Focus Feature Book review Nat cats With QBE European This month, we Counting the cost Operations read Futureproof of the bushfires

cirmagazine.com April 2020

Weinstein and the workplace Compliance, risk and HR professionals should heed the warning signs

Eastern horizons The Middle East remains a crucial business region, but one where balancing risk and opportunity is vital

Adjusting course Interconnectivity brings a heightened risk of cyber attack or systems failure for the maritime sector

COVID-19 From chaos to continuity

View: “There is much debate about the extent to which we have entered a true hard market”

cover_v2.indd 3 07/04/2020 08:21:56 NEW DATE 9 DECEMBER 2020

The pinnacle of achievement in business continuity, security and resilience

London Marriott Hotel, Grosvenor Square

Sponsored by In association with Supported by

cirmagazine.com/businesscontinuityawards

BCAstd.indd 1 07/04/2020 13:47:32 Comment News & analysis

Comment

haotic scenes in to be the need to move fast, assume the worst, supermarkets, tension be comprehensive, and secure employee and even brawls on safety first and operational continuity next. public transport The second focuses on accepting that you over mask-wearing may spend “most of your time” on employee and coughing, fake communications – keeping up positivity and news, fake remedies, morale, and, importantly, listening as well and alarming as talking. A common theme throughout headlines around the crisis has been the value of separate A the stockpiling and resale of PPE at exorbitant and B teams for critical operations, support prices all characterise the darker side of suppliers and ecosystem partners. The ADL what can happen when people are faced with report goes further, urging innovation in Ca pandemic. cash management, and collaboration with These headlines were counterbalanced authorities and communities. with news of powerful acts of generosity, The final key insight was to start solidarity and commitment by companies and realistically planning for recovery now, despite individuals to pursue the greater good – from the difficulties of maintaining a positive restaurants making and delivering free food attitude in the depths of a crisis. “All the for frontline staff, entire production lines business leaders emphasised the importance switching from making their usual products of positivity, in terms of both maintaining to manufacturing masks and other protective morale and ensuring the best – and fastest equipment, to shop workers putting themselves – recovery possible following the crisis,” in danger to feed locals, and communities the report reads. “This does not mean false coming together to reach out and look after optimism and denying realities, but rather, those in need. acknowledging that although the crisis may Weeks later, and the focus has shifted to not be over quickly, it will not last forever. In when lockdown may end. Already there are practical terms, our leaders acknowledged that signs that it is working in the UK, with the in the early stages of the crisis, and especially virus’ peak expected in the coming weeks. if companies were damaged and focusing on But it is not over yet, and until it is, the focus survival, there might be little enthusiasm for remains on getting organisations through working on recovery. Setting up separate teams the crisis. to focus on this is one way to make progress.” Some excellent examples of these efforts The respondents to ADL’s research also have been compiled in one of the first recognised that the post-crisis business reports on the business response to the environment would present a raft of new crisis. Researched by global management opportunities. Among them were the creation consultancy, Arthur D. Little, the report details of efficiencies, increased productivity, and the actions and reactions among global CEOs further ‘smart working’ practices; greater in the telecoms, transport and utility industries automation and more flexible working; step delivering critical infrastructure services changes in customer adoption of online in Asia and Italy during the early spread of services, including potential for new remote the virus, and is recommended reading for products and services, such risk professionals leading or involved in any as diagnostics and testing; element of their companies’ own response. and M&A opportunities The insights are from leaders who arising from shake-out and maintained effective operations through the consolidation. worst of the pandemic and are now preparing Deborah Ritchie to rebuild. The first area of focus was found

cirmagazine.com April 2020 03

CIR-EditorialComment.indd 1 07/04/2020 17:08:18 SAVE THE DATE 4TH NOVEMBER 2020

The 11th annual Risk Management Awards

The pinnacle of achievement in risk management

cirmagazine.com/riskmanagementawards

Sponsored by Headline Partner Supported by

London Marriott Hotel, Grosvenor Square

RiskManagentAwards-2020_SaveTheDate.indd 1 07/04/2020 14:21:55 contents.indd 1 Adjusting course Eastern horizons COVID-19: From chaosto continuity Weinstein andtheworkplace chains Ant it reports Gould serves. or systems failure for maritime the –and sector supply the interconnectivity brings attack aheightened risk of cyber An increased trend towards and reliance on important now as ever, writes Martin Allen-Smith region for manyBalancing firms.risk and opportunity is as and unpredictable of part world the but remains acrucial EastThe has Middle provenpolitically be a volatileto Ritchie reports mosteven the frequently war-gamed Deborah scenarios. forcing businesses to operate inways that might transcend Rightly or wrongly, of severity the ongoing the lockdown is argues QC Henry landmarks of cultural and significance, legal Edward The recent Harvey Weinstein and trial verdict are to be used as aprofessional used to be information source. We accept no liability for decisions of any nature, including financial,that are made as a result of information we supply. CIR Magazine and its content and inall any are media of part Perspective Publishing Limited. Perspective All Publishing Limited’s content for is designed professionals and MARITIMESECURITY POLITICAL RISK COVER STORY OPINION Cover story From chaos to continuity 20 18 14 12 COVID-19 creates an unprecedented human challenge government intervention pandemic inthis writes, unprecedented the of reaction scale and before COVID-19, but, O’Riordan as Deborah Working from home was BAU for many long on construction the Andy Kane examines key risks, the as he liftsalid issue, built they an entire hospital injust 10days. of patients needing urgent care. To address the authorities were facing number inthe asteep rise Following outbreak the of COVID-19, Chinese industry counts cost the to economy the and to insurance the and time take resourceswill to fix. Jeremy Hughes Australia’s bushfires,thedamage done,been had and Despite of sigh relief global the rain when fell on WITH QBEEUROPEANOPERATIONS Into the forest New dimensions Raisingtheramparts COVID-19 FOCUS FEATURE NAT CATS Circulations Member Audit Bureauof 14 07/04/2020 13:57:13 32 30 29 24 Editorial & features

News, views & regulars

Analysis 7 Book review 9 Group editor News in brief 10-11 Deborah Ritchie [email protected] Industry views: Tel: +44 (0)20 7562 2412 Airmic and CII 48 Associate publisher IRM 49 Steve Turner [email protected] Executive summary 50 Tel: +44 (0)20 7562 2434 Market Guide: Industry products & services 51 Design & production manager Matt Mills [email protected] VIDEO Q&A 34 Tel: +44 (0)20 7562 2406 Delegates authority schemes Publishing director Mark Evans Deborah Ritchie speaks to John Dawe about Tel: +44 (0)20 7562 2418 the benefi ts of a scheme, what the journey Managing director looks like, how RSA helps partners maintain John Woods Tel: +44 (0)20 7562 2421 compliance, and much more Contributors Martin Allen-Smith NATIONAL INSURANCE AWARDS 37 Andrew Beckett Dr Matthew Connell THE WINNERS Ant Gould Th e winners of the 2020 National Insurance Edward Henry QC Jeremy Hughes Awards were revealed at a gala dinner and Andy Kane John Ludlow awards ceremony at the Waldorf Hilton in Deborah O’Riordan London in March. See all the photography Iain Wright and winners from the night here Accounts Marilou Tait RISK MANAGEMENT AWARDS 43 Tel: +44 (0)20 7562 2432 2020 AWARDS PREVIEW Subscriptions Tel: +44 (0)1635 588 861 Th e Risk Management Awards 2020 are [email protected] open for entries. Celebrating success £189 pa in the UK within the practice of risk management, £199 pa in the EU £209 pa elsewhere the 11th annual event will bring together Cheques must be made payable to organisations and individuals from across Perspective Publishing Limited and the industry to showcase their best products, addressed to the Circulation Dept. projects and people. Th e deadline for entries is 9th July 2020. Take a look at the award categories today. CIR Magazine is published by:

Perspective Publishing 6th Floor 3 London Wall Buildings London Wall London, EC2M 5PD UK

Tel: +44 (0)20 7562 2400

ISSN 1479-862X cirmagazine.com

contents.indd 2 07/04/2020 13:59:25 Environmental claims management: pre and post-loss

Response Investigation Remediation

0800 592 827 adlerandallan.co.uk

Untitled-1 1 20/03/2020 08:54:40 News & analysis Cyber resilience

Art of distraction As expected, the frequency of attempted cyber attacks has shot up amid the COVID-19 outbreak. Andrew Beckett outlines some important considerations for cyber resilience throughout the pandemic, and indeed beyond

n what has felt like a sprint start to a marathon, keeping result in the downloading of malicious malware gaining up with the coronavirus pandemic is leaving businesses access to a firm’s network, if clicked through. It is vital that with little time to calculate approaches as they are forced the workforce must be made aware of this type of attack – to react to daily developments ‘on the job’. Unfortunately, awareness is key to mitigating this risk. Iin moments of crisis, cyber criminals are known to capitalise • Operating security operations remotely What if access to a on the confusion and, with the peak of crisis not yet upon security operations centre is restricted? Assuming all us, businesses who are aware of the threats to their IT incidents will have to be dealt with remotely is important, infrastructure will be best placed to mitigate such risks. and businesses who can, should simulate running the SOC Here’s what firms should be doing to maintain cyber with remote personnel. resilience now and avoid critical moments: • Third-parties’ capabilities Whether an outsourced security provider has your full trust or not, it is worth asking exactly Remote access what processes they have in place to manage the crisis. The government’s advice to avoid ‘non-essential contact’ They may never have dealt with one before, so you are means that organisations have and should be implementing within your rights to question the systems and policies in work from home policies where it is possible to do so. While place to ensure that their business is minimising all risks. this eventuality has looked likely for a couple of weeks, • Offline back-ups With ransomware increasing in many businesses have not yet prepared their networks with sophistication and reach, it’s vital that offline backups appropriate security and privacy controls to withstand the are tested and protected. Experiencing a cyber increased risks this brings. For all businesses, security must be security crisis during a much broader crisis like this, is at the top of the list of concerns. Key areas of focus should be: potentially catastrophic. • Establishing a unified network Connecting to the company network through a virtual private network is important. Third-party preparation Unlike disparate networks, which have the potential Finally, it’s easy to overlook a partner’s preparations while for many entry points, a unified network offers the greatest getting your own ready, but closing your eyes and hoping protection. Technology teams should be aware of they’re ready should be the last thing you do. Without a connectivity issues and must ensure systems facilitate key supplier, operations could halt during a period that simultaneous connections. will be challenging even for the best prepared. It’s vital • Functionality Can your team carry out their functions as to communicate throughout the entire supply chain the normal? From setting up a phone system to connect importance of data and cyber security. Actions should be everyone, to having access to all the necessary data, it’s shared, security discussed and strategic ‘what ifs’ brainstormed important for businesses to test jobs from minor to major to ensure everyone is taking action. outside the office. “Without a key supplier, operations could halt • Protecting private material Employees may need to print during a period that will be challenging even for out and safeguard sensitive material. The resolution for the best prepared” this is simple; a cross-cut shredder or a box to store the material until it can be brought in for proper disposal will Today’s crisis conditions are unpredictable, and the only be effective. way to develop resilience to what might lie ahead is to take time to plan systematically. Those who have tested scenarios Testing while building the flexible infrastructure to match, will be best With events unfolding quickly, actions must follow suit. Testing placed to deal with whatever lies around the corner. solutions immediately, under real world conditions, will expose weak spots and enable businesses to efficiently scale up. Organisations must also consider cyber security compromises. Andrew Beckett is managing director at Kroll, a division Key considerations include: of Duff & Phelps • Phishing attacks Links sent to employees with compelling subject lines – perhaps playing into people’s fears – may

08 April 2020 cirmagazine.com

analysis.indd 1 06/04/2020 15:17:13 Book review News & analysis

Inspiration for resilience professionals

Futureproof: How to Build Resilience in an Uncertain World By Jon Coaffee, Yale, 2019 Reviewed by Deborah Ritchie, group editor, CIR yalebooks.co.uk very day is a good day to talk about In seeking to mitigate risk, the author posits that Epreparing for the future. But yesterday is the traditional approach of planning for specific, known always the best time to start. disruptions should be reinforced by anticipating unknown To suggest that the idea of forward future challenges, and by developing the capacity to adapt to planning is new would be ridiculous – entirely new threats. This, he says, would enhance our ability to especially to the resilience community. But that’s not the bounce back (using our tried and tested traditional methods), premise of this book. and give us a further ability to ‘bounce forward’. Whilst its introduction provides a potted history of risk, “Coaffee believes we now stand at edge of an uncertainty and society’s way of dealing with them throughout age of permanent adaptation – with ‘new normal’ the ages and across geographies and cultures (including the obligatory Lloyd’s Coffee House story; what book on risk is levels of uncertainty and volatility” complete without it?), author Coaffee uses it to set out his stall That’s the ‘what’, so what of the ‘how’? In its nine chapters, early on. one is dedicated to the topic of organisational agility, which To understand fully where the author is taking us, one looks at such notable developments across the resilience has first to take a look at where he has come from. Jon Coaffee spectrum as the emergence of the doctrine of UK resilience as a is Professor in Urban Geography at Warwick University in response to the fear of terrorism post-9/11, and the appearance the UK’s Midlands. The focus of his work is on the interplay around five years later of the notion that resilience might even of physical and socio-political aspects of urban resilience, a bring about competitive advantage.This all seems like a long topic to which he is clearly deeply committed and on which time ago, and indeed the message has permeated far and wide he has been widely published – with a particular emphasis since then. on the impact of terrorism and other security concerns on Just as well, as fast-forward 15 years, and Coaffee believes the functioning of urban areas. Also relevant to the thrust of we now stand at edge of an age of permanent adaptation – one this book is his position as co-lead of the University’s Global where ‘new normal’ levels of uncertainty and volatility will Research Priority in Sustainable Cities. compel us to become better able to adapt “in order to cope So, Coaffee’s areas of focus, study and interest are when everything around us is in flux and find new pathways to specifically urban security, the politics and practices of navigate our deeply changeable world”. resilience, counter-terrorism, political geography and disaster It’s at once exciting, terrifying, reassuring and nerve- management. That is, physical disasters such as those borne wracking. out of natural or man made catastrophes – from hurricanes What you won’t find in this book is anything on the to terrorism. And it is specifically these topics that he explores topic of pandemic planning. Which might be a relief to in Futureproof. some readers – not just because we can’t go anywhere without reading about COVID-19 (can’t go anywhere full stop?), but also because ‘other’ risks don’t cease to exist just because the ‘big one’ is dominating the front page. Every day. This not the only book going by this title; there are lots of others – in fact a handful were published in 2019 alone. One in particular, Futureproof! 13 Things Your Parents Can’t Tell You About Tomorrow, struck me as worth a look for readers with inquisitive teens. Now is as good a time as any to get children acquainted with the concepts of risk and resilience, and how they affect lives and livelihoods today and tomorrow. (You’ll have to tell them the Coffee House story yourself, though, as it skips that part.)

cirmagazine.com April 2020 09

BookReviews_.indd 2 06/04/2020 15:21:31 News & analysis News in brief

News briefing A round-up of the latest industry news

The Financial Conduct Authority said it expects all The Association of British Insurers warned that firms to have contingency plans in place to deal with most businesses will not be covered for coronavirus. the COVID-19 outbreak, as it would any major event, In a statement the trade body said: “Irrespective and, along with the Bank of England and the Treasury, of whether or not the government orders closure was working with a number of firms to assess of a business, the vast majority of firms won’t have operational risks and business continuity measures. purchased cover that will enable them to claim on their insurance to compensate for their business being closed by the coronavirus.

