Meshing Distinct Viewpoints
Marilyn Rivers, director of risk and safety, City of Saratoga Springs
Several years ago, Whirlpool decided it could save 75 cents per unit if it outsourced the production of dishwasher water seals to a Chinese supplier. The annual savings were projected at more than $2 million.
But soon after the arrangement was made, the Chinese manufacturer changed to a different rubber supplier, causing a failure rate of nearly 10 percent, according to “Managing Risk in the Global Supply Chain,” a study by the Supply Chain Management faculty at the University of Tennessee.
By the time Whirlpool discovered the problem, more than 2 million dishwashers had been produced with the leaky seals and about two months’ worth of supply was in transit. The oversight cost the company millions — destroying the realization of projected savings for more than three years.
The study listed the example as one of the multitude of risks that can occur in supply chain management. And it’s an example of how risk management could have helped avoid the problem altogether.
In the most effective companies, risk management and procurement work together to ensure both the cost and quality of supplies and vendors, as well as proper risk transfer.
When those functions do not align, the organization suffers. That suffering may take the form of safety violations, product recalls and reputational loss, among other exposures.
But it’s not possible for procurement and risk management — organizational functions with two distinct viewpoints — to always agree. In some organizations, they rarely even communicate. It is possible, however, to build a relationship that allows the organization to prosper without undue risk.
Underlying the relationship should be a common mission of focusing on the organization’s goals as a whole, experts said.
“Risk management and procurement are partners in helping to grow the business and at the same time, growing the balance sheet,” said Brian Merkley, global director of corporate risk management at Huntsman Corp., a Salt Lake City-based global chemical manufacturer.
When he first joined Huntsman about 10 years ago, he worked with procurement and legal to develop a contractual risk transfer strategy document, which was “my first introduction to the procurement team and the processes they used. I found a good working relationship with them and it continues today.
“Cultivating a strong relationship with procurement is critical,” he said, noting that there is a constant challenge to make smart risk/reward decisions — balancing price against the potential exposure.
“Risk management and procurement are partners in helping to grow the business and at the same time, growing the balance sheet.” — Brian Merkley, global director of corporate risk management, Huntsman Corp.
Over the years, his department has provided important guidance to refine standards and strategies for procurement that include performance expectations of contractors, indemnity language, and insurance requirements, among others. It also has helped to develop a process to qualify various contractors that meet risk management and procurement’s standards so operations can run smoothly.
Contracts and insurance provisions can’t be reviewed in a vacuum, Merkley said, but have to include scope of work, indemnity, and relationships or prior experience with the parties. “We are going to insist on certain levels of protection based on the type of work,” he said.
In many organizations, risk managers are not in a position to influence procurement or supply chain decisions. They either don’t have the buy-in of the senior leaders of the organization, don’t have effective channels to collaborate on such decisions, or they don’t have sufficient understanding of the organization’s strategies and goals to provide effective input into procurement activities.
Gary Lynch, CEO and founder, The Risk Project, and a former global practice leader for Marsh, said that over the years he has been “shocked at how little the risk management community knew about the operations of their business. They knew how they made money, but they didn’t know who contributed to bringing value to the market.
“The majority of risk managers that I have worked with don’t have the opportunity, don’t have the capability and don’t have the value to really support [procurement or supply chain decisions]. Those are the three stumbling blocks,” he said.
The same can also be said for many supply chain professionals. According to the University of Tennessee study, most of them have little expertise in insurance products. Nor do they understand many of the potential claims issues — or the insurance programs that are available to protect them.
In the study, insurance ranked dead last in a list of 10 risk mitigation strategies to protect supply chains — ranking 4.5 out of 10. The top strategy was “strong suppliers,” ranking 7.5 out of 10.
“I think there is a lot of disconnect with folks between procuring and supply chain, and the risk management function,” said Mark Robinson, vice president of global operations at UPS Capital, which offers supply chain finance and insurance services. “In my mind, they don’t talk very much.”
There are some risk managers, however, who are able to add value to the procurement process. The words that keep coming up in conversations with them are “relationship” and “partnership.” Risk management and procurement work best together, they said, when both functions keep the organization’s strategic goals top of mind.
