Post September 11 - Seismic Shift?

I imagine that the horrendous events of September 11 were beyond the imagination of most of the folk attending the RIMS 50th Anniversary Conference in Atlanta last year. "Knee jerk " reactions that followed were typical, with dramatically increased rates, but also perhaps cynical, with September 11 being cited as the cause for a spate of redundancies and downsizing worldwide.

Was September 11 really the watershed that many have claimed it to be for the insurance industry and its Risk Management partners or, most effectively, just an additional catalyst for changes that were already taking place?

Only four months earlier, Dean O'Hara of Chubb was forecasting at RIMS that insurers might get away with only one more year of double-digit rate increases, so rate increases were expected anyway. Daniel Adamec of Winterthur Life and Pensions, at an Economist conference in London two months later, stated that whilst September 11 had highlighted the problems of the life sector, the lengthy deterioration in performance of the Stock Market, over the previous eight months, had taken its toll.

The sheer magnitude and horror of that day has been drilled into everybody's psyche by the interminable repetition of those breath-taking scenes on CNN. The resulting trauma is still with us, even for those not directly involved, but have we learned any lessons?

From a Business Continuity aspect it was quickly realised that back-up services for Disaster Recovery were often too near the principal site and, moreover, that the capacity required was inadequate. From an insurance perspective, it highlighted that greater attention needs to be paid when negotiating endorsements to policies or when arranging "Held Covered" extensions.

Reports about most meeting of Risk Managers suggest that the focus tends to be more on the purchase of suitable insurance products to mitigate losses after the event, rather than how to avoid a loss in the first place. This seems to have been true of the last RIMS where delegates expressed concern at ongoing rate increases and the provision of cover, rather than concentrating on prevention of loss.

The hot topic since September 11 has undoubtedly been coverage for terrorism. Warren Buffet of Berkshire Hathaway was quoted in the London Times on March 11 this year as saying that "terrorism could bankrupt the whole insurance industry". However, insurance has still not addressed certain concerns of Policyholders and is relying substantially on Governments to plug what is perceived as a widening gap.

Terrorism is nothing new. Even the World Trade Centre had been exposed to previous terrorist attack and one criticism was that other similar attempts had not been publicised sufficiently. "The use of airplanes as "flying bombs" is not insurable" was one comment heard and yet the threat of "suicide" bombers was within recent memory. Clement Broom of the Munich Re told The Insurance Institute of London in February this year that a loss involving the World Trade Centre was not unexpected - what they had got wrong was the PML!

So what has changed as a result of September 11?

David Kaye, now of Risk Reality, was involved in the aftermath of the IRA bombing of the Commercial Union building near Lloyd's and gained hands-on experience of the issues involved, whilst getting the Eagle Star's systems back to normal operating levels. He commented recently "Whilst insurance cover is useful to have, it can only really be useful if the organisation itself can, throughout the disaster, retain those vital legs on which its very survival depends." Greater focus now is on one's supply chain with Business Continuity higher on a Board's agenda, but how long will it stay there?

The Risk Manager has a role beyond just being knowledgeable about the range of insurance and, increasingly nowadays, financial products available to mitigate his company's risk and to cap liability, His responsibilities fall into three main areas:

i) pre-emptive risk avoidance,

ii) management of recurrent risk (this ideally should be avoidable) and

iii) post-event risk management (the catastrophe that was considered unlikely).

Paragraphs ii) and iii) can be satisfied through either establishing a Captive or purchasing an Off Balance Sheet financial product (now under the magnifying glass of the Courts). A competent broker with input from both the Risk Manager and Chief Financial Officer can handle both of these avenues.

Ultimately, the duty of the Risk Manager is the safety of the Employees and ensuring minimum risk exposure for the Investors. Not all owners see the priorities in this order! This can impact on Reputation Risk, which was top of the list of concerns along with Brand Value prior to September 11 - one vital element has become clear since then. Dan Jones of Marsh, who lost so many colleagues in WTC, has spoken of the difficulty of replacing the skills of People, who are the real asset in our business.

Ironically, it is People who are both the asset and the liability for the Risk Manager.

"Taking and managing a risk for an appropriate return is central to creating Shareholder value" quoted the London Times on February 22, 2002 from an extract of the Annual Report of the Allied Irish Bank, owners of Allfirst. This is a classic example of "lip service" from senior management, rather than implementing what they preach. "The buck stops here" should be the sign on the Boardroom door!

The Association of Chartered Certified Accountants in the UK recently drew attention to aspects of the Basel Capital Accord "which introduces a different approach to calculating risk, making operational risk and controls key elements". As the Barings debacle in Singapore and the subsequent upsets at Allfirst and Enron in the US testify, Operational Risk has been a much-understated member of the Risk family.

Corporate Governance is seen as an irritant and unnecessary additional expense but it should provide that current internationally acclaimed "buzz word" - Transparency. Audit teams in any organisation, be it financial or manufacturing, are considered a nuisance factor, time-consuming and are associated with the aura of a blame culture. Needed is a change to that culture, at the highest level, to emphasise the value of regular review to the benefit of all, except the incompetent or fraudulent!

The sheer size of the losses of September 11 were not confined just to property but highlighted the inter-linkage of exposures via business interruption, aviation, personal accident (double indemnity on Group PA policies), Group and single Life, Workers Comp, Motor and, inevitably, General Liability from all directions.

Justifying expenditure for events that may never happen is the hardest call for the Risk Manager, whose value to the company's survival needs to be better recognised. Insurers are being asked to look at providing contingency cover that goes beyond the recognised material damage causes of Business Interruption, such as protecting against drastically reduced earnings as experienced by the hotel industry from such an event. Crucial data to warrant recompense for such a contingency will become paramount.

Post September 11, the Risk Manager continues to be confronted with a Kaleidoscope of potential risks affecting all aspects of his corporate world. Even "quality" insurance security has been called into question. Whilst common sense and lateral thinking are vital tools in the Risk Manager's assessment kit, he still needs help in identifying and prioritising those risks. This can only be done through proper communication.

The temptation for the Board to delegate its responsibility to the Risk Manager raises the risk for him that he becomes the "Fall Guy" when all goes wrong. The UK's Financial Services Authority believes that Management should be held accountable. Software is available to help the Board prioritise risk on a collaborative basis, allowing for input also from the Chief Financial Officer, Compliance Officer, Human Resources Director, Public Relations Officer and others involved in the decision-making process.

There was much criticism, after the event, about the costs incurred in taking advice and implementing pre-emptive procedures leading up to Y2K. However, had those procedures not been fully tested and in place on September 11, there could have been total meltdown of the New York banking system! The investment proved worth it and should be an example to other Boards still unwilling to invest in Risk Management.

All that has changed since September 11 is the perception of quantum and the better realisation that liabilities can be inter-linked. Hopefully, something good will come out of this devastation, besides the recognition also that Money Laundering aids terrorists and that the insurance industry and Governments need to work more closely together.

September 11 was a "wake-up call", providing an opportunity for the Risk Manager to take his rightful place in the Boardroom, rather than just becoming the "Fall Guy".

There will be a lot to discuss at RIMS this year!

Peter Taylor is Managing Director of Insurance Solutions Limited, which is a Management Consultancy made up of Insurance Practitioners, who believe in an increasing role for Risk Management, with Corporate Governance being the catalyst.