Tag Archives: 911

4 Disasters That Never Should Have Occurred

It’s not easy trying to predict the unpredictable. Yet that’s what risk managers are responsible for doing every day. Sometimes, the plans to identify or protect against a particular disaster come up short. Read on for four of the biggest risk management disasters in history – and how the risk management industry has learned from them.

It’s become an iconic image in pop culture – Leonardo DiCaprio leans in close behind Kate Winslet as she raises her arms and exclaims “I’m flying!”

But what can Kate and Leo teach us about risk management?

Quite a lot, in fact. Thanks to several movies and countless other retellings, the tragedy of the Titanic is something everyone knows. But with a better understanding of some basic risk management principles, the Titanic never would have sunk at all.

Michael Angelina, executive director of the Academy of Risk Management and Insurance at Saint Joseph’s University, uses the Titanic and other notable risk management disasters to give his students a better idea of what exactly risk management is – and why they should care about it.

It turns out some of the most notable risk management disasters had specific causes that create pretty clear lessons for risk managers in a range of industries to learn. Let’s take a closer look at four of the biggest risk management disasters in history and what ARMs and risk managers took from them, starting with the event everyone’s favorite ’90s epic/romance/disaster movie is based on.

The sinking of the Titanic

The shortage of lifeboats on board the Titanic on April 15, 1912, has become a well-known fact representing the arrogance and naiveté of designers, crew members and passengers who were positive the massive vessel was unsinkable. To be sure, pretty much everyone was overconfident, from not giving lookouts binoculars to ignoring warnings from other ships about icebergs in the area.

And while the lack of lifeboats is held up as the primary example of that hubris, the 20 lifeboats actually complied with safety regulations at the time. In fact, only 16 rescue ships were required. Lifeboat capacity was determined by the weight of the ship, not the number of passengers on board. This rule was developed for much smaller ships and hadn’t been updated to adjust for the enormous ships that were built in the early years of the 20th century. What’s more, there hadn’t been a significant loss of life at sea for 40 years, and large ships usually stayed afloat long enough for individual lifeboats to make multiple trips to and from a rescue vessel. For all of those reasons, everyone tragically assumed there were an adequate number of lifeboats for passengers.

The risk management lesson learned: Complying with regulations and established best practices is no guarantee that a specific risk has been effectively mitigated. Risk managers need to consider these safeguards the same way they would any other risk prevention effort and take additional action when they don’t sufficiently guard against risk.

See also: A Revolution in Risk Management  

Deepwater Horizon explosion

When the Deepwater Horizon oil rig exploded on April 20, 2010, several executives from BP and Transocean were actually on the structure to celebrate seven years without a lost-time safety incident on the project. Company leaders were so focused on preventing – and measuring – lesser risks like slips, trips and falls that they failed to identify the more complicated process management risks that ultimately led to the explosion.

Risk management lesson learned: All risk analysis is essentially weighing how likely an event is to occur against what impact that event would have, then identifying effective ways to address those risks. Thanks to complacency, cutting corners, arrogance or some combination of those factors and others, BP and Transocean targeted risks with high probabilities and low impact. In the process, they neglected risks in the opposite quadrant of that matrix that were unlikely to occur but could have catastrophic results.

Sept. 11 attacks

Since the tragic events of Sept. 11, 2001, individuals, businesses and the U.S. government have put vast effort and resources into preparing for and defending our nation against further attacks. Professors of risk management at the University of Pennsylvania call 9/11 a “black swan” event – one that is very rare and difficult to prepare for.

Risk managers are extremely good at preventing what’s happened before from happening again. But unlikely events are extremely difficult to predict. Before Sept. 11, 2001, terrorism was listed as an unnamed peril in a majority of commercial insurance deals, according to Penn researchers. After the attacks, insurers paid $23 billion, and many states passed laws permitting insurers to exclude terrorism from corporate policies. Today, the semi-public Terrorism Risk Insurance Act covers as much as $100 billion in insured losses from terrorist attack.

