Global Reinsurance was the host for a roundtable discussion held at the Baltic Exchange in the City of London on risk management issues ahead of the 1998 AIRMIC conference.

The guests were Dennis Bessant, manager, operations, Protection International Ltd; Richard Reddaway, president of AIRMIC and group insurance manager for Glaxo Wellcome plc; Mike Bartlett, vice president, Am Re Managers International Ltd; Lynn Drennan, senior lecturer and acting assistant head of the department of risk and financial services, Glasgow Caledonian University; Nigel Bamber, key account manager, Winterthur International Ltd; Alan Punter, Aon Group Ltd and Clive Pracy, Anderson Consulting. The moderator was Global Reinsurance co-editor, Lee Coppack.

Lee Coppack: I asked each of you for an idea you think is especially important in risk management today. Would you like to start, Dennis?

Dennis Bessant: My theme would be the subject of culture shift in organisations and the sheer velocity of change that probably we all feel in our jobs and, I think, organisations all over the world feel. How does risk management fit into that culture shift and the paradigm shift that we have often heard about, and how can risk management mitigate some of the downsides of all this change? Everything is growing at such a pace now. It is hard to imagine 10 years ago we did not have e-mail, for example.

Relating that to what is going on in organisations, I see a huge sea change in the way they try and run. For example, the notion of command and control has gone out the window. The old days of asking someone to do something and having layers of management reporting to and back to the board or whatever are long gone. I think what has been created are business processes which need to be managed. What that means, I think, is the notion of functionality. Human resource directors or cfos or whatever, are all well and good, but where risk management can come into play is in recognising that because risk now is buried deep in the organisation, in all these processes that go on, no longer is it in the hands of a few people you can manage and control. It is a key issue for me that we begin to see risk management being sucked up to the strategic board level faster than, perhaps, it is surfacing at the moment. Obviously, what AIRMIC is doing and the academic issues that are emerging in terms of support for the whole profession are good, but we need to accelerate that change to cope with the cultural shifts that are going on in organisations.

Richard Reddaway: The major issue that I am grappling with, as opposed to thinking about, and it is an issue that AIRMIC is grappling with, is the millennium and year 2000 compliance. I wrote, on behalf of AIRMIC, a letter to 10 major insurers and reinsurers asking where the insurance industry is with this issue. We have had a number of responses, but nobody has yet been prepared to say: "We are going to do this."

It is clear there is a lot of industry thinking about this, but for self-evident commercial reasons, nobody wants to be the bringer of bad news, and the bad news is that there will be the year 2000 exclusion, although limited for property risks. A number of insurers have already hinted that this is what they are going to come out with, but nobody has stated they are, so I am very keen that the insurance community comes out with this. Then we can move to the next step which is to say: there is no cushion with insurance, particularly for your directors' and officers' trustee liability. This is an issue that must be on the boardroom agenda. Just in the last day or so we have seen Action 2000, and the government is starting to make the right noises. The difficulty is that the date is drawing upon us very rapidly.

For the record, I would like to state that it is anticipated as of now that for the compulsory classes at least, third party motor, employers' liability, there would be no exclusion and that may be a big issue for some employers' liability insurers - I am thinking oil rigs.

I would like to think that the insurance industry can help clients work on this issue and, possibly - having said that they are not prepared to give cover, having worked things through with clients - for them to look and see whether there are any innovative risk solutions for the issue, given that even the best laid plans have the possibility of going wrong, and what is seen as not being fortuitous may actually be fortuitous when industry has looked at the issue.

Mike Bartlett: I wrote down something which is quite short but hopefully has something deeper in it. How can shareholders be confident that the company in which they are investing fully understands its non-speculative risks and has adequately addressed the downside? Coming out of that, we look at the risk manager as being, hopefully, the person who is charged with evaluating the risk and implementing programmes. At the end of the day it is the ceo who is the ultimate risk manager. All of those things which the risk manager reports he cannot transfer by buying insurance or cannot adequately address by new systems have to go on to the balance sheet somewhere, have to be recognised. I think if it gets back to the shareholder and his reaction is: "Has it been thought about, has it been reported in the balance sheet?" Maybe Cadbury speaks to that to some element. How can he get that sense that his investment is being adequately addressed?

Alan Punter: Unfortunately, he is completely unable, because the report and accounts discloses nothing about the insurance programme that that company may have placed, the deductibles, the limits, the classes covered, the security to which that risk has been transferred. Pre-event, the shareholder cannot make any evaluation. He cannot factor into the price he is willing to pay for that share the risk management or risk financing arrangements that are in place. Post-event, he may be able to make a judgement when the company says: "We have had a loss, and by the way we are not insured, and there are some notes in contingent liabilities in the report and accounts."

Shareholders have to make a judgmental valuation of how companies manage risks after major events. They cannot make that judgement before the event.

