What’s that coming over the hill-UK
Nicola Harvey: Constantly evolving regulation and the political upheavals in North Africa and the Middle East are presenting some interesting risks for all of us. I would not say that the world is riskier overall, but there are new and different risks that we need to be ready for.
Paul Taylor: There is more awareness of emerging risk. Risk managers are spending more time thinking about what is coming over the hill rather than just concentrating on the here and now.
Julia Graham: I think it is a riskier world, and it is certainly more complex. Risk management has become more mature, but with that increased sophistication management has become more demanding and now has higher expectations. Rather than looking in the rear view mirror, risk managers are increasingly trying to gauge what is coming over the horizon. But this is quite a challenge in a recession because people dig in, and become short-term in their thinking and will not invest the time and energy to understand the issues.
hide
NH: The long-term view is important. Even when the global economy is more favourable than it is now, people still tend to take a short-term view. If you look at Japan, for example, it was predictable and it was on most people’s radars to a degree. But it was the severity of what happened that was a surprise.
Colin Campbell: The events in Japan have clearly both reminded us and educated us about not looking at risks in isolation and not pooh-poohing possible risk scenarios that require some imagination and thinking through.
AL: So you agree with other risk managers around Europe that organisations do not necessarily face brand new emerging risks, rather more complexity. What about the interconnectivity of risk?
Gary Marshall: Japan is a good example of interconnected risk, but also we have seen a number of large companies significantly impacted by the internet. For many companies the internet is a big issue. Even with the Japanese earthquake, what surprised me was not just its size but the speed with which the event was communicated. The images that were sent back immediately caused a sort of panic.
JG: The political unrest in the Middle East and North Africa was also facilitated by the internet.
PH: The speed of communication and the internet has had an impact on another vitally important area, that of an organisation’s reputation. Companies are ever more sensitive about their reputation as they stretch and expand their brands. They are taking more steps to protect their brands, but rapid communications can quickly undermine an organisation’s reputation.
JG: Business continuity is now all about the quality of teams and building resilience in response, rather than just box ticking. The change is in the way, and the speed at which, we need to respond to protect reputations.
John Hurrell: The first Mactavish report found unprecedented speed of change in business models in recent years, which brings with it an inherent change of risk for the organisations concerned.
AL: How do these intangible risks affect the role of risk managers?
PT: In terms of response you can no longer have a business continuity programme that is focused on specific incidents like a product recall or a fire. This is because things occur that you haven’t planned for—such as the volcanic ash cloud, which almost nobody foresaw.
Helen Hayden: We are constantly bombarded with information from the internet and other forms of communication. So risk managers just don’t have the time to sit and plan because of the speed risks are coming to you.
JG: Business continuity and risk management have been brought closer together and are now firmly under the same umbrella. Risk managers also need to get closer to the board. They need to be part of the governance structure and should be involved in the strategy—risk managing at the planning stage and not ‘after the event’.
GM: Connectivity is inherent in these types of scenarios. For example with E. coli, once it spreads people take their own views, and that puts pressure on companies at fault. The media in the US and Europe descend on you. So how are you supposed to manage that risk without going into a tailspin?
PH: We just don’t have the resources to defend ourselves against that kind of speed and size of media response.
PT: As a result, the businesses of innocent people in Spain were being destroyed because no one was buying cucumbers [because Spanish cucumbers were initially reported in the international media as the probable cause of the E. coli outbreak in Germany].
AL: So is the basic problem communication and its rapid growth in recent times?
CC: Companies and countries tend to overreact to situations like E. coli. They do not know how to deal with the fast speed of communications and so they tend to over-communicate and open their mouths before they have thought things through.
JG: And that is when it becomes unstoppable, like a snowball rolling down a hill.
NH: The media hypes up situations for a story and you can’t control it. Deepwater Horizon is a really good example of how much damage can be done by the media and poor communication.
Nigel Bamber: The catalyst is often the news. If it is breaking news people tend to assume that it is important. But nobody really knows how big the issue is going to be.
JH: Even the government is often driven by the news agenda.
JG: The question is also how businesses manage the pace of a crisis. You just have to get on with it, not over-intellectualise or try to second guess every scenario and remain flexible and able to respond with agility.
GM: The risk we are trying to manage is how people respond to an incident.
PH: The E. coli incident has shown how difficult it is to defend yourself when you are not even proven to be at fault.
AL: But are the traditional methodologies and language of risk management still relevant?
NH: There is still a place for traditional risk management and insurance methodologies. The traditional risks are still there and a lot of methodologies, when properly embedded in an organisation, do work well. We should not decry how things have been done, but we should recognise that the pace of change has accelerated and it is hard to keep track of that change.
JG: It is the speed, spread, scope and immediacy of an incident like E. coli, as well as the difficulty in containing the media, that still needs to be better understood. Risks like E. coli are conventional but it is the impact that has changed.
