Risk Management Reports

November, 1997
Volume 24, No. 11

The Bayou Bomb
"Jurors rarely make decisions based on case facts. Rather, they make decisions based on their emotional reactions to the litigants and their perceptions of the facts are colored by their beliefs, biases, expectations, and past experiences." Dan Gallipeau wrote these perceptive words in Reason & Risk, Fall 1997. They were immediately confirmed by the award by a Louisiana jury of $3.4 billion to 8,047 residents of New Orleans for the alleged damages caused by a December 9, 1987 fire in a butadiene tank car. I say "alleged" because there were no deaths, no significant physical injuries and only minor property damage. A fire started in the tank car when the chemical began to leak at an interchange yard. The fire authorities let the fire burn itself out over 36 hours and ordered the evacuation of some 1000 local residents. Yet aggressive plaintiffs' lawyers were able to amass 8000 plus residents for a class action suit against every possible defendant, from the shipper of the chemical, the loader of the car, the owner of the car and the railroad, CSX, on whose tracks the car ran. The awards were made by the jury against several companies, two of which (the tank car owner and prior owner) had already admitted liability. The largest award, however, was levied against CSX - $2.5 billion in punitive damages - even though a National Transportation Safety Board report had absolved it of any responsibility!

While this outrageous award will certainly be overthrown or dramatically reduced by an appeals court, the real damage is the publicity. News of a legal system run amok has been broadcast worldwide. Some corporations will consider the need for higher limits of liability protection on the theory that appeals may not always set the situation right. Some, perhaps correctly, will choose to reduce operations in states such as Louisiana where runaway juries are found. A cautionary flag has been raised.

This blatant rape of justice could add impetus to the growing surge of resentment against the legal system in the US and the call for real reform. We need to limit class action suits, restrain the imposition of punitive damages, and allow the admissibility of expert and not distorted testimony. Class actions suits should no longer be a free ride for irresponsible plaintiffs with imagined injuries, for compliant physicians who readily support those claims and for the ever-present plaintiff's bar, ready to sue for enormous contingencies.

This CSX case follows the Dow-Corning fiasco and the budding but yet unexploded EMF bomb. Dan Gallipeau's observation about juries, unfortunately, is still pertinent.

Crowds of vagabonds frame their lies so tightly none can test them.

Homer, The Odyssey, Book 1, translated by Robert Fagles
Viking, New York 1996

GARP Again
In the September 1997 RMR, I wrote about the "Generally Accepted Risk Principles" published by the London office of Coopers & Lybrand. The acronym has surfaced again. Now it's the "Global Association of Risk Professionals," a nonprofit, independent, worldwide association of over 1500 financial risk analysts. It is a "virtual" organization, since it exists almost exclusively on the Internet. Its web site (www.garp.com) links risk professionals in 58 countries to a monthly newsletter, news releases, forums, and ongoing dialogues on risk issues. GARP is sponsoring a Financial Risk Manager (FRM) examination, for which 138 have already signed up, with examinations held on October 25, 1997, in Hong Kong, London, New York, Singapore, Zurich and Johannesburg. The exam has 239 questions on quantitative techniques, credit risk, market risk, derivatives, regulatory and compliance issues, and risk management techniques. GARP is also sponsoring a 1998 Risk Manager of the Year Award (yet another one - see RMR October 1997!). I'm still new to this group and so have not had the time to study the educational materials or the quality of discussion, but GARP seems to me to be an indicator of future electronic interaction. Consider the implications: here's a new global organization, operating effectively without annual dues or an office staff. Yes, GARP has "sponsors." GE Information Services, Reuters Risk Management and KPMG are listed and I assume that they have contributed some funds, but the carrying charges must be modest. In a limited time, it has gathered 1500 members worldwide and offers better communications among its members than older organizations with many years of operation. I hope that many public policy and operational/insurance risk managers choose to join and contribute to GARP for its particular slant on financial and market risk issues. We can all learn from each other as we move toward a more integrated discipline of risk management.
Watching other people work is, for the creative mind, wonderfully evocative of all sorts of reflections, some of which are useful. It is a characteristic of the creative person that can be maddening to those around him, and is a great source of domestic disquiet.

