Jul 31, 2019 | RIsk Management News
Originally posted on Raconteur by Nick Easen.
The aftermath of a global corporate scandal is a very messy affair. Firstly, there’s the breaking news, then the media frenzy, the plummeting share price, the evaporating confidence, the damage-limitation exercises and finally the groveling executives. We live in a super-charged, hyper-connected environment, answerable to the 24-hour “churnalism” cycle and social media chatterati. Boeing, Uber, Nissan, Huawei, Airbus or Purdue Pharma, to name but a recent few, have all had to step up like Winston Churchill to their darkest hour. “Crisis management can be like dealing with an explosion,” explains Jo Willaert, president of the Federation of European Risk Management Associations.
Be quick, honest, open and, in such circumstances, be compassionate in communications, these are the key principles of crisis management
And with any explosion, corporate or otherwise, everyone ducks away from the line of fire for fear of getting hit. Damage limitation can trump open communication. Slow and myopic group-think can stymy a crystal clear, crisis management plan because the stakes can be excruciatingly high and the fallout unthinkable. No one really wants to spark the next Lehman or Enron crisis. It would be career suicide.
Why do companies need a crisis management plan?
“Be quick, honest, open and, in such circumstances, be compassionate in communications, these are the key principles of crisis management,” says Julia Graham, deputy chief executive of Airmic, the UK’s risk management body.
Yet time and again these messages don’t seem to permeate the rarefied air of boardrooms or the upper corporate classes, and it shows. Whether it’s Boeing’s chief executive taking a week to respond to the fatal Ethiopian Airlines crash or BP’s boss Tony Hayward making a quip during the Gulf of Mexico oil spill saying he “wanted his life back”. The rapid, heartfelt response to an incident is as crucial today as it was ten years ago.
“An actual crisis is a pressure cooker and no time to start working out roles, responsibilities, and processes for your management team. Yes, Mr. Hayward apologized quickly, yet the damage was done and here we are almost a decade later still talking about it,” says Marc Cornelius, founder of 8020 Communications, a specialist public relations consultancy.
At the heart of every response is an effective crisis response plan. Businesses are most resilient when they’ve already considered what to do if the worst happens and if all executives understand the roles they need to play. A risk manager co-ordinates decision-making teams that need to be multi-disciplinary, with all business functions represented, since they see situations from diverse angles.
“For instance, a classic tension can exist between legal and marketing perspectives: saying very little might theoretically limit your potential liability, but will the consequent damage to your brand end up costing you more long term? You can bet those functional tensions would have been going on recently within Boeing,” says Mr. Cornelius.
Why strong leadership is crucial in crisis management
Time and again though companies are caught up in a crisis storm that is hard to weather. Facebook had its Cambridge Analytica moment, while Monsanto had to deal with a customer allegedly contracting cancer from its weedkiller, then there was Exxon’s reaction to the Alaskan oil spill, the list goes on. The lessons that can be learned are legion. Each event is unique and complex.
Rupert Younger, director of the Oxford University Centre for Corporate Reputation, thinks we need to go beyond our preparation manuals, rehearsals, box-ticking exercises, and well-documented crisis management plans, and instead, create more of a wider culture of being able to respond to crises.
“Smart companies should spend as much time listening as talking, empathy, and humanity are crucial. Each stakeholder has to feel well informed and properly looked after at all times, and internal teams need to be organized and focused on this,” says Mr. Younger.
One thing that a lot of crisis experts agree on is the crucial role that executive leadership plays in dealing with a crisis. Like the logjam over Brexit, markets and corporations look for certainty, any perceived loss of control, lack of solutions or uncertainty can cause real harm, especially in the early stages of an incident, and a lot of direction comes from the top.
A responsive C-suite is the new imperative, especially when key executives are increasingly being held accountable if their company is not able to respond to a crisis. Look at various governments’ response to the live-streamed mosque attacks in New Zealand and their crackdown on social media companies for showing harmful content, from Australia to the European Union, including the UK.
Sound risk management leads to greater trust
When management could be personally liable for these crises and fines could reach as high as 4 per cent of global turnover, as is the case under the EU’s General Data Protection Regulation, it’s enough to make any corporate board, from Twitter to YouTube, rewrite their crisis management plans and think twice about how they respond.