Dennis Bessant: This comes back a little to what I was saying earlier about the role of risk management at corporate level, the vision that this function has to have across the whole operation, corporate governance and what goes with that. Clearly, insurance is not the only solution. There has to be lots of risk evaluation in all its aspects. Property is one thing, but also the physical exposures, the effects of foreign exchange, whatever you want to throw into the mix; it has to be a rounded approach. Unfortunately, no one person in the organisation other than, I imagine, the risk manager, who truly takes a strategic view, is capable of evaluating that.

Mike Bartlett: Let us take a blatant example that if your pollution coverage is insufficient and you are not comfortable with the amount of risk transfer you have obtained through the insurance policy - should you be making adequate provision by funding in some way or fashion a feature within the balance sheet?

Lee Coppack: Lynn, can I turn to you?

Lynn Drennan: I am very interested in looking to the future to see what skills and knowledge are going to be needed for people involved in risk management. From the very first moment that we designed the risk management degree up in Glasgow, we have taken, obviously, tremendous cognisance and done tremendous market research to find out what is actually needed by industry. This is my 11th year in the university, and what I am beginning to see when I go to conferences now - and this is no slur on accountants - is the increasing presence of accountancy practices in risk management. It is making me wonder should we be churning out accountancy instead of risk management graduates?

A massive increase in the amount of risk management services has been offered in recent years by the big accountancy firms. We are actually in the process of a major review - what are the needs? When I was at the Institute of Risk Management conference in September, one of the plenary speakers was the overall director of risk for Bass plc, Philip Thomas. He had come from the finance area, hadn't he? Audit? He is not the only one that has been put in at that sort of level in different companies. Is this the way things are moving in the future? And is it the right way? So, what do graduates need to have coming into the profession. You mentioned, Dennis, the importance of academic support. I would not be foolish enough to say that graduates coming out are able to manage risk in all its dimensions straight away. Of course not. If you graduate with a law degree, it does not mean you are a good lawyer . . .

Clive Pracy: . . . or a bad person.

Lynn Drennan: . . . or even a bad person. Obviously, experience is absolutely fundamental. But at the same time, we must be making sure that in our education we are giving the right kind of underpinning that is going to be necessary to take that discipline forward. That slightly picks up on the question whether risk managers should get more involved in sophisticated risk finance or leave finance to the treasury. And it also ties in, for me, with the question about the relationship between risk management and the human resources department, because I am very interested in the area of compartmentalisation in organisations. We see it so often in large organisations. Somebody is doing the health and safety, somebody is doing insurance and somebody else is in audit. To me, they have to all be part of the risk management picture and they must be talking to one another. They must be working together.

Mike Bartlett: I think one interesting point that comes out of that is that risk management in the insurance usage has a completely different meaning than risk management when you get into accountancy and the financial areas, so we must be careful that if we introduce the accountancy side into it, we know what we mean when we say risk management.

Nigel Bamber: Who is determining why the term of risk manager should just be limited to insurance?

Clive Pracy: You are absolutely right.

Nigel Bamber: I would suspect the treasury departments would prefer to have their control on it rather than the insurance manager.

Clive Pracy: I think anyone who has done what I would call a real risk manager's job in industry has never recognised any walls to the way that they do their job. It is all up for grabs and it should be. Richard, I know, would agree with that in the very way that they structure themselves within his organisation.

I agree there are certain accountants who may well be getting involved in areas of risk management in the same way they are buying law firms, some of them, but there is no doubt in my mind that what we need is, if possible, even rounder, broader people coming out of degree courses like yours, Lynn, and they have got to be business smart. I always remember one of my ex-chairmen saying the extraordinary thing is the number of people that cannot read an annual report. It is absolutely right. Really read and interpret it. Those are basic skills you could often think you can find in a bright person that comes out with a fairly good degree. Talk about mini-MBAs or whatever, but one thing for sure is that you want general business management expertise. Then they can participate at the heart of the business, which is where risk management ought to be.

Lee Coppack: May I turn to Nigel now?

Nigel Bamber: I will just add a PS to Richard's comments about the year 2000, which is, I suggest, that the year 2000 problem is somewhat different from terrorism or employers' liability, in that it is potentially a known exposure to clients. I do not think it is analogous to terrorism. That was something that came along to the industry and the industry had to solve it within weeks or months. I do think it is a fundamentally different situation where the year 2000 problem has been known for some time.

Richard Reddaway: I would not disagree with that. I would say given that knowledge, why not make your statement today as to how you intend to issue policies.

Nigel Bamber: My question is fairly simply, really. There has been a fundamental structural change in the broking world in terms of mergers, positions, etc, as is happening on the insurance side and will continue to happen. My firm belief, having worked on both sides of the industry, is that both brokers and insurers must be very customer-focused with the total aim of providing client solutions and client satisfaction. My simple question is: Is the trend toward bigger and fewer going to provide the client what they want?

