Tag Archives: terrorism risk insurance act

Has an International Cyber War Begun?

Cyber attacks were once on the periphery of American business consciousness. That mindset changed over the past two years. A series of devastating events, including the 2014 cyber attack against Sony, catapulted cyber liability concerns from an IT department issue to a major priority for boardrooms across America. As U.S. government officials concluded that North Korea was behind the attack, many C-suite executives suddenly found themselves asking questions. Is this the start of a cyber war? Could we be the next victim? If we are, how will it affect our operations and our bottom line? Do our insurance policies cover any of these costs?

g1

Today, many insurance buyers look to their cyber insurance policies to fill coverage gaps that often exist in other policies. For example, a property policy may respond to physical damage from a named peril, but it will likely exclude loss for non-tangible assets as a result of a cyber attack. Similarly, a commercial general liability policy will likely provide liability coverage for causing bodily injury because of negligence but exclude coverage for liability because of a failure to secure sensitive data from hackers.

Many policyholders may be unaware that some, though not all, of these cyber policies contain specific terrorism and war exclusions. As a result, gaps in cyber insurance coverage can exist in cases like the Sony breach, where government agencies, like the FBI, conclude that a foreign government or terrorist organization is responsible for the attack.

Is a Cyber Attack “Terrorism” or “War”?

Immediately following the Sony attack, President Obama referred to it by saying, “I don’t think it was an act of war . . . but cyber vandalism.” Then, on April 1, 2015, President Obama signed the Executive Order on Cybersecurity with the goal of protecting the private sector against hackers and thereby bolstering national security. The order seeks to identify and punish individuals behind attacks, but it could also lead some to categorize an apparent hacking event or act of cyber terrorism as an “act of war.”

Changes in government definitions trickle down into coverage disputes because many policies that exclude or include “war,” “terrorism” or “cyber terrorism” either fail to define those terms or define them by referring to standard government definitions.

Government Definitions of Terrorism, Cyber Terrorism and War

THE TERRORISM RISK INSURANCE ACT (TRIA)

“Act of terrorism” is defined as any act certified by the secretary of the Treasury in concurrence with the secretary of State and the attorney general of the U.S. to be:

» an act of terrorism

» a violent act or an act that is dangerous to human life, property or infrastructure

» an act resulting in damage within the United States or Outside (on a U.S.-flagged vessel, aircraft or U.S. mission)

» an act committed by an individual or individuals acting on behalf of any foreign person or foreign interest, as part of an effort to coerce the civilian population, U.S. policy or the U.S. government.

The secretary of the Treasury may not delegate his certification authority, and his decision to certify an act or not is not subject to judicial review.

DEPARTMENT OF DEFENSE (DOD)

The DOD defines “terrorism” as “the unlawful use of violence or threat of violence, often motivated by religious, political or other ideological beliefs, to instill fear and coerce governments or societies in pursuit of goals that are usually political.” The term “act of war” is understood to mean “a use of force [that may] invoke a state’s inherent right to lawful self-defense.”

DEPARTMENT OF JUSTICE (DOJ)/FEDERAL BUREAU OF INVESTIGATION (FBI)

The FBI defines “cyber terrorism” as “the premeditated, politically motivated attack against information, computer systems, computer programs and data [that] results in violence against non-combatant targets by subnational groups or clandestine agents.”

DEPARTMENT OF HOMELAND SECURITY (DHS)

The National Infrastructure Protection Center (NIPC), (formally a branch of DHS), defines “cyber terrorism” as “a criminal act perpetrated through computers resulting in violence, death and/or destruction and creating terror for the purpose of coercing a government to change its policies.”

Cyber Terrorism and the ‘Act of War’ Exclusion

Cyber policies are relatively new and manuscript products; as such, the wording varies significantly. Many policies contain a standard exclusion for “war, invasion, acts of foreign enemies, hostilities (whether war is declared or not), civil war, rebellion, revolution, insurrection, military or usurped power, confiscation, nationalization, requisition, or destruction of, or damage to, property by or under the order of any government, public or local authority…” An attack by the Taliban, for example, would probably fit within the exclusion as an act sponsored by a “public or local authority.”

