What are your main areas of interest in terms of risk management and business?
Evans: I look at risk as a holistic approach, how you actually implement it into an internal organisation. The other area I work in is called ‘extreme risk’. My particular area of interest is operational risk. But you can get extreme risks in credit risk, or in market risk. One of the reasons I’m interested in all that is that we don’t know how to model it. We just don’t know.
We have data for banks around the world. We’re still reaching the conclusion [but it looks as if] you have to run two models; one for the normal bid, which nobody is all that interested in it anyway because it’s easy and banks are been meeting the costs of those normal operational risks for the last couple of hundred years. It’s the extreme ones and I guess the issue that interests me is that these are unpredictable. So therefore while I’m encouraging modeling, I’m also encouraging lateral thinking about risk – even if you can’t identify them. They’re unknown unknown risks.
How do you try and manage that sort of unknown risk?
There are a couple of ways of doing it. One is just pick a number out of the air, add a ‘fiddle factor’ and that’s the amount of capital you have. Nobody will have a clue whether it’s right or wrong.
Another one — and it is one I teach students — is to be very careful with your contractual obligations. Leaving consumer issues aside, in particular, what I advocate in, say insurance, is what I call ‘positive word contracting’. Say you have a motor vehicle contract. So instead of saying ‘if you prang your car we’ll pay’, you say ‘if event A or B or C happens, we will pay’. If you just say ‘if you prang your car, we’ll pay’, you have no idea what that means. And things can change over time.
Now the big advantage for general insurance of course is that these are one-year contracts. So putting aside marketing issues, you can change them, theoretically.
That’s why I like the holistic approach. I don’t think you can manage risks in one dimension. Particularly extreme risks; they’re not one-dimensional at all. They’re multi-dimensional problems. And you have to think how does the organisation control these, and you also have to ask: If we can’t control them, do we want to be in the business?
Now that’s a decision people are really scared to make. Particularly insurers. The marketing people will tell them we have to have this contract and you have no idea what the liability is going to be.
I’m not advocating this from the social perspective, but in Queensland, they had this definition (I’m not sure of the exact words) of what a flood was — and it didn’t include water just trundelling down the street. It had to be a thing called a flashflood. I think, from an insurance perspective, that’s perfectly reasonable to limit the risk.
Then you have the other side of the organisation that looks at marketing — not sales. They’ll say: “Well, I’m not too sure that, if there was a catastrophe, we’re going to get away with this.” What that simply means is they’re pricing as though they can get away with it, and then they find they can’t.
It’s called going broke. And you have to be careful of the re-insurance contracts as well because if you’ve excluded it, they’ve excluded it. You’re left out holding the baby.
You also have to be aware of political risk and that’s one thing that we’re not very good at taking into account. A long time ago, there was a hill slide in Wollongong and several houses ended up in the ocean. Hill slides were not covered under the NRMA insurance in those days and the political who-ha was such thing that they ended up paying. Now it was 20 houses times $50,000, $60,000 in those days for a house in Wollongong. But that could have been millions of dollars.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.