LC: Alan?

Alan Punter: Moving more to a risk financing angle of the risk management spectrum, which has been my main focus, again, we have to achieve some sort of change of mind set and move away from insurance as a product and, maybe, the price of it and focus more on what does that product deliver. What is the value of the product - that instrument? Therefore, you work backwards and find there are other ways of delivering that value. They may be more expensive; they may be less expensive, but only by going through that exercise will we discover the true value of insurance, what it is delivering and how effective it is. I think we have to decide the purpose of insurance. Just a profit and loss smoother it might be. Pay a premium, get back some claims, you are often not really thinking beyond that. Really it is a mechanism for providing substitute capital, which is managing the balance sheet.

When you start thinking about that, you come back to compartmentalisation. You cannot look at insurance in isolation. You have to look at the whole balance sheet, insurance risks, financial risks, operational risks, and we cannot manage any one of those in isolation. We have to look at a much broader canvas of risk, risk mitigation and risk financing to see where insurance can be deployed, where it can be deployed most effectively. I think that has a whole knock-on of effects, not just for the structure of the industry but also for products, when we begin to realise that it is a form of capital, contingent capital, substitute capital, stand-by capital, off-balance sheet capital, any of these terms, and view it in that light.

There are people outside the insurance industry interested in supplying risk capital in one shape or form. If we do not get in there first within the insurance industry, and find ways of evaluating risk and how much capital is necessary to support that risk, do the risk-reward calculations, we will find other people who will do the calculations for us and might also come up with ideas for the capital, rather than the insurance industry. We have got to really open our minds to what it is that we are really trying to deliver, achieve by providing insurance. Is it the best way? Are there other ways? How do we value it? How do we know how much to buy? How do we know we are buying the right amount at the right time? We probably get back to the soft market discussion - how much do you buy in a soft market? How much do you buy in a hard market? All these things we can, perhaps, come back to.

Lee Coppack: Clive?

Clive Pracy: Two thoughts run through my mind. It is not just the insurance industry that is merging; everybody is at it. What is happening as a result is enormous power capital bases. If you just look at Zurich-BAT, forget the fact that they are creating financial services, and I do think they are creating a financial services/asset management organisation rather than an insurance company. They have got £36 billion as a capital base. Why should they buy insurance?

The financial services institutions that I have become more closely involved with in recent times, I suspect, may be slower at coming round to thinking about risk management but by jove, they are coming at it from a better position than we have ever done. Because of the transactional nature of the business that they are in, the dozens and dozens of sub risks that you can have out of the one trade, for example, just one piece of an operation creates so many inter-dependencies of risk rather than one big one, that if you do not scientifically measure, map and tot them up, the exercise will be unsuccessful. And you are talking about months and months and months of 20-30 people for just one business unit of just one bank. To map from the bottom up to meet the framework coming down, then you are starting to talk about real risk profiling and an awareness of risk that will then spread from that. Screens on people's desks telling them exactly what their risk position is today in real time. I think there is one heck of a lot to learn from that business.

Curiously, one finds them still with the typical, almost tower like arrangement of insurance with so-called catastrophe programme with ridiculously laughable deductibles. Yet, they have things like $60-$80 billion sitting in a liquidity account. When they actually start talking about capital markets in connection with their insurance programmes, they do not seem to remember they are actually in the business of lending money and that insurance is another line of alternative credit; they have not quite got their head around that. So, yes, there is hope for us. I think we are going to see more and more challenging by these bigger organisations saying: "Why are we buying insurance at all? We do not need it. If we need it anywhere, we need it in a different direction at a super-cat level where it is really going to hurt the balance sheet."

The bottom comment to that is soft market. I do not think it is "a soft market"; I think it is "the market". Think of the last serious man made disasters apart from a plane falling out of the sky and that was a long time ago. Is it a fact that risk managers have actually got their act together and companies have got their act together? If you can prove you have got a jolly good record and you have got your act together, you do not go out and buy so much insurance, so you end up with the thing creating the marketplace it needs and demands.

Lynn Drennan: That last point that you were making about the soft versus hard market, Clive, I find it almost incredible that people are that short sighted. To say that insurance is going to be the panacea, because we all know the level of hidden cost of risk that is involved in any type of incident that you have to deal with. Okay, it is part of the balanced picture, the price you are getting your insurance at, but the whole point about risk management is trying to avoid these things happening in the first place.

Alan Punter: From the underwriting perspective, insurance is regarded as being cheap and some insurance does appear to be at or less than burning cost. One underwriter said to me this morning: "Why aren't people buying more of it, because it is free money."

