William McDonnell (pictured) of RSA has had his share of both enlightening and stress-filled moments on the job. In this Q&A, the insurer’s group chief risk officer takes a trip down memory lane and tells Corporate Risk and Insurance what he’s more than willing to go through it a second time.
The Aviva alumnus also shares words of wisdom for risk managers, and what he believes effective risk management should be about. McDonnell talks about joining the dots and trusting one’s gut, as well as the value of persistence.
What brought you to the world of risk management?
In my late 20s I was offered the opportunity to go on secondment from Deloitte into the financial regulator, which was a great experience. During my time there I was lucky enough to get involved in a project with 15 European regulators and, to write the report, we dug into real-life case studies of failed insurers to explore the root causes and the underlying management problems. I was fascinated by the insights, and how fundamental they were.
My next role was building a group-wide risk-based capital model at Aviva, which really made us think hard about the links and interactions between risks and which are most material. So within a couple of years I managed to dive deep into both the qualitative and the quantitative sides of risk management.
In your years of experience, what have been the biggest challenges for you?
The biggest single challenge I have faced in my career was in 2013-2014, when I was deputy risk officer at RSA. During this time the business was not doing so well and some colleagues were getting troubled about particular aspects but finding them hard to pin down. Sensing this, I gathered them together for a brainstorm, and then wrestled to join the dots from different perspectives.
Gradually I could see there were some deeper underlying problems looming. However, the challenge was to highlight and explain these issues, which ran counter to the perspective and narrative of senior management. It seemed to me that people were missing the big picture, and my duty as a risk management officer was to alert people to these issues.
This wasn’t easy because my messages were unpopular and very challenging to the strategy at the time, so I felt I had to make them as clear and coherent as possible, backed up by robust evidence and analysis, to the point where they could not be ignored any longer. To deliver them required a lot of conviction, courage, and sticking to my guns, which has given me a lot of respect for whistle-blowers! It was worth it – the board members took action and the firm got on the right track.
Although this experience was hugely stressful at the time, my colleagues who had had concerns were hugely supportive; I learnt a lot and grew from the experience. I would do it all again!
What part of your remit as group chief risk officer at RSA do you find the most fulfilling?
The holistic scope and getting to the things that matter – a real joy of the role is working with my team across such a broad and rich landscape to select the risks that most need action, and then influencing our colleagues to move the dial.
When it comes to managing risk, what has changed over the years?
One could talk about technology and models and so on, but the thing that strikes me is our bread-and-butter – improved clarity across the business about the link between risk and control and managers’ responsibility for this. Expectations have evolved across all the major functions, and this leads to a more mature relationship between risk and the business teams, which is of course a great foundation for effective risk management.
What piece of advice would you give risk managers?
Be aware – listen, seek a variety of views (internal and external), look at the facts and evidence and also what your gut says. Being open and having a good network will help your risk radar. Then form your view and do something about it. You have more influence if you engage early, and also be prepared to persist.