SMEs mainly focus on risks that are obvious but unlikely, such as fire. Some risks are less obvious but may have serious consequences.
People are far more empowered today than before. The relationship between employees and employers has changed considerably as a result. Employees are far more prone to fight their dismissal or to lodge a complaint against their managers than before. This new empowerment comes with a price tag. It implies additional legal costs and possibly even penalties.
Companies conveniently assume that fraud is an external threat, but the enemy sometimes comes from within. Moreover, internal fraud is a typical risk for small and medium-sized enterprises, precisely because of the focus on trust. Some employees dare to betray this trust. They have their hands in the till, sell machine parts, or pass on sensitive data to the competition for payment. There are various reasons for susceptibility to fraud. First of all, people today are not as loyal as before. SMEs also have fewer rules and procedures. That freedom opens the door to abuse.
Insolvency among customers and suppliers
Insolvency is and remains a substantial risk, especially after the crisis. Companies do not dwell nearly enough on the fact that customers can go insolvent. Insolvency has dramatic consequences for your profit margin. Suppliers may also be affected, which can seriously threaten your production process. After all, it is not an easy task to quickly find a new raw materials supplier. Companies are well advised to purchase external data about their partners, especially if you do business abroad.
Companies depend on other partners in order to operate. Problems with suppliers may thus impact on their internal functioning. Imagine if an important supplier's machine breaks down, and you are left without raw materials. Companies must assess their full value chain in order to detect possible risks. Bear in mind that your customers may also have problems. For example, a fire at your most important partner can prove to be a major spanner in the works. You can include an additional clause in your business interruption loss policy so as to receive compensation if your supplier is affected by fire.
Like people, companies are fallible and thus occasionally make errors. These errors can cause damage to third parties. The resultant claims can range from several thousand to possibly millions of euros. For example, an engineer could have made a calculation error in the design of a new production line. Apart from material damage to the assembly line itself, there may also be financial losses due to production stoppages.
Caution with contracts
Nearly every contract that companies enter into has a clause on liability. This describes each party's responsibilities. Companies pay scant attention to this, even though the contractual consequences may be significant. An excellent example is a lease for a crane. The lessee is usually responsible for any damage to the crane, which can be very costly. Study the liability clauses thoroughly as they can have a serious effect on your company's financial health.
By political risk, we mean all events that may prevent your foreign customers from being able to pay or your foreign partners from being able to produce. These may be purely political events such as a war or revolution, but may also be natural disasters, economic difficulties, or government decisions that complicate trade. For instance, import permits may suddenly be withdrawn. Belgian companies have a strong international orientation and are thus well-advised to have insurance against political risk.
“The polluter pays” is a well-known principle. Restoring the environment to its original state is a costly business. A few dozen litres of oil can cause hundreds of thousands of euros of damage.
How to reduce your financial risks with hedging techniques
Central banks worldwide are stimulating the economy with cheap money. This leads to a false sense of security in the financial markets.
After all, any news - positive or negative - can trigger severe market fluctuations. Companies run substantial interest rate and exchange rate risks as a result, even though they are not always aware of this. Fortunately, there are financial techniques to hedge these risks.
A recent study by BNP Paribas Fortis and ATEB, the association of corporate treasurers in Belgium, speaks volumes. Barely 51% of the 402 companies interviewed have the same risk tolerance today as in 2008. This is a surprising finding because risk managers are dealing with a complex and therefore more unpredictable economic context in 2015.
“Today, financial risks, especially systemic risks, are more difficult to manage than five years ago,” says Eric Charléty, head of the Business Development department of the dealing room. “What if the interest rates suddenly start to rise? Many companies have taken out loans with a variable interest rate, because they assume that interest rates will remain low. But that choice exposes them to a substantial risk. As soon as rates rise, you have a problem.”
Exchange rate risk is often underestimated
Besides the interest rate risk, most companies are also exposed to a significant exchange rate risk, because they import and export goods or have partnerships with companies outside the Eurozone. According to Eric Charléty, Belgian entrepreneurs often take a very narrow view of financial risks:
“Sometimes they do not look further than what is on paper, for example that their invoice must be paid within 30 days. But if the payment is in Pound Sterling, the profitability of the transaction will largely depend on the conversion into euros. In this case, it is certainly a good idea to hedge yourself against the exchange rate risk in advance.
Even so, very few companies manage to successfully link their risk management to their strategy. They assume all too often that they only run risks if they do business outside the Eurozone. This is incorrect; a broader perspective that takes due account of the competition is needed. Even a company that only does business in the Eurozone has to deal with competition from outside it. Due to fluctuations in foreign exchange markets, a British or Japanese competitor may suddenly be cheaper.
