Board Governance and Emerging Risks in the C21

Board Governance and
Emerging Risks in the C21
Friday 10th July 2015, Brussels

8:30 - Registration
9:00 - Welcoming speech by Roger Barker Adviser to ecoDa board, Director of Corporate
Governance, Institute of Directors UK
9:10 - Keynote speech by Philippe De Backer, Member of the European Parliament
Panel 1 – The Risk Conversation at Board Level
9:20 - Moderator: Christopher Lajtha Independent Risk & insurance Management Resource,
ADAGEO / RCN:
-Charlie Kitson, Head of Client Engagement, AIG
-Patrick Zurstrassen, Honorary Chair of ecoDa, Independent Board Member
-Andrew Chambers, Chair, corporate governance & and company law at FEE;
member, ACCA’s global corporate governance forum.
-Jonathan Blackhurst, Head of Risk Management, Capita plc
-Anna Korbut, Executive Risk Manager, NefteTransService
10:45 – Coffee break
Board Governance and Emerging Risks in the C21
The Programme

Charlie Kitson - Head of Client Engagement, AIG
July 2015
Risk Conversation at Board Level

2
Why raising the profile of risk is
so important
Boards are increasingly waking up to risk; major challenges for today’s
c-suites are;
• Regulation
• Growing vulnerability
• Globalisation
• Technological changes including 24-7 media
This has thrown the spotlight on risk management which is a good thing for
companies and the “risk professionals”.
A recent AIRMIC survey showed that almost 70% believe that risk management
has become more important within their companies over the last three years.

3
Role of Risk Managers today
88m+
Clients we serve
1.7billion
Shares sold by the US
government
$27.6billion
Claims payments by
AIG Property Casualty
$68 billion
Our 2014 revenue
64,000
AIG employees
WE ARE
ONE AIG
100%
Government assistance repaid
• The Risk Manager position within companies is inconsistent.
- Identity of the risk manager in the organisation is not clear
- There is no standard reporting line or career path
- There are wide variations in the way the role is expressed within
companies. E.g. some risk managers are pure insurance buyers
whilst others manage all areas of risk for a company.
• Lack of clarity for Goals & Objectives

4
Number of times Risk Managers report
to Board
88m+
Clients we serve
1.7billion
government
$27.6billion
Claims payments by
64,000
AIG employees
WE ARE
ONE AIG
The gap between the Risk Manager and the Board is closing all the time.
There is now a greater awareness of risk and willingness to take responsibility
for managing or mitigating it. Most Risk Managers report to the board regularly
on the risk landscape, either directly or via the Risk Officer.
FERMA 2014 Survey:
45%
18%
23%
9%
5%
Several times per year
Once a year
On a requested basis
No mechanism in place
Unknown
Number of formal Risk discussion with the board
Compared to last years results Risk Management interaction is up 7%
Reporting Lines - How often report to Top Management level
85%
78%
Risk Management
Functions
Insurance
Management

5
Risk Managers need to identify trends
and new risks
$27.6billion
Claims payments by
$68 billion
Our 2014 revenue
64,000
AIG employees
WE ARE
ONE AIG
100%
2015 Position in 2007
1 Damage to reputation/brand 1
2 Economic slowdown/slow recovery 8
3 Regulatory/legislative changes 6
4 Increasing competition 5
5 Failure to attract or retain top talent 7
6 Failure to innovate/meet customer needs New entry for 2015
7 Business interruption 2
8 Third-party liability 3
9 Computer crime / hacking / viruses / malicious codes (Cyber) New entry for 2015
10 Property damage 9
AON’s 2015 risk management survey compared to 2007:

6
Key Drivers at Board Level
88m+
Clients we serve
1.7billion
government
$27.6billion
Claims payments by
$68 billion
Our 2014 revenue
64,000
AIG employees
WE ARE
ONE AIG
100%
The UK Insurance Act makes buyers more responsible for their insurance
choices. They have to demonstrate the need for the products they purchased as
well as a robust methodology behind the purchase decision. (Or decision not to
purchase).
Investors want assurance that the company they’re investing is well managed.
Employees want to work for a “successful” company with a good public
reputation. Good risk management is part that.
Changes in attitudes to risk management are driving product uptake and design.
For example: The cyber insurance market has developed because if a company
has a breach / incident and does not have insurance in place to mitigate that risk,
they may be seen as negligent.
Legislation
Shareholders and Employees
Mitigation

