board governance and emerging risks in the c21
TRANSCRIPT
Board Governance and
Emerging Risks in the C21
Friday 10th July 2015, Brussels
8:30 - Registration 9:00 - Welcoming speech by Roger Barker Adviser to ecoDa board, Director of Corporate Governance, Institute of Directors UK 9:10 - Keynote speech by Philippe De Backer, Member of the European Parliament
Panel 1 – The Risk Conversation at Board Level
9:20 - Moderator: Christopher Lajtha Independent Risk & insurance Management Resource, ADAGEO / RCN: -Charlie Kitson, Head of Client Engagement, AIG -Patrick Zurstrassen, Honorary Chair of ecoDa, Independent Board Member -Andrew Chambers, Chair, corporate governance & and company law at FEE; member, ACCA’s global corporate governance forum.
-Jonathan Blackhurst, Head of Risk Management, Capita plc -Anna Korbut, Executive Risk Manager, NefteTransService
10:45 – Coffee break
Board Governance and Emerging Risks in the C21
The Programme
Charlie Kitson - Head of Client Engagement, AIG
July 2015
Risk Conversation at Board Level
2
Why raising the profile of risk is
so important
Boards are increasingly waking up to risk; major challenges for today’s
c-suites are;
• Regulation
• Growing vulnerability
• Globalisation
• Technological changes including 24-7 media
This has thrown the spotlight on risk management which is a good thing for
companies and the “risk professionals”.
A recent AIRMIC survey showed that almost 70% believe that risk management
has become more important within their companies over the last three years.
3
Role of Risk Managers today
88m+ Clients we serve
1.7billion Shares sold by the US
government
$27.6billion Claims payments by
AIG Property Casualty
$68 billion Our 2014 revenue
64,000 AIG employees
WE ARE
ONE AIG
100% Government assistance repaid
• The Risk Manager position within companies is inconsistent.
- Identity of the risk manager in the organisation is not clear
- There is no standard reporting line or career path
- There are wide variations in the way the role is expressed within
companies. E.g. some risk managers are pure insurance buyers
whilst others manage all areas of risk for a company.
• Lack of clarity for Goals & Objectives
4
Number of times Risk Managers report
to Board
88m+ Clients we serve
1.7billion Shares sold by the US
government
$27.6billion Claims payments by
AIG Property Casualty
64,000 AIG employees
WE ARE
ONE AIG
The gap between the Risk Manager and the Board is closing all the time.
There is now a greater awareness of risk and willingness to take responsibility
for managing or mitigating it. Most Risk Managers report to the board regularly
on the risk landscape, either directly or via the Risk Officer.
FERMA 2014 Survey:
45%
18%
23%
9% 5%
Several times per year
Once a year
On a requested basis
No mechanism in place
Unknown
Number of formal Risk discussion with the board
Compared to last years results Risk Management interaction is up 7%
Reporting Lines - How often report to Top Management level
85% 78%
Risk ManagementFunctions
InsuranceManagement
5
Risk Managers need to identify trends
and new risks
$27.6billion Claims payments by
AIG Property Casualty
$68 billion Our 2014 revenue
64,000 AIG employees
WE ARE
ONE AIG
100% Government assistance repaid
2015 Position in 2007
1 Damage to reputation/brand 1
2 Economic slowdown/slow recovery 8
3 Regulatory/legislative changes 6
4 Increasing competition 5
5 Failure to attract or retain top talent 7
6 Failure to innovate/meet customer needs New entry for 2015
7 Business interruption 2
8 Third-party liability 3
9 Computer crime / hacking / viruses / malicious codes (Cyber) New entry for 2015
10 Property damage 9
AON’s 2015 risk management survey compared to 2007:
6
Key Drivers at Board Level
88m+ Clients we serve
1.7billion Shares sold by the US
government
$27.6billion Claims payments by
AIG Property Casualty
$68 billion Our 2014 revenue
64,000 AIG employees
WE ARE
ONE AIG
100% Government assistance repaid
The UK Insurance Act makes buyers more responsible for their insurance
choices. They have to demonstrate the need for the products they purchased as
well as a robust methodology behind the purchase decision. (Or decision not to
purchase).
Investors want assurance that the company they’re investing is well managed.
Employees want to work for a “successful” company with a good public
reputation. Good risk management is part that.
Changes in attitudes to risk management are driving product uptake and design.