Dennis Bessant: It is this old, hoary subject of where does insurance fit into the overall management and protection of risk. I think it has to come back to saying: "Insurance is one, perhaps even one tiny component of what should be all the strands of the risk management process in an organisation."

It is facing up to the realities of what risk is. I read this some time ago but - risk is risk and loss is loss. It does not say: "That is property today and foreign exchange tomorrow." It is straight off the bottom line. Unless you actually take this holistic view of the whole risk management function, we will perpetuate this view that insurance is a quick fix, a short term thing.

Nigel Bamber: The longer term, holistic view is the way to go forward. But isn't it reality that you are dealing with companies where financial directors are making decisions in terms of insurance buying. What are his goals? His goals are always relatively short term, because he has to satisfy the market, the share price, and, therefore, he has to consider things generally on a short term basis and value for money. Generally speaking, it is easier at the moment, certainly, to take a short term view and buy the insurance.

Clive Pracy: Except the point there is that banks traditionally have been just that - very traditional and essentially risk averse. They do not actually like risk at all. A cfo in a main bank said it to me yesterday. I made the proposition it was absolute nonsense they were buying insurance or so it seemed to me. He said: "Absolutely." But I was not going to talk about that. Someone looked at him and said: "Well, isn't that a bit like heresy?" And he said: "Everything else we do in our business we are forced to think differently. So why are we sitting here making the same old decisions on this area?" He did not actually say: "We are not going to do it." He said: "I am not prepared to be told that this is a 'no can do'. Why shouldn't we go bare?" He is going bare on the vast majority of the risks that he is handling every day which is billions which is uninsurable.

Mike Bartlett: Is it totally radical to argue that you are actually more aware of your risks without a safety net? If you are doing a rock climb, then you are more likely to hang on tight and make sure your footholds are better if you know that there is no get out. Somewhere within risk management, there may be a way in which you have to quantify the need for risk transfer before you purchase it to ensure that the risk management controls are there.

Alan Punter: Clive is not just saying: "Okay, our exposure on an insurable risk may be X, whereas our exposure on a trading risk may be 10X, and, therefore, why are we protecting X?" You have to also factor in that what we are particularly good at in insurance is the cost - the risk reward of insurance. It may be more cost effective to insure the X, less cost effective to hedge the 10X. So you cannot just say: "We can bear that risk. We will take it bare." There is a price for transferring it, and if it is economical, if the risk-reward equation is right, you may want to transfer it, even if it isn't a risk that actually hurts.

Clive Pracy: I agree. All I was doing was challenging the basic premise as they all are doing.

Alan Punter: Consequently, you need the tools to evaluate that risk-reward, to say: "Yes, it is worth insuring or not worth insuring or it is worth hedging that financial risk at some other level." We do not really yet have those tools.

Lee Coppack: Even if it isn't accounting, perhaps the risk manager does need more quantitative skills than in the past?

Dennis Bessant: What the risk manager needs is some of that discipline of viewing the risks in a more systematic way, looking at impacts and consequences to bring the discipline of risk management. At the end, they might need some help from the treasury or accounting to actually quantify the foreign exchange risk or interest rate risk. They do not have to do that themselves. They can draw on the skills of their colleagues. They can bring the framework to put these risks in the same portfolio and use the same criteria for deciding whether to retain or transfer this risk or hedge this risk. Bring that discipline about how to approach the risk, how to evaluate the risk, assess its likelihood of occurrence, assess the likely severity. They can bring the discipline, even if they do not have all the technical skills.

Lynn Drennan: I would accept everything that Alan is saying with one big proviso: in addition to that, they need to be creative thinkers. Maybe I am just being prejudiced against accountants; taking that very disciplined, very analytical approach is extremely important so long as it does not become a very narrow funnel. One thing we are trying very hard to develop with our graduates is this lateral, more creative thinking, more problem solving approach. It is almost the more generic, general skills that are important. Knowledge becomes out of date so quickly. Quite honestly, I see our risk management degree as almost a vehicle for developing these extra skills with the students.

Dennis Bessant: The thinking challenge is so important. The easy solution is just to buy insurance and if we just perpetuate that cycle, we just carry on as we have done before. We have got to open this door and go through into a new room and see this whole new world of risk in a different way.

Mike Bartlett: The development of services to approach those risks can actually improve the risks, which makes them more transferable, more predictable and, therefore, more manageable.

Richard Reddaway: Some insurers clearly hold themselves out not to be there for capacity but for those services. We are working with one of Dennis' sister companies, and it has certainly done exactly that. It has brought a framework for us to do the analysis of the different loss scenarios. It has enabled us to really focus on what the cost would be of implementing loss protection measures, which would then, in turn, produce scenarios which are then way different than, as we call it, potential maximum losses.

