Risk Manager Profile: François Malan – A man for all seasons
François Malan, chief risk and compliance officer at Eiffage and Private Sector Risk Manager of the Year for 2020 in the European Risk Management Awards organised by Commercial Risk and Ferma, has followed a route from lawyer and technical insurance specialist to full blown corporate risk manager with leading French multinationals. Adrian Ladbury interviews Malan about the evolution of his role and the profession in recent years.
Malan never planned to be a risk manager but, like so many of his peers, says that he fell into the job by accident.
“I am a lawyer and in my first role insurance came with the job. At that time, risk management was not an issue and nobody knew what it was. Insurance management was all there was,” explains Malan, taking part in our Risk Frontiers Europe survey of leading risk managers across Europe.
In his next job at luxury goods company Hermes, as director of insurance and prevention, broader risk management came into the role. “I was responsible for both insurance and prevention and so I followed the development of the risk management evolution generally,” says Malan.
“My next role was at real estate company Nexity, where I was director of risk management including risk mapping, assessment and management. Compliance and ethics were also added. So, I became a risk manager by accident, but the fact is you should look to add skills and develop as your company needs it and develop yourself too,” he says.
Malan says that merging risk and insurance management makes sense because the two, formerly often strictly divided areas, are so interdependent.
The changing nature of risk and rising insurance protection gap has also helped drive the evolution of the profession, says Malan. “I estimate that 80% of our risk is now not insurable and so we need to find other ways of mitigating the risk. Risks have definitely become more difficult, and the insurers are not so keen because it is more difficult to evaluate them, more uncertain. It has become more difficult to predict accumulations,” he explains.
ESG risk
The rise of ESG and greater demands on corporate governance has also driven the evolution of the risk and insurance management role, broadening the brief and pushing the position up the corporate agenda, says Malan.
“I had to create a new role within my team for ESG. The compliance officer now must help with anti-corruption, which is a major issue regarding the strengthening of obligations. The General Data Protection Regulation (GDPR) is another important area, as well as the environment and human rights along the supply chain. This all falls into my area and forms part of the risk map,” he says.
“You must set precedents for the group and ensure that all employees are aware of the risks and ethics. The insurers are also asking a lot of questions about ESG and broader areas such as whether you are doing business in Russia or what is your cyber security policy. They don’t want to issue policies until these questions have been answered and so it’s no longer just a price guarantee,” continues Malan.
Call for standardisation
As with many other insurance buyers, Malan would like to see some form of standardisation in the way these questions are asked and presented to make life easier and more consistent for all. He also wonders exactly how much of this information is really used currently.
Theoretically, risk managers should also be asking insurers about their ESG performance when working out where to place their business. But, according to Malan and many of his peers, this is not really happening yet.
“We are not yet really asking about the ethics of the insurers, perhaps partly because we know them and perhaps also because coverage has been so difficult to secure in recent renewals. At this stage of the market, we have less control of selection,” he says.
The evolution of Malan’s job over the years is a perfect example of how the wider risk and insurance profession is evolving, and changing for the good. It has taken a long time. I recall writing about the potential for insurance managers to become true risk managers at board level almost 30 years ago, and there has been frustration about the lack of progress. But it seems that globalisation, the rise of technology and a run of crises has forced the issue at long last.