Risk management lesson learned: These black swan events are difficult to predict and even more difficult to prepare for. A portion of the risk management field will always be reacting to the specifics of previous significant events and incorporating them into their models forecasting future risk.

Financial Crisis of 2007-2008

Plenty of people were quick to blame risk managers for failing to protect the world’s largest financial institutions against the biggest economic disaster since the Great Depression. The Harvard Business Review identified six ways companies fail to manage risk, while the Risk and Insurance Management Society (RIMS) argues the financial crisis was not caused by the failure of risk management, but rather organizations’ failure to embrace appropriate enterprise risk management behaviors. Companies provided short-term incentives and did not communicate enterprise risk management principles to all levels of the organization.

Risk management lesson learned: Risk management cannot exist in a vacuum. Creating a robust enterprise risk management program also requires communicating it to all levels of the organization and creating a culture and incentive system that matches the level of risk.

See also: Can Risk Management Even Be Effective?  

Interested in learning more about risk management? Check out the Associate in Risk Management designation from The Institutes.

Verified Burglar Alarms Reduce Losses

At a recent International Security Conference (ISC) law enforcement seminar, Chief Chris Vinson of the Texas Police Chiefs Association explained why verified burglar alarms work better: “We will give [them] the priority response [they] deserve. We will arrive on the scene in time to make an arrest. And making those arrests [is] what it is all about because when you increase arrests, you reduce the crime rate. When you reduce the crime rate, you are reducing property loss. When you reduce that property loss, it reduces the insurance rate for those property owners. When those insurance rates drop down [and] the crime rates drop down, then the property values go up, which makes our constituents happy.”

The burglar alarms matter so much because, with a video-verified burglar alarm, an operator at a central station can review on video what is happening at the site before calling 911 center. The operator serves as a virtual eyewitness to a crime in progress. And, when police are sure a crime is being committed, they respond faster and make more arrests.

(To see an excerpt from the seminar, click here:  https://www.youtube.com/watch?v=nX3IzynaUUY)

A recent meeting between several of the major alarm companies and Verisk discussed how best to collect and quantify the advantages of professionally monitored video-verified alarm solutions for the insurance industry. Insurers are looking for technology and data to help them contain costs, and law enforcement and alarm response times are a crucial component. In April 2015, the largest police chiefs association in the country passed a resolution endorsing verified alarms and priority response.

The Texas Police Chiefs definition of a verified alarm requires Central Station monitoring with operators specifically trained to review videos and communicate the pertinent information to law enforcement. Home surveillance systems might work as a nanny-cam but lack the protocols and processes for alarm response provided by the central station. (Here is a link to the Texas Police Chiefs resolution on verified alarms:  http://www.ppvar.org/_asset/wfdzry/TPCA-Priority-Response-Resolution-2015.pdf)

Without technology and new policies, property losses will only get worse as the number of officers declines. At the recent ISC conference, officials from Akron, Ohio, and Chula Vista, CA, said their police departments had already shrunk because of budget cuts, forcing them to reconsider response to alarms — responding to false alarms represents between 8% and 15% of total calls for service at the 911 center. Akron adopted a “verified response policy” in 2014, and over the past year burglaries went down 5%, with increasing arrests.

Retired Capt. Gary Ficacci said Chula Vista was policing 260,000 people with 212 police officers, one of the leanest staff/population ratios in the county. The economic downturn caused the city to lose about 40 officers and provided the impetus to change the alarm ordinance to promote a form of verified response. Chula Vista figures it spends more  than $100,000 in officers and staff for every arrest made in response to a burglar alarm, but video verified alarms could cut that number significantly.

How much better can verified burglar alarms actually be? Radius Security in Vancouver, Canada, just completed a short study of its verified alarms compared with the traditional, unverified alarms. For Radius, its verified alarms were 1,000 times more effective. The arrest rate for unverified alarms is between 0.08% and 0.02%, while arrest rates for verified alarms are often in double-digit percentages.

Why? Because law enforcement treat a verified alarm like a crime in progress instead of something highly likely to be a false alarm.