For example: The cyber insurance market has developed because if a company
has a breach / incident and does not have insurance in place to mitigate that risk,
they may be seen as negligent.
Legislation
Shareholders and Employees
Mitigation
7
Financial
Risks
Accidental
Risks
Strategic
Risks
Operative
Risks
Price
Fluctuations
Currency and
interest rate risks
Loss of Suppliers
Diversification/
Wrong strategy
Changes in
demand/demographic
Technological
risks
Increase in
competency
Legal compliance/
professional risks/ Employees
dishonesty
Low productivity
Failure to supply
Lost of key
employees
Security of
employees
Contamination
Damages to
third parties
Business Interruption
Material Damages
to assets
Transportation of cargo
Terrorism Risks
Construction Risks
The Risk
Products liability/
products recall
8
• Effective risk management is NOT just about
compliance
• Risk is at the heart of strategy and effective risk
management should be an enabler and a potential
differentiator
• Reputation is critical and reputation risk management
should be prioritised
• The tone is set at the top
Final Comments
9
Bring on tomorrow
Bring on tomorrow
The “Bring on tomorrow” tagline expresses AIG’s
tremendous tenacity and ambition, our optimism,
and our spirit of inventiveness.
For customers, consumers, and partners, it showcases
how we help them feel about the future:
Confident, Prepared, and Protected
Whilst every effort has been taken to ensure the accuracy of the information in these pages, we make no representation and/or warranty express or implied that
the financial information and/or information is correct, complete or up to date. The financial information and/or information is subject to change at any time
without notice. You should not take (or refrain from taking) any action in reliance on the financial information and or information and we will not be liable for any
loss or damage of any kind (including, without limitation, damage for loss of business or loss of profits) arising directly or indirectly as a result of such action or
any decision taken.
AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc.
Products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Not all products and services are available in
every jurisdiction, and insurance coverage is governed by actual policy language. Certain products and services may be provided by independent third parties.
Insurance products may be distributed through affiliated or unaffiliated entities. Certain property-casualty coverages may be provided by a surplus lines insurer.
Surplus lines insurers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds.
AIG Europe Limited is authorised and regulated by the Financial Services Authority. Registered in England: Company Number 1486260. Registered Address:
The AIG Building, 58 Fenchurch Street, London EC3M 4AB. AI452168
THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040 THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040
RISK MANAGEMENT
IN BOARD AGENDA
Patrick Zurstrassen
ecoDa honorary chairman
FERMA / ecoDa / AIG Cercle de Lorraine Brussels 10 July 2015
THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040 THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040
INTRODUCTION • Personal experience • Philosophy of presentation
THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040 THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040
• OECD [2004] definition of board responsibility: The corporate governance framework should ensure
- the strategic guidance of the company,
- the effective monitoring of management by the board and
- the board’s accountability and loyalty to the company and the shareholders.
Plus statutory duties such as review and proposal of approval of B/S and accounts and
publication of legal accounts/annual reports.
• No explicit mention of Risks, Risk management, ERM or other risk matters because:
- Risk and rewards [profits] are the two sides of the same economic judgment coin.
Both dimensions are ever-present in all management and board discussions.
- Through regulatory efforts, special moments, debates, decisions, policies, statements and communications
are particularly dedicated to risk matters apart of other matters.
- A whole biosphere of risk aggregates and indicators has emerged. They are mostly generated by risk
professionals. Their ultimate expressions are aiming to the full board.
Are Boards formally in charge of Risk Management?
THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040 THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040
When are Corporate Bodies dealing with Risk Matters?