The oil, mining, metals and extractive Willis Towers Watson launched a tool that provides industries continue to make up the most real-time information on confirmed global COVID-19 significant proportion of demand for specialist cases alongside clients’ property total insured values by credit and political risk insurance coverage. So said BPL Global’s annual Market Insight report, location. Part of its Global Peril Diagnostic modelling which pointed to an increase in enquiries from tool, the new feature will help clients more easily OECD countries – a continuing development track developments of the pandemic alongside their from historical demand for CPRI to cover property assets. emerging market risk. This month, the broker also launched a community group aimed at providing data, knowledge and The City watchdog later told regulated firms that solutions to its business aviation clients. The group, their designated Senior Manager or equivalent person A Class, focuses on data analytics and risk strategy, is responsible for identifying which of their employees equipping business aviation operators with data and are unable to perform their jobs from home, and have expertise to help them analyse and mitigate risks. to travel to the office or business continuity site. A report published by the British Standards As more and more businesses implemented remote Institution highlighted the ongoing risks relating to working practices amid the outbreak, BSI’s Cyber the coronavirus outbreak, widespread protests and Security and Information Resilience team put together climate change as key drivers of global supply chain a series of tips for businesses and workers as to how disruption. Using data from its SCREEN tool, BSI to best prepare for working away from their offices predicts these trends will dominate the global supply efficiently and securely – from protecting confidential chain throughout the year ahead. business information to effective working patterns and environments. Supermarkets emerged victorious in the crisis communications race, despite facing huge challenges with supply chains and delivery services amid the coronavirus pandemic, including empty shelves and suspended online shopping operations due to extreme surge in demand amid the coronavirus outbreak.

The British Insurance Brokers’ Association welcomed the new chancellor, Rishi Sunak’s approach to Insurance Premium Tax. Not changing the current rate, which is already at a significant 12 pence in the pound of every premium paid, will help businesses and consumers to afford the insurance protection they need, it said.

10 April 2020 cirmagazine.com

NIBs.indd 1 02/04/2020 10:05:16 News in brief News & analysis

For the full story behind all these headlines, visit cirmagazine.com

Regulatory activity under the European Union’s General Data Protection Regulation increased during 2019, but not quite to the ‘mega-fine’ degree that had previously been feared. The most notable outcome from a year with the GDPR was instead the considerable variance in penalties issued by different regulators throughout the bloc.

Negligent data management at Virgin Media exposed the personal details of 900,000 of its customers, after a database was left unsecured for ten months, and during which period was accessible online. Partner at city law firm DMH Stallard, Jonathan Compton, says the company The number of digital accessibility lawsuits filed can expect a large fine for its negligence. in the US between 2017 and 2018 was found to have increased by 183%. In one of the more high-profile cases, Domino’s Pizza was found guilty of not making A report from Accenture suggests that, despite its website app accessible for use by people with visual higher levels of investment in advanced cyber security impairments, and was forced to make adjustments to technologies over the past three years, less than one- improve user experience. fifth of organisations are effectively stopping cyber attacks and finding and fixing breaches fast enough to lower their impact. A week after Windstorm Ciara, Windstorm Dennis brought flood- and wind-related damage The government introduced a new Fire Safety Bill, across parts of Europe, with Germany, France, which amends the Fire Safety Order 2005 to clarify Belgium and the UK bearing much of the brunt, that the responsible person or duty-holder for multi- and killing at least six people. Total economic occupied, residential buildings must manage and losses from these events are expected to exceed reduce the risk of fire for the structure and external £78m, and ongoing flooding continues to effect walls of the building, including cladding, balconies transport infrastructure. and windows; and entrance doors to individual flats that open into common parts. Poor employee health has overtaken IT and telecoms outages to become the most frequent cause of disruption to businesses globally, according to the latest global survey of 665 businesses by the British Standards Institution and the Business Continuity Institute in their ninth annual Horizon Scan Report.

Commercial property insurance policies are leaving businesses exposed to technology risks such as data loss, according to Mactavish, which reported a significant increase in policies that have removed this element of cover, even if the loss arises from a ‘traditional’ property loss, such as fire.

cirmagazine.com April 2020 11

NIBs.indd 2 02/04/2020 10:05:20 News & analysis Opinion

arvey Weinstein’s dramatic fall reminded me of Ernest Hemingway’s description Hof bankruptcy. It happens “gradually Weinstein and and then suddenly”. Gradually, because the allegations, once they emerged in 2017, had stripped him of the pervasive power he once enjoyed. He was perceived (and perception is the workplace important) to be no longer invincible. Following the revelations of The recent Harvey Weinstein trial and verdict are landmarks harassment and sexual misconduct, of cultural and legal significance, Edward Henry QC argues. more and more women felt able to Those in positions of authority, as well as compliance, risk and come forward to speak about their HR professionals should heed its warning experiences at his hands. Then came the trial, constructed on the premise of consent are binary in nature, fact, their decision reflects a degree that his coercive and domineering unqualified by ambiguity, or even of discriminating judgement, and personality, allied to vast power and regret, and simply a question of yes or sophistication, which reflected the privilege, enabled him to control no. This has important implications complexities that underly human his victims. As in his days of pomp for those who owe a duty of care to sexual behaviour. These verdicts and fame, so it was in his downfall: their co-workers or subordinates. can therefore teach us a lot about denial and disbelief that anyone could The two victims in the trial had why conduct and culture in the accuse him of anything. complicated and difficult stories workplace has changed, and must When the verdict was returned, to tell, replete with contradictions, change still further. A discerning his stunned expression was and inconsistencies, which made observer will take away from this accompanied by him mouthing the them vulnerable to attack in cross trial the necessity of seeing the words “but I’m innocent”. Many of us examination. Their accounts, which ‘warning signals’, and giving proactive had anticipated that moment, but the might be considered bizarre and guidance on risk, by paying more endgame was as sudden and brutal at times unconvincing can only be than mere lip service to a cultural as the crimes he was convicted of. understood when one recognises the shift in our society. Shortly afterwards, Cyrus Vance Jnr, immense power Weinstein wielded. Where there is inequality of the embattled District Attorney who “He did not invent the casting couch” power, or status (classically found brought the case, told reporters, “It’s (his previous attorney’s quip to in the film industry, but existing a new day because Harvey Weinstein laugh the case out of court) but his whenever an unequal relationship of has finally been held accountable for omnipotence in the film industry employment, tutelage or authority crimes he committed.” was such that his victims were exists) one must acknowledge Some might disagree with Vance. placed in a position (for all their that consent is not the same as Some would say that Weinstein acquiescence) of duress, paralysed submission. That absent real equality, was convicted not for the offences by the fear that he would annihilate there is a danger of exploitation. upon which he stood trial, but was their careers. In consequence, behaviours which instead condemned for the infamous There were, inevitably, a number were once tolerated and seemingly multitude of time-barred allegations of ‘easy wins’ for the defence. For welcomed, must now be carefully that could never be brought to court. example, both women made no scrutinised. The classic example Such speculation can be objected to attempt, physically to resist his is the drink fuelled office party. on the precisely the same grounds advances, each kept in contact with Anything untoward happening that Donna Rotunno, his attorney, him after the attacks, and they even in the workplace or its premises faced criticism. Like her aggressive had consensual sex with him in the (whether or not at a social gathering) cross-examinations, this theory fails months that followed. This is not can clearly be the subject of both to take on board the dynamics of evidence that usually accompanies employment and disciplinary power, placing too much reliance on a conviction, but it would be wrong proceedings. And what of behaviour old stereotypes of sexual behaviour, the suggest that the jury convicted outside the usual ambit of work, whilst assuming that matters because of sympathy or prejudice. In between colleagues? Should conduct

12 April 2020 cirmagazine.com

Interview.indd 1 02/04/2020 16:08:49 Opinion News & analysis

outside the workplace become the “It seems undeniable that NDAs. Not anymore. subject of regulatory investigation the Weinstein scandal This is unsurprising after these and disciplinary proceedings? In the had a causal effect in strong arm tactics came under the context of the legal profession this parliamentary spotlight. Parliament is a novel development. On one side prompting some businesses in its 2019 Report on the use of of the debate there is the argument to implement preventative NDAs in discrimination cases took a that regulators have a duty to uphold strategies to avert such risks” dim view of them, stating that, while confidence in the legal profession, it is usual for each party to pay its but there is the concern that the not seek to establish whether own costs in the UK, tribunals may SRA may be encroaching far too far consent was given or not, yet only make costs orders requiring into the lives of those they regulate, another aspect of its case that drew one party to pay the other’s costs placing increased pressure on law criticism from those representing where there has been “unreasonable professionals. The question arises as the lawyer, who argued that if the conduct”, but such orders are rare. to what is to be reasonably expected complainant had consented he Citing Professor Dominic Regan’s of legal professionals, or should they should not face any proceedings evidence that “pressure can be be held to a more onerous sense of at all. exerted on claimants by threatening propriety? Where does one draw The matter is currently being to pursue costs if an offer was the line, ensuring that standards appealed, but even if the original not accepted and, at the hearing, are upheld, whilst acting finding is ultimately set aside, it the claimant recovered less,” proportionately so as to avoid shows that regulators, especially in Parliament noted that whilst the unreasonable intrusion? this post-#MeToo world will pursue use of such tactics should be less A recent example of the problem such cases vigorously, with an common at tribunals, it had “heard concerned a former ‘Magic Circle’ impact on reputation management, that such threats are being used, partner who was fined £35,000 D&O premiums, and employment even though they may be plus £200,000 costs for professional claims. The aggressive approach unenforceable. Claimants who misconduct after he went back of the SRA follows in the wake of do not have legal representation to the home of a junior colleague other regulators, such as the GMC. It may be particularly vulnerable to following post-work drinks in 2016. seems undeniable that the Weinstein such tactics.” The SRA alleged he had initiated scandal, unleashing the huge power Sexual misconduct is a serious and or engaged in sexual activity of the #MeToo movement; leveraged issue and vigorous action is needed where he ought to have known his by the digital media, had a causal to alter behaviour and instil a culture conduct was unwelcome and that the effect in prompting some businesses of respect. This begins by creating other party was intoxicated to the to implement preventative strategies an environment that safeguards extent she was vulnerable with her to avert such risks, or (in crisis mode) and upholds common values, and faculties impaired. The SDT on 30th to act ruthlessly in order to neutralise by challenging sexually motivated January 2020 found he had caused the entwined threats of outraged misconduct from the outset. If harm to the profession by breaching departing customers, and a collapse litigation, regrettably, cannot be his obligations as a solicitor but in share value. Take, for example, averted, it might be advisable to posed no future risk to the public. Ray Kelvin, the hugely respected conduct it in a manner that does He was not struck off and thus designer and retail guru, having to not alienate the tribunal, without allowed to keep practising. The SDT stand down at the helm of Ted Baker compromising the proper defence of said his misconduct was the result in 2019 because of myriad claims any contested allegation. of a “lapse in his judgement that concerning the alleged touching and was highly unlikely to be repeated.” hugging of staff. The brand, which The decision pivoted on his duty of was almost synonymous with Kelvin, Edward Henry QC, of QEB Hollis Whiteman, care to a more junior colleague. In was in imminent danger of being defends in serious fraud, reaching this conclusion, the SDT severely damaged. Corporates are professional disciplinary rejected arguments that the case was therefore increasingly aware of the and regulatory offences, an unwarranted incursion into the destruction such allegations can and has an AML advisory practice. For lawyer’s right to privacy. inflict upon their capitalisation. In 17 years he acted as a pre-publication advice lawyer for Associated It is important to stress that the past, complaints would routinely Newspapers and has a keen interest in no finding on consent (or lack of it) be caught and killed with severance reputational management. was made by the SDT, as the SRA did packages, compromise agreements or

cirmagazine.com April 2020 13

Interview.indd 2 02/04/2020 16:09:44 Cover story Pandemic planning

n getting to grips with the unprecedented measures taken by governments around the From chaos world as they attempt to control Ithe COVID-19 virus, it is safe to say that the last few weeks will have been an operational challenge for most to continuity organisations. The severity of the ongoing lockdown is forcing businesses to The tension between mitigating operate in ways that might transcend even the most frequently health risk and keeping the country ‘open for business’ has led to heated war-gamed scenarios. Deborah Ritchie reports debate around Boris Johnson’s models and policies, and on the rights and crisis management and contingency this was discovered during testing, wrongs of his government’s decisions plans, others will have dusted off so the model could be fixed ahead – decisions which have triggered a a plan that’s not had the necessary of the event. significant economic shock, the full attention or buy-in for however many Having the correct number of extent of which is unknown. months, and the rest will have just hit concurrent remote connections is one The pressure is already bearing a very steep learning curve. thing, but if the networks the VPNs down on businesses across a wide Regardless of where on that scale are trying to connect to don’t have range of industries and sectors. The a business finds itself, the following capacity in the bandwidth, the user decline in second-quarter GDP is perspectives may offer a refreshing experience will be severely degraded. expected to be considerable, with view on how best to navigate this It’s not until you actually have live travel, retail and hospitality bearing unprecedented time. demand on your bandwidth that you much of the brunt. The capacity can accurately assess whether your of organisations to manage the An IT continuity practitioner’s infrastructure is truly resilient. operational and people risks is perspective Success when you most need it hugely varied; some are simply more From an IT perspective, correct depends on a few key things. Most prepared than others. purchasing and contracting of of them are clichés in our world Business continuity industry infrastructure should not be but really do deliver your recovery veteran, Mike Osborne, says that underestimated. The ability to flex for you. while the sheer scale of the impact services as and when you need to, Familiarity People knowing how is unprecedented, the UK’s history rather than being tied into stringent to work from home without needing of emergency preparedness in contracts for the cost benefit, could any support to do so – already responding to threats and incidents make or break a business in the having the kit, knowing how to use it, over the last 50 years makes the context of COVID-19. working remotely on a regular basis country far more experienced and If you have gone to the trouble and being comfortable doing so. better prepared than many others of purchasing IT services to provide Trained people Those engineers – particularly with the now added resilience, it’s important they actually who look after our systems need the availability of high-speed networks do that. Some companies may think ability to be able to identify and rectify and cloud computing. At the same they have that box ticked, only to find problems quickly, and be able to time, he believes this experience could out too late that what they failover manually if automatic failover change businesses forever. “One thing have bought does not actually is unsuccessful. They also need to be my business continuity experience meet their needs. able to do all of this remotely. has taught me is that firms very rarely Take the example of a City firm Trusted suppliers This comes back go back to being exactly as they were which recently purchased adequate to the earlier point about purchasing. – this experience will fundamentally VPN licenses for everyone in the Lots of companies try to drive as change business IT, working practices company, overlooking the fact that much value as possible from their and processes,” he opines. just a fifth of them could be used suppliers, however relationship Amongst those businesses, some for remote working as part of the management pays dividends when will have invoked tried and tested licensing agreement. To their credit, there are many companies vying for

