FERMA's 2016 European Risk and Insurance Report is designed to serve as a high-level overview for risk
and insurance managers and other executives. Our analysis includes benchmarking information drawn from
respondents across a variety of industries and companies. The data, therefore, reflects general trends about
the profession.
2. “ I am delighted to present to you the FERMA 2016 European Risk and Insurance Report,
gathering the views of more than 600 European risk managers at a time of major changes in
Europe.
At our general assembly in June this year, FERMA set out its strategic vision to achieve “a world
where risk management is embedded in the business model and culture of organisations”.
Today, we see that risk managers are increasingly moving into a position where they will help
achieve that vision in their own organisations. They are taking more strategic roles, and the
majority report to a chief officer or to the board.
Risks are always evolving – as we see from the focus on data protection and cyber risks. Risk
managers want to develop skills and tools that enhance their ability to manage such emerging
risks and want their advisers, brokers and insurers to be their partners in doing so.
The findings of this report, combined with FERMA’s mission and strategy, will shape our
activities over the next two years. One of the priorities that our members see for FERMA is to
strengthen the professional standing of risk managers in Europe, and FERMA’s professional
certification programme rimap® will be an important contribution to achieving that objective.
I trust that you will find FERMA’s 2016 European Risk and Insurance Report a source of valuable
information and topics for further discussion as we build our profession together. “
Jo Willaert,
President of FERMA
3. Presentation of the survey
Eighth biennal benchmarking survey conducted by the
Federation of European Risk Management Associations
FERMA in collaboration with:
AIG
Chubb
EY
Marsh
XL Catlin
4. The survey (39 questions) received 634 responses and was conducted
from April to June 2016
The survey was divided into 3 parts:
PART 1: RISK MANAGEMENT PROFESSION AND PRACTICES IN EUROPE: from S1 to Q16
This part is seeking to reinforce the understanding and positioning of the risk and insurance management role.
Support the development of the risk and insurance management function.
PART 2: EUROPEAN INSIGHTS ON RISK MANAGEMENT: from Q17 to Q20NEW
This part is seeking to identify the main priorities for EU risk and insurance managers to ensure that FERMA supports its
members’ needs and expectations as regards the risk and insurance management function.
PART 3: Insurance Management : from Q30 to Q39
This part is seeking to provide EU insight on the evolution of the insurance market and risk managers’ expectations.
Key facts
6. This is the eighth edition of the FERMA European Risk and Insurance Report. It has been published every two
years since 2002. FERMA in collaboration with AIG, Chubb, EY, Marsh and XL Catlin, conducted the European
Risk and Insurance Survey, on which the report, is based between April and June 2016.
The FERMA European Risk and Insurance Survey 2016 is a fully online project. The population of the study is
composed of all FERMA members (22 national associations in 21 countries) and contacts from AIG. In total,
4.407 invitations were sent: 634 participants responded to parts one and two, of which 406 also answered to
the third optional part of the questionnaire. This represents a response rate of 14%, which makes it a good
representative sample of the profession. The similarity in the respondents between the previous survey in
2014 and the latest version confirms that the findings are an expression of views across the European risk
management community.
Every participant received an invitation email with a personnel link; there were no sampling methods applied
to the population. An independent research company, Toluna, collected the responses and compiled the
results.
Disclaimer
The 2016 FERMA European Risk and Insurance Report is designed to serve as a high-level overview for risk and
insurance managers and other executives. Our analysis includes benchmarking information drawn from
respondents across a variety of industries and companies. The data, therefore, reflects general trends about
the profession.
Survey methodology
7. Table of Content
1. Introduction
2. European insights on risk management
practices
3. European perspective
4. Insurance: Evolution of the Insurance Market
and Risk Managers’ Expectations
9. Risk and Insurance Managers’ profile
The survey shows that the typical risk manager profile remains stable in age, gender
and salary wise since the last 2 years
The typical risk manager in a leadership role is around 50 years of age (78,8%) and male (80,5%).
Within the younger generation of risk managers women are still the majority in number, however women continue to lose this
position quickly as the survey findings move through the risk management career time line and male risk managers predominate
in leadership roles from the age of 35.