• AGM
• Board of Directors [Supervisory Board] + Board specialized committees
• Management Committee
+ Specialized committees
• Business and functional lines
• Risk management
• Annual
• [Monthly] Quarterly
• Weekly
• Daily
• Permanent
THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040 THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040
A typical agenda of a corporate elementary unit:
an investment/mutual fund board. Permanent items of the agenda • Performance report • Risk report • Sales, marketing and products report • Compliance report • Finance • Legal Periodic items of the agenda • Internal audit report • Audit report • Regulatory review • Annual budget • Approval of accounts / annual report / risk statement • Board performance evaluation • Corporate strategy
• Market risks • Liquidity risks • Credit risks • Duration risk • Etc
• TE tracking error • VAR • Risk category • KRI • Etc
• For individual fund • For classes of assets
THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040 THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040
A fuller picture should also include
Permanent items of the agenda • Performance report • Risk report • Sales, marketing and products report • Compliance report • Finance • Legal Periodic items of the agenda • Internal audit report • Audit report • Regulatory review • Annual budget • Approval of accounts / annual report / risk statement • Board performance evaluation • Corporate strategy
• Market risks • Liquidity risks • Credit risks • Duration risk • Etc
• TE tracking error • VAR • Risk category • KRI • Etc
• For individual fund • For classes of assets
• Directors education • Liabilities of
directors • Conflict of interest • AML / KYC • Risk management
tools and techniques
• Crisis management • Counterparty • Regional market • Currency • Global market
• M&A & restructuring
Fédération des Experts-comptables Européens
Federation of European Accountants
www.fee.be
Connect with European Professional Accountants @FEE_Brussels
Board Governance and
Emerging Risks in the C21
The Risk Conversation at Board Level
Andrew Chambers, Chair of FEE Corporate Governance
and Company Law WP; Member of ACCA Global
Corporate Governance Forum
1
Federation of European Accountants
FEE and audit committees
2
Federation of European Accountants
Donald Rumsfeld
‘There are known knowns. These are things we know that
we know. There are known unknowns. That is to say, there
are things that we know we don’t know. But there are also
unknown unknowns. There are things we don’t know we
don’t know.’
Internal auditors might add:
‘And there are things we [as internal auditors] know that we
don’t want to know.’
Donald Rumsfeld was the youngest US Secretary of Defense from 1975 to 1977 under President
Gerald Ford, and then the oldest Secretary of Defense from 2001 to 2006 under President
George W Bush
3
Federation of European Accountants
Risk oversight – need for cooperation I
Risk oversight must be a continuous process to be
effective.
Should audit committees deal with:
• The known risks?
• The risk management process?
Risks linked to: company’s strategy, business and industry
Objective: ensure that such risks are appropriately
considered and addressed by management and in the audit
plan.
4
Federation of European Accountants
Risk oversight – Need for cooperation II
Risk management involves “unknown risks” as
well.
Risk committees can focus on the identification
of “unknown risks”: prospective risk
management
It is crucial to distinct roles between audit and
risk committees and to foster effective
communication.
5
Federation of European Accountants
Risk oversight – Need for regular communication
Clear overview of the company’s risk and
control framework.
Meeting on a regular basis with management,
internal audit and external audit to understand
the risks faced by the company.
Input from external parties such as institutional
investors and analysts.
6
The Risk Conversation at Board Level
Jonathan Blackhurst, FIRM
2
Risk Intelligent Conversation
FYI
Weak leverage for
business benefit
Does it add up?
Exception
reporting
Too format
focused
Appetite Decision
making
Balanced bottom
up/top down
Transparency
Connected
conversations
Vocabulary
Pressure gauge
reading
Risk
Aware
Risk
Intelligent
3
Risk Intelligent
Conversation
Facts.
Straightforward.
Structured.
Accountable
attendees.
Save the forests.
Guaranteed
credibility.
Business aligned,
but agile.
Strict
organisation and
chairmanship.
Clear escalation
and clear feedback.
Context, not
background.
“Are we there yet?”
4
?
Questions
1 1
conversation about risk at board level
Anna Korbut
2
• Starting thinking point is FERMA is 7th biennal Risk Management Benchmarking Survey 2014:
– The most important risks for European organizations in 2014 are Political (significantly increased VS 2012) as well as Reputation (increased VS 2012), Competition, Regulation and Legislation
At the same time - Assessed with a low level of mitigation: Political, Competition and Economic condition
Out of the nine risks in the “improvement zone” (high risks with a low level of mitigation), five are strategic/external risks – all the issues to be addressed at the very top level
– 48% of Risk managers FORMALLY present Risk Management activities to the Board/ Top Management several times a year – is “formal presentation” of activities can really be considered as a Dialogue by parties?
– There are number of risk-related reporters that Board could have vis-à-vis for a risk dialogue - at least 6 possible organization for risk functions where 40% RM & IM together separated from IA and IC – they all may operate different risk language and terminology! are Board members flexible enough to navigate themselves through (some times) complex and not necessarily consistent reporting?
• Risk/Insurance Managers’ short-term strikes are converging towards the enhancement of their role into a strategic dialogue and becoming a business-partner
What are the drivers for the Dialogue? (1/2)
3
• In the joint ECIIA/FERMA Guidance* for Boards and Audit & Risk Committees it is highlighted that:
– EU regulatory focus is towards a greater transparency on financial and non-financial reporting
Should Audit Committees’ mandate be significantly expanded to integrate new reporting innovations – to go far beyond “control” agenda?
