Listening to the signals: the decibels that ring loudest in the ears of risk executives in the electronics industries have to do with privacy and business interruption

Risk & Insurance, Dec, 2004 by John (American clergyman) Williams

If you ask risk managers in most any industry what their significant risks are, the majority will be able to rattle off half a dozen or more in rapid succession.

However, ask risk managers in the electronics industry and, due to the nature of the business, many will focus on the growing challenges they face with unique exposures, such as privacy.

Business interruption is their major risk, hands down, either what happens between the "four walls," or, perhaps more significantly, throughout their supply chains. The other primary risk lies simply with the ups and downs of the insurance market and the importance of educating carriers to the uniqueness of the electronics industry.

A few other issues do come up, such as intellectual property, product recall, D&O liability, and privacy. Of these, privacy is growing into an interesting and challenging exposure, given the patchwork of worldwide regulations.

"Electronics companies must deal with privacy issues more than other companies because of the technology they use, which can impact privacy either positively or negatively," points out Mark Carey, CEO and founder of DelCreo Inc. of Alpine, Utah, a risk consulting firm that specializes in the electronics industry. "One problem is that privacy regulations differ from country to country."

For example, in some European countries serial numbers on electronic equipment are considered private. In addition, when you send your data across borders, you create additional risk. "You may be in compliance with regulations in India, but not in Canada," he says. "As such, if you are a U.S. company with tech support operations in India and customers in Canada, the privacy issues can become very complex," Carey adds.

"Electronics is a specialized industry, and we have a lot of unique exposures," says Paul Miles, director of risk management for Analog Devices Inc. in Norwood, Mass. "Even a small incident can cause extensive damage and property losses. It can also interrupt the production cycle and lead to downtime."

Patrick O'Brien, Sr., director, global tax, treasury and risk for Molex Inc., the Lisle, Ill.-based maker of electronic, electrical and fiber optic connection systems, agrees. "Our biggest concern is business interruption." In this, he includes business continuity planning, disaster recovery planning, and supply chain security. "We can't prevent disasters, but we can be poised to react so that a disaster has the least impact on our ability to get products to our customers."

David T. Torpey, a partner and practice leader of the insurance claims service practice of Ernst & Young in Dallas, also stresses the importance of paying attention to business interruption risk.

"If you end up being shut down due to a flood, hurricane, fire or other event, you need to make sure you have excess capacity in other plants or the ability to utilize temporary facilities to continue manufacturing," says Torpey.

Another useful strategy, says Carey, is to consider implementing an enterprise risk management initiative. "This is variously called supply continuity, business resiliency, and crisis management," he explains. "Regardless of what you call it, though, the key is to make sure all parts of your organization are involved in risk management to some degree and are coordinating and communicating with each other."

ACHILLES HEEL: THE SUPPLY CHAIN

While Torpey admits that internal business interruption is a significant concern, an even greater risk for electronics companies is supply chain risk, especially in terms of the relationships manufacturers have with their suppliers.

"This is especially true since many electronics companies simply assemble the parts that they receive from subcontractors," he says. "What if one of these subcontractors in Asia is hit by a typhoon? What if there is political risk in that country? You need to make sure that you have alternate suppliers."

Tom Henderson, corporate risk manager for Texas Instruments in Dallas, agrees with Torpey's assessment. "The biggest challenge with supply chain risk management is that you have little control over how your suppliers and customers manage their risks, so your insurable interests are limited," he says. "However, you still have to try to manage these risks."

In the past decade the semiconductor industry has intensified that challenge by using more outsourcing, fabricating foundries and subcontractors. "We continue to look at supply chain risk issues, especially in our semiconductor business, which has become more global in recent years," says Henderson. We address the issues of potential loss of customers and potential loss of suppliers."

Whenever possible, Henderson works with risk managers in supplier and customer organizations. "It can be very useful when two risk managers, particularly when there is a contract issue, can sit down and resolve differences," he explains.

Molex's O'Brien also focuses on managing supply chain risk issues. "We make sure our suppliers have the ability to second-source from one of their other facilities, or we are poised to go to an alternate source ourselves," he says. "We also work with [freight company] carriers to make sure they have business continuity plans in place." These are the freight companies that deliver shipments from suppliers to Molex's facilities, from Molex to its customers, and even between its own facilities. "A substantial part of our business model is intercompany," says O'Brien.