When Greg Case, CEO of Aon, spoke at the INSEAD Leadership Summit in Europe two years ago, he warned that the magnitude and complexity of risk in the world today were increasing.
As was shown by the financial crisis, he was right on the money. To manage risk better across financial institutions, Case says companies must break away from their silo mentality.
Here are edited excerpts from Case’s recent Leadercast interview with Javier Gimeno, Professor of Strategy at INSEAD.
Javier Gimeno: Many people talk about motivation, charismatic leadership, the role of the CEO in motivating individuals and getting the most out of the corporation. Yet at the same time in times of crisis, people tend to change the way see leadership. There is a famous sentence of Lou Gerstner where right off taking over IBM, he said, "The last thing IBM needs is a new vision". So given your experience with companies in the context of risk, uncertainty and crisis, what is your perspective about whether leaders should change their leadership style in a condition of uncertainty and risk.
Greg Case: I would come back to first principles. What are you trying to accomplish as a firm? Changing strategy, changing course in a time of crisis, may exactly be the time not to do that. We came back to our guiding principles and essentially reaffirmed those guiding principles -- principles around client leadership, principles around people, and principles around operational excellence. And those three principles have guided Aon for the last four years and guided Aon well.
And what we've essentially said is, look those are the things that are going to drive our success. And our success is going to be measured in terms of our clients' success.
I can't imagine trying to change course in the context of a crisis. I can't imagine trying to re-communicate all the things you've got to do to communicate a vision, to communicate a DNA, an approach that you think is going to be compelling for your firm.
In the case of Aon, the exact things that help us serve clients distinctively are going to the same things in a crisis as they are in normal time. And we've reaffirmed those and driven those.
I would tell you lots of clients we work with take the same approach. And sometimes you have to adapt to specific situations that come up. But at its core, you rarely see a firm completely changing its strategy.
And even Lou Gerstner's assessment, knowing Lou, what he's really saying is, "We want to sell" at that point of time and not re-do the strategy. And in our case we want to come back to first principles, our real foundation around client service and client leadership which is the core of Aon. That's really what drives our leadership approach and what fundamentally drives my leadership approach.
Gimeno: So you see this an opportunity for consistency on the direction of your company and also the companies that you work with.
Case: Absolutely. It's much more about being consistent and maybe amplifying or pulling back a bit versus changing. That for our firm is critically important to have been able to maintain and build momentum in a time of crisis.
In many respects when you look at it, everyone's going through the same sets of pressure, same sets of issues. Navigating those in a very calm, clear way, in a way that's compelling for your colleagues and for your clients in the end can potentially differentiate you from competition in a crisis much more than differentiating you in normal times.
Gimeno: Now I would like to shift gears a little bit, to focus on risk management and your experience as the CEO of a leading risk management organisation. The current economic environment is worrying many people. And many organisations for the last 10-15 years, have been trying to develop a culture of innovation and entrepreneurship in their organisations. So that meant delegation, encouraging people to take risks. And then suddenly with this crisis, we have to build a culture of risk management. Do you think these two cultures are compatible? And if so, how can they be managed so that companies are good at taking risks, but are also good at managing those calculated risks?
Case: I don't see the difference. I don't see the dichotomy. I don't see the conflict. I absolutely understand what you're describing and I think most of the world would see it as a conflict. We, at Aon, do not.
Risk leadership, risk understanding is really about opportunity. Most view risks through the eyes of downside. You pick up the paper and you see what's going on, that's risk. That's downside. It's not the case.
Leaders in companies who really understand risk, see opportunities where other people do not. They take action when other people, other firms do not. Risk becomes opportunity. Risk helps companies decide they want to invest in foreign countries that no one else wants to invest in. Risk, understanding risk mitigation helps companies expand in ways they might not have otherwise expanded before. Risk helps companies -- risk understanding helps companies to do capital allocation and make decisions around how to invest they might not otherwise done before.
For us risk is very much about opportunity. So, in fact, doing and achieving what others can achieve with less risk, with less volatility is a very powerful thing. Being able to take action that others won't take because they're paralysed and you're not, and you can move forward in a very thoughtful way, is very powerful. So we see it exactly the opposite.
As companies and as clients become more interested in how to think about risk today, we talk to them about how to do that in a context of opportunity, not in a context of pulling back. That's why for us it's not a conflict. It's highly complementary. And as companies think about it as a conflict, we think they're going to do themselves a disservice. It should very much be about opportunity as much as it is about downside protection.
Gimeno: Now in managing both sides, the entrepreneur, the opportunity and the risk, there are different approaches on how to implement risk management. I’d like to discuss the recent experience of the banking sector. I’d say the banking sector probably was leading in terms of the adoption of sophisticated quantitative risk management techniques. So they saw different regulations of capital requirements, and they evaluated that risk. And yet we see that many of these very sophisticated tools were not effective. How do you make sense of that reality and were they not using the right approach to risk management? Or were they ignoring or missing one dimension that was important?