Texas Chief Vinson says, “The calls that truly merit a higher priority response, those get pushed to the top. Those get the response they need to actually make arrests, and that is what we are all going for here, because if you take that guy off the street that is committing the offenses and you’ve solved that crime you have probably solved a handful of crimes that occurred before that he has already committed that he confesses to. And then you prevent all the crimes that he is not going to commit while he is sitting in jail. So, it is a big deal to make arrests on one of these calls, because it makes a difference in the actual crime rate that affects that city.”

(For video on Radius Data, click here:  https://www.youtube.com/watch?v=AlXMGu-lT7g)

How to Spot and Avoid Your Next Crisis

Q: Can I identify my organization’s next crisis? If so, how?

A: Jim Satterfield– Undoubtedly, yes. Knowing what the next crisis might be is a way to think about planning and information. There are warning signs and indicators when we discuss human behavior. Understanding behaviors of concern and identifying them earlier in the process is imperative. It provides an idea of the frequency and severity of a situation.

If we can see those indicators, if we can identify those behaviors, then we can intervene before they become a problem. Sometimes, they are business or financial indicators; sometimes, it’s just human behavior.

On 9/11, I was EVP and chief operating officer of a public technology firm with employees in the States and around the world. When the first plane hit the first tower, we thought it could have been an accident. When the second plane hit the second tower, clearly not an accident. We called a meeting in our boardroom and, while sitting around the table, decided it was a day unlike any that we’ve ever seen.

Our management team decided it would be better to let everybody go home. I turned to our HR director and said, “Could you send a global email out to everybody in the company telling them they could just go home”? She went back to her desk, and she typed this message: “If you want to live, leave.”

The intended message was to be: “If you want to leave, leave.” Those are two entirely different messages. “If you want to live, leave.” “If you want to leave, leave.”

Thinking about your messages when you’re not under stress is very, very critical, and planning makes a difference.

Q: I already have a detailed and updated copy of our organization’s crisis plan. Do I need to have a digital copy, as well?

A: Jim Satterfield– Unless you’re planning to add a psychic on your crisis management team, it’s not going to do you any good to have an outdated or out-of-reach plan. Keeping your plans current and available is crucial. If you can’t get access to the right information at the right time, it’s not going to do you any good. “Oh, the plan’s back in the office, and I’m at home.”

Speed is quality. Getting the right answers to the right people at the right time becomes a critical element in every crisis.

Q: What should my organization’s key messages be to each stakeholder group for vulnerabilities and threats?

A: Jim Satterfield– What we’re going to say internally will be different than what we’ll say externally. Think about who your stakeholders are. If you’re in a business that’s heavily regulated, you have regulators as a stakeholder group. You have employees and investors, as well. If a school, you have parents, students and possibly church affiliation. You have various elements to be dealt with, and that makes a difference in approach.

Q: What resource can help with quick decision-making?

A: Jim Satterfield– What you do is list in one column things that could happen, things that could damage:

  • The facility
  • The employees
  • The data
  • The brand
  • The reputation

Across two more columns, we indicate what would qualify as a minor event and what is considered a crisis. You then include descriptive terms and circulate it to the entire company.

Immediately, when something comes up, refer to the matrix. If an employee is injured, but did not receive emergency treatment, it remains a minor event. If the employee had to have some medical attention, it rises to the next level. If an employee dies, that’s crisis. It’s at the highest level that management would want to be involved, so creating an event activation matrix is the fastest way to get that quick response with everyone on the same page at the same time.

Q: What are common mistakes people have made during a crisis?

A: Jim Satterfield– These are the five failures that we see over and over and over again in a disaster or crisis:

  • Failure to control critical supply chains
  • Failure to train employees for both work and home
  • Failure to identify and monitor all threats and risks
  • Failure to conduct exercises and update plan
  • Failure to develop crisis communications plans
  • About 70% of employees don’t know what they’re supposed to do in a disaster or a crisis. In addition, 95% don’t have a disaster plan at home. If something happens in your area, and you think your family is at risk, family wins. That’s why people don’t show up in a crisis, because they’re concerned about their family.

