Tag Archives: risk profile

State of Commercial Insurance Market

In a survey of frequent Out Front Ideas attendees, one of the biggest concerns raised by risk managers was the rapidly evolving insurance marketplace. These challenges started back in 2018, but COVID-19, civil unrest and other events have accelerated this change. At the Out Front Ideas virtual conference, a panel discussed these challenges.

Our guest speakers were:

  • Daniel Aronson – U.S. casualty practice leader, Marsh
  • John Csik – chief operating officer and chief financial officer, Safety National
  • Lori Goltermann – chief executive officer, Aon U.S. Commercial Risk & Health Solutions
  • Joseph Peiser – executive vice president, global head of broking, Willis Towers Watson

U.S. Commercial Casualty Market

Social inflation has been affecting civil jury verdicts for several years. Juries have been displaying anti-business and anti-government bias, and they have been desensitized to large awards. The combination of these factors is leading to record jury verdicts around the nation, even in cases with questionable liability. Umbrella excess liability and auto liability have been the most affected by this jury behavior.

There has also been a significant impact on directors and officers coverage. In 2019, there were over 400 lawsuits filed against public company directors, and that number is expected again in 2020. Public company D&O coverage saw a 74% price increase in the second quarter of 2020. 

The COVID-19 pandemic raised an entirely new set of risk management concerns. Businesses were shut down. When would they fully reopen? What impact would these shutdowns ultimately have on the business? In addition, risk managers faced new risks in their existing operations. Sit-down restaurants started offering delivery. Many employees shifted to working in different roles.

In the carrier marketplace, there was a change in appetite. Some carriers walked away from certain industries. New exclusions emerged, such as communicable disease, which took away coverage for much more than COVID-19. For example, a communicable disease exclusion eliminated coverage for Legionnaires disease, which was previously covered. Many carriers eliminated some communicable disease endorsements.

There was much uncertainty around the impact on claims due to COVID-19. What would the claims ultimately look like across multiple lines? What policy coverage period would apply? In medical malpractice, many coverage triggers required reporting in the policy term, so healthcare providers reported thousands of claims as a precautionary measure.

During all this, carriers started to grow concerned about the financials of their clients. Did they have sufficient collateral posted to cover potential losses? Some businesses struggled to pay premiums because of decreased revenues. Exposures changed dramatically almost overnight. New insurance regulations intended to provide premium relief to businesses created complications in the workers’ compensation market, which already had a built-in premium audit function.

U.S. Property Marketplace

The U.S. property market is experiencing its 11th consecutive quarter of rate increases. Natural disasters like wildfires have been significant. Additionally, there have been over 18 named storms this 2020 hurricane season. Civil unrest and damage from riots have also hit the commercial property market.

One broker reported that over 91% of clients had seen commercial property rate increases this year. Even without losses, these increases have been around 25%. Those with losses are seeing rate increases over 35%.

Exclusions have also increased in this market. What started as COVID-19 exclusions expanded to pandemic exclusions and then to exclusions on all communicable diseases. Carriers are trying to eliminate any potential uncertainty regarding their exclusion of coverage of business interruption relating to disease outbreaks.

Global Insurance Markets

Many businesses have global exposures or access to Lloyd’s marketplace for some of their insurance coverage. The challenges seen in the U.S. commercial insurance market are also being seen internationally. The U.S. has seen the highest rate increases, but Australia has also seen significant rate increases. Other international locations are seeing low-double-digit rate increases across multiple lines. These are driven by large losses worldwide, including natural disasters and shareholder lawsuits against directors and officers. Carriers are also pulling back on capacity in certain countries.

The low interest rates globally are having a significant impact on carrier rates. With declining investment income, carriers have to raise rates just to stay even.

Lloyd’s has been transforming for the last few years. Lloyd’s acts as a de facto regulator for the individual insurance syndicates that operate in the market. Lloyd’s started a series of reforms in recent years designed to increase profitability and is also limiting capacity. Thus, companies that are renewing late in the year could face capacity challenges with the Lloyd’s market.