The growth in the number of young risk managers is encouraging for FERMA’S risk management certification programme,
rimap®, launched in 2015. We believe rimap will strengthen career opportunities for people joining the profession.
FERMA’s insight
10. Risk and Insurance Managers’ profile
Europe’s risk management population has changed little in terms of age, gender and compensation since 2014. Generally, risk
managers are:
Male (73% male compared to 27% female)
Between 36-55 years (72%), with a small increase in young risk managers since 2014
Earning more than €100.000 a year (46%) and more than €200.000 for 7%, with salaries remaining higher for men than
women by 65%
The younger generation (less than 25 years category) seems to be more diverse having 50/50 between genders
62% working for companies with turnover exceeding €1 billion
80% working for companies with more than 20,000 employees and dedicate four or more full time employees to risk
management
11. Risk and Insurance Managers’ salary
Salary levels for risk managers in leadership positions are typically higher for male
risk managers than for women.
18%
18%
18%
15%
12%
12%
7%
Less than €60k
Between €60k - €80k
Between €81k - €100k
Between €101k - €120k
Between €121k - €150k
Between €151k - €200k
More than €200k
12. A representative panel of European companies
19%
13%
10%
8%
7%
5%
5%
4%
4%
4%
4%
3%
3%
8%
Manufacturing
Energy / utilities
Banking and Financial Services
Professional and Business Services
Transportation / logistics
Insurance
Technology and Telecoms
Automotive
Food and Beverages
Retail
Public sector and non-profit
Real Estate
Pharmaceuticals and Life Sciences
Others
The top 3 organization’s main
sector of activity are:
1. Manufacturing
2. Energy /utilities
3. Banking and Financial services
While capital intensive industries face more
risks than services industries – the very
reason why the majority of respondents work
within these sectors – the rise of cyber risks is
set to change this balance. In the future, we
are likely to see higher proportions of risk and
insurance managers in service industries as
cyber risk continue to grow with further
advancement in technology.
13. A representative panel of European companies
10%
3%
14%
11%
31%
31%
Less than €50 million
Between € 50 million and
less than € 100 million
Between € 100 million and
less than € 500 million
Between € 500 million and
less than € 1 billion
Between € 1 billion and €5
billion
More than € 5 billion
13%
10%
22%
12%
13%
31%
Less than 250
Between 250 and less
than 1,000
Between 1,000 and 5,000
Between 5,001 and
10,000
Between 10,001 and
20,000
More than 20,000
Organization’s turnover: Organization’s total number of employees:
Risk Management team in larger companies include at least 4 people :
60.6% of respondents from companies with turnover over 1 billion EUR have RM team of >4 FTE
77% of respondents from companies with turnover over 5 billion EUR have RM team of > 4 FTE
The larger company, the larger the risk management team (same as in 2014)
14. 52% 51%
29%
17%
19%
32%
Risk Management Insurance
Up to 3
Between 4 to 10
More than 10
Full Time Equivalents dedicated to Risk/Insurance Management
More than half of European
companies have up to 3 FTE
dedicated to Risk/Insurance
Management
16. GRAPH CAPTION
Reports to other
function or
department
Emerging Moderate Mature/Advanced
Reports to CFO,
General
counsel/Head of
Legal
Department,
Head of Internal
Audit
Reports to
President/Chairman, Audit
(and/or risk) Committee,
Board of Directors /
Supervisory Board, CEO /
Managing Director or
General / Company
secretary
Risk Management function globally reports at Top Management level (88%). This practice is increasing
compared to 2014 (84%).
Risk Management reporting: increasing reporting at Top Management level
7%
40%
53%
17%
33%
51%
12%
36%
52%
Emerging Moderate Mature/advanced
2012 2014 2016
17. CFOs remain the primary reporting line for Risk Managers across Europe
The main reporting lines are
respectively:
Risk managers: Board of directors,
president, chief executive officer, risk
committee and chief financial officer
(65%)
Insurance managers: President, chief
executive officer, chief financial
officer, head of treasury and head of
legal (73%)
Risk and insurance managers are also
reporting to top level non-executive
functions such as presidents and the
chairman as well as the board of
directors and supervisory board at 21%
and 16% respectively.
This suggests that risk managers are
beginning to gain much-needed board
engagement as they start to take on a
more strategic role.
