Roundtable: Insurance & Risk Management 2014
This Roundtable originally appeared in Corporate LiveWire’s Insurance and Risk Management 2014 edition. www.corporatelivewire.com
In this roundtable we spoke with eight experts from around the world to discuss the current Insurance & Risk Management landscape. Among the highlighted topics, our chosen experts discuss challenges relating to mergers and acquisitions, policy reviews and the role of technology in transforming the insurance industry.
1) Can you outline the current insurance & risk management landscape?
Abadi Abi Tisnadisastra
AKSET
As the growth of business in developed markets is getting slower, insurance companies are considering new markets that might not previously have been their main focus of business. Indonesia is considered part of a new set of emerging economies, which offers a promising market with diverse economies and excellent demographics. Identifying opportunities in emerging markets will involve a careful assessment of the latent risks and therefore good risk management is increasingly needed to avoid substantial losses. The shifting of the insurance & risk management landscape from developed countries may create significant growth in emerging market countries, like Indonesia.
Carol Lyons
McMillan
From the perspective of insurance companies, enterprise-wide risk management has become the catchword of the day. The Canadian federal insurance regulator has been active on the global scene for many years, working closely with other regulatory bodies, global organisations and think tanks to define and foster international best practices in risk management. In the past two years, the Canadian insurance regulator has brought forth a number of regulatory measures related to risk management, including:
- Officer and places oversight responsibility squarely upon the board of directors;
- an updated Regulatory Compliance Management Guideline to require internal audit (or other independent review function) to validate the effectiveness of, and adherence to, the institution’s compliance framework by regular risk-based testing; and
- a new requirement for insurers to institute an Own Regulatory Solvency Assessment (ORSA), the prime purpose of which is to identify an insurer’s material risks, assess the adequacy of its risk management and the adequacy of its current and likely future capital needs and solvency positions.
Edward Susolik
Callahan & Blaine
More and more companies, especially large companies, are trying to save on premium by assuming more of the risk by buying policies with large self-insured retentions or deductibles. These policies are often accompanied by side agreements dealing with issues such as who handles the claims, payment, letters to credit to ensure payment, etc.
These side agreements are usually more complicated than the policies and often result in litigation as the insured and the insurer often disagree as to what the parties intended. Since the insurer usually has more experience with these types of side agreements with other insureds, an insured needs to be careful in negotiating the term of such a side agreement.
John Barlow
Holman Fenwick Willan LLP
We are seeing an increasing convergence between insurance and risk management. Policies are being negotiated in order that the risks map in to coverages. Risk managers are realising that the current asymmetry of information needs to be addressed in order to ensure an alignment of the risks and cover and a more appropriate pricing of the risk. The corollary is that in some sectors (e.g. financial institutions) the risk managers are spurning insurance solutions and seeking to manage certain risks either because (a) they believe that they can manage the risks adequately or (b) certain coverages do not deliver best value.
Clive O Connell
Goldberg Segalla LLP
The insurance market is evolving very rapidly, and this evolution will continue as regulatory and macroeconomic factors drive change. The repercussions of the economic crisis and a soft reinsurance market means that in many areas, insurance premiums are down. Risk managers have more scope to shop around and find better deals. At the same time, the role and function of brokers is also changing, and their position as corporate advisors is growing. The products available to assist risk managers are increasing with new lines of insurance cover available to protect against new perils.
2) From your own perspective how is the risk management environment changing?
Clive O Connell
Goldberg Segalla LLP
Risk managers have more information available to them than they have ever had before, and so do insurers. The ability to model catastrophic events and their potential effect on a business is as never before. For certain types of risk, this enables a better understanding of potential perils and a greater ability to price them accurately. It also enables risk management to focus on key areas of potential loss and to seek to mitigate that loss. At the same time, new areas of exposure are emerging. Cyber liability and reputational risk are two areas which will challenge risk managers and insurers as they attempt to assess the best ways to protect companies from them.
Simon Calderbank
HCC International
From what I am seeing the focus is changing from the tangible items that have historically been insured such as desks, computers, buildings etc., to the intangible – Data. Companies are realising that they can work without desks and computers, they simply hire a managed office spot. What they can’t trade without though is their data. Loss of data can be crippling to a company and with the increased use in cloud computing and third party data centres this data is at more risk than it may have been when kept ‘in house’. With the uptake in VoIP telephone systems you might not even have access to your clients telephone numbers to tell them what is happening.
Edward Susolik
Callahan & Blaine
Risk managers today seem more willing today to have the policies recommended by their brokers reviewed by a third party, usually another broker or an attorney who specialises in insurance coverage.