Changing Terms and Conditions

Changing insurance policy terms and conditions are also being seen around the world. One big lesson in all the litigation around whether COVID-19 closures are covered under business interruption claims is that words matter.

It is also crucial to make sure you have concurrent wording in your insurance coverage towers. This is increasingly challenging as carriers move away from allowing manuscript or broker-driven policy language and only allowing the use of their policy forms.

Brokers need to work closely with their clients and the insurance carriers to develop policy language that addresses the concerns of all parties. Any change to any layer of the coverage tower harms the entire tower, as many higher layers take a “follow form” approach. Not all policy language is appropriate for all insureds, and there can be increased litigation over claims. Brokers and carriers need to make sure that the changing terms and conditions do not eliminate coverage for the day-to-day operations of a business.

Because of all the complexity in the marketplace right now, brokers must have the time with the insured and the carrier to work out any policy language challenges. The broker needs to have experts reviewing the policy language. Insureds need to make sure they are fully describing their business operations. Carriers need sufficient time to digest all this information and get approval for any proposed wording changes. Having a long-term relationship with your broker and carrier can be very helpful under these circumstances.

See also: 3 Tips for Increasing Customer Engagement

Collateral Considerations

As mentioned, carriers have significant concerns about whether the collateral they are holding is sufficient to cover potential losses below their attachment point on high-deductible policies. COVID-19 has presented an unprecedented credit risk event. Usually, such events are limited to certain geographic areas or industries, but the challenges of COVID-19 affected most businesses. It has created significant financial uncertainty around businesses.

Credit risk underwriters with carriers look at debt ratios, cash flow and business operations to develop a credit grade for each policyholder. That grade is used to determine what percentage of the projected losses below the attachment point need to be collateralized on a deductible policy. There is almost always a percentage of the projected losses that are not fully covered by collateral.

The collateral determination process needs to be transparent. What factors are being considered by the carrier? What is the financial outlook for the policyholder? The more information shared, the better the decision-making on both sides.

One of the challenges of COVID-19 was that it required carriers to analyze the collateral they were holding on their entire book of business in a short period. Carriers focused on what accounts had the most significant risk in terms of funds not collateralized and the impact of COVID-19 on their industry.

While reviewing financial statements is important, collateral decisions in this COVID-19 marketplace required much more information. Are the policyholders able to access any state or federal government relief funds? Are they issuing new debt to increase their liquidity? What changes have they made to their payroll and expenditures? How many months of their operations can they fund with available cash? Carriers also want to know policyholders’ view of their future. What are their expectations for reopening and their business volume returning to prior levels?

There has been an increased volume of business bankruptcy because of COVID-19. However, for the most part, these have not been a surprise to carriers. These businesses struggled going into the pandemic, and the additional stresses were more than they could financially handle, necessitating restructuring under bankruptcy.

Advice for Risk Managers

It is imperative for brokers not just to deliver bad news to clients. Brokers need to have a game plan on how to approach the situation.

The timeline for preparing for renewal has changed. Six months before your renewal is not too early to start thinking about how you will approach it. Risk managers need to involve their company leadership to not only help develop messaging for the insurance marketplace but also to manage their expectations in terms of budgets.

Companies need to look at things at a more enterprise-level instead of just line by line of insurance coverage. Should they consider retaining more risk in more predictable insurance lines? Are there potential uninsured or underinsured exposures?

Data and analytics can assist with this analysis. Every company today is different than what it was six months ago. All the risk models are based on a risk profile that has likely changed. Companies need to know what has changed and what they expect to change further in the future.

Best-in-class loss control and business operations are now the expectation, not the exception. If you do not have this, it will be challenging to get carriers interested in providing coverage. It is important to highlight all your safety and loss-prevention activities and demonstrate how you will operationalize those across your enterprise.