PT: It is important for organisations to have the language and right methodologies in place to manage the risk. For example a common language allows the quantification and discussion of risk.
JH: This becomes even more interesting when you think about how a company responds when it has carried out a significant amount of outsourcing.
PT: That is a big challenge. It can be managed in theory but it is more difficult to manage in practice. It depends on your relationships with clients and customers.
HH: Regulated companies—like those under the Financial Services Authority—do have to consider managing the risks of outsourcing.
PT: Outside of financial services we do look at financial risks but do we look at how robust our outsourced partners are? The ability to influence and dictate business continuity to suppliers is minimal, especially when buying small quantities from large suppliers.
NH: If you are a small company you have less leverage over your suppliers. Companies are now asking suppliers questions but these are usually limited.
CC: In the retail business there is no shortage of suppliers, so a retailer can shift supplier relatively easily. But, there are also many good reasons to outsource, for example to access expertise. For example with IT, this is their business and there is a belief that outsourcing partners are more resilient and expert than we would be inhouse.
AL: Does the increase in such intangible risk mean that more of your organisation’s risks are uninsurable?
NH: I would not say that there is less insurable risk around, but as a portion of the whole, insurance is an increasingly small part of the risks we face. Insurance does an excellent job of providing protection, but only for a small proportion of the risks my organisation faces. New risks are coming along—some can be transferred to insurers while many others cannot.
JG: There are now more risks in our register that are less tangible and therefore harder to transfer. We are more aware of reputation and people issues—and it is these types of low frequency and potentially high impact risks that are typically less transferable.
PT: The role of risk management has changed as a result. We once dealt mainly with insurable risk but now we look more at emerging risks. At two of the organisations that I have worked for as a risk manager, insurance hardly ever came up in discussions as a way of mitigating risk. But this is a positive because it shows that the risks are being actively managed.
NH: It depends on the industry. At Christies’ insurance does come up regularly in discussions because it is an important mitigation tool for art loss or damage, and it is a more important and visible operational risk management tool than at other businesses.
PH: The question is not whether companies are buying more or less insurance, but to what extent insurable risks are being left uninsured. For example a lot of the risks of Deepwater Horizon were insurable but were left uninsured.
HH: It tends to be industry specific. For financial services companies insurance is used to mitigate but it is also used for balance sheet relief. Companies can retain the risks but sometimes they will want to use their capital elsewhere to support other products.
JG: At DLA Piper, as a law firm, we do not make a tangible product, but we do sell advice. I can to an extent rely on a large malpractice insurance policy to fall back on. But this can’t insure the impact on my firm’s reputation. Everything we do as a supplier is driven by the law, regulation and our clients. The view of our clients’ risk drives my firm’s view of risk—what is critical to a client will translate into the nature of a client relationship.
AL: Are insurers and brokers innovative enough, for example with reputational risk or cyber risk?
JG: On cyber insurance the answer is sadly no. The industry was too quick to say here is a policy. What I actually want is to understand what the exposures are and then sit down with the underwriters to find out how much of the risk is covered by the policies I already buy, like malpractice and crime. And I want to know what else insurers can do and how we can finance it. We started by looking down the wrong end of the telescope.
NH: Cyber is a good example of an opportunity for the insurance industry. They tend to operate in silos and can’t look at risks holistically and help you look at your exposures across your business.
JG: I have managed to get a broker to do that for cyber. We have had to drive it and move it away from a product line basis. Insurers have been slow to react to cyber risks but they are getting there and there has been a change by insurers and brokers moving from offering products towards providing solutions in the past 12 months.
GM: Is there an opportunity for the European risk management associations to get together and tell insurers what we need? To challenge the market collectively to come up with solutions for the benefit of the wider buying community.
JG: It is a good idea. But the market doesn’t easily seem able to respond to such a request, partly I think because of the way insurers are structured and underwrite, and in turn their reinsurers are structured.
NB: As insurers we need to underwrite on good data and sometimes the difficulty is getting that good quality data. We would not want to launch a new product without doing our homework first.
NH: I don’t necessarily want a new product. We just want to work closer with underwriters to find a solution for our own company’s exposures.
NB: I hope you recognise that some insurers are good at doing that already. If you come to an insurer with a situation they will adjust the policy if it is possible to do so. If it is a completely new area it is more challenging. In Germany XL Insurance has recently completed a one-off deal to cover a new technology, this shows we can do it. We always look to see if we can find a solution.
JG: The key word is solution rather than a product. In cyber we use a number of insurers that offer different products. I want to work out what the residual risk is and get this covered by a ‘difference in terms and conditions’ wrap around insurance at a sensible level of cover. There may be an insurer that can provide that but I may not want to put all of my cover with one insurer. Cyber is an exciting area and someone will crack it.