Robertson Davies, The Merry Heart
Viking, New York 1997

The Maginot Line
A recent headline in The National Underwriter provoked some reflections on the irrationality of current US regulatory laws on insurance. The headline read " Financial Services Reform Bill on Indefinite Hold." In a world where financial services encompass the holding of deposits, lending, investments, real estate, insurance, and consultation, our Congress remains unable to find a way to recognize this simple fact. Too many archaic groups try to protect their fiefdoms from the inroads of competition, the demands of customers and the improvements granted by new technology. These groups, especially the insurance agents, have thrown up a Maginot Line. It seems impregnable to them, even though the hordes of alternative approaches are sweeping around its ends. Maginot Lines, Chinese Walls and Berlin Walls have always proved ineffective.

Do we really need a reform act from Congress? The "law" inevitably confirms what already exists in fact, not what should be. Alan Levin of Standard & Poor's told me that the average bill spends ten years in Congress! If insurers fear the competition of banks, it is already too late. The "law" is an imperfect wall. The market inevitably wins. The Barnett Banks decision of the Supreme Court acknowledged that. So did the decision of the Hartford Insurance Group to cast a lot with First Chicago. For fifteen years I've bought insurance from and banked with a credit card with USAA. In Europe banks and insurers have close relationships. Now Credit Suisse and Winterthur are to be joined, and other bank-insurer consolidations are inevitable.

Protecting insurers, their agents, and their state regulators from the future doesn't make sense. The 1945 McCarran-Ferguson Act is already effectively defunct as the more progressive financial service providers swarm around its ends and through its breeches. Steve Brostoff in the National Underwriter in July: "The insurance industry needs to prepare for federal regulation. I'm convinced it is coming in the next 10 years or so." A National Underwriter editorial in September: " . . .this analysis should be done from the standpoint of efficiency, not emotion." Steve Lowe, of Tillinghast-Towers Perrin, in Emphasis, No. 3, 1997, asked if existing regulation can keep up with "intensifying competition and fast-paced innovation - information technology, distribution channel innovation (including the Internet), restructuring (consolidation) and globalization of the market." He concluded that, "from a public policy perspective, rate regulation carries a cost - it inhibits innovation."

I think we must first acknowledge that insurance, be it life-health or property/casualty, is not a God-given right of every citizen. We have the right to choose to buy or not buy protection. We are, or should be, sophisticated enough to make wise buying choices. We should not be "required" to buy any sort of insurance, "provided" with insurance when the market might not make it available to us, for good or poor reasons, or given rates and prices that are mandated by the government. The only proper role of the state is to assure the financial solvency of those organizations that sell financial protection.

I think we must first acknowledge that insurance, be it life-health or property/casualty, is not a God-given right of every citizen. We have the right to choose to buy or not buy protection. We are, or should be, sophisticated enough to make wise buying choices. We should not be "required" to buy any sort of insurance, "provided" with insurance when the market might not make it available to us, for good or poor reasons, or given rates and prices that are mandated by the government. The only proper role of the state is to assure the financial solvency of those organizations that sell financial protection.

If the real issue is solvency, not rates, prices, forms, etc., then perhaps we need neither state nor federal regulation in its current form. Given the quality and competition among the various private rating agencies (A. M. Best; Standard & Poor; Moody; Weiss; Duff & Phelps), we already have an effective early warning systems for all consumers, personal and corporate. Combined with an aggressive public press that gives buyers immediate disclosure of financial institution problems, these rating agencies permit reasonable buyers to make prudent decisions. We need state or federal intervention only for action when insolvency is imminent.

The conclusion is to scrap much of our regulation. Eliminate most of state regulation. Dispense with rate, form and price approvals. Dump intermediary licensing. Use federal regulation only to assure solvency. Permit competition among different financial institutions. Consumers are capable of measuring convenience and cost, rather than relying on the heavy hand of the state as "protector."

Am I tilting at windmills again? Pessimism born of age and experience tells me that many of these regulatory anachronisms will continue into the 21st century, despite the wishes of graying observers.

. . . he thought Two Thoughts, and the Two Thoughts he thought, were these:

(a) Anything can happen to Anyone, and

(b) It's best to be prepared,

. . . and Thought Number Three was:

(c) A boat.