Consider the use of more insurance options, such as captives and facultative reinsurance coverage. Clients need to understand their appetite for risk and their tolerance for volatility.

It is also important for companies to consider the bigger picture of their employee health and wellness and the impact that has on both their health insurance and workers’ compensation costs. As workforces are evolving and workers are pushing off retirement, that aging workforce affects your claims.

See also: Step 1 to Your After-COVID Future

The Path Forward

The theme of the Out Front Ideas virtual conference was “The Path Forward,” so we asked our guests to comment on what they see as the path forward for our industry.

Video conferencing is a crucial tool to maintain business relationships. You can video conference with underwriters worldwide, making it much easier to maintain these relationships than ever before.

Unless there is meaningful tort reform, the challenges in the insurance marketplace will continue. As long as claims continue to soar, rates will also continue to grow. Carriers, brokers and their clients need to partner to pursue tort reforms across the country.

We have shown we can continue to conduct business without in-person meetings and with many workforces working from home. What will businesses look like in the future? Companies are reconsidering which people will ultimately return to the offices and which will permanently become work-from-home. This shift will change the way that businesses recruit and retain talent and how they develop their culture.

Relationships are more important than ever. It is a mistake to sacrifice a long-term business relationship for short-term premium savings. Look at the bigger picture and make sure you partner with carriers that can meet your needs in the short and long term.

Finally, transparency goes a long way to eliminating uncertainty and making your business partners comfortable. Now is the time for risk managers to shine and show the impact they are having within their organization.

Risk Management: Too Hard for Small Firms?

Surveys suggest that less than 25% of small business has any form of risk management plan beyond the purchase of insurance.

A considerable percentage of business risks aren’t insured, and, even for those that are, lack of appropriate cover and underinsurance remain a perennial issue. Most small businesses have shallow pockets, meaning the cost of a loss can often be business-ending, especially where there isn’t enough insurance or risk contingency planning in place.

Cost and complexity are cited as primary reasons for businesses not developing a risk management plan. This is hardly surprising given the range of risks an average business can be exposed to, not to mention the myriad of other operational activities necessary to run a successful business. The problem for businesses is made even more complex as some risk areas, particularly emerging risks such as cyber, may or may not be covered by a variety of different insurance policies.

See also: Risk Management, in Plain English  

Insurance carriers have vast amounts of business risk management expertise, but typically this is targeted at the larger or more complex risks that an insurer covers.

But this risk management expertise can be mobilized to customers in a cost-effective and efficient way through digital risk profiling, enhancing both the ability of a business to manage risk and of insurers to recognize active risk management in their pricing.

Until now, most of the technology supporting risk has been designed, and priced, to only appeal to larger organisations. RiskAdvisor has built a platform to enable insurers to cost-effectively mobilize their risk expertise to both enhance business best practice and form deeper relationships between a business, its intermediary and its insurer to reduce the cost of risk and boost the resilience of organizations.

Specific benefits to insurers include:

  • Risk assessment – ability to analyze business- and industry-specific risks, producing a risk profile to support better decision making.
  • Optimal insurance coverage – enabling the more intelligent matching of risk and insurance to reduce the risk of being underinsured.
  • Much greater resilience for insureds to recover from loss events.
  • Improved governance and compliance outcomes.
  • Confidence to key stakeholders such as financiers and equity providers.
  • Collaboration with intermediaries to help them become trusted risk advisers, building strong relationships with their customers and providing value-added services.
  • Ability for business partners to enrich partnerships with key stakeholders such as customers, suppliers and financial institutions.

See also: Key Misunderstanding on Risk Management  

To see how RiskAdvisor works, you can find a video here.

