A Risk Management primer, for a new company landing and expanding in New York
Historically a melting pot, New York is a diverse metropolitan area, which translates well for entrepreneurs of all ethnic backgrounds. Of the approximately 8.5 million people living in the city, more than one-third are foreign-born, the highest rate in more than a century, according to data from the New York City Department of City Planning. Immigrants bring an entrepreneurial spirit and diligent work ethic to America’s shores. (2.)
Beware: The Risk-Reward Scenario… “What’s the big deal…? I’ll just buy insurance”…
When considering an international expansion, the correct research and planning are paramount…It’s easy to assume you know all about the USA, but do you understand the specific implications of the location you’ve chosen?
It’s important to remember that the US is a federal entity comprised of semi-autonomous states – each with their own system of laws and regulations (consider Automobile, Workers’ Compensation, and Directors & Officers Liability insurance, for example). It is vital to carefully research the state and federal laws and regulations of your prospective expansion destination.
Underestimating the differences
It’s important to research the specifics of the market you’re moving into. How does NYC differ from Silicon Valley…? If you think your business is offering a totally original and unique prospect for the US, it is likely that someone has tried it before. Don’t assume that your current approach can be transferred without any changes. Your business’s entire market approach will need to be reformatted to fit into your new environment. This may seem like an excessive task initially, but it has the potential to benefit you significantly in the long term…
Risk Management- often defined as “The reduction of uncertainty”…What are the key elements of the risk management process?
It’s a great question, and an important one… since crafting an effective Risk Management program protects a company’s brand & reputation, and… can even give it a competitive edge in the marketplace!
Risk is defined as the probability of an event and its consequences. Risk Management is the practice of using processes, methods and tools for managing these risks.
Risk management focuses on identifying what could go wrong, evaluating which risks should be dealt with and implementing strategies to deal with those risks. Businesses that have identified the risks will be better prepared and have a more cost-effective way of dealing with them. In the process of risk management…buying insurance is the last act!
The Risk Management process
A risk management process involves:
- Identifying the risks surrounding your business activities
- Determining the likelihood of an event occurring
- Implementing a plan to respond to these events
- Monitoring the effectiveness of your risk management approach
- Modifying over time, as needed to respond to the evolution of your business
As a result, the process of Risk Management:
- Improves decision-making, planning and prioritization
- Helps to allocate capital and resources more efficiently
- Allows you to anticipate what may go wrong, minimizing the amount of firefighting you have to do… or, in a worst-case scenario, preventing a disaster or serious financial loss
- Significantly improves the probability that you will deliver your business plan on time, and at budget.
Risk Management becomes even more important if your business decides to try something new, for example- launch a new product or enter new markets ie, New York!
Competitors following you into these markets, or breakthroughs in technology which make your product redundant, are two risks you may want to consider in cases such as these.
The types of risk your business faces
The main categories of risk to consider are:
- Strategic, for example- a competitor coming on to the market
- Compliance, for example- the introduction of new health and safety legislation
- Financial, for example- non-payment by a customer or increased interest charges on a business loan
- Operational, for example- the breakdown or theft of key equipment
These categories are not rigid and some parts of your business may fall into more than one category. The risks attached to data protection, for example, could be considered when reviewing your operations or your business’ compliance.
Other risks include:
- Environmental risks, including natural disasters
- Employee risk management, such as maintaining sufficient staff and, nurturing employee safety culture
- Political and economic instability in any foreign markets you export goods to
- Health & Safety risks
- CYBER Threats
How to evaluate risks-Develop a risk hierarchy
Risk evaluation allows you to determine the significance of risks to the business and decide to accept the specific risk or take action to prevent or minimize it…This is done with managers and supervisors from each department, as well as CFO and CEO.
To evaluate risks in order of magnitude, it is worthwhile ranking these risks once you have identified them. This can be done by considering the consequence and probability of each risk. Many businesses find that assessing consequence and probability as high, medium or low is adequate for their needs.
These can then be compared to your business plan, to determine which risks may affect your objectives, and further evaluated in light of legal requirements, costs and investor concerns. In some cases, the cost of mitigating a potential risk may be so high that doing nothing makes more business sense.
How to manage risks
There are four ways of managing each risk that you have identified:
For example-you may decide to accept a risk because the cost of eliminating it completely is too high. You might decide to transfer the risk, which is typically done via contractual risk transfer, or the purchasing of insurance. Or you may be able to reduce the risk by introducing new safety measures or avoid it completely by changing the way you produce your product. When you have evaluated and agreed on the actions and procedures to reduce the risk, these measures need to be put in place.
Risk management is a living process. Continuous monitoring and reviewing are crucial for the success of your risk management approach. All of this can be formalized in a risk management policy, setting out your business’ approach to, and appetite for risk. Risk management will be even more effective if you clearly assign responsibility for it to chosen employees. It is also wise to get commitment to risk management at the board level.
