Risk Management Reports

October 2001
Volume 28, Number 8

September 11, 2001

It was unspeakable and unexpected, but not unimaginable. I had just started to read my morning emails when I received a note from one daughter telling me that another, who works in lower Manhattan, was safe. It was 9:20 A.M. Confused, I immediately turned on the television to see and hear the chaos, first at the World Trade Center and then in Washington. Throughout that day and the next few days I experienced the same outrage, shock, anger, horror and compassion for all those affected, and a growing numbness that millions around the world also felt.

I was eight years old when Pearl Harbor was bombed and my memory is of an ashen-faced father listening at home in Philadelphia to the news reports and to President Roosevelt's address to Congress. The vaunted insularity of the United States was shattered. I was 29 on that November 22 when word came from Dallas about the death of John F. Kennedy. We gathered around a portable radio in an 8th floor office in the Public Ledger Building, in Philadelphia, wondering how we as a country could survive. Now September 11 is the third in my personal litany of world-shaking events, viewed this time from Tenants Harbor, Maine.

This day is a solemn warning of our mutual vulnerability to the insane, the irrational and the fanatic, especially in a more closely-linked world interested in increased, not fewer, personal freedoms in travel, work, and expression. It is a reminder of the heroism and selflessness of our emergency services. It will also be a symbol of the natural resilience of the people of New York, Washington and this entire country.

September 11 is a reminder of the burden of global power and our responsibility for using it wisely. We idealistically try to help those in need and those who cry out for political freedom, sometimes failing. We inevitably create resentment, some of which becomes a fanatical backlash. Yes, swift and sure retribution is required, but we must also reach out to communicate with those who disagree with us, trying to understand their views just as we teach ours. This outreach is a long-term effort, needed especially in the Muslim world. From vulnerability must come resilience, a refreshed respect for the views of others, and a renewed confidence in ourselves, our future and our ideals. Adversity, in this case, breeds renewed strength, commitment and unity.

A return to some form of normalcy is the best antidote to this disaster but will we ever again board a plane or take an elevator in a high-rise building without a twinge of memory for September 11, 2001?

Japanese Risk Management Standard

Japan joins Australia, New Zealand, Canada and Great Britain in publishing a standard on risk management. JIS Q 2001:2001 is a set of "guidelines for the development and implementation of a risk management system," translated into English in July this year by its publisher, the Japanese Standards Association. This new effort follows closely the pattern established by its predecessors. According to one of my readers from Tokyo, the standard was originally intended as a statement for crisis management following the Kobe earthquake of 1995.

Its initial focus is on both the opportunity and loss sides of risk, using many of the basic definitions developed by the International Standards Organization. It then outlines seven "general principles" of any risk management system:

  1. Risk management policy
  2. Planning for risk management
  3. Implementation
  4. Evaluation of performance and effectiveness
  5. Implementation of improvement and corrective measures
  6. Review by senior management
  7. Structure and support to maintain the system

JIS Q 2001 covers the traditional scope of the discipline. Some strengths: it includes an excellent section on risk communication (Section 3.8.3), suggesting that disclosure should go to "associated organizations and individuals" (not otherwise defined) and noting that "concealment of risk-related information for purposes of confidentiality does not always contribute to risk reduction for the organization, and that such action may impose new responsibilities on the organization." The standard also includes a section on emergency response, something not found in its sister works.

Its deficiencies: it refers to "top management" without defining different roles for senior operating personnel and their governing boards. Given the dramatic changes in governance requirements in Europe and North America, this is a serious oversight. It also slips away from the broader view of risk when detailing the steps in risk analysis: "The organization should find risks that may damage (it)." Thereafter the document regresses into viewing risk management as a mechanism for protecting against adverse events. It emphasizes "measuring" risk management performance but suggests no means for doing so. I asked the JSA to elaborate: its response was to suggest a list of the "number of damages" (I think "losses" are intended) and a count of the number of persons taking risk management training. We can develop a better measurement system. Finally the standard is repetitive, perhaps a result of being a translation from the Japanese. This version is poorly written, in stilted English. It needs an editor's hand.