14 April 2020 cirmagazine.com

CoverStory.indd 1 07/04/2020 15:02:02 Pandemic planning Cover story

attention – such as at times like this. experienced a change in the use of technology and solutions to those Resilience by design If you want our dedicated work area recovery businesses who are less-prepared. to be resilient, you do need to invest. services, with many customers using Thirdly, the element of time. Unlike There is no getting away from their suites frequently and for various most disruptions where a percentage this. Having good infrastructure reasons, not just for emergencies. of business-critical staff can sustain architecture is the basis for good This has contributed to a better, more operations for a given time, there IT provision. organised response from customers is a concern that we are potentially No matter how well prepared who are now using our services to facing months of disruption, and an you are as a business, there will split critical teams. organisation’s resilience will depend always be people who are reluctant Even the most well-prepared on how well they will be able to or technically challenged to work organisations are on the brink of the manage and embrace change and remotely. Allowing for a reduction great unknown – it is unlikely many adapt. This will literally be something in productivity when planning for organisations have tested their remote that only time will tell, but experience longer-term remote working is not a working capability to the extent of of long-term invocations has shown bad idea. Some people will be more having all staff working from home us that the more time passes, the productive at home, but this will for an extended period of time. harder it is to keep control of the be negated by those who are not as IT departments will need to business and sustain values, culture disciplined (probably because they ensure all devices are monitored and ultimately, revenues. don’t often work remotely). to keep users and the company Lastly, the most important factor is Finally, it is worth managing infrastructure safe, as well as working people; this is also the most intricate, users’ expectations about what their to ensure the technology is delivering sensitive and unknown element. experience will be like when they’re the expected levels of productivity We are all dealing with the threat of connected to corporate systems at for the business. It’s inevitable COVID-19 on an individual level; no home. People expect that the speed that cyber criminals will take two people and their environments and service of, say, video conferencing advantage during the outbreak, and experiences will be the same. will be exactly the same at home, and we predicted that huge increase Multiply this uncertainty by the not realising when they’re in the in the number of attack vectors number of staff you have to get an office they’re on an enterprise-grade caused by home working, disrupted idea of the impact. network with significant bandwidth. processes, quickly introduced Trying to video conference with Asia IT systems and so on. Security, The insurance law perspective on a 17mbps copper wire broadband therefore, is going to be a major focus Heidi Lawson, partner and Paul is not going to work as well. throughout the pandemic. Moura, associate attorney at Just how resilient companies Cooley LLP The business continuity consultant’s are in the UK when it comes to With the coronavirus, COVID-19, perspective IT continuity challenges of this already taking its toll on the economy, Les Price, head of availability services, magnitude, we will soon find out. are there any existing sources of Daisy Corporate Services From our experience, it’s likely to be insurance coverage to help cover the The scale, speed and severity of the a mix of success stories, epic failures inevitable financial loss? With major COVID-19 threat is far greater than and muddling-through. I see this sporting events, conferences, cruises that of previous pandemics we’ve hinging on four core factors. Firstly, and other excursions being cancelled experienced, and response measures the maturity of the organisation’s as a result of the outbreak, including across the board have been scaled business continuity management the cancellation of the 2020 Olympics up accordingly. The UK has not seen planning. Secondly, the organisation’s in Tokyo, can a company look to this level of event since World War II. stage on their digital transformation its existing insurance portfolio and We have panic buying, infrastructure journey. At this point in time, to find any insurance coverage to help closing, lockdowns... the level of risk illustrate these factors, we have our minimise the financial impact? is unparalleled and the knock-on availability services teams busy Traditionally, the most direct effects are where the biggest risks will working with our contracted business way to get insurance coverage for a ultimately emanate. continuity customers while the rest disease outbreak is to obtain event Since the last pandemic, we have of the business works to deliver cancellation coverage for events

cirmagazine.com April 2020 15

CoverStory.indd 2 07/04/2020 15:02:04 Cover story Pandemic planning

cancelled or adversely impacted as lost revenues as a result. However, one Scientifically, the coronavirus is a result of a disease or quarantine. important thing to note is that many different from the influenza virus, To the extent a company purchases D&O policies have a broad bodily but these two viruses have as many event cancellation insurance, events injury exclusion. As a result, coverage differences within themselves as cancelled due to disease or quarantine under a D&O policy depends on between themselves. We’ve had mild may be expressly covered (or, in the precise policy wording and flu outbreaks as well as severe ones. the case of very broad all-risk event underlying facts. The coronaviruses SARS and MERS cancellation coverage, not excluded). Finally, another potential source of had high mortality rates but did However, without event insurance might be under a company’s not spread worldwide as the variant cancellation coverage, most employment practice liability responsible for COVID-19 has. companies will need to hunt insurance. EPLI can sometimes These differences are important around for other possible sources of assist companies involved in actions to doctors but to business continuity insurance. Political risk insurance, by employees because of layoff or professionals, businesses and other which many companies may already furlough claims due to government or organisations, the impact of a have due to international investments company shutdowns. pandemic (whatever the virus) is the or overseas operations, may cover To the extent that existing policies same: human beings are quarantined, losses as a result of a government currently provide coverage, either ill, recovering, caring for family or shutdown or curfews. directly or indirectly, we can expect succumb to the infection. Unfortunately, with many political that the insurance market will react Taking so many people out of risk policies, this form of indemnity quickly and add additional exclusions circulation at the same time and all often necessitates a waiting period for disease or quarantines to many around our interconnected world of 90 days or more prior to coverage existing insurance policies, at least has a significant business impact on activation. By the time the political until the current outbreak subsides. production, logistics, services and risk policy takes force, there may be markets. It also has social, personal no need for it anymore. Pandemic planning and family impacts both practically Similarly, civil authority clauses in Roger Kember is former Deputy and psychologically. Many businesses first-party policies can afford coverage Director of Capabilities in the say that ‘our people are our most for business income losses that arise Civil Contingencies Secretariat, important resource’: a pandemic tests when a civil authority prevents since the very first week of its existence. this statement to the limit. the policyholder from accessing He instigated the Department of Health This outbreak is characterised their premises, which may happen Pandemic Plan in (2001) and also by the definition of a ‘crisis’: “An when a civil authority blocks access wrote the national police pandemic abnormal and unstable situation that to a property facing an outbreak. plan. For 17 years, Roger also managed threatens the organisation’s strategic These coverages also typically have the police room in COBR. He is now a objectives, reputation or viability.” waiting periods (eg. 72 hours) before crisis management consultant. (Crisis Management: Guidance & coverage can be triggered. Notably, When the Department of Health Good Practice BS 11200). such coverages will often depend published its first UK Influenza Medically, it’s a new virus; there’s on whether there is a requirement Pandemic Preparedness Plan in 2001, no vaccine; its lifecycle is only of physical loss, which may not be the risk was based only on the flu partially known; viral shedding present in the case of an outbreak. virus, with the 50 million plus deaths (infectiousness) can last for 24 days Directors and officers insurance worldwide from the Spanish Flu (ie. 10 more than the government coverage may apply if investors or Pandemic of 1918-19 the worst-case advised quarantine period) and customers eventually sue a company benchmark. Seasonal flu will always we don’t know if it will mutate and its directors and officers as be with us as well as spikes from new (like ‘flu) and hit us with a new a result of losses incurred from strains of the flu virus, as in 2008-09. variant every year. breaching a quarantine or failing to We are still waiting for the ‘big one’ Business-wise, the world is a very take timely or appropriate action (expected to be a variant of avian flu), different place today compared with to mitigate the impact of a disease, so, the 2001 Plan (including its slight 2001, so the learning from past flu resulting in additional sickness, a revisions over the years) will still pandemics is only a partial help. company shutdown and, eventually, hold good. Businesses have suffered the triple

16 April 2020 cirmagazine.com

CoverStory.indd 3 07/04/2020 15:02:06 Pandemic planning Cover story

blow of a supply crunch, a demand on trade including its programme into cost reduction. With schools, slump and a cash-flow constriction. to become the world’s dominant colleges and universities closed, it This has been the first pandemic to maritime nation and maritime will be a full-load test of the domestic hit the world after China has earned insurer). Indigenous industries in broadband capacity with users itself the moniker of ‘workshop of the the west have largely gone to the wall streaming, playing interactive games, world’. Globalisation of supplies and unable to beat China’s pricing policies. Skyping/Zooming and downloading cheaper costs there have made the For many products, we have no UK while others are trying to connect to world dependant on it for a range of suppliers. We have a chronic shortage work servers. goods, from electronic components of personal protection equipment for The fifth element is the used in ventilators to hand sanitisers. the health service, care workers and government’s issue of emergency China is the largest manufacturer others on the COVID-19 front line. powers, how these will be enforced of generic drugs and produces 80 It’s the first to hit the UK after and what the public reaction to them per cent of the world’s basic active its ‘Cold War Dividend’ changed the might be. In crisis management, it is pharmaceutical ingredients. India is government’s strategic thinking. Until always wise to undertake some ‘worst the world’s second largest producer of the fall of the Soviet Union, the UK case scenario’ planning. My potential generic drugs but imports 75 per cent (and ATO countries) protected its worst cases are: of its APIs from China. strategic industries: principally the Demand for everyday groceries defence sector, but also the security • This coronavirus will return in has spiked due to stockpiling of government communications waves (the Spanish Flu had but demand has slumped to networks. With the end of the Cold three waves) near-zero in the tourism leisure War, the government decided there • It mutates, like the flu virus, and and hospitality sectors and was no longer any threat to the UK will threaten the world with a new associated industries of airlines, and drastically reduced its subsidies outbreak (of unpredictable credit card companies, breweries and funding to these defence-critical severity) every winter and professional catering supplies. industries. • We get a flu pandemic and So long as self-isolation continues, We are now in the age of social coronavirus pandemic at the so too will the demand slump. media. It is being used by the same time No sales equals no income. Every government to get its infection control • We suffer a different crisis at the bankruptcy leaves bad debts. Staff measures out to the public and official same time (eg. solar flare, layoffs result in reduced demand from guidance is available everywhere flooding, oil shortage, extensive consumers, which means reduced online. Social media is also being used cyber attacks or major military sales and reduced cashflow. This is to overcome the loneliness of self- confrontation). where the world economy was in isolation. Local community support the Great Depression. Fortunately, groups are using Facebook and other Everyone is doing their best to deal present governments are following apps to keep in touch with those who with this situation using their existing Keysian economics and have declared may need help and support. The flip pandemic plan and there is a lot to do they will pump government money side is the scammers and conspiracy on a day-to-day basis. Everyone will into the economy and suspend some theorists are already at work. A need a coronavirus pandemic plan as tax burdens from businesses for the crunch point will come if the number well as their flu plan. Make the time time being. There is not yet complete of patients needing ventilator support now to take stock of your pandemic clarity on how some of these will be vastly exceeds the ventilators available response and coronavirus business put into effect and it is still too early and people die who otherwise might continuity plan and revise them in to determine if these provisions will have been saved. The burden will fall the light of your experience to get be sufficient. on doctors to decide who lives, and effective day-to-day management There are a number of ‘firsts’ that will be impossible to keep off (ie. ‘command and control) and give associated with this pandemic. social media. top management the head room to China as the workshop of the Working from home has become consider the strategic issues for now world and the knock-on problems of a fact of business life. It may even and the post COVID-19 world. supplies and the logistical movement become a mainstream feature in Deborah Ritchie is group editor of shipping containers. (China has the same way that open-plan offices of CIR Magazine made a number of strategic decisions and hot-desking has been factored

cirmagazine.com April 2020 17

CoverStory.indd 4 07/04/2020 15:02:09 Feature Middle East political risk

y any standards, 2019 proved to be a turbulent year for doing business in the Middle Eastern horizons East. Several countries were The Middle East has proven to be a politically volatile and Bshaken by unrest and protests, there were increased and very significant unpredictable part of the world but remains a crucial region risks to international shipping in the for many firms. Balancing risk and opportunity is as important Strait of Hormuz, the Syrian civil war now as ever, writes Martin Allen-Smith continued relentlessly, and, indeed the most worrying of all at the time, there ■ Where are the next risk hotspots in the Middle East, and how can was the very real threat of conflict organisations best prepare for the often dramatically shifting sands in there? between the US and Iran. ■ Carrying out comprehensive due diligence and having a full understanding Against this backdrop of ever- of your operating environment – the site, the country, the region – is key changing political landscapes, ■ Longer term, the IMF warns that without widespread reforms, the region’s where are the key hotspots in oil wealth could vanish as early as 2034 as global demand for oil slides the Middle East to have proved a particular challenge from a risk management perspective – and how prompt business disruption,” financial – clearly comes first. But can organisations best prepare for the she explains. organisations need to know the local often dramatically shifting sands in “For example, protests in Egypt in laws first to do that effectively. It is these areas? It is fair to say that the September 2019 were small, contained one thing to understand the past, Middle East and North Africa has and did not disrupt business and another to know the future, says the full gamut of risk environments, operations. Short-term exposure to McBurney. “Knowing the history like other regions – from low risk an asset in Yemen might seem like of confiscation, expropriation, jurisdictions like Morocco and Jordan, a risky bet – unless you know that nationalisation and disruption to extremely high-risk countries like the asset’s location has not been (CEND) combined with a deep Yemen and Syria. Operators and materially affected by the civil war. understanding of local political underwriters with exposure in those Doing your due diligence and having dynamics allows you to assess how facing political stability challenges a full understanding of your operating risks to your assets will change. Take like Iraq and Lebanon need higher environment – the site, the country, Lebanon’s recent sovereign bond risk thresholds than elsewhere, says the region – is key.” default – its credit history would Niamh McBurney, head of MENA She adds that Iraq offers rewards suggest it would successfully repay at Maplecroft. to those willing to take big bets to foreign bond holders and their “Amid often fast-paced events, it’s on risk management and Egypt’s underwriters, but looking closer into important to clarify what is new in the restructuring of its economy between the political dynamics right now, situation and then assess how it relates 2016 and 2019 was challenging for politicians were not willing to repay to you. A change in government will those exposed to the banking sector international lenders at the expense of not always bring an immediate change – effectively all foreign operators, the domestic banks, because it would in regulations, and political instability investors and underwriters. hurt friends and family members of or civil unrest doesn’t necessarily Organisations doing business the political class. in the region need to have a “Geopolitical or regional events, “Concerns about political comprehensive mix of knowledge and political spats or pivots in alliances, violence are highest in flexibility if they are to ensure that most often lead to very subtle changes Africa and the Middle East, they are in a position to act quickly for those on the ground, but being with concerns around how should political tensions arise in a aware of those changes can be the technology, such as drone particular country or region. difference between an opportunity If political tensions look like they and a loss later on.” strikes, could exacerbate could become disruptive, securing The wider political risk landscape the risks” their assets – whether physical or is becoming more precarious,