Robinson said the visibility of catastrophic events, targeted thefts and the larger size of container ships has heightened awareness of cargo, trade disruption and cyber risk insurance. From 2011 to 2013, the global cargo insurance market increased from $17.2 billion to $18.2 billion, about a 6 percent increase. And the U.S. market is increasing faster than the global market, he said.
The City of Saratoga Springs, N.Y., operates under regimented bidding processes. But even as the city is required to take the lowest bidder, it must ensure that it hires the lowest “responsible” bidder.
“Sometimes, folks give outlandishly low-priced bids,” said Marilyn Rivers, Saratoga’s director of risk and safety. “We structure it so that when we send out a request for quotes or a request for proposal, we place in the language that anyone chosen has to meet all of the requirements and has to be qualified.”
That means vendors or suppliers have to submit a certificate of insurance, execute the city’s “risk and safety agreement” and a “vendor code of conduct” as well as have sufficient prior experience and the ability to complete a project within the set time frame, among other requirements.
“We are always cognizant of the cost, but we must ask, ‘What is the benefit to the public versus the cost, because tax dollars are being used for those projects,’ ” she said.
Plus, Rivers said, the city must “look at the totality of how it impacts the community. … We can’t just slice up a roadway.”
At Sodexo Inc., which has 8,000 food suppliers and 25,000 non-food suppliers, Peter Rosiere, vice president, risk management, created a new position — supply risk analyst — to more fully bring the risk perspective to the supply chain team.
“One primary reason we created the new position was to develop that communication, linkage and a balance point between the two groups,” he said. “The groups tend to spin in different orbits. What we are trying to do is build a bridge. We have a good bridge. We want to make it even better.”
Evelyn Joe, who holds that new position, said her primary goals are communication, education and collaboration, trying to find the “best working relationship that meets the needs of the company and each team.”
It’s necessary, she said, to understand the other group’s needs and goals while sharing with them the needs of risk management “so we are not talking apples and oranges, so we understand the foundation. … We have worked extremely hard to become part of the supply management process.”
Sometimes, she said, procurement will seek approval of a supplier that does not comply with the department’s insurance requirements or standards. In such cases, procurement and risk management work together, along with legal, to research the organization and find a solution.
“That’s when I’ve been pleasantly surprised because of the constant relationship-building and education with supply management that they completely understand,” Joe said. “The supply manager understood why we couldn’t change our risk management requirements. It’s our job to help our client understand why we have the high standards we do, for both brand and customer protection.”
Opening the channels of communication is, obviously, the first step to creating or enhancing that relationship.
For Dwayne Eastwood, risk manager, McCoy’s Building Supply, it can mean walking around the office with a cup of coffee and asking, “What’s up? What’s the latest? Are you thinking about safety and risk management and contractual arrangements?
“It’s just getting in front of people for a couple of minutes and talking it up. You have to be involved early on. It’s critical.”
But it’s not just asking, he said. It’s also about following up on what is heard by “pointing out and illustrating what the risks are. …Credibility is paramount.”
Credibility matters because the ultimate decision is not within risk management’s control, he said.
“When you step into their world and you point out and illustrate what the risks are, they make the decision for the company that this risk is or is not acceptable. It’s everybody else who makes those decisions,” Eastwood said.
When he explains why a proposed plan “is not really a good idea, most of the time, they will go along with us. They don’t necessarily want to go against the grain. They take our advice most seriously,” he said. “That’s good, and I think credibility is where you get that from, and a proven track record.
“In the beginning, there were a lot of ‘a ha’ moments. It was really up to me and others to educate them that we needed to be involved on the front end. They didn’t ignore it; they just didn’t consider it. When they realized the risks and possible loss of life or big dollar amount lawsuits and what that could look like it was, ‘oh OK.’ ”
Using claims data in such conversations “speaks volumes,” he said. “I’m a huge fan of using loss history to evaluate the risk, frequency and severity, both.”
Eastwood’s colleague, Kevin Shute, director of merchandising-hardlines and merchandising operations, said that the partnership between his function and risk management has over the years “moved from a reactive to a proactive situation. … We like to think that the key to our interconnectedness or connectivity is we know each other personally.”
Shute said that when his team finds a new product from one of its 1,400 vendors, such as virgin sulfuric acid, which is “powerful, powerful stuff,” his team will work with risk management to review all of the processes, packaging, paperwork and safety training and product handling issues.