For further information on the other national standards see the "Useful Information" page of the Risk Management Reports website, or refer to past issues of March 1995, February 1996, January 2000 (Australia/New Zealand Standard), December 1997 (Canadian Standard), and May 2000 (British Standard). Copies of the new Japanese standard (English version) can be obtained from the Japanese Standards Association, 1-24, Akasaka 4, Minato-ku, Tokyo 107-8440, Japan, or contact Tomoko Ino at ino@jsa.or.jp

. . . an organization should introduce and carry out risk management to find risks in daily activities, to appropriately (sic) deal with risks, to develop emergency response plans and resumption plans for maintaining and resuming the organization's operations in the event of an emergency.

From Introduction, JIS Q 2001:2001, Guidelines for development and implementation of risk management system, Japanese Standards Association

Risk Perceptions

The September 2001 issue of Scientific American cited some disturbing data on prevailing beliefs in paranormal phenomena in the United States.

Column one is the percentage of those who believe in these phenomena and column two is the percent change from 1990, according to the Gallup Organization and Nielsen Media Research.

Psychic or spiritual healing 54% +8%
Extrasensory perception 50% +1%
Haunted houses 42% +13%
Ghosts or spirits 38% +13%
Telepathy 36% 0
Extraterrestrials have visited the earth 33% +6%
Astrology 28% +3%
Communication with the dead 28% +10%
Reincarnation 25% +4%

The magnitude of these beliefs, at least in the United States, confounds efforts of rational risk analysis and risk communication with affected stakeholders. It is a continuing challenge for risk managers. As I have emphasized before, the perception of risk carries far more weight that any expert's sage opinion. Risk management begins with these perceptions, as strange and as irrational as they may be. Altering opinions is difficult if not impossible when perceptions like these persist.

If enough people believe in such celestial balderdash (astrology) and begin to mold their behavior to conform to what they believe to be their "true" natures, then their beliefs might be mildly self-fulfilling.
John Allen Paulos, Once Upon a Number, Basic Books, New York 1998

Comments on Risk Management Conferences and Organizations

Earlier this year I reported on the GARP (Global Association of Risk Professionals) and the RIMS (Risk & Insurance Management Society) annual meetings (see RMR April and June 2001). Two readers, both of whom are anonymous for obvious reasons, replied about my comments.

The first, with a major New York financial institution, writes:

"After attending both RIMS and GARP conferences, I find both to be more 'hype' than value. RIMS remains tied to buyers of risk transfer and mitigation services. GARP is tied to buyers of financial risk modeling and information services. GARP may use fewer service provider presenters, but I found sessions at both conferences over-reliant on service providers for the majority of information. As Diogenes LaŽrtius wrote in the early 3rd Century, 'If appearances are deceitful, then they do not deserve any confidence when they assert what appears to them to be true."

My second reader, with a financial institution in Boston, sounds a similar complaint: "While many so-called leaders in risk management are walking around touting their use of certain alternative risk transfer products, most of them, if they bothered to look, would discover that these new products are pretty much just some form of plain old insurance dressed up to look a bit more 'holistic,' and the so-called risk managers are still essentially the same as they always were - simple insurance managers."

"There was a time when I used to be much more involved in and supportive of RIMS as an organization-a time that I attribute to being young, naÔve and more easily impressed by the reputations of so-called industry leaders. Since then, my own work experience has led me to see through the self-induced smoke and mirrors of RIMS membership-it is an outmoded organization serving an outmoded profession with outmoded tools and services. . . . I still believe risk management holds tremendous opportunity as a profession and discipline. Can you imagine what I could be if it only had an association group to be the steward for its future? Maybe someday!"