18 April 2020 cirmagazine.com

EvacuationPlanningRemoteAssets.indd 1 06/04/2020 09:44:28 Middle East political risk Feature

according to the results of a survey “Egypt’s restructuring of its economy between 2016 and 2019 by Willis Tower Watson. It asked was challenging for those exposed to the banking sector – Eastern horizons 41 major corporations for their effectively all foreign operators, investors and underwriters” take on the global picture and the general view was that such risks had mitigating or transferring the Gulf states of a market and reduces increased during 2019. Disruption of political risks associated with them, US exposure to the region. Robust international trade was considered or attempting to realign themselves governments without fully democratic the most significant risk in the with the emerging shape of a new systems provide more stability in majority of regions. Fifty-eight per and apparently more nationalist some ways than in other regions like cent of respondents cited trade global landscape.” Latin America.” sanctions as a concern for their The majority of respondents (71 There remains long-term concerns operations in Europe, 67 per cent in per cent) stated that emphasis on over some of the economic conditions Asia-Pacific, while for Russia and political risk management at their that have made some gulf states The Commonwealth of Independent company had increased since 2018, such attractive propositions in the States (CIS), the figure was 77 per and nearly 40 per cent felt that they past. The International Monetary cent. Concerns about political were facing more pressure from Fund warns that without widespread violence were the highest in Africa investors regarding political risk reforms, the region’s oil wealth could (74 per cent) and the Middle East (71 management. The study included vanish by 2034 as global demand per cent), with respondents reporting in-depth follow-up interviews with a for oil slides. It suggests that some that new technologies such as drone panel of survey participants, whose of these oil-rich countries will need strikes could exacerbate such risks. top risks of concern included Middle to rationalise spending, reform their 2019 also saw an increase in the East regional stability, alongside US- large civil service sectors, and reduce proportion of companies reporting China strategic competition and the public wage bills – all of which could that they had experienced political potential for an environmental/social/ be delicate issues that risk having an risk losses, according to the research. governance shock. adverse affect on citizens who are 54 per cent of respondents had Of course, no region sits in more accustomed to subsidies and experienced a loss due to political isolation, and the situation in the low taxes. violence, compared with 48 per cent Middle East often reflects the But McBurney adds: “The in 2018. Some 46 per cent reported worldwide geopolitical risk landscape. underdeveloped regulatory losses due to trade sanctions or So how have recent global shifts environment and extensive presence import or export embargoes in 2019, affected things, and where does the of government-owned businesses compared to 2018’s figure of 40 per Middle East currently sit compared in key sectors makes the region less cent. Almost a third of companies with other regions in terms of risk dynamic – but this is starting to with revenues exceeding US$1bn and complexity? change. The region’s position in the reported previous experience of a Certainly the ripples of domestic energy supply chain and increasingly catastrophic political risk loss of more and foreign policies of the US, Russia in the renewable energy sector means than US$250m. and China all have an effect on the it will continue to be influential for “It is clear that political risk Middle East. Maplecroft’s McBurney the next several decades.” continues to increase, and that related believes that changing US policy Of course, no-one knows yet how financial losses are on the rise,” says towards the Middle East was one any of the conventional norms will Paul Davidson, chairman of financial factor in Gulf states like the UAE and be transformed in a post-COVID-19 solutions at Willis Towers Watson. Saudi Arabia increasing the share of world, but it is likely that, despite “Corporations now face a strategic their oil exports to China and other the risks, the Middle East’s role as a choice: to either maintain their global major Asian consumers: “Combined pivotal business focal point for many business models while accepting, with the boom in domestic tight oil global organisations will remain for a production, the US now considers long time to come. “Iraq offers rewards to those itself effectively energy independent willing to take big bets on Martin Allen Smith is a freelance – an extraordinary change from journalist risk management” just a few years ago which robs the

cirmagazine.com April 2020 19

EvacuationPlanningRemoteAssets.indd 2 02/04/2020 09:51:48 Feature Cyber security in the maritime sector

he global maritime community not only faces the same risks as Adjusting course any business, but has now Tto consider the risks relating to An increased trend towards and reliance on interconnectivity increasingly digitalised on-board brings a heightened risk of cyber attack or systems failure operational technology and for the maritime sector – and the supply chains it serves. greater interconnectivity between Ant Gould reports shore-based and on-board systems covering navigation, propulsion and power control. And with ■ The global maritime community is increasingly embracing interconnected autonomous and semi-autonomous technologies across shipping, shipping company and port systems vessels coming onto the horizon ■ Whilst greater efficiency, safety and transparency are all welcome, the ever- over the next few years, the risks can present threat of cyber attack or downtime cannot be overlooked only increase. ■ Efforts to manage these risks include a raft of new guidelines and 2017 was a pivotal year in regulations, with the deadline for the new IMO rules now clear on the horizon terms of the marine sector’s awareness of, and response to, the cyber risks it faces. Maersk’s cyber incident, where the shipping giant’s systems were taken offline, globally, for nearly two weeks, represented a major wake-up call. The NotPetya malicious malware code entered Maersk in the Ukraine via its accountancy systems and rapidly spread across the organisation, disabling 49,000 at 600 sites across 130 countries. That same year, the International Maritime Organisation issued guidelines on maritime cyber risk management. They contain high- level recommendations designed to safeguard shipping from current and emerging cyber threats and New threats, new guidelines (or BIMCO as it is now known) vulnerabilities and include functional The comprehensive IMO guidelines says, conversations have evolved elements which aim to support cover digitisation, integration, and from awareness to preparedness, effective cyber risk management. automation of processes and systems and a host of supporting initiatives The IMO also gave their ambitions in shipping. They also identify bridge have been launched to support some teeth and passed a resolution systems, propulsion and machinery this journey. which “encourages administrations management, power control and The UK government for example to ensure that cyber risks are communication systems among the produced two comprehensive appropriately addressed in existing most vulnerable to attack. guides, to both ship security and safety management systems no later In the wake of Maersk and the cyber security for ships which are than the first annual verification of the IMO move, awareness across the regularly updated. company’s Document of Compliance industry of the threats it faces has The former guidance, produced after 1st January 2021”. So, the clock is certainly increased. And as the Baltic by the Institution of Engineering ticking on operators. and International Maritime Council and Technology, includes advice

20 April 2020 cirmagazine.com

MaritimeCyberRulesv2.indd 1 06/04/2020 10:00:03 Cyber security in the maritime sector Feature

on developing a cyber security assessment and plan, and handling security breaches and incidents. The latter, the ship cyber security code of practice, also produced by the IET with the support of the Defence Science and Technological Laboratory, provides actionable advice on developing a cyber security assessment and plan to manage risk handling security breaches and incidents highlighting national and international standards used. Across the sector, guidance and guidelines are now in abundance. At the beginning of last year a joint initiative by shipping industry bodies BIMCO, the International Union of Marine Insurance, Cruise risks increase – and change. Advice in the guide includes Lines International Association, the Malfunctioning IT may cause evaluating the security of service International Chamber of Shipping, significant delay of a ship’s unloading providers, defining a minimum set of Intercargo, Intertanko and Oil or clearance, whilst malfunctioning requirements to manage supply chain Companies International Marine or inoperative OT there can be a real or third-party risks and making sure Forum resulted in the publication of risk of harm to people, the ship or the that agreements on cyber risks are the third version of the Guidelines marine environment. formal and written. The guidelines on Cyber Security Onboard Ships. Dirk Fry, chair of BIMCO’s also underline the need for ships to This comprehensive document – cyber security working group be able to disconnect quickly and which uses the National Institute of comments: “On a ship, the job effectively from shore-based networks, Standards and Technology (NIST) may be less focused on protecting where required. framework – offers guidance to data while protecting operational shipowners and operators on how to systems working in the real world The human touch assess their operations and develop has direct safety implications. If the Guidance and support have a role the necessary procedures and actions ECDIS [electronic chart display and to play, but organisational response to improve resilience and maintain information] system or software and resilience to cyber attack is integrity of systems. controlling an engine are hit with as much about people and their The guidance looks at malware, or if it breaks down due behaviours as it is about technology incorporating cyber risks in a ship’s to lack of compatibility after an or compliance. Humans are both the safety management system. It also update of software, it can lead to weakest and the strongest link, and reflects a deeper experience with dangerous situations.” with this in mind there have been risk assessments of operational There is also an increased risk of real efforts to try and make sure technology – such as navigational malware infecting a ship’s systems via crew at sea and staff on shore are systems and engine controls – and the many parties associated with the vigilant and understand what to look provides insights into dealing with operation of a ship and its systems, out for and what mitigation actions the cyber risks to the ship arising Fry adds . “The ships are not just they own themselves. This can be from parties in the supply chain. sitting there in the middle of the for example just being aware of the As more and more operational ocean. More and more ships are also danger of spoof GPS signals and technology is integrated with closely connected to security systems keeping a more traditional eye on the information technology and in the companies’ offices and shippers’ course of the ship. connected to the internet, offices and agents’ offices.” Cyber awareness training is

cirmagazine.com April 2020 21

MaritimeCyberRulesv2.indd 2 02/04/2020 09:44:05 Feature Cyber security in the maritime sector

essential but equally it needs to security, etc) into manageable and be effective and not just a tick- easy to understand tasks. From box exercise, as Lloyd’s Register password protection to the use of recognised when it partnered with personal devices onboard, every Axelos Resilia Frontline. The LR aspect of digital life at sea is taken Cyber Resilience portfolio addresses into consideration. the ‘human factor’ and the need for As the maritime sector gets sustained behavioural change to build to grips with the cyber threats it an organisation’s resilience to the faces, demand for, and interest growing threat of cyber attack. in insurance coverage is also on Nick Wilding, general manager, the rise. Insurers, in particular, cyber resilience at Axelos says its have responded with a wealth awareness training has been designed of advice on proactive risk “to offer short, story-based, engaging management and support in training designed to develop and developing rapid response plans sustain more resilient behaviours and recovery programmes. across the workforce”. Building a more Last year insurer Beazley vigilant and engaged workforce and a launched a marine cyber policy resilient culture is critical to the ability and risk management service for to better manage these risks, he says. shipowners and operators aimed Early this year the maritime at vessel owners and operators, to academy and training centre Aboa cover physical damage and loss of Mare and maritime cyber security hire caused by a cyber attack. specialist Deductive Labs also At the heart of its offering is developed a new maritime cyber preventative risk management security training programme – including a self-assessment aligned to the IMO’s regulations and questionnaire; a cyber security guidelines. The first course, aimed workshop; and an on-board as masters, chief engineers, officers cyber survey, along with a call and other ship personnel was run in for operators to demonstrate February of this year. compliance with the forthcoming For those on board, there is IMO guidelines. also a new very practical Master’s As the IMO deadline for the Guide to Cyber Security, which industry to get its house in order whilst aimed at the master and approaches, activity across the officers on a ship is also useful to sector will accelerate this year – shipowners, ship managers, ports perhaps supported by the potential and their IT departments. downtime inherent in restrictions The guide, developed by created by the global coronavirus BIMCO and the ICS includes pandemic. And whilst the checklists to support day-to-day maritime industry is now awake cyber risk management on board a to the cyber challenges it faces typical merchant ship and addresses investment in staff training, the human factors, physical security and development of new approaches IT with a focus on how to protect, to assess and protect risk and detect, respond and recover from a recovery plans is crucial if it cyber incident. is to navigate the cyber This guide focuses on both IT and challenges ahead. OT systems and breaks down complex Ant Gould is a freelance journalist issues (network segregation, ECDIS

22 April 2020 cirmagazine.com

MaritimeCyberRulesv2.indd 3 02/04/2020 09:44:08

Feature Nat cats

ustralia’s recent wildfire season officially ended on 10th February, when Into the forest heavy rainfall across most Aof the firegrounds finally extinguished Despite the global sigh of relief when rain fell on Australia’s numerous blazes, some of which had bushfires, the damage had been done, and will take time burned since before November. Focus and resources to fix. Jeremy Hughes counts the cost to the had inevitably shifted to subsequent economy and to the insurance industry events, with recovery efforts largely escaping the intense coverage devoted to the dramatic height of the crisis. ■ The recent bushfires in Australia touched the whole world, their societal Starting at the peak of a and ecological impacts difficult to perceive and to quantify catastrophic drought and exacerbated ■ The damage to property and businesses can to some degree be measured by the resulting deep-seated aridity, and recovered – with insurance claims so far expected to be manageable allied with higher temperatures and ■ Previous significant fire seasons cost A$1.8 bn (£894 m) for the Black high winds, the fires in Australia’s Saturday fires, A$2.5 bn for Ash Wednesday and A$2.16 bn for Black Tuesday New South Wales, Victoria, Queensland and Western Australia and businesses can be measured and 2019’s growth figure is likely to be regions were labelled ‘unprecedented’ recovered – to some extent at least – a severely constrained. by a government struggling to mount range of fundamental societal and Even in areas the fires didn’t reach, an adequate response. ecological impacts are more difficult smoke caused harm: for the South The climate numbers are clear: to quantify and may signal permanent Australia wine industry, Australian 2019 was Australia’s hottest and changes to the country and its Grape and Wine Incorporated driest year on record, with the annual perception of itself. estimates the cost of smoke taint national mean temperature 1.52 at $A40 million while the NSW °C above average with nationally- Measuring the tangible costs Wine Industry Association sees it averaged rainfall 40 per cent below By 13th February, the Climate approaching $A100 million in that the average for the year at 277.6 Council estimated that the fires had state alone, taking into account the mm. In southeast Australia, hardest destroyed nearly 6,000 buildings, slump in wine tourism. That appears hit by the fires, 2018-2019 was the destroying 2,439 homes and conservative given that the cost driest two-year period on record. damaging a further 1,021 in New of smoke taint from 2003’s fires Fires started earlier than usual and South Wales alone. More than 11 was estimated by Wine Australia continued without pause – until heavy million hectares were destroyed: the at $A300 million. rains in February, there was every final damage to private property could Australia’s economy relies prospect that they would burn for amount to between A$5 billion (£2.5 heavily on tourism – estimated to many more months. billion) and A$10 billion. represent 10.4 per cent of Australia’s While the human toll of 34 people Before the fires, Australian gross domestic product and 12.2 per killed may appear relatively light agriculture was predicted to grow cent of total employment in 2018. compared to 2009’s ‘Black Saturday’ by more than A$3 billion a year to The tourism sector is set to lose toll of 173, 80 per cent of Australia’s become a $A100 billion industry by at least $A4.5 billion as a result of population suffered an impact in 2030, ranking it with mining and the bushfires. some shape or form, including 57 per construction as one of the country’s The cost of fighting the fires, in cent from smoke, according to a poll vital activities. Final numbers don’t terms of deployed human resources, by the Australian National University. exist for the total loss of livestock, but equipment, consumables (including And while the damage to property on Victoria’s Kangaroo Island alone, vehicle fuel, fire retardant and 100,000 sheep and more than 25,000 water) has been estimated at $A2.2 “A high proportion of cattle were killed. A comprehensive billion, with the bulk of firefighting Australia’s economy is at risk tally of the damage to agriculture manpower supplied by volunteer from natural disasters” remains uncertain, but it’s clear that forces which were required to stay in