Or is there a need for a new body?
Does it matter of how many board members a qualified, i.e. possess comprehensive knowledge in risk management?
– The need to create a separate Risk Committee may arise from the following:
• Relevant regulator(s) requirements
• Alignment between risk management and strategy
• The need for more detailed oversight of RM structure
• The complexity of the major/critical risks to be assessed
– In the financial sector, there is an increasing requirement for a risk committee created alongside with Audit Committee. The role and responsibility of each committee must be well defined in order to avoid overlap and ensure that the coverage of risks is comprehensive.
Is this a dimension for future development of corporate governance for non-financial sector?
What are the drivers for the Dialogue? (2/2)
*Audit and Risk Committees News from
EU Legislation and Best Practices
4
• There should be a place for a dialogue
Risk Committee / Audit & Risk Committee / Audit Committee AND Risk Committee / Strategy Committee
Roles of a risk committee: Dispose reporting (formal) / Discuss and develop decisions (workshop)
• There should be a language for a dialogue
Comprehensive knowledge and competence yet supported by constant best practice and developments sharing from the Leaders in Risk Management
• There should be participants in a dialogue
There should be less formal even “rotating” composition of a risk committee – depending on the topics or issues to be discussed as well as on specific expertise to be involved.
• There should be an objective / purpose for a dialogue
There are no right and wrong ERM systems, there are efficient and suitable for particular company’s needs evolving with the emerging challenges. Who is in reality setting requirements and develop ERM design? Is such design to be born from a Dialogue between Board (key RM user) and Risk Manager?
What is Risk Dialogue about?
5
• Develop at a European level better knowledge on the role of risk management bodies at a Board level – Risk Committees, Audit & Risk Committees
• Develop the pole of expertise and continuous professional development in managing risks strategically integrating our partners - risk stakeholders.
On the basis of Certification – we are the Risk Leaders
• Promote Risk Management at Board level with regular and consistent direct Board access and communication
What is the plan?
11:00 - Keynote speech- Marc Pickeur, Member of the International Auditing and Assurance Standards Board (IAASB
Panel 2 – The Impact of Emerging and Future Risks
11:10 - Moderator: Roger Barker, Adviser to ecoDa board, Director of Corporate Governance, Institute of Directors UK - Carin Gorter, Member of the Supervisory Board of ING (and of several insurance companies), - Marie Gemma Dequae, FERMA Scientific Adviser, former Group risk & insurance manager (Bekaert), - Adriana Cavaliere, Entreprise Risk Manager at SWIFT in Belgium - Ornella Di Iorio, Research Manager, EUROSIF - Vigeo 12:30 - Closing speech by Emmanuel Brulé, Chief Risk Officer, AIG 12:45 – 14:00 - Working lunch
Board Governance and Emerging Risks in the C21
Page 1
IAASB Update
Marc Pickeur
Board Governance and Emerging Risks in the C21
A Joint Event with ecoDa, FERMA and AIG
Brussels, Belgium
July 10, 2015
Page 2
• Key Projects Finalized: Clarified ISAs, Auditor Reporting,
Revisions of Other Assurance and Related Services
standards
• Special Support Efforts for Implementation of new and
revised Auditor Reporting standards
• New Strategy and Work Plan with a number of new and
challenging projects
• Looking for feedback on key questions
– What is it that we have to address?
– What kind of development process?
– What forms of interactions with stakeholder groups?
– What kind of outputs?
Times Are Changing for the IAASB
Page 3
New and Revised Auditor Reporting Standards
Key Features A
ud
ito
r R
ep
ort
Audit Opinion – Required to be presented first
Key Audit Matters – Required for listed entities
Going Concern – Additional focus
Other Information – New section
Responsibilities – In the audit; Independence and ethical obligations; Engagement partner (listed entities)
Page 4
Overarching Standard for Auditor Reporting – ISA 700 (Revised)
Revisions to ISAs 260 and 706 as a result of ISA 701, and related
conforming amendments to ISAs 210, 220, 230, 510, 540, 600, 710
Modifications
to auditor’s
opinions
ISA 705
(Revised)
New Key
Audit Matters
section ISA 701
Enhanced
auditor
reporting
related to going
concern
ISA 570
(Revised)
The New and Revised Auditor Reporting Standards
New auditor
reporting on
other
Information
ISA 720
(Revised)
Page 5
Expected Benefits of the New Auditor’s Report
• Enhanced communicative value to users
• More robust interactions and communication among
users, auditors and those charged with governance
(TCWG)
• Increased attention by management and TCWG to the
disclosures referred to in the KAM section of the
auditor’s report
• Increased professional skepticism in areas where KAM
are identified
• Increased audit quality or users’ perception of audit
quality
Page 6
What Are KAM?