Since then, my own work experience has led me to see through the self-induced smoke and mirrors of RIMS membership-it is an outmoded organization serving an outmoded profession with outmoded tools and services. . . . I still believe risk management holds tremendous opportunity as a profession and discipline. Can you imagine what I could be if it only had an association group to be the steward for its future? Maybe someday!"

I share these laments as I attend risk management conferences. RIMS is too insurance oriented. GARP is a haven for quants. SRA (Society for Risk Analysis) is a lecture hall for public policy academics. Some move beyond their own boundaries. The IIA (Institute of Internal Auditors) has produced the best risk management publications over the past five years and its RM conferences go beyond traditional internal auditing. AIRMIC (England's Association of Risk & Insurance Managers) welcomes diverse points-of-view. Three of the best conferences in the past few years came from Canada's Conference Board. Most of the commercially-produced conferences, however, fall afoul of the Diogenes admonition: they have service providers as sponsors and their spokespeople are prominent speakers. Buyer beware!

We need more cross-fertilization among risk management organizations and their annual conferences. Emergency planners, public policy risk analysts and financial modelers should speak to its members. GARP and SRA should reach out to their sister groups. Perhaps then those interested in holistic, integrated or enterprise risk management will have an opportunity to hear all the voices of this discipline. And someday we will form a single organization representing the combined view.

As my first reader concluded, "even the most prepared fail, so one always needs to look around the corners!"

He accepted the fact that history, the conglomeration of ideas, facts, and desires which he fought for or against, came to be only in the company of others, in something shared with others.
Carlos Fuentes, The Campaign, Farrar, Straus and Giroux, New York 1991

Risk Management in a Down Economy

It may not yet be a "recession" officially, but the global economic signs are there and the repercussions from September 11 will make it a reality. Several weeks ago a free-lance writer called to ask my opinion of how a risk manager should respond to these new circumstances. His focus was on insurance risk managers, facing sharply escalating premiums and weakened underwriters. I gave him some comments and then reflected on the broader challenges.

As "risk" contains the potential for both upside and downside results, a good risk manager should review both for an organization.

The upside opportunities:

  • Refine internal strengths, including stability.
  • Emphasize quality and service to core customers, when competitors may be skimping on both.
  • Refine supplier relationships, persuading them to share in cost reductions in return for longer-term commitments.
  • Retain more risk internally, based on rigorous risk analyses as well as on the shrinking capacity of external risk sharers.
  • Shift toward increased dividends to shareholders, to help support stock prices, when investors are more concerned with "value" than the possibility of stock price inflation.
  • Substitute more tangible rewards for employees, away from stock options and similar "disappearing" benefits.

Some of the downside effects:

  • Prepare for adverse reactions of all employees resulting from staff reductions.
  • Prepare for ripple effects in credit risks: defaults by customers; failure of suppliers; harder terms from lenders; increased country risk; more volatility in currencies.
  • Prepare for insurer/reinsurer defaults, following the September 11 disasters. Risk Management Solutions (California) suggests that the total "insured loss may reach or exceed $25 billion (see its "World Trade Center Disaster Report" of September 18, 2001 at www.rms.com). Morgan Stanley has an equally pessimistic report of insured losses of $25 to $30 billion, adding that "Lloyd's of London is in jeopardy". Of the reinsurers' own loss estimates, Morgan Stanley notes: "we continue to be highly skeptical of many of these estimates. Some of them are so low, given what we know about the businesses and exposures involved, they are simply not credible." For a copy contact Alice.Schroeder@morganstanley.com
  • Increase contingency reserves.

The overall response of risk management should be to improve and increase communication with key stakeholder groups (how we are doing; how we plan to ride through downtimes; etc.). Suppliers, employees, customers, securities analysts, regulators, lenders and communities all need attention and reassurance with rising uncertainty. A Chief Risk Officer with a communication mandate will earn his or her stripes under these circumstances.