18. Reporting lines of risk and insurance managers - detailed responses
2%
3%
3%
5%
5%
5%
6%
7%
10%
11%
16%
26%
2%
4%
0%
1%
11%
6%
9%
2%
9%
8%
12%
35%
Chief Operating Officer
General / Company Secretary
Head of Internal Audit
Audit Committee
Head of Treasury
Chief Risk Officer
General Counsel / Head of Legal Department
Risk Committee
President / Chairman
Board of Directors / Supervisory Board
Chief Executive Officer / Managing Director
Chief Financial Officer
Insurance Management
Risk Management
19. Risk/Insurance Managers’ roadmap: towards the development of Risk management as a strategic tool
deployed at all levels of the organization
1. Insurance management and claims
handling / insurable loss prevention
(86%)
2. Development of map of risks: risk
identification, analysis, evaluation,
prioritization and reporting (79%)
3. Assistance to other functional areas in
contract negotiation, project
management, acquisitions and
investments (77%)
1. Development and implementation of
Risk Culture across the organization
(68%)
2. Alignment and integration of risk
management as part of business
strategy (62%)
3. Development and embedding of
Business Continuity Management /
Emergency Management / Crisis
Management / Incident response
programes and solutions (59%)
1. Analysis of capital projects and
delivering business plans (40%)
2. Design and implementation of risk
financing strategy and association
solutions (30%)
3. Definition of compliance (Management,
Framework, embedding and assurance)
(29%)
1
Top embedded activities Activities planned for
2016-2017:
Not planned activities
Operational risk activities remain high on the agenda for the risk profession but for the year ahead, risk managers are
planning to take on more strategic responsibilities as enterprise risk management gains traction in many businesses. This trend
shows that risk management is evolving, transitioning from an operational function to a strategic one.
The evolution of reporting lines also indicates that risk managers are gaining much‐needed board engagement as they develop
this more strategic role.
FERMA’s insight
20. Risk Management interactions with Top Management/Board
There is no
mechanism
in place to
formally
report about
risk
management
GRAPH CAPTION
Emerging Moderate Mature Advanced
Meets Board
and/or Top
Management
members on
a requested
basis
Formally
presents to
the Board of
Directors
and Top
Management
once a year
Formally
presents to
the Board of
Directors
and Top
Management
several
times per
year
7%
13%
37%
42%
10%
24%
18%
48%
11%
22%
16%
51%
Emerging Moderate Mature Advanced
2012 2014 2016
A majority of respondents (51%) formally present Risk Management activities to the Board/ Top Management
several times a year.
Nevertheless, we note that one third of respondents still have limited interaction with Top Management.
21. Relations between Risk Management and other functions: basic coordination but room for
improvement
Risk Management first-rank partners
No relationships < 20%
Risk Management second-rank partners
No relationship <35%
Risk Management third-rank partners
No relationship >35%
1 2 3
Risk managers are forging closer relationships with the finance
function, compared to 2014, with investments/ investor relations,
treasury and business budgets entering into the second-rank
category. This suggests that risk managers are more involved in
financial monitoring and financial decision-making, than two
years ago.
The IT department is only a third-rank partner of the risk
management function, which is surprising with IT-related risks
and cyber-attacks on the rise.
The survey indicates that cyber threats continue to be seen as
an IT problem and not an enterprise-wide risk management
issue. For ERM to be effective, more needs to be done to fully
integrate the governance and risk management of technology
risks across the business.
22. Relationships between Risk Management, Insurance Management, Internal Control and Internal Audit:
unchanged organisational model with Risk and Insurance Management together
(all functions
together in a single
department), 11.0%
(all functions
separate in four
different departments),
23.8%
(Risk and Insurance
Management together),
33.9%
(Risk Management
and Internal Control
together), 7.7%
(Internal Audit
separate), 7.7%
(Insurance
Management
separate), 15.8%
In line with 2014 survey results, the most commonly used organisation remains Risk and Insurance Management
together and separated from Internal Control and from Internal Audit.
Nevertheless, this trend is decreasing (34% in 2016 vs. 40% in 2014).
