Danger in the Cockpit
Improved risk management, advances in computer technology and an industry-wide focus on training and analysis transformed commercial aviation safety in recent decades, placing it among the safest industries in the world for both staff and customers.
Pilots now have their every input monitored and analyzed. This enables retraining of bad habits and a common aspiration to fly “the perfect flight.”
Improved airplane construction and in-flight safety systems also reduce the likelihood of system malfunction to a miniscule level.
However, a spate of unusual events in 2014 and 2015 serve as a tragic reminder of the ever-evolving challenges facing risk managers.
“Airlines are very determined when it comes to safety and security threats — they are constantly trying to mitigate risk, are very proactive in dealing with threats as they arise, and money is no object when it comes to implementing new safety measures.” — Nigel Weyman, CEO of aerospace, JLT
In July 2014, Malaysia Airlines Flight 17 was shot down over Ukraine by a rogue Russian missile, killing all 298 passengers, and just four months later the same airline’s Flight 307 simply disappeared — prompting many to speculate that its pilot committed suicide, taking 239 passengers with him.
This once inconceivable scenario occurred again less than a year later. In March of 2015, Germanwings co-pilot Andreas Lubitz locked himself in the flight deck and deliberately crashed Flight 9525 into a mountain in the Alps, killing 150 people.
Lubitz reportedly endured severe depression in the weeks leading up to the crash, but his doctors never told Lufthansa, his employer.
Within days of the Germanwings disaster, the vast majority of airlines introduced a rule that there must always be two members of crew in the flight deck at any one time (“two-pilot rule”), while the shooting down of Malaysia Airlines Flight 17 prompted carriers to re-evaluate routes, security threats and safe altitudes over certain geographical areas.
“Airlines are very determined when it comes to safety and security threats — they are constantly trying to mitigate risk, are very proactive in dealing with threats as they arise, and money is no object when it comes to implementing new safety measures,” said Nigel Weyman, CEO of aerospace at JLT.
Malicious Acts Offset Operational Safety Achievements
“The whole airline industry is benefiting from an improved period of operational safety, but malicious acts, from pilot suicides to the deliberate or accidental shooting down of aircraft, seem to have taken the place of expected operational losses, creating a sad counterbalance to what would otherwise be a very encouraging period for the sector.
“Psychological and terrorist losses are difficult to predict,” Weyman said.
Aviation regulatory bodies are currently discussing, with input from airlines and pilots, whether to make the two-pilot rule mandatory, but not all airlines buy into the logic behind it, according to a pilot for one of the world’s leading airlines, who wished to remain anonymous.
“My airline has been reluctant to implement [the two-pilot rule], and even Lufthansa resisted it initially before backing down due to media pressure,” he said, warning that implementing a “knee-jerk reaction” could increase an aircraft’s vulnerability to terrorism.
“There are in excess of 35 million commercial flights globally each year and only one known case of pilot suicide in European airspace history, so you have to weigh up the risks,” he said.
“If a terror organization wanted to plant a sleeper on a plane, it is far easier for a radicalized person to be employed as cabin crew than to pass the pilot exams.
“Many of my colleagues feel safer trusting the pilot community, and keeping the flight deck a pilot-only environment, as the chance of a pilot committing suicide is so slim it is not worth the risks associated with giving crew access to the flight deck.”
It could be argued that some aspects of the Germanwings disaster are rooted in the industry’s reaction to 9/11.
Following that attack, all airlines installed armored flight deck doors to prevent terrorists entering the cockpit — making it virtually impossible to break in if a suicidal pilot decided to lock themselves in.
There’s the rub; in mitigating one risk, you often create new ones.
“You can’t eliminate every risk from every aviation operation, no matter how miniscule those risks might be, and that’s why people buy insurance,” said Weyman.
Insurance Protection for Malicious Acts
Malicious acts by either staff or third parties are currently covered under stand-alone hull war policies, though passenger liability is covered under airlines’ standard hull liability programs.
Weyman noted that, in spite of a number of significant losses between 2013 and 2015, rates continue to slide.
“This is partly because we brokers have argued that these were very unusual events, the industry has closed the door on this happening again, and the world moves on,” he said.
“Mathematically, rates probably should have increased, but the aviation market is very competitive and overserved with capacity, preventing underwriters from reacting to these events.”
“Insurers,” said Richard Power, founding partner of specialist aerospace underwriter Altitude Risk Partners, “must determine whether the recent spike in this kind of incident is a temporary anomaly or whether it is indicative of heightened risk going forward.”
