Finance and Insurance: How a Change in Focus Led to an Economic Crisis

By Rick Vassar CPCU ARM


We’ve all heard the children’s story about the emperor and his new suit. The emperor ordered some clothes from some con men that had passed themselves off as weavers. These grifters convinced the king and his court that the clothes were “made of material that possessed the wonderful quality of being invisible to any man who was unfit for his office or unpardonably stupid.”

So, they pretend to dress the emperor, and as he stands there naked, all of his advisors and associates begin to comment on the beauty of the suit, since each feared that not being able to see this beauty would validate his unworthiness for his high position.

As each of the emperor’s confidantes spoke glowingly about the clothes, the emperor began to believe that he could be seen as unfit for his high place because he could not see the suit. As he stands there naked, he makes a really bad decision:

Hey — let’s have a parade so I can show off these wonderfully beautiful clothes!

So he parades through the street, and all marvel at the exquisite suit of clothes, until a small child calls out, “But he has nothing on.…” The crowd begins to chant this as well, while the emperor lifts his head higher and the chamberlains proudly hold higher the emperor’s nonexistent train.

What does this tale have to do with risk management and the current financial crisis? Read on.

The Rise of Enterprise Risk Management

The enterprise risk management (ERM) movement began to take hold of the risk management and financial community following two significant events shortly after the turn of the century. These events set the stage for the risk management community to step forward and make itself known to the business community as a vital element of the financial system, necessary to protect the assets of the organization.

The Attacks of September 11, 2001

In 2001, the attacks of September 11 forced businesses, governmental entities, and the general public to take a serious look at the risks they faced on a daily basis. On any given day, the walls could literally fall down, and life as we know it can be changed forever. After September 11, all of the securities we took for granted needed to be reevaluated. Our personal, financial, and infrastructural security all took a hit that day, and businesses were forced to look at risk as an important factor affecting the continuity of business activities as well as factors that could result in the actual demise of the entire organization.


Survivors Faced a Hardening Insurance Market

Some businesses failed. Ones that survived faced a hardening insurance market, a market in which insurers used the events of September 11 to divest themselves of risks they had taken on after the Gramm-Leach-Bliley Act of 1999 opened up the insurance markets to financial institutions that flooded the market with an increased supply of insurance choices while demand stayed fairly stable.

When the United States was attacked, the financial chaos that ensued gave the insurance industry the opportunity to tighten its underwriting requirements. The policies that were written for less favorable risks from 1999–2002 were summarily dropped, and those businesses that did not lose their coverage faced renewal increases as high as 150 percent.

Sarbanes-Oxley Act of 2002

In the early 2000s, the increase in defined contribution retirement plans and 401(k) plans flooded Wall Street with funds from smaller investors, and it became apparent to some that publicly traded companies needed to be more accountable to protect these small investors who were completely detached from the management of the organization.

On July 30, 2002, President Bush signed into law the Sarbanes-Oxley Act, after it was overwhelmingly approved by both the U.S. Senate and the House of Representatives. Sarbanes-Oxley set up strict financial and accountability standards for publicly traded companies. Coming on the heels of corporate accounting scandals at large companies such as Enron and Adelphia, the Act set a uniform standard for financial accountability to ensure that the assets of an organization and, therefore, the interests of stockholders would be protected.

The accounting standards, along with the civil and criminal penalties for noncompliance, set the stage for a codified infrastructure not only for publicly traded companies, but also for those companies that aspire to evolve from private ownership. To do so, these private firms would need to prove that they could withstand the scrutiny imposed by Sarbanes-Oxley before “going public."

An Opportunity Lost

The risk management community had success all laid out for them, and it cannot be denied that risk management is much more visible today than when I started in the discipline over twenty 20 years ago. Instead of being able to grasp the opportunity presented, the ERM profession is mired in uncertainty that stems from an inability to define itself in the business community. In fact, if you polled 100 risk managers and asked them the difference between traditional risk management and enterprise risk management, you would come up with at least 90 different answers, if not more.

