Risk Veteran Eamonn Cunningham Shares His Thoughts on a Successful Risk Management Career

As this year’s RIMS Harry & Dorothy Goodell Award recipient, Eamonn Cunningham keeps in mind how far he’s come and what he is still meant to do within risk to help the profession thrive.
By: | March 28, 2024
Topics: Q&As | Real Estate | RIMS

Every year, one risk manager is honored as the RIMS Harry & Dorothy Goodell Award recipient. It’s a tribute to an individual who lives the values of risk management through service and dedication, honoring their long, successful career. 

This year, Eamonn Cunningham has been selected as that recipient —  based in Australia, he is the first risk professional outside of North America to receive the distinction.

Cunningham earned a degree in commerce and started his career in accounting. In 1986, he joined the Westfield Group/Scentre Group and began working his way to the position of vice president of global risk management, and ultimately chief risk officer in 2005. 

After a 30-year career with Westfield/Scentre Group, he retired in March 2016, though he remains active in the risk management community as a consultant. 

Risk & Insurance sat down with Cunningham to discuss his successes in risk management, his view of technology and the profession, what risk is getting right and how others can learn from his time in the community.

Risk & Insurance: Can you share with our readers a little bit about your insurance background? How did you find yourself in this industry? 

Eamonn Cunningham: Long story short, after university, I got a commerce degree, ended up in accounting and became a chartered accountant. I was with Pricewaterhouse, and they told me, “We’re going to send you to Sydney or Toronto, so go home and talk to your wife and tell us tomorrow which it will be.”

We opted for Sydney, where I did a two-year rotation. Sydney I fell in love with the Australian lifestyle. And I ended up spending the rest of my life here in Australia.

After Pricewaterhouse, I joined Westfield, a global shopping mall operator involved in development, design, construction, build, lease manage the whole kit and caboodle. I initially became the CFO of their domestic REIT. Then they asked me to look after the administration function. So I dived into that, and that was primarily involved with procurement of insurance.

I noticed that we were missing a beat; we were not properly preparing ourselves for the whole world of risk management, and what we were doing was relying solely on the risk transfer principle of buying insurance as being the be-all, end-all when it came to risk management.

The more I delved into it, the more I saw that there was a wonderful world of risk management out there that we just weren’t tapping into at all. So my start at Westfield became my own personal journey into risk management.

R&I: You’ve had a very accomplished career, as honored by the RIMS Harry & Dorothy Goodell Award this year. What are some highlights that you feel have defined your career?

EC: As a risk manager, I have a couple of career highlights that I reflect fondly on. One in particular stands out: In July 2001, I was called into my boss’s office, and I was told that I was taking over the additional responsibility for risk management of Westfield’s operations in the U.S.

Three weeks later, Westfield closed a deal to acquire a long-term interest in the retail Prince precinct, at the base of the World Trade Center Twin Towers. And one month later, I happen to find myself in New York, looking at our brand new shopping mall.

Then came the tragedy for all of us 9/11. So in a very short period of time, I found myself in the U.S., and then suddenly, I had the biggest issue of my career. Incredibly challenging. And ultimately, I spent 15 years, in the immediate aftermath, on the legal and other process. I found myself immersed in the legal process associated with the insurance claim, many day-long depositions, ultimately, became the third witness in the World Trade Center property trial in New York.

Another moment, as our operations moved into other regions like I started off in Australia, then became responsible for our operations in New Zealand, Malaysia, and ultimately, London, Europe, the U.S., and then finally Brazil and South America — and what really gave me a big challenge was dealing with these diverse cultures, making sure that everybody understood each other. Like I always say, just because everybody in the room speaks English, that doesn’t mean everybody understands each other and they don’t. So, exposure to so much culture, and risk culture on top of that, it just has always been a part of my life. It’s challenging, but it’s so rewarding when you get it right.

The last one I want to mention is mentoring rising risk professionals, which I enjoy so much.

R&I: What is the risk management community doing right? 

EC: The life of a risk manager in a corporation, in my mind, is a rather lonely one. You’re the technical risk expert, and everybody would come calling on you, but they have a challenge. So otherwise, they aren’t visiting — unless you organize your relationship with your coworkers properly.

One of the things a risk manager should try to do is reach out of that silo and share the risk-aware message to the entire business. Some risk managers have the soft skills to do that. And they are incredibly successful. Some choose to stay in their risk management ivory towers and not interact properly. To my mind, they’re doomed to failure.

Technical skills are very important. But soft skills are even more important, because if you don’t have the right soft skills, your message won’t get out there. And it won’t resonate with the people on the ground. And I noticed that there’s a move to re-orientate the focus and the emphasis on soft skills development amongst risk professionals.

R&I: How could the risk management community improve? 

EC: More structured networking opportunities, for example. I almost felt quite lonely myself at the beginning [of my career], until I started talking to people.

It would be great if the risk management community just emphasized this message — to create your own network of peers whom you respect.

And join associations. I’ve been a member of RIMS about 25 years. Find associations compatible with your own networks, particularly networks of people who are in the same industry as you … you can read all the textbooks in the world, but you’ve got to collaborate with your peers — and at that, peers you respect.

It’s up to the risk management community, ultimately, to ensure that rising risk professionals, our students, are told to make sure to collaborate with others as part of their own professional development

R&I: You spent a good deal of time as a chief risk officer for Westfield/Scentre Group. What makes a good CRO? What should someone in that position be thinking about for their company? 

EC: It’s what my dad told me, and he said, “Son, you’ve got two ears and one mouth. So listen more than you speak.”

I follow that through today. You do not go into a room full of your coworkers without checking your ego at the door. If you go in, and you stride around the room in a pompous fashion and give them a lecture on risk management, you’re doomed to failure. 