7
Financial
Risks
Accidental
Risks
Strategic
Risks
Operative
Risks
Price
Fluctuations
Currency and
interest rate risks
Loss of Suppliers
Diversification/
Wrong strategy
Changes in
demand/demographic
Technological
risks
Increase in
competency
Legal compliance/
professional risks/
Employees
dishonesty
Low productivity
Failure to supply
Lost of key
employees
Security of
employees
Contamination
Damages to
third parties
Business Interruption
Material Damages
to assets
Transportation of cargo
Terrorism Risks
Construction Risks
The Risk
Products liability/
products recall

8
• Effective risk management is NOT just about
compliance
• Risk is at the heart of strategy and effective risk
management should be an enabler and a potential
differentiator
• Reputation is critical and reputation risk management
should be prioritised
• The tone is set at the top
Final Comments

9
Bring on tomorrow
Bring on tomorrow
The “Bring on tomorrow” tagline expresses AIG’s
tremendous tenacity and ambition, our optimism,
and our spirit of inventiveness.
For customers, consumers, and partners, it showcases
how we help them feel about the future:
Confident, Prepared, and Protected

Whilst every effort has been taken to ensure the accuracy of the information in these pages, we make no representation and/or warranty express or implied that
the financial information and/or information is correct, complete or up to date. The financial information and/or information is subject to change at any time
without notice. You should not take (or refrain from taking) any action in reliance on the financial information and or information and we will not be liable for any
loss or damage of any kind (including, without limitation, damage for loss of business or loss of profits) arising directly or indirectly as a result of such action or
any decision taken.
AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc.
Products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Not all products and services are available in
every jurisdiction, and insurance coverage is governed by actual policy language. Certain products and services may be provided by independent third parties.
Insurance products may be distributed through affiliated or unaffiliated entities. Certain property-casualty coverages may be provided by a surplus lines insurer.
Surplus lines insurers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds.
AIG Europe Limited is authorised and regulated by the Financial Services Authority. Registered in England: Company Number 1486260. Registered Address:
The AIG Building, 58 Fenchurch Street, London EC3M 4AB. AI452168

THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040
RISK MANAGEMENT
IN BOARD AGENDA
Patrick Zurstrassen
ecoDa honorary chairman
FERMA / ecoDa / AIG
Cercle de Lorraine
Brussels
10 July 2015

INTRODUCTION
• Personal experience
• Philosophy of presentation

• OECD [2004] definition of board responsibility: The corporate governance framework should ensure
- the strategic guidance of the company,
- the effective monitoring of management by the board and
- the board’s accountability and loyalty to the company and the shareholders.
Plus statutory duties such as review and proposal of approval of B/S and accounts and
publication of legal accounts/annual reports.
• No explicit mention of Risks, Risk management, ERM or other risk matters because:
- Risk and rewards [profits] are the two sides of the same economic judgment coin.
Both dimensions are ever-present in all management and board discussions.
- Through regulatory efforts, special moments, debates, decisions, policies, statements and communications
are particularly dedicated to risk matters apart of other matters.
- A whole biosphere of risk aggregates and indicators has emerged. They are mostly generated by risk
professionals. Their ultimate expressions are aiming to the full board.
Are Boards formally in charge of Risk Management?

When are Corporate Bodies dealing with Risk Matters?
• AGM
• Board of Directors [Supervisory Board]
+ Board specialized committees
• Management Committee
+ Specialized committees
• Business and functional lines
• Risk management
• Annual
• [Monthly] Quarterly
• Weekly
• Daily
• Permanent

A typical agenda of a corporate elementary unit:
an investment/mutual fund board.
Permanent items of the agenda
• Performance report
• Risk report
• Sales, marketing and products report
• Compliance report
• Finance
• Legal
Periodic items of the agenda
• Internal audit report
• Audit report
• Regulatory review
• Annual budget
• Approval of accounts / annual report / risk statement
• Board performance evaluation
• Corporate strategy
• Market risks
• Liquidity risks
• Credit risks
• Duration risk
• Etc
• TE tracking error
• VAR
• Risk category
• KRI
• Etc
• For individual fund
• For classes of assets

