ws from innovation to litigation neil campell and james bird
TRANSCRIPT
Foreword
Businesses in the Communication, Technology and
Media sectors experienced rapid growth into the
early-2000s, which at the time seemed unstoppable
so long as the technology behind those businesses
evolved at such an incredible rate. In fact, with
broadband becoming ubiquitous, the growth of data
services exploding, and the plummeting price of
hardware against rising expectations of capability,
the value chain has fragmented rapidly. Services
have been saturated and commoditised, meaning
slower growth and narrower margins.
The breakneck speed of such change has brought
with it a whole host of new risks. Industry’s reliance
on these new technologies, and others’ intent on
criminally exploiting that reliance, have both given
rise to an expanding range of first and third party
exposures. However, unlike physical risks – with
their long and recorded history – or management
risks – typically driven by the slow pace of regulatory
change – the emerging risks of the digital era are
driven by technological development, and the speed
of such progress has been hitherto unknown to the
insurance industry.
Technological development has also driven the very
direction of some businesses. In 15 years a small
company selling books online has emerged not only
as one of the world’s most powerful retailers, but
also as owner of two publishing houses, numerous
web services, one of the world’s largest and most
robust global IT infrastructures, a purveyor of
wireless services, digital books, music and TV-on-
demand and, perhaps most surprisingly, an
emerging giant of B2B cloud computing services.
Was this their plan, or the opportunities that opened
up to them along the road?
Either way, the convergence of these industries, and
the nature of the risks they face, has required us to
evolve, too. In 2004 JLT founded the
Communications, Technology & Media (CTM)
Practice to bring together our global expertise and
experience in these sectors. Today, the CTM
Practice has an unrivalled record of working on
exciting and challenging projects for some of the
most significant players in the global industry,
providing consultancy, risk management and risk
financing services in Europe, North America, Africa
and Asia. As a result, we have developed an
excellent understanding of the regulatory and
commercial issues affecting businesses in these
sectors. In this publication we seek to share some of
our findings with you.
Luke Foord-Kelcey
UK Head of the Communications, Technology &
Media Practice
1
Early stage ERM implementation for Life Science and Biotech companies
Early stage ERM implementation for Life Science and Biotech companies
But do they?
Have they really looked carefully through the glasses
of "the other side'? Through the eyes of the bankers,
the buyout funds, the investment analysts and the
detail-hungry due diligence teams, who's green light
is so essential when it comes to putting serious
money on the table - the preferred CEO prescription
medication for several good nights sleep.
Maybe not...
Dull as it may appear at first blush, proven risk
management excellence and discipline could well be
the answer to the key questions posed in the title of
this article. "We don't need all that stuff now" I hear
you cry. "Of course we have insurance, my secretary
takes care of that". Yes, insurance, that sure fire,
cocktail-party-room-emptying device. Perhaps it's
not quite as exciting as Tiger's recent love affair with
fire hydrants but having a properly constructed wall
of contingent capital - product liability insurance to
use is more mundane name - can be the difference
between corporate life and death if something goes
wrong. And the likelihood of something bad
happening in the first place can be dramatically
reduced with the early adoption of best practice in
Enterprise Risk Management (ERM).
Just imagine for a moment you're an investor being
asked to finance or buy a company. What would be
running through your mind? Firstly, no doubt trying
to figure out whether the financial projections are
reasonable, robust? Remember, the client’s almost
certainly pressurising you into paying dearly for the
consistent growth and lack of volatility so proudly
displayed in their future revenue and profit projection
PowerPoints. But you would also be thinking more
broadly what could go wrong. Quite a lot as it turns
out...What if that recent trade journal promotion,
which won an award for the ad agency, wandered
way outside of the strict zone allowed by the
packaging label and that dreaded lawyer's first
claim letter landed in the corporate in-tray? Or
perhaps worse, the same shock revelation arose
during an analyst presentation, with the trade
press in full attendance and the CEO was not fully
forewarned or prepared? What if that that seemingly
inconsequential Puerto Rican supplier – but one that
happened to provide a cheap yet critical ingredient
for the company's bestseller – went bust or was
shut down for a regulatory infringement or just
blown away by the next hurricane? What if you
suffered a major IP infringement? What if a
significant environmental threat in one of your
Access to cheap and plentiful finance and achievinga successful exit is typically at the top of the "musthave" list for CEO's of fast growing Life Science andBiotech companies. For sure they and their fellowdirectors and managers continuously strive to doeverything they can to secure these vital ingredientsand have their business priorities in the correct order.
1
2
Early stage ERM implementation for Life Science and Biotech companies
production facilities, that cost 10% of your profit to
manage, turned out to be not so serious after all and
the cash saved from earlier more considered and
professional analysis could have been used to
finance another sure hit product?
