Emerging trends in risk management: from the corporate consumer's perspective: an interview with John J. Hampton, executive director of the Risk Management and Insurance Society (RIMS).

The Risk Management and Insurance Society (RIMS) is headquartered in New York and is a proactive voice on behalf of risk managers, dedicated to supporting their function. It represents nearly 4,800 industrial, service, non-profit, charitable and government entities, and serves risk management professionals around the world.

Q. These days, when corporate risk managers talk, it is fashionable to speak of "Enterprise Risk Management." What challenges do you see in creating a system that will allow for managing risk in an enterprise-wide manner?

A. There are many obstacles to creating an ERM system. Most are internal to the organization rather than the result of external forces or factors. I have four examples. First, measurement of results. Companies know how to pursue their operating and profit goals. They have few tools for quantifying or otherwise measuring intangible risks. Second, weak planning processes. Budgeting pursues revenues, cost controls, and financial reporting for shareholders, creditors, and regulators. Planning processes are not aligned with risk management. Third, there is lack of acceptance. Many managers simply do not see the need to make changes or the role of ERM. Time spent coordinating risks with other units or integrating risk management practices do not bring visible results or financial benefits to operating departments. The fourth and last example is culture. Most corporate structures and behaviors are not suitable to ERM processes. Managers do not want to reveal weaknesses in their operations or gaps in their risk management activities.

Q. During the last 18 to 24 months, amid a hard insurance market and regulatory actions in response to corporate scandals, several of the CEOs in the insurance industry changed. Few of the new CEOs have come from the property/casualty/liability industry. Will this "leadership turnover" in the insurance industry benefit or harm the corporate risk manager?

A. new leadership in the insurance industry comes from organizations where the return on invested capital should match the level of risk assumed by the investor. As the insurance industry has traditionally under-priced its products, we can expect this to change in companies who bring in outside CEOs. The trend may have two effects. The first is higher prices. Insurance will be priced to provide adequate reserves and profits. The second is more valuable alternative risk products that give insurers a higher return on capital while providing more valuable risk protection.

Q. Amid premium hikes, depressed investment earnings and shrinking capital, the insurance industry is assuring us of disciplined underwriting that is sure to return stability in the insurance market. Yet with the exception of ACE Limited and a few others, reported loss ratios are well above benchmark. How do you see the continuing ability of the insurance industry to provide products and services for the corporate risk manager?

A. I see a trend in the wrong direction. Some underwriters are looking for new tools to narrow coverage. If they can identify the buyers who represent the most risk, they can exclude them from the risk pool. Insurance works better the other way. Cover everyone broadly, price the coverage to match the risk pool, and pay for losses among the organizations that pay the premiums. If insurers exclude trophy properties from terrorism insurance coverage, they will decline to sell coverage to those who need it. Agricultural cooperatives in Nebraska will not buy terrorism insurance. How are the needs of risk managers being met with that kind of scenario?

Q. While the Gramm-Leach-Bliley Act provides a framework for financial services integration, the functional regulation of insurance business, unlike the regulation of other financial services, remains in the hands of state regulators. This regional approach to insurance regulation is perhaps at odds with insurance globalization even though non-corporate consumers of insurance are local. On balance, does the U.S. insurance regulatory system benefit the corporate consumer of insurance products and services?

A. Probably not. Most people believe it is an inefficient system that is obsolete in a modern world. It raises costs for everybody, diverts money that otherwise would be available to cover losses, and impedes the development of new risk management practices and policies.

Q. The recent Sarbanes-Oxley Act mandates a risk management standard for corporate boards. Some argue that the Act will boost the risk management profession, while others argue that the Act will discourage entrepreneurial risk taking. On balance, how do you view the long-term impact of the Act for the risk management profession?

A. The answer depends on whether organizations approach the Act as a matter of compliance or risk management. Compliance is one small part of an effective ERM program. As an example, consider the issue of the "whistleblower." Corporations will implement anonymous whistleblower programs that promise no retaliation for reporting misbehavior. What will this do? Most organizations already had the ability for someone to report wrongdoings. The problem is that the board of directors and CEO should not be waiting for a whistleblower. By the time that happens, it is too late. Risk management seeks processes that avoid the need for compliance with governmental or other regulations because they have early warnings. I hope we will not go the wrong way complying with the new laws and regulations.

Q. By and large, distribution of insurance products and services to corporate risk managers remains a people-intensive process that relies on a very small number of powerful intermediaries. Is this distribution system able to cope efficiently with the developing needs of corporate risk managers?

A. I think so. The more time I spend with risk managers and brokers, the more I realize the complexity and sophistication of an effective risk management program. Risk managers need intermediaries much like senators and representatives need lobbyists. A risk manager has too many responsibilities to be an expert on all exposures in an organization. Expertise from brokers, third party administrators (TPAs), and technology companies improves the process.

Q. Many of the corporations that employ professional risk managers are global businesses and, as a result, have many culturally diverse stakeholders. Does the risk manager of a global corporation have any social responsibility that is different from the social responsibility of a purely domestic corporation?

A. Yes. The risk manager needs more powerful processes to localize risk management in diverse cultures. What works in Indiana may also work in Colorado but not in India.

Q. You have served the risk management profession in several capacities, including Provost of what is now the School of Risk Management, Insurance and Actuarial Science at the Tobin College of Business. What would you say is the most critical skill that university graduates of risk and insurance programs should have?

A. Everybody should know the answer to this question: analytical skills, interpersonal skills, and an ability to blend words and numbers! Risk management is a discipline that requires creative problem solving. Risk professionals need the same high-quality skills as are needed for any successful business career.

James Barrese, The Peter J. Tobin College of Business, St. John's University