23. Risk mapping exercise: widely implemented but room for the development of advanced practices
No risk
mapping
approach in
place yet
GRAPH CAPTION
Emerging Moderate Mature Advanced
Partial
approach
in place
(certain
business
units/areas,
risks…)
Approach in
place
at global
corporate level
(strategic,
financial and
operational)
Approach in
place from
corporate level
down to
divisions
and business
units
5%
16% 17%
62%
8%
15%
22%
55%
11%
14%
26%
49%
Emerging Moderate Mature Advanced
2012 2014 2016
The survey results previously revealed that risk mapping was an embedded activity in Risk Managers’ agenda. The
above graph confirms this trend as 75% of the respondents perform risk mapping: 49% from corporate level down
to divisions and business units and 26% at corporate level.
The study indicates a negative trend in the deployment of the risk mapping from corporate level down to
divisions and business units (49% in 2016 vs. 55% in 2014 vs. 62% in 2012).
24. Risk Management technology gains greater significance
52%
47%
46%
47%
43%
46%
27%
N/A – new in 2016
57%
55%
52%
49%
46%
45%
35%
34%
Risk reporting / Risk dashboards
Risk mapping
Risk registers (Comprehensive analysis of all risks related to your business, including strategic,…
Monitoring of risk mitigation actions / controls
Risk quantification (Evaluating the probability of a risk event occurrence and effect) & Risk…
Claims analysis
Risk appetite and tolerance
Scenario Analysis
2016 2014
IT tools such as governance, risk management and compliance (GRC) software are playing a more significant
role in supporting risk management activities, compared to 2014.
While IT/GRC tools are mainly used for reporting activities such as maintaining risk registers, risk mapping and risk
dashboards, it is encouraging to see that they are beginning to support activities such as scenario analysis.
This development reflects the changing character of risk. As non‐physical or intangible risks, such as brand and data,
increasingly make up the bulk of business assets, the value of intelligent scenario analysis and data collection analysis,
supported by IT/GRC tools, will also increase. This is an area where risk managers can develop expertise and contribute to
their organisations.
FERMA’s insight
26. Top 10 Risks
The study reveals that the economic conditions are
currently seen as the number one threat to
successful achievement of an organisation’s strategic
objectives in terms of impact and likelihood.
This is demonstrated by its surge to first place from
fifth in 2014 and its mention by 63% of respondents
compared to 47% in 2014.
Business continuity disruption has made an entrance
into the top 10 and jumped straight into second
place. Political/country instability, non‐compliance
with regulation and legislation, and competition
complete the top five risks, selected by over half of
respondents.
Concern has increased about digital risks in various
forms and interest rate and foreign exchange
exposures. The latter is most likely linked to the top
risk of threats to economic growth.
The rise in concern about business continuity and cyber risks reveals a clear need by companies for more resilience to external
threats (industrial damage, extreme events…) and growing awareness following a series of high profile cyber-attacks.
Despite the evolving economic conditions and the increased concern about cyber-attacks and data privacy, “digital
transformation and “strategy execution and transformation programmes” are not among the top ten risks to business.
FERMA’s insight
27. What are the five risks for which European Risk Managers are the most/least satisfied in terms
of mitigation?
Highest level of satisfaction
1. Loss of assets (buildings, equipment,IP)
2. Safety & health
3. Security
4. Quality of products & services (design, safety & liability)
5. Environment and sustainability
Lowest level of satisfaction
1. Economic growth/slowdown
2. Political, country instability (crisis, war, regulatory
changes)
3. Increase of fiscal and taxes regulation (including fiscal
optimization)
4. Human resources / key people, social security (labour)
5. Strategic project failures
Despite the fact satisfaction levels are higher for those areas of risk where a risk manager can actually mitigate or transfer the
risk, the study highlights that among the top ten risks with lowest level of satisfaction, 5 risks are not directly triggered by
external factors:
• Human resources / key people, social security (labour)
• Strategic project failures
• Cyber-attack / data privacy
• Digital transformation
• Market strategy, clients
Satisfaction level – overall risks list
28. What are the five risks for which European Risk Managers are the most/least satisfied in terms
of mitigation?
