"Consequences are what matter the most. Consequences outweigh probabilities. Consequences help us determine whether 'costs' are worth it." So wrote Peter Bernstein to me last May. In many ways he's right. Many risk managers glue themselves to quantitative formulae that give equal weight to the probable likelihoods and probable consequences. The effects concern us more than the odds, especially if the effects are dramatic.
In every decision, we take the probability of an unexpected event and multiply it by the possible consequences, both plus and minus. Then we take action.. Since none of us are privy to complete information, we make these decisions using the data at hand. We must be reminded that consequence counts more than likelihood. If we learn that a catastrophic loss will occur once in one hundred years, human nature seduces us to think this loss is thus one hundred years away. But it could happen today! Remote likelihood distorts our thinking. We downgrade consequences.
But how far should we let consequences dictate action? Take two examples. I live in a house in eastern Connecticut that could be destroyed by a major earthquake. That would be a financial catastrophe. Therefore I should buy earthquake insurance. But wait, Connecticut has never experienced a major quake and the seismologists tell us that the likelihood is remote, less than one chance in 500 years. So I allow the probability to dictate my decision to continue to be self-insured for this exposure, even though the premium is small and the adverse consequences great. Another example: I can buy a ticket for the lottery, promising a payoff of many millions of dollars. That's a significant consequence. The chances of winning, however, are far more remote than any earthquake, so I don't waste my money on tickets. In both cases, positive and negative, I allow likelihood to sway the lure or fear of consequence.
Others, like government regulators, allow fear of consequences to strangle progress. Lennart Sj÷berg, of Stockholm's Centre for Risk Research, writing in the Journal of Risk Research, Vol. 3, Issue 3, July 2000, confirms this approach in his article, "Consequences Matter, 'Risk' is Marginal." "Data show without exception, " he concludes, "that it is the severity of consequences (that) are most important in driving (governmental) policy attitudes. . . . Demand for risk mitigation is driven mostly by the seriousness of the consequences of unwanted events, not by their 'risk' or probability, nor by the 'riskiness' or 'risk' of the activity or other causes giving rise to those unwanted events." Fear of the negative overbalances both potential benefits and probable likelihood (termed "risk" by Sj÷berg). Does this make sense?
I see distinct differences in governmental and corporate handling of this risk equation. Governments overweight harmful consequences, particularly those the public fear, when they regulate, downgrading both probabilities and benefits. They pander to the downside fears of the populace. This is my criticism of the "precautionary principle." Corporations, on the other hand, give likelihood the greater weight, dismissing outlier events as being too remote to consider. Peter Bernstein again: "Risk management spends too much time fussing around with the 95%, when (its) primary responsibility is to respond to that something hidden in the 5%. That is where what we call shocks come from. But shocks are not luck. They are not events without causes. Rather, they are events whose causes we either failed to anticipate or did not understand until after they happened, and sometimes not even then." (from Economic and Portfolio Strategy, November 1, 2001)
So we have a dilemma. Which element of the risk equation deserves the most emphasis? When we have enough data, risk analysis helps our understanding of potential likelihood and consequences within two or three standard deviations. But when data are limited, as is the situation with that last 5% or 1%, we use other skills to anticipate possibilities and consequences and build resilience in our organizations. Likelihood allows us to avoid wasteful expenditures for remote events. Consequence reminds us of the potential for catastrophe.
New View of the Discipline
In the November 1999 RMR, I reviewed two books by David McNamee, both published by the Institute of Internal Auditors. The first, co-authored with Georges Selim, was titled Risk Management: Changing the Internal Auditor's Paradigm (IIA, 1998). It was a study of the entire discipline, featuring the most complete glossary of terms and bibliography that I have seen to date. The second book was Business Risk Assessment, David's practical synthesis and application of ideas. Together I called them "clear, complete, and refreshingly simple." I haven't changed my mind.