Power noted that the subjective nature of the risk — and the fact that pilot trade unions have resisted the introduction of psychometric testing and the sharing of pilots’ medical information with employers — make it extremely difficult to predict how frequently malicious acts will occur or how effective new security measures will be in preventing future incidents.
“One option may be for the insurance industry to exclude malicious acts from the standard hull liability policy,” Power said.
“Unlike modeling the frequency of losses caused by mechanical failure or human error, underwriters are now faced with the challenge of pricing a much less tangible and quantifiable risk, and it may therefore be necessary to separate malicious acts out into its own separately rated policy, as is done with hull war.”
Power added, however, that brokers and clients have no incentive to accept such changes in the current environment.
The aviation insurance industry is awash with capacity and aviation insurers are under pressure to broaden terms while cutting their cost base, giving them little room for leverage.
Spotting the Warning Signs
So far, there has been no repeat of the Germanwings disaster.
While it is impossible to tell whether a similar incident would have occurred without the new two-pilot rule, the tragedy has undoubtedly brought pilot mental health firmly into the spotlight.
“The best way to prevent another Germanwings is to catch the problem at its source and stop troubled individuals from flying,” the pilot said.
His airline has increased the psychological component of its annual medical checks.
“The best way to prevent another Germanwings is to catch the problem at its source and stop troubled individuals from flying.” — anonymous pilot
It created a new “well-being officer” role, and encourages staff to “self-regulate” by coming forward with concerns about either themselves or others without fear of judgment or punishment.
French air crash investigators in March called on aviation authorities around the world to take this one step further by loosening existing privacy laws to allow doctors to inform airlines if a pilot is mentally unstable.
This clearly presents a complex ethical conundrum.
On a practical level, the pilot said, it is essential that troubled pilots are able to seek counseling confidentially.
“The emphasis has to be on the pilot being able to pick up the phone and talk about their problems and get advice,” he said.
“If they think what they say will be reported back to the airline, they may fear they are risking their careers and decide not to make the call at all, which is far more dangerous.”
However, he added, it is important to keep the risks in context.
“Aviation is so safe now,” he said.
“We dedicate a huge amount of time and resources to identifying and removing what minute risks exist, with the aim of making every flight so accurate that the chances of a crash are one in a billion.”
Last November, a global study of 3,000 small and mid-size enterprises (SMEs) found that only one in seven SMEs think their business would be significantly affected if they lost their main supplier.
Overall, 39 percent of SMEs consider themselves at risk from the loss of their main supplier, yet 55 percent believe it would not influence their day-to-day business.
Meanwhile, the “2015 Supply Chain Resilience Study” by Zurich and the Business Continuity Institute (BCI) found that while 74 percent of companies experienced at least one supply chain disruption in the last year, only half of those disruptions were known to originate from Tier 1 (immediate) suppliers, and 72 percent of respondents admitted they did not have full visibility into their supply chain.
“Supply chain risk is a blind spot for a lot of organizations.” — Karl Bryant, senior vice president at Marsh Risk Consulting
“This makes us believe that SMEs probably underestimate their supply chains risk exposure, and we urge them to reassess this,” said Nick Wildgoose, Zurich’s global supply chain product leader. He added that visibility and resilience along supply chains are major sources of competitive advantage.
BCI warned that organizations could be “driving blindfolded into a disaster.”
Companies at most risk are those reliant on “sole source” suppliers — one-of-a-kind manufacturers whose components are either of unique quality or are unavailable elsewhere in the market.
In today’s lean manufacturing era, fewer companies keep spare inventory, so if a critical component ceases to be available it can quickly prevent a company from producing its core product or service, leading to lost revenue, diminished service, dissatisfied customers and, in extreme cases, business closure.
Supply chain risk lurks in many forms. According to the BCI, IT and telecoms outages, adverse weather, and for the first time, cyber attacks/data breaches are
the top three causes of supply chain disruption. Another emerging risk is “business ethics,” which placed in the top 10 for first time.
“Supply chain risk is a blind spot for a lot of organizations,” said Karl Bryant, senior vice president at Marsh Risk Consulting.
Complacency that suppliers have everything under control can be a problem, said
Ken Katz, property risk control director at Travelers.
“When a risk exists outside your own four walls and you are focusing on your core business there is reduced visibility to the potential destruction it can cause,” Katz said.
To make matters worse for SMEs, smaller companies are likely to feel the effects of a supply shortage first as suppliers will invariably prioritize their biggest accounts if outflow is reduced.
“I’d love to see companies with six months’ supply, or matching supply against their expected downtime and their assets, but that’s a losing battle — no one wants inventory these days,” said Bryant.