KAM are defined as those matters that,
in the auditor’s professional
judgment, were of most significance
in the audit of the financial statements of
the current period
KAM are selected from matters
communicated with TCWG
Page 7
Are KAM Always Communicated in the Auditor’s Report?
• Auditor is required to include each KAM unless – Law or regulation precludes disclosure
– In extremely rare circumstances, the auditor determines that the matter
should not be communicated
Adverse consequences of communicating the KAM would reasonably be
expected to outweigh the public interest benefits of such communication
• KAM is prohibited for a disclaimer of opinion, but required for
a qualified or adverse opinion
• In certain limited circumstances, there may be no KAM to be
communicated
Page 8
Decision-Making Framework for Determining KAM
Matters that were communicated with those
charged with governance
Matters that required significant auditor attention
Matters of most significance
in the audit
Key Audit
Matters
Page 9
Initial Step in Determining KAM
The auditor will always consider
• Areas of higher assessed risks of material misstatements or significant risks (i.e., risks requiring special audit consideration)
• Significant auditor judgments relating to areas of significant management judgment (e.g., complex accounting estimates)
• Effect on the audit of significant events or transactions
Matters that were communicated with TCWG
Matters that required significant auditor attention
Page 10
Determination of Matters of Most Significance in the
Audit – KAM
• KAM is determined by the auditor’s consideration of the
– Nature and extent of communication with TCWG
– Importance to intended users’ understanding of the f/s
– Nature and extent of audit effort needed to address
– Nature of the underlying accounting policy, its complexity or subjectivity
– Nature and materiality, quantitatively or qualitatively, of corrected and
accumulated uncorrected misstatements due to fraud or error (if any)
– Severity of any control deficiencies identified relevant to the matter (if any)
– Nature and severity of difficulties in applying audit procedures, evaluating the
results of those procedures, and obtaining relevant and reliable evidence
Matters that required significant auditor attention
Matters of most significance in the audit
Page 11
KAM – Delivering Entity-Specific Information to Users
Consistency and
Comparability
Relevance and
Usefulness
Page 12
• IAASB-supported “roll-out plan” with objectives of
– Promoting awareness
– Informing and educating users
– Learning about experiences of those responsible for adopting and
implementing the standards
– Preparing for post-implementation review
• Planned activities
– Outreach and other communications
– Auditor Reporting Toolkit
New and Revised Auditor Reporting
Standards Implementation Support
New and revised Auditor Reporting standards are effective for
periods ending on or after December 15, 2016
Page 13
New Webpage www.iaasb.org/auditor-
reporting with easy access to new and
revised standards and other resources • Auditor Reporting Fact Sheet
• Auditor Reporting “At a Glance”
• Basis for Conclusions
• Publications on GC and KAM
• Illustrative KAM examples
• Plans for webcasts, podcasts and other
potential publications
Resources – Auditor Reporting Toolkit
Page 14
• Information gathering activities already underway on three
priority topics – Quality control (ISA 220 and ISQC 1)
– Group audits (ISA 600)
– Special audit considerations relevant to financial institutions
(including ISA 540 in particular)
• Professional skepticism
• March 2015 IAASB discussions highlighted interactions
between the four projects above – Common themes (e.g., sufficient appropriate audit evidence;
professional skepticism)
– Crossover issues (e.g., direction, supervision and review of audits;
audit delivery models)
IAASB Work Plan for 2015–2016 – Enhancing
Audit Quality
www.iaasb.org
Emerging risk Compliance
A boardroom perspective
Carin Gorter
July 10th 2015
Contents session
External developments
Board oversight topics regarding risks
Compliance moved into the boardroom
Challenges for the future
2
1.
2.
3.
4.
