Heidi Lawson and Robert Jacques contributed to a piece covering the key steps for (1) identifying and analyzing loss exposures, (2) deciding how to address those exposures, and (3) purchasing insurance as one risk management technique.

Read the full article

More than ever, in the wake of the global disruption wrought by the COVID-19 pandemic, geopolitical upheaval, and supply chain disruptions and other inflationary pressures, risk management has proven critical to organizations' operations and survival. Although some organizations might continue to view risk management, including the purchase of insurance, as a mere line item expense, they do so at their own peril.

This piece will walk you through the key steps for (1) identifying and analyzing loss exposures, (2) deciding how to address those exposures, and (3) purchasing insurance as one risk management technique.

Overview of Risk Management
You should first understand what risk is, at a fundamental level, before you can effectively manage it. Risk entails uncertain outcomes, when some outcomes will negatively effect an organization. In turn, risk management is the formal process of economically addressing risk, and enterprise risk management is an approach to managing an organization's key risks to (a) prevent and reduce loss, and (b) make risk less uncertain (e.g., by better understanding the probability of a loss event).

Indeed, there are several operational advantages to practicing enterprise risk management, including (i) eliminating "risk silos," by encouraging employee awareness and coordination; (ii) increasing certainty regarding their strategic and operational objectives; and (iii) actually avoiding and mitigating risk, thereby enhancing a company's value by ensuring continuity of operations and enhancing earnings stability.

Process for Identifying and Addressing Loss Exposures
Before risk can be effectively managed, you must first identify and analyze the risks to which your company is exposed. The process for doing so, along with the process for subsequently deciding how to address those risks, can be summarized in six steps (SAASIM):

Step 1 – Spot your company's loss exposures

Ask three critical questions:

  • What assets are exposed to loss?
  • What are potential causes of loss (perils/liabilities)?
  • What are the financial consequences of a loss?

Step 2 – Analyze your company's loss exposures

Estimate the likely significance of different loss exposures based on four criteria:

  • Assess the frequency of the loss
  • Assess the severity of the loss (e.g., max possible loss)
  • Assess the expected total value of loss
  • Assess the timing of losses

Consider different sources of information to make this assessment:

  • Analyze relevant documents and information:
  1. Questionnaires and checklists
  2. Financial statements and accounting records
  3. Contracts, e.g., hold-harmless agreements
  4. Existing insurance policies
  5. Organization policies and records
  6. Flowcharts
  7. Organizational charts
  8. Loss histories
  • Conduct compliance reviews
  • Collect info during inspections or from risk surveys
  • Refer to expertise within and outside the organization
  • Perform analyses such as structured what-if technique (SWIFT), scenario analysis, and game theory simulations

Step 3 – Assess feasibility of risk management techniques

Once you understand your risk exposures, there are two general ways to address those exposures: engaging in either (1) risk control or (2) risk financing.
Risk control involves efforts to minimize the frequency and severity of loss and to make risk more predictable. There are generally six types of loss control decisions:

  • Avoidance (avoid the exposure altogether)
  • Loss prevention (minimize frequency of loss)
  • Loss reduction (minimize severity of loss)
  • Separation (isolate assets and loss exposures)
  • Duplication (copies of assets to minimize disruption)
  • Diversification (spread risk)

Risk financing involves efforts to generate funds to finance loss, when it occurs. Essentially, there are two options:

  • Retain the risk, ideally after considered risk analysis, though the retention of risk can be unplanned and unconsidered. Retention methods include:
  1. Expensing for losses as they occur
  2. Setting a loss reserve (funded/unfunded)
  3. Borrowing funds
  • Transfer the risk by purchasing insurance, but also potentially through hold-harmless agreements, hedging, and securitization.

Step 4 – Select appropriate risk management techniques

Once you assess the options for addressing a risk, you should choose a technique that is effective and economical. Ideally, data should drive decision-making, though decisions are often informed by other considerations, such as the risk tolerance, business/financial objectives, and operational preferences of management.

Retention is most appropriate for low-severity loss exposures. Sometimes, however, retention may be the only practical option for an organization, such as if it cannot find insurance for certain types of severe losses (e.g., nuclear disasters).

Step 5 – Implement the selected risk management techniques

You should effectively execute on your decisions. Effective implementation of your risk management plan will involve coordination by various stakeholders (e.g., IT personnel with respect to cyber-related exposures) and can be done in different ways, including:

  • Purchasing proper insurance
  • Training personnel about loss control efforts
  • Encouraging and reinforcing best practices

Step 6 – Monitor results and revise the risk management program

Your decisions should be continuously monitored, assessed, and improved. This will involve setting standards, comparing those standards with results, correcting problems, and potentially revising standards (e.g., if the original standard is unrealistic).

