- While there is no one definition, experts agree that risk intelligence takes a broader, more forward-thinking and opportunity-centric approach to managing risk.
- In today’s volatile, uncertain, complex and ambiguous environment, managing risk should be embedded in an organisation’s culture.
- Insurers are considering more flexible ways to manage their own and their clients’ risk.
There is no single definition of risk intelligence.
American financier Leo Tilman describes it as ‘the strategic reincarnation of risk management’. David Ingram, executive vice president of Willis Re, sees it as ‘the ability to reason, plan, solve problems, think abstractly, comprehend complex ideas, learn quickly, and learn from experience in matters involving risk and uncertainty’.
For Dr Gavriel Schneider, CEO of Risk 2 Solution Group and program director of Australian Catholic University’s Psychology of Risk Program, risk intelligence is ‘a living skill and applied attribute that enables better decision-making to proactively embrace opportunity and manage potentially negative outcomes’.
‘If it’s not a living skill, it doesn’t move with the times and we only have the ability to manage in hindsight,’ says Schneider.
‘We were very purposeful in including that in our own definition, along with opportunity-centrism. The concept of risk carries no suggestion that it’s limited to things that can go wrong, yet we’ve adopted a protectionist mindset which focuses on the negatives, rather than balancing them with things that could work to our advantage.’
‘Traditional risk management typically deals with the known and the expected,’ he says. ‘In a VUCA world you need to be able to anticipate the unexpected, adapt to changing conditions, manoeuvre through obstacles, be decisive on critical issues and be ready to change strategies with limited information.’
A risk-intelligent culture
Nick Kaspers, principal at Senator Risk Management New Zealand, believes that risk intelligence is as much a culture as a process.
‘Risk intelligence can’t function in a highly controlled, hierarchical structure,’ he says. ‘Everyone within an organisation should be encouraged to see managing risk as part of their job. They should also feel comfortable about bringing challenges to the table, discussing concerns and working as part of a team to find a resolution.’
Kaspers first saw risk intelligence in action as a director of Scouts Aotearoa New Zealand.
‘Half of the board has to be under 26 years of age, which creates a very different culture from the average boardroom,’ he says.
‘We worked a lot in the child protection space, and it was seeing how the younger directors stripped away biases and suggested new ways of discussing and monitoring risk that made me passionate about risk intelligence and what it can achieve.’
Risk intelligence: beyond resilience
Risk management is often preoccupied with compliance. ‘Doing only what must be done is the basis of old-school risk management, where all variables are known and you have full control of what you do,’ says Schneider.
‘Even at its most effective, it’s always backwards-looking and never drives performance or innovation.’
Companies that recognise these limitations might focus on resilience by building and testing business continuity and crisis management plans, and preparing for likely scenarios.
‘These things are important, but a lot have learned the hard way through COVID-19 that they don’t necessarily help you to manage disruption,’ adds Schneider. ‘This is why we coined the term presilience™. A presilience mindset achieves risk intelligence by overlaying the best of compliance and resilience with a focus on opportunity and positive outcomes.’
This was supported by Schneider’s reviews of COVID-19 incident response and risk management.
‘We found that the organisations anchored in a compliance-driven approach were struggling to perform,’ he says.
‘Those that were doing well had a balanced approach and encouraged what we would consider a learning environment. Rather than punish mistakes, they treat them as an opportunity to learn — and they also learn from and leverage their successes.’
Peppler is concerned by the common practice of rewarding executives for a blinkered approach to strategy — sticking to agreed decisions rather than paying attention to potential threats inside and outside the organisation.
‘Weak signals are ignored and their interdependencies left unexplored, until an emerging issue poses an existential threat and there are few options for resolution,’ he says.
He believes that risk intelligence can help challenge the organisational biases that discourage adaptive change. These include confidence bias — when we overestimate the truth of what we believe — and confirmation bias, where we mainly focus on information that fits our existing beliefs.
‘These biases can trigger the formation of what [author and strategist] Michele Wucker has labelled “gray rhinos” — a metaphor for a highly probable, high-impact yet neglected threat,’ continues Peppler. ‘Risk intelligence helps us to pay fresh attention to what’s obvious but largely ignored.’
A new kind of protection
When Kaspers began his career in the insurance industry, policies were based around physical assets. Today, intellectual property merchant bank Ocean Tomo reports that 90 per cent of the SP 500’s assets are intangible.
‘One of the challenges for the insurance industry is understanding clients’ intangible needs — what creates value, how we look after that and how it can be destroyed,’ he says. ‘As risk professionals, we need to apply risk intelligence to include the impacts of things like climate change and cybercrime in our assessments, as well as less-visible threats.’
Thanks to the increasing availability of data, parametric insurance products are starting to fill the intangible gaps, especially for emerging risks in the environmental, social and governance space.
‘Rather than paying out on a claim for a specific loss, the insured receives an agreed amount when a predefined event occurs,’ says Kaspers. ‘This can help to smooth volatility, give insurers greater flexibility and make it easier for customers to plan. Claims can also be settled quickly because there’s nothing to assess.’
For the future, Peppler sees risk intelligence shifting from producing richer insights for executive audiences to achieving organisational outcomes, such as raising risk maturity and increasing broader organisational resilience.
‘To expedite this shift, I’m engineering better alignment between the informational, risk culture and risk capability components,’ he says.
‘In the first instance, these changes will influence the structural element of a risk intelligence capability and, subsequently, its portfolio of products and services.’
‘Risk intelligence can’t function in a highly controlled, hierarchical structure…everyone within an organisation should be encouraged to see managing risk as part of their job.’ – Nick Kaspers, Senator Risk Management
‘A presilience mindset achieves risk intelligence by overlaying the best of compliance and resilience with a focus on opportunity and positive outcomes.’ – Dr Gavriel Schneider, Risk 2 Solution Group
‘Risk intelligence helps us to pay fresh attention to what’s obvious but largely ignored.’ – Brett Peppler, Intelligent Futures
What does a risk-intelligent organisation do differently?
Brett Peppler, managing director of Intelligent Futures, shares four key features of a risk-intelligent organisation:
- Anticipatory management – Decision-making is forward leaning to reduce the likelihood of surprise.
- Business outcomes – The strategic dialogue shifts from risk aversion to opportunities, especially those risk that can and should be taken.
- Ways of working – Risk activity is embedded as a highly interdependent system of work, rather than a series of disparate tasks.
- Risk culture – Everyone understands the organisation’s approach to risk, takes personal responsibility for managing risk in everything they do and encourages others to follow their example.
Risk management vs risk intelligence
As Michael Auret, a partner at PwC Canada succinctly puts it, risk intelligence implies forward thinking, insight and value. Risk management suggests fixing a problem, being reactive and always looking over your shoulder.
Take artificial intelligence (AI), for example. According to Cem Dilmegani, founder of tech industry analyst AIMultiple, integrating AI into insurance processes can increase profitability by providing more accurate customer pricing and a reduction in fraudulent claims.
Balanced against these benefits are some risks — and Brett Peppler, from Intelligent Futures, uses this to illustrate differences between risk management and risk intelligence.
Risk management would be concerned primarily with technical risk in each AI project. This would include its impact on timely delivery and effective embedment to realise added business value.
Risk intelligence might incorporate a broader view, monitoring weak signals of algorithmic ambiguity within and across the AI projects — perhaps hidden in customer complaints data — which is likely to lead to expanded customer risk, unwanted regulatory attention and reputational damage.