1. Perspective of NED/SB on compliance
External developments/ forces on the strategy and business model
• New rules and regulations
• Development of technology on compliance and vice versa
• New entrants
• Client expectations
• Communication and social media impact
• Developments in society at large
3
Essential is to be interested and invest substantive time in these developments
4
Time spend on future; testing assumptions
underlying strategy
Process on critical risks
Good risk info
Risk appetite
Cro/cco
Tone at the top
2. Perspective of NED/SB on compliance
Board oversight topics
3.Perspective of NED/SB on compliance
Compliance has moved into the boardroom
- to be tested by regulators
5
Behaviour: Leading by example
Culture: A culture of ensuring integrity inside and outside the boardroom
Structure: Having a CCO reporting into the risk/audit committee
Process: Ensuring existence of an effective and healthy compliance program
1.
2.
3.
4. Good compliance supports sustainable earnings
But non compliance is extremely painful, expensive and time consuming
3. Perspective of NED/SB on compliance
6
Risk committee
• Key risks and heatmaps, risk levels per business unit ( trends)
• NFR update report
• Internal events report
• Root cause analysis and improvement
• Update on new regulations/laws etc
The NED/SB should take an active interest in compliance
• Compliance program: an holistic review
• Risk
• Compliance culture (cultural/ethical surveys)
• Policies and written standards
• Training and communication
• Reporting and follow up, use of data analytics
• Auditing and monitoring (internal/external reports)
• Monitoring and evaluation public scrutiny (social media etc)
• And the NED’s role
Be curious and interested : never shoot the messenger
4. Challenges for the future
7
Internal
• Monitor assumptions strategy
• Knowing and monitoring risk
• Corruption risk
• Big data analytics
• Privacy
• Keeping the compliance profession attractive
External
• “Game changing” risk
• Identification regulatory life cycle
• Growth and complexity of laws
• Increase in reg. reporting and data requirements
• Multiple agencies/regulators with changing mandates
Invest in understanding your clients, shareholders, employees, regulators and society at large
Conclusion
8
Good compliance supports sustainable earnings
It is in your hands!
10.7.2015 ©MGD2015 1
Board Governance and Emerging
Risks in the C21
Panel 2 – The impact of Emerging and Future Risks
Marie Gemma Dequae
Brussels 10.7.2015
10.7.2015 ©MGD2015 2
introduction
10.7.2015 ©MGD2015 3
Emerging risks:
Risks associated with: – New technologies
– Complex interconnected systems,
– New contextual conditions
Are generally unanticipated
Not widely understood
No convincing plan of action for mitigation
ask for a different kind of governance
10.7.2015 ©MGD2015 4
Cyber risk
• Due to ever changing variety and consequences
(severity) of cyber risk
• Cyber crime continues to rise as hackers are
performing better than security experts
(Symantec & Verizon);
• Need for adaptive Cybersecurity and new tools
is permanently growing
• Cyber security at third party service providers?
Kaspersky Finds New
Nation-State Attack—
In Its Own Network
10.7.2015 ©MGD2015 5
Supply Chain risk
• Increasing risk due to: – Globalisation, JIT, lean supply chains
– Changing regulatory landscape
– Increasing outsourcing
– Climate change (incl natural catastrophes)
– Increased population and migration
– Dependency on information technology
– others
• Move from being reactionary to be proactive and resilient
• Important to – Incorporate risk effects in strategic planning
– Improve level of disclosure about exposures
Climate Change to Worsen Nat
Cat Impact on Creditworthiness:
S&P Report
10.7.2015 ©MGD2015 6
Emergency risk governance: at the intersection of various disciplines and frameworks
a dynamic process of regularly revising the undertaking’s portfolio of risks and opportunities (‘risk profile’):
• After an accident
• After a change in the undertaking’s internal or external environment
• Forward-looking exercise
• In case of merger, acquisition or divestment
• When entering a new market or a new product
• ….
Adapted from IRGC
Risk
governanceIT
management
Supply
Chain
management
Innovation
managementFutures
studies
Decision
making
under deep
uncertaintyStrategy
implementation
Dynamic
capabilities
Emerging
Risk
governance
10.7.2015 ©MGD2015 7
3 Risk Identification
Risk Evaluation
Risk Mitigation
Risk Transfer
1
2
3
Monitor, review and
update strategy with
business managers
+
Reporting to board
4
5
Regular screening internal & external
environment important
(Emergency) risk manager focusing on early warnings (internal and external, short and long term)
A good risk management committee: Members:
• senior decision-makers (CEO, CFO, …)
• invited experts and analysts
important: • diversity of information, data reliability and consistency
• Compatibility with existing and past or familiar threats
• Develop scenarios and stimulate creativity
• propose strategy to excom/board
10.7.2015 ©MGD2015 8
“Change Is The Law of Life, and Those Who Look
Only to the Past or Present Are Certain to Miss The
Future”…….