    We work on these failures through our Predict/Plan/Perform process. First, identify groups. Then conduct exercises and establish how you’re going to monitor and communicate. When you think about your individual plans, think about them in light of these groups. You need to build preparation in from all of these groups that could ultimately be a problem within the organization.

    Q: Are school students classified under workplace violence?

    A: Jim Satterfield– Yes, because it’s a workplace. The school is a workplace, yes.

    Q: Prevention is rare in organizations that have small staffs. Have you found organizations are willing to assign staff to conduct social media monitoring on their time?

    A: Jim Satterfield– They can, or you can use an outside service that will do it for you. This route is much more cost-effective. Why? Because that’s the specialist’s full-time job.

    Whatever your full-time job is, you’re good at that job. If you only do something every now and then, you’re not going to be as good, and you may miss an important signal or piece of information.

    We are finding organizations — both large and small — are conducting monitoring as a preventative measure, and we conduct such intelligence gathering for a number of clients.

    Police Shooting Shows Gaps in Work Comp

    Timely response and clear communication are critical for handling workers’ compensation claims. However, when it comes to gathering information, “timing” might be just as important as “timely.” A story out of Ft. Worth, TX highlights that the process needs to be a well-choreographed dance, or significant problems can arise.

    Fort Worth Mayor Betsy Price publicly admonished CorVel Enterprise Comp for asking “inflammatory questions” of a police officer the morning after he was shot and seriously wounded in the line of duty.

    The officer, a 19-year veteran of the Fort Worth Police Department, was shot in the abdomen while he and another officer responded to a mother’s 911 call asking for help with her son. The son, who was barricaded in a bedroom, opened the door and shot the officer. Both officers returned fire, killing him. The officer underwent surgery at Texas Health Harris Methodist Hospital.

    Mayor Price, in a letter to CorVel, said the company’s workers’ compensation representative showed up at the hospital the morning after the shooting and proceeded to ask questions of the family, officers and hospital staff. The letter calls the questions “inflammatory” and criticizes the timing “as one of our police officers rests in a hospital bed recovering from gunshot wounds received last night.” The mayor is requesting CorVel CEO Gordon Clemons and his staff meet with her to “determine the facts and get to the bottom of this matter.” The company did not respond for the initial newspaper article and, as of this writing, still does not appear to have responded publicly.

    I must state unequivocally that we do not know what questions were asked, or in what tone they were delivered. Clearly, however, people were upset by what they perceived to be an entirely inappropriate line of questioning, and people’s perceptions will be their reality. The questions might have been of a simple, by-the-book initial claims investigation nature. Given the emotionally charged atmosphere, however, I would suggest the timing was likely poor. Perhaps the best question that could be asked in that highly volatile 24-hour period should have been, “How can we help?” [Editor’s Note: It now appears that this question was, in fact, the point of the visit, but communication was poor. Here is a link to a followup column by the author. ]

    This highlights such a critical issue for our industry. If there are two things workers’ comp is routinely criticized for, it is lack of timeliness and of communication. After all, we are the industry that invented the concept of “hurry up and wait.”

    Under normal circumstances, having a workers’ comp representative present and involved within 24 hours would be a great thing – assuming, of course, that the representative did not make it a confrontational affair. Yet, somehow, an employee in this case has produced the opposite effect, angering an injured worker’s family, his associates and employer – the client responsible for paying the bills.

    Perceptions can have lasting and damaging effects. Unfortunately for the workers’ compensation industry, perception is not something we spend a great deal of time worrying about.

    We are a statutorily driven industry, going through the regulated processes day after day after day. It is sometimes easy to forget that there is a human being attached on the other side of that claim, and that our actions are continually creating perceptions about us and our trade. That lack of awareness on our part can lead to costly errors, and that may be exactly what has occurred in this case.

    We do not have the full details; this is a one-sided story to date. What we do know is that something riled the mayor enough to write that letter and take the entire matter public.