Arundhati Roy, The God of Small Things
Flamingo, London, 1997

Insurance in Perspective
Some time ago I suggested that the role played by the global non-life insurance industry in financing losses is minor. Without hard data, I guessed that conventional insurance might account for less than 5% of the financing of worldwide personal and corporate losses.

I now have data that begin to support my working hypothesis. Gerhard Berz, of Munich Re, has published information on worldwide economic losses from weather-related natural disasters between 1980 and 1996. Overall losses were $275.6 billion. Insured losses for the same period were $83 billion, 30% of the total. Since these data cover only "weather-related" losses, excluding other property, criminal, liability, worker injury, political, regulatory, and financial (market, currency, interest rate, credit) losses, I still believe that my initial guess, that less than 5%, possibly as low as 1%, of losses are covered by insurance, is correct.

My point is that insurance, as any other form of risk financing, from hedges to governmental reimbursement, should be viewed in proper perspective. It is a useful tool in limited situations.

This argument is further reinforced by the publication in Swiss Re's Sigma of world insurance figures for 1995 (see No. 4, 1997). Premium volume was US$2,143.4 billion (or two trillion in the vernacular), of which just less than half, or US$906.8 billion was non-life (or property-casualty, as it is known in the US). The largest percentage came from North America ( $360 billion from the US and $80 billion from Canada) for a 42% market share. The US non-life business grew at a rate of only 1.3%, mediocre results for an otherwise dynamic economic year. Swiss Re doesn't show the surplus that supports these premiums but I assume that it is about half, or US$450 billion. When this surplus is compared to the magnitude of possible catastrophe events (a $150 billion windstorm in the southeastern US or an earthquake of $300 billion in California or $600 billion plus in Japan), this surplus looks puny.

I told you the truth, Memory's truth, because memory has its own special kind. It selects, eliminates, alters, exaggerates, minimizes, glorifies, and vilifies also; but in the end it creates its own reality, its heterogeneous but usually coherent version of events; and no sane human being ever trusts someone else's version more than his own.

Salman Rushdie, Midnight's Children,
Penguin Books, New York, 1980

Measuring Performance
Two important trends are re-forming risk management. The first is the movement toward a more holistic, integrated and strategic form. It now requires a multi-disciplinary approach. We all must start learning new risk languages from public policy, finance and operations. The second is the growing decentralization of risk management. Assessment, control and even financing are being devolved to operating units.

A group of risk managers in London in late September considered a key question: how should we measure the risk management performance of operating units asked to take responsibility for thorough assessments, prudent controls and higher internal levels of financial accountability. The traditional tools of performance measurement are probably inadequate.

These operating units must contend with a broader range of risks: financial/market (currency, investment, interest rate and credit), regulatory/political, legal liability (environmental, product, general, marine, aircraft, auto, employment and professional), and operational (physical damage, harm to employees, criminal activities, and errors). Risk itself includes more than the potential frequency of an event and its potential consequences, financial or reputational. Managers now consider other factors such as the public's perception of the risk, the timing of the event (or events), and our confidence in our ability to quantify these elements. Managers must realize that risk is culturally constructed - aversion and acceptance are different for each individual and each organization - and that risk is constantly changed by the responses of others.

The goal of risk management is a constructive balance between reward and harm. It is not just reducing risk.

Given these generally accepted elements, some benchmarks are useful for establishing performance measurements. The Tillinghast-Towers Perrin "Guiding Principles" (see RMR March-April 1988 and June 1994), Australia-New Zealand Risk Management Standard #4360 (see RMR February 1996), Coopers & Lybrand "Generally Accepted Risk Principles" (GARP) (see RMR September 1997), and the newly-published Canadian "Risk Management: Guideline for Decision Makers," (No. CAN/CSA - Q850-97) all provide both qualitative and quantitative guidelines.

We can also look to organizations that lead in the applying integrated risk management. Innovative tools include the "risk-maps" used by QIDC (Australia), Microsoft and Standard Chartered Bank, the "riskscapes" used by Tillinghast-Towers Perrin, "risk report cards" used by Freddie Mac (Washington), "RiskMetrics" used by J. P. Morgan (and its related CreditMetrics and the "4:15 Reports"), "risk quotas" used by Guinness, and of course RAROC (risk adjusted return on capital) pioneered by Bankers Trust. Each system is designed to fill a particular need.