Satisfaction level – focus on Top 10 risks
Interest rate & Foreign
exchange
Business continuity
disruption
Noncompliance with
regulation and
legislation
Reputation and
brand
IT systems and
data centers
Market strategy,
clients
Cyber-attack /
data privacy
Competition
Political, country
instability
Economic
conditions
HighestLowest
29. Mitigation strategies: tailored approaches to risks’ specificities
The survey shows that an ACCEPTANCE strategy is applied for
strategic/external risks in most cases, while TRANSFER and
REDUCTION strategies are mainly applied to operational/internal
risks.
A risk transfer strategy is applied in a limited number of instances,
most frequently where risks are easy to quantify including business
continuity disruption and interest rate/foreign exchange.
External risks Accept
Economic conditions; Demographics; Political, country instability;
Increase of fiscal and tax regulation ...
• Internal risks Reduce
Strategic project failures; Security; Safety, health; Non-compliance with
regulation and legislation …
30. Risk coverage strategy: tailored approaches to risks’ specificities – Focus on TOP 10 Risks
0%
20%
40%
60%
80%
100%
Reduction Transfer Accepted
31. Mitigation strategies: tailored approaches to risks’ specificities
68%
66%
65%
65%
64%
Strategic project failures
Security
Fraud, Bribery and Insider Dealing
Safety, health
Noncompliance with regulation and
legislation
Reduction strategy
66%
46%
34%
33%
29%
Loss of assets (buildings,
equipment,IP)
Terrorism
Business continuity disruption
Interest rate & Foreign exchange
Supply chain, outsourcing/off
shoring, logistics & transport
Transfer strategy
69%
68%
66%
56%
48%
Economic growth/slowdown
Demographics
Political, country instability (crisis,
war, regulatory changes)
Increase of fiscal and taxes regulation
(including fiscal optimization)
Competition
Acceptance strategy
The economic environment and political instability are
considered the highest accepted risks, and these are also the
areas of risk with the lowest level of mitigation, because there
are limits to what businesses can do to mitigate/hedge against
such forces.
Non‐compliance with regulation and legislation, reputation and
brand, and cyber and IT‐related risks have a lower acceptance
level. Here, risk transfer or risk reduction can be used.
'Reduction' and 'Acceptance' are considered to be the most
common strategies, risk transfer being a viable alternative. Risk
managers are willing to put in place internal processes to reduce
exposure or to accept these risks.
33. 5 high risks have a low level of mitigation ("improvement zone")
The improvement zone represents high risks with a low level of mitigation. The survey
indicates that out of the five risks in the improvement zone, three are strategic or
external risks:
‐ Political, country instability
‐ Economic conditions
‐ Market strategy, clients
Two operational/internal risks in the improvement zone are not included in the top 10
risks but are key topics for risk management:
‐ Human resources / key people, social security
‐ Supply chain
The two new risks join the top 10 in the monitoring zone
The monitoring zone represents high risks that are assessed with a better level of
mitigation than others.
A majority of operational risks can be found in this zone and are high on the agenda for
risk management.
The two newly introduced risks in the top 10 ‐ business continuity disruption and cyber
attacks/data privacy – directly join the monitoring zone.
The survey reveals that European organisations surprisingly rate risks related to ‘digital
transformation’ and ‘strategy execution and transformation programmes’ with low
impact and likelihood, whereas they both are ‘hot topics’ in the context of a changing
economic environment.
Risk map 2016
34. European Priorities
Our study uncovers three clear priorities for FERMA on the EU stage:
• Establish official recognition of the Risk Manager,
• Advise on implementation of Data Protection Regulation and
• Represent risk managers’ views on increased reporting and transparency requirements.
1. Recognition of the profession (legal basis)
The survey shows a strong desire for official recognition of the profession, not only by organisations but also by public
authorities. There is a broad support for the establishment of a legal basis for the profession (57%).
Respondents believe that risk management should be embedded in non-financial sectors as a matter of good corporate
governance and resilience. The position of the risk manager is not yet considered mandatory outside financial services.
FERMA’s strategic vision is of “a world where risk management is embedded in the business model and
culture of organisations”.
It is our mission to achieve greater recognition for risk managers among EU policymakers and raise
awareness among EU institutions of the fundamental role of risk managers.