Traditionally, war exclusions were relatively narrow; they required an actual war or, at the very least, “warlike operations”; “for there to be a ‘war,’ a sovereign or quasi-sovereign must engage in hostilities.” Pan Am. World Airways, Inc. v. Aetna Cas. & Sur. Co., 505 F.2d 989, 1005 (2d Cir. 1974) (finding that a Jordanian terrorist group that hijacked a plane was not a de facto government for the purposes of applying the war exception).

However, the events of Sept. 11, 2001, changed the way certain events and groups were perceived and classified, ultimately leading many to label the 2014 cyber attack on Sony an “act of war.”

Screen Shot 2015-12-22 at 1.53.07 PM

Litigation surrounding the Sept. 11 attacks led directly to an expanded view of the war exclusion. For one thing, the Second Circuit Court of Appeals ruled that the attacks were an “act of war.” In re Sept. 11 Litig., 931 F. Supp. 2d 496, 512 (S.D.N.Y. 2013), an owner of a building near the site of the World Trade Center attacks sought to recover cleanup and abatement expenses for removing pulverized dust that infiltrated into the owner’s building after the collapse of the Twin Towers. He sued under the Comprehensive Environmental Response, Compensation, and Liability Act [CERCLA], which allows strict liability claims in pollution cases, but the court applied CERCLA’s “act of war” exception to strict liability.

In concluding that the attacks were an act of war, the court commented that “Al Qaeda’s leadership declared war on the United States, and organized a sophisticated, coordinated, and well-financed set of attacks intended to bring down the leading commercial and political institutions of the United States,” id. at 509, and that “as we learned in the twentieth century, and as has been true throughout history, war can take on a formal structure of armies in contrasting uniforms confronting each other on battlefields, and war can persist for years, fought by irregular, insurgent forces and capable of causing extraordinary damage,” id. at 511.

This expansion of the legal definition of “act of war” to include acts by “irregular, insurgent forces and capable of causing extraordinary damage” could lead to attacks by hacktivist groups or foreign intelligence services being considered acts of war and therefore excluded from cyber policies.

Cyber Insurance and TRIA

The Terrorism Risk Insurance Act (TRIA) is a government program designed to provide a backstop for reinsurers in the event of large terrorism-related losses (more than $100 million). There is debate over whether TRIA applies to cyber policies at all. TRIA applies to commercial property and casualty insurance coverage, but some cyber policies are written as another line of coverage, such as professional liability, which is not included in TRIA.

Even assuming that TRIA would apply to cyber insurance, for TRIA coverage to be in effect, (1) there must be losses, resulting from property damage, exceeding $100 million; and (2) they must be caused by a certified terrorism event:

(1) Property Damage: For TRIA to apply, physical property damage must occur, and what constitutes “physical damage” in the context of a cyber attack remains an open question. What we do know is that TRIA will probably not cover business interruption or reductions in business income absent some physical loss or property damage. Many cyber attacks do not involve any physical damage, which would exclude TRIA coverage.

(2) A Certified Terrorism Event: For TRIA to apply to any event, the event would need to be certified as an act of terrorism. This onerous and political certification process requires the secretary of the Treasury, secretary of State and attorney general to agree that an incident was an “act of terrorism.” Many political and economic issues factor into certifying a terrorism event, which can lead to counterintuitive results. For instance, as of the date of this publication, the April 2013 Boston Marathon bombing has not been certified as a terrorist act.

Conclusion

To ensure coverage for cyber terrorism and cyber warfare, buyers of cyber insurance will need to seek out a cyber risk insurance policy that explicitly includes this coverage in the broadest terms possible. As more insurance carriers enter the cyber insurance market, one must be wary that policy terms will vary from one policy form to the next, and some will have coverage terms superior to others.

The Painstaking Saga Behind NARAB

On Jan. 9, I had the pleasure of sharing spontaneous drinks and dinner with José Andrés, Washington’s first and only international celebrity chef.