While it is too early for definitive operating unit performance measurements, my research and the recent discussion in London indicate that ten general factors or conditions can help in devloping meaningful measures.

(1) Commitment: Any integrated program requires senior management interest and commitment. A task team approach blends different and formerly competitive disciplines. Sanwa Bank uses a "Risk Management Council." Other create "Groups," "Task Forces" with a sunset provision, or even conventional "Committees" to provide definitions, establish processes and assign responsibility. These groups emphasize that "reputation," not physical plant, is any organization's most important asset.

(2) Stakeholder Focus: The emphasis of risk management must be on stakeholder, not just shareholder, value. This requires different measurement formulae.

(3) Accountability: Give individuals and teams at the operating level responsibility and accountability for management of risk, including reward and harm. Use a multi-year view that provides more incentive than a single year measurement. Groups should establish individual risk goals, in connection with overall firm strategy. This is the bottom-up component of integrated risk management: assessing risks, setting goals, and mutually creating performance measures. Tangible rewards (bonuses) connected to these measures also create real incentives.

(4) Balance: Avoid over-emphasis on controls (too much audit in measurement). It stifles initiative and innovation. Senior management should allow operating managers to make their own mistakes, within some constraints.

(5) Measurability: Create easily understood performance measures, compatible with overall strategic goals, and communicable in the language operating units understand. One risk manager asks units to measure themselves in terms of effects on overall ROE as well as on local budget. He adds a personnel injury rate measure, compared to the average of two prior years. He also uses a more qualitative review of "environmental effects" and the potential for "loss of political and regulatory support." Others use the more traditional "cost-of -risk," workers' compensation cost rates, and reductions in engineering estimates of MFLs (maximum foreseeable losses). Another idea from the London discussion: measure the performance of operating managers by assessing their response to two or three "contingencies" that occurred during the year. Reward those who pro-actively recognized significant risks, established prudent controls, prepared for contingencies with working crisis or business recovery plans, and actually made these plans work effectively. The test for any "risk manager," local or corporate, is how well a team rebounds from an unexpected situation, in terms of finances, reputation and employee morale. Contingency measurement could be the most positive way of assessing performance.

(6) Self-Reporting: The best measurement systems rely on numbers that are largely self-reported, rather than on the opinions of external auditors. The numbers should be self-policing - easily checked for accuracy.

(7) Catastrophe Potential: Bill McGannon's Maxim states that any organization should prepare for a loss of 150% of annual profit once every ten years. Any measurement system must emphasize the organization's psychological and financial preparedness for such catastrophes. Avoid over-managing the smaller risks and losses and under-managing the potential for catastrophe.

(8) Unintended Consequences: Every response to a risk inevitably creates new risks. A measurement plan should encourage thoughtful anticipation of unintended consequences. Scott Paper Company many years ago recognized the earnings impairment potential of downtime for paper machines and black liquor recovery boilers in its paper mills. It arranged for full business interruption insurance, without deductible. Its mill managers quickly saw that they could easily avoid scheduled monthly maintenance downtimes and produce more paper, without financial loss. No maintenance = higher losses over the long term. The managers effectively blew the lid off their insurance cover in the space of 18 months.

(9) Balancing Risks: Performance measures must emphasize managing and balancing risk (reward and harm), rather than single-mindedly trying to reduce all risks. This is the strategic rather than the tactical view.

(10) Data On Line: To simplify reporting, make sure that all operating unit data used in performance measurement are reported and updated on line, rather than by paper. This keeps them current and instantly reviewable by all concerned.

Where do we go from here? These ten preliminary guidelines for establishing performance measurements for decentralized risk management form a "balanced scorecard" of processes, financial data, the view of customers and employee learning and innovation. A rolling three year average is probably better than the conventional one year approach, although this is more difficult to adopt in any organization that is dominated by short-term management. It is both "top down" (senior management commitment) and "bottom up" (operating unit accountability). Consider this "work in progress" and I'll expand and amplify ideas in future issues of RMR.

Out there in the field, on the line
Are results of risk management fine?
Most do not know
What to measure to show
They're "holistically" top of the line.

Hugh Rosenbaum, of Tillinghast-Towers Perrin,
after a luncheon discussion group in London, September 29, 1997