Just seeing these figures, and they are built on lots of different scenarios, has an immense impact. A finance director can understand there is a scenario of £100 million, an implementation figure that is likely to be £100,000, and with the implementation, the scenario is likely to reduce to £500,000, sprinkler water damage, or whatever it may be. We are finding that, clearly, within the insurance industry, there are lots of services of this nature which are very valuable as we look at the risk management issues within our business.

Mike Bartlett: A client of ours who are haulers of toxic waste had minuscule risk transfer availability; not many people wanted to insure them. We introduced them to services, which changed the way they handled the waste, made it more environmentally friendly. They actually ended up being 40% more competitive than their nearest competitor. So it was not just the fact that they had been able to achieve more risk transfer. They changed their industry; they became more competitive. It wasn't an insurance decision at the end of the day, although it was driven by the lack of ability to transfer the risk.

Clive Pracy: Do you now have a few surveyors that glow at night?

Lee Coppack: Nigel, how do you see all of that as an insurer?

Nigel Bamber: We have to accept that the risk manager is becoming and should be becoming a more and more informed buyer. I think the better qualified, the better research risk managers do in terms of analysing what they are going to spend on risk management. What they risk transfer out, the better for us. You can take a short term view and say potentially that is going to be less premium income to us, but in the long term, our approach has always been to write companies that take high deductibles, that take risk management seriously and potentially, therefore, that is less premium going through our books.

Clive Pracy: But they are a better risk.

Nigel Bamber: Absolutely. It comes back to what Mike was saying about the rock climber. There is no question that if the company know they are going to be taking the first £5 million of every loss, for example, they will take a far more serious attitude about risk management than thinking: "Well, insurance will pay anyway." So that is not a problem.

Lee Coppack: How does that work in a soft market when, perhaps, insurers are prepared to grant lower and lower deductibles?

Nigel Bamber: I have to say in this market that buyers can almost get what they want, be it with high deductibles or not high deductibles. It is a soft market. I am not actually convinced, though, that a hard market will not come back. It may come back for a shorter time but people have a habit of saying - like house prices: "Well, house prices will never come back to the level they were." Of course, they are back already, but we are dealing in a more competitive world. There is more capital out there, and maybe the hard market will not come back to where it was.

Alan Punter: If the risk transfer does become at a higher and higher level to primary companies, and primary companies, in turn, retain more, and because they are merging, retaining more and reinsuring less and less, the risk that is going into the insurance industry becomes more and more catastrophic. The more predictable stuff is less and less being passed into the market and being self-managed, self-funded, captives whatever. As the risk that is transferred to the industry becomes more and more excess, more and more catastrophic, isn't there a danger of its becoming more commoditised and relationships being less important? If you just want to buy a big layer excess of a big deductible and there is essentially no loss history because it is catastrophic, it becomes a commodity.

Richard Reddaway: Certainly in the case of the company I work with where the exposures are going up and up, it is the opposite. We have to have a closer and closer relationship with our catastrophe insurers, and we are probably closer now than we ever were with the Gen Res, the Munich Res, the Swiss Res, because our figures are so big, and because they are putting such big amounts out on us.

Alan Punter: But is that closer relationship because they have disintermediated the primary insurer?

Richard Reddaway: We are still with the primary insurers for a variety of reasons. It may be because we are operating in so many different countries. We have got factories throughout the world, and you have got to have people on the ground providing service. There are risks other than catastrophe risks, compulsory classes, say, motor or workers' compensation, which have to be addressed.

Alan Punter: But are you using the primary companies really as service providers, and the reinsurers as risk bearers?

Richard Reddaway: We operate that anyone coming on our risk is taking net and treaty. We want risk takers; we do not want risk passers. So if you are primary or catastrophe, you are there taking risk and the primary insurers are taking big lines on some of our risks. We certainly recognise that.

Clive Pracy: One of the things that has been going through my mind for some time about the bigness I talked about earlier is the whole issue of reputation, which is becoming so, so important to organisations. It is an old granny's wisdom that the bigger they are the harder they fall. We are seeing that in the sense the bigger they are, the less able they are to cope with anything that immediately impinges on their reputation.

We know of a major High Street bank that is probably never going to fully recover from that one hit. It is not because they had the hit, but because of the way they were perceived to handle it. No immediate impact on their share price but, thereafter, the analysts just do not like them. And it is an uninsurable exposure at the moment. Rightly so, because how are you going to rate it? But in my experience companies are becoming more and more aware of what that means to them, and they are going to zealously guard that reputation which, of course, is a wonderful opportunity for real risk management, because that is exactly what it is doing. I am not quite sure if there is anything an insurance organisation can do once companies begin to realise that the thing that matters to them most is the quality of that business reputation. Nothing that any insurance can do about it if that starts to slide for whatever reason.

