man on motorbike at sunset

Risk managers are in the know business, not the no business

It might be too expensive to insure every risk, but we can’t say no to things that involve risk. We have to manage it. Risk management is about the know, not the no. Lance Ewing tells RSK Review’s Gert Cruywagen what risk managers need to think about, including the biggest risks that face us today.

I recently took a motorcycle holiday and had a great time. When he heard what I was doing, my brother asked, “You’re a risk manager – how can you take that kind of risk?” I said, “You cannot live in a bubble and neither can corporations. If I hadn’t gone on the trip I would have missed out on a great time!”

Risk has brought us a tremendous number of things we use today. If we did not take risks, we would not have companies like Virgin and devices like mobile phones. A risk manager identifies the risks and manages them. They do not just say no to every opportunity because there is a risk. Risk is also not taking the opportunity and missing out. It is not only a bad thing happening, it is also a good thing not happening.

Risk management cannot be the department of no, it must be the department of know. Know the risks and manage them. I wore a crash helmet and leathers on my motorcycle. I was not oblivious to the risk or ignoring it, I took steps to manage it. You can pursue the opportunity if it is risky, while finding the ways to manage the risk.

Factors driving risk management

There are three main drivers of risk today – the Covid-19 pandemic, natural disasters and everything related to technology.

A pandemic was on very few managers’ crisis plans and most of us were bowled over when the pandemic struck. We were underprepared. One business that wasn’t was Wimbledon. The All England Lawn Tennis and Croquet Club, who run the tennis championship, bought pandemic insurance for the last 17 years. They received a payout of $141 million when the 2020 event was cancelled. Their yearly premium for pandemic insurance was around $1.9 million.

Ever since the start of the pandemic there has a lot of talk about a new normal. This has not been completely defined yet. The Covid-19 situation is going to dynamically change how we evaluate risk. We must think about a lot of aspects. Will we always take people’s temperatures when they walk into a building? Will we continue to working remotely? If so, what of the new risks that have been introduced?

Natural disasters continue to be a risk. We have a hurricane brewing right now off the west coast of Africa. Hurricanes, earthquakes and Icelandic volcano eruptions disrupted northern hemisphere air travel in the last few years. We are also seeing some disasters as result of human mistakes, such as wildfires started by campers.

I am not a scientist or climatologist, so I don’t know if these natural disasters are due to climate change. I do know that in certain areas certain natural disasters are regular events and we have to plan for them. We need to recognise the potential for natural risks. There may be years where there are not many – these things ebb and flow. But they do need to be a constant in the risk manager’s mindset.

Technology is the number one risk

The risk when it comes to technology is the number one fear I have. Everything we do is tied to technology. As a profession I do not think we are quite up to speed on it. We tend to hand it over the tech guru or chief information officer and ask them to deal with it. And while we do have cyber insurance this is becoming expensive. Importantly, it is not just the large companies that are being phished and hacked. Small companies are experiencing the same thing. We have to get better at managing technology risks.

Covid-19 has driven us more into the tech world. As risk managers we need to see how our industry will be impacted by technology and identify the risks. We need to look for the bigger picture holistically, so we can know and manage those risks.

There is also risk attached to policy – who makes it and how it is implemented. In the US, we have allowed US Treasury to manage the Terrorism Risk Insurance Program. This is the act that deals with insurance claims related to terrorism. Treasury decides what is a terrorist act and how to spend the funds it has for these claims. No money has been spent. How will pandemics be managed if one body has control of where, when and if money allocated to pandemics is spent?

Managing risk isn’t just about insurance. Insurance is just one arrow in the risk management quiver. Risk management effectively stands in front of insurance. A risk manager says I can mitigate or transfer this risk. Although, risk managers do need to look carefully at the exclusions on their insurance policy because this sets the tone for risk management and tells them what risk will not be insured. Risk managers need to ask what they are doing to manage the uninsured and the uninsurable.

Risk management holds companies and communities together

Risk management is the fabric that holds the company together, and sometimes that fabric holds the community together.  Sometimes corporations look at risk management as the land of misfit toys. If they don’t know what to do with a problem or situation it becomes risk management’s job. If there is a cyber security breach, or a natural disaster or something like Covid-19, it is handed to risk management.

Risk managers need to look at how we can promote risk management, not just in our risk management vertical. How do we push our message out to the wider world? This is the time for risk management to shine. It’s time to put up our hands and say how we shape the future.

Lance Ewing is executive vice president for global risk management and client services at Cotton Holdings, a company offering international risk management services. He is a past president of RIMS (Risk Insurance Managers) and holds Master’s degrees from the University of Pittsburgh and Columbia Southern University.

Leave a Comment

Your email address will not be published. Required fields are marked *