The increasing frequency of natural disasters and the rise of ESG are a few factors that have contributed to insurance companies placing a greater focus on mitigation and prevention. For the insurance industry the risk management side of their business has become more important than ever before. However, in the corporate world outside the insurance industry, risk management has also been evolving.
Eamonn Cunningham (pictured above) is president of the Australasian chapter of RIMS (Risk and Insurance Management Society) and runs a boutique risk management consultancy firm called 15B. His career charts the emergence of serious risk management practices to Australia.
In 2006, Cunningham became the chief risk officer (CRO) for the Westfield Group (now operated by Scentre Group in Australia and New Zealand) after the company’s CEO and CFO sent him on a worldwide fact-finding mission to figure out how best to run the position.
The role he transitioned into was quite rare at that time. Only “the big end of town” in Australia had risk management departments, he said.
“Besides the chief risk officers that were at the four major banks and maybe a couple of insurance carriers, I was probably one of 10 genuine CROs in the country at that time,” said Cunningham, who retired as Scentre Group’s CRO in 2016.
Read next: Conduit Re CRO selected for expanded role
“Fortunately, that is changing. However, even today there are some organizations because their culture is so data driven and focused on direct cost and immediate benefit that the insurance procurement piece is still the main driver and the risk piece is not yet there,” he said.
The CRO veteran lifted the lid on his role in the corporate space and how he balanced risk management and insurance needs. In the corporate sphere, he said, the first challenge facing CROs is actually being heard.
“So, if I’m a chief risk officer or a risk manager and I need to get traction for risk management inside my organization, which is still difficult to do, I need to get people to listen to me,” he said.
Cunningham said the aim is to be a “tried and trusted risk adviser of the CEO” rather than just a risk management technocrat. He said that’s challenging when cost control is always under the microscope.
“Unfortunately, most risk management and mitigation programs require some degree of capital investment and it’s that trade-off between risk and reward,” he said. The CFO, he said, will often need to be convinced to spend the money.
Part of winning over the CFO and becoming an effective risk leader, said Cunningham, depends on interpersonal skills and knowing the business “like the back of your hand.”
“So that when you do knock on the door and you get into the CEO’s or CFO’s office, your message resonates and is relevant and the CEO says, ‘I get that. Tell me more,’” he said.
Cunningham said this role can intersect with the insurance side of the business in different ways depending on the structure of the risk management department. At Westfield, enterprise risk management and insurance were just two of the risk related pillars that reported into the CRO function.
“The rollout that I adopted worked well within Westfield,” he said.
Cunningham said its important for CROs to understand that insurance is just one of a number of risk control measures available to a company.
“It is an important one, but not the only one,” he said. “There are some people at one end of the spectrum who are transaction driven and there it’s probably 80% insurance, 20% risk management – the likelihood then is that the risk management side might be only a little bit skin deep,” added Cunningham.
At firms where the risk management footprint is more ingrained and involves the top level of the business right down to the coalface, those percentages are almost reversed.
“That described me in Westfield. So globally I had teams in every country, but if somebody asked me how much time I as CRO spent directly or indirectly on insurance? I’d say about 30%,” said Cunningham.
Risk managing approaches tend to become less transactional, he said, as a CRO progresses in their career.
“I think that as you mature your attitude and your percentage will decrease from the 100% at the transactional level where you think, ‘I’m really the insurance manager but I call myself head of insurance because it sounds sexy,’” he said.
Cunningham said becoming “more ingrained in risk management” is ultimately about getting the biggest payoff from an enterprise point of view.
“Ultimately, you need to adopt the posture, ‘I’m not here to help you, I’m here to help you help yourself,’” he said.
Cunningham hastened to add that there’s nothing wrong with insurance managers at corporates.
“I was a chartered accountant and I was given insurance procurement to look after and I transitioned it. That journey is similar to journeys that others have done in the industry,” he said.
Those firms in Australia that have “seen the light”, he said, understand the economic sense in deploying capital in the risk management area. “As opposed to just paying more and more for insurance because ultimately the insurers are going to get fed up with the level of claims no matter how much premium is being paid and they will say, ‘We’re out of here!’” said Cunningham.
He said the number of risk officers in Australia has grown but there are still people who go by that title but aren’t actually “genuine” CROs.
“They will talk at length about the insurance and running the insurance - which is still a vitally important part of risk - but they’re describing 80% of their activity during a working day, whereas it really should be about 30 to 40%,” he said.
Focusing on insurance renewals and claims, he said, is quite different to being a CRO. The conversations you need to have are also quite different.
“You need to be talking to people all the time about the evolving face of risk. It’s changing up almost day by day and unless you’re meeting people, having a chat, gaining information, understanding the business, you’re not an effective risk person,” he said.
Read next: Suncorp hires new chief risk officer
Cunningham said he always cautions companies against having an insurance procurement silo which is separate from risk management.
“I’ve done many more insurance presentations than I care to remember, and the really clever underwriter wouldn’t ask if I wanted to buy ground up cover. The clever ones would say, ‘Talk to me about your risk management,’” he said.
The corporate CRO who can demonstrate that he or she is “imbued” with a risk management approach, he said, will likely get a better deal on their insurance.
Part of that, he said, depends on having the risk management and insurance areas of the organization “almost joined at the hip.”
Cunningham said he integrated four “pillars” at Westfield. The first was insurance and claims, then enterprise risk management, business continuity (including crisis management) and finally, health and safety.
“As soon as you don’t have them, integrated cracks will appear and there’ll be communication problems and clever underwriters will pick it up and you get marked down as a consequence,” he said.