“Yet events usually outpace responses and without preparations or expertise at the table, leadership can find themselves frozen as they watch things unfold. The organization needs to be clear on who takes the lead in efforts to restore the confidence of the public, clients, employees, and investors,” says Erik Petersen, head of crisis management consulting in Europe at Control Risks.
“The issue is that leaders will often be required to make decisions with insufficient information. It can take days or sometimes longer to get facts or understand the nature of the problem, while stakeholders will demand immediate answers and response.”
The fact is most of us trust corporations around the globe without knowing what kinds of systems they have in place to deal with risk, safety, and incidents that involve people’s lives, health and wealth. We eat, fly, drink, drive and consume various products from countless companies that we put our utmost faith in. The question is, can we really trust them?
“Companies that manage risk well tend not to face crises of their own making,” says Sandra Sucher, professor of management practice at Harvard Business School. “In my research, I’ve found a close association between sound risk management and being trusted. Risky actions lead to mistakes of many kinds, and we mistrust, with good reason, companies which don’t seem to appreciate the consequences of their mistakes and fail to anticipate the risks that things could go wrong.”
Why you cannot ignore crisis communication management
Another aspect that’s crucial is crisis communication and the language used. “It is arguably becoming one of the most important elements of damage limitation in an era where harm to brand and reputation is the greatest part of the impact,” says Mr. Petersen.
Increasingly, big corporations value the role of crisis communications, they also understand that it’s a specialized skill either to be cultivated in-house or via an outside consultant who knows the business well and is on call. “Those organizations that don’t value communications, do so at significant risk,” says Kelli Matthews, senior instructor at the School of Journalism and Communications, University of Oregon.
Many crises that whip through the media are hardly binary affairs, they are infinitely complex. The key is to make these issues simple and communicate in plain, unambiguous language. “This can be really challenging,” says John Martin McDonald, founder of Caeli Communications. “As Mark Twain once said: ‘I didn’t have time to write you a short letter’. But you must make the effort and do it throughout the crisis.”
Reputational damage may be significant, if not permanent
All this underplays the role of the risk manager, yet they are a crucial go-to person in any crisis. They have a pivotal role to play since the impact of a crisis can touch many facets of a business from customers to shareholders, affected communities to supply chains.
“The professional risk manager serves as a coordinator across many functions that need to be involved in a situation like this, both for the manufacturer and the airlines in the case of the Boeing crisis,” says Typhaine Beaupérin, chief executive of the Federation of European Risk Management Associations. “The risk professional will also play an important role in managing the complex insurance issues that will inevitably arise as a result of a crisis.”
It’s not all doom and gloom. Many businesses can be resuscitated over time. “A company’s reputation is not earned overnight and, usually, not lost overnight,” says Marc Szepan, a lecturer at the University of Oxford Saïd Business School.
But beware, a recent study by The Economist of the eight most notable corporate crises since 2010, including those at Uber and Wells Fargo, found that the median firm was worth 30 percent less today than it would have been had the scandals not occurred. Ouch.
Feb 27, 2019 | RIsk Management News
It is not a risk-free proposition for nonprofit boards to make investment decisions that meet philanthropic goals. This is all the more difficult for those trustees without a background in finance. The simple answer is usually to allocate the investments conservatively and rebalance periodically to at least beat inflation and preserve capital. Large charities like university endowments turn to more sophisticated methods of portfolio diversification, expanding beyond stocks and bonds into vehicles like hedge funds, private equity, venture capital, and real estate.
The Conversation’s detailed article cautions that it is not enough to focus only on returns; in fact, it’s more important to consider risk-adjusted returns. In the case of digital currencies, it would have required nerves of steel for trustee investment committees to commit to pre-established decision-making processes to avoid the bitcoin crash in early 2018, after it rose by 1,318 percent against the US dollar in 2017.
These gains gave way to massive losses in the first eight months of 2018, when digital currencies plunged more sharply than the dot-coms crashed in the early 2000s.