A fuller picture should also include
Permanent items of the agenda
• Performance report
• Risk report
• Sales, marketing and products report
• Compliance report
• Finance
• Legal
Periodic items of the agenda
• Internal audit report
• Audit report
• Regulatory review
• Annual budget
• Approval of accounts / annual report / risk statement
• Board performance evaluation
• Corporate strategy
• Market risks
• Liquidity risks
• Credit risks
• Duration risk
• Etc
• TE tracking error
• VAR
• Risk category
• KRI
• Etc
• For individual fund
• For classes of assets
• Directors education
• Liabilities of
directors
• Conflict of interest
• AML / KYC
• Risk management
tools and
techniques
• Crisis management
• Counterparty
• Regional market
• Currency
• Global market
• M&A & restructuring

Fédération des Experts-comptables Européens
Federation of European Accountants
www.fee.be Connect with European Professional Accountants @FEE_Brussels
Board Governance and
Emerging Risks in the C21
The Risk Conversation at Board Level
Andrew Chambers, Chair of FEE Corporate Governance
and Company Law WP; Member of ACCA Global
Corporate Governance Forum
1

FEE and audit committees
2

Donald Rumsfeld
‘There are known knowns. These are things we know that
we know. There are known unknowns. That is to say, there
are things that we know we don’t know. But there are also
unknown unknowns. There are things we don’t know we
don’t know.’
Internal auditors might add:
‘And there are things we [as internal auditors] know that we
don’t want to know.’
Donald Rumsfeld was the youngest US Secretary of Defense from 1975 to 1977 under President
Gerald Ford, and then the oldest Secretary of Defense from 2001 to 2006 under President
George W Bush
3

Risk oversight – need for cooperation I
 Risk oversight must be a continuous process to be
effective.
 Should audit committees deal with:
• The known risks?
• The risk management process?
Risks linked to: company’s strategy, business and industry
Objective: ensure that such risks are appropriately
considered and addressed by management and in the audit
plan.
4

Risk oversight – Need for cooperation II
 Risk management involves “unknown risks” as
well.
 Risk committees can focus on the identification
of “unknown risks”: prospective risk
management
 It is crucial to distinct roles between audit and
risk committees and to foster effective
communication.
5

Risk oversight – Need for regular communication
 Clear overview of the company’s risk and
control framework.
 Meeting on a regular basis with management,
internal audit and external audit to understand
the risks faced by the company.
 Input from external parties such as institutional
investors and analysts.
6

The Risk Conversation at Board Level
Jonathan Blackhurst, FIRM

2
Risk Intelligent Conversation
FYI
Weak leverage for
business benefit
Does it add up?
Exception
reporting
Too format
focused
Appetite
Decision
making
Balanced bottom
up/top down
Transparency
Connected
conversations
Vocabulary
Pressure gauge
reading
Risk
Aware
Risk
Intelligent

3
Risk Intelligent
Conversation
Facts.
Straightforward.
Structured.
Accountable
attendees.
Save the forests.
Guaranteed
credibility.
Business aligned,
but agile.
Strict
organisation and
chairmanship.
Clear escalation
and clear feedback.
Context, not
background.
“Are we there yet?”

11
conversation about risk at board
level
Anna Korbut

2
• Starting thinking point is FERMA is 7th biennal Risk Management Benchmarking Survey 2014:
– The most important risks for European organizations in 2014 are Political (significantly
increased VS 2012) as well as Reputation (increased VS 2012), Competition, Regulation and
Legislation
At the same time - Assessed with a low level of mitigation: Political, Competition and Economic
condition
Out of the nine risks in the “improvement zone” (high risks with a low level of mitigation), five
are strategic/external risks – all the issues to be addressed at the very top level
– 48% of Risk managers FORMALLY present Risk Management activities to the Board/ Top
Management several times a year – is “formal presentation” of activities can really be
considered as a Dialogue by parties?
– There are number of risk-related reporters that Board could have vis-à-vis for a risk dialogue -
at least 6 possible organization for risk functions where 40% RM & IM together separated
from IA and IC – they all may operate different risk language and terminology! are Board
members flexible enough to navigate themselves through (some times) complex and not
necessarily consistent reporting?
• Risk/Insurance Managers’ short-term strikes are converging towards the enhancement of their role
into a strategic dialogue and becoming a business-partner
What are the drivers for the Dialogue? (1/2)