Former RIMS President Rick Roberts, director of risk management and employee benefits at Ensign-Bickford Industries (EBI), said supply chain disruption is a “huge issue. People who’ve never had a problem often sit back and don’t pay much attention, but up-front work is critical because when a problem hits it can be major.”
Roberts, whose company is both a customer and supplier, said some of EBI’s customers require his company to keep a number of months’ worth of supply as inventory as part of their agreement. However, few SMEs have the leverage to wield this kind of influence.
To fully understand their supply chain exposures, Bryant suggested SMEs conduct a “value segmentation” exercise, identifying mission-critical areas of their
business, such as those that generate the highest margins or growth.
Then, Katz said, they should conduct a “business impact analysis,” simulating the repercussions of vital components being undeliverable.
It is also essential for SMEs to get to know their suppliers’ finances and quality of work as best they can, he said.
Bryant said that companies should compile a matrix of their supply chain in as much detail as possible, including suppliers of suppliers, and if possible, the exposure of suppliers’ plants and operations (as opposed to regional offices) to natural catastrophe such as flood or earthquake.
SMEs should ask all their suppliers what business continuity plans and insurance they have in place, and get clarity on exactly how they will be treated should the supplier run into problems.
However, warned Bryant: “It can take a lot of man hours to send out questionnaires, follow up on them and pull the information together in a meaningful way, and many smaller companies don’t have the resources to invest in that kind of process.”
Nevertheless, this is information that empowers risk managers to make informed continuity plans. This could include, for example, finding alternative single source suppliers or new methods of production in case a sole source supplier fails to deliver, or even potentially acquire that supplier to ensure it stays in business.
There must also be a communications strategy for dealing with clients and negotiating delays. “You need a good explanation that is more sophisticated than ‘we can’t help you, I’m sorry’,” said Bryant.
Continuity planning, he said, requires a coordinated approach between risk and operational departments to ensure that gathered data is optimally leveraged. According to the BCI, only 54 percent of SMEs currently have a business continuity plan, compared to 74 percent of large organizations.
It also found that nearly six in 10 SMEs don’t insure losses from supply chain disruption, even though contingent business interruption (CBI) insurance would compensate for lost revenues during a supply problem.
This usually applies only to an insured’s first tier of suppliers, and can only be acquired if the SME has business interruption coverage.
Roberts would like to see more insurers extend coverage to second tier suppliers. “It can be expensive, and you can’t always see the benefits of being proactive — but when you get hit with a loss you’ll wish you had been prepared.” &
Assessing Tianjin’s Damage
The insurance fallout from last year’s Tianjin Port explosions, which caused nearly 200 deaths and insurance losses that could exceed $3.25 billion, appears as sprawling as the gargantuan Chinese port itself.
Primary liability for the disaster currently sits with Rui Hai International Logistics Co. — the warehouse operator that allegedly stored 3,000 tons of hazardous goods, including 70 times the legal quantity of sodium cyanide in its warehouse, resulting in an explosion equivalent to a 2.9 magnitude earthquake.
However, the chances of affected companies across a multitude of sectors winning compensation from Rui Hai are very slim indeed. One source described the operator’s liability policy as “not worth the paper it’s written on.”
Not only would the policy be of insufficient value to recover the hundreds of millions of dollars of liabilities unfolding from the event, but the policy is very unlikely to be honored by the insurer if Rui Hai is proved to have flagrantly breached regulations on the storage of dangerous goods.
Rui Hai may not, however, be the only company on the hook.
“There will be a Chinese investigation, and if that concludes there was widespread knowledge and the willful turning of blind eyes, parties who didn’t inform customers their cargo was at risk or take the necessary steps to protect their cargo could potentially be liable,” said Craig Neame, a partner at Holman Fenwick Willan. Class action lawsuits could not be ruled out down the line.
But, said Lincoln Pan, CEO of Willis China, “We’re advising our clients that seeking liability-based damages is going to be tough as it will be very difficult to prove liability and successfully claim against the individuals who may have been at fault.”
Meanwhile, Peregrine Storrs-Fox, risk management director of TT Club (the biggest insurer of containers and cargo at Tianjin) said that Chinese maritime courts are unlikely to accept proceedings until the Chinese government concludes its investigations. “If there is no recovery, due to a lack of recoverable assets or difficulty enforcing a foreign judgment in China, the loss will rest wherever it fell,” he said.
It is more realistic, then, that companies affected by the disaster will have to rely solely on their own insurance policies to recoup any losses — with property, cargo and business interruption policies taking the brunt of the claims. According to Pan, Willis Towers Watson has several clients that suffered losses exceeding $100 million as result of explosion. “These cases will require real advocacy and negotiation to get the fullest type of recovery back from insurers,” he said.