In another situation, when McCoy’s recently launched a propane tank exchange, the two teams “worked from cradle to implementation” through the contracts, insurance, permitting, vendor and store compliance, employee training, and all other aspects to eliminate any potential liability issues, Shute said.
“We typically don’t look at [risk mitigation efforts] as a problem,” he said. “We look at it as that’s what we have to do to protect our assets.”
It can sometimes be difficult to clearly understand what protection is needed when a catastrophic exposure hasn’t yet occurred, said UPS Capital’s Robinson.
For example, he said, he knows one pharmaceutical company that used to ship $20 million worth of inventory from its location in one truck to an airport 30 miles away every day. From there, it would be divvied up to be transported by plane to various locations.
While the company had claims after the inventory had been brought to the airport and transported, it never had a catastrophic loss related to the 30-mile truck journey. “Can you envision the scenarios? An accident? Being hijacked? Some problem where you lose the whole load?” he asked.
The company had $1 million in coverage for that $20 million load, he said, noting that a conversation ensued with the company about the plausibility of such a loss and how it could protect itself.
A good time for risk managers to begin expanding their partnership with procurement is when contracts are annually reviewed and renewed.
Requiring suppliers or service providers to carry insurance may not adequately protect a company from substantial losses, Robinson said. A major incident could push a supplier into bankruptcy, or a policy’s terms and conditions may not be conducive to compensating the company for its loss -— at least not without a lengthy court battle.
“The groups tend to spin in different orbits. What we are trying to do is build a bridge. We have a good bridge. We want to make it even better.” — Peter Rosiere, vice president, risk management, Sodexo Inc.
It’s not just whether insurance coverage will adequately protect the company. Much of the work risk management must do deals with business continuity planning. Is there resilience in the supply chain for all tiers of suppliers, inventory, labor and transportation? Is there a worrisome geographic concentration? Is there the potential for natural disaster or political upheaval? Is there an acceptable tradeoff between risk and reward?
“The reality,” Sodexo’s Rosiere said, “is that an organization cannot operate without supplies, be it for raw materials or services. But a company cannot operate without good risk transfer. This is not the case with Sodexo, as strict supplier insurance/risk transfer requirements are in place. There has to be an understanding of where the functions rest within the priorities of the organization.
“Sodexo’s awareness of the risk and the partnership with our supply management teams is a key aspect of our growth and culture.”
A lot of it comes down to how decisions affect the company’s margins, said The Risk Project’s Lynch.
When risk managers seek to manage compliance issues or ensure additional capabilities, they are introducing cost into the equation, he said.
“It’s clear to me that these folks have to navigate risk, and not manage it. … You have to manage to the margins,” he said. “Risk management has to be done within the context of the operation’s margin.”
“It’s looking at the totality of the risk,” Saratoga Springs’ Rivers said. “It’s looking at the total risk the project entails and how that project impacts the community, the business or employees, and what an entity, whether public or private, needs to do so it can mitigate risk so it can be successful and the entity doesn’t lose money on it. … The procurement standard should be dovetailed to the project.
“The goal of all risk management is empowering people. It’s a partnership that allows that empowerment but gives the opportunity to know when to ask more questions. … It’s achieving goals cost-effectively but not endangering the health and welfare of employees or the community in the process.”
Regular education and training are crucial, Huntsman’s Merkley said.
“We are all trying to grow the business in an appropriate way and safeguard the balance sheet from making bad bets, and it’s crucial we partner together in doing that.
“The best starting place is to develop personal relationships with the procurement management team, and secondly, you have got to do a lot of work to prove yourself as a reliable subject matter expert. When they come to risk management and look for guidance around insurance language, you have got to back it up.”
The 10 Percent
A watershed moment occurred in my life last week. In itself, it mattered little, but it was the moment at which technology began to deny me a future.
I wanted to buy, online, a dish rack — a metal frame for drying dishes. The local branch of my favorite store didn’t have one on hand, but I could have one delivered to the store by clicking a few buttons. Many screens later, I was instructed (in English English; I’ve translated) to “Enter cell phone number so we may text you the secret code required to collect your item.”
Not having what the British call a mobile phone, I could not order the product. It was the first time that my refusal to mobilize had rendered me impotent. (Not, strictly speaking, the first time: I would previously have been unable to park my car in parts of London without a mobile, had I owned a car.)
