THE HAMMURABI CODE

Rhodes>Business School>Latest News

Prof Owen Skae
Prof Owen Skae

Risk is on all our minds. And now that the virus hasn’t gone away, risk is a word we use more than ever before. The risk of contracting Covid-19, the risk to our health, livelihoods, economies, future, and, of course, the associated risk management. So let’s talk about the history of risk management and the implications going forward.

The history of risk management and insurance dates back to the ancient world and is well explained in a WSR Insurance company blog by Whit Thompson titled ‘How Insurance Began: 3000 Years of History’. He explains that “the first forms of insurance were recorded by the Babylonian and Chinese traders. To limit the loss of goods, merchants would divide their items among various ships that had to cross treacherous waters”. One of the first documented loss limitation methods was noted in the Code of Hammurabi, which was written around 1750 BC. “Under this method, a merchant receiving a loan would pay the lender an extra amount of money in exchange for a guarantee that the loan would be cancelled if the shipment were stolen,” Thompson writes. The Hammurabi Code was brutal in certain respects (such as if a son hit his father, his hand would be chopped off), but the risk insurance part of it was pioneering.

Methods of insurance developed through the centuries as the need arose to come up with mechanisms to safeguard people and the goods they were transporting from all sorts of risks, including robbers, pirates, storms and death. In 600BC we find the Greeks and Romans creating benevolent societies similar to the ones we have today, to take care of the families of deceased persons.

Thompson goes on to explain that modern insurance can be traced back to the Great Fire of London in 1666. He writes: “After it destroyed more than 30 000 homes, a man named Nicholas Barbon started a building insurance business. He later introduced the city’s first insurance business. Accident insurance was made available in the late 19th century, and it was very similar to modern disability coverage.”

Fire insurance in the US started in 1732 and in the 1800s, as insurance companies evolved, they started including various forms of coverage, including life insurance.

Come the 1940s and World War II, risk management included life insurance or ‘GI Insurance’ so that women whose husbands died in the war would be paid out. Car insurance is far more recent, and only became mandatory in the 1980s.

From its outset, risk management has been an ever-transforming business, but what we find today is that risk management hasn’t kept up with the rapid transformation taking place as a result of the current big-ticket issues affecting society globally such as Covid-19, climate change, biodiversity loss, inequality and poverty. This has created a situation where risk managers, instead of responding to transformation after the fact (such as introducing fire insurance after the Great Fire of London), have play a far greater role in the transformation process while it is happening, they have to be part of the advance guard, driving the process.

The Gartner Emerging Risks Survey, conducted by strategic consulting, research and advisory company Gartner, captures and analyses the opinions of senior executives in risk, audit, finance and compliance at leading companies.

In a Gartner article on top emerging risks for business leaders, contributor Justin Lavelle explains that the risk of a global second wave of COVID-19 topped the ‘risk list’ identified by senior executives in the third quarter of 2020. The US presidential election results also featured in the top five emerging risks.

Compare this to the fourth quarter of 2019 and the first quarter of 2020 when Covid-19 didn’t feature at all but a few months later, it jumped to the number one threat. In second position during this same period is the New Working Model which came about because of the pandemic, and the many emerging pandemic-related risks.

From an organisational perspective we know the first line of defence in managing the Covid-19 risk is mask-wearing, social distancing, and sanitising (though some people unbelievably still ignore this). Lavelle explains that risk management leaders in progressive organisations are taking the lead on a set of new issues created by the pandemic, such as how to manage the risks of employee non-compliance with health and safety guidelines or other signs of organisational negligence. “Progressive organisations realise that the New Working Model requires of them to go far beyond ensuring the health and safety of their employees to provide continuous guidance and support, to soothe anxiety and support appropriate behaviours.”

He quotes Matt Shinkman, Practice Vice-President, Gartner who says: “The largest implication for organisations planning around the second wave and related impacts is to ensure that they have not only adequate re-entry plans, but also ‘re-exit’ plans if the pandemic makes returning to physical office locations unsustainable.”

Adding to this, the question is once the pandemic is over, do we go back to the old way of working in offices, and no longer work remotely, or a hybrid system of working at home and flexi office shifts, and how does one plan for this?

