New Policies Fill Gaps in Green Energy
Ambitious underwriters are learning to make hay while the sun does not shine. And when the wind does not blow, and the rain does not fall on watersheds.
For years, the intermittent nature of nature vexed the green energy industry. Until recently it was addressed as a technical problem of storage and backup generation.
But recently, several insurers developed coverage that offer a financial recovery approach. To be sure, the demand is coming primarily from lenders and capital investors that back green power projects. The effect, if the markets grow, will be to help normalize both power and profitability.
While the mechanisms for the new programs are new, financial weather instruments are not, said Michael J. Perron, senior vice president for Northeast property placement at Willis Towers Watson, and a 2016 Risk & Insurance Power Broker® in the alternative utilities category.
“Wind productivity was down over the last couple of years, and banks are requiring some type of protection from insureds. The industry has these wind curves and they are just not performing.”
Generators themselves are not yet asking for coverage, said Perron, “but banks are saying, ‘your charts are nice but we need protection.’
“Risk managers at the generators may feel very comfortable with the long-term performance, but banks are asking for more. In some cases the lenders or investors are named as loss payee.”
In general, Perron said, the new demands from backers and the coverage being offered to meet them is beneficial in direction, if not always in degree.
“We do push back on occasion,” he said.
Using an analogy from earthquake coverage, he noted that “we had one client for which the bank demanded $100 million of protection. We modeled the case and found that the 500-year event would cost $20 million so we suggested buying $35 million in coverage.”
Weather Risk Transfer
Underwriter GCube brought its “weather risk transfer mechanism” to North America to respond to “increasing demand from U.S. project-financed wind operators, notably those refinancing or going through acquisitions,” the company stated.
“Utilities and independent power producers have directly cited below-par wind resources as a contributing factor to net losses in 2015 and the first quarter of this year,” it said.
“This financial underperformance, if left unchecked, threatens to undermine the reputation of wind energy as a low-risk, reliable investment — particularly with the emergence of new investors with less tolerance to lower returns.”
“There can be a straight trigger payment, or more complex arrangements more like a cash flow swap or collar.”– Bill Hildebrand, executive vice president, GCube
The basic concept, said Bill Hildebrand, executive vice president of GCube Insurance Services, is a contract with wind or hydro power generators. If the wind or rain is insufficient for the generators to provide the power that they have contracted to deliver, then parametric triggers would result in a payment under the contract.
“We are seeing increased requirements from insureds on behalf of their capital providers for revenue certainty,” said Hildebrand.
“At the same time, we have had carriers come to us with contracts they would like to distribute. Weather insurance has been around for a long time with the same interest in consistency and smoothing of revenue. What is new is this type of flexible contract that we are bringing on behalf of the capacity behind us.”
GCube is using Lloyd’s syndicate papers for backing. As a result contracts can be made on different terms.
“There are options,” said Hildebrand.
“There can be a straight trigger payment, or more complex arrangements more like a cash flow swap or collar.”
The contracts are being offered only to wind and hydro generators, not solar at this point. That is for two reasons: Solar has not seen the dips that the other green energy types have, and because the performance data on solar is not as extensive.
Early in May, a consortium of carriers executed a 10-year proxy revenue swap with a large U.S.-based wind farm. The arrangement allows for hedging wind volume risks for wind farms, to try to ensure stable revenues despite uncertainty of intermittent wind.
Advances in risk modeling and maturity of risk appetite were credited with making the deal more long-term in scope.
The 10-year agreement is designed to secure long-term predictable revenues and mitigate power generation volume uncertainty related to wind resources for the 100-plus MW farm.
But solar is not being neglected. Early in May, specialty insurer Sciemus launched a policy to protect the owners of solar farms against a lack of sunlight.
The policy pays if levels of sunshine fall below an agreed amount, and it is available as a hedging instrument for solar farm operators for up to 10 years.
Other lack of sun insurance schemes are available, but they are tied into property damage programs, experts said. The Sciemus insurance can be purchased as a stand-alone.
The insurance is index-linked and pays a fixed price per unit of lost sunlight at the end of each 12-month period. It is calculated on the sunlight either at the solar farm or at the nearest weather station.
The coverage is available in Europe and North America, and Sciemus plans to roll it out into the Middle East and North Africa later this year.