Key Policies Triggered
Damage to buildings in the vicinity of the blast will trigger property and business interruption policies worth up to $1.2 billion, according to Guy Carpenter. The majority are being handled by Chinese insurers, which are reportedly being encouraged by the Insurance Association of China to pay claims promptly and with minimal dispute. Damage to specialist equipment may also trigger covers provided by London and international underwriters, with Swiss Re ($250 million), Hannover Re ($104 million) and XL Group — now XL Catlin — ($100 million) among the highest pre-Christmas loss projections.
Zurich projects $275 million in property and marine losses, but told Risk & Insurance®: “The nature of many of the losses and the extended remediation period to complete repairs mean that uncertainty as to the final cost remains.”
A Lloyd’s market spokesperson said: “We are not clear what the quantum looks like, so it is too soon to tell what the impact on the Lloyd’s market will be. In the coming weeks, we hope to have greater clarity.”
Guy Carpenter estimates that container losses could reach $60 million, while lost or damaged cargo stored at the port could be worth more than $500 million. As many of the manufacturers and importers are international firms, much of these losses will be shouldered in the global insurance markets.
“When car insurers were doing their modelling, I don’t think they considered the risk of an adjacent warehouse storing chemicals in a huge breach of government-imposed regulations.” — Craig Neame, partner, Holman Fenwick Willan
However, Neame said cargo losses may be lower than projected. “There’s been very little reporting into the insurance market of substantial cargo losses, which suggests a lot of the containers were empty — the big loss is the cars,” he said.
According to Guy Carpenter, more than 22,700 cars were destroyed or damaged in the blasts, with a potential loss value of up to $1.5 billion, with many major car firms affected.
While these losses would trigger either cargo or property losses depending on who had ownership of the vehicles in the supply chain at the time, sources believe several manufacturers were inadequately insured.
It is rumored that because of limits on the number of vehicles that can be insured at one location, some manufacturers may not have declared all of their exposed vehicles, and may have to absorb the loss of their unprotected excess assets.
Pan added that certain local importers may also find themselves underinsured, having insured their assets using book value rather than market value.
“Some parties insured just for the manufacturing cost of the inventory, and are now seeking claims on the commercial value. Most insurers are rejecting or contesting these claims.
“Risk managers should analyze the value of their assets as they move through the supply chain, and insurance should be procured according to the maximum potential value of the asset rather than the financial value of an asset in any one point in the supply chain,” he added.
Throw in some large deductibles on the policies that are in place, and it appears that with so many companies having to absorb uninsured losses, the insurance industry may not come out of the event as scathed as it perhaps could have.
The biggest unknown is the impact on supply chain. The port system is now diminished and struggling to cope with the relentless demands of economic trade through China, with logistical disruptions and delays permeating throughout the regional economy.
While this should trigger a host of business interruption (BI) and contingent business interruption (CBI) policies — particularly among international companies — Neame believes there will be substantial uninsured losses when it comes to business interruption as a result of logistical delays rather than physical loss, as this is unlikely to trigger most BI policies. “I suspect the majority of Chinese manufacturers don’t buy CBI,” he added, “though there’s no guarantee CBI would respond either.”
Nick Derreck, chairman of the International Union of Marine Insurers, said in the wake of the event that the accumulation of related risks from the disaster served as a “wake-up call to all cargo insurers,” and called for new technology to help underwriters handle this kind of aggregated risk. Meanwhile, Neame suggests the insurance industry may put tighter limitations on how much stock can be stored in certain locations without the policyholder obtaining assurances on site safety, particularly in developing markets.
“When car insurers were doing their modelling, I don’t think they considered the risk of an adjacent warehouse storing chemicals in a huge breach of government-imposed regulations — this has opened up their eyes to a new type of risk,” he said.
But loss adjuster Mark Thompson, CEO of Cunningham Lindsey International, noted that while some insurers are now coming to terms with “much bigger exposures than they thought,” he doesn’t believe this event will be as damaging to the insurance market’s coffers as recent catastrophes in Thailand or Japan.
While Storrs-Fox said the event is unlikely to lead to any material changes in insurance terms, he advises insurance buyers to ensure they have a “force majeur” clause in their cargo contracts, and also to maintain high levels of due diligence over the practices and procedures of counterparties, including ensuring subcontractors are adequately insured, and operating in compliance with regulations.
It is unlikely the unscrupulous activities at Tianjin are isolated. Both insurers and insureds must learn their lessons from the disaster quickly if they are to avoid similarly complex settlement challenges in the future.