    In one way, her actions accent a positive point of the story, as they show an employer actively engaged in the welfare of an employee, as well as the management of his recovery. It is something we need to see far more of across the nation.

    As for the CorVel employee involved, we do not know if the person was a competent employee just trying to perform the processes required of the job — or is living proof that a company is only as good as the biggest idiot on its payroll. It really doesn’t matter, as the perceptions of the one side are the only ones that are of concern at a public level.

    Those perceptions tell us that proper timing may be more important than proper timeliness, and that showing compassion is essential. Sometimes, we can show compassion just through proper timing.

    TRIA Non-Renewal: Effect on P&C?

    Losses stemming from the destruction of the World Trade Center and other buildings by terrorists on Sept. 11, 2001, totaled about $31.6 billion, including commercial liability and group life insurance claims — not adjusted for inflation — or $42.1 billion in 2012 dollars. About two-thirds of these losses were paid for by reinsurers, companies that provide insurance for insurers.

    Concerned about the limited availability of terrorism coverage in high-risk areas and its impact on the economy, Congress passed the Terrorism Risk Insurance Act (TRIA). The act provides a temporary program that, in the event of major terrorist attack, allows the insurance industry and federal government to share losses according to a specific formula. TRIA was signed into law on Nov. 26, 2002, and renewed for two years in December 2005. Passage of TRIA enabled a market for terrorism insurance to begin to develop because the federal backstop effectively limits insurers’ losses, greatly simplifying the underwriting process. TRIA was extended for seven years to 2014 in December 2007. The new law is known as the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA) of 2007.

    This week, Congress failed to reauthorize TRIA before members adjourned for the holiday recess. Now, with the expiration of the law on Dec. 31, some businesses may be left without insurance coverage in the event of a terrorist attack on the U.S. Both houses of Congress have been discussing legislation that would set out the federal government’s involvement in funding potential terrorism losses, but bills proposed by the two houses earlier this year differed, and no extension was passed.

    A report from the Wharton Risk Management and Decision Processes Center found that, under the current TRIA program, some insurers have already reached a level of exposure to losses from a terrorist attack that could jeopardize their ability to pay claims, based on a critical measure of solvency: the ratio of an insurer’s TRIA deductible amount in relation to its surplus. The report, “TRIA After 2014: Examining Risk Sharing Under Current and Alternative Designs,” found that as the deductible percentage rises, as it does under the Senate bill and proposals put forward in the House, more insurers have a deductible-to-surplus ratio that is above an acceptable level. The report also sets out in detail the amount the American taxpayer and federal government would have to pay under differing scenarios.

    A RAND Corp. study published in April 2014 found that in a terrorist attack with losses of as much as $50 billion, the federal government would spend more dealing with the losses than if it had continued to support a national terrorism risk insurance program, because it would likely pay out more in disaster assistance.

    A report by the President’s Working Group on Financial Markets made public in April 2014 generally supports the insurance industry’s view that the expiration of TRIA would make terrorism coverage more expensive and difficult to obtain.

    The insurance broker Marsh released its annual study of the market, “2014 Terrorism Risk Insurance Report,” in April. Among its many findings is that uncertainty surrounding the potential expiration of TRIA significantly affected the property/casualty insurance market. Some employers with large concentrations of workers and companies with property exposures in major U.S. cities found that terrorism insurance capacity was limited and prices higher, and some could not obtain coverage at all. If the law is allowed to expire or is significantly changed, the market is likely to become more volatile with higher prices and limited coverage, the study concludes.

    Before Sept. 11, 2001, insurers provided terrorism coverage to their commercial insurance customers essentially free of charge because the chance of property damage from terrorist acts was considered remote. After Sept. 11, insurers began to reassess the risk. For a while, terrorism coverage was scarce. Reinsurers were unwilling to reinsure policies in urban areas perceived to be vulnerable to attack. Primary insurers filed requests with their state insurance departments for permission to exclude terrorism coverage from their commercial policies.

    From an insurance viewpoint, terrorism risk is very different from the kind of risks typically insured. To be readily insurable, risks have to have certain characteristics.

