The dilemma of the risk professional
24 february 2019
As a risk consultant, you do what is good for the company that contracts you, the client. You leave no stone unturned and your reports are to the point, honest and straightforward. Until that is, your report ends up in the hands of parties making requests or demands. What if a regulatory authority or insurer approaches the client with your report in their hands? Ron de Bruijn, Managing Partner at Riskonet, shares a difficult dilemma with us.
It happened to me. After consulting with and permission from the client, I said ‘yes’ before I had actually thought it through properly. Riskonet carried out a comprehensive safety scan on fire and evacuation safety for a party that contracted us. I was asked whether I wanted to share the findings with insurer x and regulatory authority y, who both had the best interest of company z at heart. Saying ‘yes’ seemed logical, but what if you consider the potential consequences for the company?
We have seen a growth in demand for safety scans during our consultancy and support work. This is mainly from companies, out of their sense of responsibility and company interests, that want to understand the current status of the fire and evacuation safety in their buildings and other materials assets so that they can then resolve any shortcomings. We offer a custom solution to these companies using the ‘Gap Assessment Asset Safety-model’ (GAAS) that was developed at Riskonet. It means that we offer them a comprehensive approach to asset safety. By examining the combination of current laws and regulations, business continuity and the insurability of the assets, among other issues, we leave nothing to chance.
Clients should be confident that we will highlight any shortcomings we observe. We set out our findings in a report, which is accompanied by suggested solutions for achieving the desired result. That is where the first part of the dilemma rears its head. Since it was the client that contracted us, the client should expect us to be discrete. So, we do not share any of these reports without obtaining the permission of the contracting party.
In practice, too much openness can cost clients dearly
In practice, too much openness can cost clients dearly. If they share GAAS reports with insurers, for instance, but also with the competent authorities, then there is a chance that our clients will be held responsible for these deficiencies. At times, the consequences are painful and costly. For instance, if their licence is withdrawn based on the information or if their insurance premium rises without a realistic prospect for reduction. There have even been cases in which an insurer has cancelled the policy.
Then I think: this could not have been our client’s intention when they requested a GAAS report. You want to have these surveys and reports because you want a risk professional to give their findings on the status of your asset safety. It is a wise investment that you make in good faith as a business owner because you want to gain an understanding of your strengths and weaknesses. It then lets you draw up and implement specific plans for improvement.
If the party making a request or demand is eagerly waiting to put this ‘new information’ to their advantage, then it can only have a detrimental effect. This can remove the appetite of business owners to focus their investments on risk management. It will not stimulate business owners to give their organisation a ‘health-check’ from time to time. Nor will it enable them to learn from deficiencies, receive criticism on their approach, promise to make improvements and honour these with investments in safer assets! Business owners will also be less generous about sharing information, which has an adverse effect. Namely, there is no purpose whatsoever in scaling back transparency, and it regresses risk management by several decades.
In the meantime, the risk professional faces a considerable dilemma, and even an ethical issue. Should we keep information to ourselves to protect the client? Naturally, we do not share a report with third parties without the consent of the contracting party. On the other hand, it is our duty is to encourage the contracting party to take immediate action in acute life-threatening situations. However, what if that action is not forthcoming and the hazardous situation persists? Should we then just terminate the assignment and hope that an accident does not occur?
This is a difficult ethical discussion. In our view, we have to be clear and fair. We should not describe ‘problems’ as ‘challenges’ and rely on the client’s ability to read between the lines. As far as I am concerned, it would be a road to disaster. We would be choosing to erode our own profession!
Our report often not only alerts the contracting party, but also even more often also alerts the third parties involved
I will now slightly complicate the dilemma. During our survey for the GAAS, we come across matters that pose a serious threat to safety. A fire partition that was in the plans but had not actually been constructed. An emergency lighting system that did not work, or a sprinkler system that was not designed for serious fire hazards. A situation in an industrial unit in which the permitted fire load (as stated in the licence) had been exceeded by more than 100 percent. These are already serious facts; however, these situations have often existed for years. Our report not only alerts the contracting party, as it should, but even more often it also alerts the third parties involved.
As a risk professional, I understand that when a regulatory authority hears about serious safety issues that breach a licence, it is unable to ignore this information. Naturally, an insurer must take seriously any information that considerably raises its risk.
However, and I will be careful how I say this, hasn’t the regulator also failed somewhat in its duties to these long-standing situations by overlooking these shortcomings for years? Shouldn’t the insurer be due a little self-criticism when it has clearly found the situation on site acceptable for all that time?
One of the characteristics of a dilemma is that there are rarely any solutions, let alone simple solutions. So, how do we deal with our findings, particularly when there is a chance they will cause problems for our clients? Clearly others have overlooked the problems too.
I propose that regulators and insurers show a certain degree of leniency to information that falls in their lap, for instance through a GAAS. It would give a company time to deal with problems and take measures to restore the risks to an acceptable level within a reasonable period.
Let’s especially engage in dialogue, and continue to do so, about these types of dilemmas. That is because we should strive together for a higher goal, namely the safety and continuity of business processes, and last but not least, people.