John F. Kennedy
Many thanks for your attention!
1 1
The Changing Global Risks Landscape
The World Economic Forum’s view on Global Risks 2015 and How to manage
these risks
Adriana Cavaliere, Entreprise Risk Manager, SWIFT
BELRIM Board Member
2
Global Risks Report 2015
The World Economic Forum
• Global Risks Report 2015 issued by the World Economic Form
– Reflects the evolving Global Risks Landscape
– Considers risks to watch in short and medium term
– Shows the evolution of a set of risks in five areas over a ten year time frame – Economics, Geopolitics, Environment, Society, Technology.
– Intends to raise awareness about the need for a multi-stakeholder approach
• Global Risks as defined by the World Economic Forum
– “ A global risk is a uncertain event or condition that, if it occurs, can cause significant negative impact for several countries or industries within the next 10 years”
Source: Global Risks Report 2015, World Economic Forum
3
The Evolving Risks Landscape
• The Global Risks 2015 report shows an important shift in risk perception
– Geopolitical Risks are featuring prominently compared to previous editions
– Social fragility gets stronger focus bringing Societal Risk at or near the top
– Concerns about Technological Risks continue to rise
– Economic Risks feature only marginally at the top however not yet out of the spotlight
• The overall shift in the global risk ranking puts forward that 2015 differs markedly from the past – with geopolitics featuring. Corporate leaders need to understand the nature and implications of these shifts for their business and take actions which help
– mitigate potential damage
– capitalize on potential new opportunities
Source: Global Risks Report 2015, World Economic Forum
4
Geopolitical Risks – a major concern
• Geopolitical Risks are heading the list of Global Risks of Highest Concern for the next 18 Months and 10 Years. The report emphasizes that respondents are even more concerned about Geopolitical Risks in the short term than in the long term.
• Major concerns
– Interstate conflicts – growing nationalism around the world, rise in national sentiment due to a disillusion about globalization, strategic competition among global powers raise the possibility of more frequent and impactful conflicts with regional consequences
– State collapse – internal violence, regional or global instability, military coup, civil conflict, failed states can trigger a state collapse of geopolitical importance which can serve as a catalyst to terrorist networks
– Failure of national governance – inability to efficiently govern as a result of corruption, organized crime, illicit trade, the presence of impunity and general weak rule of law
Source: Global Risks Report 2015, World Economic Forum
5
Geopolitics and Economics
• The Global Risks Report also highlights some global risks arising from the Interplay between Geopolitics and Economics – the so called Geo-economics
– Protectionism – reversion to protectionism under the guise of policies to reduce risks when confronted with political and economic volatility at home
– Economic sanctions – economic sanctions as punitive geo-economic measure which could lead to economic effects as slow growth, unemployment and fiscal pressures
Together, the rise in protectionism, the increasing prevalence of sanctions and slowdown in globalization, could lead to a scenario of slower growth in advanced and emerging countries
• Seen the growing importance of Geo-economics, the World Economic Forum will develop a clearer understanding of the interaction between Geopolitics and Economics, the main geo-economic issues and its implications by launching a global discussion linking leaders from the worlds of politics, economics and business.
Source: Global Risks Report 2015, World Economic Forum
6
Responding to the changing Risk Landscape
Responding to the changing Risk Landscape is a challenging task. As to mitigate and build resilience against Geopolitical Risk and Global Risks in general, companies need to well understand these changing risks and translate them into company-own risks based on good communication – top down and bottom up – along with a multi-stakeholder approach.
A possible approach:
– Recurring Scenario Analysis with Board and Management involvement based on the World Economic Forum’s yearly Global Risks Report
• The yearly Global Risks Report is consulted as to distill a list of relevant risks per Risk Area
• The Board Risk Committee reviews the list of relevant Risk Areas and priorities are set
• Considering a multi-stakeholder consultation, the CRO Office defines company-specific Risk Scenarios and determines the potential impact, evaluates the controls in place and determines whether additional controls are needed
• The final outcome is reviewed with the Board Risk Committee and the Executive Committee
7
Scenario Analysis Process
8
Thank you
1.