24 April 2020 cirmagazine.com

NatCatsv2.indd 1 03/04/2020 11:26:44 Nat cats Feature

the field for longer, and deal with fires with the money to come from the of greater scale and intensity, than A$2 billion National Bushfire they had ever anticipated. Recovery Fund. New South Wales’ Premier Indirect costs announced an inquiry into the fires Much harder to quantify will be the on 30 January to review the causes, immediate and long-term impacts preparation and response to the on Australia’s natural environment. summer’s bushfires. The six-month In New South Wales, the bushfires inquiry will examine the underlying burned around 5.4 million hectares causes of the crisis, taking into (roughly 6.82 per cent of the state) account weather, drought, climate consuming around 81 per cent of change, fuel loads and human activity, the Blue Mountains World Heritage as well as preparations, responses, Area and 54 per cent of the ancient communications and coordination. Gondwana Rainforests in New South For the insurance industry, Wales and Queensland. An estimated ahead of a full picture of the damage, 800 million wild animals were killed the Insurance Council of Australia by the bushfires in New South Wales, committed to maximising the speed with a probable national impact of of payouts to bushfire victims with more than one billion animals. insurers committing to prioritising Perhaps the most telling measure bushfire claims. The ICA also worked was published by Western Sydney with state government in New South University’s Hawkesbury Institute, Wales and Victoria to streamline which calculated that the area burned cleanup initiatives, ensuring fair and in the 2019-2020 forest fires far equitable treatment for property surpasses historic records globally. owners. It also established local trades In previous fire catastrophe years, registers to deploy local builders and only about two per cent of Australia’s tradespeople in the reconstruction of temperate forests were burned, but in their communities, providing jobs and 2019/2020, a shocking 21 per cent of boosting local economies. these forests were burnt – far above Assessors were in the field early, any previous historic records. with major insurers agreeing to In addition, the bushfires released for firefighting and disaster recovery cooperate and share resources so between 700 million and one billion onto the states and requires state as to hasten the claims process. tonnes of carbon dioxide into the governments to formally request By 14th February, Insurance Group atmosphere, such that due to the fires’ federal assistance. On 28 December, Australia reported that its assessors severity and ongoing climate change, the Federal Government promised had completed 97 per cent of replacing natural carbon stocks lost A$6,000 to each volunteer firefighter assessments “to make properties to the fires would cost in excess of working for or owning a small or safe in the impacted areas”. A$1 billion – and if replacing lost medium business and on 6th January, carbon pushes carbon offset prices Prime Minister Scott Morrison In numbers to European heights, the cost could announced a further A$2 billion in Between 8th November and 14th amount to A$2.8 billion. additional funds for bushfire recovery. February, more than 23,000 bushfire- This came alongside the formation of related insurance claims were made Responses a National Bushfire Recovery Agency. in New South Wales, Queensland, The Australian Federal Government’s In addition, it pledged A$50 million South Australia and Victoria, totalling initial response was delayed to some for animal recovery. Morrison also an estimated A$1.9 billion. The vast extent by the country’s political pledged A$76 million in mid-January majority of these claims (81 per cent structure which places responsibility to help restore the tourism industry, or nearly 19,000 claims) were in

cirmagazine.com April 2020 25

NatCatsv2.indd 2 03/04/2020 11:26:47 Feature Nat cats

New South Wales. By comparison, Australia’s previous significant fire seasons cost about A$1.8 billion for the Black Saturday fires (2009), A$2.5 billion for the Ash Wednesday fires (1983) and A$2.16 billion in 1967’s ‘Black Tuesday’ in Tasmania. Compounding these losses, storms starting on 5th February gave rise to further damage. Sydney saw 392mm of rainfall over four days – more than in the second half of 2019 and three times the average rainfall for February, leading the ICA to declare a disaster as insurers received 10,000 claims at an estimated value of A$45 to CHOICE, stating: “Household for insurers may take a hit: for million. On 20th January parts of New policies are responding appropriately example, for the second half of 2019 South Wales, Victoria and Australian to claims relating to the bushfires. fire disaster claims at OUTsurance and Capital Territory suffered an extreme No concerns about policy wording Discovery dented parent company hailstorm, resulting in 69,850 claims as suggested by CHOICE have been Rand Merchant Investments’ earnings at a cost of A$638 million. About 70 raised with the ICA.” It concluded that by 14 per cent, with increased per cent of claims were for domestic it was “concerned that this...report strategic spending at Discovery motor vehicles. may discourage property owners from adding to the fall. During the Despite support from government deciding to be insured”. period OUTsurance’s earnings and the insurance industry, claimants decreased 12 per cent, with the reported difficulties in lodging claims. Funding the payouts ‘devastating’ bushfires in Australia ABC News reported that only 75 per Although the level of damage to severely impacting the company’s cent of residents in bushfire affected insured property is likely to be claims ratio. areas had contents insurance, while unprecedented, the Australian Similarly, QBE’s results were for those whose homes were lost, Prudential Regulation Authority is hit by claims arising from the proving ownership became difficult confident that general insurance can Australian bushfires when it reported if the documentation was destroyed cope. To ensure that insurers are able an operating ratio of 97.5 per cent along with the home. Consumer to pay “all legitimate claims to their above its 2019 target range of 94.5 advocacy organisation CHOICE policyholders under all reasonable to 96.5 per cent. During 2019, QBE stated that policy definitions were circumstances”, APRA mandates Insurance Group’s net Australia- too complicated, leading to delays. minimum capital levels for insurers Pacific catastrophe claims jumped to “There is no standard definition of to hold, ensuring their resilience in A$193 million from A$106 million in ‘fire’ in home and contents insurance. times of disaster. The body shows that 2018, driven by floods on Australia’s Of the 26 major policies CHOICE existing capital resilience is well able northeast coast and the bushfires in experts examined recently, we found to cover current claims – particularly the southeast. Unfavorable weather problems with 70 per cent of the ‘fire’ against the backdrop of a quieter 2018 conditions also impacted its US crop definitions, and major issues with 25 and 2019 until the advent of the fires. insurance business. per cent of policies.” In a poll of the APRA adds that reinsurance’s Other insurers have yet to report public, CHOICE found that more role will continue to play a key part in on the period that includes the fire than 35,000 Australians agreed ensuring general insurance remains season but at the global level, many that when a fire damages your resilient, with its own function being reported a successful Q4 2019 and home, being able to claim upon to promote close engagement with full-year performance, with fewer your insurance should be a overseas reinsurance groups. major catastrophe losses to damage “straightforward proposition”. Despite comfortable resilience their numbers. The ICA responded robustly levels, in the shorter term, earnings Worries remain for consumers

26 April 2020 cirmagazine.com

NatCatsv2.indd 3 03/04/2020 11:26:49 Nat cats Feature

in disaster-affected areas, with “Significant airtime was fires sparked an angry debate between the prospect of future fires and given to the baseless notion the incumbent Liberal government floods occurring more frequently that the fires had been and the Labour opposition as and with greater intensity due to caused by arsonists” ministers traded public blows as to climate change. QBE stated that as the causes of the conflagration. The its customers looked for increased fire-damaged regions in good stead government of Prime Minister Scott disaster cover, higher premiums if implemented during the phase of Morrison was hesitant to acknowledge may make insurance unaffordable, rebuilding that already under way. the links between climate change, “especially for customers in areas Accurate and sophisticated risk the drought, and the fires. Significant more exposed to weather-related modelling will be required to keep airtime was given to the baseless events”. Fears have surfaced of pace with increasingly rapid changes notion that the fires had been caused ‘red zones’ where properties are in climate. It’s clear that ahead of by arsonists; a mistaken theory uninsurable due to the risk of fire or Australia’s fires, the existing models persisted that the high fuel loads flood in Australia, with owners of didn’t get it right. World Weather sustaining the fires resulted from properties subject to coastal erosion Attribution recently reported that green activists opposing preventative near Newcastle in NSW already its analysis shows global warming burning. Morrison, who drew reporting an inability to secure cover. made the wildfires at least 30 per cent opprobrium by holidaying in Hawaii This, coupled with banks’ reluctance more likely, and that should global while Australia burned, resisted to issue loans secured on properties temperatures increase to 2ºC over making the link to anthropogenic in these areas, threatens significant pre-industrial levels, the conditions climate change, at least in part due financial strain for homeowners that drove the fires would be at least to his government’s high-profile and businesses. four times more likely to reoccur. commitment to coal mining as a In addition, the reinsurance In fact, IAG and SGS Economics & long-term driver of economic market foresees greater difficulty in Planning estimated in 2016 that a high growth for Australia. the future: Swiss Re suggested in its proportion of Australia’s economy was As a result, confidence in the outlook for the market an upward at risk from natural disasters: 20 per federal government declined from trend in rates had to continue if cent of GDP and 17 per cent of the 38.2 per cent in in October 2019 to the reinsurance market is to be population were situated in areas at 27.3 per cent by January 2020. As sustainable – before the recent high to extreme tropical cyclone risk; mentioned, the statutory requirement COVID-19-driven rate cuts reversed 28 per cent of GDP and 25 per cent of for the states to request help from the the trend. But with a coordinated the population in areas with high to federal government – and the debate approach to risk modelling and extreme flood risk; and 11 per cent of as to whether this could and should be building resilience in infrastructure GDP and 9 per cent of the population overridden – made for needless delays and systems, the global reinsurance in areas with high and extreme in coordinated responses. Morrison market currently has sufficient bushfire risk. A greater emphasis recovered some poise with his A$2 capacity to manage the risks. on disaster mitigation would billion support package – but his therefore prove fruitful. As far back critics await his full acknowledgement Longer term as 2014, the Australian Government of the need to address anthropogenic Australia’s largest general insurer, Productivity Commission concluded: climate change and get to work IAG released a report in 2019 which “Governments over-invest in post- on policies that will go further in emphasised that Australia’s coasts face disaster reconstruction and under- building resilience and diversifying increased risk of intense cyclones – invest in mitigation that would limit the Australian economy. pushing the annual economic cost of the impact of natural disasters in the Until then, Australian insurers natural catastrophes to an estimated first place.” face a growing need to evolve their A$39 billion (US$27 billion) by 2050. product offerings to respond to the IAG urged prioritising infrastructure Policy and politics prospect of more frequent disasters in capabilities, suitable land planning Perhaps the greatest shifts in Australia the ‘Lucky Country’. and appropriate building codes need to be broader-based than in the Jeremy Hughes is a freelance journalist – measures that would also stand insurance industry alone. The latest

cirmagazine.com April 2020 27

NatCatsv2.indd 4 03/04/2020 11:26:51 QBE. Prepared. How can businesses build resilience in a challenging operating environment?

Visit QBEEurope.com/resilience to find out.

QBE European Operations is a trading name of QBE UK Limited, QBE Underwriting Limited and QBE Europe SA/NV. QBE UK Limited and QBE Underwriting Limited are both authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. QBE Europe SA/NV, VAT BE 0690.537.456, RPM/RPR Brussels, IBAN No. BE53949007944353 and SWIFT/BIC No. HSBCBEBB, is authorised by the National Bank of Belgium under licence number 3093. Sponsored by

Raising the ramparts Following the outbreak of New dimensions Working from home was BAU for many, COVID-19, Chinese authorities were facing a steep rise long before COVID-19, but, as Deborah O’Riordan writes, in the number of patients needing urgent care. To address the unprecedented scale of reaction and government the issue, they built an entire hospital in just 10 days. intervention in this pandemic creates an unprecedented Andy Kane examines the key risks, as he lifts a lid on the human challenge Page 32 construction Page30 Sponsored by Sponsored COVID-19 Focus

QBE-CIR-Focus__.indd 1 03/04/2020 11:50:52 COVID-19 Focus

little over a week after construction started, the two-storey, 366,000 sq-ft AHuoshenshan Hospital in Wuhan began accepting its first patients. Raising the ramparts Three days later, China opened a Following the outbreak of COVID-19, Chinese authorities were second hospital in the city – the facing a steep rise in the number of patients needing urgent 1,600-bed Leishenshan. The two hospitals – part of China’s battle with care. To address the issue, they built an entire hospital in just the coronavirus – were built in record 10 days. Andy Kane examines the key risks, as he lifts a lid on time using prefabricated modules. the construction This impressive feat of design, engineering and construction, is extreme, 3D printing technology is faster and less resource intensive exceptional, but prefabricated and being developed to manufacture entire way to meet growing demand for modular forms of construction are homes – a Russian company recently new buildings. becoming much more prevalent, completed the largest 3D printed Crucially, much of the construction with important implications for risk building yet. work is carried out offsite. This means and insurance. Few buildings can be built as potentially less disruption for local quickly and on such a scale as the communities and a safer environment Faster, safer and more flexible two hospitals in China. However, the for workers. The Huoshenshan Prefabrication can be as simple as use of prefabricated and modular hospital took just 10 days to build. manufacturing sections of walls or construction methods is expected to Using traditional methods, a similar roofing, right up to complete modules accelerate in coming years. building could take many months, if that come with services plumbed In the UK, prefabricated buildings not years to construct. in. These modules can be stacked are thought to be essential for meeting together like Lego blocks to build current government housebuilding Building resilience multi-storey apartments and offices – targets and last year Japanese modular The two hospitals in Wuhan are a two 44-storey tower blocks currently building pioneer Sekisui House agreed great example of how prefabricated under constructed in Croydon, a deal with the government to build and modular buildings can increase London, are set to become the world’s modular homes in the UK. resilience. There are obvious tallest modular buildings. At the Prefabricated buildings are a applications in emergency response, such as field hospitals, temporary shelters or rebuilding quickly following a natural disaster, such as floods or major storms. Modular buildings could also increase the flexibility of the construction industry, and therefore its resilience and ability to respond to the needs of society.

Changing risk profile The trend towards prefabrication and modular building will have big implications for the construction industry’s risk profile. Significantly, it has the potential to de-risk the onsite construction process, transferring activities to a safer and more controlled factory

30 April 2020 cirmagazine.com

QBE-CIR-Focus__.indd 2 03/04/2020 11:52:10 COVID-19 Focus

environment. Construction sites can be hazardous places to work, but with prefabrication the time spent onsite can be greatly reduced, as can the number of workers. However, much of the risk will shift to manufacturers, while prefabrication could increase the risk of supply chain disruption. A fire or flood at a factory, or damage to modules during transportation, could result in long delays onsite. Modular buildings also typically require more heavy lifting. With more cranes comes a higher wind exposure, which could mean a greater number of days lost onsite to bad weather. Fire is another concern. The design, installation and testing issues seen with some types of external cladding systems. Buildings initially perform rigorous monitoring and verification are a red flag for potential risks of well, but later suffer issues with of materials, workmanship and testing modern construction. Where modules connections between modules and in the supply chain will be critical. are finished or assembled onsite, there weather-proofing. The Oxley Woods Experienced management could is a risk that fire protection could be prefabricated development in Milton also be essential, especially where compromised, while the potential for Keynes, for example, won awards for skilled onsite trades are replaced by voids inside prefabricated walls could innovation, but later experienced a semi- or unskilled factory workers. enable fire to spread. catalogue of problems related to water The development of detailed process ingress and damp. specifications for the installation of Design risk Insurers will want to see that modular elements on site, as well Prefabrication and modular systems have been properly tested as the training and monitoring of construction could increase design against field conditions, such as the workforce carrying out these risk. New designs and construction environmental testing, computer activities, will be critical. techniques have caused problems modelling and full-scale tests, in the past, especially where including fire. Underwriters will Insurance developments have been rushed want comfort that systems meet the The growing use of non-traditional to meet demand for more homes. intent and requirements of building construction methods like modular The post-war boom in non- regulations, and not simply particular buildings will have important traditional building and the aspects of the approved documents. implications for insurance. Policy government-subsidised prefabricated In particular, insurers will want to wordings will need to reflect changes homes of the 1960s and 1970s, understand how access will be gained in risks, such as the increase in offsite for example, experienced well- to remedy defects and whether voids construction and transport exposures, documented failings and defects. introduced into modules, or onsite to ensure that insurance responds. Design flaws in prefabricated activities and DIY, could negatively Risk engineering will also need to buildings would likely pose a systemic impact fire performance. adapt to offsite construction and the problem that could affect far more Quality control is likely to be an proto-type nature of new materials buildings than traditional bespoke important factor in the success of and methods. developments. new modular builds. Robust control Andy Kane is Portfolio Manager, Recent experience has also shown processes in a factory environment Construction at QBE European Operations durability issues with new modular could raise quality standards, but www.qbeeurope.com

cirmagazine.com April 2020 31

QBE-CIR-Focus__.indd 3 03/04/2020 11:52:59 COVID-19 Focus

hile many employers have embraced the benefits of agile working, few have Wexperienced an entirely remote workforce. The same is true for most New dimensions employees too who may be used to Working from home was BAU for many, long before COVID-19, short stints at home but are wholly but, as Deborah O’Riordan writes, the unprecedented scale of unaccustomed to extended, unbroken reaction and government intervention in this pandemic creates periods of remote working. COVID-19 is changing the situation an unprecedented human challenge for many companies, forcing workers into potentially prolonged periods work tend to be stimulating, with lots also allow the opportunity for of isolation. The potential impact on going on. When working remotely, face to face interaction and enable mental health is significant, but there communication can often feel less teams to talk collectively. Using are steps that both employers and frequent and the home environment instant messaging platforms can employees can take to minimise less invigorating. It is advisable help change the tone and tempo its effects. therefore for employers to increase of responses and may be a more formal and informal communication. favoured communication medium EMPL OYERS Communication methods should for some. be mixed up – a video or telephone Regular communication is key call is more interactive than an email Teamwork keeps people engaged Employees perform better when they and helps break up the monotony of It’s worth considering whether some are engaged and motivated. Places of working from an inbox. Video calls tasks should be completed as a team instead of individually. Collective team participation helps team cohesion and keeps people engaged. The benefits of teams working collectively will likely outweigh any short-term negative effects of increased task completion time. Just because employees are working from home does not mean they have to feel like lone workers.

