Newsletter Sign-up

You've heard of the Big Easy, the Big Ten, the Big Apple and even the Big Kahuna, probably. But have you heard of the Big Six? They're cyber, D&O, contingency business interruption, supply chain, kidnap, extortion and ransom, and terrorism; and they're the six toughest risks to underwrite.

Sure, the concept of the toughest risk to underwrite may vary from industry to industry. And sure, one underwriter's hell is another underwriter's heaven. But when we set out to find out all we could about the toughest risks to underwrite, what we found is that globalization, more than any other factor, is what is making these risks even harder to underwrite.

That is clearly true in the field of kidnap and ransom insurance, to which many add the subfield of extortion coverage.

International treaties like the North American Free Trade Agreement place executives in dicey regions like the U.S.-Mexico border, where gangs have executive kidnapping down to a science.

In Pakistan and Iraq, where U.S. contractors are operating with more frequency, a kidnapped executive is more likely to be shot, even after demands have been met.

Tom Nygren, an executive vice president and director of financial services in the Houston office of Lockton Insurance Brokers, says Nigeria and other countries on the Southwest coast of Africa are also keen areas of concern right now.

"There are kidnappings going on, raids on offshore drilling platforms, people being killed by drive-by shootings. There are novels in all of these situations," says Nygren.

Nygren says the growing number of incidents internationally and their very unpredictability make for a very hard risk to get ones hands around at times.

"The tendency is to have wonderful underwriting years or horrible underwriting years," he says. Not only have the number of locations and the physical exposure of U.S. executives increased, so has the number of ways in which kidnap and ransom is carried out.

"The style of kidnapping has become more varied," says Steve Robinson, an executive vice president and head of the kidnapping and ransom practice for Willis North America. "Express kidnapping," taking a person for a few hours and visiting various ATM machines until their funds are depleted, is one method.

In Mexico, where U.S. companies are doing more work, kidnapping of foreign executives has become so common that there is something approaching a fixed market for the price of ransom, according to Greg Bangs, a vice president with Chubb & Son Inc. and the company's product manager for kidnap, ransom and extortion and workplace violence.

Although that may sound terrifying, rules mean parameters and parameters help guide underwriters.

Bangs says that is somewhat reassuring, unlike in Iraq where kidnappers don't have rules or make them up as they go along. In Mexico, at least, the rule is that no harm is supposed to come to the victim and prices for the trade are fairly regular. Bangs says it's not uncommon for kidnappers to charge between $400,000 and $800,000 for the return of a victim. At least underwriters know what they're dealing with.

OH, BEHAVE!

Further globalization is adding to the difficulty of underwriting directors' and officers' liability insurance, and even if U.S. companies buy a worldwide D&O policy doesn't mean other carriers are going to recognize it.

But it's the very nature of D&O that makes it so difficult, according to brokers who spend their days trying to corral the risk. For, after all, D&O gets into the mindset of an executive: What his or her motivations or thought processes might have been, and that makes underwriting it highly subjective.

"It is fundamentally behavioral insurance, it underwrites how people make decisions," says Ann Longmore, an executive vice president and D&O and fiduciary product leader for Willis. "That makes things widely subject to interpretation."

"What makes it a tough risk is that it's a lot of art. You're dealing with human nature, and as soon as you do that, it's more of an art form," says Steve Shappell, managing director of Aon's financial services group.

And that's during stable market conditions. The volatility that has afflicted the stock market over the past six months has made the risk even more difficult to assess.

Longmore says most models that attempt to quantify D&O risk "start with stock volatility." That perhaps helps quantify executive incompetence if one company's stock takes a nosedive when most of the others of its class are stable. But when the market is seeing the peaks and valleys it is now, that scrambles the entire picture.

"One thing that makes it far more perilous is market caps are so large, even a drop of a penny a share equals a substantial number. That's hard to get clients to wrap their hands around. Sometimes with the volatility today, the stock market can swing 20 percent before noon," Longmore says.

