By GRAHAM BUCK, who covers European risk management issues
LONDON---Risk management has secured its place on the boardroom agenda at companies across the Continent, reported the Federation of European Risk Management Associations (FERMA). Yet the main driver of risk management within companies is still compliance, legal requirements and business regulations. So despite appearances, no real change has taken place since the dramas of September 2008 began.
Yet the past two years has already been marked by a raft of new risk management rules coming into force. Most notable of these are the ISO 31000 standard, which offers best practice risk management guidelines--but is not compulsory and appears to have made only a limited impact--and the 8th European Company Law Directive, which has now been passed into law in most EU states.
As FERMA President Peter den Dekker observed, running a business has always involved risk taking, but the financial crisis accelerated demands for companies to be more proactive in their risk control.
"What's new with the directive is that there is a clear responsibility given to boards of directors and to their audit committees. Senior management is expected to be involved in risk management and risk taking. Directors have to give direction depending on the risk appetite of shareholders," he said at the well-attended, two-day seminar held by FERMA in London last week.
Europe's risk managers are also concerned by the implications of the fast-approaching Solvency II regime and tougher capital adequacy requirements that it will be introduced in about two years' time. They are also feeling the pressure of increasing expectations from their company's shareholders.
All of these elements were evidenced in FERMA's newly issued 2010 risk benchmarking survey, issued to coincide with the London seminar. The survey, which attracted 782 responses from across Europe, showed that many risk managers are unaware of the impact of the 8th EU Directive. About 42 percent of respondents either didn't know or offered no opinion on the implications for their company.
That caused FERMA board member Paul Taylor, also director of risk assurance for Morgan Crucible, to query: "How can risk managers govern what happens in the future if many of them are themselves not up to date with new regulation?"
2B OR NOT 2B?
FERMA points out that the crux of the new directive lies in section 2b, which states: "The audit committee shall, inter alia: monitor the effectiveness of the company's internal control, internal audit where applicable, and risk management systems... ."
Such an apparently simple statement disguises rather more complex issues, such as the future interaction between internal control, risk management and internal audit within European companies.
Gerard Lancner, president of France's risk management association Amrae, told London delegates that his team is already in talks with counterparts at bodies such as the Institut Franšais de l'Audit et du Contr÷le Internes (IFACI) to agree how the directive affects the respective roles of risk management and auditor.
To ensure that the implications of the 8th European Company Law Directive win boardroom attention, FERMA has joined forces with the European Confederation of Institutes of Internal Auditing (ECIIA) to produce a guide, which was also launched in London.
Another big unknown is whether Solvency II will presage the next hard market for Europe's insurance buyers. FERMA's benchmarking survey suggested that many fear the tougher capital requirements will reduce capacity and push up premium rates. Yet the London audience was more skeptical; a show of hands showed that very few expect the soft market to end either in 2011 or even within the next three years, by which time Solvency II will be making its mark.
October 4, 2010
Copyright 2010© LRP Publications