Technology and IT equipment Employers must consider that IT equipment may limit productivity in some way eg. home broadband may be slower and laptops with small screens can be a challenge for those used to working on large or multiple monitors.

Mental health and well-being take priority For some employees remote working might be more challenging. During a period of transition, it is good practice to check in with employees regularly to see how they are feeling

32 April 2020 cirmagazine.com

QBE-CIR-Focus__.indd 4 03/04/2020 11:53:06 COVID-19 Focus

and coping. For some companies “Collective team participation this may already be part of their Helplines helps team cohesion and culture and working practice but keeps people engaged” for others, it may require a change If employees are struggling at home and in approach which may initially feel they cannot tell their line manager or ‘clocking off’ point at the end of the be met with scepticism and suspicion colleagues, there are many confidential day. The result is employees never by employees. and free helplines out there that can really switch off and risk burning help, including Employers should remind out quickly. employees of mental health services Mind – https://www.mind.org.uk/ available to them and, if possible, helplines/ Take regular breaks re-run any mental health, well-being Employees need to be disciplined and resilience training courses. It is Samaritans – https://www.samaritans. also around taking breaks, whether org/how-we-can-help/contact- also important to remind employees samaritan/ it is as simple as going to get a drink that it’s acceptable and encouraged or stepping outside to get some to report problems, this should fresh air. According to government be reinforced regularly by people live somewhat isolated lives outside guidelines, even those who are self- leaders. Some Employee Assistance of the workplace already. It is isolating should take regular exercise Programmes (EAPs) offer proactive critical that workers continue to outside, just ensuring they avoid counselling, should it be required. feel connected to colleagues and crowded places and keep a good exercise the right discipline at home. distance between themselves EMPLOYEES They should: and others. When used to the hustle and bustle Regular breaks are particularly of the work environment, extended Stick to normal working hours important from an ergonomic remote working may come as Without the structure of commuting perspective also. Typically, home a real shock to the system for to and from the workplace, the desks are less adaptable than employees, particularly those who working day can creep, with no clear office desks and unlikely to have been assessed by postural experts. Movement and light stretching every 30 minutes is recommended.

Eat healthily Maintain a healthy diet to avoid the sluggish feeling of being at home. Constant grazing can often be a downside of remote working. If it is a difficult habit to break, at least try to keep snacks healthy.

Keep in touch One of the ways to combat loneliness during prolonged isolation is to set up regular video calls with teammates. If employees are struggling at home either mentally or physically, they should let their colleagues, line manager or mental health first aider know at the earliest opportunity.

Deborah O’Riordan is Practice Leader, Risk Solutions at QBE European Operations www.qbeeurope.com

cirmagazine.com April 2020 33

QBE-CIR-Focus__.indd 5 03/04/2020 11:53:11 Video Q&A RSA Insurance

Delegated authority schemes spotlight Deborah Ritchie speaks to John Dawe about the benefits of a scheme, what the journey looks like, how RSA helps partners maintain compliance, and much more

For the benefit of brokers who really well is when you can take the a smooth migration process. It also may not be clear, what exactly is a expertise and the experience and gives us the opportunity to start a scheme? resource of an insurer and combine conversation with brokers about A scheme is very much a relationship that with the knowledge that a broker some of the exciting ways in which between a customer with a unique brings about really understanding we could take their schemes to the group of characteristics, a broker a particular customer group and next level, such as looking at product and also an insurer such as RSA. what makes a customer tick. When enhancements we can put in place We always start with a focus on the you combine that together you’re or different ways we can distribute customer, truly understanding who able to really extract value out of a products for greater customer reach. they are and what their insurance scheme, make it profitable and make needs are. If a broker is able to it grow. What tangible benefits can understand those needs, it gives brokers expect from a scheme? them a unique opportunity to be Can brokers easily transfer an A scheme is a really great opportunity able to create solutions to meet those existing scheme to RSA? for brokers to be able to grow their customer needs. They can deliver Absolutely. We’ve got a really broad business – particularly if they’re able those using their own brands and appetite and a very open mind and to identify a customer group with a also be in control of the whole we welcome brokers with existing unique set of characteristics that is customer experience. schemes to come to us and discuss unserved or untapped in the market. The role of an insurer like RSA how we can take their schemes to the Many of those customers won’t be is to be able to facilitate and enable next level and explore opportunities able to get these types of covers in the broker to be able to write risks for new ideas that brokers may have. the open market from standard SME on behalf of those customers we Come and reach out to us. We’ll products. The creation of a specific delegate and extend our authority review those opportunities and can product to meet their needs through to them. So, they can write those make a really quick decision as to a scheme gives the broker a real risks supported by an underwriting whether they’re for us. unique selling point. Equally, schemes guideline and framework. We also If they are, then we have a tried, customers have very high retention work with that broker to build a tested and established process for rates compared with non-schemes bespoke product specifically for that transferring those schemes over customers. They’re really sticky, customer group. to RSA, supported by a dedicated which means that brokers are able to implementation manager, which develop real long-term, deep-rooted What makes a successful scheme? takes away a lot of the hassle to create relationships with those customers. A successful scheme is one that’s underpinned by a long-standing “We’ve got a really broad appetite and a very open mind and partnership between an insurer and a we welcome brokers with existing schemes to come to us and broker. Schemes are not quick wins. discuss how we can take their schemes to the next level and They take time and collaboration to create, launch and then grow into a explore opportunities for new ideas that brokers may have. successful partnership. What works Come and reach out to us.”

34 April 2020 cirmagazine.com

Interview.indd 1 03/04/2020 15:49:49 RSA Insurance Video Q&A

This also gives them greater opportunities for increased revenue – especially in areas such as cross sell and up sell.

As a scheme partner, what does RSA offer in particular? At RSA, we are absolutely dedicated to schemes. We’ve got a specific team that only deals with schemes and delegated authority. So, we’re real experts in this area. We’ve got an open mind and a broad appetite for and passion for schemes, and micro-breweries, costume jewellers a whole range of opportunities. We especially those that are looking to and horticultural nurseries. Those make available partnership managers work with us over the long term. The types of trades are particularly who will be with the broker in order more that a broker can share with exciting at the moment. to extract the full value out of the us, the more we’re able to create a scheme over the long term. profitable solution that will grow over What does a typical scheme We also make available experts the long term. journey look like on a practical from within RSA across compliance, level ? claims and underwriting. We’re really What are RSA’s risk sweet spots? We break the scheme journey into keen to find ways in which we can We approach every opportunity four simple phases. The first phase is help brokers and their businesses to with an open mind. There’s no such all about getting to know you. We’re grow. We look at all of the data that thing as a typical scheme, but in really interested in your knowledge we built over our history, as well the main, we look for customers as a broker of the target customers, as buying additional data to apply from UK-domiciled medium-sized understanding what makes those to a broker’s business to help us businesses. We also look to support customers tick and why you think understand how we can extract schemes that have premium of that we can create a thriving scheme more value out of their schemes. around £250,000 plus or at least together. We’ll review whether it’s That’s in addition to being able to have a plan to be able to grow a within appetite, whether it’s scalable provide risk management consulting scheme to that scale. From a risk and whether we think there’s value and training. perspective, we like low to medium for both RSA and also for the broker. hazard risks, but we’re really excited If we achieve that then we get to What does RSA need from to be able to support our customers the really exciting bit. We can get a broker to explore a scheme’s and their businesses with risk together and start to think about the opportunity? consulting and risk management proposition and the product that When a broker approaches us with support. we’re going to create and take to a new opportunity, the first thing A good example of where market together. we’ll do is to try to understand the we’re looking at the moment is the The second phase is all about broker’s business – to really get them untapped potential of the artisan developing our partnership and and get what’s important to them. space, including gin distilleries, this is really important because we Then, the broker can share with us their knowledge of the targeted “The brokers that we like working with are those with a real customer segmentation where they appetite and passion for schemes, and especially those that feel there’s a real opportunity to are looking to work with us over the long term. The more that create a thriving scheme. The brokers that we like working a broker can share with us, the more we’re able to create a with are those with a real appetite profitable solution that will grow over the long term.”

cirmagazine.com April 2020 35

Interview.indd 2 03/04/2020 14:13:10 Video Q&A RSA Insurance

“RSA really understand what the regulator expects when it comes to transacting business to customers through a delegated authority chain. And because we know what the regulator requires, we can protect our mutual customers and we know what we need to do to protect our scheme brokers as well.”

What support can a broker what the regulator requires and that expect from a dedicated partnership means we can protect our mutual manager? customers and we know what we A broker will be provided with a need to do to protect our scheme partnership manager throughout brokers as well. the lifetime of a scheme and they’ll The types of activity that we’ll be responsible for the day-to-day undertake are regular product operation and running of that reviews to ensure that our products know we’re going to have a long-term scheme. They’re also responsible are working in the best interests partnership together so it’s really for making sure the scheme fulfils of customers. We’ll undertake important that we understand its potential and will work with the regular reviews of conduct MI to your business and how you operate. broker in a relationship to achieve ensure that value is being created We’ll connect our respective experts that. The partnership manager in the products that we sell to our with experts at the broker who will find ways to fine-tune the customers. What that means is that speak the same language, and we’ll proposition, identifying further within our relationship it’s really establish how we’ll work together opportunities to give the broker a important that our brokers are able to going forward - so it’s really efficient competitive edge. They also take care provide the right level of really good and effective. of any troubleshooting, making sure quality conduct MI for us to review The third phase is all about that issues are dealt with so they don’t collectively together, that they take preparing to go live and this is where get in the way of the broker being able their responsibilities really seriously we pull together a project plan led to trade. in terms of the activities that they by a specialist delegated authority They will also connect a broker undertake, such as selling of the project manager who’s got a wealth with various experts within RSA product and making sure that is in of experience in a tried and tested including our claims, underwriting the best interests of the customer process for ensuring we’ve thought and compliance professionals. and generally ensuring that brokers of everything. That’s really important There are also opportunities for a really have a culture of putting because it gives a broker peace of partnership manager to understand customers at the heart of everything mind that everything is thought what the broker’s business needs and that they do. of and that it will be seamless and find ways in which RSA can add value efficient and effective and we’ll keep through training or finding ways John Dawe is Partnership Director the broker updated on timescales and in which we can use data to create for Delegated Business at RSA delivery at every step of the way. insight to help with the ongoing Then, once we’ve gone live, the profitability and performance of the For more information about RSA’s final phase is what we refer to as scheme. schemes, speak to your local RSA a deepening and strengthening of representative or visit the delegated our partnership. We jointly set up How does RSA help brokers page at rsabroker.com regular contact between a broker and support compliance? an allocated partnership manager Because RSA has a team that is Interviewed by Deborah Ritchie to ensure the scheme is operating dedicated to delegated authority as we intend it to. We’ll find ways in business, we really understand what In association with which we can really add value to the the regulator expects when it comes proposition and ensure that we’re to transacting business to customers always working with the broker to through a delegated authority chain. give them a competitive edge. What that means is that we know

36 April 2020 cirmagazine.com

Interview.indd 3 03/04/2020 14:13:14 WINNERS’ REVIEW

5 MARCH 2020, THE WALDORF HILTON, LONDON

Brought to you by In partnership with Supported by

nationalinsuranceawards.co.uk

NationalInsuranceAwards.indd 3 03/04/2020 13:44:12 Innovative Product Award WINNER: Charles Taylor Insuretech and e London Market Group

Commercial Lines Broker of the Year WINNER: Romero Insurance Brokers

Commercial Lines Insurer of the Year WINNER: Direct Line for Business

Commercial Lines Insurer Claims Team of the Year WINNER: Direct Commercial

Personal Lines Broker of the Year WINNER: Vizion Insurance Brokers

Personal Lines Insurer of the Year WINNER: Voyager Insurance Services

Initiative of the Year WINNER: YPO in partnership with ESPO and NEPO

Claims Initiative of the Year WINNER: Sedgwick International UK with L&G Geobear

@InsTodayNews #NationalInsuranceAwards www.nationalinsuranceawards.co.uk

NationalInsuranceAwards.indd 4 03/04/2020 13:45:47 www.nationalinsuranceawards.co.uk @InsTodayNews #NationalInsuranceAwards

NationalInsuranceAwards.indd 5 03/04/2020 13:46:32 Schemes Broker of the Year WINNER: Stanmore Insurance Brokers

Lloyd’s and the London Market Award WINNER: Charles Taylor Insuretech and e London Market Group

InsurTech Award – AI/ML and Modelling WINNER: Kovrr

InsurTech Award – Technology & Infrastructure WINNER: Lightfoot

Communications Team of the Year WINNER: AXIS Capital

Growth Company of the Year WINNER: e Churchill Business Team in Direct Line Group

Insurance Recruiter of the Year WINNER: Idex Consulting

Insurance Law Firm of the Year WINNER: Forbes Solicitors

Digital Insurance Award WINNER: International UK & Typhoon 8

Inclusion and Diversity Award – External Programme WINNER: Chartered Insurance Institute

Inclusion and Diversity Award – Internal Programme WINNER: Travelers Europe

ESG Award WINNER: Texel Finance

@InsTodayNews #NationalInsuranceAwards www.nationalinsuranceawards.co.uk

NationalInsuranceAwards.indd 6 03/04/2020 13:47:27 www.nationalinsuranceawards.co.uk @InsTodayNews #NationalInsuranceAwards

NationalInsuranceAwards.indd 7 03/04/2020 13:48:12 Institute of Risk Management

The International Certificate in Enterprise Risk Management

Enterprise Risk Management (ERM) is at the heart of all our efforts to tackle the current pandemic and the Director-General of the World Health Organisation recently called for an enterprise-wide approach. Have you got the expertise you need? The International Certificate in ERM is the ideal qualification for anyone looking for a solid foundation in the theory and practice of effective risk management. Get the skills you need now to tackle the challenges of risk management and learn how to manage extraordinary crises in the future. Working together through uncertainty

What our students say Carla Knight IRMCert Risk Management Specialist, Exxaro Solutions, South Africa “IRM qualifications are an excellent way to ensure that you stay relevant and on top of the changing risk management field. It has taught me so many things especially in the areas where I do not see myself as an expert.”

