Roads to Resilience

committees to ensure “ … that we’re compliant from a regulatory standpoint, that we’re satisfied that we have the resilient controls in place to handle risks that face us in our business and we’re governing, we’re managing, we’re testing resilience ” (Executive Director, Commercial Lines Division of AIG UK). The company also reviews the control it has to deal with risks and ensures they are fit for purpose, “ We are trying to do this at various levels, we are constantly reviewing the controls we have at business level and provide a regular governance approach within the Executive level. We are always trying to improve our control indicators to see clearly that the controls we have implemented are working and within a timescale and that allow us to make key decisions if required. ” (Managing Director, UK). The organisation’s experience from the 2008 financial crisis (and the leadership of the CEO, Bob Benmosche) has had an effect on the way the company manages its business and also the approach to risk by the management team. This is a large organisation and in such an environment, risk management may become procedural with a focus on routines, paper or computer based procedures and also meeting regulatory standards. The normal approaches to risk management are useful, but they have a tendency to focus on the common known risks. The company uses the standard lines of defence but it supports these with other techniques, such as scenario planning. The AIG approach is more proactive, ensuring that they have early warning of problems, and also to be able to plan for those risks (not the common known ones), that would not be captured using the standard approach. The company has an open culture, where risk management is everybody’s responsibility, and employees are encouraged to raise concerns with higher organisational levels. Summary

101

Roads to Resilience: Building dynamic approaches to risk to achieve future success