29th August 2006 Chairman and Members Management Merger Steering Committee Mayban Fortis Holdings Berhad
POST MERGER RISK REVIEW REPORT AS AT JULY 31, 2006 1
OBJECTIVES To report the Management Merger Steering Committee (“MMSC”) on the outcome of the Post Merger Risk Review conducted between June to July 2006.
2
KEY SUMMARY RESULTS
3
2.1
Our review revealed that 26 out of 68 or 38% of the risk profile developed for the post merger exercise were rated as high (combination of QA & QB) which mainly contributed by IT (VC-1), Life Operations (VC-2) and Sales & Marketing (VC-5). (Refer to Appendix 1).
2.2
Based on the nett impact rating, the risk of IT system back end & workflow (Oi1101) had been classified as Catastrophic. In addition, we also noted that 5 other risks were rated under the Major nett impact classification.
2.3
On the overall risks assessment (evaluation and analysis), the risk Nett rating currently rated as high due to high probability of the causes for the critical risk factors identified to manifest and the detrimental impact of such manifestation. The primary reason of concern is due to ineffectiveness of the existing controls and high rate of incompletion of management actions proposed for risk mitigation and resolution purposes.
2.4
In addition, the immediate down side impact of the above would be slowdown of revenue making momentum and subsequently the inability to fully meet the value creation target of RM150mil. These can be observed as the three major risks components that are still in red relates directly to production making capability namely human capital, operation and customer. (Refer to Appendix 2).
2.5
In view of the above, the Risk Management team in collaboration with PMO had proposed for a formulation and implementation of post merger risk management exercise to ensure that ALL risks that threatened the achievement of the merger objectives is managed and mitigated accordingly.
BACKGROUND/INTRODUCTION 3.1
To ensure the achievement of the merger objectives, the PMO has established 7 Value Creation (VC) teams which currently undertaking approximately 159 initiatives, inclusive of 17 quick wins and 142 long term initiatives to realize the value creation plans and objectives.
3.2
These will benefits the MFHB overall merger objectives which to achieve the Profit before Tax (PBT) of RM500Million by financial year ended June 2009; that should be contributed by RM260Million and RM90Million of the existing revenue and forecasted
organic growth respectively. In addition, the total value to be created by the value creation exercise for the next 3 years is approximately RM150 million.
4
3.3
Nevertheless, The McKinsey Quarterly indicate that in the three years following a merger, only a mere 12 percent of companies grow more quickly than they had before. “Most sloths remain sloths, and many solid performers slow down”1.
3.4
The failure to oversight on other risks area such as loss of revenue and disruption of day-to-day business for example explain why so many mergers lose their revenue momentum and market share while concentrating on cost synergies or failing to focus systematically on post merger growth. In the end, coming up short on revenue targets or lost of customer based after a merger has far more serious effects on the bottom line than failing to meet planned cost savings.
3.5
In view to the above and as basis to move forward, the risk management team has conducted a risk profiling session with respective VC heads to profile and access the risks prevalent to their activities and subsequently prepare risk control and mitigation actions to be implemented.
STATUS OF POST MERGER RISK MANAGEMENT DELIVERABLES
4.1 Overall status of post merger risk Previous nett Rating2
Current Nett Rating3 Nett Rating
Nett Rating
9%
17% 28%
26%
29%
18%
34%
31%
QA
QB
QC
Analysis Previous Nett: The total no of risk initially identified were 724. Majority of the risks identified fall under the following components5, which represents approximately 70% of the total risks identified. o Operations/System o Customer/Business o Human Capital/People Distribution of risks under respective 1 2
QA
QD
QB
QC
QD
Analysis current Nett: The total no of risk after the 2nd review exercise were reduced to 68 (after moderation)7 The improvement of the Nett risks rating was mainly contributed by the effectiveness of the existing control in place and/or the implementation of proposed action plans either by respective VC, entities and PMO.
The McKinsey Quarterly: Keeping your sales force after the merger.
this rating reflects the exposure after evaluating the effectiveness of controls based on 1st review exercise in mid-April 2006 3 Current Nett these ratings reflect the current/latest exposure after evaluating the effectiveness of current actual controls and/or partial implementation of proposed action plans as at end of July 2006. 4 Refer Appendix 1: Identified risks based on risk quadrant 5 Refer Appendix 2: Risk prevalent to respective VC based on risk category Previous Nett
5
quadrants o QA6 = 26% (19 risks) o QB = 31% (22 risks) o QC = 18% (13 risks) o QD = 17% (18 risks). In general, the risk prevalent to the merger is inherently considered as EXTREME with >50% of the risks rated as Extreme and High.