He had just launched China Chilcano, the latest in his burgeoning empire of restaurants, only three days old at the time, and was only a month away from opening yet another concept. He asked how I was doing, and I told him I’d had a great week—that a bill I’d been working on for literally 23 years at the Council (NARAB, attached to the TRIA extension), was passed by the Senate just the day before.

About then, another well-wisher approached José and congratulated him on his latest achievement. “Meet my friend Joel,” he says to the guy. “He’s either the best lobbyist I’ve ever met—or he’s the [worst].”

Rightly or wrongly, I’ve been majorly associated with NARAB (“National Association of Registered Agents and Brokers”) in its multiple iterations since the early 1990s. It’s not the biggest thing I’ve worked on by any stretch—the Terrorism Risk Insurance Act, the Affordable Care Act and Dodd-Frank are all far more important to the nation, our member firms and your clients. But NARAB has been the most painstaking.

We’ve snatched defeat out of the jaws of victory on so many occasions that it almost seemed preordained we’d lose again when TRIA failed in December. Facing implacable opposition to NARAB from retiring Sen. Tom Coburn, R-Okla., then-Majority Leader Harry Reid, D-Nev., pulled the plug on TRIA and adjourned the Senate for the year—astonishing all of us who’d worked so hard on the legislation.

Much of the blame at the time went to Coburn, as he was the only announced senator down the stretch with a “hold” on the TRIA/NARAB legislation, but the truth is more complicated, as there was considerable liberal discontent with the legislation. That’s all water under the bridge now.

Within a couple days of the disaster, House Speaker John Boehner, R-Ohio, and incoming Senate Majority Leader Mitch McConnell, R-Ky., both released strong statements saying they would put TRIA passage on the “early” priority list for January. Both kept their word.

Congress convened Jan. 6. The House bill passed in December was re-enacted Jan. 7, and the identical bill cleared the Senate Jan. 8. President Obama signed the bill into law Jan. 12. This followed critical leadership on the issue from Chairman Jeb Hensarling, R-Texas, of the House Financial Services Committee, and Sen. Richard Shelby, R-Ala., the new chairman of the Senate Banking Committee.

Now the work can begin to actually create NARAB—an interstate licensure clearinghouse for nonresident producer licensure. Decades of compromises to get the legislation to the finish line will now become complications you’ll hear about in the coming months. The governance of the body will come principally from state insurance commissioners and the National Association of Insurance Commissioners. Funding problems will emerge because no federal dollars or borrowing will be allowed. And there will be disagreements about the standards for NARAB membership.

The basic deal is this: Any producer first has to be properly licensed in his or her own state. Then on a purely optional basis, he or she can apply for membership in NARAB and meet whatever requirements are established. The applicant can then check off the states in which he or she needs a nonresident licensure, paying the applicable state fees. That all sounds really simple, but we’re sure in practice it will be akin to giving birth to a live squirrel.

The protracted lobbying effort initiated in 1992 by the Council’s forerunner organizations (the National Association of Casualty and Surety Agents and the National Association of Insurance Brokers) seems disproportionate. At its core, NARAB is simply an administrative mechanism to facilitate nonresident producer licensure. But since its inception NARAB has been caught up in the push and pull of the broader debates over federal-vs.-state insurance regulation. Many colleagues of mine are putting their children through college in this continuing war of attrition.

My own children, meanwhile, are nonplussed by the history of NARAB, but here it is anyway. First it was a purely federal option, as a part of now-retired Rep. John Dingell’s, D-Mich., insurer solvency legislation, which would have created an Optional Federal Charter for insurers. That went nowhere. Then we spun it off as a stand-alone and waged a lonely battle for years, culminating in the “NARAB 1” title of the Gramm-Leach-Bliley Act of 1999. To sneak it through Congress over the opposition of then-Sen. Phil Gramm (for months, my colleagues referred to me as “Dead Man Walking” on the assumption that Gramm would prevail), we had to dumb down the provision. If a majority of states passed reciprocal licensing laws, there would be no NARAB. So a majority of states did so, which was welcome. But it wasn’t enough.

