any risk management ineffectiveness must be disclosed.

The CRO’s role

Volatility in the current business environment—a confluence of factors including transfers of power, the world economy and individual markets—is nothing new. Political transitions have always been accompanied by new agendas and shifting regulations, economies have always experienced bull and bear markets, and the evolution of technology constantly changes our processes.

Even so, recent events like Brexit, the uncertainty of a new administration’s regulatory initiatives, and thousands of annual data breaches have contributed to an unprecedented atmosphere of fear and doubt. To navigate this environment, the chief risk officer needs to adopt a proactive risk management approach. Enterprise-wide risk assessments grant the visibility and insight needed to present an accurate picture of the company’s greatest risks. This visibility is what the board needs to safely recognize opportunity for innovation and expansion into new markets.

To grow a business safely—by innovating and adding to products/services and expanding into new markets—risk professionals should not focus on identifying risk by individual country. This approach naturally leads to a prioritization of “large-dollar” countries, which aren’t necessarily correlated with greater risk. Countries that contribute a small percentage of overall revenue can still cause major, systemic risk management failures and scandals.

A better approach is to look at risk across certain regions; how might expanding the business into Europe, for example, create new challenges for senior management? Are there sufficient controls in place to mitigate the risks that have been identified?

When regional risks are aggregated to create a holistic picture, it becomes possible for the board to make sure expansion efforts are aligned with strategic goals.

Three processes that require ERM

Risk management is an objective process, and best practices, such as pushing risk assessments down to front-line process owners who are closest to operational risk, should be adhered to regardless of the current state of the international business arena.

While today’s political climate has generated a significant amount of media strife, it’s important not to let emotion influence decision-making. By providing the host organization with a standardized framework and centralized data location, enterprise risk management enables managers to apply the same basic approach across departments and levels.

This is particularly important when an organization expands internationally, which involves compliance with new sets of regulations and staying competitive. Performing due diligence on an ad hoc basis is neither effective nor sustainable. Instead, the process should follow the same best-practice process as domestic risk management efforts:

  1. Identify and assess. Make risk assessments a standard part of every budget, project or initiative. This involves front-line risk assessments from subject matter experts, revealing key risks and processes/departments likely to be affected by those risks. For example, financial scrutiny is no longer a concern just for banks. Increased attempts to fight terrorism mean transactions of all kinds are becoming subject to more review. Anti-bribery and anti-corruption processes estimate and quantify both vulnerability and liability.
  2. Mitigate key risks. Connect mitigation activities to the resources they depend on and the processes they’re associated with. ERM creates transparency into this information, eliminating inefficiency associated with updating/tracking risks managed by another department. Control evaluation is the most expensive part of operations. Use risk management to prioritize this work and reduce expenses and liability.
  3. Monitor the effectiveness of controls with tests, metrics, and incident collection for risks and controls alike. This ensures performance standards are maintained as operations and the business environment evolve. Evidence of an effective control environment prevents penalties and lawsuits for negligence. The bar for negligence is getting lower; technology is pulling the curtain back not only internally but (through social media and news) to the public as well.

Lastly, the CRO role is increasingly accountable for failures in managing risk along with other senior leaders and boards—look no further than Wells Fargo.

Terrorism Incidents Down, Disruption Up in 2015

A number of high-profile terrorism attacks worldwide have raised people’s fears this year, but the reality is that the number of attacks and deaths from such attacks actually decreased in 2015, according to Marsh’s 2016 Terrorism Risk Insurance Report.

The report summarizes terrorism risk insurance trends, benchmarks terrorism insurance take-up rates and pricing, and offers risk management solutions for terrorism exposures.

The more current attacks, often perpetrated by a single individual or small group, are different from those carried out in the 1990s and 2000s when high profile locations were targeted. Individuals carrying out the more recent attacks may have no direct contact with a known terrorist organization, but could be drawn to them through writings and video, particularly on the internet, Marsh said.

These events can be very disruptive to operations in some companies. In the travel industry, for example:

  • About 10% of American travelers canceled booked trips due to the recent attacks in Egypt, France, Lebanon and Mali, which impacted $8.2 billion in travel spending, according to a survey by YouGov.
  • Booking losses for Air France were estimated to be €50 million ($56 million), the company said in a statement.
  • Airlines, hotel chains and travel websites experienced drops in their stock prices after this year’s airport bombing in Brussels.