Here is a sample of industry- and risk-area-specific exposure and control checklist from RiskAdvisor system:

Screen Shot 2016-11-11 at 11.31.10 AM

Digital Risk Profiling Transforms Insurance

There are some large anomalies in the business insurance market, including:

  • Small to medium-sized (SME) business spend billions of dollars on premiums globally, yet a detailed risk profile is rarely developed to ensure that insurance producers and carriers are seen as trusted risk advisers rather than just sellers of product.
  • The absence of risk profiling, and risk control information, makes it very difficult for insurance carriers to recognize and reward businesses that commit to improving their risk management and lowering loss ratios.
  • There are very few cost-effective risk management services that can assist the millions of SMEs around the world to reduce their costs of risk.
  • Underinsurance continues to hurt the reputation of the insurance industry.

The capture of client- and industry-specific risk exposures and controls in a risk profile could be the key to correcting these anomalies, resulting in a decrease in claims, improved insurance industry returns and enhanced industry reputation.

See also: Do You Really Have a Digital Strategy?  

Until now, risk profiling through consulting has generally been unaffordable and inefficient for most SMEs, but RiskAdvisor now provides a pre-populated, online risk platform that enables affordable, client-specific, industry risk profiles to be produced in a matter of minutes. The platform library currently contains more than 160,000 risk exposures, controls and treatments, 6,000 benchmarks across more than 600 industries and 60 risk areas.

The automated capture of risk exposure and control information by insurance carriers, producers and brokers has numerous positive effects:

  • If insurance buyers, producers and carriers capture a client’s industry-specific risk profile, more intelligent and efficient buying, selling and underwriting would occur.
  • The strategic aggregation and analysis of risk data is important in helping carriers and producers maintain relevance in the marketplace.
  • Data-driven product development helps carriers and producers bring new risk products to market faster and with greater chance of success.
  • Data holds the key to improvements in risk management, which is integral to pricing risk.
  • Sharing risk data with all stakeholders will make everyone involved in the insurance value chain more customer-centric.
  • There can be a greater focus on more comprehensive customer services and specialty products.

See also: Customers’ Digital Expectations  

Through digital risk profiling, insurance buyers, producers and carriers can easily understand a business’s industry-specific risk profile and controls to enable more intelligent buying, selling and underwriting of insurance globally.

Advantages to carriers of accessing a digital risk platform include:

  • A competitive advantage through superior risk selection, enhanced granular underwriting assessment and more accurate pricing of risk in a highly efficient and cost-effective manner.
  • Having risk information in a timelier manner, before binding acceptance.
  • Obtaining risk control information and data on a far greater proportion of a carrier’s books at much lower cost.
  • Interrogation of risk control data by individual risk or at portfolio level. This allows the carrier to obtain valuable insights on the performance of the portfolio, including developing trends and mitigation strategies.
  • Enhanced portfolio management through the ability to analyze risk controls at an individual and portfolio level.

The strategic aggregation and analysis of risk data promises to alter every part of the industry value chain. A customer-centric view powered by new forms of data, analytics and automation offers the ability to better price risks. Digital risk profiling can deliver benefits to insurance buyers as follows:

  • Risk profiling helps support better decision making when managing risk.
  • The risk of being underinsured, or not insured, is reduced through improved risk assessment.
  • Resilience greatly increases for insureds to recover from loss events.
  • Governance and compliance outcomes improve.
  • Security and confidence are enhanced for key stakeholders such as financiers and equity providers.

Digital risk profiling can transform the insurance industry’s value proposition from insurance product sellers to trusted risk and insurance advisers. Capturing risk information at the point of client engagement can have a profoundly positive effect through the entire insurance value chain.

5 Takeaways From First Cyber Case

On May 11, 2015, in a case that is being widely celebrated as one of the first coverage rulings involving a “cyber” insurance policy, a federal court ruled that Travelers has no duty to defend its insured in Travelers Property Casualty Company of America, et al. v. Federal Recovery Services, Inc., et al.

Although the Travelers case does not involve cyber-specific coverage issues, the case nonetheless carries some important takeaways for insureds, insurers and many other interested spectators.