Case: It's very difficult inside of an organisation to really understand integrated risk across an organisation. Risk often evolves in very specific silos within the organisation and you make decisions in those silos and you don't fully understand what's happening across those silos.
And in the financial institutions world you've clearly seen that's the case -- not only in the financial institutions but also with the regulators and the rating agencies. All three, all of us have taken a view that's much more of a narrow view. And when you add up the narrow views you have incredible precision and often inaccuracy.
One great statistic if you think about the rating agencies, is imagine, there are 10-12 triple-A rated companies in the world – or there were a year ago - but there are 50-60,000 triple-A rated instruments. Somehow as you think about how all that comes together, every one of those decisions I can almost assure was made in a very good way, in a silo, in a vacuum.
But when you step back and look at it holistically it's really hard to reconcile the two. The same instruments out of institutions -- individual decisions get made with high degree of analytics and technique, but when you look across the organisation you get an overall outcome and an answer that's not always the right answer.
Gimeno: So it seems that probably what is needed is some more organisational embedded approach to risk management.
Case: We often spend time with our clients around the organisational implications, how you make decisions that drive better performance. Because in the end when you think about all the different discussions that you can have out there on risk, if at the end of the day you don't make a set of decisions which provides a better set of performance outcomes -- income, balance sheet, and volatility -- you haven't really accomplished what you want to accomplish.
And one of the impediments of that is organisationally, how organisations think about risk together. Is it owned by the CFO? Is it owned by the risk manager, the treasurer, the CEO, the operating leaders? Where is risk really owned in an organisation and how do you collectively make the right set of choices?
Many times clients have a great answer. But it can't be implemented because of the organisational challenges in the context of that. And that's a shame because they have everything right. They really just don't have the organisation set up to accomplish what they need to on behalf of their decision making. We often talk to clients about that.
Gimeno: Beyond the role of the management, there is an issue of governance, the role of the board in providing the monitoring and assessment of the risk of the organisation. You mentioned uncertainty about who owns the risk management agenda. Do you think this is mainly the board’s responsibility, management's or is it a shared responsibility?
Case: Boards basically have decisions oversight around CEO leadership, oversight around company ownership, oversight around strategy depending on which side of the ocean you're sitting on, in terms of overall agendas. And boards more and more are being asked to or being required to understand overall risk. What are the issues that could actually change the course of a company? And that's something that boards have to be able to look into and understand and we're seeing that more and more today.
Gimeno: One of the things that we have seen on both sides of the Atlantic is especially given the economic environment, is a tendency to look for increased regulation as a way to solve some of the financial crisis and economic crisis. What is your perspective on the effectiveness or regulatory solutions to problems of risk management?
Case: I, again, would be very careful to put the causes to the current situation on any one thing. And certainly I wouldn't put it on a failure of regulation, or a failure of leadership or a failure of approach. But really when you put it all together we all bear a responsibility, across the board, for all the different pieces.
And understanding how regulators and rating agencies can play a more significant role in helping industry make the right set of choices in an integrated way, you have to imagine is going to be part of the outcome, certainly in the near term, a critical part of the outcome.
Gimeno: So, in terms of the ideal risk management organisation, if you could see 5-10 years down the road, the company that is going to lead in terms of its ability to manage risk in an integrated way, manage both the technical part as well as the organisational dimension, what would that company look like, in terms of the management and the leadership?
Case: I don't think there's going to be a quintessential kind of prototype that everyone says here's the approach, fit in with the approach and you're done. It's too complex a world. Companies are in very, very different situations. However there will be a set of principles that you can imagine you might fall back on. And one is a real understanding, a holistic understanding of the things that are going to impact income, balance sheet strength and volatility.
What are the items in the context of our firm where we stand right now that are going to impact that the most and our ability to sustain as an ongoing firm, an ongoing company? A real grounding and understanding of that is critical. Does your firm have that, yes or no?
And having had that understanding clearly laid out, what are the items that are going to impact our success against a set of measures? How are we going to manage that? How are we going to operate in our firm in an integrated way, not just from a risk standpoint, or operational risk standpoint but overall how are we going to do that and how are we going to provide governance and oversight against that process.
You could imagine that by the way you could operate those three – the diagnostic, how you're going to actually get it done, and how you're going to provide oversight in very different ways. But winners, those who use risk in a way to drive performance and attack opportunity are going to have all three of these areas in the context of what they do, would be our guess.
Javier Gimeno is the Aon Dirk Verbeek Chaired Professor in International Risk and Strategic Management at INSEAD.