Some charities that received massive cryptocurrency donations in 2017 may not have been able to convert them into regular money before they lost much of their value the next year. Silicon Valley Community Foundation, for example, disclosed in its 2017 audit report that for more than 45 percent of its investment assets, restrictions would prevent them from being converted to cash at any point in 2018.
The fact that charities only disclose their financial data once a year means that the scale of their at-risk wealth, as of now, is unknown.
There are more reasons than volatility to be concerned about holding onto investments of cryptocurrencies. Wallets and exchanges used to hold the investments can be hacked. Compliance issues abound. Regulators are still catching up to the IRS ruling in 2014 that treated digital currency as a form of investment property. The sweeping new tax billpassed into law last December may bring more change. Inasmuch as digital money ledgers for transactions are owned and maintained by the users of the systems rather than controlled by a government or a central bank, it is difficult to predict how government will eventually choose to manage this revolutionary type of money.
The Conversation article goes on to examine other forms of appreciated assets being given by a shrinking group of ever-wealthier donors and the “charitable middlemen” needed to help facilitate these donations.
Fidelity Charitable got 61 percent of its donations in assets other than cash in 2017. Other prominent donor-advised fund sponsors saw a similar result. Schwab Charitable obtained over 70 percent of its 2017 donations in non-cash assets. In the last month of the year, that figure was 80 percent for Vanguard Charitable.
These fast-growing charities bring a key skill: harvesting capital gains. That is, they accept tax-advantaged donations, hold onto that wealth, and—in most cases—transfer the money derived from those assets to the donor’s charities of choice when the donor asks.
For nonprofits, it could be said that today’s donor classes are creating as many challenges as solutions. As government funding continues to diminish for many of the issues addressed by the nonprofit sector, private philanthropy becomes all the more important, and along with it, the skills to properly raise, receive, and manage the forms and flavors in which it is given.
Author: Jim Schaffer
Source: Nonprofit Quarterly
Dec 26, 2018 | RIsk Management News
Risk managers can develop better risk management programs if they collaborate effectively with other departments, but first, they must win their colleagues’ trust, two risk management professionals said.
By adjusting how they communicate, risk managers can learn more about the concerns of other departments, explain possible solutions to problems and be viewed more as a business partner than a person who deters risk-taking, they said.
While many companies are either underinsured, overinsured or carry the wrong type of insurance, risk managers often feel that they are known as the “department of ‘no’” and that other department heads don’t tell them enough about the risks they face and, therefore, they are hampered in their job, said Liz Walker, director of enterprise risk and global insurance for Groupon Inc.
To solve that problem, she said, risk managers should take more ownership of the situation and ask: “How can I reduce or manage risk if I’m not communicating effectively?”
She was speaking during a session Monday at the Chicagoland Risk Forum, sponsored by the Chicago and Mid-Illinois chapters of the Risk & Insurance Management Society Inc.
“It’s about us. It’s about how we conduct our relationships internally and externally,” Ms. Walker said. Risk managers should generate trust and a sense of partnership with others at their organizations before they approach them about renewals, claims review and other risk management issues, she said.
To encourage trust, risk managers should adopt communications strategies that reflect their goals, such as using risk management to identify opportunities for business units, Ms. Walker said.
Or they can make clear how they can help colleagues through their insurance expertise, said Mary Friedl, insurance and claims manager at Redbox Automated Retail LLC in Oakbrook Terrace, Illinois, who introduces herself to colleagues as “the insurance nerd.”
“They know me now, and they know that if they need the insurance section of a contract reviewed to make sure it’s appropriate, they come to me,” she said.
Once risk managers have articulated how they can help people, they should ensure they are aligned with their organization’s values and strategy, develop and use a common language around those goals and values, and frame conversations with colleagues with those goals in mind, Ms. Walker said.
For example, rather than simply ask for total insured values at renewal times, risk managers should meet with facilities managers to let them know that they are looking to cover all property and equipment and ask about recent purchases and plans for the next year so they know the risk manager is seeking to align the coverage with their plans, she said.
Getting access to operating plans for different lines of business is also valuable for risk managers, she said. “It tells you not just what risks are coming up, but also what keeps your business partners up at night, which is a goldmine for potential opportunity to help them solve their problems,” she said.