Alan Punter: Yes, within the industry/risk transfer side we do not focus enough on the fact that the impact of the loss can be far more serious than the loss that gave rise to it. So, really, the focus is more on business interruption, not on property damage. That is a much better measure of the cost of that loss, and even business interruption does not cover reputation, so it is much more important to, as you say, to risk manage the reputational risk.

Lynn Drennan: So often the fact that gave rise to the loss in the first place is uninsurable. We think of Mr Ratner and his unfortunate remark in an after dinner speech affecting the company. If you think of Perrier and what led to that particular situation . . . These were not things that were insurable. This is where human stupidity or error of judgement are involved, and the impact was tremendous on both those organisations. It is bringing back the importance of managing risk as a whole in an organisation. Maybe you could never really get out of somebody making a stupid remark - how would you overcome that? - but that is where the crisis management element of risk management would come in. How you deal with it afterwards could make the difference between survival or demise.

Dennis Bessant: Over the last 10 years if you look at what has been emerging in industry with just-in-time production, single sourcing procurement of raw materials, flexible manufacturing. It is almost like it is a creeping cultural thing. Suddenly this business interruption exposure has gone from the £100 million to the £1 billion. Risk management is the salvation. It really is. It is almost a survival issue when it comes to things like that.

Alan Punter: Because we have squeezed out all the superfluous or redundant capacity that might have been in the system that we could fall back on.

Richard Reddaway: This is the beauty of the Factory Mutual approach and I speak of someone who comes from a Factory Mutual company who are really focusing on dependencies. I totally agree with Clive that we, the risk managers, are spending a great deal of time on business continuity planning. Of course, this is part of business continuity planning, because until you know what the exposures are, you have not done the analysis and you cannot see what is the appropriate way to look forward.

We spend a lot of time on just basic issues - valuations to get the valuations correct. What can we learn from valuation companies? They are saying rebuilding time is, say, two, three years, whatever it may be. We spend time with people in the disaster business, so we have retainers. If there was a solvent spill, could you actually get back on the site for x months because it would be cordoned off. There would be investigations, and who actually can do the remedial work that is required?

The whole business of business continuity planning and linking in with crisis management is a major issue for the risk managers, and one that I feel the risk management community understands. We are working with a lot of people in that area.

Mike Bartlett: As I was listening round the table, my initial comment was going to come back to the millennium, because one of the customers who came to us was a major US bank which spent $300 million in addressing their millennium problem, looked at our product and said that is going to validate what we have done, so we would like to spend another $100 million on purchasing these because it takes us from the testing, the validation and all the processes because our reputation is key to everything.

Clive Pracy: The one thing that organisations have got and will be increasingly aware of is that branding is everything.

Alan Punter: Back to accountants. They do not know how to value brands.

Lee Coppack: Nigel, what role do you think insurers can play in dealing with the uninsurable risk in any way?

Nigel Bamber: I think part of the problem with "uninsurable" risks is that it is quite hard to pin them down. Companies have a problem in identifying what the exposures are. Therefore, insurers have a difficult time in putting a price on them. With the move toward these multi-year, multi-line deals when insurers are taking pretty big chunks of risk and pretty big premium and clients are taking pretty big chunks of self-insurance, I think it is becoming far more possible and likely that you can bolt on a bit of previously uninsurable exposure. For me, multi-year, multi-line deals are the starting point for a more general move towards uninsurable issues becoming insurable.

The fault is not always so much on the insurance industry in that solutions are being put forward. The problem tends to be solutions in the past have often been funding solutions. The risk manager may say: "That is a good idea," but the finance director says: "Okay. That is going to cost me so much, but what is the likelihood of that happening? It might happen; it might not happen." They are not prepared to put aside working capital in order to protect themselves against something that may not happen. That is a problem often with uninsurable risk. They are very big and the amount of money that the insured has got to put towards them is just so much. It takes it out of the working capital of the business. Why do it?

Alan Punter: Two comments. You talk about uninsurable risk. You are suggesting put them in a multi-year, multi-line package. That sounds like a little freebee that is thrown in for fun; it is never going to be a significant risk. If it is uninsurable, then it is unpriceable. I think you need to rethink what makes a risk insurable. Many risks that currently are not insured, at least on a stand alone basis - most of them financial, interest rates, exchange rates and so on - to me fulfil all the criteria of being insurable. They are completely fortuitous and no one company, not even Microsoft, can move exchange rates or interest rates. It is external to that company; it is fortuitous. It has a measurable impact. What makes it uninsurable?

Dennis Bessant: The bridge is risk management. If we merely look to insurance as the solution for currently uninsurable risks, we are side-stepping the issue. The issue is - the bank is a good example - if an organisation has looked at their exposure in this area and done what they believe is ultimately everything they can do to mitigate, manage, analyse, quantify, evaluate and then made sensible decisions about risk retention, transfer or whatever, then I think insurance can become a component of that process. The pre-occupation with insurance as a solution for everything, for a start, is putting the cart before the horse.