When you raised all these issues with the senior
management of the company - let's call it company
A – and they appeared on the back foot, defensive
all the time, no real answers, a "Don't-worry-it-will-
never-happen" nervous pat on the back from the
CEO in your wrap up meeting, you’d be more than a
little concerned wouldn’t you? You'd probably want
to dig some more and see if there were more bones
lying in the corporate cupboards. After all, you are
being asked to invest a lot of money and you want to
be sure of meeting or exceeding your return targets.
On the other hand, let's consider hypothetical
company B in these same circumstances. What if
each time you probed and dug deeper into the
detail, a confident, well thought through response
came back. And the more you probed, the more it
really did seem as though not only had the company
considered the myriad of things that could go wrong
but also what to do if the proverbial happened.
You'd be reassured, would you not? Comforted that
your investment or refinancing capital was more
secure with Company B than Company A. That the
former had a better chance of achieving its financial
projections and was much less likely to spring any
nasty surprises along the journey to success.
Now, here's the real issue, The difference between the
price you might be prepared to pay for an investment
in Company B might be tens or maybe hundreds of
millions of dollars more than Company A. In fact you
may be put off making any investment at all in
Company A. You may just conclude that it's too risky.
Yet the real but simple difference between
Companies A and B is that Company B decided,
early on, to invest a little time, effort and money in
some professional risk management help and
advice. The initial cost was probably no more than
fifty thousand dollars, maybe even less. But the real
value was huge. It was perhaps hard to see at the
time, but once the professional Enterprise Risk
Management journey had commenced, Company
B never doubted its long-term value for a second.
And yet, in the heat of battle, with the CEO trying
to grow its precious company so it can be noticed
among all the competitive noise, this long-term
core process can so easily be overlooked, with
the modest initial cost and investment buried in
the lower budget reaches or not even making it
on to the critical corporate "to do" list.
So, if you’re interested in how to add multiple
millions of value and gain easier access to cheaper
finance, you'd better sit down, grab a cup of coffee
and read on.
The best 50k you've ever spent: Initial ERM
Implementation for Tier 3 companies
In the context of a commercial organisation,
Enterprise risk management (ERM) prescribes
the methods and processes used to manage risks
and seize opportunities related to the achievement
of business objectives. ERM provides a framework
for risk management, which typically involves
identifying particular events or circumstances
relevant to the organisation's objectives (risks and
rewards), assessing them in terms of likelihood and
magnitude of impact, determining the most effective
method of managing or exploiting risk, and ongoing
management and monitoring. Such a process
creates value for all stakeholders, including
customers, shareholders, employees, and regulators.
ERM can also be described as a risk-based
approach to managing an enterprise, integrating
concepts of internal control, appropriate national
and international regulation, and strategic planning.
ERM is evolving to address the needs of various
stakeholders, who want to understand the broad
spectrum of risks facing complex organizations to
ensure they are appropriately managed..
Effective Enterprise Risk Management is about
identifying, mitigating and ultimately optimising the
various risks that drive a company's success. Risk
cannot be eliminated entirely. Indeed it would be
wrong to do so as measured and managed risk
taking is actually what companies should be doing.
ERM is part of the overall process that transforms
risk to your competitive advantage. Done correctly
and we would strongly recommend, at an early
stage, ERM provides critical intelligence and
processes to manage the gamut of financial,
operational, reputational and natural and other
catastrophic risks that would otherwise keep the
Board awake at night unnecessarily. In addition,
regulators and debt rating agencies have increased
their scrutiny on the risk management processes of
companies, further heightening the potential
economic impact.
To embark on this process, here's a summary of the
key steps that need to be taken with the appropriate
professional advice and guidance.
Long term, a three-phased approach might prove
best suited to the needs of emerging Life Science
and Biotech companies. However, we would
suggest that any Company starts its ERM program
with a streamlined, practical baseline engagement
that will set the ERM foundation and allow The
Company to then progress its ERM program at a
rate appropriate to its requirements. For purposes of
the discussion below, we will refer to this initialization
phase as a Phase 1 engagement.
During the Phase 1 process, The Company would be
professionally guided to develop its ERM structure,
overarching ERM terms and definitions, its perceived
risk profile, and its initial perceived Risk list (via a
review of existing materials, interviews, limited use
of a questionnaire). Importantly, a heavy emphasis
would be placed upon leveraging the information
that The Company has already developed rather
than attempting to “reinvent the wheel”.
Further, we would work through the initial business
area risk workshops with The Company, facilitate
the first so-called Risk Council meeting to review
the workshop findings, and help to develop The
Company’s first validated and prioritized Risk Report
for executive leadership. This work would also assist
The Company to define the structure and processes
that it can use as it later proceeds to the risk
mitigation stage of its program.