3
• In the joint ECIIA/FERMA Guidance* for Boards and Audit & Risk Committees it is highlighted that:
– EU regulatory focus is towards a greater transparency on financial and non-financial reporting
Should Audit Committees’ mandate be significantly expanded to integrate new reporting
innovations – to go far beyond “control” agenda?
Or is there a need for a new body?
Does it matter of how many board members a qualified, i.e. possess comprehensive
knowledge in risk management?
– The need to create a separate Risk Committee may arise from the following:
• Relevant regulator(s) requirements
• Alignment between risk management and strategy
• The need for more detailed oversight of RM structure
• The complexity of the major/critical risks to be assessed
– In the financial sector, there is an increasing requirement for a risk committee created
alongside with Audit Committee. The role and responsibility of each committee must be well
defined in order to avoid overlap and ensure that the coverage of risks is comprehensive.
Is this a dimension for future development of corporate governance for non-financial
sector?
What are the drivers for the Dialogue? (2/2)
*Audit and Risk Committees News from
EU Legislation and Best Practices

4
• There should be a place for a dialogue
Risk Committee / Audit & Risk Committee / Audit Committee AND Risk Committee / Strategy
Committee
Roles of a risk committee: Dispose reporting (formal) / Discuss and develop decisions (workshop)
• There should be a language for a dialogue
Comprehensive knowledge and competence yet supported by constant best practice and
developments sharing from the Leaders in Risk Management
• There should be participants in a dialogue
There should be less formal even “rotating” composition of a risk committee – depending on the
topics or issues to be discussed as well as on specific expertise to be involved.
• There should be an objective / purpose for a dialogue
There are no right and wrong ERM systems, there are efficient and suitable for particular
company’s needs evolving with the emerging challenges. Who is in reality setting requirements
and develop ERM design? Is such design to be born from a Dialogue between Board (key RM user)
and Risk Manager?
What is Risk Dialogue about?

5
• Develop at a European level better knowledge on the role of risk management bodies
at a Board level – Risk Committees, Audit & Risk Committees
• Develop the pole of expertise and continuous professional development in managing
risks strategically integrating our partners - risk stakeholders.
On the basis of Certification – we are the Risk Leaders
• Promote Risk Management at Board level with regular and consistent direct Board
access and communication
What is the plan?

11:00 - Keynote speech- Marc Pickeur, Member of the International Auditing and Assurance
Standards Board (IAASB
Panel 2 – The Impact of Emerging and Future Risks
11:10 - Moderator: Roger Barker, Adviser to ecoDa board, Director of Corporate Governance,
Institute of Directors UK
- Carin Gorter, Member of the Supervisory Board of ING (and of several
insurance companies),
- Marie Gemma Dequae, FERMA Scientific Adviser, former Group risk &
insurance manager (Bekaert),
- Adriana Cavaliere, Entreprise Risk Manager at SWIFT in Belgium
- Ornella Di Iorio, Research Manager, EUROSIF - Vigeo
12:30 - Closing speech by Emmanuel Brulé, Chief Risk Officer, AIG
12:45 – 14:00 - Working lunch

IAASB Update
Marc Pickeur
A Joint Event with ecoDa, FERMA and AIG
Brussels, Belgium
July 10, 2015

• Key Projects Finalized: Clarified ISAs, Auditor Reporting,
Revisions of Other Assurance and Related Services
standards
• Special Support Efforts for Implementation of new and
revised Auditor Reporting standards
• New Strategy and Work Plan with a number of new and
challenging projects
• Looking for feedback on key questions
– What is it that we have to address?
– What kind of development process?
– What forms of interactions with stakeholder groups?
– What kind of outputs?
Times Are Changing for the IAASB

New and Revised Auditor Reporting Standards
Key Features
AuditorReport
Audit Opinion – Required to be presented first
Key Audit Matters – Required for listed entities
Going Concern – Additional focus
Other Information – New section
Responsibilities – In the audit; Independence and ethical
obligations; Engagement partner (listed entities)

Overarching Standard for Auditor Reporting – ISA 700 (Revised)
Revisions to ISAs 260 and 706 as a result of ISA 701, and related
conforming amendments to ISAs 210, 220, 230, 510, 540, 600, 710
Modifications
to auditor’s
opinions
ISA 705
(Revised)
New Key
Audit Matters
section
ISA 701
Enhanced
auditor
reporting
related to going
concern
ISA 570
(Revised)
The New and Revised Auditor Reporting Standards
New auditor
reporting on
other
Information
ISA 720
(Revised)