Health, Higher Ed Most Vulnerable to Cyber Attacks
As cyber risk management comes of age, more data and better analysis are leading to new realizations. One is that health care and higher education are the most vulnerable sectors, followed closely by financial services.
Another is that the vast majority of security breaches could be forestalled using simple measures, such as ensuring all updates and patches to software are installed and tested.
However, studies are starting to show that cheap, low-tech email attacks remain stubbornly effective despite expensive, high-tech protections.
All of those ideas were advanced and detailed at a fast-moving panel discussion May 11 in New York, sponsored by brokerage Crystal & Company.
Actuarial data is still thin in cyber, but Christopher Liu, head of cyber risk in the financial institutions group at AIG, said that “institutions in health care and higher education are the most hazardous classes of insureds. That is because they have the most sensitive information and that there is high turnover. Also, they usually do not have big budgets, so security is often not well supported.”
Financial institutions, especially asset managers, are the second-most hazardous class, Liu added.
“They have the same attractive information, plus they have money.”
Mitigating that, they also tend to have better funded and supported security, and they have heavy government regulation. That both keeps them on their toes, and also means greater external surveillance. Several panel members noted that firms became aware of breaches when regulators noticed unusual activity.
“We find that we deal primarily with three areas,” said Austin Berglas, senior managing director at K2 Intelligence.
“Those are: unpatched vulnerabilities in software, misconfiguration of internal systems, and misplaced trust by employees. We get called in to handle a breach, and 99 percent of the time we find the vulnerability is unpatched.”
Berglas explained that the software companies race each other to send out new versions that often are not completely functional or secure. So they send out patches. “Windows does it every week on ‘patch Tuesday.’ But users don’t have any regular schedule or system for installing and testing patches. We find unpatched vulnerabilities dating back as far as 1999.”
“I have been to meetings of the cyber response team, and everyone in the room is introducing themselves. This is the response team. Everyone in the room has to know everyone in the room.” — John F. Mullen, managing partner, Lewis Brisbois Bisgaard & Smith
The challenge of unsecured configurations between systems was dramatically demonstrated with the infamous attack on retailer Target, which came through the air-conditioning vendor. But Berglas emphasized the persistent and pernicious problem of simple phishing.
“It is estimated that 30 percent of individuals within a company will open an email, and 13 percent will click on an attachment, even if they have been warned not to,” Berglas warned.
“You spent half a billion dollars on security systems and firewalls, and one click on one phishing email by someone with elevated system privileges, and the bad guys have just defeated your half-billion-dollar defense. Now they are inside, with credentials, and you can’t detect them.”
The quickest and easiest thing that any company can do, “is to look for unpatched vulnerabilities in public-facing systems,” Berglas urged.
On the same theme, John F. Mullen, managing partner of the law firm Lewis Brisbois Bisgaard & Smith, stressed that “security goes way beyond IT.
“This is not just about the tech guys. Cyber security tends to get pushed downhill.” And that tends to mean lack of coordination on all fronts.
“I have been to meetings of the cyber response team, and everyone in the room is introducing themselves. This is the response team. Everyone in the room has to know everyone in the room.”
Similarly, “insureds have to know the coverage that they have bought. Is there a mandated forensics group? Outside counsel? If so, go meet with them. If you have options, vet them,” Mullen exhorted.
“You spent half a billion dollars on security systems and firewalls, and one click on one phishing e-mail by someone with elevated system privileges, and the bad guys have just defeated your half-billion-dollar defense.” — Austin Berglas, senior managing director, K2 Intelligence
He expects the cyber insurance business to triple or quadruple in the next five years, in terms of premium spending.
Cycling back to the theme of internal responsibility, Paul Miskovich, senior vice president and global practice leader of cyber and technology errors and omissions coverage at Axis, said that 67 percent of cyber claims presented to his firm involved insider activity of some kind: clicking on a phishing email or failing to install a patch or use a firewall. Further, 25 percent of claims involved third parties such as vendors.
For all the focus on the breach itself, Miskovich added that “regulatory costs can be more than the costs of the breach, especially if you don’t have documentation of your security policies and protocols.” That includes documentation that the policies are in place and are rehearsed.
Noting previous comments that many losses are traced to breaches that have gone undetected for years, Miskovich said that a new area within cyber insurance is full coverage for prior acts.
