11 April 2021

Can Risk Framework ‘Assurance’ reduce Insurance Costs? Yes, but will CROs pay for it?

I've long believed that effective Risk Management delivers tangible benefits to organisations. Ray Flynn, a risk expert with decades of real experience, shares his attempts to sell Risk Framework Assurance to reduce Insurance costs. Ray is a former Director of the IRM and independent Risk Consultant. 


Could an independent review of a professional service company’s risk framework result in it paying reduced Professional Indemnity Insurance premiums?  Probably.  Is it an easy sell?  No!

I was once on a management course where we started by listing things we would like to achieve from what we learned, detailed as a value to the company (additional revenue or profit).  It had to be something you wouldn’t have aimed for otherwise, so it could be directly attributed to the training.  Anyway, 6 months later we had to report on how well we had done in achieving these goals, again putting a value on them.  I think one of mine was to develop a new ‘product’ that would generate £X in revenue in the months following the course and I had achieved my objective.  Anyway, it turns out that this is how the training company sold their services to new companies.  They were able to list ‘testimonies’ from previous clients about how much the training had added to their bottom line.  In other words, the course more than paid for itself.

Whether this was in the back of my mind, or if through pure genius, I developed a plan to get companies to invest in an independent review of their risk management framework, in a way that would more than recover the cost of our consultancy work.  The focus was on professional service providers that paid huge amounts of money every year for Professional Indemnity Insurance coverage.  I remembered hearing that the company I once worked for had reduced its PII premiums by $millions by demonstrating to its insurers that it had implemented a robust system of risk management for its projects.  I figured that this could be taken further.  If these companies had their existing risk management processes and procedures reviewed by independent risk experts, would the insurance companies be even more comfortable in providing PII cover, to the extent that they would charge even lower premiums?  I checked with a contact I had in a broker specialising in this type of cover and the answer was that, as a general rule of thumb, an independent review by a reputable risk consultant could generate about a (once off) 20% reduction in annual premiums.  I asked if companies paying for other insurances, such as third-party liability, defamation, kidnapping, etc. could expect to see the same benefits, if they were to demonstrate some level of verification of their approach to risk, and the answer was a resounding ‘yes’. 

So, there it was: all I had to do was to team up with an established, reputable risk management consultancy (which I did) and target companies providing professional services (architects, engineering firms, law practices, hospitals etc.) large enough to be paying millions annually for their PII coverage and show them the sums: ‘Pay us £100,000 for an independent review of your risk management framework and, of course, implement our recommendations, and you will save yourself £1,000,000 or more on your PII insurance’!  Apart from that, you might actually improve your Risk Management performance.  The problem of in-house risk management teams not seeing the wood from the trees would be mitigated. It was a sort of Risk Management Framework Assurance certification, and it was a “no brainer”!

We started with engineering consultancies, which is where my background was, with a plan to bring on board legal, medical and other experts to ease ourselves into doing the same thing for other professional service providers.  The world was our oyster (I can’t think of a vegetarian equivalent of that one).  Everyone we spoke to in the companies we targeted was interested.  Some thought it was a brainwave.  “Why hasn’t someone come up with this idea before” and similar responses were heard.  Did we get any work out of it?  Nope, not a single paid hour!  Why not?  Well, I think there were a few reasons:

1)  We often ended up in front of the Chief Risk Officer (CRO) or equivalent, who, while agreeing with our approach, felt that the exercise could expose them in some way. Even though there was a chance that we would, independently, confirm that they were doing everything perfectly well, there was a risk that we would highlight some weakness, and that was a risk, I believe, some CROs weren’t willing to take, at least by voluntarily subjecting their ‘babies’ to scrutiny.

2)  Even when we got in front of CEOs, or other decision makers, I believe the worst enemy of risk management kicked in: Complacency!  “We’re fine on our own”.  “We can sort this out ourselves”.  Maybe they contacted their insurance brokers and were offered the ‘equivalent’ from their in-house consultancy arm?

3)  We ran out of time.  We were operating out of an office that was short of commissions and, with no easy wins, other things took priority, so we couldn’t sustain the campaign.  Maybe it needed a more global approach than we were doing at a local level.  We thought we’d be able to develop a successful template that could be taken and used in every country in which the parent risk management consultancy operated.  It might have been better to persuade the bosses in the US HQ to adopt it and develop it as an approach with existing clients in other sectors.  Perhaps we needed a bigger “name”. There used to be the phrase “no one ever got fired for buying IBM”. In the 1980s, IBM figured that their name was worth an additional 18% on the cost of their services. As long as their price came in ‘only’ 15% higher than the competition, there were assured of the sale. In a similar way, given the choice, most companies would engage a “Big-4” consultancy over any other.

I guess I’ll never know if this would have, or even has, in the meantime, succeeded.  Maybe someone reading this will think it’s still worth trying and message me from the Cayman Islands, in a few years’ time, to let me know how well it all went?  Go for it!  

-------------------

Ray Flynn

Ray is a semi-retired independent Risk Management consultant, with a focus on bribery and corruption.  He has carried out risk framework reviews and fraud risk assessments & investigations. He has also run two businesses and carried out interim management assignments, in 4 different countries.  He has worked extensively throughout Europe, the Middle East, the Americas, Asia and Africa and was also a key member of a team investigating corruption in the engineering industry with the World Bank over a two-year period.  He is currently based in Brussels.

 

Ray was a board member of the Institute of Risk Management for 3 years and Chair of the institute’s Investment Committee.  He also sat on the IRM’s Education & Standards Committee and spent 5 years on the Audit and Risk Committee.  He has contributed to, and authored, two of the Institute’s publications


No comments:

Post a Comment