In the next in our Q&A series we get the benefit of Fraser McLaren’s considerable expertise on risk management in the global market place, compliance, the ubiquitous Bribery Act and more. Fraser McLaren is Head of Business Risk at Centrica.
Tell us more about the challenges a global organisation with suppliers all over the world face in terms of risk management.
Centrica has an increasing portfolio of supply and service arrangements in offshore country locations such as India, South Africa, Poland and Portugal. Offshoring carries a number of risks including exposure to political risk, natural disasters or breakdown of critical infrastructure. The impacts of these risks can be varied, but could include supply shortages, price increases or damage to the company’s brand and reputation. We manage risk at all stages of the supply chain from checking whether potential suppliers meet our corporate responsibility criteria, ensuring adequate contingency arrangements are in place during the contractual phase and monitoring them through news feeds, country alerts and other third-party and supplier intelligence.
We regularly review country risk and have contingency plans in place to ensure that, at a potential time of chaos, we’re able to protect people and, financial and physical assets in the supply chain. We also take a very proactive approach to supplier risk, particularly in light of global economic conditions, including regular financial health-checks of our key outsourcing partners. We’re also recognised as thought leaders in the development of outsourcing/offshoring best practice by the National Outsourcing Association and have picked up three awards in the last three years. The latest award came at the European Outsourcing Summit, where we were presented with the ‘BPO Contract of the Year Award’ for our partnership with our outsourcing partners EXL.
What compelled you to employ a confidential, independent Whistleblowing Hotline, and in particular, Expolink’s?
Centrica is committed to operating professionally, fairly and with integrity wherever we work in the world and we have a set of business principles which set out the behaviour and standards we expect from all employees. If employees do have any concerns about any possible improper, unethical or illegal practice within the organisation, we want to know about it as soon as possible. While we encourage staff to raise any concerns in the first instance with their line manager, we recognise this might not always be possible and that’s where Expolink comes in. We officially launched the service back in 2007; since then I’ve worked with the Expolink team as we’ve changed the way we transfer data between the two parties and also developed a number of new and innovative ways of keeping the service visible.
Where does the Hotline fit in with your compliance strategy and what benefits have you noted?
Compliance is just one strand of our overall business principles that set out the standards we expect and which all employees must work to at Centrica. We actively encourage staff to share their opinions, ideas and concerns, be it through team meetings, briefing sessions, at events or even through suggestion schemes. Overall, I think that staff do feel they can do so openly and our internal employee engagement scores and high entries in externally Best Place to Work competitions suggest we’re getting things right. The hotline is another method open to employees to raise any concerns they might not feel comfortable raising through another channel. The outcomes of the investigations into any allegations raised via the hotline have also led to a number of business changes including improvements to security measures and a review of some sales and expenses processes.
How do you communicate/market the Hotline service throughout Centrica?
In line with best practice outlined in the Whistleblowing Code of Practice, we regularly promote awareness of the hotline. Examples are displaying posters, articles on our internal intranet, reminders on plasma display screens throughout our calls centres, making sure the hotline is covered in our employee induction material, printing the hotline number on name badges and carrying out periodic surveys to test people’s awareness of and confidence in the hotline arrangements and then publishing those results. We also took the opportunity to raise awareness of the line and promote the value through our anti-bribery communications programme.
As a global organisation what impact do you think the Bribery Act could have on Centrica?
If anything, the arrival of the Bribery Act has underlined the importance of the hotline. The first of Centrica’s business principles deals with ‘integrity in corporate conduct’ which commits us to implementing anti-corruption policies and procedures. Our second business principle ‘ensuring openness and transparency’ commits us never to engage in bribery, any form of unethical inducement or payment including facilitation payments and ‘kickbacks’. We expect employees to report actual, potential or suspected corruption in Centrica or by any individual or organisation Centrica does business with.
Section 7 of the new Bribery Act which introduces the offence of failing to prevent bribery has implications for all commercial organisations. Although as an organisation we always endeavour to operate ethically, the new legislation resulted in a significant piece of work taking place in developing adequate procedures. Centred on the 6 principles outlined in the UK Government guidelines this included embarking on a detailed risk assessment programme across the business, updating group policies, introducing even more stringent due diligence processes, especially concerning supply chain and mergers and acquisitions, and reaffirming our measured approach to gifts and hospitality. An eLearning training package was also developed and successfully delivered.
What are the key tools for identifying business risk in the energy sector?
There isn’t one key tool for risk identification, and these identification methods aren’t unique to the energy sector; there are a number of different methods of identifying risk. These might include workshops, brainstorming exercises, interviews with key stakeholders, the use of checklists or benchmarking with other organisations. More recently, and perhaps linked to the pace of change in the external environment, for example events in Japan and North Africa and well-publicised cyber attacks, we’re tasked with bringing more of an external challenge to our risk profile. This can be done in a number of ways, for example reading news articles or attending industry benchmarking or discussion groups.
As Europe becomes more integrated, working practices change fast and often affect more than one country at a time. How do you keep abreast of what affects you and your company?
It’s important that Centrica gives proper consideration to the risks inherent in sourcing services from a variety of locations around the globe, not just in Europe. We try to ensure processes are in place to monitor potential threats to the delivery of products or services to our customers. This includes monitoring elections, changes in executive and legislative power, labour union activities, internal politics and regulatory stances, as well as international relations. We also have a cross-group committee that meets regularly to discuss emerging risks and to develop a consistent approach to managing supplier risk in the company. The increasing focus on our corporate responsibility obligations and commitment are also drivers for building a cohesive approach.
What is the split between energy regulatory compliance risk management and generic operational risk? And has this changed over the years?
Centrica and the energy sector in general, are subject to significant levels of regulatory oversight covering issues such as retail competitiveness and energy market reform. The picture can be even more confusing in North America where legislation or regulation can vary by state and province. To help mitigate these risks, we develop internal policy, and externally, engage with government, regulators, parliament and media to help build knowledge and understanding among our key stakeholders. Compliance risks are picked up as part of our wider operational risk process, but they also receive additional scrutiny from the general counsels of each of our main business units.
If you could give one bit of advice to a counterpart in risk, what would it be?
Keep the process simple. The real value of risk management comes not from the process itself or any complicated assessment methodology, but from the conversations that take place to review these risks.