Here is a brief summary of the ruling and five key takeaways:

The Facts

The insured, Federal Recovery, was in the business of providing processing, storage, transmission and other handling of electronic data for its customers, including Global Fitness. In particular, Federal Recovery agreed to process Global Fitness’s gym members’ payments under a servicing retail installment agreement.

Global Fitness sued Federal Recovery, alleging that Federal Recovery wrongfully refused to return member account data to Global Fitness, including member credit card and bank account information. Global Fitness asserted claims for tortious interference, promissory estoppel, conversion, breach of contract and breach of the implied covenant of good faith and fair dealing.

The Cyber Policy

The policy at issue was a “CyberFirst” policy issued by Travelers. The policy included a technology errors and omissions liability form, which stated that Travelers “will pay those sums that [Federal Recovery] must pay as ‘damages’ because of loss … caused by an ‘errors and omissions wrongful act’….” The key term “errors and omissions wrongful act” was defined to include “any error, omission or negligent act.” In addition to covering potential damages, the Travelers policy provided defense coverage, stating that Travelers “will have the right and duty to defend [Federal Recovery] against any claim or ‘suit’ seeking damages for loss to which the insurance provided under one or more of ‘your cyber liability forms’ applies.”

Federal Recovery tendered the defense of the underlying Global action to Travelers, which initiated litigation seeking a declaration that it wasn’t required to provide coverage. Travelers argued that it did “not have a duty to defend [Federal Recovery] against the original or amended complaints in the Global action because Global [Fitness] does not allege damages from an ‘error, omission or negligent act.’”

The Coverage Disputes: Scope of Coverage and Duty to Defend

Although Travelers involves underlying cyber-related facts and a “cyber” insurance policy, the coverage issues arising out of the facts and policy certainly are not cyber-specific. Travelers’ declaratory judgment action raises two coverage disputes concerning: (1) the scope of coverage afforded by the technology errors and omissions policy at issue, as shaped by its key “wrongful act” definition; and (2) the scope of an insurer’s duty to defend under Utah law. While arising in the context of “cyber”-related facts surrounding electronic account and payment data, and under a “cyber” insurance policy, the coverage disputes at issue in the Travelers case are precisely the types of disputes that we routinely see in the context of errors and omissions and other claims-made liability coverages.

(1) The Scope of Coverage

As to the scope of coverage, errors and omissions, D&O, professional liability and other claims-made policies, like the policy at issue in the Travelers case, typically cover “wrongful acts,” a term that typically in turn is defined as “any negligent act, error or omission,” or similar language. There are scores of cases addressing whether intentional and non-negligent acts fall within or outside the purview of a covered “wrongful act.”

Unfortunately, and in contrast to other decisions, the U.S. District Court for the District of Utah in the Travelers case took a narrow view of the key language, ruling that “[t]o trigger Travelers’ duty to defend, there must be allegations in the [underlying] action that sound in negligence.” The court further found that there were “no such allegations.”

In contrast, other courts have appropriately upheld coverage for various types of intentional and non-negligent conduct under errors and omissions and other claims-made policies. As one commentator has summarized: Claims-made policies typically afford coverage for claims by reason of any “negligent act, error or omission.” What if an insured is held liable for a non-negligent act? Most courts have held that the insured is still entitled to coverage. The strongest argument in favor of that conclusion is that (i) an “error” or “omission” encompasses more than negligent conduct, and (ii) if only negligent errors and negligent omissions were covered, the “error or omission” language would be rendered redundant.

