StrategicRISK’s European reporter James Bray, talks to Gilbert Canameras, Director of Risks and Insurance at Eramet & president of AMRAE
What’s the most important lesson you have learnt in your career?
The most important thing that I have learnt is that everything is negotiable, especially in the context of risk coverage.
What are the biggest threats that risk managers face at the moment?
You can answer this question in two ways. The first is that risks vary in intensity from one time to another. Twenty years ago people were hardly aware of environmental risk and in the past five to ten years this has become a very pertinent subject. Today it’s a known risk that has to be managed. Risks appear and disappear and change intensity with time. Risks today are often associated with the internet. Reputation risk, cyber criminality and all the rumours that circulate on the internet can be risks that are difficult to control.
How will the European debt crisis affect risk managers?
The debt crisis is a clearly identified financial risk and it’s important to understand the consequences it will have on companies. It’s a risk that is topical and in the news at the moment just like the internet bubble in 2000, or the property market crash a few years ago or the debt of emerging countries in the 80s. I would say that financial crises are cyclical and they regularly reappear; so the job of the risk manager is to anticipate these risks so they can help to reorient the activity of their company whilst the crisis is evolving.
Do pensions and retirement represent a big risk?
I think the error that has been committed in the past twenty years is to believe that the fact that people were going to be able to retire at 50 would help others progress in their careers. This is a fundamental mistake. Experience is something that you can only acquire with time. The more experience you have the more you can help your company succeed. Today the most important issue in companies is the transmission of knowledge and know-how. In companies you often have gap between people who are 50-60 and the people who have just arrived in the organisation and there is a lack of communication between the two.
Pension funds are just part of the management of the company. Everything that comprises employee benefits and pensions is known and well managed by large companies. The pensions and retirement question, I think, is much more of a financial question than a risk management question. However, talent management is a real risk for companies.
How can older risk managers use their experience to inform younger risk managers?
At Amrae we have developed an education module which aims to educate young people about risk management. However, it’s clear that a risk manager is not a junior employee, risk managers are all senior employees who have a lot of experience and know all the sectors and how to balance the different needs that exist within the company. It’s this kind of knowledge that has to be passed on the next generation of risk managers.
There have recently been significant increases in commodity prices (for example oil and copper). How does this affect risk managers?
Everything depends on the company and the industry that the company operates in. However, I wouldn’t say that it’s the increase in the price of commodities, it’s the extreme volatility of prices that is the problem. How can you make a five year business plan if the price of a barrel of oil quickly moves from €80 to €120 only to go back down to €95. The volatility of primary materials is a worrying issue for companies. If the price of primary materials increases too much it will affect the price of the manufactured products and that is also a problem. If the price of primary materials increases too much inflation will follow and that will leave us with another key problem.
How is the discipline of risk management evolving in France?
At Amrae we are working to formulate procedures that allow the discipline of risk management to evolve. The question today is how to know how to organise this profession considering that the best risk management procedures depend on the company.
In big companies risk management is already integrated in the running of the business. But middle sized companies are beginning to look more at risk management partly because of their links with bigger companies and that creates a ladder of responsibility. Today we are in transition, moving from risk management conformity to an idea of improved performance by effective risk management strategies. Up to now the question was to conform to regulation for compliance reasons but companies are now realising that what was a restriction is now an opportunity. Risk management can allow a company to become much more successful.
What do you want to do as head of Amrae?
Amrae will have a seminar in September where we will try to define our standpoint and our goals. A lot has already been achieved by my predecessors, so it’s not about a revolution of Amrae’s approach, it’s about consolidating what has already been done. Amrae works for its members, who are risk managers, we always have to think about their needs so we will identify the key risks that are affecting their companies. We also have to keep an open mind and see how the internationalisation of the world affects companies and how we can gather and use the experience of others.
How do you see the profession in five years?
I think the profession will become more and more recognised. There has already been a notable evolution in the risk management industry. Twenty years ago people only talked about insurance and insurance buyers were often connected to the commercial director. Then companies realised that this was a complex subject that demanded some judicial or compliance knowledge and so insurance management became linked to compliance. After another few years companies realised that there was not only a judicial side but also a financial side to risk that was becoming more and more important. In my personal case I went from being an insurance director to a risk manager. In the near future the risk manager will be someone who is connected to the CEO or the general management and will give a global perspective not only of risks but also of how risks can be managed.
Is communication within a company a key risk?
The personal qualities of the risk manager, especially that of communication, are very important. You can be a good risk manager, but you will be less successful if you are in a company that has communication problems.
Do you think it’s difficult to measure the performance of a risk manager?
I think you have to put in place an evaluation method. A risk manager should be evaluated by how he/she mitigates and prevents risks. The job of the risk manager is not to eliminate risk, a risk level of zero is impossible, their job is to diminish the level of risk and that’s what is important.
What are the key financial risks affecting risk managers?
That depends on whether you are talking in terms of balance sheet or in terms of operating costs. In terms of the balance sheet the financial risks are linked to capital and attacks on capital levels. In terms of operating costs the risks are related to loss of market share and loss of knowledge and knowhow. Of course you always have other financial risks such as exchange rate risk but one risk that is important in my opinion, and has been compounded by the financial crisis and could reappear, is counterparty risk. So you borrow from a bank or you lend to a bank and you’re not sure if you will be reimbursed, or possibly the bank won’t be able to lend you as much money as you need. I think that with the financial crisis, the European debt crisis and the establishment of Basel 3 businesses will have difficulty finding counterparty financing.
Do you communicate with other European risk managers outside Europe?
This is something we want to develop at Amrae. More communication with European risk managers is important as it allows an exchange of information, of benchmarks and the exchange of best practice which allows risk managers to be more efficient.
Cyber risk is obviously something that we have seen a lot of recently. Do you think companies understand the gravity of this risk?
I think they understand but they are quite vulnerable to this risk. I saw recently that the Fox news feed on twitter was hacked and that it announced the death of Barack Obama. An important risk is that of a cyber attack which paralyses a company’s computer systems making it impossible for them to receive orders and queries or buy materials for days on end.