Expected Benefits of the New Auditor’s Report
• Enhanced communicative value to users
• More robust interactions and communication among
users, auditors and those charged with governance
(TCWG)
• Increased attention by management and TCWG to the
disclosures referred to in the KAM section of the
auditor’s report
• Increased professional skepticism in areas where KAM
are identified
• Increased audit quality or users’ perception of audit
quality

What Are KAM?
KAM are defined as those matters that,
in the auditor’s professional
judgment, were of most significance
in the audit of the financial statements of
the current period
KAM are selected from matters
communicated with TCWG

Are KAM Always Communicated in the Auditor’s Report?
• Auditor is required to include each KAM unless
– Law or regulation precludes disclosure
– In extremely rare circumstances, the auditor determines that the matter
should not be communicated
 Adverse consequences of communicating the KAM would reasonably be
expected to outweigh the public interest benefits of such communication
• KAM is prohibited for a disclaimer of opinion, but required for
a qualified or adverse opinion
• In certain limited circumstances, there may be no KAM to be
communicated

Decision-Making Framework for Determining KAM
Matters that were
communicated with those
charged with governance
Matters that
required significant
auditor attention
Matters of most
significance
in the
audit
Key Audit
Matters

Initial Step in Determining KAM
The auditor will always consider
• Areas of higher assessed risks of material misstatements or
significant risks (i.e., risks requiring special audit
consideration)
• Significant auditor judgments relating to areas of significant
management judgment (e.g., complex accounting estimates)
• Effect on the audit of significant events or transactions
Matters that were
communicated with TCWG
Matters that required
significant auditor attention

Determination of Matters of Most Significance in the
Audit – KAM
• KAM is determined by the auditor’s consideration of the
– Nature and extent of communication with TCWG
– Importance to intended users’ understanding of the f/s
– Nature and extent of audit effort needed to address
– Nature of the underlying accounting policy, its complexity or subjectivity
– Nature and materiality, quantitatively or qualitatively, of corrected and
accumulated uncorrected misstatements due to fraud or error (if any)
– Severity of any control deficiencies identified relevant to the matter (if any)
– Nature and severity of difficulties in applying audit procedures, evaluating the
results of those procedures, and obtaining relevant and reliable evidence
Matters that required significant
auditor attention
Matters of most significance
in the
audit

KAM – Delivering Entity-Specific Information to Users
Consistency
and
Comparability
Relevance
and
Usefulness

• IAASB-supported “roll-out plan” with objectives of
– Promoting awareness
– Informing and educating users
– Learning about experiences of those responsible for adopting and
implementing the standards
– Preparing for post-implementation review
• Planned activities
– Outreach and other communications
– Auditor Reporting Toolkit
New and Revised Auditor Reporting
Standards Implementation Support
New and revised Auditor Reporting standards are effective for
periods ending on or after December 15, 2016

New Webpage www.iaasb.org/auditor-
reporting with easy access to new and
revised standards and other resources
• Auditor Reporting Fact Sheet
• Auditor Reporting “At a Glance”
• Basis for Conclusions
• Publications on GC and KAM
• Illustrative KAM examples
• Plans for webcasts, podcasts and other
potential publications
Resources – Auditor Reporting Toolkit

• Information gathering activities already underway on three
priority topics
– Quality control (ISA 220 and ISQC 1)
– Group audits (ISA 600)
– Special audit considerations relevant to financial institutions
(including ISA 540 in particular)
• Professional skepticism
• March 2015 IAASB discussions highlighted interactions
between the four projects above
– Common themes (e.g., sufficient appropriate audit evidence;
professional skepticism)
– Crossover issues (e.g., direction, supervision and review of audits;
audit delivery models)
IAASB Work Plan for 2015–2016 – Enhancing
Audit Quality

Emerging risk
Compliance
A boardroom perspective
Carin Gorter
July 10th 2015

Contents session
External developments
Board oversight topics regarding risks
Compliance moved into the boardroom
Challenges for the future
2
1.
2.
3.
4.