‘Among the Largest Catastrophe Losses in Canadian History’
About 2,400 structures in and around Fort McMurray lie in ruins in the middle of 700 charred square miles of northern Alberta.
The oil sands boom town, once known as “Fort Make Money,” is now going to cost money — at least $4 billion (C$5 billion) by early estimates — to rebuild after a monster wildfire swept around and through parts of town the first week of May.
The immediate insurance question is not the property loss in town; that is quite straightforward.
Rather, it is the length of the oil sands outage and two stages of business-interruption (BI) claims: immediate losses for the time out of operation, as well as possible contingent losses for refiners that rely on the oil sands for raw materials.
At the peak of the fire, 1 million barrels a day of oil sands production was taken out of service — about 40 percent of total output, and roughly one-quarter of all Canadian oil production.
Some operations have already airlifted in skeleton crews to begin safety checks in advance of resuming operations, but the bulk of production is expected to remain out of service for several weeks, if not a month or more.
The wildfires “will be a huge BI event,” said Paul Cutbush, senior vice president catastrophe management at Aon Benfield Analytics in Toronto.
“Even with no damage we will have to see when workers are allowed to come back — and then how many and how soon. A lot of these facilities have been used for evacuations, a goodwill gesture. A great deal will depend on manuscript wording for each policy.”
Waiting periods for BI claims will likely not be as large a factor as in past large losses, Cutbush noted. “It used to be that 90 days was standard. Today, that is shorter, 60 days, maybe even just 30.”
It may take longer than that to get claims sorted, because the size and scope of the fire has presented so many new unknowns.
“The biggest thing is getting people back to work,” said Cutbush, but they need places to live and shop.
“It is our understanding that a lot of the housing in the area was rental or temporary housing for oil sands and services workers.” That means not just property claims for the assets themselves, but lost value from their revenue.
Utilities and infrastructure also have to be inspected, repaired or replaced.
The fires continue to rage uncontrolled, but are now in the deep boreal forest south and east of town. The evacuation order and state of emergency for the area remained in effect as of May 11.
During a press tour through the town, Alberta Premier Rachel Notley gave the first official estimate of initial recovery time: “First responders and repair crews have weeks of work ahead of them to make the city safe. I’m advised that we will be able to provide a schedule for return within two weeks.”
Official numbers said 88,000 people, were evacuated, but a local source puts the number closer to 100,000, counting transient workers.
Remarkably, there has been no loss of life, not even any major injuries. And the vast oil sands mining and processing operations that sprawl for more than 100 miles in every direction around Fort McMurray were undamaged.
On May 10, Notley met with industry officials and was told the operations were secure.
“The magnitude of the current destruction suggest that the new fires will generate among the largest catastrophe losses in Canadian history, affecting both personal and commercial property writers,” according to an initial evaluation by the ratings agency Moody’s.
“I suspect some of the [energy companies’ insurance] coverage may be on the lean side.” — Jason Mercer, assistant vice president and analyst, Moody’s
“Early estimates of the wildfires peg the cost of damages rising to C$5 billion or around 1.5 percent of Alberta’s GDP — an estimate that could increase,” Moody’s reported.
“The Fort McMurray fires destroyed four times as many buildings as the Slave Lake [Alberta] wildfire of May 2011, which cost Canadian property and casualty insurers more than C$700 million in pretax losses.”
“Home and auto insurance coverage in Canada is substantially similar to that in the U.S.,” said Jason Mercer, assistant vice president and analyst at Moody’s in Toronto, who co-wrote the report.
“The only notable difference is that some lines, such as workers’ compensation, are typically government issued.”
BI is also similar in the two countries, Mercer noted. “There is named peril and all-risk. Both are available, but my sense is that all-risk is probably more difficult to get and more expensive, if only because of the higher number and cost of major losses in the province.
“More than half of the major losses in recent years in Canada have been in Alberta.”
Mercer also emphasized that the price of oil has been depressed for almost two years, leading some operators to tighten their belts – including insurance protection.
“I suspect some of the coverage may be on the lean side,” he said.
It will also depend whether companies have limited BI coverage — which would cover losses beginning with the evacuation and ending with the “all clear,” or extended coverage, which would “could run until there is a return to the profit level pre-event.”