In the past decade, the coalition of NARAB supporters has grown substantially, with other producer organizations and the NAIC itself moving from a position of opposition to strong support over the years. In that decade, NARAB passed the House on at least six occasions (I lose count), both as a stand-alone measure and as part of other reforms.

As we now move to implementation issues, I will pause to give thanks for the many in Congress who made this happen. Most recently, our champions and authors were Rep. Randy Neugebauer, R-Texas, Rep. David Scott, D-Ga., Sen. Jon Tester, D-Mont., and now-retired Sen. Mike Johanns, R-Neb. We can’t thank them enough. And I think back to the 1999 Gramm-Leach-Bliley debate, when Rep. Sue Kelly, R-N.Y., and the late Sen. Rod Grams, R-Minn., fought so hard for NARAB.

I guess it’s easier to be gracious in victory, but we wish all the best for Sen. Coburn, who did everything he could to beat NARAB. I regarded him as an obstinate SOB for many months, but he always acted out of his own federalism principles. He retired from the Senate when his cancer recurred, and we have high hopes he can beat it. Because he’s just that obstinate.

This article first appeared in Leader’s Edge magazine.

Workers’ Comp Issues to Watch in 2015

Tis the season for reflections on the past and predictions for the future. As we kick off 2015, here are my thoughts on the workers’ compensation issues to watch this year.

What Does TRIA’s Non-Renewal Mean for Workers’ Compensation?

Thanks to congressional inaction, a last-minute rewrite added this subject to the issues for this year. I’m not about to predict what Congress will do with TRIA legislation in 2015, as there are no sure things in the legislative process. We have already seen the reaction from the marketplace. Back in February 2014, carriers started issuing policies that contemplated coverage without the TRIA backstops. We saw some carriers pull back from certain geographic locations, and we also saw some carriers change the terms of their policies and only bind coverage through the end of the year, giving themselves the flexibility to renegotiate terms or terminate coverage if TRIA wasn’t renewed. But while some carriers pulled back in certain locations, others stepped up to take their place. While some carriers tied their policy expiration to the expiration of TRIA, other carriers did not.  Going forward, some employers may see fewer carrier choices and higher prices without the TRIA backstop, but ultimately most employers will still be able to obtain workers’ compensation coverage in the private marketplace. Those that cannot will have to turn to the State Fund or assigned risk pool.

Rising Generic Drug Prices

The opioid epidemic, physician dispensing and the increased use of compound drugs are issues the industry has faced for years. While these issues continue to be a problem, I want to focus on something that is getting less attention. Have you noticed that the costs for generic prescription drugs are increasing, sometimes significantly? In the past, the focus was on substituting generic drugs for brand names, which provided the same therapeutic benefit at a fraction of the costs.  But now the rising costs of these generic medications will drive costs in 2015. These price increases are being investigated by the Federal Drug Administration (FDA) and Congress, but I do not expect this trend to change soon.

Medical Treatment Guidelines

Another issue to watch on the medical side is the continued development of medical treatment guidelines and drug formularies in states around the country. This is a very positive trend and one that our industry should be pushing for. There is no reason that the same diagnosis under workers’ comp should result in more treatment and longer disability than the same condition under group health. One troubling issue that I see here is the politics that come into play. Sorry, but I do not accept that human anatomy is different in California or Florida than in other states. I feel the focus should be on adopting universally accepted treatment guidelines, such as Official Disability Guidelines, or “ODG,” rather than trying to develop state-specific guides. The ODG have been developed by leading experts and are updated frequently. State-based guidelines often are influenced by politics instead of evidence-based medicine, and they are usually not updated in a timely manner.

How Advances in Medical Treatment Can Increase Workers’ Comp Costs

There is one area in which advances in medicine are actually having an adverse impact on workers’ compensation costs, and that is in the area of catastrophic injury claims. Specifically, I’m referring to things such as brain injuries, spinal cord injuries and severe burns. Back in 1995, Christopher Reeve suffered a spinal cord injury that left him a quadriplegic. He received the best care money could buy from experts around the world, and he died less than 10 years after his injury.  But as medicine advances, we are now seeing that a quadriplegic can live close to normal life expectancy if complications can be avoided. Injuries that used to be fatal are now survivable. That’s great news. The downside for those paying the bills is that surviving these injuries is very costly. The cost of catastrophic medical claims used to top off around $5 million, with a $10 million claim being a rarity. Now, that $10 million price tag is becoming more the norm.