1. Perspective of NED/SB on compliance
External developments/ forces on the strategy and business model
• New rules and regulations
• Development of technology on compliance and vice versa
• New entrants
• Client expectations
• Communication and social media impact
• Developments in society at large
3
Essential is to be interested and invest substantive time in these developments

4
Time spend on
future; testing
assumptions
underlying strategy
Process on critical
risks
Good risk info
Risk appetite
Cro/cco
Tone at the top
Board oversight topics

3.Perspective of NED/SB on compliance
Compliance has moved into the boardroom
- to be tested by regulators
5
Behaviour: Leading by example
Culture: A culture of ensuring integrity inside and outside
the boardroom
Structure: Having a CCO reporting into the risk/audit
committee
Process: Ensuring existence of an effective and healthy
compliance program
1.
2.
3.
4.
Good compliance supports sustainable earnings
But non compliance is extremely painful, expensive and time consuming

6
Risk committee
• Key risks and heatmaps, risk levels per
business unit ( trends)
• NFR update report
• Internal events report
• Root cause analysis and improvement
• Update on new regulations/laws etc
The NED/SB should take an active interest
in compliance
• Compliance program: an holistic review
• Risk
• Compliance culture (cultural/ethical surveys)
• Policies and written standards
• Training and communication
• Reporting and follow up, use of data analytics
• Auditing and monitoring (internal/external
reports)
• Monitoring and evaluation public scrutiny
(social media etc)
• And the NED’s role
Be curious and interested : never shoot the messenger

4. Challenges for the future
7
Internal
• Monitor assumptions strategy
• Knowing and monitoring risk
• Corruption risk
• Big data analytics
• Privacy
• Keeping the compliance profession
attractive
External
• “Game changing” risk
• Identification regulatory life cycle
• Growth and complexity of laws
• Increase in reg. reporting and data
requirements
• Multiple agencies/regulators with
changing mandates
Invest in understanding your clients, shareholders,
employees, regulators and society at large

Conclusion
8
Good compliance supports sustainable earnings
It is in your hands!

10.7.2015 ©MGD2015 1
Board Governance and Emerging
Risks in the C21
Panel 2 – The impact of Emerging and
Future Risks
Marie Gemma Dequae
Brussels 10.7.2015

10.7.2015 ©MGD2015 3
Emerging risks:
Risks associated with:
– New technologies
– Complex interconnected systems,
– New contextual conditions
Are generally unanticipated
Not widely understood
No convincing plan of action for mitigation
ask for a different kind of governance

10.7.2015 ©MGD2015 4
Cyber risk
• Due to ever changing variety and consequences
(severity) of cyber risk
• Cyber crime continues to rise as hackers are
performing better than security experts
(Symantec & Verizon);
• Need for adaptive Cybersecurity and new tools
is permanently growing
• Cyber security at third party service providers?
Kaspersky Finds New
Nation-State Attack—
In Its Own Network

10.7.2015 ©MGD2015 5
Supply Chain risk
• Increasing risk due to:
– Globalisation, JIT, lean supply chains
– Changing regulatory landscape
– Increasing outsourcing
– Climate change (incl natural catastrophes)
– Increased population and migration
– Dependency on information technology
– others
• Move from being reactionary to be proactive and
resilient
• Important to
– Incorporate risk effects in strategic planning
– Improve level of disclosure about exposures
Climate Change to Worsen Nat
Cat Impact on Creditworthiness:
S&P Report

10.7.2015 ©MGD2015 6
Emergency risk governance:
at the intersection of various disciplines and frameworks
a dynamic process of regularly
revising the undertaking’s
portfolio of risks and opportunities
(‘risk profile’):
• After an accident
• After a change in the
undertaking’s internal or external
environment
• Forward-looking exercise
• In case of merger, acquisition or
divestment
• When entering a new market or a
new product
• ….
Adapted from IRGC
Risk
governance
IT
management
Supply
Chain
management
Innovation
management
Futures
studies
Decision
making
under deep
uncertainty
Strategy
implementation
Dynamic
capabilities
Emerging
Risk
governance

10.7.2015 ©MGD2015 7
3
Risk Identification
Risk Evaluation
Risk Mitigation
Risk Transfer
1
2
3
Monitor, review and
update strategy with
business managers
+
Reporting to board
4
5
Regular screening internal & external
environment important
(Emergency) risk manager focusing on
early warnings (internal and external, short and long term)
A good risk management committee:
 Members:
• senior decision-makers (CEO, CFO, …)
• invited experts and analysts
 important:
• diversity of information, data reliability and consistency
• Compatibility with existing and past or familiar threats
• Develop scenarios and stimulate creativity
• propose strategy to excom/board

10.7.2015 ©MGD2015 8
“Change Is The Law of Life, and Those Who Look
Only to the Past or Present Are Certain to Miss The
Future”…….
John F. Kennedy
Many thanks for your attention!
mariegemma.dequae@gmail.com

