When Greg Case, CEO of Aon, spoke at the Insead Leadership Summit in Europe two years ago, he warned that the magnitude and complexity of risk in the world today were increasing. As was shown by the financial crisis, he was right on the money. To manage risk better across financial institutions, Case says companies must break away from their silo mentality. Here are excerpts from Case's interview with Insead.
Many people talk about motivation, charismatic leadership, the role of the CEO in motivating individuals and getting the most out of the corporation. Yet at the same time in times of crisis, people tend to change the way see leadership. There is a famous sentence of Lou Gerstner, who right after taking over IBM said: "The last thing IBM needs is a new vision." So given your experience with companies in the context of risk, uncertainty and crisis, what is your perspective about whether leaders should change their leadership style in a condition of uncertainty and risk.
I would come back to first principles. What are you trying to accomplish as a firm? Changing strategy, changing course in a time of crisis, may exactly be the time not to do that. We came back to our guiding principles and essentially reaffirmed those guiding principles – principles around client leadership, principles around people, and principles around operational excellence. And those three principles have guided Aon for the past four years and guided Aon well. And what we have essentially said is: "Look those are the things that are going to drive our success. And our success is going to be measured in terms of our clients' success." I cannot imagine trying to change course in the context of a crisis. I cannot imagine trying to re-communicate all the things you have got to do to communicate a vision, to communicate a DNA, an approach that you think is going to be compelling for your firm. In the case of Aon, the exact things that help us serve clients distinctively are going to the same things in a crisis as they are in normal time. And we have reaffirmed those and driven those. I would tell you lots of clients we work with take the same approach. And sometimes you have to adapt to specific situations that come up. But at its core, you rarely see a firm completely changing its strategy. And even Lou Gerstner's assessment, knowing Lou, what he is really saying is, "we want to sell" at that point of time and not re-do the strategy. And in our case we want to come back to first principles, our real foundation around client service and client leadership, which is the core of Aon. That is really what drives our leadership approach and what fundamentally drives my leadership approach.
So you see this an opportunity for consistency on the direction of your company and also the companies that you work with.
Absolutely. It is much more about being consistent and maybe amplifying or pulling back a bit versus changing. That for our firm is critically important to have been able to maintain and build momentum in a time of crisis. In many respects when you look at it, everyone's going through the same sets of pressure, same sets of issues. Navigating those in a calm, clear way, in a way that is compelling for your colleagues and for your clients in the end can potentially differentiate you from competition in a crisis much more than differentiating you in normal times.
Now I would like to shift gears a little bit, to focus on risk management and your experience as the CEO of a leading risk management organisation. The current economic environment is worrying many people. And many organisations for the past 10-15 years, have been trying to develop a culture of innovation and entrepreneurship in their organisations. So that meant delegation, encouraging people to take risks. And then suddenly with this crisis, we have to build a culture of risk management. Do you think these two cultures are compatible? And if so, how can they be managed so that companies are good at taking risks, but are also good at managing those calculated risks?
I do not see the difference. I do not see the dichotomy. I do not see the conflict. I absolutely understand what you are describing and I think most of the world would see it as a conflict. We, at Aon, do not. Risk leadership, risk understanding is really about opportunity. Most view risks through the eyes of downside. You pick up the paper and you see what is going on, that is risk. That is downside. It is not the case. Leaders in companies who really understand risk, see opportunities where other people do not. They take action when other people, other firms do not. Risk becomes opportunity. Risk helps companies decide they want to invest in foreign countries that no one else wants to invest in. Risk, understanding risk mitigation helps companies expand in ways they might not have otherwise expanded before. Risk helps companies – risk understanding helps companies to do capital allocation and make decisions around how to invest they might not otherwise done before. For us risk is very much about opportunity. So, in fact, doing and achieving what others can achieve with less risk, with less volatility is a very powerful thing. Being able to take action that others will not take because they are paralysed and you are not, and you can move forward in a very thoughtful way, is very powerful. So we see it exactly the opposite.
As companies and as clients become more interested in how to think about risk today, we talk to them about how to do that in a context of opportunity, not in a context of pulling back. That is why for us it is not a conflict. It is highly complementary. And as companies think about it as a conflict, we think they are going to do themselves a disservice. It should be about opportunity as much as it is about downside protection.
Now in managing both sides, the entrepreneur, the opportunity and the risk, there are different approaches on how to implement risk management. I would like to discuss the recent experience of the banking sector. I would say the banking sector probably was leading in terms of the adoption of sophisticated quantitative risk management techniques. So they saw different regulations of capital requirements, and they evaluated that risk. And yet we see that many of these very sophisticated tools were not effective. How do you make sense of that reality and were they not using the right approach to risk management? Or were they ignoring or missing one dimension that was important?
