How much does the job of CFO involve risk management? That’s a question that can yield as many answers as there are finance chiefs, risk managers and companies. For CFOs of small to mid-size firms, it may well involve the direct purchasing of insurance or the supervision of an insurance broker. At somewhat larger companies, corporate risk managers, charged with buying insurance, may report to CFOs, who manage the company’s risks from a more strategic perspective. The distance between the finance chief and the risk manager tends to broaden considerably at the largest companies, with the risk manager reporting to the treasurer, who in turn reports to the CFO.
Rarely, however, are they the same person. But that indeed has been the situation for Tarun Chopra for the last four years. Like many of his peers, Chopra, the CFO at Clements Worldwide, an insurance brokerage headquartered in Washington, D.C., that has an international bent, is responsible for finance, accounting, mergers and acquisitions, treasury matters and information technology.
That’s a normal run of CFO activities. What’s different for Chopra is his intense focus on compliance, regulation and, especially, risk management — which he calls the “shield” protecting all his other activities at the firm.
Before arriving at Clements, which has offices in London and Dubai, Chopra worked at Fannie Mae, where he learned a great deal about financial risk and crisis management. For a year during the financial crisis, in fact, he led the finance and accounting operations of the newly created HASP (Homeowner Affordability and Stability Plan) division within Fannie Mae. As the CFO of Fannie operations on the project from 2009 through 2010, he built a finance organization to manage, analyze and report financials related to $50 billion in projected U.S. Treasury payments.
Before that, he held financial positions at Whirlpool, rising to the post of interim controller. In a visit to CFO in April, Chopra explained his views on such matters as the changing nature of regulation, the difference between disaster planning and crisis management and how being the CFO as well as the risk manager may not be a contradiction in terms. An edited version of the conversation follows.
Describe your various tasks.
Clements does business in 170 countries, which means I have to keep track of all the regulations. The majority of my time is spent in the finance and accounting space as well as risk management, which is in itself now a whole body of work.
I characterize my job as being divided into three buckets. There is the financial piece of making sure we have proper audits and report our financials on time. And then there’s the business aspect: how I support the president and the CEO of the company and help improve the business model.
Shielding the other two elements is the risk management and compliance part of the job. The compliance part largely involves making sure that the business licenses we get from the U.K. Financial Conduct Authority [FCA] and the Dubai Financial Services Authority [DFSA] are in proper shape. The sales producers have to have get their own insurance licenses to sell the insurance. But from a company standpoint, I’m tracking all the licenses. I’ve got to make sure that everybody who gets on the phone has them, because not having one is big no-no.
[contextly_sidebar id=”e4709d30cb72f35865248744d6e6f0e5″]More broadly, our approach to risk management and regulation is that, rather than fighting regulatory compliance, we’ve embraced it. If you look at how regulation has trended, it used to be a cost of doing business. I think we’re now transitioning into a phase where it’s a business necessity to be good at it. We try to understand the underlying intent for any regulation to come out; regulators normally have a positive intent. But it may not be practical for them to think of all the possible implications of a piece of regulation, and that’s where you get into trouble. When you have a regulation that is incomplete or subject to unthought-of scenarios, you run into challenges. So I’m spending a lot of time on solving compliance disagreements among clients, underwriters and us. You have to have the confidence of your clients, be on good terms with the regulators and try to be a better business partner with the insurance carriers.
Do you provide coverage for corporations or for individuals?
We provide insurance solutions to businesses and individuals outside their home countries. At one end of the spectrum, we provide [life, health and auto] insurance for expats on assignment or “lifestyle expats” who are often post-retirement but may also be doing some work. A U.S. lifestyle expat might have homes in Italy and the United States and spend six months in each country: They’re not tourists, but they’re also not citizens of the foreign country. At the other end of the spectrum we provide kidnap-ransom coverage to corporations, security contractors, non-profit and charities in places including the Middle East and sub-Saharan Africa.
To what accounting regimes do you report, and what accounting standards do you use?
Since we’re a privately held, family owned company, we don’t file with the SEC. But we follow [U.S.] GAAP in the United States, since our parent company is headquartered here. In the United Kingdom we follow U.K. GAAP. Dubai is actually an anomaly. We thought we would have to file there in U.K. GAAP, but we were pleasantly surprised that they let us follow U.S. GAAP. That enables us to denominate our reporting in U.S. dollars as opposed to the dirham. From an accounting standpoint that is heaven, because I don’t have to do a double conversion.
Does your firm, which is in the insurance business, actually buy insurance?
We do buy kidnap-ransom, errors and omissions, and property insurance. But we buy it from our own brokers. Of course, we have go through the same underwriting process with insurers that any of our clients do. For us it is very important, both when we buy insurance and when we sell it to our clients, to remember that what really matters is what you’re doing in a particular place. We’ve got three offices in low-risk areas, but they’re different. For instance, our risk is much lower in the United States than it is in London and Dubai, because we aren’t regulated in the U.S. but are regulated in those other places. You should also be aware of whom you’re insuring, even in a low-risk place like the U.S. For example, diplomats aren’t very risky because they have diplomatic immunity. While employees of a service company might be more subject to greater liabilities than diplomats, their high levels of education make them a relatively low risk. With employees of oil and gas companies overseas, there’s an added layer of risk because you can be shut down tomorrow.
What’s your company’s approach to risk management?
In terms of risk management, as an insurance broker, we have to practice what we preach. The way we look at risk management is that any time a situation comes up, we look at whether it’s a disaster or a crisis. Both end up in losses – physical, personal or financial. The distinction is that a disaster is a single event, like an earthquake, flood or cyclone. A crisis is a situation which has happened and which is now out of control. So disasters are all about recovery; a crisis is all about management.
What’s the common ground between CFOs and risk managers?
One thing CFOs hate is variation, and risk management is all about reducing variation. At the end of the day, you’re both looking at expected losses. And the two elements of expected losses are: how likely is it that an event will happen and what will be the actual loss when it happens. Those are things a CFO is always worried about. If a plant in Nigeria or an oil field in Saudi Arabia is at risk of being damaged, what’s my loss on the books going to be? That’s the risk they’re trying to minimize.