Beyond Compliance: When Risk Management Becomes a Competitive Advantage

Global Finance, Sep 2004 by Platt, Gordon

More and more companies are appointing chief risk officers to manage risks throughout the organization. A few are embracing risk-management techniques to gain a competitive edge.

What started as a trickle in the financial services industry a few years ago has become a stream of news releases from a broad range of companies announcing that they are filling the new position of chief risk officer, or CRO. Partly in response to corporate scandals and ensuing regulatory requirements, hundreds of companies worldwide have named senior-management level CROs to identify and respond to risks that cut across the entire enterprise. The increased focus on corporate governance and a heightened awareness of danger in the world after September 11 are spurring companies to improve their measurement and handling of financial and operational risks.

"Deciding what risks you want to take is so vital to the future of a company that it should not be done on an ad hoc basis," says Prakash Shimpi, president of Fraime, a New Jersey-based management consultant. While bankers have become familiar with the concept of risk-based capital, managers of industrial companies are only beginning to understand what is at stake, says Shimpi, former CEO of Swiss Re Financial Services. "I could argue that every company needs a chief risk officer," he says. Enterprise risk management techniques, implemented by CROs, enable companies to increase transparency, safeguard shareholders' interests and mitigate risks while making the most productive use of their capital, according to panelists at a recent discussion hosted by New York-based rating agency Standard & Poor's, the Society of Actuaries, and the Casualty Actuary Society (CAS). The actuarial organizations are leading an effort to promote the role of the CRO in insurance, banking, asset management, energy and healthcare companies, as well as government agencies.

Actuaries have a set of skills that make them the most logical and experienced candidates for the position of CRO, says Don Mango, vice president of research at the CAS and director of research and development at Missouri-based GE Employers Reinsurance. "Enterprise risk management, or ERM, is the science of a well-run profession, not a fad," Mango says. "Actuaries assess the economic impact of uncertain future events and communicate options to people in a company who make the decisions," he says.

When management is unaware of the kinds of risk they have, this blind spot can get them into trouble, says Francis P. Sabatini, partner in the Hartford, Connecticut-based insurance and actuarial advisory services practice of Ernst & Young. "Some companies are better at risk management than others," Sabatini says. "A lot of it has to do with the corporate culture." Nearly all of the significant decisions that corporate officials make now go through a risk-management process, he says. This enables a company to modify a product before it is introduced, for example, he says.

The emergence of this high-level position has been swift. A global survey of 100 top insurance companies released by Ernst & Young in May 2004 found that 25% have a full-time CRO. But of the insurance companies with CROs, 78% said the position had existed for less than three years, according to the survey.

The Culture of Risk Management

Mark Griffin, CRO at Genworth Financial, the Richmond, Virginia-based insurance company spun off from General Electric in May 2004, says risk management is part of Genworth's culture. "ERM has added value to our business," Griffin says. "I am not looked on as the evil participant at every meeting." On a recent road show for the company's initial public offering, senior executives focused on Genworth's ERM framework as a way to distinguish it from competitors and express its competitive advantage.

Financial services companies regard risks to their reputation as the greatest threat to their market value, according to a survey of 130 senior executives in financial institutions worldwide. The study, conducted in June and July 2004 by PricewaterhouseCoopers and the Economist Intelligence Unit, found that 82% of those surveyed agreed that awareness of risk is now more pervasive in their organization than it was two years ago. The study also found, however, that risk management remains primarily focused on meeting regulatory requirements and only secondarily on protecting and enhancing the value of a company.

In most cases, compliance capabilities are not being turned to competitive advantage. Most financial services companies surveyed rely on some measure of risk-adjusted capital, for example, but many are failing to turn this to their advantage by setting more-appropriate product pricing, according to the study. Risk management also tends to focus on quantifiable risks, such as credit and market risks, which are not necessarily the most significant risks but are easier to control than some other types of risk. "In an environment where new and potentially lethal risks can suddenly emerge, institutions need to look at the bigger picture," says Shyam Venkat, partner at PricewaterhouseCoopers. Too few companies are concentrating on understanding the totality of the risks they face in order to give themselves a competitive advantage,Venkat says. "Less-quantifiable forms of risk can do as much, if not more, damage to companies' reputations, shareholder value and the long-term sustainability of their business as the more straightforward types of risk," he adds. Companies need to have crisis-management processes in place to cope with submerged risks when they suddenly surface, Venkat points out.