The culmination of this lack of clarity was the publication by the Risk and Insurance Management Society (RIMS) of Enterprise Risk Management for Dummies, in an attempt to explain ERM to its own members. In fact, the book was given free to all members of RIMS in 2007 and is given to all new members who have enrolled since April 2007.

And Here Is Where the Emperor and His New Suit Come In:

Why is it so difficult to distinguish the difference between traditional risk management and enterprise risk management? Because they’re the same thing! The emperor has no new suit.


Why the ERM Initiative Will Not Work

Enterprise risk management collapses under the weight of its own expectations and the expectations of the risk management community. I cannot see ERM as anything other than a repackaging of traditional risk management practices. It is an attempt to market risk management to the business community, and the business community sees right through it.

Here’s why enterprise risk management will not work in its present state.

1. The inability to adequately define ERM — There is very little to distinguish ERM from traditional practices. Why, then, do we choose to call it something else?

2. Loss of focus — Sarbanes-Oxley defines a process for financial accountability. If there is one major difference between ERM and traditional risk management, it is ERM’s focus on risk financing as the primary vehicle for success. Any good businessperson will tell you that only when you control your losses can you control your bottom line.

3. The risk manager’s accountability standard — An organization’s appetite for risk should not be a green light for a risk manager to try a risk financing option that may not be in the overall best interest of the company. Most companies, once they become comfortable that their risk management staff knows what they are doing, will lean heavily on the expertise on that staff, and the risk manager needs to fight the power and ego that go along with that level of comfort.

4. Credibility in the insurance community — Like it or not, the major role of the contemporary risk management department is the purchase of insurance. Yet, ERM, with all of its emphasis on the risk financing aspect of risk management, downplays the need for insurance expertise. This is foolish. A risk manager who leans on a broker for insurance expertise instead of leaning on him or her to teach the manager about the insurance process will not serve the organization well. A risk manager needs to need to know what he or she is buying, and more importantly, what the insurance industry is selling.

5. Where risk management resides in the organizational chart — In smaller companies, risk management has to fight to be considered a full-time job. In larger entities, the challenge is to elevate risk management to a board position (chief risk officer [CRO]). Risk management is neither a parttime job nor a board level position, and any attempt to sell it as more than an executive-level position diminishes credibility in the business community.

How ERM Can Work

The ERM concept is not a total loss. Here are some suggestions to make it work.

1. Return to risk management roots — Get back to the basics. The traditional model of identifying, analyzing, examining, selecting, implementing, and monitoring has worked really well in many ways; this process should remain the core of any risk management program. Completely changing the focus, the approach, and the model without fully defining the plan is — well — poor risk management.

2. Adjust the focus — Enterprise risk management focuses primarily on risk financing as the core tool to risk management success. Yet, if you have been in this line of work for a period of time, you know that the best way to reduce costs is to reduce the frequency and severity of losses through solid risk control techniques. If your organization will commit resources to safety initiatives, employee screening, and customer qualification, you will create an environment for business success AND save money on insurance costs. You can’t get creative with risk financing unless you have proper risk control techniques to mitigate the losses you are self-insuring. Risk control always comes before creative risk financing, and Sarbanes-Oxley does not change that.

3. Define the profession — In the minds of many in the business community, risk management is not a full-time job. This perception must change. It is not a part-time job, nor is it a board position. Increase the responsibilities of the risk manager, perhaps to include an expanded role into benefits management. In a smaller organization, this would sell the position as a true management position; if you hire a risk manager, you get a benefits expert as well. In a larger company, the risk manager would take on a more strategic role, and the position can be elevated to an executive level position.

The risk management community should focus on promoting the risk manager position as being, at the very least, a management position, and at the most, an executive-level position. This will allow the business community to better define the role and to make better use of risk managers when they are hired. I believe the risk management profession loses the most talent within the first six months of new risk managers’ careers — not because risk management is a bad job or profession, but because most new risk managers don’t know what to do when they get the job, and the companies who hired them don’t know what to do with them once they’re there.