The Evolving Healthcare Model

For years, workers’ comp medical networks focused on two things: discount and penetration.  Sign up as many physicians as you can as long as they will agree to accept a discount below fee schedule for their services. I’m happy to say that we are slowly, finally, evolving away from that model. Payers are realizing that a better medical outcome for the injured worker results in lower overall workers’ compensation costs, even if that means paying a little more on a per-visit basis. We are now seeing larger employers developing outcome-based networks, not only for workers’ compensation, but for their group health, as well. Employers are also starting to embrace less traditional approaches such as telemedicine. Finally, more and more employers are recognizing the importance that mental health plays in the overall wellness of their workforce. In the end, we are slowly starting to see is a wellness revolution.

The Need for Integrated Disability Management

The evolving healthcare model is tied directly to an evolving viewpoint on disability management. More employers are realizing the importance of managing all disability, not just that associated with workers’ compensation claims. Employees are a valued asset to the company, and their absence, for any reason, decreases productivity and increases costs. I feel this integrated disability management model is the future of claims administration. Employers who retain risk on the workers’ comp side usually do the same thing with non-occupational disability. These employers are looking for third-party administrators (TPAs) that can manage their integrated disability management programs. And make no mistake: Having an integrated disability management program is essential for employers. Human resource issues such as the Americans With Disabilities Act (ADA) and the Family and Medical Leave Act (FMLA) cross over into the workers’ compensation realm. The same interactive process required on non-occupational disability is required in workers’ compensation. Employers must be consistent with how they handle any type of disability management, regardless of whether the cause is a workers’ compensation injury or non-occupational.

Will We See a Push for ‘Opt Out’ in Other States?

Most people know that non-subscription, or opt out, has been allowed in Texas for many years. The Oklahoma Option that started last year is viewed as a much more exportable version of opt out. Under this system, employers can opt out of workers’ compensation, but they must replace it with a benefit plan that provides the same (or better) benefits available under traditional workers’ compensation. While some view the Oklahoma Option as the start of an opt-out revolution, it is just too early to tell what impact it will ultimately have. But, make no mistake, discussions about opting out are spreading to other states. A group called the Association for Responsible Alternatives to Workers’ Compensation is currently investigating the possibility of bringing opt out to other states. I expect to see opt-out legislation in a handful of other states in the next three to five years.

Marijuana

Marijuana legislation is a very hot topic these days.  In national polls, the majority of Americans favors legalization of marijuana in some form.  Recreational use of marijuana is now legal in four states (Colorado, Washington, Oregon and Alaska), and 23 states allow medical marijuana. When it comes to workers’ compensation, much of the attention has been focused on medical marijuana as a treatment option for workers’ comp because a judge in New Mexico allowed this last year. My concern is around employment practices. Employment policies around marijuana have been centered on the fact that it is illegal, so any trace in the system is unacceptable. That is going to change. I fully expect the government to reclassify marijuana from Schedule I to Schedule II in the next few years. When that happens, zero-tolerance policies in the workplace will no longer be valid. Instead, the focus will have to be like it currently is with alcohol: whether the person is impaired.

The Next Pandemic

Another hot topic these days is Ebola. While the threat from this particular disease seems to be subsiding, the concerns about Ebola last year showed we are not ready for that next pandemic. People who were exposed to the disease were allowed to interact with the general population and even use commercial travel. Government agencies debated whether travel to certain countries should be limited. The problem is, diseases don’t wait for a bureaucracy to make decisions. While this threat didn’t materialize, you can see how easily it could have. With work forces that travel around the globe, the threat of a global pandemic is very real. You know where you send your workers as part of their job, but do you know where they go on vacation? As an employer, are you allowed to ask about what employees do during their personal time? Are you allowed to quarantine an employee who traveled to an infected country during vacation? These are very complex legal questions that I cannot answer, but these are discussions we need to be having. How do we protect our employees from the next pandemic?

