The idea of the event was to cover the concept of risk from the big picture through to the detail, going through the stages – identifying risk, assessing how much risk is acceptable, how much can be mitigated, and finally, how much can be transferred in the form of insurance.
Risk is something that every business must face, either event risk (typically fire or flood, though today increasingly this includes terrorism or cybercrime) or risk of market fluctuation, said Lech Dąbrowski, senior manager at PwC. He said that firms must defined their objectives, identify the risk that's associated with those objectives, and make that risk more manageable. Mr Dąbrowski talked about the importance of organisational culture and business resilience. A company that can manage risk is more likely to survive market turbulence and sustain its business over long term. Mr Dąbrowski said that firms should carry out business impact analyses, and having in place an early warning system based on KPIs. The aim, he said, was to reduce the size of the corridor along which the business has to travel. This approach, which PwC calls 'bandwidth budgeting' means identifying the tolerated deviations from budget. Risk tolerance (“we can take it, it will hurt, it will cost”) must be based on stress scenarios that can be withstood. Finally, Mr Dąbrowski set out an optimal approach to risk management, which should be a strategic, board-level issue: “Assess and prioritise. How much risk should we accept? What can we deal with internally? What don't we accept? What risk do we sell?”
Joanna Bańkowska, managing director of BSI Group Polska, talked about auditing and certifying the risk management process. The British Standards Institute has a long history in the area of risk management, focusing on business continuity – in particular with the ISO 22301, based on an earlier British standard, BS65000. The idea is to build a business that is robust enough to survive external and /or internal events, force majeur, weather, terrorism – and prosper. The right approach is to identify events that could stop your business, create a process to deal with them, stress-testing, documenting and communicating this process, she said. This should all be done within a holistic approach that is continually being improved said Ms Bańkowska. She touched on the Deming cycle – 'Plan-Do-Check-Act', and said that the risk management approach needs to be applied across a business to operations, information and supply chain. “Leadership and management is the key, but not on the basis of a heavy hand, rather on transparency and trust,” said Ms Bańkowska; “identify your risks, and you will feel safer”.
Marcin Bartczak, partner at Dentons, spoke about the legal aspects of risk and risk transfer. He began with the question – who'll take your risk? Your customer? Your supplier? Your insurer? If you want to transfer it, it has be measurable. How much of it can you transfer? Mr Bartczak spoke about the ways that insurers strive to limit their exposure to the risks they take on, and about the pricing of transferred risk. “The premium should reflect the risk. The price of the premium should be optimised rather than lowered,” he said, stressing that the identification of risk – and using precise nomenclature to name it, was extremely important.
Dominik Stachiewicz, board member at insurance brokerage firm Donoria S.A., stood in at the last minute for Jarosław Szwankowski, the managing director of Dual Polska, who injured his leg slipping on ice – 'an unforeseen risk', said Mr Stachiewicz. He focused on insurance as the final link in the chain, talking in particular about the premium limits, which can be negotiated between the company and its insurer. Mr Stachiewicz said that at present, the insurance market is soft, with insurers' capital waiting for risks to be insured. “A few years ago, before the crisis, it was the other way around, with insurers only willing to insure a small percentage of the value of the total loss.” An important factor when determining the size of an insurance premium is knowing what management certificates a company has in place – Good Distribution Practice, ISO 9001, for example. “Insurers won't on take a risk if there's no process. They're flexible if there is,” he said. “If there is a business continuity plan in place helps reduce the premium, as does having good practices in place, a technical committee, the right processes. Certification helps boost a firm's credibility. Finding a specialist insurer also helps optimising risk transfer. “Lloyds of London, as the world's leading specialist insurer, has deep expertise in areas as different as open-cast mining or fibre-board manufacturing. It's worth seeking insurance from someone who understands your industry inside-out, across the world, and knows the specific nature of the risks attendant with it,” said Mr Stachiewicz. He also stressed the need for board-level engagement with the subject of risk, not merely delegating it to an insurance specialist.
A panel discussion followed the presentations, during which questions were raised relating to managing reputational risk. The speakers said that being able to define the material losses attributable to loss of reputation and having a crisis plan ready is key – better than “panic, PR and lawyers,” said Mr Dąbrowski. Ms Bańkowska spoke of the need of a systemic approach, including a code of ethics that takes in an anti-corruption policy. “Companies should have prepared crisis scenarios that they can test”.
The panel was followed by face-to-face meetings and networking.