Why Business Interruption Risk Affects Us All
Catastrophic risk is the hardest risk of all for business to protect itself against. In the third of our occasional series on how to bridge the protection gap for business interruption resulting from major crises like the pandemic, BRINK spoke to Dirk Wegener, president of the Federation of European Risk Management Associations (FERMA). FERMA is the umbrella body for 21 European risk management associations, representing nearly 5,000 senior professional risk managers.
BRINK: What lessons have your members learned from the pandemic crisis about managing business interruption risk?
WEGENER: During the pandemic, it became clear that there is a real gap in protection for non-damage business interruption (NDBI), mainly because of a lack of supply in the insurance market.
Insurance Doesn’t Cover the Gap
In the COVID-19 survey that FERMA conducted among its members at the end of 2020, only 5% of the respondents said that insurance provided their organization with coverage for the business interruption losses resulting from the pandemic. Some legal cases have favored the insureds, but if anything, this is likely to result in stronger exclusions in NDBI coverage.
However, most risk and insurance managers who responded to the FERMA survey felt their organizations had been largely or fairly well prepared to manage the pandemic. A majority, although not all, said their organizations had suffered negative operational and financial impacts from the pandemic.
We have certainly seen the value of flexible risk management tools, such as business continuity planning, as contributing to business resilience and to recovery post-pandemic.
BRINK: Do you think companies are now in a better position to handle catastrophic risks of this nature?
WEGENER: Yes, for at least three reasons. The first is that they now have a greater awareness of systemic risks. Secondly, they have an enhanced appreciation of the value of enterprise risk management and risk management tools in creating resilience. And the third is technology — the fact that organizations have been able to shift, remarkably smoothly, to remote working has made an enormous difference.
However, I would add that we are now taking into account a number of newly heightened risks that come with these new working methods — in particular, exposure to cyber risks.
The Need for Public-Private Partnering
BRINK: What sort of public/private partnerships do you think are needed to handle future systemic risks, such as climate change?
WEGENER: The pandemic has clearly shown that systemic risks exceed the capacity of private insurance on its own to provide meaningful capacity for organizations to manage their business interruption.
A number of European countries, such France, Spain and the Netherlands, already have public-private mechanisms, like pools for extensive or peak losses. But they are limited by national boundaries and by perils, most frequently flood and terrorism.
We believe that there should be a layered approach to a public-private partnership to create substantial capacity for non-damage business interruption losses across Europe. It would start with good risk management in corporations at its foundation, followed by participation from the insurance/reinsurance industry.
FERMA members regard the insurance industry as an essential element of such a public-private scheme.
Re/insurers, brokers and loss adjusters have extensive risk knowledge, and the insurance mechanism can motivate risk mitigation, as well as provide risk transfer. Thus, they can incentivize sound risk management practices on corporate level. This then contributes to the overall resilience of our societies from catastrophic events.
The Role of Capital Markets
Above this re/insurance layer, there may be interest from capital markets in providing extra capacity through alternative instruments, such as catastrophe bonds. And we envisage some form of public funding as the “reinsurer of last resort.”
Respondents across all business sectors put cyber threats, including data theft, among their top five risks now and in the medium term.
We understand that the private insurance sector can’t make up for the financially devastating impacts of this pandemic. Only a public-private partnership, built on corporate risk management acknowledged by the insurance sector, can build an effective resilience framework for the benefit of societies and a fairer allocation of tax payers’ money to affected companies.
BRINK: Should any such solutions be at a pan-EU level or individual country government level?
WEGENER: Individual country schemes can be useful, but they are too limited to fully support international or global businesses. Moreover, not all EU member states have such national schemes nor plan to have one. As we have seen with the pandemic, systemic events spread across continents, even the globe. International businesses have extensive cross-border exposures.
In addition to pandemics, cyberattacks on elements of common operating systems have the potential to affect multiple countries. The SolarWinds attack in late 2020 illustrates this risk. Its repercussions are still emerging.
Captives Have a Role
BRINK: What is your view of captives, i.e., corporations self-insuring?
WEGENER: FERMA has always regarded captives as a valuable element of corporate risk management, especially for large organizations. Captives allow organizations to buffer insurance market conditions, thanks to risk financing techniques based on the technical premium for low- to medium-impact risks. They can also allow a large corporation direct access to the reinsurance market especially for exceptional risks.
In the 2020 FERMA Risk Manager Survey, 27% of respondents said they would use an existing captive for hard-to-place risks (this marks a significant increase from 1% in 2018), and 16% planned to create a new (re)insurance captive by 2022 (14% in 2018). These figures could be even higher if we repeated the survey now.
That said, a company will not automatically say: The market has hardened; we will set up a captive tomorrow. Captives do have costs in terms of capital, and resources and take some time to establish.
In terms of regulatory approaches, FERMA has advocated strongly that the principle of proportionality should apply to captives under the European Solvency II prudential regime. By this we mean that insurance supervisory authorities in the EU member states should take account of the nature of captive insurance companies and the very low risks they pose to consumers.
We have proposed a method that national regulators can use so that captives are treated proportionally evenly across EU member states according to this proportionality principle. We expect that the review of Solvency II, currently underway, will enhance the attractiveness of European existing and prospective captive domiciles.
The Rise of Cyber Risks During the Pandemic
BRINK: You mention cyber risks — why have these risen since the pandemic?
WEGENER: The risks of hacking and data theft are pervasive. Criminals are now “digital natives,” as the European Union Serious and Organized Crime Threat Assessment said earlier this year.
The pandemic has increased the exposure as employees have moved to remote working, and organizations have accelerated their use of digital technology, including artificial intelligence. Even before this, the FERMA 2020 Risk Manager Survey made the issue of digital risks clear. Respondents across all business sectors put cyber threats, including data theft, among their top five risks now and in the medium term.
Many types of cyberattack are foreseeable, and organizations have incorporated them into their enterprise risk management processes. Insurance is — or should be — available to mitigate the risk.
At the other extreme, state-sponsored cyber terrorism is a concern, especially in critical industries. This goes beyond the capabilities of individual corporates to address on their own. It needs coordination across industry and governmental cyber defense agencies, including the European Union authorities.
The Gap in Cyber Insurance
Organizations are looking for more and better cover, but we believe there is a real gap between the insurance offering and the increased exposure. We are currently hearing from risk managers from our member associations that cyber insurance renewals this year have been difficult, leading to less coverage and higher premiums.
FERMA is supporting its members to help this market develop in line with their needs. We have a project with one of our members to quantify the cyber insurance market. We are currently working with the (re)insurance industry including brokers and policyholders on coverage definitions for cyber insurance.