FERMA’s insight
35. European Priorities
2. Digital (cybersecurity and data protection )
Cyber is the top priority for risk managers (combined 68%)
Survey shows that cyber is an enterprise risk and not an IT risk only by stressing the risk manager’s role concerning cyber
risk assessment
Risk managers are in need of a methodology to better manage the cyber risk and ways to optimize the distribution of
their financial investments, notably:
• Cybersecurity norms
• The insurance solutions tailored to the needs of their organisation
Data protection is the top European priority (55%) and a compliance challenge for risk managers. Companies will have to
comply with new requirements when the EU Data Protection Regulation comes into effect in 2018.
Risk managers are especially concerned about the notification of data breaches and possible fines, the appointment of a
data protection officer and the data protection impact assessment to be performed.
FERMA will focus its efforts on providing information and advice on the implementation of data
protection and continue to stress the importance of ERM in the management of digital risks, including
cyber.
FERMA’s insight
36. European Priorities
3. Corporate transparency
Corporate governance and transparency come in third place with 52% in the context of:
1. New EU proposals for corporate transparency and extended reporting requirements (Country by Country Reporting
and Non‐Financial Reporting)
2. The OECD (Organisation for Economic Co-operation and Development), Base Erosion and Profit Shifting (BEPS)
recommendations, published in October 2015 and their impact on captives
The study shows the demand to explore these wide-ranging risks (52.2%) – from reputation and global competitiveness down to
cross-border synergies and their management – and implement a finely balanced set of requirements, taking into account checks
that ensure the right level of transparency while bearing in mind the inevitable administrative costs they will impose on
companies.
FERMA has been active on this dossier and will continue to be involved and advocate for
• The inclusion of ERM in the Non-Financial Reporting Directive guidelines
• The role played by risk managers in the context of Country by Country Reporting
• The recognition of captives as a needed risk financing tool for companies
FERMA’s insight
38. Loss control and prevention become priority number one
Foreseen changes to insurance programmes as a result
of the current financial and economic climate
Strengthening loss prevention activity is the most
important expected change to insurance programmes
with an increase of 10 points since 2014, as a result of
the current economic and financial climate. Nearly 54%
of risk managers intend to invest in loss prevention
activity in order to seek balance‐sheet protection. This
confirms the value to insurers of providing of risk
engineering services.
The study also shows a decrease in the importance of
negotiating long term agreements or roll‐overs,
compared to two years ago (43% in 2016 compared to
50% in 2014). This is a clear indication of a soft market,
and suggests that buyers do not expect rapid changes in
pricing levels.
There is a noticeable increase in organisations
accelerating their claims settlement process from 24%
in 2014 to 31% in 2016.
39. Insurance buying patterns
There have been no clear changes to insurance buying patterns in the last two years. There is a tendency for retentions, limits and
lines either to increase or stay the same, reflecting the continued soft market.
It is interesting to note is the rise in the use of ERM tools to guide insurance purchasing decisions from 15% in 2014 to 20% in 2016,
which seems to underline the increased combination of risk management with financial decisions.
Compliance with local regulations remains a key consideration for international coverage.
It is still by far the most important reason for implementing standalone policies in certain countries (54%).
There have been no significant changes in service delivery regarding the issuance of multinational policies, compared to 2014.
40. Compliance to local regulation remains a key consideration for international coverage
Policies issued… 2012 2014 2016 Trend
… before inception date 15% 18% 18%
…within 3 months of inception
date
65% 68% 67%
…more than 3 months after
inception date
20% 14% 15%
There have been no significant changes in service delivery regarding the issuance of multinational policies,
compared to 2014.
41. Loss control services and claims handling
60% 61%
66%
48%
35%
58%
66% 68%
46%
41%
Property Liability (public,
products)
Cyber D&O Motor
For service providers (brokers, insurers, third parties)
Within own organisation
Main areas of improvement related to
loss control services alongside insurance
policies
Claims data are more important than ever, according to the study.
Risk managers increasingly use claims data to conduct insurance programme retention optimisation (66% in 2016 compared to
57% in 2014) and insurance programme limit optimisation (45% in 2016 compared to 47% in 2014).
Assessing the cost of uninsured risks ranks third in terms of use of claims‐related data (45% in 2016 compared to 33% in 2014).
Tailor‐made and user‐friendly reporting capabilities as well as claims management tools remain the top
two priorities for improvement in terms of IT platform/portal for risk and insurance management, either
via an in house or external solution.