It is very difficult inside of an organisation to really understand integrated risk across an organisation. Risk often evolves in very specific silos within the organisation and you make decisions in those silos and you do not fully understand what is happening across those silos. And in the financial institutions world you have clearly seen that is the case – not only in the financial institutions but also with the regulators and the rating agencies. All three, all of us have taken a view that is much more of a narrow view. And when you add up the narrow views you have incredible precision and often inaccuracy. One great statistic if you think about the rating agencies, is imagine, there are 10-12 triple-A rated companies in the world – or there were a year ago – but there are 50-60,000 triple-A rated instruments. Somehow as you think about how all that comes together, every one of those decisions I can almost assure was made in a very good way, in a silo, in a vacuum. But when you step back and look at it holistically it is really hard to reconcile the two. The same instruments out of institutions – individual decisions get made with high degree of analytics and technique, but when you look across the organisation you get an overall outcome and an answer that is not always the right answer
So it seems that probably what is needed is some more organisational embedded approach to risk management.
We often spend time with our clients around the organisational implications, how you make decisions that drive better performance. Because in the end when you think about all the different discussions that you can have out there on risk, if at the end of the day you do not make a set of decisions which provides a better set of performance outcomes – income, balance sheet, and volatility – you have not really accomplished what you want to accomplish. And one of the impediments of that is organisationally, how organisations think about risk together. Is it owned by the CFO? Is it owned by the risk manager, the treasurer, the CEO, the operating leaders? Where is risk really owned in an organisation and how do you collectively make the right set of choices? Many times clients have a great answer. But it cannot be implemented because of the organisational challenges in the context of that. And that is a shame because they have everything right. They really just do not have the organisation set up to accomplish what they need to on behalf of their decision making. We often talk to clients about that.
Beyond the role of the management, there is an issue of governance, the role of the board in providing the monitoring and assessment of the risk of the organisation. You mentioned uncertainty about who owns the risk management agenda. Do you think this is mainly the board's responsibility, management's or is it a shared responsibility?
Boards basically have decisions oversight around CEO leadership, oversight around company ownership, oversight around strategy depending on which side of the ocean you are sitting on, in terms of overall agendas. And boards more and more are being asked to or being required to understand overall risk. What are the issues that could actually change the course of a company? And that is something that boards have to be able to look into and understand and we are seeing that more and more today.
One of the things that we have seen on both sides of the Atlantic is, especially given the economic environment, is a tendency to look for increased regulation as a way to solve some of the financial crisis and economic crisis. What is your perspective on the effectiveness or regulatory solutions to problems of risk management?
I, again, would be very careful to put the causes to the current situation on any one thing. And certainly I would not put it on a failure of regulation, or a failure of leadership or a failure of approach. But really when you put it all together we all bear a responsibility, across the board, for all the different pieces. And understanding how regulators and rating agencies can play a more significant role in helping industry make the right set of choices in an integrated way, you have to imagine is going to be part of the outcome, certainly in the near term, a critical part of the outcome.
So, in terms of the ideal risk management organisation, if you could see five-10 years down the road, the company that is going to lead in terms of its ability to manage risk in an integrated way, manage both the technical part as well as the organisational dimension, what would that company look like, in terms of the management and the leadership?
I don't think there's going to be a quintessential kind of prototype that everyone says here's the approach, fit in with the approach and you're done. It's too complex a world. Companies are in very, very different situations. However, there will be a set of principles that you can imagine you might fall back on. And one is a real understanding, a holistic understanding of the things that are going to impact income, balance sheet strength and volatility.
What are the items in the context of our firm where we stand right now that are going to impact the most and our ability to sustain as an ongoing firm, an ongoing company? A real grounding and understanding of that is critical. Does your firm have that, yes or no?
And having had that understanding clearly laid out, what are the items that are going to impact our success against a set of measures? How are we going to manage that? How are we going to operate in our firm in an integrated way, not just from a risk standpoint, or operational risk standpoint but overall how are we going to do that and how are we going to provide governance and oversight against that process.
You could imagine that by the way you could operate those three – the diagnostic, how you're going to actually get it done, and how you're going to provide oversight in very different ways. But winners, those who use risk in a way to drive performance and attack opportunity are going to have all three of these areas in the context of what they do, would be our guess.
Greg Case
CEO, Aon
Case is President and Chief Executive Officer of Aon Corporation, the leading global risk, reinsurance and human capital services firm. He is also a member of the company's Board of Directors.
Before joining Aon, Case served on the Governing Shareholder Council and headed the Global Insurance and Financial Services Practice at McKinsey and Company, a leading international management consultant. Prior to McKinsey, he worked for the investment banking firm of Piper, Jaffray and Hopwood as well as the Federal Reserve Bank. Case holds an MBA from Harvard Business School and graduated summa cum laude from Kansas State University.
Keep up with the latest business news from the region with the daily Emirates Business 24|7 newsletter. To subscribe to the newsletter, please click here.