3
Early stage ERM implementation for Life Science and Biotech companies
PHASE 1: ERM Program Development:
Define EBS’s ERM Program &
Vocabulary; Risk Mapping Exercise; Risk
Workshop; Report to Management
Step 1:
ERM Program
Development –
Define EBS’s
ERM Program
& Vocabulary
Step 2:
Risk Mapping
Exercise – Data
Gathering &
Development of
“Perceived Risk Map”
Step 3:
Risk Workshop –
Risk Validation.
Step 4: Risk Council
Review and Report
to Management.
PHASE 1:
The Development of The Company’s ERM
Program and its Initial Risk Mapping Exercise
A Phase 1 engagement would provide The
Company with the foundation for an effective,
sustainable ERM program. Based upon our
dialogue, we would suggest the following steps:
Step 1 – ERM Program Development – Defining
The Company ERM Program and its Vocabulary:
At the start of any process, the Company would be
asked to identify an “ERM Project Leader” as well
as an “ERM Core Working Group”, which ideally will
be cross functional and consist of four (4) to five (5)
persons including the ERM Project Leader. In
addition, the appointment of a Board representative,
usually from the legal or finance disciplines, is highly
recommended. In this role, they will oversee the
project, providing guidance and facilitating
organizational support as well as provide more
intimate feedback to and discussion with the rest
of the Board.
The initial ERM Core Working Group session
typically takes one full business day and is highly
interactive. During this session, the team will decide
upon the Company’s approach to ERM while also
crafting its formal ERM Mission Statement and
developing the Company’s unique ERM vocabulary.
Concepts and processes that are fundamental to
ERM success will also be reviewed. Finally, a
strategy to move the ERM process forward will be
reviewed for endorsement and support, e.g.
development of achievable goals and objectives for
the project; preparation of a draft annual
timeline/schedule that will integrate the new ERM
process into the Company’s annual budget and
strategic planning cycles.
Following the meeting, a Draft ERM Handbook will
be prepared. The Handbook will summarize the
approach and definitions/materials developed by the
Core Working Group. Once approved by the Core
Working Group, a status update can then be shared
with the appointed Board representative, through to
the executive leadership group. With the proposed
path finalised and signed off by the Board, the Core
Working Group proceeds to Step 2.
Step 2 – Data gathering & the Development of The
Company’ Perceived “Risk Map”:
After reviewing and consolidating available
information that has already been developed by
and for The Company, best practice suggests that
approximately five (5) to eight (8) members of the
Senior Management Team be interviewed to identify
‘perceived’ material risks within the Company
(approx. 1 hour/interview). These discussions
would be on an anonymous basis to encourage a
frank and candid dialogue. Some limited use of
questionnaires may also be considered, although
generally, questionnaires are not nearly as effective
as actual interviews.
The risk items developed during this interview/
questionnaire process would be combined with
other risks identified from existing materials for
discussion with the Core Working Group and
compiled into the draft perceived risk list. This set
of risks will form the basis for the risk workshops
discussed in the next step.
Step 3 – “Validation Workshops”:
This process involves cross-functional “Bottom-Up”
risk workshops for each of the main business areas.
These workshops, which usually include 8-12
participants from the relevant business area (and
other related disciplines that interact with and may
4
Early stage ERM implementation for Life Science and Biotech companies
have important insights) will:
• be provided with a background briefing on the
The Company's ERM process,
• assess those pre-identified ‘perceived’ risks
collected in step 2 as well as any new risks
which may be raised during the workshop,
• identify any low cost items for which risk
mitigation may be considered immediately
• prioritize those risks which may require funding
consideration
• consider the appointment of potential Risk
Owners for specific items proposed for risk
mitigation (based on time constraints of the
day). “Risk Owners” are persons who are
believed to possess appropriate skills and
expertise to lead a Risk Mitigation initiative
following senior management approval.
Ideally, one or two members of the Core Working
Team will participate in each of these sessions.
Workshop participants are normally senior
executives (Director, Senior Director, Vice President)
that have a good understanding of the business, as
well as the issues to be discussed. Validation and
prioritization are achieved via the use of an
anonymous, wireless voting system that has proven
highly popular and effective.
A report of Workshop findings and results is
generated that can be shared internally within The
Company and consolidated into a group level report
as described below.
Step 4 – Risk Workshop - Assessment of Phase 1
Findings:
Once the “Top Down” and “Bottom Up” assessment
of the risks are completed, the Core Working Group
(possibly with additional membership) would
convene to participate in an initial Risk Assessment
workshop (often called the Risk Council).
During this initial Risk Council session, the
group would be asked to assess the direct and
consequential implications, assess current controls,
and vote on the significance to The Company of the
compiled/combined risks gathered and assessed
during the previous steps, using an interactive,
anonymous voting tool. From this feedback, a
risk-prioritized “Heat Map” and summary report
will be developed for presentation to senior
management and for consideration in the Strategic
and Operational Budget process. The Core Working
Group may also identify potential Risk Owners at this
stage, time permitting. Risk Owners will eventually
be assigned to address priority issues approved by
The Company for risk mitigation initiatives.
