"Survival of the fittest is the ageless law of nature, but the fittest are rarely the strong. The fittest are those endowed with qualifications for adaptation, the ability to accept the inevitable and conform to the unavoidable, to harmonize with existing and changing conditions.” — Dave E. Smalley
If you should find yourself stranded on a remote island, adopted by a primitive tribe that is fighting for its survival against other competing tribes, there are a few things that are good to know: Who are the important members of the group, and how can you ensure that they value your contribution? Who are your natural allies and potential enemies? What resources are available to you to carry out your role? Who are the ultimate leaders who make the decisions that will determine the fate of both the tribe and you? How can you best communicate with them? In short, what are the politics of survival?
The Key Tribe Members
The most important individuals in a tribe are those who provide for and protect the group: the hunters and warriors. In a corporation, they are the leaders of business units that generate revenue and acquire additional resources. As the risk manager, it is important to your survival that these individuals know you exist and recognize your value. You must, therefore, tell them you exist and are valuable. This communication can take various forms, including periodic summaries of insurance coverage; risk management advice; claim notification procedures; participation in internal business forums; etc. Business leaders are provided with high-level advice and more detailed information promulgated more widely to the field.
If proper visibility and credibility are established, business leaders will seek your advice on how to manage the risks of proposed business initiatives. Ideally, you will be valued as a facilitator to be engaged rather than as an obstacle to be avoided. For this end to be achieved, you must thoroughly understand your firm’s business, not only to effectively assist business leaders, but to represent the organization to insurers. Your role in communicating with underwriters is like that of investor relations, which interprets the firm for the investment community.
Allies and Enemies
There are many other people in the tribe with direct responsibility for risk management, and even more who manage assets that you are responsible to protect. It is critical to identify these individuals and develop an effective working relationship with them. Failure to do so can create antagonisms and turf battles that are entirely counterproductive to the protection of the organization—and to your future within it.
Internal audit. Like risk management, audit is one of the areas that works across the entire firm. It can be an extremely valuable ally and source of information to you as a risk manager, especially in gathering the data necessary to complete detailed underwriting questionnaires. Audit will have documentation on the entire internal control environment across the global organization. It will have extensive information on prior losses, and can provide valuable resources to investigate and quantify future losses. Audit can also be helpful in scheduling annual insurance presentations onto the agenda of the audit committee of the board.
While audit can and should be a valuable resource, it is important to avoid becoming identified with it in the minds of the business personnel, who tend to be less forthcoming in dealing with auditors.
Information security. Information security plays one of the most important roles in risk management and will be critical to the investigation and negotiation of any insurance coverage for electronic risks, such as viruses, unauthorized access, misappropriation of proprietary information, or any of the many other threats.
Corporate security. The nature of this function will vary with the type and size of organization. It is found in one of its most evolved forms in the global financial institution. In this environment, the function is usually staffed by highly experienced law enforcement and investigative personnel. These individuals screen employees, monitor and maintain perimeter security around all facilities, perform investigations, and provide protection to key executives and their families. In this capacity, corporate security officers develop direct personal relationships with members of executive management.
Contingency planning/business continuity planning (CP). CP manages the business interruption risk that you are attempting to insure. The roles are so closely related that the function is sometimes delegated to the risk management unit, which, in any case, is responsible for explaining the risk and its mitigation to potential insurers.
Human resources (HR). HR is your source for all employee-related information. HR will draft and enforce the policies designed to mitigate employment practices liability. In many firms, risk management will negotiate workers compensation coverages and funding, but HR will provide the extensive resources to administer the workers compensation programs.
HR will also manage the employee medical insurance and benefit plans that represent very significant dollars, and HR necessarily plays a key strategic role in the organization.
Compliance. One of the most effective tools available to you and other risk management stakeholders is the absolute requirement for the firm to achieve regulatory compliance. The necessity to achieve compliance limits discretion on the part of business and support units in allocating necessary resources. You must understand the regulatory context in which the firm operates in order to leverage it effectively
General counsel. The general counsel plays a key role in corporate governance, and the directors and officers liability coverage provides a basis for ongoing interaction between the general counsel and the risk manager. The office of the general counsel is also an important source of valuable information. For example, the office will usually issue a periodic summary of all pending litigation against the firm and its directors and officers. This is the type of information that you must carefully review to determine what must be disclosed to insurers, and then work closely with the general counsel to determine when and how to communicate such information externally. You will also work with the general counsel in the coordinating the use of outside counsel.
The general counsel can be an important source for you in identifying and prioritizing critical risks that the insurance risk management program should address.
Mergers and acquisitions. You should be a member of the mergers and acquisitions due diligence team. Potential acquisitions are usually strictly confidential involving only those among the tribe with a perceived need to know. The risk manager should be a part of that core group. Although communication with insurers will ordinarily be precluded until the deal is made public, the risk manager will play a potentially important role in due diligence identifying uninsured and unfunded liabilities, as well as transition insurance issues that arise out of a change of control of the target entity.
Information technology (IT). IT is the source of all technology asset information for insurers, and can be of great assistance in ensuring that all such assets are properly valued and insured.
Operational risk is sometimes defined as the risks arising out of dependence upon people, facilities and systems. Technology has arguably become the greatest single dependency of modern business. The direction taken by IT will largely determine the risk profile of the organization. It is critical that risk management, including contingency planning and information security, be an integral part of the technology planning process from the outset.
Technology can also alter the firm’s risks through outsourcing. Under such arrangements, there is often an outsourcing of function but not of responsibility. Accountability usually remains because the outsource firm rarely assumes liability for consequential damages, beyond a limited penalty. You may be asked to review the outsource firm’s insurance policies, however, absent any responsibility, these policies can be irrelevant.