PAYING THE PENALTY:
THE MATERIALITY OF CSR RISKS
2. WHO WE ARE
120 analysts and experts
International presence
Independence and Transparency :
More than 300 action principles under review, based on universally opposable
standards and guidelines (UN, ILO, OECD, Global Compact…)
A diversified shareholder structure + 5 independent administrators
An independent Scientific Committee
A strict separation between our 2 activities
3000+ issuers rated worldwide
150 investor and asset manager clients
and partners in >25 countries
A robust and ARISTA certified
methodology
Leading Sustainability Rating Agency
Sustainability consulting services for
companies, local authorities,
governmental and non-governmental
organizations
500+ diagnosis and support missions
conducted in 37 countries since 2002
Corporate Sustainability Expert
3. VIGEO’S PHILOSOPHY
A company integrating ESG factors into its business model and relatively
outperforming its peers is better positioned to mitigate risks and create
sustainable value for shareholders over the medium to long-term.
Accounting for the
rights, interests &
expectations of
stakeholders
Mitigating risks &
building competitive
advantage
Our Mission Statement
We assess the degree to which companies take into account ESG objectives,
which constitute risk and opportunity factors for them, in the definition and
implementation of their strategy and policies.
4. CSR MATERIAL LEGAL RISKS
Hypothesis of the study “Paying the Penalty: the costs of CSR misconduct”:
companies’ mismanagement of CSR responsibilities generates material legal risks.
Questions:
What is the materiality of CSR legal
risks?
Which sectors are most exposed to CSR
material legal risks in terms of
frequency and costs?
Is there a CSR issue that is more
exposed to material legal risks in terms
of frequency and costs?
Are there regions in which CSR material
legal risks occur more frequently?
Key Findings:
Total sanctions in 2012-2013: Eur 95.5 billions,
highest individual sanction: USD 13 billions.
Waste & Water Utilities and Automobiles have the
highest proportion of sanctioned companies.
Banks, Pharmaceuticals and Energy companies
paid the highest sanctions.
Business Behaviour issues are the ones on which
sanctions were more frequent, and more expensive
(8 out of the 10 highest sanctions).
Almost 50% of the condemnations took place in the
United States and 25.5% in European countries.
5.
Scope of the study:
• 2,522 companies
rated in 2012-2013
• 484 sanctioned
companies (19.2% )
• 1,015 legal
sanctions
registered
CSR MATERIAL LEGAL RISKS: IN WHICH COUNTRIES AND
SECTORS?
USA:
Cultural framework
(Shareholders’
activism)
Legislation (Class
Actions lawsuits)
Waste and Water Utilities, Automobiles:
Sensitive activity/product
High impact on stakeholders:
environment and health of communities
Strong scrutiny by authorities
stringent legal frameworks
Strong scrutiny by clients easy
recourse to justice
6. CSR MATERIAL LEGAL RISKS: ON WHICH CSR ISSUE?
Business Behaviour:
Stringent national and international legal framework
Activity of vigilance of judicial authorities
Activism of customers as stakeholders
Business Behaviour:
55% of the total sanctions
Globally and individually the
most expensive ones
63% of the total costs of
sanctions
80% of the most expensive
sanctions
Business Behaviour includes the
respect of customers’ rights,
prevention of corruption and anti-
competitive practices.
7. CONCLUSIONS AND GOVERNANCE PERSPECTIVES
Strong links demonstrated between CSR management and material legal risks for companies
Key drivers of this legal risk include:
Sector of activity
Stakeholders’ reactivity (including the legal context)
The integration of Corporate Social Responsibility in the company’s strategy is essential to
prevent legal risks and enhance judicial security as a key intangible asset for the company.
Perspectives : CSR issues should be integrated in a company at its highest level in order to
better prevent the occurrence of material legal risks:
Integration of CSR issues at the Board of Directors level (review of CSR issues during Board
meetings)
Integration of CSR issues within the audit and internal control systems (identification of CSR
risk factors by the internal control system, review of CSR risks by the Audit Committee at
Board level and external certification of the CSR reporting)
CSR performance indicators integrated into executive remuneration practices.
8.
DOCUMENT CONFIDENTIEL
Ornella Di Iorio
Research Manager
Vigeo Rating
Thanks for your attention!
Closing speech by
Emmanuel Brulé, Chief
Risk Officer, AIG Friday 10th July 2015, Brussels
Thank you for your
participation!
Friday 10th July 2015, Brussels