Nigel Bamber: For me, clearly, if an insurer has a huge chunk of premium and the client is a long way away from the action, multi-year, multi-line deals where the insurers are having to get out of their box and not think property, casualty, whatever, it becomes much easier conceptually for them to bolt something else on. I do not mean for free. For a charge, clearly. But it is that much easier conceptually for insurers to consider that and I think that will happen. So you are looking at strategic partnership, long term arrangements and I cannot see why insurers should not be able to do that.

Also, Winterthur now is part of the Credit Suisse Group. Clearly, one of the things we will be looking at is what sort of synergies, what sort of products we can jointly come up with. We have already had people from Credit Suisse First Boston and what is interesting is that they are dealing with risk like we are. They just have a very different approach to it. They are looking very much at - got a problem - how can they innovatively write it, and they get some sort of financial instrument to do it. Insurance has never, traditionally, been viewed that way and maybe that is what we have to do.

Clive Pracy: This isn't knocking, you understand that, but insurers have never wanted to do that, either. We have all got to do better and to do the bit you were talking about, which is to say: There is some kind of exposure out there, but I do not know quite what it is. The point about it is that it is currently uninsurable but it is all fortuitous. The tools are there for everyone to be able to measure these exposures now and the experience is there to measure it.

Nigel Bamber: Whose onus is it to actually use those tools?

Clive Pracy: Well, it is everybody's. The next point is that there has been such a disinclination from the traditional market to come and offer anybody anything. . . . The only thing they offer is to say they are going to take something away: We are not going to insure this, as opposed to would you like some of this new stuff.

Nigel Bamber: That is a bit harsh.

Mike Bartlett: By the same token, a soft market means you can get your risk insured without doing so much risk management. People are clamouring for the business. Therefore, the actual underwriting process is more condensed: "Do you want it? What is the price?" I know that is simplifying it, but at the end of the day people are not making the same underwriting judgement because they are wanting to maintain their portfolio, rather than necessarily wanting to protect their portfolio. And that has to be a plus for the people transferring risk but at the same time, it is very important that you maintain - as a risk manager - the view of what we are trying to do here. It should be first: "Have we addressed all of the risks adequately that the corporation has; secondly, is it more advantageous to purchase insurance, so we purchase insurance here." But that is only part of the process. The rest is how do we contain the rest of the risk.

Richard Reddaway: I would argue that a soft market is not necessarily in the interests of the risk manager, because what will follow it is losses. What risk managers want is long term stability. It is clear to me from the signals coming out of Lloyd's and perhaps some of the insurers, there are going to be losses and once there are losses, either people leave the market altogether or they have got to jump with price.

Nigel Bamber: What does your financial director want?

Richard Reddaway: He would want continuity. That is why we are putting in as much effort into loss prevention and risk analysis, risk identification, as we ever were. My theory is that if anything is going to torpedo the market it will be an earthquake in a critical place. If there is the next big one, then the reinsurers will be saying: "We are not going to give you the cover unless you have got the analysis and can demonstrate loss prevention and show us that this is an insurable risk." So we are working as hard as ever, regardless of the market and regardless of the questions because ultimately we are concerned about ourselves.

Nigel Bamber: For us as insurers, that is terrific news. But not all companies have the money or the size to be able to do that.

Clive Pracy: They are going to be forced into a position of having to do that.

Lee Coppack: Is the risk manager sufficiently high in the corporate structure, however, to be able to get a good enough overview of all the organisation's risk and secondly, to carry that through?

Richard Reddaway: I think Clive would agree with me with the statement that the risk manager is the chief executive.

Clive Pracy: There is no question about it. It has never changed and it is never going to change. There are lots of organisations who are getting better risk managers with more control, in the sense of the ability to influence more, the chief risk officer role, as it is now becoming. The enlightened organisation has worked it out that they need someone of that calibre and that kind of position, so they are not going to get bypassed. They have the ability to go and walk through an open door to anyone on the board anyway, if it matters.

Yes, there are a lot of organisations that do not have them. That has been the same for ages, unfortunately. I am not sure that we are seeing the quantum leap that we ought to be seeing by now, if organisations are going to get their act together on risk management in terms of the quality of people doing the quality of job that is needed. A lot of organisations have not had the awareness and still reduce it to an insurance buying role. It staggers me that this thinking still goes on in apparently enormously successful organisations and that the risk management function, if it exists, is reduced to this lowly, clerking, admin function.