I was fortunate in that I spent 30 years with Westfield, so I knew every part of the business, inside out, in all regions. If you don’t know the business almost like the back of your hand, how can you possibly look for respect or be seen as credible? You don’t have to be the world’s expert at leasing design and construction and development. But at least you know the basics, the fundamentals, and you have an insight into the challenges.

Knowing the business and collaborating, you can only be as successful as the quality of discussions you have with your coworkers. As a CRO, you have very little authority, and therefore, you have to use knowledge, backed up with being able to inspire people to adopt the risk-aware message.

The other aspect, of course, is the CRO presence you aspire to. It takes some time, but you want to be seen by the CEO as his or her personal risk advisor. That doesn’t come easily; they can be skeptical. 

When it comes to strategic risk management, which is a particular hobbyhorse for me, you want to be at a point where people will say, “We’re looking at doing a major deal. And if it goes and we get approval, that will probably close in three months time. We’d like you to be a part of the process to perform a degree of strategic risk management to make sure that when we’re making those core fundamental decisions, we have a risk perspective at the table.”

The CRO becomes another data point to help make a better decision. This is opposed to you getting called in by the CEO or the CFO and they say, “Hey, five minutes ago, we just closed a major deal. And you need to go out and see if there’s any issue.” Clearly, it’s far better for the organization to be in the mindset to reach out beforehand, rather than hear the news five minutes after the ink has dried on the paper. 

R&I: What drove you to lobby the Australian government regarding the ARPC [Australian Reinsurance Pool Corporation]? Can you share what it was like to work with officials as a risk consultant? 

EC: After 9/11, the first thing that happened was that as quickly as possible, all the property carriers invoked terrorism exclusions on their property policies, which, for a real estate company, is just something that can’t happen. [When that did happen,] the business world reached out, saying “So what are we doing?” I got on the phone very quickly. In fact, I was back in the U.S. 10 days after 9/11, reaching out to my network.

I already had contacts with very reputable risk managers running the risk management departments of very large real estate enterprises in the U.S. We got together on a call to see if we could form an industry captive to provide terrorism cover, because there was almost no stand-alone terms of covering at the time. And the rates that were being offered were just unbelievably high. Just incomprehensible.

We spent some time modeling all of this, and at the end of the day, it didn’t come to pass, because running industry captives — and particularly in terms of allocations of premium or processing claims — can be challenging.

At that time, moves were being made through various real estate institutes throughout the U.S. to lobby government. [During that time,] I stayed in the background, because you couldn’t have an Australian citizen at the front lobbying the U.S. government, and that was fine. But I learned through the process, and that became the building blocks of the initial Australia legislation in 2002.

I had the background as part of that lobbying effort in the U.S. What I learned was that back in Australia, where we had 40 shopping malls, the risk of terrorism was just as acute as it anywhere else in the world. We [the real estate risk community in Australia] started agitating for government to create some form of backstop, because there was no way that the large insurers were going to fully underwrite terrorism.

We’re talking about billions of dollars of damage. And we started working more with the shopping centers, attending town hall meetings. The government didn’t have the risk skill set, so it brought consultants in — risk managers around town, like myself — and said, “What’s the best way to structure this? And how can we come up with a blueprint that we bring through the federal treasury?”

It was a challenging time. Ultimately, we came up with a solution that works for all. It was a long process, but we got there.

R&I: Has technology changed the game for risk management? How so? 

EC: The short answer? Yes.

But the longer answer is, yes, but technology also delivers new challenges.

Even the rookie risk manager will say that you can use spreadsheets or sophisticated risk management software to deal with the massive amount of data for your risk assessment process. I get all of that. But I suppose for me, it’s important that when you are looking at technology  quality, incredibly useful tool that it is it is not the be-all and end-all for risk management.

Technology is wonderful — don’t get me wrong. But there’s another aspect to it, and that is subjective assessment. [For example,] earthquake risk in California and the coast. We have shopping malls running up and down the coast in California. Hundreds of billions of dollars at risk. And of course, we model earthquake simulations, which gives a data analysis on the probabilities [of a quake]. It’s data that’s been around for a long time, so there’s good quality historic data. So it’ll likely have high competence. But ultimately, when I sit down with the CEO or the CFO, and they ask if our confidence level is at 100% based on the data findings, I would say no.

My view is that there is a place in this discussion for subjective assessment; it is an additional data point.

The other thing I’d add is that we’re going into generative AI. It’s absolutely the flavor of the month. Everybody is looking at what the risks are, and there’s probably like 50 layers to it. We’re only beginning to scratch the surface. And, of course, AI itself is morphing day by day. There is no history, so therefore, if you’re not using subjective assessment, you’re opening up to unknown risk.

R&I: You’ll be receiving the RIMS lifetime achievement award at RISKWORLD in San Diego this year. What are you most looking forward to at the conference? 

EC: It’s an incredible honor for me, particularly as the first person outside of North America to receive it, so that’s unbelievable. It’s a very prestigious honor. But when I looked at it, I said to myself, “While I will accept this incredible honor, I must never lose sight of how I got to where I am today.”

Going back to our earlier conversation, it was all about the networks, particularly my personal network that I created for myself. And some of those people will be in San Diego. So I look forward to meeting with them, reconnecting with them. Those people have helped me become the person I am today; they deserve, almost, to be on the stage with me. So it’s great that I can share this time with them.

Finally, for me, it’s really pleasing to see so many younger rising risk professionals walk around the halls. That, to me, is very important that they’re there. I’m a great believer in looking at body language, looking at facial expressions, because to me, the eyes are the channel to the heart of the individual, and you can see their learning. And I just sit back and say, oh my goodness, I think our industry is truly in good hands when I see all these younger people walking around the hallways. &

Autumn Demberger is a freelance writer and can be reached at [email protected].