For both service providers and within their own companies, risk managers believe that cyber, liability and property are the main
areas for improvement in relation to loss control services, alongside insurance policies.
42. Loss control services and claims handling
The three main areas of improvement for service providers (brokers, insurers etc) related to loss control services and claims
handling asked by risk managers are:
• Confirmation of coverage as quickly as possible (38.7%)
• Policy wording tests (36.9%)
• Co-ordination between teams involved (35.5%)
Other important areas of improvement include building relationships at the pre-loss stage between insureds, insurers and
brokers, and lessons learned in the post loss stage. Transparent and clear communication is needed at all stages of the claims
process: prior to a loss, during a loss and after a loss.
For companies themselves, key areas of improvement are different.
• Lessons learned analysis is key for risk managers with 53.9% believing that they need to improve this within their
organisation.
• This is followed by crisis management simulations at the pre loss stage with a 10% increase in improvement required
versus 2014, and the setting up of claims handling procedures and the co-ordination between teams involved.
Editor's Notes
Europe’s risk management demographic is stagnating, with no significant change in age, gender and compensation since 2014. A typical risk manager in the 21st century is:
Predominately male (73% male compared to 27% female)
Aged between 36-55 years (71.6%), though there has been a small increase (x %) in young risk managers (aged ), a growth that is encouraging for new accreditation frameworks, such as Ferma’s risk management certification programme, Rimap, launched in 2015.
Earns on average €60k or less, though men continue to earn more than women by xx %.
Predominately works in capital intensive industries, with 52% of respondents based in manufacturing, energy, telecom, transportation, automotive and food and drink businesses.
4.2points
between 36-45 from 31.3% up to 35.5% meaning increase of 4.2 points
nearly 30%
60KEUR or less: 35.04% for female and 64.96% for men
Typical risk manager earns between EUR 81K – EUR 100K
Same % (11,7) of risk managers earning between 121-150K and 151-200K
Typical risk manager earns between EUR 81K – EUR 100K
Same % (11,7) of risk managers earning between 121-150K and 151-200K
36-55: +4% (=women) >< 56-60: -4%
The number of young RM women between 25-35 increases from xx to xx
The risk manager profession is not getting younger and does not seem to feminize
Role of FERMA in Education with RIMAP: to increase 31-35 (juniors after 3-4 years experience) -> legitimizes our reconciliation with educational bodies creating effective training programs for young professionals risk managers
We become risk managers after several years of experience
80% of respondents from organization of > 20 000 employees have RM team > 4 FTE
OR
For companies with > 20 000 employees, 80% of respondents have RM team > 4 FTE
+/- 50% of respondents coming from a RM team of > 4 FTE work for a company of > 20 000 employees
For companies > 20K employees, 80% of respondents have RM team > 4 FTE
For companies > 5 billion, 77% of respondents have RM team > 4 FTE
+/- 55% of RM come from companies > 5000 employees
+/- 70% of RM come from companies> 1000 employees
+/- 60% of RM come from companies with turnover over 1 billion
We observe that the larger the Organization, the more Risk and Insurance Managers report to the Head of Treasury (second reporting line for companies whose turnover is above 5 billion €).
We observe that the larger the Organization, the more Risk and Insurance Managers report to the Head of Treasury (second reporting line for companies whose turnover is above 5 billion €).
We note that the top planned activities for 2014-2015 are still at the agenda of Risk Managers.
It confirms that these complex activities are key stakes for European organizations and that strong efforts should be dedicated to enhance them.
While IT/GRC tools are mainly used for reporting activities such as maintaining risk registers, risk mapping and risk dashboards, it is encouraging to see that these tools are beginning to support activities such as scenario analysis. This is reflective of the changing world of risk. As non-physical or intangible risks, such as brand and data, increasingly make up the bulk of business assets today, the need for intelligent scenario analysis, supported by IT/GRC tools, will also increase. Risk managers will need to obtain greater experience in this important risk management tool.
There have been no clear changes to insurance buying patterns in the last two years. There is a tendency for retentions, limits and lines to either increase or stay the same, reflecting the continued soft market.