In the United States, the Terrorism Risk Insurance Program Reauthorization Act of 2015 (TRIPRA) offers businesses a federal backstop against terrorism-related losses. While the overall take-up rate for TRIPRA coverage in the U.S. increased slightly in 2015, it has remained in the 60% range since 2009, Marsh said.

Managing terrorism risk requires a combination of strategies that protect people, property and finances. On the financial side, the choice is whether to retain or transfer the risk with insurance. But the changing pattern of terrorism risk has some companies asking if they are adequately insured for business interruption and related losses. They also wonder how to prepare for potential losses from cyber terrorism and other events.

Other key takeaways from the report include:

  • As small group and “lone wolf” terrorist attacks appear to be the changing face of terrorism, many organizations are assessing their coverage for indirect losses stemming from business interruption risks.
  • Following the 2015 passage of the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA), take-up rates in the US edged up for TRIPRA terrorism coverage embedded in property programs.
  • Among industry sectors, media organizations had the highest take-up rate for terrorism insurance in 2015.
  • Workers’ compensation markets for terrorism risks generally stabilized.
  • The number of Marsh-managed captives accessing TRIPRA increased by 17% from 2014 to 2015, but many captives that could offer a terrorism program do not.


Protecting Key Executives in Global Hot Spots

The recent suicide bombing in Istanbul and the Paris bombing last November killed and injured innocent bystanders and sent shockwaves around the globe. Such attacks also cause organizations to question international travel out of fear of putting their key executives and employees in harm’s travel

As the risk profile changes in some locations that were once considered safe, it is critical to reassess and more deeply examine company programs to protect business travelers abroad.

First of all, for companies and their insurance advisors, there is no substitute for great advance planning. If a company is contemplating overseas travel and can establish well in advance that there exists a need for key person insurance, the coverage is easier to obtain and more cost effective. The reality is that the heightened awareness around a dangerous trip often results in an insurance need being developed or uncovered with little notice. When this need arises, the underwriting process migrates from the traditional life and disability insurance market to the playing field of high limit or specialized risk underwriters.

In one notable example, a large U.S. company recently made a significant investment in a defense contractor. Shortly after the investment closed, the company named a new chief executive officer and sought to acquire $50,000,000 of key person life and disability insurance.

As of the day of the request, their insurance advisor had eight business days to secure the insurance before the CEO departed for the Middle East, with stops in such international hot spots as Iraq and Afghanistan. Because of the abbreviated time frame, traditional life and disability insurance was not an option. The advisor needed to turn to a specialty underwriter that deals with exceptionally large and complex human capital risks.

Armed with the CEO’s itinerary (see below) and details of the executive’s compensation and equity incentive agreement, the advisor had enough information to present the submission to the underwriters. Within 72 hours, a policy was issued that covered the private equity firm’s loss of the CEO directly due to an accidental death or disability, as well as a result of acts of war or terrorism.

Few domestic life and disability carriers possess the ability to underwrite large risks when there is high-risk exposure in the world’s hot zones. Instead, companies and their brokers must work with large international insurers that are willing to deploy meaningful capacity.

The easiest way for advisors to access these markets is through an experienced U.S.-based correspondent who is skilled at designing and underwriting coverage in these volatile locations. Local correspondents or managing general underwriters also serve to guide brokers through the regulatory complexities that go along with underwriting risks through surplus lines carriers—something most life and health producers have little experience with.

The best brokers are masters at uncovering details from their clients, documenting them and communicating them effectively to underwriters. A well-written cover memo will often be the basis for offering coverage and can be the primary source for pricing consideration. A complete itinerary coupled with security details are the underwriter’s key points of interest, so make sure the information is gathered and communicated as early as possible.

Frequently, specific plans will be classified when working with international defense contractors, but one way or the other, the basic information must be made available. When underwriting coverage in highly hostile areas, rates can vary based on multiple factors, such as security arrangements, travel vendors, length of stay and, in highly hostile areas, rates even vary down to specific latitude and longitude coordinates, often within a single city or locale.

No detail is too small for spelling out the need for the insurance and financial justification, including the purpose of the trip and the client’s specific duties and objectives. This is the information that sets apart a submission and makes it more likely for an underwriter to go out on a limb with preferential pricing and terms.

Keep in mind, when underwriting risks in highly volatile areas—with the propensity for rapid deterioration—it may not be possible to negotiate coverage or a rate guarantee for the entire duration of the client’s journey. It is essential to keep in mind that the best underwriting offers go to advisors who deliver the most detailed and accurate information.