11
The Changing Global Risks
Landscape
The World Economic Forum’s view on
Global Risks 2015 and How to manage
these risks
Adriana Cavaliere, Entreprise Risk Manager, SWIFT
BELRIM Board Member

2
Global Risks Report 2015
The World Economic Forum
• Global Risks Report 2015 issued by the World Economic Form
– Reflects the evolving Global Risks Landscape
– Considers risks to watch in short and medium term
– Shows the evolution of a set of risks in five areas over a ten year time frame – Economics,
Geopolitics, Environment, Society, Technology.
– Intends to raise awareness about the need for a multi-stakeholder approach
• Global Risks as defined by the World Economic Forum
– “ A global risk is a uncertain event or condition that, if it occurs, can cause significant negative impact
for several countries or industries within the next 10 years”
Source: Global Risks Report 2015, World Economic Forum

3
The Evolving Risks Landscape
• The Global Risks 2015 report shows an important shift in risk perception
– Geopolitical Risks are featuring prominently compared to previous editions
– Social fragility gets stronger focus bringing Societal Risk at or near the top
– Concerns about Technological Risks continue to rise
– Economic Risks feature only marginally at the top however not yet out of the spotlight
• The overall shift in the global risk ranking puts forward that 2015 differs markedly from the past
– with geopolitics featuring. Corporate leaders need to understand the nature and implications
of these shifts for their business and take actions which help
– mitigate potential damage
– capitalize on potential new opportunities

4
Geopolitical Risks – a major concern
• Geopolitical Risks are heading the list of Global Risks of Highest Concern for the next 18
Months and 10 Years. The report emphasizes that respondents are even more concerned
about Geopolitical Risks in the short term than in the long term.
• Major concerns
– Interstate conflicts – growing nationalism around the world, rise in national sentiment due to a
disillusion about globalization, strategic competition among global powers raise the possibility of
more frequent and impactful conflicts with regional consequences
– State collapse – internal violence, regional or global instability, military coup, civil conflict, failed
states can trigger a state collapse of geopolitical importance which can serve as a catalyst to terrorist
networks
– Failure of national governance – inability to efficiently govern as a result of corruption, organized
crime, illicit trade, the presence of impunity and general weak rule of law

5
Geopolitics and Economics
• The Global Risks Report also highlights some global risks arising from the Interplay between
Geopolitics and Economics – the so called Geo-economics
– Protectionism – reversion to protectionism under the guise of policies to reduce risks when confronted
with political and economic volatility at home
– Economic sanctions – economic sanctions as punitive geo-economic measure which could lead to
economic effects as slow growth, unemployment and fiscal pressures
Together, the rise in protectionism, the increasing prevalence of sanctions and slowdown in
globalization, could lead to a scenario of slower growth in advanced and emerging countries
• Seen the growing importance of Geo-economics, the World Economic Forum will develop a
clearer understanding of the interaction between Geopolitics and Economics, the main geo-
economic issues and its implications by launching a global discussion linking leaders from the
worlds of politics, economics and business.

6
Responding to the changing Risk
Landscape
Responding to the changing Risk Landscape is a challenging task. As to mitigate and build
resilience against Geopolitical Risk and Global Risks in general, companies need to well
understand these changing risks and translate them into company-own risks based on good
communication – top down and bottom up – along with a multi-stakeholder approach.
A possible approach:
– Recurring Scenario Analysis with Board and Management involvement based on the World
Economic Forum’s yearly Global Risks Report
• The yearly Global Risks Report is consulted as to distill a list of relevant risks per Risk Area
• The Board Risk Committee reviews the list of relevant Risk Areas and priorities are set
• Considering a multi-stakeholder consultation, the CRO Office defines company-specific Risk Scenarios and
determines the potential impact, evaluates the controls in place and determines whether additional
controls are needed
• The final outcome is reviewed with the Board Risk Committee and the Executive Committee

1.
PAYING THE PENALTY:
THE MATERIALITY OF CSR RISKS

2.WHO WE ARE
120 analysts and experts
International presence
Independence and Transparency :
 More than 300 action principles under review, based on universally opposable
standards and guidelines (UN, ILO, OECD, Global Compact…)
 A diversified shareholder structure + 5 independent administrators
 An independent Scientific Committee
 A strict separation between our 2 activities
 3000+ issuers rated worldwide
 150 investor and asset manager clients
and partners in >25 countries
 A robust and ARISTA certified
methodology
Leading Sustainability Rating Agency
 Sustainability consulting services for
companies, local authorities,
governmental and non-governmental
organizations
 500+ diagnosis and support missions
conducted in 37 countries since 2002
Corporate Sustainability Expert