Distribution of risks under respective quadrants8 o QA = 9% (6 risks) o QB = 29% (20 risks) o QC = 34% (23 risks) o QD = 28% (19 risks) In general, the overall risks related to the merger are still considered as HIGH 9. In view to the above assessment and as a basis to move forward, majority of the risk profile requires an urgent action to strengthen and further improvement especially on the People, System and Business issues.
RISKS HIGHLIGHT 5.1
Our risk profiling exercise revealed that 17 out of 20 key risks (based on Top 20 Nett Rating) within the Post Merger Risk Scorecard that been identified and raised were mainly contributed by the risk relating to; 5.1.1 People and Human Capital Risks Majority of the risks identified under this area were reflecting on the lack of effectiveness and/or delay in addressing the critical issues relating to;
Staff resignation that mainly due to uncertainty relating to new organizational structure, branding and perceptions on Takaful future operations as well as issues relating to remuneration and benefits package. In addition, issues relating to personal limitation & preferences, winner & loser perception and adaptability (sense of loss) had also been cited as contributing factors to this issue. During the first eleven months of the merger, 124 resignation cases were reported as compared with very minimum number on new recruitment for replacement. (For detail, refer to the separate paper on Staff Resignation issues)
Disruption of ongoing operational issues arising from delay in relocation exercise, delay in staff replacement of the vacant position/s, culture clash on work culture, values, management styles, norms and standards and ineffective coordination among entities
Loss of key staff to other competitors especially to the new Takaful operators.
Ineffective communication and/or lack of constant communication between management and staff relating to merger integration initiatives, plans, progress updates, programs and objectives. Occasional town hall meeting is good but obviously insufficient especially to the executive and clerical level.
6
Rating Legend QA = Very Significant or Extreme Risk QB = High Risk QC = Medium Risk QD = Low Risk 7 After Moderation: integration and/or combination of existing risks; and inclusion of new risks 8 Refer Appendix 3: Post merger risk matrix 9
Refer Appendix 4: Top 20 key risks within the scorecard ranked by the Nett ratings
5.1.2
System Risks
Undoubtedly one of the most feared, contentious and time-consuming aspects of this post merger integration exercise was the integration and harmonization of the information systems. From our review, we noted that key issues that been highlighted by the risk owners are as follows;
Lack of IT readiness in relation to system back-end support and workflow
Data quality and integrity risks
Delay in IT systems and/or automation initiatives
Non-integration of investment management system
Changes in data centre and new IT system
System connectivity and IT infrastructure in relation to relocation exercise
5.1.3
Customer and Business Risks
Based on the result of the risk assessment, 6 risks under the Customer/Business component classification were rated as high and majority of the risks were raised by the risk owners from Sales & Marketing (VC-5). Amongst the risks highlighted are as follows;
Integration between takaful and conventional been exploited by competitors
Loss of revenue due to unfavorable response of agents and customers
Reduced customer satisfaction due to centralization of operation
Loss of 3rd party banca partners or banca partners do not accept products
Lack of preparedness of agency force
Without effective and timely action to mitigate the risks will definitely impacted the overall revenue by reducing the business momentum and growth that may lead to inability to achieve the overall merger objectives. Early indication on such impact was reflected in the July 2006 production report as below;
Mayban Fortis Summary - July 2006 AMOUNT RM '000 Gross Written premium
YTD
SPLY
Budget
Vs
Vs
7/2006
7/2005
7/2006
SPLY
Budget
197,409
238,312
418,162
-17%
-53%
Mayban General Assurances (MGAB)
35,224
33,152
36,966
6%
-5%
Mayban Life Assurance (MLA)
34,241
66,668
245,138
-49%
-86%
6,967
5,646
8,570
23%
-19%
-
100
-100%
Na
Malaysia National Insurance Berhad (MNIB)
63,884
69,025
69,434
-7%
-8%
Takaful Nasional Sdn Berhad (TNSB)
57,093
63,721
58,053
-10%
-2%
Mayban Takaful (MTB) Mayban Life International (MLI)
-
6
CONCLUSION AND RECOMMENDATION 6.1 Failure to achieve merger objectives will pose a far reaching negative impact on key personnel, key clients, supplier (agency, broker & 3rd party banks), market share, reputation, day-to-day operation, operational efficiency, productivity and these can be translated into negative impact to the bottom line. 6.2 The timing between Mayban Fortis merger exercise and the issuance of the 4 new Takaful licenses by BNM also amplifying the push and pulling factor for staff resignation. Hence, posing unexpected obstacles in achieving the post-merger integration plans and objectives. 6.3 To effectively address the extreme and high risk issues, the Management via the merger PMO needs to formalize and ensure that timely implementation of the action plans proposed by the risk owners for resolution or mitigation of the identified risks. Each mitigation plans need to be consistently tracked and reported to MMSC. 6.4 In addition to the Risk Management analysis on the People/Human Capital risks, IT and Sales & Marketing should also conduct similar analysis on System and Business risks respectively. 6.5 The oversight functions namely risk management, compliance and internal audit must continue to play an active role to monitor and report the risks, particularly those that reside in QA & QB quadrants, on regular basis throughout the merger period.