Risk managers should also adjust the terms they use to reflect their audience, said Ms. Friedl. “Keep in mind who your audience is and what you want to get across to your audience.”
Risk managers can also use outside service providers, such as brokers, to help communicate with other managers within their organization, Ms. Walker said. For example, brokers offer training services where they come into an organization and talk about specific coverages and other issues that are relevant to various departments, she said.
Dec 12, 2018 | Blog-All
You’ve recognized the need for a risk management system, evaluated vendors’ products, and chosen the system that’s best for your organization. It may seem like the work is done, but there’s still a significant challenge ahead: the implementation of the system.
This step is arguably the most important: failure to smoothly implement a risk management system will make it much harder to achieve success. Before beginning implementation, consider the following advice:
9 Steps to Implementing a Risk Management System
1. Define the end goal before starting
It’s impossible to begin any kind of project without a thorough understanding of where you’re going. Doing so will lead to confusion, frustration, and wasted resources as the team moves in multiple directions at once without any noticeable results.
Since you’ve already gone through the process of selecting a risk management system, you know what issues need to be solved and where the system is needed. Formalize this knowledge by creating a document that defines exactly what your organization needs from the system and how this can be accomplished.
If you’re going to use the risk management system in multiple areas, determine your priorities. These should be the areas with the most issues; highlighting these problems will allow the team to tackle them first.
In addition, define success for your risk management system. Are you aiming for a lower number of claims? Would you like to see a reduction in costs? Should your team reduce time spent on redundant tasks by 50%? Whatever the goal, pre-defining success ensures you can measure the effectiveness of the system through implementation and going forward.
2. Set a timeline
Implementing a risk management system is a complex process. It’s important to understand exactly what is involved and what that means in terms of a timeline. The vendor and your team must find a balance: if an implementation is too quick, something may be missed; if the implementation takes too long, the team may lose faith in the system or become upset with the vendor.
Consider these stages in the implementation process:
- First, the risk management system must be set up. The vendor will need to import historical data and complete any necessary customization.
- The system must be tested to ensure it will work correctly throughout the organization.
- All users must be trained in the proper use of the system.
Project management is key when implementing a risk management system. Determine milestones that can be easily measured throughout the process to keep all stakeholders on track, and consider appointing a project champion who is responsible for seeing the implementation through.
3. Build a relationship with the vendor
In many situations, the internal risk team views the vendor implementation team as external stakeholders who are only present for a few weeks or months. This is the wrong mindset. Risk management vendors have high levels of knowledge, insight, and resources that can help you manage both new and existing risks at any time.
By building a relationship with the vendor, you’ve widened your risk management network and increased the size of your risk management team. This can only benefit you as you seek to achieve your goals with the risk management system.
4. Be open to vendor suggestions
Risk management systems are built a certain way for a reason. Vendors have extensive experience with the needs of organizations much like yours. You should always be open to their suggestions, especially if they’re recommending a particular process.
Many teams fall into the trap of purchasing a risk management system only to use it in exactly the same way as their old system. For example, a team that switches from Excel spreadsheets may continue to manually add and report on data in the system, even when automation is possible. This mistake can be critical: the team continues to poorly utilize resources while extra resources are used to pay for the new system.
To avoid this problem, carefully consider all vendor suggestions on how their risk management system can truly improve your organization.
5. Customize where necessary
While vendor suggestions and knowledge are valuable, sometimes they may not realistically fit into your organization or goals. Some aspects of an out-of-the-box system may not be right for you. In this case, some customization is ideal. For example, consider your organization’s hierarchy, the ideal usage of the system, and your reporting needs. Only you can determine exactly how a risk management system will best fit into these requirements.
6. Be flexible
Adapting to changing circumstances is important when implementing a risk management system. Tasks may take more time than expected, there may be technical difficulties, or an employee may have a particularly hard time during training. You must understand that difficulties like these are bound to happen and typically only involve a small adjustment. Being ready to re-prioritize or modify existing plans allows all stakeholders to feel comfortable through the implementation process, even if not everything goes as planned.