However, more companies are purchasing cyber insurance than in 2014 (36.5% in 2016 compared to 28.1% in 2014) with slightly higher limits. This illustrates the efforts made by the insurance market to develop adequate insurance solutions to meet the specific demand. Two years ago, the market of cyber insurance coverage was not mature enough. It was not clear what was covered and what was not. Now the market is more mature in line with liability and insurance models are wider.
Still, 63.5% of respondents say that their companies have no standalone cyber coverage. Businesses have difficulties with reaching a basic level of protection often due to a lack of risk insights and data driven risk mitigation. Cyber requires an enterprise-wide approach involving a partnership between:
the risk manager knowing the strategy and processes of the company,
the broker helping to develop an effective enterprise strategy of prevention, preparation, and protection, and
the insurer providing adequate cyber coverage solutions incorporating elements of prevention and preparation as well protection.
Compliance with local regulation is still by far the most important reason for implementing standalone policies in certain countries, with a percentage of 54%.
There is a clear tendency for increased ‘master policy and local policies in each country where the insured is present’, especially Directors & Officers (D&O) programmes which have increased from 13% in 2014 to 44% in 2016, as well as Errors & Omissions (E&O) programmes which have increased from 19% in 2014 to 34% in 2016.
There have been no significant changes in service delivery regarding the issuance of multinational policies, compared to 2014; insurers are increasingly focussing on this area.
The three main areas of improvement for service providers (brokers, insurers etc) related to loss control services and claims handling asked by risk managers are:
Confirmation of coverage as quickly as possible (38.7%)
Policy wording tests (36.9%)
Co-ordination between teams involved (35.5%)
Other important areas of improvement include building relationships at the pre-loss stage between insureds, insurers and brokers, and lessons learned in the post loss stage. Transparent and clear communication is needed at all stages of the claims process: prior to a loss, during a loss and after a loss.
For companies themselves, key areas of improvement are different.
Lessons learned analysis is key for risk managers with 53.9% believing that they need to improve this within their organisation.
This is followed by crisis management simulations at the pre loss stage with a 10% increase in improvement required versus 2014, the setting up of claims handling procedures and the co-ordination between teams involved.
For both service providers and within their own companies, risk managers believe that cyber, liability and property are the main areas of improvement in relation to loss control services alongside insurance policies.
Claims data is more important than ever, according to the study. Claims related data are increasingly used by risk managers to conduct insurance programme retention optimisation (66% in 2016 compared to 57% in 2014) but also for insurance programme limit optimisation even if to a lesser extent (45.1% in 2016 and 47% in 2014). Assessing the cost of uninsured risks ranks third in terms of use of claims related data with an increase of 11% since 2014.
Tailor-made and user friendly reporting capabilities as well as claim management tools remain the top two priorities for improvement in terms of IT platform/portal for risk and insurance management, either via an in house or external solution.
The three main areas of improvement for service providers (brokers, insurers etc) related to loss control services and claims handling asked by risk managers are:
Confirmation of coverage as quickly as possible (38.7%)
Policy wording tests (36.9%)
Co-ordination between teams involved (35.5%)
Other important areas of improvement include building relationships at the pre-loss stage between insureds, insurers and brokers, and lessons learned in the post loss stage. Transparent and clear communication is needed at all stages of the claims process: prior to a loss, during a loss and after a loss.
For companies themselves, key areas of improvement are different.
Lessons learned analysis is key for risk managers with 53.9% believing that they need to improve this within their organisation.
This is followed by crisis management simulations at the pre loss stage with a 10% increase in improvement required versus 2014, the setting up of claims handling procedures and the co-ordination between teams involved.
For both service providers and within their own companies, risk managers believe that cyber, liability and property are the main areas of improvement in relation to loss control services alongside insurance policies.
Claims data is more important than ever, according to the study. Claims related data are increasingly used by risk managers to conduct insurance programme retention optimisation (66% in 2016 compared to 57% in 2014) but also for insurance programme limit optimisation even if to a lesser extent (45.1% in 2016 and 47% in 2014). Assessing the cost of uninsured risks ranks third in terms of use of claims related data with an increase of 11% since 2014.
Tailor-made and user friendly reporting capabilities as well as claim management tools remain the top two priorities for improvement in terms of IT platform/portal for risk and insurance management, either via an in house or external solution.