In this litigious era, more and more insureds have been hit with large verdicts or had to settle claims for large amounts that were only partly covered or not covered at all by insurance that the insureds thought would provide coverage.
Risk managers want to know if their broker could have procured a policy that would have provided full coverage or more coverage.
Abadi Abi Tisnadisastra
AKSET
The risk management environment has been changing rapidly for the past few years. Indonesia is now considered one of the most attractive investment destinations in the world and continues to attract increasing levels of investment from multinational companies. However, apart from presenting attractive investment opportunities, Indonesia also poses different types of risks for foreign investors (see answer to Q 5).
From Indonesia’s perspective the growing number of foreign investments is driving the implementation of good corporate governance and proper risk management systems to a higher level. Companies continue to shift their risk management focus to improve their expectations of potential exposures and to mirror best international practices.
Martin Mankabady
Mayer Brown International LLP
From the perspective of a lawyer, I would say that I have seen the environment change in two ways. Firstly, we are asked to advise much more often now on regulatory issues, including corporate governance. As many surveys have shown, regulation is firmly ensconced as a top risk factor for many businesses in the insurance sector. For obvious reasons, we expect to see growth in this area as regulators continue to become more intrusive and interventionist. Secondly, clients are looking for us to share more of the execution risk with them when we advise them on transactions and other matters (for example, by agreeing to abort fees on matters which do not complete) and to generally provide a more cost-effective service. We are in the vanguard of firms looking to achieve efficiencies in our business model so that we can better meet our clients’ needs – this includes different fee structures for different types of work (for example, fixed fees for more commoditised work); investing further in “northshoring” which involves ramping up our more northern regional offices so that we can offer even lower rates; and continuing to grow in our key sectors, most notably insurance (as being a market-leader helps to drive further efficiencies). However, we need to be careful to balance all of this change, which in itself brings risk, with getting the law right and providing relevant and commercial advice to our clients.
3) Have there been any recent regulatory changes or interesting developments?
Martin Mankabady
Mayer Brown International LLP
As regards the UK regulatory landscape, the industry is becoming more accustomed to the “twin peaks” regime involving regulation by the PRA and the FCA. This is not a brand new development, of course, as this regime with its forward-looking philosophy has now been in place for over a year. However, it is worth taking stock as to what changes have been introduced. There has definitely been a significant increase in the use of thematic reviews which the FCA has undertaken and which, as the FCA has put it, allows it to “take a step back and kick the tyres”. These thematic reviews are intended to better inform the FCA so it can intervene early to pre-empt and prevent widespread harm to consumers (and avoid a market failure). The PRA has perhaps kept a lower profile to date, but some recent comments by Mark Carney, Governor of the Bank of England, were carefully scrutinised for any evidence that the Bank of England, of which the PRA is part, may seek to apply banking sector policies and approaches to the insurance sector. Finally, the regulators are improving in terms of co-operating in relation to dual-regulated firms although it is probably fair to say that this is still work in progress.
Carol Lyons
McMillan
In addition to the three recent initiatives referred to in my answer to item 1 above (Corporate Governance Guideline, Regulatory Compliance Management Guideline and ORSA), in October 2013, Canada’s federal insurance regulator also released a memorandum and self-assessment guideline to assist insurers with assessing, developing and maintaining effective cyber security practices. In April 2014, the regulator issued guidelines on mortgage insurance which set out the regulator’s prudential expectations for residential mortgage insurance underwriting. And, in May 2014, the regulator finalised a new advisory requiring insurers to pre-notify the regulator in writing as soon as a new nominee to the board of directors is identified and in advance of the appointment of a senior manager.
Abadi Abi Tisnadisastra
AKSET
The Indonesian Insurance Law is over 20 years old. Amendment is needed to accommodate the growth of the industry and developments in the insurance market since the current law was promulgated. A draft revision has been circulating for several years and is being discussed within the government. In spite of the absence of a holistic revision of the Insurance Law, the government has been active in issuing new regulations to address the current realities of the market.
Of recent concern to business policyholders is the list of mandatory property insurance tariffs that took effect on 1 February 2014. The government’s intention is to shore up the solvency of domestic insurance companies (there are currently 85 insurance companies in Indonesia) by stabilising and increasing premiums, and the tariffs seem to have been regulatory, rather than market driven, with increases ranging from 30-200%. A key feature is the setting of some deductibles as percentages of loss, rather than fixed amounts, so that policies for industrial FLEXAS risks, earthquake and flood effectively operate like “co-insurance” for policyholders.
