Q&A: Pam Joshi on managing risk and insurance during a high-profile acquisition

Pam, thanks for talking to Airmic News. You moved to Shire – then one of the fastest growing global pharmaceutical companies – as head of insurance shortly after it was acquired by Japanese pharma, Takeda.

Yes, Shire was going through something of a transformation. It acquired Baxalta and then underwent an integration and was later acquired by Japanese domiciled Takeda in 2019. It was the largest acquisition – approximately $62bn – in the history of the life sciences and biopharma industry. It’s been a really exciting period of change and growth.

What opportunities arose in managing risk and insurance during this period of transformation?

Shire was a Dublin-domiciled company with a large US presence and a relatively recent history compared with Takeda. By comparison, Takeda had a long Japanese heritage – 245 years in 2026 – so it was the coming together of two very different cultures and risk appetites. For example, Takeda had an empowerment mindset whereas Shire was highly centralised.

From an insurance perspective, our team suddenly had a much larger scope with a global footprint from both legacy companies, doubling the company in size and revenue. It presented a unique opportunity to consider our emerging exposures and how we structure our programmes.

We took the opportunity to ensure the insurance supply chain was optimised. Immediate wins focused on leveraging existing insurer relationships, consolidating broker RFPs, integrating risk management systems, enhancing insurance documentation for clinical trials and developing an insurance framework for major CAPEX projects. We also revaluated how we collected and assessed underwriting data to improve outcomes.

Did any new risk strategies emerge from the transformation?

Yes. The transformation gave the business a chance to step back and reassess its overall approach to cyber risk. For example, we reviewed how both legacy businesses approached cybersecurity and modelled scenarios – these enabled discussions on our risk appetite, potential balance sheet and captive retention as well as incident management.

That work led to the informed decision by the CFO in 2019 to buy cyber insurance for the first time and start building a dedicated cyber insurance framework. It was a major piece of work that involved close collaboration across risk functions, with strong support from the CISO.

Overall, cyber risk is now much more embedded in strategic discussions and wider business governance so it’s been a very positive journey.

AI is transforming drug discovery, how is that impacting your risk profile?

We are seeing increasing use of AI across the business – from clinical trials to manufacturing and patient engagement. As a data-intensive industry, this presents significant opportunities.

At the same time, we are actively strengthening governance, with AI-specific frameworks embedded within broader enterprise risk structures. As a highly regulated sector, this requires an even greater focus on ethical oversight, data privacy and transparency.

Our priority is to ensure innovation is deployed responsibly, with robust controls in place and with patient trust and safety at the centre.

Stepping back from the acquisition journey you’ve been on, how would you say the company’s approach to risk has evolved in your time at the company?

I wanted to dig deeper into the risk landscape and work more closely with those responsible for managing risk across the business, including manufacturing, ERM, crisis response, cyber security and financial risk. The aim was to understand the operational picture and how risk could filter more effectively into senior decision making.

We reviewed every risk across the group and across verticals, working to bring key leaders together and break down silos.

I’m proud of what we’ve achieved. Today we have an insurance programme that touches every pillar of the company. We are empowered to make insurable risk decisions across the group and have become a trusted business partner and adviser. That doesn’t happen overnight or without pushing, being visible and educating the business.

Finally, tell me how your captive strategy has evolved with the broader business transformation:

We’ve been on a significant journey with our captive strategy, moving from a structure with three captives (two in Dublin and one in Switzerland) in 2019 to a much more focused and mature approach centred around our Dublin-domiciled captive, PIIDAC.

Since 2022, we’ve expanded the captive’s role within the group. Initially, we used it for smaller layers of capacity on programmes such as cyber during a particularly difficult market period. From there, we started using the captive to write direct covers for non-traditional risks difficult to place in the commercial market, including non-damage business interruption and clinical trial-related risks.

The strategy has continued to mature, and we’ve since made some bold decisions to retain larger portions of property and cyber risk within the captive. We’ve achieved some real successes at recent renewals by retaining significant limits internally which is ultimately aligned to our long -term risk financing strategy.