To the extent some may wish to reference other cases addressing cyber-related fact patterns, those cases exist. For example, in 1995, the Supreme Judicial Court of Massachusetts in USM Corp. v. First State Ins. Co.10 upheld coverage under an errors and omissions policy for a breach of express warranty claim involving the insured’s failure to develop and deliver a turnkey computer system that would perform certain functional specifications. The errors and omissions policy at issue in the USM case, similar to the policy at issue in the Travelers case, covered claims against the insured “by reason of any negligent act, error or omission.” Also, the insurers in USM, like the insurers in Travelers, argued that the policy only covered the insured for negligent acts. The USM court rejected the insurers’ arguments, noting that courts have not limited coverage under errors and omissions policies to circumstances involving negligence:

Other courts have not limited liability under “errors and omissions” policies to circumstances involving negligence but have recognized certain non-negligent errors as being within the coverage afforded. Cases involving the words such as “negligent act, error or omission” (the crucial language of the policies before us) have not consistently determined that an error must be a negligent one if coverage is to be available.


Because some, but not all, judicial opinions have rejected the interpretation of errors and omissions policies for which the insurers contend, if it was the insurers’ intention, the crucial words of the policy should have been amended to eliminate the ambiguity and to make clear that coverage extended only to negligent errors. Potential policyholders could then have more accurately determined whether such coverage met their needs.
Because of the uncertainty about the scope of the word “error,” the insurers as authors of the policies must suffer the consequences of the ambiguity.

The New York Appellate Division’s decision in Volney Residence, Inc. v. Atlantic Mut. Ins. Co. is likewise instructive. In that case, the Appellate Division held that the insurer had a duty to defend a federal RICO action in which the insured defendants “were alleged intentionally to have committed acts of self-dealing and fraud.” Applying well-established rules of contract interpretation, the court ruled that there was a duty to defend:

The policy provision in question covers claims arising from “a negligent act, error or omission,” which term is defined as “any negligent act, error or omission or breach of duty of [the] directors or officers while acting in their capacity as such.” The definition is susceptible of more than one meaning and can be understood to cover any breach of duty of the directors or officers, not exclusively negligent breaches of duty. Ambiguities in an insurance policy are to be resolved against the insurer.

Other cases are to the same effect.

(2) Scope of the Duty to Defend

Turning to the separate issue of the duty to defend, it is well established that the duty to defend is very broad—broader than the duty to indemnify. The duty to defend is typically triggered if there is some potential for coverage, and, in many jurisdictions, it is appropriate to look outside the facts pled in the underlying complaint to determine whether there is a duty to defend. Again, unfortunately, the court in the Travelers case took a narrow view of the insurer’s duty to defend. Even assuming for the sake of argument that the policy covered only negligence, the underlying complaint alleged, among other things, that Federal Recovery “retained possession of member accounts data, including the billing data, which was the property of Global Fitness ….” Allegations surrounding improper retention of data, even if that retention ultimately was wrongful or not legally justifiable, clearly may arise out of negligence as opposed to intentional conduct.

Travelers Takeaways

Putting aside the ultimate merits of the court’s ruling, and whether this case addresses any coverage issues that are appropriately characterized as “cyber” issues, Travelers offers at least five key takeaways:

First, Travelers illustrates that decisions involving cyber insurance policies are coming and, considering all of the attention and buzz surrounding an otherwise seemingly mundane errors and omissions case, insureds and insurers alike are anxiously awaiting and anticipating the guidance those decisions may provide.

Second, Travelers underscores that the types of coverage disputes that we will see arise out of cyber-related facts and, under cyber insurance policies, often will involve, or at least will intertwine with, the types of disputes that routinely arise in connection with traditional insurance coverages, including errors and omissions coverage and general liability coverage. This is useful for insureds to appreciate toward the goal of being prepared for future potential coverage disputes under cyber policies.

Third, Travelers underscores the importance of securing a favorable choice of forum and choice of law in insurance coverage disputes. Until the governing law applicable to an insurance contract—cyber or otherwise—is established, the policy can be, in a figurative and yet a very real sense, a blank piece of paper.

Fourth, although its label as a first cyber case is debatable, Travelers at a minimum has spotlighted the approaching disputes under cyber liability policies, which should remind insureds of the need to be prepared for, in addition to the traditional types of coverage issues and disputes that can arise under those policies, the potential cyber-specific coverage issues and disputes that may arise, such as the scope of coverage for “cloud”- related exposures.