Byron Tidswell IRMCert General Manager Risk, Assurance and Audit, V/Line, Australia “The International Certificate in ERM provided a really practical and useful framework to think about operational and enterprise risk. It has been invaluable to me in continuing to build performing risk management functions.”

To find out more about the IRM’s International Certificate visit:

www.theirm.org/cir-erm Developing risk professionals

cir-ad-2020.inddUntitled-7 1 1 01/04/2020 14:21:40 15:08:10 THE CATEGORIES

The 11th annual Risk Management Awards

The pinnacle of achievement in risk management

cirmagazine.com/riskmanagementawards

Sponsored by Headline Partner Supported by

London Marriott Hotel, Grosvenor Square

RiskManagentAwards-2020_Categories.indd 1 07/04/2020 14:34:12 Categories 2020

1. Risk Manager of the Year have contributed towards an overall risk This award is the hallmark of initiative. Entries will be accepted from outstanding performance by the risk teams of businesses of all size – from management professional who has SMEs to major multinationals. accomplished most in the past 12 months in reinforcing their organisation’s risk RISK MANAGEMENT management framework, inspiring their PRACTICE team and offering creative thinking to the risk management community 5. Cyber Security Initiative as a whole. Risk professionals in of the Year organisations ranging from FTSE 100 For response planning and penetration blue chips to small and medium-sized testing against an ever-growing challenge enterprises are all potential contenders in keeping one step ahead of hackers for this award. and online criminals who are ready to exploit any weak link within IT systems, 2. Risk Management Champion this award is for the organisation that has Award devised the most innovative and effective This award will be presented to the methods of preventing cyber crime and individual deemed to have contributed protecting their organisation’s assets. most to the world of risk management in the opinion of the judges. 6. Operational Risk Initiative of the Year 3. Newcomer of the Year For teams, individuals, consultancies This award will be granted to the or companies, this category recognises risk management professional within an initiative that has created increased the last five years. They may be from security within financial operations. another discipline or have just started Both innovation and original thinking their career. Entries must be able to will be rewarded. The judges of this demonstrate the impact this individual category will be drawn from experts, has had upon risk management within and we acknowledge the potentially their organisation or the sector. sensitive nature of submissions, so beyond the normal NDA we will also 4. Risk Management Team allow descriptive rather than technical of the Year nominations. This award will mark the best collective achievement in risk mitigation teamwork 7. Risk Management Programme within an organisation. Contenders will of the Year be able to demonstrate that ideas and This award is designed to recognise a efforts that individual team members sustained single programme with risk

cirmagazine.com/riskmanagementawards

RiskManagentAwards-2020_Categories.indd 2 03/04/2020 12:25:20 Categories 2020

management at its heart. This might 10. Public Sector Risk services or projects undertaken and be to reduce accidents within its fleet, Management Award how success was achieved. Judges will manage incidents on a construction This category seeks to reward the team award innovation and quality as well as project or mitigate exposure to risk in that has tackled the inherent risks customer service and satisfaction. financial transactions. If there is one of operating within a public sector particular aim of this programme and it environment. The winning team will be 14. Cyber Security Product can be demonstrated to have achieved able to demonstrate best practice from of the Year results then it is eligible. The judges will which all organisations can learn. In This award will be presented to seek evidence of success against a clearly a period where many in this segment the company whose product most defined target. have suffered major cuts to budgets, this successfully demonstrates their award is especially well deserved. advanced skillset in dealing with the 8. Cross-Border Risk growing threat of cyber risk. Successful Management Award 11. ERM Strategy of the Year submissions will demonstrate the This award will be presented to the This award will be presented to the providers understanding of the diversity organisation that can demonstrate company which has best demonstrated of this risk, and scalability to respond how it has built a risk management the implementation of an enterprise risk to the threat as it evolves. Entries may function capable of operating across management (ERM) programme, which include a demo (of no more than 5 multiple business and legal jurisdictions includes the integration of ERM into the minutes). that are geographically diverse (across culture and operations of the business, to international boundaries and cultures), solve real-world business problems. GENERAL CATEGORIES including from within the UK. Entries should outline the organisation’s PRODUCTS AND SERVICES 15. Best Use of Technology risk management programme, the in Risk Management development, scope and achievements 12. Risk Management Product This award will reflect the ability of of its team(s) and the way in which it of the Year an organisation to proactively use communicates the risk message to the This category focuses on products and technology for delivering recognisable wider company – and how all of these solutions that have delivered real value benefits in its management of risk, align with local conditions as well as to organisations and which have possibly whether from a vendor or developed overall organisational goals. spawned imitators – which is the true in-house. The category is ONLY for proof of a ground-breaking innovation. technological solutions, and evidence 9. Major Capital Projects Award Entrants must be a concept that can be of implementation will be given extra Robust risk management is essential implemented or a technological solution. consideration. in ensuring that major capital projects are delivered on time and to budget. 13. Risk Management Specialist 16. Risk Management Innovation With many different parties involved, Company of the Year of the Year co-ordination is also a major element. This award will be presented to the Judges are looking for an innovation This award recognises a project that has company that is dedicated to providing that has been initiated for the first time successfully met these criteria and can be effective risk management solutions to during the 18 months before the entry considered a major project in its scope. its clients. Entries should detail products, deadline, and which has the potential to

cirmagazine.com/riskmanagementawards

RiskManagentAwards-2020_Categories.indd 3 03/04/2020 12:25:31 Categories 2020

change the way in which a segment of towards diversity in the workplace risk management can be conducted. and demonstrate how this policy This could be a product or a process, is implemented practically in the but will need to show innovation and way that risk management staff are original thought. recruited, trained and promoted within the organisation. Entries should 17. ESG Risks Initiative of demonstrate how the organisation the Year supports and promotes diversity in the This award will be given to the context of managing risk. organisation that has made significant progress in assessing environmental, 20. International Risk social and governance risks to Management Award organisations. The judges will want This award will be presented to the to see strategy, long-term vision and organisation that can demonstrate evidence of success. Please note, this that it has built risk management is a risk award, and we are looking for into the very heart of its operations initiatives to assess, reduce and protect – encompassing the full scope of from risks, rather than activities may enterprise risks. Entries should well be worthy but are not directly outline the organisation’s risk associated to the practice of risk management programme, the management. development, scope and achievements of its team(s) and the way in which 18. Political Risk Award it communicates the risk message to The category for outstanding provision the wider company – and how all of of political risk management expertise. these align with local conditions. Aimed at honouring the provider of This category is open to companies political risk management, and the without a UK office. implementation of such strategies, judges will look for details of the 21. Public Safety Award identified risks, and information related This award will be presented to the to the strategies undertaken to mitigate organisation that has demonstrated them. the most success in developing a product or innovation of any kind 19. Diversity Award that has as its sole focus the safety This award will be presented to the of the public. Examples may include organisation that can demonstrate a innovative reporting or warning commitment to diversity in its risk systems, safety solutions for crowded management activities. Entries should places or security in the built present the organisation’s policy environment, for instance.

cirmagazine.com/riskmanagementawards

RiskManagentAwards-2020_Categories.indd 4 03/04/2020 12:26:08 2019 Winners

Diversity Award International Risk Management Award Winner: Control Risks (Business) Winner: Abdul Latif Jameel Co. Risk Management Innovation of the Year - sponsored by Regus Workplace Recovery International Risk Management Award Winner: Equifax (Public Sector) Highly commended: Web Shield Winner: Dubai Electricity and Water Authority

Best Use of Technology in Risk Management ERM Strategy of the Year Winner: Arcadis Consulting Winner: LyondellBasell Highly commended: BT Best Use of Technology in Risk Management (partnership) - sponsored by Blackberry Public Sector Risk Management Award Winner: Network Rail and SharpCloud Winner: Northern Ireland Water and Turner & Townsend

Cyber Security Product of the Year Major Capital Projects Award Winner: FM Global Winner: A14 Integrated Delivery Team Highly commended: Code42 Risk Management Programme of the Year Cyber Security Initiative of the Year Winner: Southern Water Winner: Blackfoot Cybersecurity Operational Risk Initiative of the Year Risk Management Specialist Company of the Year Winner: Aviva Winner: Aviva Risk Management Solutions Newcomer of the Year - sponsored by Aon Risk Management Product of the Year Winner: Alex Todorova, Mott MacDonald Winner: Acin Risk Management Team of the Year Risk Management Product of the Year (Service) Winner: Nationwide Building Society Winner: International SOS Risk Manager of the Year - Public Safety Award sponsored by Regus Workplace Recovery Winner: Ecclesiastical Winner: Simon Cory, Nationwide Building Society

cirmagazine.com/riskmanagementawards

RiskManagentAwards-2020_Categories.indd 5 03/04/2020 12:26:17 News & analysis Industry view

Industry views

Th ere is much debate about the extent to which we have articulate their risk appetite with absolutely clarity. Renewal entered a true hard market. Evidence from our own members submissions must be fi rst-class, tailored to business and strongly indicates that price rises in some classes have indeed sector and highlighting risk management achievements and been signifi cant and renewals have been challenging. plans. Communication with the C-suite is also vital. Regular However, the current conditions are diff erent from previous constructive discussions – possibly even inviting the CFO to a hard markets which were mostly about price. Today we are renewal meeting – help to manage expectations so there are no seeing a broader range of factors, including a negative impact nasty surprises. on deductibles and capacity, the late timing of presentation Th ese are challenging conditions for all, but there is a greater of renewal terms, and in some cases the complete withdrawal opportunity here. Th e prolonged soft market has contributed from certain classes of cover or sectors. We are also starting to insurance being seen as an increasingly commoditised to see a negative impact on claims.Th e biggest challenge purchase. Th e harsh market is moving it back up the for our members has been the speed of change and lack of boardroom agenda. Th is can used to remind organisations of communication and consultation. Decision-making has the value of a professionally constructed insurance programme. become centralised, with little inclusion of the end client, to Th at is a win for all. the extent that it has aff ected the timing of renewals. And while in many cases price rises appear justifi ed, in other instances John Ludlow is chief pricing feels aggressive and opportunistic. executive offi cer of Airmic We have suggested three key areas where the market can better support policyholders: improve pricing communication;

start the renewals process earlier; and reward strong risk In association with management. For risk professionals, this is the time to be proactive and take the lead. Preparation has never been more important. Policyholders should understand and be able to

March was going to be a big month for us at the CII. Th e It had always put renewal of cover at the top of the agenda, and FCA was going to publish its discussion paper, Transforming uninsured risks at the bottom. It has now switched this around, Culture in Financial Services. We had led an insurance working talking about uninsured risks fi rst, along with how clients plan group, which had carefully prepared one of its chapters. Th e to manage these risks, and renewal of cover at the end. Th is FCA’s paper, like everything else, was swamped by the global means clients come out of the meeting with a much greater disaster unfolding around COVID-19. But I’m still glad we did understanding of the risks they face and the part insurance that work. It taught me some useful lessons about where the plays in managing those risks. It gives clients the ability to insurance sector should be heading – lessons that have been put understand the limitations of their cover without feeling into even more stark relief in recent weeks. cheated later on. Th e key controversy around COVID-19 and insurance has When life begins to return to some form of normality, this been around the scope of business interruption insurance, with lesson – about looking at the whole customer and prioritising many businesses angry that their cover did not give them more their biggest and most diffi cult risks – is one our profession protection from the massive economic impact of the virus. must not forget. Th is kind of controversy is not new. We have seen similar gaps between expectations and reality with cyber insurance and before that, with diff erent forms of liability insurance. Dr Matthew Connell is director of policy and public Given the limits to which our clients can bring themselves relations at the Chartered to focus on the fi ner points of their insurance policies, it is not Insurance Institute credible for us, as a profession, to tackle the problem through policy literature alone. We need to start by thinking about In association with all the risks our clients face, not just the insurable risks. For example, one leading broker has adopted this new approach simply by rethinking is annual meetings with corporate clients.

48 April 2020 cirmagazine.com

IndustryviewV4.indd 2 07/04/2020 07:54:54 Industry view News & analysis

What's your view? Email the editor at [email protected]

We cannot avoid talking about the pandemic currently Preparedness is key, eff ective risk management and aff ecting the global business environment. It is, as Prime business continuity plans now kicking into place will play a Minister Boris Johnson said in one of his many recent briefi ngs, pivotal role. Some less risk mature organisations will be in “the worst global health crisis in a generation”. uncharted territory which will – inevitably – lead to some Th e director-general of the World Health Organisation, Dr businesses folding. Tedros Adhanom Ghebreyesus recently called for an enterprise- A core principle of risk management is to learn from wide approach to battling the pandemic – one which places experience and improve; there will be lessons from the enterprise risk management at the centre of the crisis. We experiences of dealing with the challenges of COVID-19 which will soon see how our education, training and professional will result in improved resilience and better risk management development has equipped us, and our organisations, to tackle in the future. this major risk. Global supply chains are being aff ected. On this topic, Th e true impact on businesses will not be able to be gauged some readers will be interested to know that the IRM recently for some time, although we can see many businesses – from launched its new Supply Chain Risk Management Certifi cate major airlines to local small-to-medium sized enterprises in conjunction with the Supply Chain Risk Management – already voicing their concerns about sustainability going Consortium). Founder of the Consortium and risk expert, Greg forward and requesting assistance and guidance from Schlegel says: “Most businesses do not embrace or embark on the government. a strategic risk journey UNTIL they experience a risk event. Public health measures in the UK are currently focusing on If they do it’s all hands on deck 24/7, in an attempt to survive delay; on slowing down the spread of the virus and reducing the event. If they do survive the event a lot of companies will the numbers aff ected. Th e aim is to lower the peak impact and go back to business as usual. Many companies do not survive a push it away from the winter season, initially by detecting and moderate-severe global risk event like the COVID-19 virus.” isolating early cases. In combatting this, one of the challenges for risk managers will be to ensure there is a balanced, proportionate and “Some less risk mature organisations will be common sense approach. in uncharted territory which will – inevitably

– lead to some businesses folding” Iain Wright is chairman of the Institute of Risk Management More severe measures may be put into place, for example reducing public gatherings, closing schools and restricting public transport, should it be deemed by the government to be necessary and cost-eff ective, although such measures In association with would incur signifi cant economic and other costs. As risk professionals, we are skilled at framing and understanding these diffi cult policy choices.

