Supply chain risk is clearly a critical area for all companies that operate in today’s highly competitive, fast-changing and global market. The huge interest shown in Commercial Risk Europe’s supply chain conference in London on 12 December proves how important this topic has become and how keen risk managers are to learn how to more effectively identify, measure, manage and transfer this risk. Adrian Ladbury discussed the key issues with Claudia Hasse, chief underwriting officer, special enterprise risks (CIP) at Munich Re, one of the event’s headline partners. Ms Hasse will be a key speaker at the event.
Adrian Ladbury [AL]: What is your definition of supply chain risk?
Claudia Hasse [CH]: In simple terms, supply chain risk – in general – is the risk of business continuity caused by a disruption to the performance of any kind of supplier triggered by any incident, whether physical or non-physical. The easiest example is a physical trigger such as the 2011 floods in Thailand, which seriously disrupted the supply of parts needed for auto manufacturers worldwide because they were concentrated in this small and badly affected area. But the trigger can take varied forms such as the insolvency of a key supplier or even political reasons and regulatory action. This variety of causes makes supply chain difficult to model, because the triggers can come from all kinds of directions. I do not think there will ever be any silver bullet for this risk, because of the wide variety of potential scenarios.
AL: Why has this become such an important risk? Why has it risen up the corporate agenda in recent times?
CH: You can identify a couple of core causes here. The rise of specialisation is one important factor. Many companies nowadays focus on specific tasks where they have competitive advantage and outsource other tasks. Digitalisation is developing this further and cyber risk means this becomes quite vulnerable. We see quite a rise in supply chain risk because of the cyber threat. In addition, average losses have increased and we see this on a worldwide basis. Some of these losses are covered under standard insurance coverage but a lot is retained.
AL: How should companies manage this risk to ensure business continuity?
CH: First of all, the company really needs to recognise this risk and be structured accordingly. It is important that the risk manager has close contact with the supply chain manager. This is very important. We found after the Thai floods that this was not often the case. But this has improved. Thailand was a wake-up call because risk managers and supply chain managers realised they had to work more closely together and move closer to the business continuity manager too. It is also really important to identify the truly relevant scenarios. There is always a danger that you can become lost in the detail. It is key to understand where the company creates the most value and what scenarios can lead to the most disruption to the product or service. This is the way most risk managers look into this and then consider how that risk can be mitigated and transferred. This is an area that we can really add value, based on our 130 years of experience. We have a toolbox that means we can sit down with the client and apply a method and produce relevant scenarios that can be quantified. It is really important that this is a collaborative approach.
AL: True collaboration between risk manager and insurer appears to be more important in this area than most. How can an organisation achieve greater collaboration and partnership?
CH: Collaboration in supply chain risk has improved but you have to differentiate between different levels of risk analysis and cover. Some clients hope to obtain all-risk coverage for little information and the market cannot meet that. If we are to offer all-risk supply chain cover, we need to evaluate the quality of the supply chain management. Not all clients want that level of disclosure and transparency, so we cannot offer that level and breadth of cover. What works well is when clients really open up and we are able to clearly identify the most important scenarios and what sits behind those scenarios. Then we can really make progress with clients, build true understanding and clients begin to view their insurers more as a partner.
AL: Is supply chain, in reality, a risk for which the insurer and broker has to offer solutions on a consulting – rather than risk transfer – basis, as perhaps with cyber?
CH: This is a fair point, but I would say that consulting and risk transfer go hand in hand in this area and I believe that we can offer both in supply chain and cyber. But it is important to appreciate that many larger clients have very sophisticated, technical and large supply chain departments, especially in areas like auto manufacturing. They have big supply chain departments that focus on nothing else. With such clients we can, however, add expert advice on natural catastrophes. Our Nathan tool allows us to plot locations very accurately so that you can see the nat cat exposures in various locations. Risk modelling is one area that insurers, and particularly reinsurers, can add real value for customers when dealing with supply chain risk. Often, clients can only really see their own problems and bottlenecks, or that of their direct competitor. A whole industry can rely upon one supplier, as in the case of the Thai floods. We can identify these potential bottlenecks using our modelling expertise and tools. There has been real progress with the underlying technology and the identification of such bottlenecks. We are not there, this is a journey, and big data will have a significant role to play.
AL: What are the coverage options available for risk managers currently and how comprehensive can this cover be? Does it need to be standalone or can it be added to existing cover?
CH: The basic coverage is via extensions to property policies. Contingent business interruption (CBI) is available to a certain degree but it really depends upon the market, whether it’s soft or hard. After the Thai floods, the market really contracted tremendously. This is an important consideration because I know some risk managers rely on such cover for their supply chain risks. But it is important to understand that CBI is a black box, an add-on, and the risk assessment is not as in-depth as it could be. Even when the market is really soft, only limited cover is available on a sub-limit basis. I am not sure how comfortable that situation is. If I was a risk manager, I do not think I would rely on that.
The next level of coverage is all-risk supply chain cover. This is a big step forward to take because the customer has to open up to in-depth assessment by the carrier. There are fewer carriers willing and able to offer this coverage, but I have seen programmes with limits of $250m to $300m. It depends how open the customer is and what data is shared.
AL: Does it make sense for risk managers to use captives to manage this risk before accessing the insurance and reinsurance markets?
CH: This can be a good first step. It can help the risk manager quantify the risk more accurately and, in some cases, they may decide to use the captive because they regard the market price as too high. The captive can provide a good starting point.
To reflect the rapidly rising importance of supply chain risk, Commercial Risk Europe will hold a groundbreaking, full day conference supported by Airmic and the Business Continuity Institute with headline partners including AIG, Ausum Systems, Clyde & Co, Marsh and Munich Re. The event will be held in London on Tuesday 12 December, the same day as the annual Airmic dinner. Attendance for the conference will be free for risk managers. Further details can be found at https://www.commercialriskonline.com/ event/supply-chain-london-2017/