21 Gen Risk managers must adapt to survive in unprecedented polycrisis
Condividiamo l’intervista al nostro CEO Maurizio Castelli pubblicata da Commercial Risk Online lo scorso 4 dicembre. Ringraziamo la testata e il giornalista Ben Norris per l’attenzione e l’approfondimento ricevuti.
Risk management maturity rising but more to be done
The polycrisis has created an unprecedented challenge for risk managers and requires many to change their approach to risk identification and mitigation in the face of mounting interconnected threats, said a group of leading risk professionals at the recent Brokerslink conference.
Risk professionals were advised to improve their ability to look ahead and develop a more proactive mindset, helped by scenario planning and stress testing, to thrive. The experts also said it is important to break down silos, prioritise risk interconnections and harness data analytics.
The good news is that risk management has risen in prominence in most mature organisations since Covid-19 kicked off the polycrisis, said those attending the Risk Managers Forum at the Brokerslink event in Abu Dhabi. But they stressed that the discipline still has a way to go in other firms where action lags awareness.
The Risk Managers Forum, held at the Brokerslink annual conference, attracts a group of leading risk professionals to discuss some of the big issues of the day. This year it was held in tribute to Jorge Luzzi, former Ferma president and head of Brokerslink risk management practice, who sadly passed away in April. The focus was risk and resilience in the age of the polycrisis.
The polycrisis is defined by the World Economic Forum (WEF) as a group of related global risks that interact and amplify each other, resulting in an overall impact that’s greater than the sum of the individual risks.
It seems that since Covid-19 the risks keep coming thick and fast, in what many now describe as the polycrisis. We have faced wars in Ukraine and the Middle East, an energy crisis, supply chain issues and inflation, alongside the ongoing rise of cyber and climate change, in a short space of time.
The big challenge facing risk managers, of course, is being able to anticipate what is likely to happen next, measure the likely impact on their organisation and the accumulation of risk. This is before finding the tools to manage these interconnected risks.
Maurizio Castelli, who took over from Luzzi as Brokerslink risk management practice lead, told the forum that the polycrisis has created “unprecedented challenges” for risk professionals that demand a “completely different approach to risk identification and treatment”.
“We need to be more proactive rather than reactive,” added Castelli, who is also CEO of consultant Augustas Risk Services in Italy.
Duane Lohn, senior managing director and compliance, risk and resilience practice co-leader at B. Riley Advisory Services in the US, said risk managers have “got to get better at knowing what is happening, knowing what is coming, knowing the forecast”, to meet challenges arising from the polycrisis.
“We need long-term thinking and foresight, and the ability to anticipate future challenges. We have to develop policies that break down silos in our institutions. This can all help improve risk identification and lead to robust decision making across a range of uncertain future scenarios. We need to focus on learning and experimenting to then adjust solutions as needed,” he said.
Pedro Pinhal, CEO of Portuguese risk advisors RCG, said it is vital to conduct post loss learning and future scenario planning to meet the challenges thrown up by the polycrisis. Lohn agreed, and stressed the importance of making sure all of your crisis management plans – such as business continuity and cyber plans – work together if more than one risk hits at the same time.
“Things can look good on paper but any plan that is not tested by a simulation exercise will not work when the crisis hits,” said a risk manager at the forum. “So you have to put things down on paper and run as a simulation. Then you will know where the gaps are and can improve things. Why do you do fire drills? So when there is a fire everyone knows how to get out. So similarly, you have to do drills for risk management plans, and particularly in the polycrisis.”
Castelli agreed and said it is vital to keep these plans up to date. He also argued that trying to identify all the risk interconnections is unrealistic, and advised risk managers to keep things simple rather than go too in-depth.
“If you try hard you can always finds ways to link two risks, or dots. So the key is to find out which risks interconnections might be significant for your company, and try to factor those into your risk analysis and evaluate those possible accumulations of risk. In my opinion, it should not be rocket science and looking at very complicated interconnections but rather the more obvious ones,” he told his fellow risk professionals.
Corey Gooch, managing director for B. Riley Advisory Services and head of its ERM practice, said companies need to set their risk appetite, preferably with a formal risk appetite statement, before beginning to think how to tackle mounting risk interconnection.
“That is absolutely vital. If you haven’t done this, how do you know if a risk is significant and how and what action to take on it? This is a foundation that we recommend for everyone. If you are going to use data to make decisions, you need to know what decisions matter and when they matter,” Gooch said.
And all the risk managers were clear that data analytics and AI should play a big role in tackling the polycrisis.
Manuel Padilla, vice-president of risk management and insurance at MacAndrews & Forbes Incorporated, as well as a Rims board member, said data driven-decision making is vital for risk managers and can help them understand what they should and should not focus on.
It is important to get qualitative and quantitative data to get the full picture, and understand the value of holistic and real-time data for comprehensive risk assessment, he said.
But Padilla warned his fellow risk managers to be wary of some of the pitfalls in using data and the inherent bias in AI.
“We may have access to too much information. In the past it was hard to get the data but the problem today is we have so much and often don’t know how to use it,” said Padilla.
“So beware the ‘we have everything’ data brokers compared to sophisticated information consolidators. Other common challenges are data overload, inconsistent data, incomplete data and irrelevant data. There is the need for centralised, integrated data systems to avoid silos and improve data flow,” he added.
Lohn believes that risk managers have more authority than ever before, which should help organisations navigate the polycrisis, and feels risk management has been elevated “significantly” among board members since Covid-19 and the ensuing polycrisis.
“Before Covid, financial information at board meeting was one inch thick and risk management stuff was one page, but now risk management topics up for discussion are an inch thick too,” he said.
“Perceptions are changing,” agreed a risk manager attending the forum. “It is no longer business as usual. Interconnected risk are being looked at by many organisations very seriously. The days are gone, I think, when things were being done in silos in mature organisations with audit working on its own, risk management working on its own and crisis management working on its own,” he said.
The risk manager thinks this change has, in part, been driven by regulation. “The regulations are driving organisation to look at the interconnected risks. So regulation is a big push. Big organisations are part of supply chains so will have someone in supply chain pushing them in that direction.”
Anther forum participant agreed that there is now much more awareness of risk and risk management. “The sceptics have been converted,” he said. But he sees less of this awareness being converted into action.
“I feel the action may not always be there yet. Yes, things can look nice on paper but when it comes to companies spending on mitigation for something that might or might not happen, there is less commitment. So the question is on actionability,” he said.
Castelli believes risk management has matured, particularly at large companies in the US and Europe, but there remains a way to go for some. “We agree there are fewer deniers and companies aren’t acting in silos anymore. But the next level of maturity is putting that into action and then the next level of maturity is having risk management as a living thing that is permanently updated, permanently tested… We still have companies that are not there yet so there is more work to be done,” he said.
He concluded that the polycrisis and growing awareness of risk management is an opportunity for risk managers as long as they are ready to grasp the nettle and have developed the requisite skill set.
“When we say risk management is now on the board agenda, there is no doubt it is true. So in some ways the focus becomes not having risk management at the top of the agenda but whether risk managers are up to delivering. Risk managers have to step up and take ownership. That is why we need to continually focus on developing the profession and our training,” said Castelli.
(fonte: Commercial Risk Online)