John Barlow
Holman Fenwick Willan LLP
The regulatory environment is growing exponentially and is driving many of the insurance responses. From the Bribery Act and sanctions, cyber data breaches to mis-selling, individuals and corporations are finding themselves exposed. From a risk management perspective, the failure by senior management to put in place adequate processes can leave them exposed to regulatory fines and penalties (notwithstanding that they may not be the wrongdoers). Moreover, regulators are increasingly mandating settlements with customers/consumers e.g. Interest Rate Swap mis-selling, where the sale of certain swap structures to customers are held (effectively be default) to be mis-selling. In those situations insureds have no real prospect of contesting their liability.
Clive O Connell
Goldberg Segalla LLP
Regulation in insurance, as in all areas of financial services, is undergoing a radical review. Solvency II in Europe will have global effects as insurers and many of their commercial clients increasingly are global concerns. Regulators are also showing a desire to be relevant and forward thinking. In Vermont the Legacy Insurance Management Act (LIMA) is a fresh approach by a legislator and regulator to the issue of age-old liability insurance cover and demonstrates a desire to help policyholders have their insurance run off professionally in the US by US-regulated and supervised claims professionals.
Stuart King
FR Global Advisors Ltd
Solvency II is a major piece of regulation for the European insurance industry. Notwithstanding the numerous challenges and implementation costs to the industry over the years I personally believe a risk-based approach to setting capital is appropriate. One benefit the regulation brings is more accountability and greater transparency that can only benefit shareholders and policyholders alike. In a general sense the recent financial crisis and lack of global regulatory harmonisation has resulted in a major change in the regulation of international financial institutions. I am not convinced that combined central bank regulation of banks and insurers is a long-term benefit.
4) What are the key issues risk management professionals are focusing on at present?
Simon Calderbank
HCC International
Cyber is the buzz word of the moment. As mentioned above data is the foundation of many companies, take it away and they are just an office with a few desks and chairs. However, whilst this risk is being considered more, many clients still go down the thought process that it won’t happen to me and it only happens to the big boys. This is where they are wrong. Cyber criminals are cottoning on to the fact that it’s easier to attack companies who trade with ‘the big boys’ and gain access that way rather than directly target the ‘big boys’ themselves who are spending much more on data security.
Clive O Connell
Goldberg Segalla LLP
Price is always at the forefront of a risk management professional’s mind. Companies are still emerging from the economic downturn and budgets are still tight. Risk managers must negotiate the broadest possible cover at a lower figure than that for which less cover was purchased the year before. This is not an easy task. Risk managers are looking for ways to ensure that the cover they purchase fits the risk profile of the company with precision in order to avoid waste. At the same time, they must assess novel risks and determine how and at what price, these can be covered.
5) Can you talk us through the risks directly relating to M&A activity?
Stuart King
FR Global Advisors Ltd
Removing deal uncertainty by challenging methodologies for setting historical balance sheet provisions or accelerating claims closure can improve the sale price and associated allocated capital required in the sale agreement. It doesn’t take a lot of resource or time to perform a due diligence review of the merged or acquired assets insurance arrangements but unfortunately this is often neglected. By analysing keys risks available in risk registers and comparing and contrasting to existing insurances purchased you can very quickly build up a picture of insurance inefficiencies. By understanding the acquired assets insurance purchase philosophy many firms benefit when integrating programs.
Carol Lyons
McMillan
From the perspective of a purchaser, when buying corporate entities or business assets, there is always the overall risk that the entities or assets are overpriced, may not provide the benefit hoped for or, in fact, may bring with them more problems than the transaction was worth. These risks underscore the necessity for a proper due diligence investigation by the purchaser and a legal agreement that contains representations and warranties from the seller as to the condition of the entity or assets, commensurate with the price paid. From the perspective of a seller, even though the seller (as current owner) has inside knowledge of the quality of the assets and the future prospects of the organisation, there is a risk that the seller could unintentionally make inflated promises – through representations and warranties required by the purchaser – as to those matters. And, if the representations and warranties don’t hold up, the seller may be financially liable to make good the shortfall to the purchaser. Some of this latter risk can be mitigated by purchasing representation and warranty insurance.
Clive O Connell
Goldberg Segalla LLP
Mergers and acquisitions throw up numerous risks. Perhaps at the forefront is the risk of breach of warranty. The speed and, often, confidentiality of negotiations sometimes precludes the ability to do or to allow full due diligence. Warranties are demanded and the vendor is then at risk should the warranty prove to be inaccurate. A growing market has emerged in providing cover against potential losses incurred through breach of warranty or indeed as a result of unknown liabilities. This cover is not inexpensive but the cost, which provides certainty, can enable deals to be completed swiftly.
