With the economy continuing to improve, merger and acquisition activity has been heating up. But after a successful transaction is completed, the hard work of integrating the two companies begins. A typical consideration in any transaction is cost reduction, including eliminating duplicate staff, assets, real estate and IT systems.
As these issues cross the risk manager's desk, they often include the question of what to do when the newly combined organization has two risk management information systems (RMIS).
In evaluating the combined organization's RMIS, there are a number of considerations. Topping the list is the new company's risk management and insurance strategy. If a large firm acquires a much smaller firm, integration is usually simpler. Either the small firm operates independently as it did prior to the combination-but under the new ownership structure-or it simply adopts processes and systems from the larger firm.
Integration is more complex when two larger firms combine because there are often significant cost savings and operational efficiencies to be gained by looking at both companies for best practices to implement across the combined organization. This certainly applies to how the company plans to organize and direct its risk management department, and the RMIS needed to support that strategy.
When businesses combine, there are generally three dimensions to the risk management strategy for the new company to determine:
1. Is risk management and insurance a centralized or decentralized activity? Companies have different strategies for how to best manage staff functions, such as marketing, human resources, finance and insurance. Some businesses push this work close to the country- or operating company-level, while others elect for more centralization and control.
These decisions also dictate the process flows for various risk management activities, including claims reporting, values collection, certificates, employee training, audits and enterprise risk management. Of course, RMIS provide a range of valuable benefits when risk management decisions are decentralized. They are critical when the function is centralized, however, simply because of the large amount of data that must be collected, managed and processed.
2. Are claims managed in-house, or outsourced to an insurer or TPA? Particularly among businesses for which the cost of risk is a significant percentage of operating profit, many companies manage claims in-house rather than outsource to a third-party administrator. Some RMIS are more adept at claim processing than others, so it is important for the new company to determine its approach going forward before deciding on a system.
3. Does the company plan for long-term relationships, or to frequently change brokers, insurers and TPAs? One of the most important tasks performed by RMIS is to integrate data across vendors to provide a single repository of claims and other risk data. Thus, after a merger, it rarely makes sense to maintain two separate systems. Nonetheless, short-term fixes are possible while the two systems either are merged or replaced with a new system that more effectively meets the needs of the combined enterprise.
The cost and ease of transferring data from one system to another depends on both the system itself (as some are more difficult to extract data from) and the contract with the vendor. Some providers include data extracts, while others may require a separate fee and contract for this work, adding time and expense.
Firms involved in cross-border mergers or acquisitions often have another consideration with respect to their RMIS. Different countries have different laws and regulations about "personally identifiable information." The European Union and the United States have agreed on a "Safe Harbor" framework for merging the two regulatory systems through the use of common data protection standards, and some RMIS vendors are Safe Harbor-certified.
Making a Change
Following a merger, integration budgets are a cost-effective way for companies to pay for one-time costs that produce long-term operational savings. Given the expanded capabilities offered by new technology, many combined firms explore new RMIS when both merging companies have older legacy systems.
Indeed, technology is changing rapidly, and newer developments such as cloud computing and software-as-a-service models offer increased opportunities for distributing information across the organization. Specific applications may support enterprise risk management initiatives and regulatory compliance while providing more effective benchmarking and facilitating predictive analytics as well as a range of process improvement measures.
In procuring a new RMIS, the risk manager will typically join in the decision-making process with IT and finance. When there are different opinions on topics such as cloud computing, the choice made by the combined company generally reflects the views of the executive staffing the relevant departments.
To make sure the selection of a new RMIS meets current and projected needs of a combined risk management function, it is important for the risk manager and relevant parties to examine all their options.
In some instances, businesses limit their choices to the vendors associated with their existing systems. However, any RMIS implementation is going to involve a significant investment in time and money, so it is well worth the extra effort to examine all options.
The good news is that market terms for buyers have been steadily improving and currently include service-level agreements. While some RMIS vendors still do not allow for free return of data as part of standard contracts, others now do.
By keeping options open and taking a longer view of the needs of their newly combined entities, risk managers will put themselves in a position to make the best choice for the organization. At the same time, they will enhance their ability to deliver consistent value across the enterprise, as data and information needs evolve along with the risks they must help navigate.