With the number of shareholder lawsuits, class action and otherwise, that are piling up right now due to the implosion oftens of billions of dollars in misguided subprime lending, "Some reinsurers may throw up their hands and leave the business," says Lockton's Nygren.

And that's not even to mention derivative claims. Derivative claims can be filed even if a stock price doesn't drop after there's a legal settlement against a company or other evidence that the suits at C-level may have dropped the ball.

"A derivative claim says that while the stock didn't drop I don't care because we wouldn't have been involved in this settlement but for the breach of duty," says Longmore. "Today, the plaintiff's bar has more than one arrow in their quiver."

JOINED AT THE HIP

There's global physical risk, and then there's the risk that exists within ether space. It's called cyberrisk and it may be the most hard-to-quantify risk of all, because of the relative youth of computer and Internet technology.

Call it ironic, call it weird, or call it just plain frustrating, but the lack of data about the shortcomings of a technology that is ostensibly devoted to the communication of data is the culprit.

"It's a real simple reason, there is not a central resource that has been built to collect the data," says Tracey Vispoli, a vice president in Chubb's cyber security business. "That's been the issue in the world of cyber insurance for about eight years now."

When it comes to the reporting of security breaches involving loss of personal data such as healthcare or financial information, more states are requiring corporations to report when they've had a breach.

But when it comes to what should be the final depository of all of this information, there is a rather sizable technical glitch. According to Vispoli, approximately 85 percent of cybertechnology infrastructure is owned by the private sector.

"That means that 85 percent of our information is in the private sector and that is a difficult thing to get your hands around," says Vispoli. "How do you regulate that 85 percent and force them to notify?"

That also begs the question that even if a central repository could be created with the goal of providing actuaries the information they would need to properly model cyberrisk, where would it be housed, in the private sector or the public sector?

A lack of actuarial benchmarking is one thing: The rate at which cybertechnology changes is another, according to Kevin P. Kalinich, a managing director of professional risk solutions with Aon Financial Services Group.

"As soon as we figure out what the appropriate techniques would be, it changes," says Kalinich. "It is an extremely dynamic and changing exposure and that makes it tough to underwrite," he says.

Corporations have much more work to do in protecting against cyberrisk, according to Bang's colleague Vispoli.

"I can't believe that I am still saying this in 2008. I think the issue is that people look at this as a cyber security issue and therefore it sits in the world of the chief information officer. It needs to sit in the world of every business executive that is running every company," Vispoli says.

GLOBAL REACH, GLOBAL RISK

Isn't it great to be an American consumer? Strawberries in February, Chilean sea bass and that to-die-for olive oil from Greece. Problem is, with every exotic link in the American consumer's food chain comes a corresponding risk.

And it may be one thing to cover a supply chain on U.S. soil, but quite another to insure that supply chain with local paper from Brazil or China.

"As the agribusiness space starts to globalize, the types of coverages that are required are becoming more and more sophisticated," says Steve England, the St. Louis-based president of Landmark Insurance, a subsidiary of New York-based AIG.

"The biggest challenge as you get into globalization from an insurance standpoint is just the exposure overseas and what the local regulations are from an insurance standpoint," he says.

England says many underwriters that are on firm footing when writing policies that cover U.S. supply chains may be in well over their heads when it comes to finding local partners in foreign countries who write paper that means anything.

So there are two major complications there; knowledge of local regulations in foreign countries and the legitimacy of the paper being written by your foreign partner's insurance company.

But that's not the only potentially phony paper that might be swirling around your deal in Sao Paulo or Guangzhou.

Louise Vallee, an executive risk and development specialist with Chubb, says manufacturers should look to see whether that certification paperwork on the part that they're being supplied with by their Chinese partner wasn't printed and signed by somebody's Uncle Louie.