That makes risk management a key factor of the business strategy, on par with target markets, products, and value chains. Good knowledge of the competition, their exposure to risks, and how they manage them is just as essential to the success of the company.”
Hedging = avoiding risks
The good news is that companies can hedge or cover the interest or exchange rate risk of a particular transaction by entering into a separate contract with a third party. In practice, this third party is usually a bank and the contract itself is called a ‘derivative’. Certain risks are placed with the bank through such a contract. Eric Charléty sees two major advantages in this:
“Banks are better informed about exchange rates and interest rate developments than companies. It is their core business. Banks are moreover able to spread the risk better. An individual company cannot beat the law of large numbers.”
Companies have different options for hedging their risks. They can agree in advance on a fixed exchange rate with the bank. By way of example: Company A sells goods for USD 100,000 to company B. A receives payment a month later. The US dollar can fluctuate greatly in the meantime. A can play things safely and agree on a fixed dollar rate with its bank today. A then knows exactly how many euros it will receive. The risk of a fall in the exchange rate then lies fully with the bank. The bank charges a premium for this. Although this sounds attractive, Eric Charléty warns against a possible competitive disadvantage:
“If you fix exchange or interest rates, you are less flexible. You can no longer profit from positive market developments. If your competitors follow the same strategy, there is no problem. However, if they do not fix their exchange rate, they can enjoy and benefit from exchange rate fluctuations.”
Instead of fixing the exchange rate (and thus limiting its flexibility), A may choose to ‘cap’ the rate. A can then profit from any depreciation of the dollar, while any increase is capped. Just as in the case of insurance, you have to pay a premium for such protection. However, this is not necessary. A can also avoid paying a premium by choosing a third option. In that case, you allow the rate to fluctuate between a predetermined lower and upper threshold.
“Every situation is different and so the most appropriate solution is not always the most obvious. You can combine different building blocks with each other. Choosing a derivative is customised by definition,” concludes Eric Charléty.
Do’s and don’ts of hedging
- Evaluate your exchange and interest rate risks and place your risk management in a strategic framework.
- Try to understand market trends and bring your risk management into line with them.
- Speculating is out of the question: do not offset your operational losses against exchange rate gains.
- Make provision for cover, however limited, to stabilise your results and make you less dependent on markets.
- Do not let the complexity of derivatives put you off: the legislator obliges financial institutions to practice transparency.
How to secure your business?
Insurance should be a company's last line of defence. However, many risk managers follow the opposite reasoning. They sign a policy and think that is the end of the story. Bart Cuypers of Aon advises caution and advocates a structured approach.
Many companies act like families in relation to insurance. They insure themselves against standard risks, such as fire, occupational accidents, and liability. There is nothing wrong with this per se. After all, the material damage after an incident is compensated. But as Bart Cuypers of Aon points out, the risk does not stop there:
“If your family home goes up in flames, you live in a hotel temporarily or move in with friends. But what happens if your factory is reduced to ashes? Or if your most important machines break down? Where and how are you going to carry on production? Companies think everything is under control once they sign an insurance policy. But they overlook what is known as consequential damage.”
Expect the unexpected
According to Bart Cuypers, companies all too often cover themselves against low-impact risks, leaving themselves uninsured against larger risks:
“Companies in the food sector, for example, forget that a production error can have serious consequences. They must organise an expensive recall action, there is marketing and reputational damage. Briefly put, an error can cost you a lot of money. Yet the directors' cars all have full comprehensive insurance, even though an accident will only set you back about EUR 40,000. Companies often fixate on minor damage, while you should be considering what can really go wrong if the impossible happens.”
Do not opt for an easy solution
Bart Cuypers also warns against standard insurance policies. While these are excellent for families, they are inadequate for companies because they exclude the real risks of doing business. According to Cuypers, companies frequently opt for an easy solution. They hand over their risk management to an external partner that is then given carte blanche. Not a good idea, it turns out:
“Many SMEs operate in a specific niche or certain countries. That implies certain risks are not obvious. It is not easy for an outsider to identify those risks. The company must take the lead itself and establish its own weaknesses. It can only do that exercise itself.”
Last life buoy
Is a company's only option then to take out a large and expensive insurance package? Bart Cuypers does not think so. On the contrary:
“Insurance is actually a company's last resort. Companies are well-advised to rather work on prevention. By creating procedures, putting alternative plans on paper. You can spend a fortune insuring yourself against cyber fraud, but you can also take preventive measures. Or you can already plan today where you are going to produce if your factory burns down. As an entrepreneur, you need to be forward-thinking, including with regard to any setbacks. But most companies hardly free up any time for this, which is logical because it is unlikely to occur and you still have your routine tasks to complete.”