Rates and Market Cycle

You cannot have a discussion around issues to watch without talking about insurance premium rates in workers’ compensation. After several years of increasing rates around the country, the National Council on Compensation Insurance (NCCI) is projecting that, in 2014, workers’ compensation combined ratios were below 100% for the first time since 2006. This means that, as an industry, writing workers’ compensation is profitable again. So what should buyers expect in 2015? Well, it depends. California continues to be a very challenging state for workers’ compensation costs. New York is challenging, as well. Given the percentage of the U.S. workforce in those two states, they have significant influence on the entire industry. Some employers will see rate reductions this year, and some will not. In the end, your individual loss experiences will determine what happens with your premiums. That seems to be the one constant when it comes to pricing. Employers with favorable loss experiences get lower rates, so it pays to stay diligent in the areas of loss prevention and claims management.

Will We See More Constitutional Challenges Similar to Padgett in Florida?

While I don’t think the Padgett case will be upheld on appeal, I am concerned that the case is the first of many similar ones we could see around the country. Look at the main arguments in Padgett: The workers’ compensation system is a grand bargain between injured workers and employers. Workers gave up their constitutional right to sue in civil courts in exchange for statutorily guaranteed, no-fault benefits. Over the last 20 years, many workers’ comp reform efforts around the country have focused on lowering employer costs. Standards of compensability have been tightened. Caps have been put on benefits. The judge in Padgett looked at these law changes and ruled that workers’ compensation benefits in Florida had been eroded to the point where it was no longer a grand bargain for injured workers. He ruled that the workers’ compensation statutes were unconstitutional on their merits because the benefits provided are no longer an adequate replacement for the right to sue in civil court that that the workers gave up. Attorneys tend to mimic what succeeds in other courts, so I expect we are going to be seeing more constitutional arguments in the future.

Impact of the Evolving Workforce

One of the biggest issues I see affecting workers’ compensation in 2015 and beyond is the evolving workforce. This takes many forms. First, we are seeing technology replace workers more and more. When was the last time you went to a bank instead of an ATM? I have seen both fast food and sit-down restaurants using ordering kiosks. Also, we are seeing more use of part-time vs. full-time workers. Some of this is driven by concerns around the Affordable Care Act. But part-time workers also have fewer human resource issues, and their use allows employers to easily vary their workforce based on business needs. Unfortunately, part-time workers are also less-trained, which could lead to higher injury frequency. Finally, the mobile work force is also creating concerns around workers’ compensation. Where is the line between work and personal life when you are using a company cell phone, tablet or computer to check e-mails any place, any time? Where do you draw the line for someone who works from home regularly? There have been numerous court cases around the nation trying to determine where that line is. This is a very complex and evolving issue.

To view a webinar that goes into these topics in more detail, click here: https://www.safetynational.com/webinars.html

TRIA Non-Renewal: Your Next Steps

Two days after Congress adjourned for the year without reauthorizing the Terrorism Risk Insurance Program Reauthorization Act of 2014 (TRIPRA), many organizations are working to understand the impact on their insurance programs when the federal insurance backstop expires on Dec. 31, 2014.

Most experts had expected Congress to reauthorize the law in some form. The failure to do so has implications for insureds with TRIPRA terrorism coverage in most any line, with particular concerns for property, primary and excess liability, workers’ compensation and captive programs.

Organizations that purchased terrorism coverage as part of their insurance programs (and not as a standalone program) may be affected. Potential solutions will depend on individual programs and needs but may include:

  1. Re-approaching insurers to see if they will not invoke sunset clauses or conditional terrorism exclusions, and provide stop-gap coverage until either Congress renews TRIPRA or the policy expires.
  2. Looking to the global standalone terrorism insurance markets for stop-gap coverage. The standalone market has large but limited capacity — it will not be able to fill all requests.
  3. Canceling and rewriting insurance programs with new markets that are able to offer terrorism limits (without sunsets).
  4. Seeking agreement from markets without sunsets to assume terrorism risk from sun-setting markets on the same risks.