Martin Mankabady
Mayer Brown International LLP
Successful M&A activity can help businesses achieve their strategic goals – for example, it can help sellers divest non-core business lines and free up capital and it can help buyers grow market share or enter a new market or territory. When M&A activity is unsuccessful, this is quite often because it has not been planned or managed properly and risk has not been fairly allocated – this can destroy value rather than create value. For sellers, unsuccessful M&A could mean, for example, that they do not achieve a clean exit or they do not maximise the price paid for the business sold. For buyers, unsuccessful M&A could mean, for example, that they overpay for the business acquired, or they inherit issues which require a great deal of management time and cost to try to sort out after the event and in respect of which they have little or no legal or practical recourse against the sellers. M&A in the insurance sector will very often require regulatory approval, and careful and early thought should be given as to how best to ensure that this is obtained without too much fuss – it will be in no-one’s interests for approval to be delayed or to be given subject to certain conditions, or in the worst case scenario, for approval not to be given at all.
Abadi Abi Tisnadisastra
AKSET
A former head of the Indonesia Investment Coordinating Board is rumoured to have said, “If you invest in Indonesia, I can guarantee two things: No. 1 You will have problems. No. 2 You will make money.” While investors get frustrated at the sometimes glacial pace of decision making, and bureaucratic obstacles seem to arise at every turn, Indonesia is a great investment destination if proper attention is paid to the risks. In addition to the typical risks faced by investors in emerging economies (lack of infrastructure and trained workforce, corruption, and uncertain land tenure), the risks that most commonly impact M&A transactions include:
- Bureaucracy and licensing: unlike jurisdictions that allow companies to conduct any and all legal business, Indonesia has strict licensing systems that can constrain companies from operating in multiple fields of business. This significantly limits the success of potential mergers.
- Shareholding limitations: Indonesia maintains a Negative Investment List, which stipulates specific foreign shareholding limits for a variety of fields. The list is updated every 3-4 years in response to economic, regulatory and political changes. Although companies usually enjoy protection from the grandfather clause, which allows approved foreign shareholdings to be maintained in case of acquisition, there are inconsistencies between the limitations in the Negative Investment List and industry specific regulations, which in many cases create confusion for investors.
6) How often should an organisation renew their policies and review their strategies?
Clive O Connell
Goldberg Segalla LLP
The market is evolving so swiftly that a constant eye must be kept on policies and risk management strategy. If insurance rates move down, the opportunity presents itself to increase or improve terms of cover. Similarly, tightened budgets require risk managers to look to alternative ways to mitigate risk and, potentially, alternative providers in an ever more competitive market. Gone are the days when a risk manager could simply ask a broker to renew cover. Even the relationship with a broker, and the role that professional plays, requires assessment and justification on a regular basis.
Abadi Abi Tisnadisastra
AKSET
Policy needs are as individual as the policyholder, so we recommend growing businesses to reassess their coverage needs on an annual basis in coordination with a licensed insurance broker and the company’s risk management team. As the Indonesian insurance market is both highly regulated and rapidly evolving, priorities and opportunities are constantly changing, so even mature companies with stable prospects should pay close attention to policy needs. Smart policyholders will shop around to see what options are available on the market, at least with respect to policies that are not subject to mandatory tariffs.
Stuart King
FR Global Advisors Ltd
My personal belief is that the risk register (as it is generally readily available and up to date) should be reviewed and compared regularly with the firms’ insurance arrangements. Unfortunately risks in a firm change whereas the insurance cycle is typically annual. Corporates need an early warning mechanism within their insurance strategy to accommodate such changes. An effective insurance strategy is one that continually keeps pace with the changes of the group and one that is directly linked to support the corporate strategy. I expect this linkage will improve as there is a growing trend for Chief Risk Officer appointments.
Simon Calderbank
HCC International
It shouldn’t be a case of renewing policies and activities at certain points. This should be an on-going process that is embedded into the culture of the company. The policies in place should be tested regularly and updated accordingly. Its far easier to plan for events before they happen rather than trying to do things once the event has happened and running around not really knowing what is to be done by whom and when.