Risk management is customised by definition. It is practically impossible to use a step-by-step plan that can be applied to every company. Nevertheless, Bart Cuypers gives some good general advice:
“Companies can start by identifying their risks as best as possible. That is a long-term exercise involving many parties. People on the shop floor, for example, can provide valuable information. Then check how likely it is that the risks will actually occur, and estimate the financial impact of each risk. The company can then decide whether and which action is necessary. Focusing on prevention, or taking out more insurance. It may also opt to do nothing. That is a legitimate choice, certainly if it has sufficient reserves and the impact is low.”
These insurance tips will earn you money
- Dare to take a large excess. Many companies opt for an excess of just a few thousand euros for a potential claim of EUR 2 million. This is offset, however, by a very expensive premium.
- Sufficient size? Diversify your own risk. A transport company with 200 lorries does not need full comprehensive insurance on all of them. Smaller players cannot take that risk.
- Pay attention to market trends. Many companies are looking for solutions. Increased interest translates into lower premiums, as insurers are better able to spread their risk. Not long ago, garden company greenhouses were practically uninsurable, while prices are now decreasing.
- Keep an eye on your damage statistics. Otherwise you run the risk of insurance companies charging more expensive premiums. Try to learn lessons from claim incidents.
- Constantly pay attention to risk management. It is simply not enough to review your policies every five years.
Focusing on fraud prevention pays off
Fraudsters are becoming ever more inventive in their attempts to con private individuals and entrepreneurs. A healthy dose of vigilance can prevent a lot of distress.
Six most common fraud techniques
- Fake transfers
Fraudsters send fake transfers to the bank in the name of an organisation. Signatures on payment orders are perfectly forged and can scarcely be distinguished from the original.
- Forged invoices
Fraudsters intercept outgoing invoices from a company. They change the account number of the beneficiary and send the 'adapted' invoice to the customer or bank, which then pays into the fraudulent number.
- Social engineering
This fraud technique is based on manipulation and breach of confidence. Fraudsters firstly gather personal information about their victim on social media or Google. They then contact the victim, posing as a help desk worker, for example, and try to get the victim to reveal sensitive information such as passwords or account numbers.
A specific form of social engineering used by criminals to "fish" for personal data, mainly by e-mail, that enables them to steal money from a bank account at a later stage. The fraudsters often play on the feeling of fear of their victims: they warn them, for example, that there is a threat of their account being closed.
Hackers install a virus on your computer. That program observes what you do and collects all types of data. During an online banking session, the hacker can display a pop-up in which you are asked to insert your PIN code for example.
A new fraud technique by which a fraudster arranges to be hired by a company in order to learn its payment and monitoring procedures. After a few months, the fraudster makes large payments to his own account and then disappears from the scene.
How to teach fraudsters a lesson
Fraud prevention does not have to be expensive or high-tech. Being alert and responding decisively is key.
- Raise your employees' awareness: The best form of fraud prevention is to raise awareness among potential victims. Make your employees aware of the real risk of fraud. Convince them of the need to regard business data as company property. Also encourage your employees to be critical towards everything that differs from the normal state of affairs.
- Be vigilant for suspicious behaviour: Look out for sudden changes among your customers or suppliers. Focus particularly on deviations from payment details. Example: if a supplier asks you to pay into a foreign account. Contact your customer or supplier, preferably people whom you have known for years and trust.
- Do not allow any phishing of your data: Banks never ask your for personal details by e-mail or telephone. You can assume such questions come from fraudsters. Other indications are poor language, an incorrect form of address, or the fact that the e-mail ended up in your spam folder. Mark these as unwanted messages in your e-mail program. Report the misuse to your internet provider, so the sender can be blocked.
Protect your IT systems
- Install an anti-virus program and firewall on your computer(s) and update these systematically.
- Never respond to any questions by telephone. Again: your bank will never ask you by telephone for a code or any confidential information.
- Going to do online banking? Only open the program concerned. Close all other sites.
- Never click on links that refer to the website of a bank, especially if they have been sent by e-mail.
Coping as a business with geopolitical risk
William De Vijlder, Group Chief Economist, BNP Paribas zooms in on increasing geopolitical uncertainties.
The slowdown of the global economy which became increasingly visible in the second half of last year has many causes, but there is broad agreement that rising trade tensions, import tariff hikes and concern about the pace of US monetary tightening acted as clear headwinds. In Europe, Brexit-related uncertainty played a role, as well as sector-specific issues, like new emission standards for the automobile sector. Clearly, uncertainty, in various guises, was a big issue: uncertainty about the economy (the international consequences of China’s slowdown), about economic policy (the Federal Reserve’s monetary stance), about political decisions (soft or hard Brexit, Italy’s budget) and about geopolitics (considering that the build-up of commercial tensions between China and the US is about more than the bilateral trade deficit).