4. Learn the insurance business — Regardless of any evidence presented to the contrary, risk management's primary responsibility is to purchase and maintain insurance. Why do I say this? When a major loss occurs in any organization I have been involved in, the bosses do not come around and ask if we did all we can do to mitigate this loss using solid risk control and risk financing techniques. No, it’s always the same three words: “Are we covered?” You can save all the money in the world on premium and creative financing, but you always want to make sure that when a loss occurs, the organization is aware ahead of time of the ramifications of such a loss. To do so, you need to learn about what you are purchasing. It is only then that you can determine if what you are buying is really what you need.

5. Get more involved in the insurance purchasing process — Did you know that the insured that uses a broker is not even considered a party in the insurance purchasing process? In this process, the underwriter is the seller and the broker is the buyer. The insured is merely the financing source, and the underwriting process is a financial capacity evaluation in which the underwriter determines the insured’s capacity to pay and the amounts the insurer will potentially pay out to settle and administer losses. If you as risk manager fail to interject yourself into the process, you will find that the lack of communication will lead to higher costs. To get involved, though, you need to understand the language, the process, and the goals of each of the players.

6. It’s all about the business — The number one piece of advice I can give risk managers is to learn how business works. Then learn how your business works, and adapt your program to that business. It is the job of others within the organization to make the ultimate business decisions. It is the risk manager’s responsibility to make sure that those making the decisions have all of the information they need from your area of responsibility to make those decisions. If the decisions made are not what you would have done, bite down hard and ensure that the organization is protected. If you provide the best information, and the company decides to go down a slippery slope anyway, management will not come back and tell you that you were right. The question will be “Are we covered?”

Conclusion

I firmly believe that enterprise risk management can be saved, but only if there is a commitment to return to the traditional roots of risk management. The emperor continued to believe in spite of overwhelming evidence to the contrary. When the small child yelled out that the emperor had on no clothes, the emperor and his men stood taller, as if the ignorance of the crowd outweighed any and all common sense.

It’s the same with risk management. ERM can work, but not until it can be defined. In the meantime, let’s step back and see if we can marry the two approaches: traditional risk management with its risk control focus, and ERM with its risk financing core. This will advance the discipline and bring the profession the respect it desires and deserves.

Until then, remember:

Listen to the child — the child is right.

Revved for Risk Management

Vassar Joins Volkswagen Group of America

BY MATTHEW BRODSKY
Risk and Insurance Magazine
May 14, 2008
Reprinted with permission

Rick Vassar was watching Hootie & the Blowfish jam at this year's RIMS conference, and what captured his attention was not the band resurrecting its hits from the '90s.


It was how the floor in the San Diego Convention Center undulated with the carefree dancing, stomping and stumbling of the hundreds of revelers at the show.


"How much would they get sued," Vassar remembers wondering, should the floor collapse.


Chances are, considering their astute, wry nature, many other risk managers in the hopped-up Hootie audience that night had a similar thought.


But this observation is not why we're writing about Vassar. In April, he started work as risk manager for Volkswagen Group of America Inc. That's why.


"I couldn't have scripted it any better," he said about his new gig. He now works a mere 10 miles from his home in the Washington, D.C, area. It's a chance to do good things at a big company. And it gets him back to working in the automotive business, where Vassar got his start.


Turning 50 this June, Vassar first found himself in risk management back in 1986--in car rental claims at Thrifty. Three years later, he would become risk manager for the company.


It was fast success, an indication of things to come. Yet at the time, Vassar admitted, even though he knew he was good at risk management, he wasn't digging it.


Not until he found his passion for it, in education.


Then, he said, his profession became "more than just an opportunity, more than just a paycheck--a passion to try to impact the way people think about risk management."


His goal has been to try to humanize risk management to corporate, to communicate to the C-suite what risk managers should be tasked to do. He said that most people in business see risk management as a mystery that doesn't fit into their organizational charts.