cirmagazine.com April 2020 49

IndustryviewV4.indd 3 07/04/2020 07:55:00 News & analysis Executive summary

The importance of adaptation financing The benefits of adaptation projects are usually significant, but development is hindered. To combat this, David Masters says it’s vital that the resilience benefits of such investments be quantified in financial terms xacerbated by climate change, the frequency and and densely populated areas of the US, such as Boston and severity of extreme weather events are increasing. New York, implementation is slow. As such, the need for adaptation projects – those While authorities may be under scrutiny if they fail to that strengthen the resilience of buildings, critical develop the adaptation infrastructure necessary to protect Einfrastructure and communities against these climate-related communities from climate-related damage and disruption, risks – has garnered increasing attention. the challenge of effective adaptation design that delivers the Adaptation projects often generate returns at a multiple of expected benefits, compounded by potential negative social their cost, but the sheer size of the adaptation financing gap, impacts to communities, may deter authorities from pursuing the enormity and complexity of such projects, and constrained adaptation projects. The often slow implementation is, at public finances are all hindering development. least partially, due to the high costs involved – and in times While increased engagement from the private sector would of strained public finance, these projects are unlikely to be ultimately lessen the financial burden on public sector entities, high priority. private investors face their own set of risks and difficulties in In fact, to meet resilience needs, current adaptation assessing the long-term returns associated with investing in financing needs to increase substantially. In 2018, about 6% – adaptation projects. But if the benefits of such investments can or £27bn – of total global climate change investments focused be quantified in financial terms, as well as environmental, we on adaptation projects. The United Nations Environment believe that a strategic collaboration between public and pri- Programme, however, estimates that this investment will vate sector financing could become the most likely path to suc- need to increase by 4x-9x by 2030 to meet resilience needs, cess. For the insurance sector as a whole, adaptation projects highlighting a significant gap in adaptation finance which provide opportunities across both sides of the balance sheet. public entities cannot achieve alone. Investment in adaptation can offer a certain level of cost- Against this backdrop, we believe that there is a need effective protection against physical damage caused by extreme to attract private finance support in this area – especially weather – something we define as a ‘resilience benefit’. Indeed, given the interest in climate finance opportunities among the investment in improving early warning systems against natural investor community. Private investment in climate change disasters can generate returns of almost 10 times their cost. adaptation, however, is currently around a modest £404m, with The consequent economic disruption from severe weather significant room for growth. events can often extend beyond the affected region through In order to engage the private sector and bridge the current global supply chains. The 2011 floods in Thailand, for example, climate adaptation financing gap, it is vital that the resilience impacted global technology and car production because the benefit of such investments is quantified in financial terms. manufacture of key parts was concentrated in the flooded area. Despite the difficulties in doing so, private investors must Consequently, over 50% of insured losses, totalling over £12bn, be able to justify the allocation of capital to projects whose stemmed from business interruption claims. benefits may only emerge many years in the future. Areas that invest in adequately protecting themselves One way to calculate the resilience benefit of an adaptation against extreme weather events may also see considerable project could be to estimate the reduction in expected damages secondary financial benefits as improved resilience may that the infrastructure funded by the green bond is designed promote economic development. Between 2017 and 2019, to achieve over the targeted period. If the cost benefits are weather-related insurance pay-outs were the equivalent of clearly outlined in this way, private investors could be more £222bn globally – the highest 24-month figure on record. inclined to engage and seek opportunities, such as transfer of Reduced natural catastrophe risk, therefore, could support risk to the capital markets in the form of insurance, catastrophe decreased insurance costs, bringing yet further indirect bonds, or other derivative instruments, as well as the support financial benefit. of contingent financing from multilateral institutions and governments. Meanwhile, constrained public finance would The adaptation finance gap receive the boost needed to achieve widespread resilience Yet despite a general acknowledgement of the urgent need for against the ever-increasing effects of climate change. climate adaptation projects among public authorities, including David Masters is a director at S&P Global Ratings in countries such as Bangladesh, Indonesia, the Philippines, “Insurers will need to ensure that insureds involved in the manufacture or use of 3D printers are providing adequate warnings and risk assessments” 50 April 2020 cirmagazine.com

ExecutiveSummary.indd 1 14/04/2020 16:51:09 Professional services guide

Business Continuity software

ClearView BCM Software Developed through a combination of practical experience of BCM consultants, live client feedback and technology experts, ClearView has quickly become a leader in the global BCM software market.

ClearView has removed many of the barriers that organisations experience when implementing BCM software, ensuring that ClearView delivers improvement to their BCM processes.

• Delivers ease of use for straight-forward, effective deployment and maintenance of BIA's, plans, exercises, risk and incident management. Users do not need extensive training and can pick up and use ClearView quickly and easily, even if only accessed infrequently ClearView Continuity • Achieves a high level of modularity which means that configuration allows the solution to meet the needs of organisations precisely, but in a very cost effective manner Astral House • Accessible from any web browser and mobile device, with mobile applications for all major platforms. Granville Way • Provides alignment to ISO22031 and Regional BCM standards Bicester • Fully integrated Emergency Notifications and dynamic Incident Management module Oxfordshire • Winners of BCM Software of the Year for an unprecedented 5 years between 2012 and 2017. OX26 4JT • Fully ISO 27001 (information security management) and ISO 9001 accredited to provide the highest levels of security and robustness. Trusted by international private and public sector organisations Tel: +44 (0)1869 354230 • Implemented by consultants with many years BC experience so we understand exactly what you want and can offer www.clearview-continuity.com professional help. Much more than a software service • Backed up with global support for clients in all sectors and all sizes • Comprehensive reporting and dashboard analysis plus a custom report builder and integrated What If?/GIS capability for scenario mapping

ClearView – we make the complicated simple.

Daisy Shadow-Planner enables you to plan, develop, test and execute more streamlined and structured Business Continuity. Taking the pain out of the entire process, Shadow-Planner helps your people work smarter and faster and Shadow enables your business to deliver against its BC commitments more quickly, efficiently and cost effectively. Planner BCM SoftwareSoftware Designed by BC specialists, this suite of integrated software supports the entire Business Continuity Management (BCM) lifecycle: from impact analysis through developing plans to testing and reporting. Daisy supports you every step of the way, helping you create the strongest and most effective plans to minimise downtime and ensure you can work Daisy House, No 2 Golden Square, ‘business as usual’. 220 Chester Street, Aston, Shadow-Planner is based on four core modules: Birmingham, B6 4AH • Business Impact Analysis (BIA) • Business Continuity Planning Contact Daisy to find out more about the unique • Notification benefits of Shadow-Planner: • Mobile Plans Call +44 (0)344 863 3000 Organisations in the financial services sector, public sector and others in regulated industries have used Shadow- Email [email protected] Planner to help comply with business continuity standards such as ISO 22301 and other specific codes of practice. https://dcs.tech/campaign-shadow-planner/ How you benefit A low-cost solution, requiring no local cap ex or hardware investments, you can: • Get rid of inefficient, inaccurate and risky manual approaches - Word documents and spreadsheets • Ensure all essential data (plans, contacts, documentation and more) are in a single secure location, at your fingertips • Be assured that all data is regularly reviewed, updated and consistent • Achieve faster ISO 22301 BC certification

cirmagazine.com April 2020 51 To advertise in the classified section contact Steve Turner - Telephone: 020 7562 2434 or email [email protected]

BUSINESS CONTINUITY, DISASTER RECOVERY & ALWAYS ON INFRASTRUCTURE

Daisy has become the UK’s go to partner for resilient, secure and always available communications and IT infrastructure managed services.

As the UK’s business continuity industry leader with over 25 years’ experience, Daisy is embedding resilience into its entire service portfolio, focussed on enabling today’s digital business in the key areas of always-on infrastructure, connect & protect and agile workforce.

Business Continuity Management: Daisy’s BCM consultants and Shadow-Planner software work with you to deliver digital business resilience and address Daisy House, No 2 Golden Square, the new risks of the digital economy. We advise, deliver, support and manage all or part of your business continuity 220 Chester Street, Aston, management, including emergency response planning; crisis and reputational risk management; operational and business recovery planning; infrastructure process and IT risk analysis; supply chain risk management; authentic Birmingham, B6 4AH exercising, maintenance and awareness. For more information: Workplace and FlexPlace Recovery: Call +44 (0) 344 863 3000 Daisy has got your offices and your people covered from 18 specialist business continuity centres available UK-wide, Email [email protected] mobile and virtual office solutions delivered to the home and complex call centre and financial trading positions. We https://dcs.tech/business-continuity/ usually have customers up and running within an hour and not just for business interruptions, but to cope with peak or seasonal trading and the flexibility digital businesses now demand.

ITDR, FlexTech and Data Availability: Daisy’s flexible IT and data recovery services will protect your technology, data and communications, available when the need arises and for test and development scenarios. We have nine resilient UK data centres and an award-winning portfolio of data availability services, applauded by industry analysts. For replacement IT onsite fast, we have over 1,000 servers and seven ship-to-site, mobile data centre units, all ready to dispatch if disaster strikes. This can be a safe roll-back recovery option in the event of cyberattack.

BUSINESS CONTINUITY, LOGISTICS

CMAC Business Continuity Transport makes moving your people safely, simple. We believe that everyone should be CMAC Business Continuity Transport moved safely, whether it is in an emergency or as a planned exercise. We want everyone to feel secure in the knowledge The Globe Centre, St James Square, that if they can no longer work at their usual location, they will be safely moved, just by making one phone call to our Accrington, Lancashire BB4 0RE 24/7/365 call centre. We were established in 2007 and have become the UK’s leading dedicated provider of business continuity transport. Contact: Ashley Seed

Tel: +44 (0) 1254 355 126 [email protected] www.businesscontinuitytransport.com Twitter: https://twitter.com/ CMACgroupUK Linkedin: https://www.linkedin.com/ company/10540515/

Professional Services Guide

To advertise in the CIR Professional Services Guide please call Steve Turner on +44 (0)20 7562 2434 or email [email protected]

52 April 2020 cirmagazine.com To advertise in the classified section contact Steve Turner - Telephone: 020 7562 2434 or email [email protected]

Risk Management Software Solutions

In business since 1992, JC Applications Development Ltd take great pride in our ability to develop world class software solutions and associated services that enable our clients to manage risk, compliance and claims more effectively. As a result they are better placed to achieve their corporate ambitions, save time, money and offer a superior service to their stakeholders. This is proven by our last customer satisfaction survey where 98% of respondents said that they would recommend us.

JC Applications Development Ltd With over 200 successful implementations JCAD is a market leader in the provision of claims handling and risk Manor Barn, Hawkley Rd, Liss, management software to both the public and private sectors. Client representation covers many diverse industries Hampshire, GU33 6JS including but not limited to;

Contact: Phil Walden • Housing associations • Finance • Local government • Retail • Emergency services • Construction Tel: +44 (0)1730 172020 • Charities & NGO’s • Facilities Management [email protected] • Academia • Utilities www.jcad.co.uk Twitter: @jcad2 JCAD’s software is wholly “off the shelf ” which enables time efficient implementations, low cost systems and simpler training. Additionally, by offering a best practice approach to risk and compliance management we can focus on the development of new functionality that is then shared across our entire client base. JCAD are an ISO9001 accredited supplier and our hosting partners are accredited to ISO27001. Our risk management software will align to such standards as ISO3100, COSO and guidance from the OGC.

Origami is a leading provider of integrated SaaS solutions for the risk, insurance and compliance industry—from insured corporate and public entities to brokers and risk consultants, insurers, TPAs, and risk pools. Our solutions for RMIS, GRC, EH&S, Core Policy and Claims, and Healthcare Risk Management are highly configurable and completely scalable. Origami delivers a full suite of solutions from a single, secure, cloud-based platform accessible via web browser. Our Origami Risk software is supported by an experienced service team who possess a balance of industry knowledge and technological 222 North LaSalle Street expertise. With our unique service model and highly configurable solution, our expert team implements and provides Suite 2125 Chicago, IL 60601 ongoing support to align with clients’ strategic organizational priorities. Since all components are contained within a single, true SaaS platform, scalability is seamless, enabling clients to focus on their priorities while providing access to Tel: 312.702.5395 the latest technology. [email protected] www.origamirisk.com YouTube: https://www.youtube.com/channel/ UCUSGoJ_XoT0nz_K9HJXk2rQ LinkedIn: https://www.linkedin.com/company/ origami-risk/ Twitter: https://twitter.com/origamirisk

Ventiv Integrated Risk Management (IRM) Whether you’re managing risk, safety or insurance programs, your job is more challenging than ever. More data. Increased business complexity. Greater security risks. Heightened expectations. Less time to respond, and with fewer resources. You need a technology solution that meets today’s needs while demonstrating the ability to meet tomorrow’s challenges, too. The answer is Ventiv IRM.

Ventiv IRM empowers you to take control of your organisation’s data and achieve clarity you need to make fully Ventiv Technology informed decisions. Improve your efficiency and maximise scarce resources, while getting back the time you need 30 – 40 Eastcheap to think and act strategically. London EC3M 1HD Fully embedded and integrated into Ventiv IRM, Ventiv’s analytics, reporting and data discovery is the market’s Contact: Steve Cloutman newest and technologically most current offering. Ventiv is the only RMIS provider offering cutting-edge Automated Predictive Analytics as an embedded and integrated component of our solution. All this empowers Tel: +44 (0) 7971 505433 you to deliver data-driven decisions that generate optimal outcomes like reducing total cost of risk. [email protected] www.ventivtech.com With your processes optimised, best practices embedded and knowledge converted, you will have raised your risk technology maturity to drive better results and make your risk management department more resilient. LinkedIn: www.ventivtech.com/linkedin Twitter: @ventivtech

cirmagazine.com April 2020 53 To advertise in the classified section contact Steve Turner - Telephone: 020 7562 2434 or email [email protected]

Risk Management software Solutions

The Protecht Group Protecht helps organisations through deep understanding, monitoring and management of risk. We provide the complete risk solution—comprised of world-class enterprise risk management, compliance, training and advisory services—to government organisations, key regulators and businesses of all sizes across the world.

With 20+ years at the forefront of risk and compliance solutions, millions of incidents managed across thousands of 1st Floor, 60 Gresham Street individual risks, and over 25 thousand people attending our training courses to date, we're one of the most respected and London EC2V 7BB influential voices in risk. United Kingdom Dynamically manage all your risks in a single platform: Risks, Compliance, Health and Safety, Internal Audit, Incidents, Contact: Keith Davies - KRIs, BCP, and more. Director Sales and Operations, U.K. & Europe We’re with our clients for their full risk journey. Let’s transform the way you understand and manage your risk to create exciting opportunities for growth. Tel: +44 (0) 7828 163 802 [email protected] www.protechtgroup.com LinkedIn: au.linkedin.com/company/ protecht-advisory-pty-ltd Twitter: twitter.com/Protecht_Risk You Tube: www.youtube.com/user/ ProtechtPtyLtd

Work area recovery

The FortressAS team are expert in the provision of Operational and Cyber Risk and Resilience services.

Working along the lines of the NIST Framework, we focus on reducing the risk of disastrous events and mitigating the Fortress Availability Services Limited impact of these events when they do happen. City Reach, 5 Greenwich View, London, E14 9NN Our services span:

• Advisory (BC and Cybersecurity) • Managed Services (Endpoint Detection and Response – ED&R, Virtual CISO) Tel: +44 (0)20 3858 0099 • Solutions (ED&R, Threat Correlated Vuln Management, Identity, Insider Threat) [email protected] • Infrastructure Services (DRaaS, BaaS and Workplace Recovery) www.fortressas.com Twitter: @fortressas We focus on delivering high quality services and those with a high ROI. LinkedIn: https://www.linkedin.com/ company/fortress-availability- services-limited

CIR Software Reports Advertise in CIR’s next software report

To advertise in the next CIR software report, please call Steve Turner - Telephone: 020 7562 2434 or email [email protected]

CIR produces three software reports a year, each updated annually, and providing the most comprehensive guide to the market’s software cirmagazine.com/cir/cirreports.php

54 April 2020 cirmagazine.com BIBA2021_CIR_advert_v2.qxp_BIBA 27/03/2020 13:16 Page 1

Save the date

Europe’s largest insurance broking event will return on May 12 & 13, 2021.

We look forward to seeing you back in Manchester next year

The BIBA team

Untitled-5 1 31/03/2020 11:51:42 The only SaaS platform to provide integrated solutions to the entire insurance value chain: Risk Managers, Brokers, TPAs, and Insurers

info.origamirisk.com/CIR-2020

Untitled-1 1 13/01/2020 16:18:07