Overview of Insurance Procurement

Insurance is the primary means of risk financing for most companies. In theory, insurance is a simple proposition: a policyholder pays an insurance premium in return for an insurer's promise to indemnify the policyholder in the event of loss. In practice, insurance policies involve a complex patchwork of sections—including insuring agreements, definitions, exclusions, exceptions to exclusions, conditions, and endorsements that sometimes completely alter or remove other portions of the same policy. In addition, companies often must purchase a patchwork of multiple insurance policies to avoid unwanted "coverage gaps" and ensure that all critical loss exposures are properly financed. Having a proper, basic understanding of insurance is critical for effectively purchasing insurance that will meet a company's risk-management goals.

The Players of Insurance Procurement

There are three main players in the insurance procurement process: (1) the company seeking coverage (policyholder), often on behalf of multiple entities or individuals meant to be insured under a policy; (2) the insurance carrier that issues coverage; and (3) the insurance broker, which effectively serves as a middleman between the other two.

Insurers There are numerous insurance carriers in the insurance industry. Some are large and highly regulated across various states, while others are so-called "surplus lines" insurers that can offer specialized types of insurance coverage, subject to less regulation. Over time, insurers have developed certain reputations in the industry in terms of their reliability, innovation, and customer service, which should be considered when you select an insurance carrier. Generally, an insurer should be chosen to issue coverage based primarily on the insurer's (1) ability to offer terms that meet your risk-management goals; (2) record of paying claims, especially without aggressive claim handling tactics; and (3) financial solvency.

Brokers Policyholders often choose a broker to assist in the insurance procurement process, though in practice, brokers often act as "middlemen" between policyholders and insurers. A good broker should be knowledgeable about trends within the industry; competently advise policyholders about options for addressing their risk exposures; and effectively communicate with insurers regarding a policyholder's goals. It is worth bearing in mind, however, that brokers often receive commissions from insurers and may sometimes face conflicts of interest. Although brokers can be consulted, brokers should never be relied upon to interpret the terms of coverage; that is the job of coverage counsel.

Steps of Insurance Procurement

The process of purchasing insurance can be summarized in five basic steps:

  1. Contact your broker to discuss the risks that you want to insure.
  2. Provide information (often in a formal application) to insurers to allow the to underwrite your risk and formulate their proposed terms of coverage.
  3. Analyze quotations received from insurers to assess which option best meets your risk-management goals.
  4. Select the best option and pay the required premium.
  5. Review any binders or policies issued by insurers to ensure the documents conform with the quoted and agreed-upon terms of coverage. It is not uncommon for carriers and brokers to make mistakes in issuing documents, to the prejudice of policyholders.

The insurance-procurement process is repeated on a yearly basis during insurance "renewal" cycles. Renewals often become more streamlined after you and your insurer have established a relationship. In addition, if an insured loss occurs during a policy period, the renewal cycle allows policyholders to reward insurers that properly pay claims—or to walk away from those that don't.

Tips for Procuring Insurance
In the procurement process, insurers generally have more bargaining power than policyholders, are more informed about the risks (e.g., with databases of claims history), and ultimately are responsible for setting the terms of coverage. Because insurers often unilaterally set most terms of coverage, usually the main matter controlled by a policyholder is selecting the insurance policy's retention/deductible and limits.
Here are two general guidelines for purchasing insurance:

  • Choose higher retentions/deductibles, if you have the financial wherewithal to retain more risk, as doing so will generally (i) reduce the upfront premium cost; (ii) allow you greater control over the claims process; and (iii) incentivize effective risk control efforts.
  • Consult with coverage counsel to assess proposed terms of coverage and assist with the review of quotations, binders, and policies. Insurance can be complex. Your right to coverage will turn on the facts underlying a loss, as well as which body of state law applies to the interpretation of the policy. Coverage counsel can be critical to ensuring that the terms of an insurance policy are aligned with your expectations.

Concluding Remarks

The general risk-management process described in this piece, including the purchase of insurance as a means of risk transfer, is critical for any company of meaningful size. Apart from ensuring you are buying sufficient insurance, it can prevent losses (and their resulting hassles) from occurring at all. Every company should have at least one person or committee with explicit responsibility over risk-management functions.

Originally published in Insurance Journal

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.