A reader in New Zealand just sent me a copy of David McNamee's latest work in progress, a research project for the New Zealand State Services Commission. Titled "Risk Management Today and Tomorrow," it confirms many of his earlier conclusions: "risk is a concept that describes uncertainty in achieving goals," "risk is never managed, since risk is a conceptual property," and "managing risk means developing and keeping a blend of some order within the general process of disorder in the organization." He outlines the strategic influences on business (and governmental) risk assessment, including the natural bias of people to think only of risk in the short term. Then he describes the means of integrating the discipline in planning and decision-making. He suggests three important shifts in focus:
McNamee's paper develops three methods of improving identification: (1) a full assessment of an organization's environment (economic, physical, political, stakeholders, competition, technology, regulations), (2) a consequence-emphasized exposure assessment, and (3) development of "threat scenarios" for the difficult-to-measure, high consequence events. His paper concludes with a current review of risk management efforts by governments in Australia, New Zealand, US, Canada, and EU.
It is not a pretty picture. The global commercial property and casualty insurance business may be unraveling.. Here is a recipe for disaster. Take the US insured catastrophe losses of $6.6 billion for the first half of 2001, exceeded only by 1994's Northridge earthquake. Add the H.I.H. collapse in Australia that will cost US$2.75 billion. Add the accumulating underwriting losses, a global recession and slumping stock markets. Add the escalation in asbestos liability claims, now exceeding $65 billion. Then add September 11, with insured loss estimates running from $35 billion to $70 billion. Already Taisei Fire & Marine in Japan is bankrupt from this event. More will follow.
Everyone is scrambling for cover. Zurich Financial sells its reinsurance facility (now called Converium). Royal-SunAlliance suspends its reinsurance underwriting. Reinsurers and insurers alike raise rates, add exclusions, reduce limits, cancel and non-renew. US insurers complain bitterly about underfunding in the Lloyd's Security Fund, after regulators permit a temporary reduction in that fund from 100% to 60% of estimated losses. The US National Association of Insurance Commissioners (NAIC) investigates the "solvency" of Lloyd's. A group of chief executives march on Washington demanding reinsurance relief for future acts of terrorism. German insurers ask for a new government pool for terrorism claims. Swiss Re asks a court to limit its liability for the Twin Towers to $3.5 billion, arguing that the loss was a single occurrence and that the owner deliberately under-insured the building. Silverstein Properties responds with a demand for immediate payment and the acrimony escalates. Standard & Poor's warns about the financial fragility of the insurance market. Moody's cites significant credit issues. Yet some industry voices piously proclaim the market's capacity to pay all claims and its ability to continue to provide insurance for all.
Is there a role for the Federal government? In Europe, France, Spain and the UK provide some excess catastrophe protection, either to the insurance industry or directly to buyers. Israel covers losses from terrorist attacks. Most earthquake losses are government subsidized. In the US, flood insurance has long been federally subsidized and the Federal Emergency Management Agency (FEMA) offers assistance and low-interest loans to individuals and businesses in areas declared disaster zones. California operates an earthquake insurance facility. The Price-Anderson Act brings government funds to the table supplementing conventional insurance in a nuclear disaster. Most states have guaranty funds that reimburse policyholders when an insurer fails. The US and UK governments have already given relief packages to airlines. In a sense, government, as a matter of public policy, is already the "insurer of last resort" after a catastrophe.
How far do we want to carry this? Are terrorism "pools" warranted by the attacks of September 11? We've experienced few attacks in the past in the US. The probability remains low, despite current public fear, given the global responses to September 11 and the anthrax letters. Warren Buffett, of Berkshire Hathaway, on the other hand, suggests that a major terror outbreak might cost insurers as much as $1 trillion. Should this risk continue to be underwritten by the commercial market? Stephen Lowe, of Towers Perrin, writing in Emphasis, No. 3, 2001, argues that "a basic principle of insurance is the reduction of overall risk by pooling or spreading individual, independent risk. But this principle can break down if a single event affects many insureds simultaneously," bringing the potential for "contagion." How do terrorist acts differ from hurricanes? Commercial insurers underwrite hurricanes, relatively infrequent single events that affect tens of thousands of people. Why should terrorism be treated differently? The Economist suggested on September 29 that insurance companies "might prefer it (the government) to be the ultimate guarantor of the stockmarket. The fall in equity markets since September 11 has knocked more than twice as much off insurers' world stockmarket capitalisation as the estimated $30 billion insurance cost of the terrorist attacks." The magnitude of the terrorist events of 2001 have shocked us but does that mean that we immediately need a government bailout? Consider the fact that numerous investors are rushing to capitalize new and old reinsurers in Bermuda, the US and Europe, to take advantage of the perceived profit opportunity of charging buyers much higher insurance rates.