"It's become a goal of mine to educate and enlighten companies that you can save money, lots of money," he said, through smart insurance buying, loss control, safety and everything else that a risk manager can provide.


Gone should be the day that bosses single out a victim in finance or legal and damn them to become the company "risk manager" ... without training ... a week before renewals.


Of course, Vassar also has set out to educate the other side of the equation: risk managers themselves.


"It's up to the risk manager to determine their place in the organization," he said, adding that it can be a difficult and tense transition. Risk managers are not the "rainmakers" in any organization, after all. They typically do not generate revenue. Risk managers can save, and that's their way of making money for their organizations, he said.


Of course, much of Vassar's sentiment is also shared by other risk managers. Besides "Only Want to Be With You" and "Hold My Hand," risk managers at RIMS also heard a very similar message from their leaders and session speakers: Risk managers should recognize, and act upon, their importance to their corporation.


But Vassar feels so strongly about the subject that he wrote the book on it--literally--a paperback titled Hide! Here Comes the Insurance Guy. Originally self-published in 2006, the title has been picked up by book printer.


Which brings us back to his new job.


The subject of his book happened to come up during the interview with VW, and he just happened to have a copy in his briefcase.


"The book lent credibility to my experience and education," Vassar said. "They were looking for someone who could come in and roll their sleeves up and get started."


Vassar might have to roll up his sleeves, loosen his tie and eat his Wheaties for his new job. He has decades of experience--he worked with Thrifty through 2002, then became head of risk management for 200-employee Valcourt Building Services--but Volkswagon of America is a higher gear. VW is the fourth largest automaker on the planet with more than 325,000 employees worldwide and 1,400 in the States. It has a global risk management department with input over the U.S. program, as well as a global insurance program with which certain U.S. coverages must be integrated. Meanwhile, the company is in the process of relocating its headquarters, placing a new plant somewhere stateside and gearing up for a big push into the U.S. market that will see it sell 1 million vehicles by 2018.


When asked about longer hours and more stress, Vassar grins. "It's going to be a challenge."


One that he's confident he can tackle and pin to the ground. He cited his experience working in auto fleet and in claims at Thrifty, which was only broadened with his work at Valcourt. At the building management company, he had to be ahead of the game. A lot of the company's projects involved men hanging off buildings--think window-washing--so when a claim drifted his way, it was bad. The goal was to prevent them, not deal with their aftermath.


With his experience and VW's expectations, his hiring is a "good marriage," Vassar said.


"They have made a commitment to risk management," he said. "They do view risk management from an enterprise standpoint."


Not to mention the automaker's dynamic and employee-oriented environment.


"I think they're a moving force in the United States. It's my goal to make a lifelong commitment to VW," he said. "I would love to finish my career with VW."


MATTHEW BRODSKY is senior editor/Web editor at Risk & Insurance®.




May 14, 2008

Copyright 2008© LRP Publications

Hide! Here Comes the Insurance Guy the #1 and #2 Insurance Liability book on Amazon.com

Hide! Here Comes the Insurance Guy takes a radically different approach to explaining risk management and business insurance. Hide! explains the insurance process, indentifies the players are and simplifies the terminology, using humor to make a mostly unpalatable subject easier to digest.

Today, the book is both the number one (paperback) and the number two (hardcover) bestsellers on the Amazon.com insurance liability book list. The paperback is also #2 on Amazon.com in the risk management category.

"It's exciting", says Vassar, "even those who are insurance novices learn a lot, and I'm amazed at how many folks find the book to be a joy to read.

"I mean, think about it; a funny yet authoritative book on insurance and risk management, two disciplines not known for their senses of humor. And the fact that these strategies can save them so much money once they crack the code is incredible."

Rick Vassar CPCU, ARM, AIS, ARM-P is the principal in The Vassar Group, LLC and Vice President of Risk Management for Valcourt Building Services.