The dish rack incident, however, was the start of what I imagine will become a crippling inability to function as the years go by. Blame Edward Snowden, a friend said. Businesses need customers to have a unique key, in much the same way that computers require passwords, and a cell phone of their very own. (Cell users, apparently, don’t share their toys.)
Captive insurance companies are cool? I’ll have three. Cat bonds are sexing up the reinsurance space? Issue some. The logic is: If it works for the other guy, it’s bound to work for us.
I don’t want commerce to grind to a halt, mine or anyone else’s. I’m all for high-tech, within reasonable limits. At the last count, however, 10 percent of Americans and a higher percentage of Brits did not own a cell phone. The pesky little gadgets are by no means ubiquitous.
In the end, I walked to the store, ordered the dish rack, and returned a day later to pick it up. Very little real inconvenience, and a dose of good exercise thrown in as a dividend.
One imagines that the retailers of the dish rack must have concluded that the 10 percent on the wrong side of the digital divide can be ignored without hurting profits. For all I know, they might be right, although it doesn’t sound right.
Now consider the implications of this for the insurance industry.
Many insurance people behave like sheep. A pioneer comes up with a viable concept, and everyone else enters the same line of business, on largely the same terms.
Captive insurance companies are cool? I’ll have three. Cat bonds are sexing up the reinsurance space? Issue some. The logic is: If it works for the other guy, it’s bound to work for us.
If one giant retailer thinks that 10 percent of its customer base can be ignored without damage to profitability, the other retailers will come to the same conclusion. I can’t imagine the ways by which retail insurers will ignore the 10 percent, or some other 10 percent who fail to conform to some societal stupidity, but it seems highly likely that they will.
We hear a lot about ‘disruptors’, business people who come up with new ways of doing things that upset the settled methods of an industry. The Internet has spawned a deep admiration for such types, which has led in turn to established business practices being considered old hat.
The future belongs to the 90 percent, and so be it. The danger for retailers in this case, and insurers in the wider future, is that in the face of aggravation, 10 percent of everybody might decide they don’t need a dish rack, or contents insurance. Think how disruptive that might prove to the bottom line.
Pathogens, Allergens and Globalization – Oh My!
In 2014, a particular brand of cumin was used by dozens of food manufacturers to produce everything from spice mixes, hummus and bread crumbs to seasoned beef, poultry and pork products.
Yet, unbeknownst to these manufacturers, a potentially deadly contaminant was lurking…
What followed was the largest allergy-related recall since the U.S. Food Allergen Labeling and Consumer Protection Act became law in 2006. Retailers pulled 600,000 pounds of meat off the market, as well as hundreds of other products. As of May 2015, reports of peanut contaminated cumin were still being posted by FDA.
Food manufacturing executives have long known that a product contamination event is a looming risk to their business. While pathogens remain a threat, the dramatic increase in food allergen recalls coupled with distant, global supply chains creates an even more unpredictable and perilous exposure.
Recently peanut, an allergen in cumin, has joined the increasing list of unlikely contaminants, taking its place among a growing list that includes melamine, mineral oil, Sudan red and others.
“I have seen bacterial contaminations that are more damaging to a company’s finances than if a fire burnt down the entire plant.”
— Nicky Alexandru, global head of Crisis Management at AIG
“An event such as the cumin contamination has a domino effect in the supply chain,” said Nicky Alexandru, global head of Crisis Management at AIG, which was the first company to provide contaminated product coverage almost 30 years ago. “With an ingredient like the cumin being used in hundreds of products, the third party damages add up quickly and may bankrupt the supplier. This leaves manufacturers with no ability to recoup their losses.”
“The result is that a single contaminated ingredient may cause damage on a global scale,” added Robert Nevin, vice president at Lexington Insurance Company, an AIG company.
Quality and food safety professionals are able to drive product safety in their own manufacturing operations utilizing processes like kill steps and foreign material detection. But such measures are ineffective against an unexpected contaminant. “Food and beverage manufacturers are constantly challenged to anticipate and foresee unlikely sources of potential contamination leading to product recall,” said Alexandru. “They understandably have more control over their own manufacturing environment but can’t always predict a distant supply chain failure.”
And while companies of various sizes are impacted by a contamination, small to medium size manufacturers are at particular risk. With less of a capital cushion, many of these companies could be forced out of business.