It must be noted that these options may come with additional premium charges. Also, organizations should explore any loan, lease or other contracts or covenants that may require them to purchase terrorism coverage.

Congress is set to reconvene on Jan. 6, 2015. It is unclear how congressional leadership will deal with the issue, although some have already been quoted in the media as saying TRIPRA will be a top priority for the new Congress. Among the possible scenarios are:

  1. Immediately after reconvening, Congress could pass a short-term reauthorization to allow the new Congress to formulate a long-term reauthorization bill, which could be materially different than the 2014 version.
  2. Alternatively, both the House and Senate could immediately reintroduce new legislation mirroring the 2014 bill and pass it on an expedited basis.

For more information from the Marsh TRIPRA Update Center, click here. 

TRIA Non-Renewal: Effect on P&C?

Losses stemming from the destruction of the World Trade Center and other buildings by terrorists on Sept. 11, 2001, totaled about $31.6 billion, including commercial liability and group life insurance claims — not adjusted for inflation — or $42.1 billion in 2012 dollars. About two-thirds of these losses were paid for by reinsurers, companies that provide insurance for insurers.

Concerned about the limited availability of terrorism coverage in high-risk areas and its impact on the economy, Congress passed the Terrorism Risk Insurance Act (TRIA). The act provides a temporary program that, in the event of major terrorist attack, allows the insurance industry and federal government to share losses according to a specific formula. TRIA was signed into law on Nov. 26, 2002, and renewed for two years in December 2005. Passage of TRIA enabled a market for terrorism insurance to begin to develop because the federal backstop effectively limits insurers’ losses, greatly simplifying the underwriting process. TRIA was extended for seven years to 2014 in December 2007. The new law is known as the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA) of 2007.

This week, Congress failed to reauthorize TRIA before members adjourned for the holiday recess. Now, with the expiration of the law on Dec. 31, some businesses may be left without insurance coverage in the event of a terrorist attack on the U.S. Both houses of Congress have been discussing legislation that would set out the federal government’s involvement in funding potential terrorism losses, but bills proposed by the two houses earlier this year differed, and no extension was passed.

A report from the Wharton Risk Management and Decision Processes Center found that, under the current TRIA program, some insurers have already reached a level of exposure to losses from a terrorist attack that could jeopardize their ability to pay claims, based on a critical measure of solvency: the ratio of an insurer’s TRIA deductible amount in relation to its surplus. The report, “TRIA After 2014: Examining Risk Sharing Under Current and Alternative Designs,” found that as the deductible percentage rises, as it does under the Senate bill and proposals put forward in the House, more insurers have a deductible-to-surplus ratio that is above an acceptable level. The report also sets out in detail the amount the American taxpayer and federal government would have to pay under differing scenarios.

A RAND Corp. study published in April 2014 found that in a terrorist attack with losses of as much as $50 billion, the federal government would spend more dealing with the losses than if it had continued to support a national terrorism risk insurance program, because it would likely pay out more in disaster assistance.

A report by the President’s Working Group on Financial Markets made public in April 2014 generally supports the insurance industry’s view that the expiration of TRIA would make terrorism coverage more expensive and difficult to obtain.

The insurance broker Marsh released its annual study of the market, “2014 Terrorism Risk Insurance Report,” in April. Among its many findings is that uncertainty surrounding the potential expiration of TRIA significantly affected the property/casualty insurance market. Some employers with large concentrations of workers and companies with property exposures in major U.S. cities found that terrorism insurance capacity was limited and prices higher, and some could not obtain coverage at all. If the law is allowed to expire or is significantly changed, the market is likely to become more volatile with higher prices and limited coverage, the study concludes.

Before Sept. 11, 2001, insurers provided terrorism coverage to their commercial insurance customers essentially free of charge because the chance of property damage from terrorist acts was considered remote. After Sept. 11, insurers began to reassess the risk. For a while, terrorism coverage was scarce. Reinsurers were unwilling to reinsure policies in urban areas perceived to be vulnerable to attack. Primary insurers filed requests with their state insurance departments for permission to exclude terrorism coverage from their commercial policies.