IT is an example of an area that can be a key ally or a major impediment to risk management.
The sheer size and importance of IT can give it the clout to steamroll initiatives and co-opt risk management roles, subordinating them to its own priorities.
Facilities. Facilities manages another key component of operational risk, and is a critical source of asset information and values. Facilities personnel are essential allies in coordinating relationships with property and casualty insurers, particularly those insurers who prefer to become a part of the extended facilities management team. This can be a valuable synergy or a potential source of conflict depending on the pressures of cost and time. With facilities, as with technology, planning should incorporate risk management considerations as integral to the process.
Finance. Risk management frequently reports into the finance or treasury function, with insurance viewed as one component in the overall approach to managing and funding financial risk. As such, risk management should ensure that its strategy is consistent with the organization’s overall approach to risk. However, while the firm may choose to assume significant risks in some areas, insurance often offers the opportunity to outsource significant risk at nominal cost. An insurance portfolio, like an investment portfolio, reflects the needs and attitudes of the client within a dynamic market. There is no one right way.
Procurement. Sophisticated procurement practices, including vendor management, have become standard business practices, and can be the pivotal component of success in many industries. Risk managers have much to learn from the procurement specialists and will benefit from the association. It will also enhance your survival potential to be able to demonstrate that contracts are awarded on the basis of objective criteria, with both the standards of performance and the specifics of compensation fully documented in state-of-the-art service level agreements.
Managing External Resources
In evaluating the relationship of the firm with its brokers, agents and underwriters, it is important to know the political context in which these relationships were formed. While the risk manager may not be aware that the insurance agent is the firm’s largest client or the chairman’s brother-in-law, the agent certainly knows and has probably already leveraged this relationship—and will do so again.
If you intend to renegotiate compensation, draft a service level agreement and/or initiate a full-blown request for proposal, the political context must first be understood and the support of senior management secured. It may be that political and/or business considerations preclude a full request for proposal (RFP) process, but management will usually support a fair re-evaluation of an existing relationship.
Vendor Selection and Management
Within the constraints of business and political realities, brokers, agents and insurers should be selected on a fair, competitive basis, with service expectations and compensation specifics thoroughly documented.
The RFP should include the essential risk and exposure information without necessarily including any information on the current insurance program. The brokers should be allowed a reasonable period of time in which to provide a conceptual proposal or actual quotations, if markets have been assigned. It is not professional to spend four weeks drafting an RFP and then demand that vendors respond to it within 48 hours. Such behavior engenders unprofessional responses overflowing with generic boilerplate.
The requirements of the RFP should provide that proposals be restricted in length. This will both serve to eliminate generic boilerplate agreements, and force a response more focused on the specific needs of the client. In addition, it should be required that the small working team and its qualifications be specifically identified. It is these individuals who will actually be working on the account that the risk manager should meet with to discuss the proposal. A decision should be made on the basis of predetermined and weighted evaluation criteria communicated in the RFP.
If the program is large enough for its pieces to represent significant business to more than one broker, it may be preferable to divide the coverages among different vendors, perhaps separating property, casualty and management liability. In this way, the risk manager can remain both a client and, more importantly, a prospect of each firm.
Executive Management Communication
The opportunities to communicate directly with executive management are limited, and should be carefully managed to create a positive impression. Unless you are employed by an insurance company, the members of your corporate office are probably not fascinated or even particularly interested in insurance. They may acknowledge that it is valuable and necessary but only want to ensure that competent people are responsible for it and that the organization is prudently protected. They are not at all interested in being impressed by your extensive technical knowledge. Professional competence is assumed.
Communication with executive management must be concise and clear. If the issue is not addressed on the first page in executive summary format, (issue, alternatives, recommendation) it is likely that you will lose the reader’s attention. Extensive detail and analysis may be included but the decision makers will not want to re-analyze the data. If they feel the need to re-analyze the data and the recommendations, your prospects for survival are not looking good.
Annual reports to the board. There are various opportunities for face time with the corporate office and board. An annual report to the board on the insurance and risk management program is one. For example, financial institutions interpret regulations as requiring an annual board certification of the insurance program. This presentation can take the form of a memo to the members of the audit committee to be included with the pre-meeting material, and a brief graphic presentation at the meeting.
Renewal negotiations and claims. The area of insurance that has the greatest personal significance to the members of the executive office and the board is the directors and officers liability coverage. Under certain circumstances, this insurance may be the only protection for the personal assets of the directors and officers. Underwriters often wish to meet with members of executive management as part of the policy negotiations, and this provides another opportunity for visibility at the highest level.
Actual claims against the directors and officers can provide a much more stressful opportunity for visibility in which the insurer’s response is sometimes less than optimal.
More than Intelligence
Once your place in the tribe is relatively secure, more sophisticated approaches to risk management can be pursued, and you will have laid the necessary groundwork to do so. This survival guide is intended to ensure that you remain in the tribe long enough to make that possible.
While adaptability has been stressed, it is as a means to an end: the goal of effectively contributing to the risk management of the organization. Do not assume that your own knowledge and ability will allow you to ignore the politics of survival. You need only look around the industry at those who have survived and advanced to appreciate Stephen Hawking’s assessment of evolution: “It is not clear that intelligence has any long-term survival value.
--------------------
William J. Kelly is the president of WJK Advisory LLC and a former president of RIMS and chairman of IFRIMA. This article was developed from the outline of a presentation given by Bill Kelly and Tom Paar, vice president of Cole Taylor Bank, at the annual American Bankers Association Risk Management Conference in January 2007.
