Cyber attacks. Climate change. Class action suits. Commercial crime. These are the risks that keep executives at large financial institutions awake at night. Some are long term, others can happen at the touch of a finger on a keyboard. All have to be managed and mitigated.
Gert van den Berg is the head of group actuarial and risk at insurance giant, Sanlam. He and his team set policy, give advice, monitor what is happening and report to the risk committee and board of directors. The corporate executive leader at Marsh in the Western Cape, Willem du Toit, is an experienced risk management man whose years of working in corporate insurance have forged an in-depth knowledge of the landscape.
Together, they’re the custodians of a business relationship going back many years. Marsh forms part of global professional services firm Marsh and McLennan, headquartered in New York but with offices round the globe.
Much has changed since the companies started working together. As Willem says, financial insurance goes back to the days of Bonnie and Clyde when the biggest threat to banks came from armed robbers storming through the door and stealing from the vaults. “Now they come in not through the front door, but via the Internet. We have a different kind of Bonnie and Clyde today,” says Gert.
The language of risk
The changing nature of risk means it is important to plug any gaps in cover that might arise. Cybercrime, Gert points out, is a prime example. As hackers develop more sophisticated ways to breach security, so the cover offered by a company like Marsh must ensure every scenario is considered in bespoke policies underwritten to protect large financial institutions against internal and external threats.
“The risks are constantly changing, so it’s important to have the right kind of advice to make sure our policy responds when something happens. That means we have to concentrate on the policy language,” Gert says.
Willem emphasises the importance of policy language when dealing with multi-million-rand claims. “It’s important we develop language for clients that is industry specific,” he emphasises. “You can’t take a blanket approach when each business has a different risk profile.” In 2019, financial institutions have to add the cloud to policies to counteract increasing cyber crime attacks. “Language is protection,” he adds.
Another risk on the radar is South Africa’s poor economic growth over a sustained period, which impacts on business as clients are forced into making difficult decisions in their attempts to minimise losses and survive. This often increases the chance of businesses falling victim to fraud. Typically, companies are faced with a spike in the type of low-level, garden-variety fraud which in the aggregate can be extremely significant: things such as insurance fraud, financial crimes committed by employees and an increase in data breaches and identity theft.
A huge element of cyber policies is helping service providers find out what happened or to rebuild the service. Internet crimes are much wider than pure financial loss.
Responding to risk
Responding to risk requires the ability to adapt to a changing environment. Protecting the company’s interests could mean looking at markets outside South Africa that have good growth prospects. “But as a South Africa-based business, we are tied to the fortunes of our country,” Gert adds.
In tough times, people tend to get caught with their hands in the till, Willem says. “Commercial crime has really kicked off over the past few years. These crimes are committed over a long period, sometimes 10 or 15 years.”
And then there’s ‘finger trouble’ or, as Gert explains, “a typo involving a lot of money”. South Africa’s institutional space has highly skilled people working in it but mistakes can happen – a zero in the incorrect place, the wrong formula in a spread-sheet, a calculation error. “We’re human, it happens,” says Willem. “But we cater for those sorts of mistakes.”
The evolving nature of electronic media at our fingertips has repercussions in the financial sector. “It’s a wonderful world for cyber hackers,” says Willem. “Because Marsh is a global organisation, we can tap into global businesses and have all this IP at our fingertips. We use this knowledge for policy language to write affordable bespoke policies for clients. If you never have to claim, why bother with insurance? We buy insurance to have claims paid.”
Gert agrees, “Protection against large, cat-astrophic claims is particularly important. But cyber, for example, is not just about the safety net of a claim being covered. Cyber events are really about how you respond upfront. Cyber liability covers other services and assistance in dealing with an event, which is critical in the first 72 hours. Reputational risk, how to communicate with clients and employees, regulators and other stakeholders, capturing forensic evidence.”
But there’s so much more to think about. “A huge element of cyber policies is helping service providers find out what happened or to rebuild the service. Internet crimes are much wider than pure financial loss. Cyber policies are there to create an environment in which clients can continue with day-to-day working.”
Risk from the outside
While for clients, insurance is about having a claim paid out, for Willem it’s vital to find out what they’re not covered for. “You’ve got to gear your business properly. From our point of view, it’s all about engineering a bespoke solution for risk exposure.”
Which, of course, means thinking ahead, as well as knowing what came before. In South Africa, business has to deal with ongoing concerns about the impact of devastating droughts. Climate change, Willem and Gert agree, is a massive external risk. “It’s on our radar,” says Gert. “We have to understand risks around it. Not only as far as claims are concerned, transferring to a low carbon economy could impact asset values. In South Africa, this can be quite complex. Given the high unemployment rate and historical factors, investment decisions have to be carefully considered to avoid potential unintended consequences such as large-scale job losses. Furthermore, we have pressure from investors and organisations. What to invest in? Are you dealing with climate change issues? What’s the sustainability rating on scorecards?” It’s complicated and it’s here to stay.
In the short term, all eyes are on South Africa’s national elections. As in the past there is a sense of uncertainty during the run-up to elections, which negatively impacts on business. Looking at past elections, both men expect to see the business environment improve post-election barring a totally unexpected outcome.