On September 25th and 26th the 15th edition of the Annual ANRA Convention took place in Milan. An event which over the years has established itself as the most important opportunity to discuss and reflect on risk management issues in our country. Our latest edition was attended by over 400 guests, including over 100 Risk Managers and Insurance Managers, 161 insurers and reinsurers, 64 brokers, 46 company enterprise experts, 14 institutions, universities, associations, to which more than 60 staff members must be added. An unprecedented success in the history of ANRA, which puts us on a par with the most successful events in Europe, such as the one sponsored by FERMA, the European Federation of Risk Management Associations, and with major associations such as the AIRMIC in the UK, the AMRAE in France, DVS Germany.

I’d like to go over the key aspects of the two days of the Convention, which was introduced by the speech of Julia Graham, President of FERMA, who confirmed the growth of the role of risk managers in European companies and invited us to work together, by pooling all the most innovative and diversified risk management approaches and best practices in Europe.

After, Italy’s leading entrepreneur in the field of internet portals, Paolo Ainio, owner of Banzai, described, encouraged by Alessandro Plateroti, Vice Director of Il Sole 24 Ore, his personal approach to business risk, with a surprising reference to techniques of differentiation of the investment portfolio that are more suited to a man of finance than to an entrepreneur belonging to the  so-called “soft economy.”

A very interesting moment of exchange was led by the Chief Risk Officer of Unicredit, Massimiliano Fossati, who compared views with Jennifer Hoffman, from Astaldi: we had the opportunity to consider two examples of the central role of risk management in corporate governance.

Right after came a panel discussion whose protagonists were Stefano Preda, Professor of Financial Market and Institutions at the Polytechnic of Milan (and creator of the famous Preda Code), Fausto Cosi, President of ANDAF, Francesco Sogaro, from the Italian Investment Fund, and Luigi Santamaria, a lawyer: it explored further governance issues, emphasizing the importance of risk management processes that begins with a deep knowledge of the company.

The first morning ended with Alessandro Castellano, CEO of SACE, who was interviewed by Alessandro Plateroti andgave an overview of the evolution of global markets and of the reaction of Italian companies to the increase in the complexity of risks. While Simon Gilliat, Global Head of Tower Watson, an international group specialized in advising on human resources, discussed the risks associated with human capital in multinational corporations, with a – still not common – view to implementing integrated and comprehensive management.

Some particularly significant areas of risk were addressed during four workshops:

  1. Risks in corporate mergers and acquisitions, and insurance coverage available to sellers and buyers;
  2. Cyber Risk, which is a source of potentially serious risks (especially in terms of corporate reputation , but also represents an opportunity for risk managers who are capable of applying quantitative risk assessment techniques based on the use of information deriving from the web – Big Data as a risk and as an opportunity)
  3. Risks related to supply chains and to business interruption, which depend on the quality and on the solvency of suppliers, on logistics, as well as on natural disasters, and which require in-depth analysis of the interdependencies between different vendors and between different risks;
  4. Risks deriving from supply or sale contracts, and thepossibility that specific clauses might help to mitigate or transfer contract-specific risks, at least in the B2B sector, since in the B2C one the Consumer Code leaves little room for forms of risk transfer to consumers.  

During the two days two surveys were also presented, starting with the first “Observatory on the role of Corporate Risk Managers in Italy,” which is sponsored by ANRA and Risk Governance-Polytechnic of Milano and which portrays risk managers in Italian companies. The majority of risk managers are male (87%), are about 50 years old on average and have degrees in Economics (24%) and Engineering (16%). The majority of respondents (35%) has been occupying the position for over 10 years; the percentage of those who have filled the role for over 10 years increases if we limit ourselves to considering only Insurance Managers (57%). It is interesting to note that in 76% of cases, risk managers were recruited internally, primarily by management/finance control departments (17%). In 38% of cases Risk Managers refer to CEOs/General Managers, followed by CFOs (24%) and by the Board of Directors (19%). In the specific case of the finance, banking and insurance sector, however, CROs primarily refer to the Board of Directors (48%).

Source: “Survey on the Corporate Risk Manager’s role in Italy” by ANRA and  RiskGovernance-Politecnico di Milano (I edition, september 2014).

Source: “Survey on the Corporate Risk Manager’s role in Italy” by ANRA and RiskGovernance-Politecnico di Milano (I edition, september 2014).

The mapping and prioritization of risks occurs 64% of the time at a corporate level, a choice that indicates the strategic importance that is attributed to risk, while it occurs less frequently at the country or Unit level. It should be noted, however, that 23% of the sample uses a structured methodology for risk analysis only for certain types of risks, not for all business risks, and that 7% conducts risk analyses only in selected BUs. The degree of integration of risk management into business processes hits a middle point; over 50% of the companies interviewed, in fact, revealed an integration level of 3 on a scale of 1 to 5, 32% revealed a level of integration equal to 4 and only about 10% revealed a level of integration equal to 5.

The process of risk analysis is repeated annually in 45% of cases, in 13% every six months and in 15% quarterly. Twenty-seven percent of companies do not carry out this analysis on a regular basis.

The analysis shows that as many as 71% of companies have developed frameworks/reference standards for the risk management model internally, while there are few Italian companies that adopt reference frameworks and choices appear fairly fragmented (14% of respondents adopts the ISO 31000, 10% the CoSO, 5% the Cobit).

As far as significant risks concerning the next five years, according to the respondents, the areas of greatest concern involve risks related to internal processes (14%), followed by credit risk (11%) and concentration risk (10%).

Source: “Survey on the Corporate Risk Manager’s role in Italy” by ANRA and  RiskGovernance-Politecnico di Milano (I edition, september 2014).

Source: “Survey on the Corporate Risk Manager’s role in Italy” by ANRA and RiskGovernance-Politecnico di Milano (I edition, september 2014).

During the Convention  a second survey was also presented by Risk Governance – Polytechnic of Milan on Enterprise Risk Management: it was created with the collaboration of the 1426 largest companies operating in Europe, North America and Japan. It confirms that the quality of the integrated management system for business risks in major Italian companies has now reached a level of excellence: the index used to concisely represent the level of the culture of risk management, of the organization and of the ERM process shows that Italian companies have outdone North American and Japanese ones, and have positioned themselves just below the European average, but ahead of countries such as Spain, England and France. The research was carried out within large companies, among which ANRA includes the majority of its members. This confirms the achievement of some goals that ANRA has set for itself, along with FERMA (the European Federation of Risk Management Associations):

  • the evolution of the role of Risk Managers towards the position of Chief Risk Officer, with responsibility extended to all business risks, with a view to strong interaction with top management (83% of Italian companies and 78% of European ones have a CRO, and thus clearly outdistance US, Canadian and Japanese companies);
  • the adoption of a formal process of Enterprise Risk Management (in Italy this concerns 36% of companies, the European average is 24%, and again, is much higher than in the US, Canada and Japan).

The research shows the comparative greater maturity of the financial sector compared to other sectors, due to the specific rules in the field of risk management imposed by European standards. Nevertheless the quality of the management of European companies makes them very competitive in relation to the enterprises belonging to other major international markets. The survey highlights the strong link between this quality and the creation of value; this will certainly lead to a further diffusion of best practices for risk management in all sectors, including non-financial ones.

For more information about the ANRA’s Observatory on Corporate Risk Managers in Italy and risk governance survey