The Vassar Group specializes in rent-a-risk manager services for emerging companies, and Mr. Vassar also conducts workshops on the risk management and insurance process. These workshops are eligible for up to eight insurance CE credits

Both books are available through the RIMS (Risk and Insurance Management Society) bookstore www.rims.org

How Do You Survive a 47 Story Fall? You Don't

You’ve seen those guys. They’re the ones who are hanging from the side of a building washing windows. You probably pay them very little mind, unless they have cordoned off the area below you where you usually go down and grab a smoke.

More often than not, you probably look up and wonder how anyone can wake up each morning and hang off buildings like that. I know I do. I am responsible for risk management and insurance for the largest commercial window cleaning company in the United States.

Each day, our company faces the fear that one of our guys will get severely injured. And while you perhaps think of these guys as an inconvenience, they are fathers, mothers, sons, daughters, brothers and sisters.

Window cleaners are much like firefighters and policemen: a fraternity of the few, who know what they do is dangerous yet essential. Window cleaning is not only aesthetic; it also helps to extend the physical life of the building by cleaning off the elements that accumulate on surfaces, especially in urban areas.

As I sit here watching a window cleaner hanging just outside my eleventh floor office window, I am thinking about the window cleaner in New York who fell 47 stories from a swing scaffold and survived. His brother was killed, but somehow, Alcides Moreno lived. It is not exactly clear what happened that day in December, 2007, but after that swing scaffold hit the ground from 500 feet above, Alcides Moreno had survived and his brother Edgar had not, and one thing is absolutely clear: the survival and bright prognosis for recovery for Alcides Moreno is nothing short of a miracle.

Early indications are that it was human error, mechanical failure, structural failure, or a combination of all three. The reports indicate that the Morenos were not hooked up to a safety line, which would have saved them. There were new cables on the scaffold that may or may not have been properly installed. And it’s also possible that the scaffold was not properly anchored to the building.

It is also believed that this suspended scaffold’s design required that the occupant’s safety lines be attached to the scaffold instead of an independent safety line. Most suspended platform protocols call for safety lines to be hooked up to an independent line attached to the building.

Many buildings, especially the older ones, are not properly equipped to safely secure weight off the side of the roof. Oftentimes, window cleaners have to find innovative ways to secure their lines to their chairs or scaffolds to perform the work safely.

Sometimes, these anchor points are not structurally sound enough to hold the weight of the platform and its occupants.

What most people don’t know is that most buildings can be retrofitted with anchors that protect the structural integrity of the building while safely allowing work in areas that can only be accessed from above. Many property owners look at retrofitting as cost-prohibitive, but insurance cost savings over a relatively short period of time will more than cover the costs of anchor installation.

In 2004, I attended a safety training session for our company in Atlanta. Each crew not only practices safety techniques, but also trains on rescue scenarios. If something goes wrong 20, 30, or 40 stories up, crew members can only rely on each other, and these guys are the best.

When I joined this company, I had consistently stated that I would like to try a drop. But when the day came, even two stories seemed awfully high, so I decided not to ask to rappel down the side of the building.

One of the managers called my bluff. So I climbed up a very long ladder to the top of the two-story warehouse, and started to have second thoughts:

I’m an office guy. I don’t need to do this…

Then I looked down at the ladder and decided it would be a lot less stressful to go down by rope than to go back down that ladder.

So I went down by rope. I would prefer never to have to do that again. I probably will, though, because from 30 minutes of preparation, and the three to five minutes it took to slide down two stories, I came away with an incredible degree of respect and admiration for the people who do this every day, from heights much higher than I experienced.

They put their lives on the line for the noblest of causes – supporting their families. So, if their work interrupts your smoke break, remember this: if everyone does his or her job right, your smoking is a much riskier activity than window cleaning. While the survival of Alcides Moreno is a miracle, the death of Edgar Moreno is a reality that all window cleaners live with every day.

So, if you are a window cleaner, be careful out there. If you are a commercial property owner or manager, check to make sure your building is safe to work on.

Someone’s life might depend upon it.