3.
VIGEO’S PHILOSOPHY
A company integrating ESG factors into its business model and relatively
outperforming its peers is better positioned to mitigate risks and create
sustainable value for shareholders over the medium to long-term.
Accounting for the
rights, interests &
expectations of
stakeholders
Mitigating risks &
building competitive
advantage
Our Mission Statement
We assess the degree to which companies take into account ESG objectives,
which constitute risk and opportunity factors for them, in the definition and
implementation of their strategy and policies.

4.CSR MATERIAL LEGAL RISKS
Hypothesis of the study “Paying the Penalty: the costs of CSR misconduct”:
companies’ mismanagement of CSR responsibilities generates material legal risks.
Questions:
 What is the materiality of CSR legal
risks?
 Which sectors are most exposed to CSR
material legal risks in terms of
frequency and costs?
 Is there a CSR issue that is more
exposed to material legal risks in terms
of frequency and costs?
 Are there regions in which CSR material
legal risks occur more frequently?
Key Findings:
 Total sanctions in 2012-2013: Eur 95.5 billions,
highest individual sanction: USD 13 billions.
 Waste & Water Utilities and Automobiles have the
highest proportion of sanctioned companies.
Banks, Pharmaceuticals and Energy companies
paid the highest sanctions.
 Business Behaviour issues are the ones on which
sanctions were more frequent, and more expensive
(8 out of the 10 highest sanctions).
 Almost 50% of the condemnations took place in the
United States and 25.5% in European countries.

5.
Scope of the study:
• 2,522 companies
rated in 2012-2013
• 484 sanctioned
companies (19.2% )
• 1,015 legal
sanctions
registered
CSR MATERIAL LEGAL RISKS: IN WHICH COUNTRIES AND
SECTORS?
USA:
 Cultural framework
(Shareholders’
activism)
 Legislation (Class
Actions lawsuits)
Waste and Water Utilities, Automobiles:
 Sensitive activity/product
 High impact on stakeholders:
environment and health of communities
 Strong scrutiny by authorities
stringent legal frameworks
 Strong scrutiny by clients easy
recourse to justice

6.CSR MATERIAL LEGAL RISKS: ON WHICH CSR ISSUE?
Business Behaviour:
 Stringent national and international legal framework
 Activity of vigilance of judicial authorities
 Activism of customers as stakeholders
Business Behaviour:
 55% of the total sanctions
 Globally and individually the
most expensive ones
 63% of the total costs of
sanctions
 80% of the most expensive
sanctions
Business Behaviour includes the
respect of customers’ rights,
prevention of corruption and anti-
competitive practices.

7.CONCLUSIONS AND GOVERNANCE PERSPECTIVES
 Strong links demonstrated between CSR management and material legal risks for companies
 Key drivers of this legal risk include:
 Sector of activity
 Stakeholders’ reactivity (including the legal context)
 The integration of Corporate Social Responsibility in the company’s strategy is essential to
prevent legal risks and enhance judicial security as a key intangible asset for the company.
 Perspectives : CSR issues should be integrated in a company at its highest level in order to
better prevent the occurrence of material legal risks:
 Integration of CSR issues at the Board of Directors level (review of CSR issues during Board
meetings)
 Integration of CSR issues within the audit and internal control systems (identification of CSR
risk factors by the internal control system, review of CSR risks by the Audit Committee at
Board level and external certification of the CSR reporting)
 CSR performance indicators integrated into executive remuneration practices.

8.
DOCUMENT CONFIDENTIEL
Ornella Di Iorio
Research Manager
Vigeo Rating
ornella.diiorio@vigeo.com
Thanks for your attention!

Closing speech by
Emmanuel Brulé, Chief
Risk Officer, AIG

Thank you for your
participation!

Board Governance and Emerging Risks in the C21

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (18)

Similaire à Board Governance and Emerging Risks in the C21

Similaire à Board Governance and Emerging Risks in the C21 (20)

Plus de FERMA

Plus de FERMA (20)

Dernier

Dernier (20)

Board Governance and Emerging Risks in the C21