Significantly, experience to date suggests that the
cost to mitigate many of risks identified through the
ERM process is fairly nominal. To address many
risks, all that is often required is the identification of
the issue, the dedication of focused effort, and the
removal of the internal barriers that has previously
precluded a solution. In instances where some
capital funding is needed, the prioritization
methodologies of an effective ERM process provides
Senior Management with a unique advantage when
deciding where to best allocate limited capital. Just
as importantly, ERM provides Senior Management
and the Board with an effective tool to define and
objectively measure progress against agreed upon
risk mitigation objectives.
After this initialization phase, The Company can then
assess its progress and determine a path forward
that meets with its needs and abilities.
5
Early stage ERM implementation for Life Science and Biotech companies
PHASE 2 and beyond
Successful and growing organisations are
increasingly outsourcing risk management and other
similar advisory and management functions, much in
the same was as the software industry is moving
from an ownership to rent-as-a-service model. JLT
has wide-ranging, deep experience in working with
the World's largest Life Sciences companies and is
therefore in an excellent position to be able to share
this rich seam of knowledge with emerging and fast
growing Life Science and Biotech companies. grow
it's involvement with its clients to suit their future
advisory and risk financing requirements.
DON'T RUN BEFORE YOU CAN WALK
If you're not convinced yet that this is a "must do",
essential investment for your company and its
stakeholders, just reflect for a moment on some of
the outcomes for companies that ignored it. [list a
few here....]
Just remember that a small but critical investment
early on in developing a professional company-wide
risk management culture will make it easier and
cheaper to finance, more attractive to buy or invest
in and more valuable overall.
You know it makes sense.
6
Early stage ERM implementation for Life Science and Biotech companies
NEIL CAMPBELL
Head of Life Science & Chemicals, Jardine Lloyd
Thompson Limited
After graduating in 1982 with a Masters in Applied
Biology Neil spent a short period in the Agrochemical
Industry before joining Sedgwick Group (insurance
brokers) in London, and subsequently moved to
Imperial Chemical Industries in London to work in the
company’s risk management department.
In 1993 ICI demerged its bioscience business to
form a separate company, Zeneca Group PLC, and
Neil was appointed global Risk Manager. In 1999
Zeneca merged with Astra AB to form AstraZeneca,
one of the world’s biggest healthcare companies.
Neil was subsequently appointed Director, Risk &
Insurance Services based at AstraZeneca’s
headquarters in London.
Neil joined Jardine Lloyd Thompson Risk Solutions
in November last year to head up JLT’s Life
Sciences Industry Practice.
Neil earned an Honours degree from Cambridge
University in applied Biology, has post-graduate
qualification in agronomy and is an associate of
the UK Chartered Institute of Insurers.
T: + 44 (0)20 7558 3996
JAMES BIRD
Partner, Jardine Lloyd Thompson Limited
James obtained a degree in Economics from the
University of Portsmouth and began his insurance
career on Guardian Royal Exchange's graduate
training scheme in 1993. He subsequently became
a Liability underwriter in the London Market. Moving
to Chubb as a Senior Liability Underwriter, he took
responsibility for several of their largest multinational
clients. In 2001 James became Senior Insurance
Manager at AstraZeneca, managing the global
product liability, clinical trials, marine, credit and
travel accident programmes. He moved to JLT in
2004. He is a Fellow of the Chartered Insurance
Institute and an Associate of the Institute of Risk
Management.
James leads JLT's approach to clinical trial
insurance and risk management, an area in which
he looks after some of JLT's largest clients. He is
heavily involved in the development of products
and risk management approaches aimed at better
addressing the risk profiles of life science companies
across the wider risk portfolio including supply
chains and liability exposures. James looks after a
number of clients in respect of their product liability
insurance programmes and is one of a team of JLT
Life Science Liability Insurance Practitioners who
provide technical advice to JLT's clients.
James regularly speaks at industry events on a
broad range of life science related topics including
product liability, clinical trials and supply chain risks.
T: +44 (0)20 7558 3580
7
Early stage ERM implementation for Life Science and Biotech companies
Jardine Lloyd Thompson Limited
6 Crutched Friars
London EC3N 2PH
Tel +44 (0)20 7528 4000
Fax +44 (0)20 7528 4500
Lloyd's Broker. Authorised and Regulated by the Financial Services
Authority. A member of the Jardine Lloyd Thompson Group. Registered Office:
6 Crutched Friars, London EC3N 2PH. Registered in England No. 01536540.
VAT No. 244 2321 96.
www.jltgroup.com. © November 2010 262978