Prepared by,
Recommended by,
ABD RAZAK SULAIMAN Head, Operational Risk Management Mayban Fortis Group
RAZIN MURAT Head, Risk Management Mayban Fortis Group
Appendix 1
Identified Risks Based on Risk Quadrants RISK RATING No
VC/FS QA
Gross QB QC
Nett QD
QA
QB
QC
QD
1
VC 1 - IT
2
5
-
-
2
5
-
-
2
VC 2 - Life
4
-
1
-
2
2
-
1
3
VC 3 - General
2
2
-
-
-
1
3
-
4
VC 4 -Takaful
1
2
-
-
-
1
2
-
5.
VC5 – Sales & Marketing
5.1
VC5_Alternative Distribution
-
1
2
6
-
1
2
6
5.2
VC5_Agency
3
3
5
-
-
4
7
-
5.3
VC5_Bancassurance
1
2
2
1
-
2
3
1
5.4
VC5_Branches
2
1
-
-
2
1
-
-
5.5
VC5_Enterprise/Corporate
2
1
1
2
-
-
-
6
5.6
VC5_Sales & Marketing
2
2
-
-
-
2
2
-
6
VC 6 - Investment
6
-
-
-
-
1
-
5
7
VC 8 - Property, Admin & Purchasing
-
2
2
-
-
-
4
-
25
21
13
9
6
20
23
19
TOTAL
Appendix 2
Summary based on Risk Components NETT RISK RATING No
RISK COMPONENT QA
QB
QC
QD
Overall Conclusion (Risk Indicator based on traffic light system) DANGER
1
Human Capital / People
3
2
3
2
DANGER 2
Operation / Process / System
2
9
9
5 DANGER
3
Customer/Business
0
6
5
3 CAUTION
4
Strategy / Corporate Governance
0
1
2
2 CAUTION
5
Product & Services
1
0
3
1 CAUTION
6
Model / Supplier
0
1
0
0 SATISFACTORY
7
Regulatory / Compliance
0
0
0
1
8
Legal
0
0
0
0
9
Financial
0
1
1
5
10
External
0
0
0
0
6
20
23
19
NA SATISFACTORY
Total
NA
Appendix 3
Overall Post Merger Risk Matrix
Corporate Risk Scorecard (Nett)
Almost Certain
Likelihood
Likely
Oi1101
Ci1103
Oi1103
Ci1102, Ci1104, Oi1129, Oi1111
Pi7101, Oi1131, Hi1109, Hi1110
Hi1119
Hi1122
Possible
Ci1111, Gi1102
Oi1104, Oi1107, Oi1112, Oi1113, Gi1103, Pi1105, Ci1116
Ci1101, Ci1105, Ci1106, Oi1105, Oi1106, Oi1119, Oi1121, Oi1122, Gi1104, Ci1112, Hi1120, Oi1128, Oi1130. Si1101, Fi1111
Unlikely
Ri2101, Gi1101
Hi1101, Oi1108, Fi1104, Hi1121, Gi1105, Ci1115
Hi1102, Oi1110, Ci1109
Rare
Oi1102, Fi1101, Hi1103, Fi1102, Fi1103, Ci1107, Ci1110, Fi1107, Oi1114, Fi1108, Oi1116, Pi1104, Hi1108, Oi1120, Oi1117
Insignificant
Pi1102, Pi1103, Ci1108, Oi1115, Oi1118
Minor
Moderate
Impact
Major
Catastrophic
Appendix 4
Reports On The Top 20 Key Risks Within The Post Merger Scorecard Ranked By The Nett Ratings