    The risk must be measurable. Insurers must be able to determine the possible or probable number of events (frequency) likely to result in claims and the maximum size or cost (severity) of these events. For example, insurers know from experience about how many car crashes to expect per 100,000 miles driven for any geographic area and what these crashes are likely to cost. As a result, they can charge a premium equal to the risk they are assuming in issuing an auto insurance policy.

    A large number of people or businesses must be exposed to the risk of loss, but only a few must actually experience one, so that the premiums of those that do not file claims can fund the losses of those who do.

    Losses must be random as regards time, location and magnitude.

    Insofar as acts of terrorism are intentional, terrorism risk doesn’t have these characteristics. In addition, no one knows what the worst-case scenario might be. There have been few terrorist attacks, so there is little data on which to base estimates of future losses, either in terms of frequency or severity. Terrorism losses are also likely to be concentrated geographically, since terrorism is usually targeted to produce a significant economic or psychological impact. This leads to a situation known in the insurance industry as adverse selection, where only the people most at risk purchase coverage, the same people who are likely to file claims. Moreover, terrorism losses are never random. They are carefully planned and often coordinated.

    To underwrite terrorism insurance — to decide whether to offer coverage and what price to charge — insurers must be able to quantify the risk: the likelihood of an event and the amount of damage it would cause. Increasingly, they are using sophisticated modeling tools to assess this risk. According to the modeling firm AIR Worldwide, the way terrorism risk is measured is not much different from assessments of natural disaster risk, except that the data used for terrorism are more subject to uncertainty. It is easier to project the risk of damage in a particular location from an earthquake of a given intensity or a Category 5 hurricane than a terrorist attack because insurers have had so much more experience with natural disasters than with terrorist attacks, and therefore the data to incorporate into models are readily available.

    One problem insurers face is the accumulation of risk. They need to know not only the likelihood and extent of damage to a particular building but also the company’s accumulated risk from insuring multiple buildings within a given geographical area, including the implications of fire following a terrorist attack. In addition, in the U.S., workers’ compensation insurers face concentrations of risk from injuries to workers caused by terrorism attacks. Workers’ compensation policies provide coverage for loss of income and medical and rehabilitation treatment from “first dollar,” that is, without deductibles.

    Extending the Terrorism Risk Insurance Act (TRIA):

    There is general agreement that TRIA has helped insurance companies provide terrorism coverage because the federal government’s involvement offers a measure of certainty as to the maximum size of losses insurers would have to pay and allows them to plan for the future. However, when the act came up for renewal in 2005 and in 2007, there were some who believed that market forces should be allowed to deal with the problem. Both the U.S. Government Accountability Office and the President’s Working Group on Financial Markets published reports on terrorism insurance in September 2006. The two reports essentially supported the insurance industry in its evaluation of nuclear, biological, chemical and radiological (NBCR) risk — that it is uninsurable — but the President’s Working Group said that the existence of TRIA had inhibited the development of a more robust market for terrorism insurance, a point on which the industry disagrees. TRIA is the reason that coverage is available, insurers say. The structure of the program has encouraged the development of reinsurance for the layers of risk that insurers must bear themselves — deductible amounts and coinsurance — which in turn allows primary insurers to provide coverage. Without TRIA, there would be no private market for terrorism insurance.

    Studies by various organizations have supported a temporary continuation of the program in some form, including the University of Pennsylvania’s Wharton School, the RAND Corp. and the Organization of Economic Cooperation and Development (OECD), an organization of 30 member countries, many of which have addressed the risk of terrorism through a public/private partnership. The OECD said in an analysis that financial markets have shown very little appetite for terrorism risk because of the enormousness and unpredictability of the exposure. RAND argued not only that TRIA should be extended but also that Congress should act to increase the business community’s purchase of terrorism insurance and lower its price. RAND also advocated mandatory coverage for some “vital systems,” establishing an oversight board and increasing efforts to mitigate the risks.

    For the full report from which this is excerpted, click here.