Choose the right insurance to protect against losses
Insurance will not reduce your business’ risks but you can use it as a financial tool to protect against losses associated with some risks. This means that in the event of a loss you will have some financial compensation. This can be crucial for your business’ survival in the event of, say, a fire which destroys a factory.
Some costs are uninsurable, such as the damage to a company’s reputation. On the other hand, in some areas; automobile for example, certain insurance is mandatory.
Insurance companies increasingly want evidence that risk is being well managed. Before they will provide cover, they want evidence of the processes in place to minimize risk. Ask your insurance adviser for advice on appropriate coverage for your business exposures.
Insurance products– for example…
- Property Insurance- for your buildings, inventory, machinery and equipment
- Business Interruption/Extra Expense– to insure against loss of profit and higher overheads resulting from damaged buildings, machinery,etc
- Liability insurance – Designed to pay certain compensation and legal costs that arise from negligence or breach of duty to 3rd parties, from your operations and/or products.
- Crime Insurance- to protect money & securities
- Director’s & Officers Liability Insurance- To protect the D’s&O’s as well as the entity from allegations of company mismanagement. Suits might arise from Competitors, Creditors, Regulators, or Employees
- Employment Practices Liability- For claims alleging Wrongful Termination, Discrimination, Sexual Harassment
- Cyber Risk Insurance- provides protection from privacy and network security threats, including risk management resources for pre and post loss objectives around mitigation and crisis management
- Key Man insurance- is designed to cover you for the financial costs of losing key personnel.
- Group Life Insurance- is provided by employers as part of a benefits package and pays out a lump sum to an employee’s family should the employee die.
So, what’s new…? How about an evolving approach to the reduction of uncertainty…think in terms of Enterprise Risk. Entities, including businesses, governments and non-profits, face an evolving landscape of environmental, social and governance (ESG) related risks that can impact their profitability, success and even survival. There is no universal or agreed upon definition of ESG related risks, which may also be referred to as sustainability, non-financial or extra-financial risks. Each entity will have its own definition based on its unique business model, internal and external environment, product or services mix, mission, vision and core values.
Why do environmental, social and governance related risks matter for organizations? Over the last several decades, and particularly the last 10 years, the prevalence of ESG related risks has accelerated rapidly. In addition to a clear rise in the number of environmental and social issues that entities now need to consider, the internal oversight, governance and culture for managing these risks also require greater focus. Over the last decade, these risks have shifted significantly. In 2008, only one societal risk, pandemics, was reported in the top five risks in terms of impact. In 2018, four of the top five risks were environmental or societal, including extreme weather events, water crises, natural disasters, and failure of climate change mitigation and adaptation. In the business world, this evolving landscape means ESG related risks that were once considered “Black Swans” are now far more common, and can manifest more quickly and significantly; enter the world of COVID-19! A report by the Society for Corporate Governance in the United States found that these issues often, although not always
- Derive from a risk or impact inherent in the core operations or products
- Have the potential to meaningfully damage a company’s intangible value, reputation or ability to operate
- Are accompanied by persistent media interest, organized stakeholders and associated public policy debates that could magnify the impact of a
company’s existing position or practice and increase the reputational risk created by a change in company policy or practice.
Given the onset of COVID-19 globally, we have now experienced a world of change in 2020, that will forever influence how deal with ESG risk into the future. (1.)
Case in point-Top 10 Challenges for UK companies after US expansion:
- Employees- Some of the most critical and potentially challenging assets in the early stages of a cross-border expansion
- Managing sales and contracting with large companies to protecting key intellectual property
- Essential considerations for UK companies when raising early stage investment in the US
- Litigation risk is higher in the US than in most other countries… Managing IP and other general US litigation risks
- Addressing critical US tax structuring and tax compliance issues
- Negotiating Technology Contracts with US Companies
- UK and EU startups expanding to the US should be aware of US data privacy regulations and whether their existing efforts will be sufficient.
- Making UK Equity Plans Work for US Employees: Know the rules and adapt your equity compensation plans to give you the flexibility to deal with cross-border issues when they arise.
- Termination of Employment Under US Law: It is never easy to fire people
- Managing Early-Stage Legal Costs, while staying within budget(3.)
This article has very kindly been drafted by Mark Niebuhr and the team at EPIC. EPIC support US corporates not only across America but also in their international land & expand plans. It is this latter aspect where Briars and the EPIC team work best together.
If you have any questions in connection with what follows then do reach out to us at firstname.lastname@example.org
(1.)Enterprise Risk Management- Applying enterprise risk management to environmental, social and governance-related risks- COSO October 2018
(2.)The best city for small business in America is not in Silicon Valley- CNBC May 2, 2017
(3.) ‘Expansion to the USA’ is part of the transatlantic partnership between Tech City UK and Silicon Valley-headquartered Wilson Sonsini Goodrich & Rosati.