Example of a CEO’s itinerary:

Day 1 – Depart Commercial Air for Dubai

Day 3 – Arrive in Baghdad, Iraq – Transport to Camp Butler

Day 4 – Depart Baghdad and arrive in Dubai

Day 5 – Depart Dubai arrive Kabul, Afghanistan – Transport to Camp Gibson

Day 6 – Fly to Kandahar, Afghanistan

Day 7 – Depart Kandahar, Afghanistan – fly to Abu Dhabi

Day 12 – Depart Abu Dhabi for U.S.

It is important that we don’t allow acts of terrorism to knock the wheels off our economy. Business travel and face-to-face meetings are key elements in making us what we are, so it’s imperative that we mitigate the associated risk whenever possible.

Oil and Politics: Brazil’s Petrobras Scandal

PetrobasLast month, we focused on Mexico and specifically the state-owned oil company Pemex as a risk for companies selling or investing into Latin America. We saw that Pemex represents a drag on Mexican fiscal accounts and is imposing losses on suppliers and investors. This month, we turn our gaze to Brazil: it is similar to Mexico in that it has a dominant, politically charged state-owned oil company, but different because the scale of the crisis is much more severe, as are the risks to suppliers and investors.

Brazil is undergoing a major economic and political crisis, and its state-owned oil company, Petróleo Brasileiro S.A. (Petrobras), is right at the center of the trouble. Petrobras shares some of the same challenges as Pemex: It started as an entirely state-owned firm, was used as an instrument of government policy from inception and took on enormous quantities of debt in recent times, exemplified by its $11 billion debt issue in 2013—the largest on record for emerging markets.

Brazil, however, recognizing earlier than Mexico the necessity of foreign investment for a viable oil industry, opened up the sector in 1997 and eventually reduced the government shareholding to 64% (direct plus indirect). Petrobras expanded into deepwater areas in Angola and the Gulf of Mexico and became one of the few national oil companies able to equally compete with companies such as Royal Dutch Shell and Total.

In 2014, information about the extent of corruption between Petrobras board members, various politicians and business executives not only came to light, but also sparked official investigations and arrests. President Dilma Rouseff has been temporarily removed from office pending a trial by the Senate. The official charge against her is manipulating the federal budget by directing state banks to support spending programs. She was the chair of Petrobras when the corruption allegedly occurred, however, and she and her party (Partido dos Trabalhadores or PT) are perceived by many as at least partly responsible for the scandal.

It is likely that Rouseff will be permanently removed from office within six months, but the uncertainty does not end there: As of this writing, two cabinet ministers have been removed from office, and six more are under investigation. Dozens of politicians and executives have been convicted in connection with the scandal, and prosecutors have recovered $795 million in stolen money. The economy of Brazil shrank 3.8% in 2015 and is projected to shrink another 3.5% in 2016. Moody’s downgraded Petrobras to Ba2 in December 2015, and S&P cut the sovereign rating to BB with a negative outlook in February. With the Zika virus now causing a global health emergency and the Olympics beginning in August, one wonders how many more stresses Brazil can take before serious political unrest breaks out.

Like with Pemex, the Petrobras crisis is increasing risks to suppliers already: There are trade credit insurance claims stemming from suppliers to Petrobras, and the wider Brazilian economic downturn (combined with the commodity price trough) is giving rise to other credit losses. But the Brazilian crisis goes well beyond trade credit risk. Brazil is a $2.2 trillion economy and one of the largest bond issuers in the emerging markets. As a result, this crisis has global implications: Eurasia Group has Brazil as one of its top 10 global risks for 2016.

Mexico and Brazil are not the only countries dependent on state-owned oil (or other natural resource) companies that are facing major challenges: Venezuela, Ecuador, Nigeria, Angola, Russia—the list goes on and on. In Brazil, however, there are some mitigating circumstances that reveal a silver lining. First, 85% of Brazil’s sovereign debt is held domestically, meaning it is less affected by currency depreciation and is easier to reschedule. Provided Brazil takes on some painful fiscal reforms, the country can dig itself out of the economic crisis. Secondly, so far, officials have been able to investigate and prosecute some of the parties responsible, despite the defendants being some of the more powerful people in Brazil.

There is hope that Brazil’s institutions will emerge all the stronger for being able to correct wrongdoing, which may set the stage for a more just Brazil and a better investment and credit risk environment in the long run. In the meantime, we are likely to see severe market and political volatility. It is a good idea to closely monitor your exposure in Brazil and in other countries dependent on highly indebted state-owned natural resource companies.