And what if the need for human interaction overrides everything else? Bigger office space will be required as risk management will require that people still don’t sit closely to avoid any future outbreaks. But what if another wave of Covid-19 hits and people have to revert to working at home, and the bigger office then becomes a financially crushing white elephant?

Alternatively, if people continue to work from home or from smaller decentralised clusters, what are the implications of this? The answer is not easy or clear. What we will see is that risk management leaders globally are going to have to take the lead in pursuing a transformation agenda with changes pushed onto us as part of the new normal.

There is room to draw on the good side of this in that we are all in it together and the pandemic, together with the list of big-ticket threats facing the world, is bigger than any individual, society or country as the risks know no borders. Going it alone is not in anybody’s best interest and we should draw inspiration from the Babylonian merchants that if you are not prepared to share the collective risk then when something happens to you, you might find yourself alone, without friends or allies.

Without delay, there needs to be better management around a shared risk model globally, and how we are to share the risks collectively. It’s not to say that everyone is going to be thinking like this. Management consulting company McKinsey & Company’s risk division published an article titled ‘De-risking digital and analytics transformations’ by Jim Boehm and Joy Smith, which highlights a broad set of new (and expensive) risks:

“In a sense, the pandemic has set off the largest wave of digital and analytics transformations in history, compressing transformations that would have taken years into a few hectic months (or even weeks), often with little advance planning. Most organisations had some security policies and training in place before the pandemic struck. Few, however, had established detailed policies or training on how to safely set up a remote work space or think through other risks associated with the rapid acquisition and deployment of new tools.”

Risk management leaders have to play a far more fundamental role in shaping this, in a way that we haven’t imagined before. As Boehm and Smith explain: “Risk managers have an entirely new universe of risks to account for in hybrid and fully remote work environments. This includes combating employee disengagement, managing new cybersecurity vulnerabilities, and reassessing how performance is managed and graded. It’s vital for risk teams to have a seat at the table as new policies are being created and others rewritten by HR.”

They cite several examples of risk exposure: “A bank found that employees were printing documents on their home printers, thus running corporate data through unsecured home routers, which are notoriously vulnerable to hackers. Another firm expressed concerns about employees having “smart home” listening devices that could record discussions during video calls in executives’ home offices.” The McKinsey Global Survey looked at the risks facing digital and analytics transformations and how well companies are managing them. The survey found for example that 70 percent of the companies have developed new digital propositions and ecosystems and are changing their operating models to support agile changes.

However, the survey also found that companies’ risk-management capabilities are lagging behind their transformation efforts: “Organisations are transforming far more frequently than they are updating their risk frameworks to include new and exacerbated risks, and risk and legal professionals often operate in separate siloes,” write Boehm and Smith. “Hence, the risk infrastructure is not keeping pace with the innovation. Overall, most respondents assess their risk management maturity as average, but more than 75 percent have not conducted a formal, holistic risk assessment for half of their digital and analytics transformations. Surprisingly, 14 percent have never formally assessed the risks for these initiatives—a big oversight for established companies.”

This emphasises that the world needs to come up with a new risk system where risk management is keeping pace or leading transformation. They have to apply an holistic approach to manage the spectrum of big ticket risks, including climate change and biodiversity loss, and they have to do this at speed because time is not on our side.

When we look at biodiversity and ecosystem loss and climate change, for example, we are at huge risk of heading beyond the point of no return. What is important to recognise is that in the face these risks, as is the case with the Covid-19 pandemic, we are all in it together. The good ship Planet Earth has a leak, which is fast becoming a torrent and we are compelled to think about how to manage the risks in a holistic way.

We have to get serious about the science and stop being caught out by fake news. The threats from the pandemic, climate change and biodiversity ecosystem loss are real. We can no longer afford a situation where transformation takes place and then risk management catches up; they have to be managed in tandem. The challenge is to have the crystal ball to look into the future and look at both risk and opportunity. Then come out with a more universal approach where no person or organisation or company should benefit at the expense of others.

Thousands of years ago the Babylonians tried to achieve this. Granted, civilisations have come and gone, but some of what our collective forebears did, meant that the future generations are still around today. I wonder how it will look 3000 years hence if we don’t implement the collectivist actions now? Are we up to it? Maybe, maybe not, but the reality is we no longer have a choice.

Source: Tribe Business Magazine, Issue 6, 2021, pg 26-30