Lynn Drennan: The types of organisations like the Glaxo-Wellcomes, the London Transports, do appear to be in the minority. Standing back, the perception I have is that risk management is still very much insurance dominated in most organisations. We all know that there are people with the title risk manager or risk and insurance manager, but when you get down to the nitty-gritty, what they do is they buy insurance, so often very much relying on their brokers rather than practising a much more integrated or holistic approach to risk management which we would like to see.

Like you, I am concerned that this has not seemed to have improved. I have been 11 years now in this area and progress is very, very slow. There seems still to be an awful lot of seat of the pants stuff going on, people just perpetuating the practice of years gone by. It is hard to know how to break out of that cycle.

Could I raise one other issue, because we have been talking very much here about the very largest of organisations. Risk management, I think we would all agree is for every organisation, now matter how small or large, and small and medium sized enterprises ought also to be practising good risk management, but I do not see that encouragement from the insurance industry, at all. We were talking about the soft market; it is easy for people to get insurance, particularly for big players, to get exactly the cover and the price that they are looking for. Therefore, the insurance companies are not going to take a hard line: "Oh, and by the way, we want to make sure you are doing x, y, z, so we are actually insuring a very robust and unlikely to cost us a lot of money risk." But are they doing that at lower levels? What are insurance companies actually doing to encourage the practice of risk management and to improve the risks they are taking on. My perception - contradict me if you will - is very, very little.

Nigel Bamber: It is difficult, because going back to what Richard was saying about the reduction of loss and what he can achieve by putting in sprinklers or whatever the case might be. If you look at the cost of putting in sprinklers and the potential reduction in loss that is very easy for someone to say: "Go and do it." Actually when you compare the cost of putting in the sprinklers and the reduction of premium he is getting, it would not be quite so simple. I suspect the reduction in premium you could get is probably rather less than what it is costing you to put the sprinklers in. The problem is that finance directors often take a view: "It is not worth my while to do it." The point for insurers is that it actually does not necessarily reduce the risk enough to generate reductions in premium. It is not an easy solution. A company has to sit above that and say: "From a risk management point of view, yes, it does make sense."

Richard Reddaway: You are quite correct. Our company would have done the payback calculation. We would also have done the loss scenario calculations. Then we are saying insurance isn't the driver of our business and we have proceeded down the highly protected risk route for strategic reasons.

Lee Coppack: Is there a good enough career path for risk managers? Should becoming a risk manager be able to lead into senior management generally? It might attract more people of a certain calibre into risk management.

Nigel Bamber: It could be argued that now is the best time to become a risk manager, because, as we were saying, the bands between insurance and risk financing are overlapping more. Therefore, if you are a capable person, you can start to drive the change within your organisation and say: "Yes, I should be involved in more than just insurance. I should be looking at the risk of the whole company." I think it comes down to the capability of the risk manager and his ability to change the perception within the company of his job. That also goes down to what we were discussing about brokers in our company about two weeks ago. They were saying their real problem is the value proposition. It is the proposition of what the risk manager can offer within his company.

Mike Bartlett: We said earlier, and I think we would all agree, that the ceo is the ultimate risk manager, so shouldn't the risk manager be an ideal preparation?

Richard Reddaway: But that is only part of his job.

Lee Coppack: That is the point about needing risk managers who think like business people.

Mike Bartlett: Richard, is there any lobbying done by AIRMIC, maybe with some of the business schools to identify this as an important factor within the progression?

Richard Reddaway: Ten years ago it was AIRMIC that established the Institute of Risk Management, so we have a keen awareness of the need for education. Within AIRMIC, we have just the other day identified how many of our 820 or so members have MBAs; it is only 18, but at least it is 18. I, myself, had the privilege of doing an MBA at Insead at Fountainbleau in France. I did that as a one year, time-out course, and a lot of people cannot do that.

We are conscious of the need for management development of AIRMIC members but the problem and the dilemma that we face is this: are the AIRMIC members able to take the time out and have the ability, maybe financial, to do so. It may be that the pressures on them are such that they cannot take the time out. We need to talk that through.

Alan Punter: You can either graft management skills on to existing risk managers or look at it the other way round. Do you have an MBA that even mentions insurance or risk management on their whole syllabus?

Lynn Drennan: The one at Glasgow Caldedonian University, obviously!

Alan Punter: But how many other MBA courses?

Lynn Drennan: The problem, of course, is having the expertise to do so. It certainly is not embedded into the MBA programme in the way it should be. The reality in the UK is that there are very, very few places that even touch on risk management education. We well know where they are; Nottingham does it a bit; City does a bit, Southampton does a bit. After that, you are running a bit dry.

Our view at Glasgow Caledonian is that risk management is so fundamentally important to so many areas that not only do we teach it on the MBA, but we teach it on the MSc programmes in the sciences and technology faculty, as well. People who are doing MSc degrees in environment, maintenance systems, engineering or construction management, find risk management is fundamentally important to them just as it is to us in the whole business context.