As Brigitte Bouquot enters her last six months as president of Amrae, StrategicRISK caught up with her to find out how risk management has changed in the five years she’s been in office and what she thinks lies ahead

How has risk management changed in the five years you’ve been at AMRAE?

Brigitte Bouquot: The first big change is that the risk management is far more embedded in the c-suite, which wasn’t exactly the case six years ago.

Brigitte_Bouquot2018_AMRAE_5© Bruno Gouhoury-Andia.fr

Risk managers now being involved in strategic decision making at the board level, to enlighten it. And as a result, the profile of the risk manager has changed, you’re seeing a lot more senior roles created, for instance the chief risk officer role, which didn’t really exist a few years ago.

The second big change is a result of the transformation of the world and the kinds of risks we are now dealing with. I mean threats such as climate change, technology and cyber and reputational risks.

”Risk managers now being involved in strategic decision making at the board level”

These topics are more strategic and are dealt by boards, and so is the role of the risk manager. Companies understand that they need to transform themselves to leverage the digital opportunities, but they are also trying - (not always as fast as they should ! more and more to investigate the risks of these changes.

Once, risk managers were known as the defenders who protected the company against what could happen, but now we have to make sure that when we help design the strategy, we are aware of the embedded risks. Today, risk management is as much a question of supporting the strategy of the company as t protecting the balance sheet and the people.

As the risk manager roles becomes more strategic, what are some of the new challenges that professionals are facing?

Leadership and trust are an increasingly important parts of the risk manager’s role. It’s not just about protecting people and assets, but also making sure that you are yourself delivering “good products”, supporting the company and creating trust to promote new services to follow the company transformation

It’s a different job now, we are working with the c-suite and the board to help the company bear its responsibilities to the wider world and society.

“Leadership and trust are an increasingly important parts of the risk manager’s role.”

This means that risk managers need new skills, it’s a much more high profile role than it used to be, being able to think as board member You’re closer to the CEO, you need to be more proactive and have a great network throughout a company and you have to be invested in the transformation and growth of the company.

In terms of the insurance side of risk management, how is that changing?

It’s getting more and more complex, because of globalisation and the fact that we’re all more connected. There are political tensions in North America, and there are more natural catastrophes than ever. The risks are becoming more severe and more diverse, but at the same time, insurers are becoming more afraid of taking on risks. So, they threaten the quality of their relationship with companies and the trust they have been built.

”Technology and risk prevention strategies can reduce the catastrophic risk and make it more insurable”

This is quite a new phenomenon, but insurers do not want to take on risks that are not well enough understood, which is obviously a concern for some industries.

But of course there are things that risk managers can do to reduce the catastrophic scenario. Technology and risk prevention strategies can reduce the catastrophic risk and make it more insurable, but risk managers need to embrace this.

How do risk managers need to evolve to meet the challenges of the new, more strategic role?

You need to really know the business you’re working for. You need to be able to advocate to senior management, keep it simple and help the executive to define the priorities and understand where to invest in risk management.

The risks are high profile, and risk managers need to be able to see the bigger picture – to think about everything from climate change to geopolitics and to understand how these will impact your organisations.

It’s all quite new and it’s difficult but it’s good news, because it’s giving a challenge to young risk managers and it will give them the opportunity to become a board member one day. Because the risk is in the c-suite, and if risk managers can step up to the challenge there will be an obvious role for them at the highest levels of organisations.

”The risks are high profile, and risk managers need to be able to see the bigger picture”

We are the ones who understand about risk, and who know how to promote risk culture and to think about risks globally. And businesses have a huge need for people who can fill that high profile role

Training can help too, and this is something we’ve been working on at Amrae. Qualifications are a useful professional tool and perhaps we need to think about partnering with universities or management schools to come up with higher qualifications.

Secondly, and it is a critical thing: risk managers really need to understand finance. If we want to reduce the protection gap, we absolutely need to convince the CFO, we need to convince the investors, we need to convince everybody that investing in risk management is something that we must do.

That’s not really something that is done well today, it’s all about balance sheets and financial accounts. We need to create powerful tools that clearly demonstrates all that a company has done to promote resilience and to show the return on investment. So, we need people who are able to understand the language of finance as well as risk language and who can bring the two together.

”We are the ones who understand about risk, and who know how to promote risk culture and to think about risks globally”

We produced at AMRAE an indicator to measure the cost of controlling insurable risks five years ago. It was a starting point, which must be reviewed, but which is a good starting point.

Finally, we will absolutely need data to model, to measure and to quantify and we need to have our own platform of risk data. We don’t have this yet, but if we want to keep the control of the vision, the risk and the strategy of the risk, we have to make sure that we are developing our own tools risk managers have some appetite in IT and they’re not afraid of digital.