Historically, manufacturing executives were hindered in their risk mitigation efforts by a perceived inability to quantify the exposure. After all, one can’t manage what one can’t measure. But AIG has developed a new approach to calculate the monetary exposure for the individual analysis of the three major elements of a product contamination event: product recall and replacement, restoring a safe manufacturing environment and loss of market. With this more precise cost calculation in hand, risk managers and brokers can pursue more successful risk mitigation and management strategies.
Product Recall and Replacement
Whether the contamination is a microorganism or an allergen, the immediate steps are always the same. The affected products are identified, recalled and destroyed. New product has to be manufactured and shipped to fill the void created by the recall.
The recall and replacement element can be estimated using company data or models, such as NOVI. Most companies can estimate the maximum amount of product available in the stream of commerce at any point in time. NOVI, a free online tool provided by AIG, estimates the recall exposures associated with a contamination event.
Restore a Safe Manufacturing Environment
Once the recall is underway, concurrent resources are focused on removing the contamination from the manufacturing process, and restarting production.
“Unfortunately, this phase often results in shell-shocked managers,” said Nevin. “Most contingency planning focuses on the costs associated with the recall but fail to adequately plan for cleanup and downtime.”
“The losses associated with this phase can be similar to a fire or other property loss that causes the operation to shut down. The consequential financial loss is the same whether the plant is shut down due to a fire or a pathogen contamination.” added Alexandru. “And then you have to factor in the clean-up costs.”
Locating the source of pathogen contamination can make disinfecting a plant after a contamination event more difficult. A single microorganism living in a pipe or in a crevice can create an ongoing contamination.
“I have seen microbial contaminations that are more damaging to a company’s finances than if a fire burnt down the entire plant,” observed Alexandru.
Handling an allergen contamination can be more straightforward because it may be restricted to a single batch. That is, unless there is ingredient used across multiple batches and products that contains an unknown allergen, like peanut residual in cumin.
Supply chain investigation and testing associated with identifying a cross-contaminated ingredient is complicated, costly and time consuming. Again, the supplier can be rendered bankrupt leaving them unable to provide financial reimbursement to client manufacturers.
“Until companies recognize the true magnitude of the financial risk and account for each of three components of a contamination, they can’t effectively protect their balance sheet. Businesses can end up buying too little or no coverage at all, and before they know it, their business is gone.”
— Robert Nevin, vice president at Lexington Insurance, an AIG company
Loss of Market
While the manufacturer is focused on recall and cleanup, the world of commerce continues without them. Customers shift to new suppliers or brands, often resulting in permanent damage to the manufacturer’s market share.
For manufacturers providing private label products to large retailers or grocers, the loss of a single client can be catastrophic.
“Often the customer will deem continuing the relationship as too risky and will switch to another supplier, or redistribute the business to existing suppliers” said Alexandru. “The manufacturer simply cannot find a replacement client; after all, there are a limited number of national retailers.”
On the consumer front, buyers may decide to switch brands based on the negative publicity or simply shift allegiance to another product. Given the competitiveness of the food business, it’s very difficult and costly to get consumers to come back.
“It’s a sad fact that by the time a manufacturer completes a recall, cleans up the plant and gets the product back on the shelf, some people may be hesitant to buy it.” said Nevin.
A complicating factor not always planned for by small and mid-sized companies, is publicity.
The recent incident surrounding a serious ice cream contamination forced both regulatory agencies and the manufacturer to be aggressive in remedial actions. The details of this incident and other contamination events were swiftly and highly publicized. This can be as damaging as the contamination itself and may exacerbate any or all of the three elements discussed above.
Estimating the Financial Risk May Save Your Company
“In our experience, most companies retain product contamination losses within their own balance sheet.” Nevin said. “But in reality, they rarely do a thorough evaluation of the financial risk and sometimes the company simply cannot absorb the financial consequences of a contamination. Potential for loss is much greater when factoring in all three components of a contamination event.”
This brief video provides a concise overview of the three elements of the product contamination event and the NOVI tool and benefits:
“Until companies recognize the true magnitude of the financial risk and account for each of three components of a contamination, they can’t effectively protect their balance sheet,” he said. “Businesses can end up buying too little or no coverage at all, and before they know it, their business is gone.”
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Lexington Insurance. The editorial staff of Risk & Insurance had no role in its preparation.