Fifth, Travelers illustrates the importance of obtaining the best possible policy cyber language at the initial coverage placement and renewal stage. Unlike some types of traditional insurance policies, cyber policies are extremely negotiable, and the insurer’s off-the-shelf language can often be significantly negotiated and improved—often for no increase in premium. It is important for the insured to understand its unique potential risk profile and exposure— and what to ask for from the insurer.

Often in coverage disputes, the issue of coverage comes down to a few words, the sequence of a few words or even the position of a comma or other punctuation. It is important to get the policy language right before a dispute. And while the Travelers case addresses coverage issues that are not cyber-specific, the fundamentals of successfully pursuing coverage under traditional insurance coverage are important to keep in mind as we enter a time and space in which coverage disputes based on underlying cyber-related factual scenarios, and under specialized cyber insurance coverages, are poised to become commonplace.

2 Shortcuts for Quantifying Risk

Most companies that take up risk management start out with subjective frequency-severity assessments of each of their primary risks. These values are then used to construct a heat map, and the risks that are farthest away from the zero point of the plot are judged to be of most concern.

This is a good way to jump-start a discussion of risks and to develop an initial process for prioritizing early risk management activities. But it should never be the end point for insurers. Insurers are in the risk business.  The two largest categories of risks for insurers — insurance and investment — are always traded directly for money.  Insurers must have a clear view of the dollar value of their risks. And with any reflection, insurance risk managers will identify that there is actually never a single pair of frequency and severity that can accurately represent their risks. Each of the major risks of an insurer has many, many possible pairs of frequency and severity.

For example, almost all insurers with exposure to natural catastrophes have access to analysis of their exposure to loss using commercial catastrophe models. These models produce loss amounts at a frequency of 1 in 10, 1 in 20, 1 in 100, 1 in 200, 1 in 500, 1 in 1000 and any frequency in between. There is not a single one of these frequency severity pairs that by itself defines catastrophe risk for that insurer.

Once an insurer moves to recognizing that all of its risks have this characteristic, it can now take advantage of one of the most useful tools for portraying the risks of the enterprise, the risk profile. For a risk profile, each risk is portrayed according to the possible loss at a single frequency. One common value is a 1 in 100 frequency. In Europe, all insurers are focused by Solvency II regulations on the 1-in-200 loss. Ultimately, an insurer will want to develop a robust model like the catastrophe model for each of its risks to support the development of the risk profile. But before spending all of that money, there are two possible shortcuts that are available to rated insurers that will cost little to no additional money.

SRQ Stress Tests

In 2008, AM Best started asking each rated insurer to talk about its top five risks.

Then, in 2011, in the new ERM section to the supplemental rating questionnaire, Best asked insurers to identify the potential impact of the largest threat for six risk types. For many years, AM Best has calculated its estimate of the capital needed by insurers for losses in five categories and eventually added an adjustment for a sixth — natural catastrophe risk.

Risk profile is one of the primary areas of focus for good ERM programs and is closely related to these questions and calculations. Risk profile is a view of all the main risks of an insurer that allows management and other audiences the chance to compare the size of the various risks on a relative basis. Often, when insurers view their risk profile for the first time, they find that their profile is not exactly what they expected. As they look at their risk profile in successive periods, they find that changes to their risk profile end up being key strategic discussions. The insurers that have been looking at their risk profile for quite some time find the discussion with AM Best and others about their top risks to be a process of simplifying the detailed conversations that they have had internally instead of stretching to find something to say that plagues other insurers. The difference is usually obvious to the experienced listener from the rating agency.

Risk Profile From the SRQ Stress Tests

Most insurers will say that insurance (or underwriting) risk is the most important risk of the company. The chart below, showing information about the risk profile averaged for 31 insurers, paints a very different story. On average, underwriting risk was 24% of the risk profile and market risk was 30%. Twenty of the 31 companies had a higher value for market risk than underwriting risk. For those 20 insurers, this exercise in viewing their risk profile shows that management and the board should be giving equal or even higher amounts of attention to their investment risks.