But when you boil down the big cyber exposures it is more about risk management than insurance. Because what you can buy is still modest for the premium.
AL: Global programmes are part of this debate. Is this a big problem here and is there a solution?
HH: We have a better understanding of the time it takes to make a global programme compliant as possible—or as compliant as you want.
JG: It is a movable feast. You think you understand compliance and then find out that you don’t.
HH: You even find that local market practice is to ignore the insurance regulations completely.
JG: You often find there are different views by different insurers, and they can both be right. There is no one answer!
HH: You have to take time to do this properly. Take time to look at your organisation and see what fits for you, rather than talk about a solution. There needs to be a better understanding of what makes a global programme work for your company.
PH: There are tensions. An insurer focuses on its own compliance issues and may say it can’t be done in that territory so carves it out leaving holes in the cover that need to be reconciled.
NB: Insurers are doing a good job in this area and buyers benefit from the consistency and cost effectiveness of cover offered by global programmes. We recognised that they have limitations. We have to be efficient and strike a balance of what clients are prepared to pay for access to a global network.
AL: Captives often play a central role in the management of cross-border risks and global programmes. But a main concern of Solvency II is that the European Commission has not taken captives fully into account. Is it a concern?
NH: It depends on where your captive is based. In Europe it is an issue but for us with a captive in Guernsey—which is not seeking equivalence—it is not an issue at all.
JG: Like Nicola, we have a Guernsey captive. And Guernsey writes very little European business with the bulk of it being written in the UK and increasingly Asia. I am surprised that more organisations have not taken a look at Guernsey as a good place for a captive. But European companies do not appear to have been keen to set up there to date. Guernsey’s profile outside the UK is still quite limited and I find that disappointing for the captive industry there.
AL: Interest in captives is usually dictated by where we sit in the underwriting cycle. What will happen with rates in the next six months?
PT: From what I have seen there is still freedom for rates to drop even further in some lines, depending on the quality of business and losses. So far Japan has not had a massive impact on UK renewals.
GM: We have concluded that rates are settled and quiet in the conventional areas we buy cover for. But outside Europe and looking twelve months on, rates are unpredictable and I am not sure they will remain so settled. There is the potential for significant change because I think that a storm is brewing.
JG: Over the next six months I would say that rates will be flat. If anything is brewing I get no feeling for that—the rest of this year will be benign. And in this context, I like an environment that is unexciting.
CC: When we look at rates we can’t see any change. Outside Europe and in areas with earthquake risk, there is a possibility that rates may change, but this is not certain. There is nothing on the horizon at present.
JG: We are not getting the chatter that usually precedes a turn in the insurance market.
HH: There is some chatter in the financial institutions’ insurance market. There are still a lot of unknowns about credit crunch claims and how they will bear fruit and how much the market will have to pay out. There is an uneasy equilibrium. There is capacity out there, but I am not sure how much will be used up.
PH: The Airmic benchmark survey shows a benign market where marginally more Airmic members enjoyed a reduction in rates than at their previous renewal. And in that report Willis predicts rates in property damage and business interruption will be flat for the next 18 months.
NH: I would agree that the market is benign. We have had two renewals in the past six months and both were flat with some small decreases. I don’t see evidence of, and I don’t expect to see, rates increasing massively in the next 12 months. There has been noise and hype for several years, but actually we don’t see increases.
CC: The market usually points to motor insurance as an indicator for the direction of rates overall. And private motor rates have doubled in the UK. But I don’t see this in the commercial arena.
GM: Insurers now have a better handle on all of the drivers and make adjustments in the price where required and without affecting the general market. This is good for buyers because it is more predictable.
JG: Buyers are also now more sophisticated. We look at the balance sheet of insurers and life doesn’t look that bad for the industry.
NB: For a number of years insurers have said that the market is too cheap and some have complained that they are not making money. But the reality is that many have brought combined ratios down and made money. However, several factors could change the world buyers currently enjoy. While the first quarter saw some very expensive claims being paid by insurers and reinsurers, it may not be enough to change things because there is still enough capacity around. The US windstorm season could change everything again. These high combined ratios and increased reinsurance prices could prove to be the much talked about perfect storm.
The Participants
Commercial Risk Europe would like to thank Airmic & XL for helping to organise this meeting and also the following individuals who took part:
Nicola Harvey, Group Risk Director, Christie’s
Helen Hayden, Group Insurance Risk Manager, Prudential
Colin Campbell, Head of Risk Management, Arcadia Group
Julia Graham, Chief Risk Officer, DLA Piper UK
Paul Taylor, Director of Risk Assurance, Morgan Crucible
Gary Marshall, Group Risk Manager, Polestar UK Print
John Hurrell, CEO, Airmic
Paul Taylor, Technical Director, Airmic
Nigel Bamber, Head of Client Relationship Management, UK, XL