What is the proper dividing line between the commercial markets and governments for risk financing? September 11 forces an answer to that question.
So much for the reactions of insurers and reinsurers. How are buyers reacting? They have lived with an increasingly irrational insurance market for over twenty years. They tolerated volatility, capricious underwriting, inadequate reserving, exorbitant expenses, tedious and short-changed claims payments, a quick rush to exclusions when conditions changed, and the offer of limits of protection insufficient for today's economic requirements. They tolerated the incomprehensible inability of the industry (underwriters and intermediaries alike) to produce a complete and correct contract before a policy's inception date, inexcusable in any other industry. The absence of agreed-upon wording for the World Trade Center insurance, even though the premium was paid months ago, contributed directly to the Swiss Re lawsuit. Now rates are sky-rocketing and coverage is shrinking. Consumers are not happy.
Already insurance buyers for larger companies are considering much higher retentions, expanded use of their own captive insurers, use of industry pools, and catastrophe bonds that tap capital markets. The French risk managers' association, AMRAE, accuses insurers of taking advantage of the situation in raising rates. AMRAE is working to obtain tax deductibility for self-insurance reserves and threatens the creation of a industry mutual company. Most companies, however, are simply ratcheting up their deductibles under insurer pressure. Few appear to be stepping back to look at the entire system.
Eight years ago, British Petroleum did just that. It decided to drop all commercial insurance in excess of US$10 million, allowing local operating units to buy statutory insurance up to that level on their own volition. This apparent topsy-turvy decision was based on a study by Neil Doherty of the University of Pennsylvania and Clifford Smith of the University of Rochester (see RMR July 1994), reported in The Journal of Applied Corporate Finance, Vol. XI, No. 5, Fall 1993. In effect, BP became fully self-insured. Most companies, of course, do not have BP's global spread of risk nor its financial resources.
Is this the time to consider the end of reliance on commercial insurance? The system, in operation for more than 200 years, depends on the ability of individual insurers to lay off their bets with reinsurers around the world. As long as the system demonstrates reasonable financial security, it works. Consider this scenario, however.. Under the pressure of a single monumental loss, or accumulation of losses, and compounded by decades of uncorrected bad habits, some reinsurers fail. Other in turn go bankrupt, creating a falling domino effect. Adverse publicity then triggers a public loss of confidence: why buy insurance if a loss payments are questionable? Governmental intervention becomes essential. Larger organizations can take the BP approach and consider other alternatives, but most of us, individuals and smaller businesses, require some insurance for our risk financing.
I exchanged emails with one risk manager about his retention levels. Even with a huge premium increase, his deductibles rose from $10 million to $25 million. What are his current insurance limits? They are less than half what his company charged off last year in credit losses! In ten years he has incurred insured losses of less than 1% of last year's credit write-off. Under these circumstances, is his insurance "material?" Couldn't he just as well adopt the BP approach? Using hypothetical numbers, let's assume that he has two risk situations. The first is credit risk, with an expected annual loss of $200 million and a possible "worst case situation" of $600 million. The second is operational risk, with an expected annual loss of $10 million and a possible worst case situation of $410 million. His company absorbs the first loss potential internally but chooses to "insure" the second. If it can manage the first, why can't it manage the second? What's the economic difference? Insurance advocates will argue that, for operational risk, there is a market with "reasonable" rates. But a market also exists to hedge credit risks, and we know the unreliability of the operational insurance market.
In all probability the commercial insurance market will rebound from its current difficulties. Some governmental protection will be created. The unraveling will stop. I hope, however, that both the market and its users will take this moment to correct its glaring inadequacies. We need a strong and resilient risk sharing marketplace. We don't have one now.
Copyright H. Felix Kloman and Seawrack Press, Inc.
to RMR Table of Contents
RiskINFO Home Page
Additional Topics This Month and Archives