She says many companies may be very conscious of supply chain risk when it comes to their U.S. operations and suppliers, but may have their heads in the sand when it comes to their overseas suppliers.

"Once their suppliers and contractors get beyond their four walls, I don't think the word is complacency, I think the word is overconfidence that they will meet quality and standards," Vallee says.

That's true of retailers as well as manufacturers.

"U.S. retailers are putting a lot of pressure on their suppliers to get their own product liability insurance," says Vallee.

UP AND DOWNSTREAM

Contingent business interruption risk is hairy these days for many of the same reasons as supply chain, kidnap and ransom, D&O and cyberrisk.

Globalization means more and more players in the supply chain. Now just try to convince your underwriter that you know enough about your suppliers to cover any business interruptions they may suffer. Guess what? Good luck.

"The problem for the broker is convincing the underwriter that you can quantify what the exposure is. In most cases, you can't," says Jim Rubel an executive vice president and director of Lockton's Global Property Practice.

Just how willing, after all, is a tool and die manufacturer in Shanghai going to be to submit to an inspection from the broker with a U.S.-based original equipment manufacturer? And that's true upstream and downstream, from the supplier to the distributor.

"That's what makes it so difficult," says Rubel. "The broker of one company isn't welcomed with open arms to the supplier and distributor companies. If they aren't providing you with good information, you can't quantify the risk to the underwriter."

Have you had enough yet?Sure, globalization and technology are potential goldmines, as anyone who has ever dreamed of opening up China has no doubt considered.

But the World Wide Web and a worldwide economic supply chain are also opening up a degree of risk that would have been impossible to imagine even 10 years ago. For many underwriters, brokers and risk managers, they are to this very day, just as difficult to comprehend.

FEARING ANOTHER 9/11

The terrorist attacks of Sept. 11, 2001, brought to life what was almost a new peril for the property/casualty market. Up until that event, terrorism losses had been borne by specialty markets. Losses were typically in the millions of dollars at most.

What constrains availability of terrorism insurance is what differentiates it from other high severity risks like windstorm and flood--a lack of historical data. Underwriters--as well as brokers and insureds--need to understand this risk through modeling. But without much data, terrorism risk models are limited.

"While there's been some tremendous improvements on the severity side of models, there has not been any on the frequency side," says Aaron Davis, managing director in Aon's National Property Practice. "The majority of markets decline to write it unless forced to by law. If the market were to lose TRIA, 80 percent (of carriers) would stop underwriting it."

With the Terrorism Risk Insurance Act extended for the next seven years, there will be a great deal of contract certainty for Davis' clients, he says. After all, seven years is a lifetime when approached from an underwriting standpoint. And it's certainly a significant amount of time to make possible what can't happen overnight--a greater sense of comfort on the part of reinsurers and rating agencies with terrorism risk models.

Reinsurers rely heavily on models, and not only do they have concerns about carriers' exposure to conventional terrorism risks, they keep themselves up at night worrying about unconventional risks like biological and chemical terrorism.

While TRIA has helped insureds obtain coverage and its extension is seen as a relief, it's by no means perfect. Without pricing controls, carriers can price themselves out of coverage.

In addition, those seeking coverage outside the United States are often out of luck. While there are similar public-private schemes in place in other countries--Spain, France, the U.K. and Australia, for instance--filling in the gaps is really left to specialty individual terrorism markets. Davis says he foresees a further evolution of pooling arrangements in other countries, but that they suffer from the same public-private tensions surrounding TRIA.

"If we continue to have more terrorism, especially in United States, that would cause instability," he says. "Some balance has been achieved, assisted by the relatively low number of terrorism incidents since 9/11. The Madrid and U.K. bombings were borne by pools. But there hasn't yet been a sizable loss to the private market, a $30-billion loss."

DAN REYNOLDS is senior editor of Risk & Insurance®.

ERIN GAZICA is associate editor of Risk & Insurance®.

April 15, 2008

Copyright 2008© LRP Publications