From an insurance viewpoint, terrorism risk is very different from the kind of risks typically insured. To be readily insurable, risks have to have certain characteristics.

The risk must be measurable. Insurers must be able to determine the possible or probable number of events (frequency) likely to result in claims and the maximum size or cost (severity) of these events. For example, insurers know from experience about how many car crashes to expect per 100,000 miles driven for any geographic area and what these crashes are likely to cost. As a result, they can charge a premium equal to the risk they are assuming in issuing an auto insurance policy.

A large number of people or businesses must be exposed to the risk of loss, but only a few must actually experience one, so that the premiums of those that do not file claims can fund the losses of those who do.

Losses must be random as regards time, location and magnitude.

Insofar as acts of terrorism are intentional, terrorism risk doesn’t have these characteristics. In addition, no one knows what the worst-case scenario might be. There have been few terrorist attacks, so there is little data on which to base estimates of future losses, either in terms of frequency or severity. Terrorism losses are also likely to be concentrated geographically, since terrorism is usually targeted to produce a significant economic or psychological impact. This leads to a situation known in the insurance industry as adverse selection, where only the people most at risk purchase coverage, the same people who are likely to file claims. Moreover, terrorism losses are never random. They are carefully planned and often coordinated.

To underwrite terrorism insurance — to decide whether to offer coverage and what price to charge — insurers must be able to quantify the risk: the likelihood of an event and the amount of damage it would cause. Increasingly, they are using sophisticated modeling tools to assess this risk. According to the modeling firm AIR Worldwide, the way terrorism risk is measured is not much different from assessments of natural disaster risk, except that the data used for terrorism are more subject to uncertainty. It is easier to project the risk of damage in a particular location from an earthquake of a given intensity or a Category 5 hurricane than a terrorist attack because insurers have had so much more experience with natural disasters than with terrorist attacks, and therefore the data to incorporate into models are readily available.

One problem insurers face is the accumulation of risk. They need to know not only the likelihood and extent of damage to a particular building but also the company’s accumulated risk from insuring multiple buildings within a given geographical area, including the implications of fire following a terrorist attack. In addition, in the U.S., workers’ compensation insurers face concentrations of risk from injuries to workers caused by terrorism attacks. Workers’ compensation policies provide coverage for loss of income and medical and rehabilitation treatment from “first dollar,” that is, without deductibles.

Extending the Terrorism Risk Insurance Act (TRIA):

There is general agreement that TRIA has helped insurance companies provide terrorism coverage because the federal government’s involvement offers a measure of certainty as to the maximum size of losses insurers would have to pay and allows them to plan for the future. However, when the act came up for renewal in 2005 and in 2007, there were some who believed that market forces should be allowed to deal with the problem. Both the U.S. Government Accountability Office and the President’s Working Group on Financial Markets published reports on terrorism insurance in September 2006. The two reports essentially supported the insurance industry in its evaluation of nuclear, biological, chemical and radiological (NBCR) risk — that it is uninsurable — but the President’s Working Group said that the existence of TRIA had inhibited the development of a more robust market for terrorism insurance, a point on which the industry disagrees. TRIA is the reason that coverage is available, insurers say. The structure of the program has encouraged the development of reinsurance for the layers of risk that insurers must bear themselves — deductible amounts and coinsurance — which in turn allows primary insurers to provide coverage. Without TRIA, there would be no private market for terrorism insurance.

Studies by various organizations have supported a temporary continuation of the program in some form, including the University of Pennsylvania’s Wharton School, the RAND Corp. and the Organization of Economic Cooperation and Development (OECD), an organization of 30 member countries, many of which have addressed the risk of terrorism through a public/private partnership. The OECD said in an analysis that financial markets have shown very little appetite for terrorism risk because of the enormousness and unpredictability of the exposure. RAND argued not only that TRIA should be extended but also that Congress should act to increase the business community’s purchase of terrorism insurance and lower its price. RAND also advocated mandatory coverage for some “vital systems,” establishing an oversight board and increasing efforts to mitigate the risks.

For the full report from which this is excerpted, click here.