John Barlow
Holman Fenwick Willan LLP
Whilst policies continue to be renewed on an annual basis, there is no compelling reason why this state of affairs should not continue. Given the fast changing regulatory environment (and remember that large organisations may be subject to a number of regulators in different jurisdictions) a constant eye has to be kept on the risks which businesses may be subject – one only has to look at the changing sanctions environment (at least from the perspective of risk management rather than with regard to insurance) to see how the prohibited parties can change overnight.
Edward Susolik
Callahan & Blaine
Policies typically run for a one year period, so renewals are usually on an annual basis.
Insureds should explore their insurance options on an annual basis. Insurance companies are typically required by law or policy provisions to send an offer of renewal or notice of nonrenewal 60 to 90 days before the policy expiration date.
After the insured has received the current insurance company’s offer of renewal, the insured should explore with the broker options for other coverage.
7) What areas of risk management are most frequently neglected?
Stuart King
FR Global Advisors Ltd
Often the basics of accurate data collection and monitoring is neglected, however, this is improving with more sophisticated risk management software available. Communication across various functions in a firm could be improved. Each stakeholder (legal, treasury, finance, operations etc.) view risk and insurance differently, however, each one has a direct or indirect influence on insurance. It is important to create an environment where each function is aware of the inter-connectedness of their individual actions to the overall insurance environment. Risk management is a process driven task whereas many neglect to adopt the same principles when managing insurance.
Clive O Connell
Goldberg Segalla LLP
From speaking with brokers and underwriters, novel areas of liability and exposure are being neglected. This may be due to ignorance; not the ignorance of risk managers but the ignorance of those to whom they report. In a time of cost cutting, it is hard for a risk manager to propose the purchase of cyber liability cover or cover for reputational risk when these will be new products and no loss had been experienced. Sadly, after a loss, questions may well be asked as to why cover was not in place.
John Barlow
Holman Fenwick Willan LLP
Ask any risk manager about their risk management procedures and enforcement and they will tell you that they have the best in the world. So why do claims and losses occur: failure to implement e.g., certain financial transactions require dual controls; losses invariably arise when this requirement is not observed (and as part of the risk allocation process this is normally an insured’s risk and not insurer’s). It is the failure to embed the ethos of management of risk within corporations from the top to the bottom which gives rise to losses.
Edward Susolik
Callahan & Blaine
An area of risk management that we see frequently neglected is wage and hour claims liability.
Many employers do not seem to realise the tremendous liability they potentially face under state or federal for failing to properly pay their employees for overtime, failing to pay proper commissions, failing to provide required breaks, failing to pay for compensable travel time, failing to properly document hours worked, failing to provide itemised pay stubs, etc.
It is possible to obtain wage and hour coverage, but this coverage usually only covers defence costs and the typical limits are $100,000 to $250,000. Insurance is usually not available to cover any damages that may be awarded.
8) How can risk intelligence be used to drive performance metrics and business critical processes?
Martin Mankabady
Mayer Brown International LLP
It is probably helpful to briefly clarify what is meant by risk intelligence – I take this to mean gathering information on risks based on experience and past performance (including how these risks have materialised and how they can be mitigated), and building this into the decision-making process. This should not only minimise potential damage to businesses and their reputation but it should also help businesses to improve on failings and deliver a better client service and hopefully to help identify possible opportunities to grow further. This intelligence can be captured and presented in different forms – however, this on its own will not be sufficient. The information (in whatever form it is) needs to be intelligible and digestible and presented in a timely fashion to relevant people with key points having been highlighted. In very general terms, some of this information will be more operational, whereas other will be more strategic. What risk intelligence should not be about is avoiding risk all together – rather it should be about informing the key decision-makers as to what a business is doing or planning to do, so that they can then determine if the relevant activity falls or is likely to fall within the business’ risk appetite. As Warren Buffett once said “risk comes from not knowing what you’re doing”.
Clive O Connell
Goldberg Segalla LLP
There are two key ways in which risk intelligence can be used to drive performance metrics and business critical processes. The first is that risk intelligence can be used to ensure the correct pricing of insurance and the correct terms of cover to be purchased. The second is perhaps more fundamental, and that is in the area of mitigating or otherwise reducing risk and, through it, ensuring more efficient operations. Risk management is more than just buying insurance. If risk intelligence can be used to eliminate or reduce risk, it is playing a huge role in risk management.
9) How can new and developing technologies be effectively utilised to better control risk management?
Simon Calderbank
HCC International
Technology can be a company’s friend, but also its foe. With an increased use of technology comes an increase in reliability on that technology and therefore vulnerability. It’s simple to implement software to monitor or control certain aspects of risk, whether it be password controls, firewalls, virus software etc. But, it also has to be recognised that these ‘