Down times create remarkable opportunities. Other will vacate markets or service segments, reduce product or service quality, and increase prices. Often competitors are so focused on short-term survival that they allow others to step into their markets. Search out these niches and take advantage of them, using the tools of risk analysis.

A good risk officer is a contrarian: look for the opportunities in the down market!

Another sermon-
wafting through words without end,
the smell of coffee.
A haiku by J. W.Hackett

The Camel's Nose

A fresh tidal wave of asbestosis claims drives more companies into bankruptcy and threatens the reserves of insurance and reinsurance companies worldwide. Equitas, the London facility that "saved" Lloyds may yet be crushed by these losses. Russ Banham's article in the September 2001 issue of CFO summarizes the criticality of the situation, one that corporate finance officers and insurance underwriters and actuaries once thought subsiding. The monster has re-appeared. Over 300,000 claims are pending in US courts. Given the difficulty of determining actual exposure, the long latency period for the emergence of symptoms, and the aggressiveness of the plaintiff's bar, corporations and their counsel are looking for new means of relief.

One idea is legislation that permits an exemption on income of trusts set up for current and future victims. Another is to carry-back net losses to prior years, allowing a refund of paid Federal taxes.

If either or both are permitted, they may be the proverbial camel's nose under the tent. For more than forty years, financial analysts argued that corporations should be able to set aside tax-deductible self-insurance reserves for future contingencies, such as those arising from asbestosis claims. These arguments have been firmly resisted by the insurance industry, anxious to protect its turf as the only mechanism permitted tax-deferred reserves. Other opponents include legislators, who fear a drop in corporate tax income, regulators, who suspect that reserves could be improperly manipulated by finance officers, and accountants, who argue that, for deductiblity, a loss must have occurred and be measurable in size. Actuaries, of course, have long been able to project future from past losses.

So little progress occurred. Many corporations instead selected captive insurance companies as a partial mechanism for creating contingency reserves. Now the asbestosis crisis may permit the creation of trusts with tax deductibility for their funding and permission to accrue interest tax free. If this happens, will it be the first small step toward allowing other self-insurance reserves? The first step might be permission for reserves for liabilities such as asbestosis, environmental damages, product recall and product injuries. Later the trusts could be expanded to direct damage catastrophes, such as earthquakes, windstorms, and floods.

The antipathy of the insurance industry is obvious. Yet if it finds itself in a shaky financial situation (asbestosis losses and reserves; natural hazard losses; the aftermath of September 11 - see prior article) it may accede to the idea of greater corporate funded self-insurance as a necessary buffer for its own underwriting.

Watch this camel's nose carefully!

. . . the sea is an uncertain chancy whimsical female lunar element: you advance one mile upon its surface and at the same time the whole body of water has retired a league.
Patrick O'Brian, The Ionian Mission, W. W. Norton & Co., New York 1992

"Four Cubed"

In April 2001 I delivered a lecture, entitled "Four Cubed," at Temple University, discussing four hypotheses, four questions, and four cautions about the developing discipline of risk management. I converted it into an article that was published in the September 2001 issue of Risk Management, the magazine of the Risk & Insurance management Society. I've now posted the article, with the permission of RIMS, on the 'Useful Information" page of the RMR website: www.riskreports.com. If you have not already seen and read it, please do so and let me have your comments.


Last month I reviewed the Integrated Risk Management Framework published by the Secretariat of the Treasury Board of Canada. A Montreal reader advises me that its full text is available on the Internet at: www.tbs-sct.gc.ca/pubs_pol/dcgpubs/RiskManagement/rmf-cgr_e.html The correct website for the Canadian Centre for Management Development is www.ccmd-ccg.gc.ca My apoligies: I used a dot instead of a dash.

Copyright H. Felix Kloman and Seawrack Press, Inc.

Return to RMR Table of Contents
RiskINFO Home Page
Additional Topics This Month and Archives