Geopolitical uncertainties on the rise
Whereas economic, economic policy and political uncertainty tend to come and go, depending where we are in the economic and political cycle, research based on media coverage of geopolitical tensions shows that geopolitical uncertainty has on average been higher since the turn of the century compared to the 1990s. This higher average is associated with an increased frequency of uncertainty spikes, triggered by events like 9/11, the Iraq war, the Arab spring, the Crimea, Syria, terrorist attacks, etc. These events illustrate that geopolitics now covers a broad range of issues, well beyond the older concept of how nations project their power internationally and react to the behaviour in this respect from other nations.
Empirical research shows that an increase in geopolitical risk weighs on industrial production, employment, international trade, consumer confidence. Moreover, whereas certain events can have a short-lived economic impact, because after a spike, uncertainty drops quite quickly, geopolitical threats (without an event necessarily occurring) can cause a sustained increase in uncertainty and hence have a longer lasting impact. This issue of resolution of uncertainty (“how much longer do we need to wait until we know the outcome?”) has been clearly visible in the reaction to the postponements of Brexit day.
A top priority?
Newspaper articles about geopolitical risks may be numerous but, judging from the mapping in the Global Risks Report 2019 of the World Economic Forum, companies are, in recent years, more concerned about climate change and cyberattacks. In the assessment of their likelihood and impact, they score above average, whereas issues related to geopolitics score around average. This is still sufficient for companies to pay particular attention to it, given the macroeconomic headwind coming from protracted uncertainty or the possible non-linear consequences of risk events. The list of questions to be tackled is long but, as usual when dealing with uncertainty, it is about how can uncertainty be monitored, what is my exposure and how can I manage it. The monitoring is the easier task of the three, considering that there is no lack of research on geopolitical topics. High quality, media-based uncertainty indicators are even available for free on the internet.
“The tensions between the US and Turkey in the summer last year turned out to be short-lived, but they remind us of the necessity to define in advance how to cope with short-lived versus sustained increases in geopolitical risk. “ William De Vijlder, Group Chief Economist, BNP Paribas
Direct and indirect exposure
Assessing the exposure is already more complex, in particular when dealing with indirect exposure. Moreover, one should not only assess where geopolitical threats or events can impact your business, but also, and this is the more difficult question, to which extent.
Direct exposure is about: does geopolitical uncertainty influence how and where I produce (which commodities, which intermediate inputs, how complex a global value chain); does it influence the markets into which I sell; does it influence my financing costs, my access to financing, the use of my cash-flow, the repatriation of foreign profits?
When analysing indirect exposure, the questions ultimately are the same, but the channels are different, more complex and hence challenging to assess. Globalisation has enabled companies to broaden their customer base and lower their cost base, but, with a slight exaggeration, it implies that anything can hit them anywhere. When the US and China are negotiating on trade, it can end up impacting third party countries when it leads to trade diversion (the innocent bystander syndrome). There can be political contagion with unrest in one country spreading to other countries which suffer from similar problems. Financial markets can act as an accelerator or a channel of transmission. The increasingly harsh tone between the US and Turkey in the summer of last year unnerved international investors and contributed to the significant weakening of the Turkish lira. It also raised concerns about financial contagion to other emerging market currencies. Eventually, the tensions turned out to be short-lived, but they remind us of the necessity to define in advance how to cope with short-lived versus sustained increases in geopolitical risk.
Accepting or avoiding the exposure
“Coping with” can mean to just accept it as a fact of life, to build a robust strategy which takes uncertainty explicitly into account or to simply avoid the exposure. Accepting the exposure could make sense if, all in all, the financial impact of risk events would be rather limited. The cost of protracted uncertainty can be taken into account by using a sufficiently high return on investment target before committing money.
Avoiding the exposure could be justified if the trade-off between return and (tail) risk is unattractive, if it would trigger a disproportionate attention by shareholders or creditors, if attractive alternatives to grow the business are available, etc. ‘Avoiding’ could also mean ‘waiting to decide on an investment’ but this raises the question of the opportunity cost of waiting. If a company was contemplating to build a factory in the UK before the Brexit referendum, is there an opportunity cost to waiting for the type of Brexit when alternative locations, outside the UK, are available? When time is money, waiting ends up being expensive.
The question of building a robust strategy is the more interesting and challenging one. It starts from the observation that we are (or need to become) active in a country (e.g. because it is a huge market or because it is key to remain competitive) but that this could increase the exposure to geopolitical risk. In designing a robust strategy, different scenarios are analysed and eventually, the chosen approach should do well under a multitude of environments, without being optimal in any specific one, simply because, in deciding under uncertainty, we are (by construction) not in a position to anticipate which one will materialise. Ongoing geopolitical risk monitoring will allow to plan for corrective action if need be as time goes by.