7. Involve users and decision-makers
Another common mistake in the implementation of risk management systems is involving only decision-makers. While executives and top managers may be able to pick the system that best suits organizational goals, they aren’t the ones that will be working inside the system every day.
Involving users from the beginning ensures that the entire risk team is onboard or even excited about the change. They can also provide valuable insight into implementation: they may have needs or desires that decision-makers wouldn’t know about and can reduce complications in the implementation process.
8. Communicate
Any significant organizational change is likely to fail without regular and proper communication. When implementing a risk management system, there are two critical communication avenues: the vendor and employees.
No matter how robust their system, vendors cannot read your mind. You must explain your system, timeline, and security requirements as well as how involved you expect them to be in the implementation process. This will keep both teams on the same page and prevent frustrating back-and-forth conversation.
On the employee side, users need to be taught what to expect from the system. In some cases, users may feel that they are being replaced by the system; it is your job to reassure them that the system will actually make their jobs easier and more meaningful by streamlining complicated processes. Tell your employees what will change and how it will impact them individually, and make them aware of these changes well in advance. Educating them on the role they must play in the implementation of the risk management system will simplify the process.
9. Implement in stages
While risk management systems often have extensive functionality, it can be overwhelming for a team to implement them all at once. This is frustrating to employees and can actually lower the chances of system success. Instead, choose the one area that is most in need of the system and start there. This allows the team to gradually become comfortable with the system and then expand their capabilities.
Using one small change as an example of the effectiveness of the system can also help win over resistant employees and prove that the system has value.
Risk management system implementation can seem like a daunting task. Following this advice will put you well on your way towards achieving your risk management goals.
Author: Rebecca Webb
Source: ClearRisk
Dec 5, 2018 | Informative, RIsk Management News
Active shooter coverage available in the market can cover a wide variety of potential liabilities for employers whose workers, customers and others are impacted by such an incident, experts say.
Laura Zaroski, Chicago-based area senior vice president, law firms practice, for Arthur J. Gallagher & Co., said active shooter coverage, which primarily comes out of London, with a handful of domestic insurers, can include counseling, medical disability expenses for victims, funeral expenses, death benefits, and “loss of attraction” coverage, when a mass shooting results in a loss of revenue because people are no longer coming to the location of the incident.
She spoke during a session at the Professional Liability Underwriting Society’s conference in San Diego on Thursday as attendees were still absorbing the news of the shooting in a Thousand Oaks, California, bar Wednesday in which 12 victims and the gunman died.
Ms. Zaroski said other coverages include the cost of upgrading a building and its security, damages to a building, relocation costs and sometimes the cost of a teardown following an incident
Thomas Lookstein, New York-based head of financial and professional line claims for Starr Adjustment Services, a division of the Starr Cos., said one question that should be addressed is whether these policies have terrorism exclusions.
Marchelle M. Houston, senior vice president, bond and specialty insurance, for The Travelers Cos. Inc., said another potential claim is kidnap and ransom, where people are unable to leave a facility during an incident. You have to look at the host of allegations and policy terms and conditions to determine other insurance issues as well as exclusions, she said.
“We shouldn’t just be waiting for an event to do it for the first time,” said Ms. Zaroski also. “Let’s learn what to do and handle the situation before it arises.”
With the number of shooting incidents increasing, “more and more lawsuits are being brought against employers” in their wake, said Claudia A. Costa, a partner with Gordon Rees Scully Mansukhani LLP in New York, who moderated the session.
The U.S. Occupational Health and Safety Administration’s general duty clause states employers must have a place free of recognized hazards, and active shooting incidents are considered such a hazard, said Ms. Costa, adding her firm has been involved in defending some of these cases. Claims filed against employers in active shooter situations include negligence and failure to train workers, she said.
Other charges, she said, include negligent hiring and retention, which was an issue in the 2003 naval yard shooting in Washington that left 12 dead.
In that case, complaints from fellow employees that the shooter heard voices in his head were not addressed, and there had been a prior incident in which the shooter had shot through his ceiling to the apartment of a neighbor, she said. Bullying was cited as a factor in the 2015 San Bernardino shooting, in which 14 people were killed, said Ms. Costa.