Stress tests are a good way for insurers to get started with looking at their risk profile. The six AM Best categories can be used to allow for comparisons with studies, or the company can use its own categories to make the risk profile line up with the main concerns of its strategic planning discussions. Be careful. Make sure that you check the results from the AM Best SRQ stress tests to make sure that you are not ignoring any major risks. To be fully effective, the risk profile needs to include all of the company’s risks. For 20 of these 31 insurers, that may mean acknowledging that they have more equity risk than underwriting risk – and planning accordingly.

Risk Profile From the BCAR Formula

The chart below portrays the risk profiles of a different group of 12 insurers. These risk profiles were determined using the AM Best BCAR formula without analyst adjustments. For this group of companies on this basis, premium risk is the largest single category. And while there are again six risk categories, they are a somewhat different list. The risk category of underwriting from the SRQ is here split into three categories of premium, reserve and nat cat. Together, those three categories represent more than 60% of the risk profile of this group of insurers. Operational, liquidity and strategic risks that make up 39% of the SRQ average risk profile are missing here. Reinsurer credit risk is shown here to be a major risk category, with 17% of the risk. Combined investment and reinsurer credit is only 7% of total risk in the SRQ risk profile.


Why are the two risk profiles so different in their views about insurance and investment risks? This author would guess that insurers are more confident of their ability to manage insurance risks, so their estimate of that risk estimated in the stress tests is for less severe losses than the AM Best view reflected in the BCAR formula. And the opposite is true for investment, particularly equity risk. AM Best’s BCAR formula for equity risk is for only a 15% loss, while most insurers who have a stock portfolio had just in 2008 experienced 30% to 40% losses. So insurers are evaluating their investment risk as being much higher than AM Best believes.

Neither set seems to be the complete answer. From looking at these two groups, it makes sense to consider using nine or more categories: premiums, reserves, nat cat, reinsurer credit, bond credit, equities, operational, strategic and liquidity risk. Insurers with multiple large insurance lines may want to add several splits to the premium and reserve categories.

Using Risk Profile for Strategic Planning and Board Discussions

Risk profile can be the focus for bringing enterprise risk into the company’s strategic discussions. The planning process would start with a review of the expected risk profile at the start of the year and look at the impact on risk profile of any major proposed actions as a part of the evaluation of those plans. Each major plan can be discussed regarding whether it increases concentration of risks for the insurer or if it is expected to increase diversification. The risk profile can then be a major communication tool for bringing major management decisions and proposals to the board and to other outside audiences. Each time the risk profile is presented, management can provide explanations of the causes of each significant change in the profile, whether it be from management decisions and actions or because of major changes in the environment.

Risk Profile and Risk Appetite

Once an insurer has a repeatable process in place for portraying enterprise risk as a risk profile, this risk profile can be linked to the risk appetite. The pie charts above focus attention on the relative size of the main types of risks of the insurer. The bar chart below features the sum of the risks. Here the target line represents the expected sum of all of the risks, while the maximum is an aggregate risk limit based upon the risk appetite.


In the example above, the insurer has a target for risk at 90% of a standard (in this case, the standard is for a 400% RBC level; i.e. the target is to have RBC ratio of 440%). The plan is for risk at a level that produces a 480% RBC level, and the maximum tolerance is for risk that would produce a 360% RBC. The 2014 actual risk taking has the insurer at a 420 RBC level, which is above the target but significantly below their maximum. After reviewing the 2014 actual results, management made plans for 2015 that would come in just at the 440% RBC target. That review of the 2014 actual included consideration of the increase in profits associated with the additional risk. When management made the adjustment to reach target for 2015, its first consideration was to reduce less profitable activities. Management was able to make adjustments that significantly improve return for risk taking at a fully utilized level of operation.