Mind the gap: synergies between risk and insurance management

In recent years, risk management has developed into a popular instrument for corporate planning and control. Whereas in the past it was mainly large companies that made use of it, today more and more SMEs are also recognizing and utilizing the added value of proactively dealing with risks. When companies engage in risk management, they primarily aim to create transparency about their own risk situation, according to the results of a study conducted by the Funk Group. After their identification, analysis and evaluation, the most important risks are treated with proactive and reactive measures, which can mainly be assigned to the risk strategies "Avoid", "Reduce", "Carry yourself " and "Transfer".

Depending on the industry and activity, approximately 20-30% of all corporate risks are transferable to insurance companies. Consequently, insurance management should definitely be considered and handled as a sub-discipline of risk management. All the more surprising is the fact that both disciplines are organized in silos in many companies. While risk management is usually anchored at the strategic or operational level and thus falls under the responsibility of the board of directors, executive management or quality management, insurance management is often the joint responsibility of different departments such as finance/accounting, human resources or legal services/compliance. This is a suboptimal constellation that promotes information barriers and makes it difficult to link the two disciplines.

Link importance

The importance of aligning content and insights between risk and insurance management becomes apparent when considering the risks addressed therein. Insurance has its raison d'être due to uncertainties and the cost benefits of collective risk bearing. Most insurance solutions reduce the impact of existence-threatening risks with a high extent of damage and low probability of occurrence (fire, natural hazards, defective products, etc.) or particularly frequent risks with a low extent of damage and high probability of occurrence (illness, occupational accidents, collisions, etc.). For the former type of risk, risk-adjusted insurance solutions are essential. If the actual risk is unknowingly significantly higher than the purchased sum insured or coverage, this is referred to as underinsurance. The occurrence of risks that threaten the existence of a company can put an underinsured company in a serious predicament. Equally unfavorable is overinsurance, where the purchased coverage range is unknowingly significantly higher than the effective risk. In this case, a company pays insurance premiums for a non-existent risk instead of putting this capital to good use in its own business activities. The signals about the actual amount of insurable risks or the effective risk can be sent from the risk management to the insurance management in order to ensure risk-adjusted insurance solutions.

Insurability and multivariate risk assessment as links

The information barriers can be overcome by means of minor changes in the organizational and methodological design of risk management. It is imperative to involve insurance managers in risk analyses and workshops in order to promote risk understanding. At the very least, those responsible for insurance, including insurance brokers, should be included in the distribution list of the regularly prepared risk report for the attention of the board of directors. Also under obligation are the insurance officers, whose responsibilities ideally include reviewing the insurability or insurability of the relevant risks. To facilitate this review, some methodological adjustments in risk management are useful. In insurance policies, insured risks (causes) as well as insured losses and costs (effects) are explicitly defined. Recording and documenting the causes of individual risks as part of risk identification and analysis greatly simplifies the comparison with insurable and currently insured causes and hazards.

Expand risk assessment

Furthermore, it is advisable to extend the classic two-dimensional risk assessment according to probability of occurrence and extent of damage by additional variables. In particular, the impact of a risk can be assessed in addition to financial damage according to property damage (equipment, machines, server rooms, parts of buildings, etc.), personal injury (minor injuries, serious injuries, disability, death, etc.) and business interruption (a few hours to several days or weeks), thus providing important impulses for those responsible for insurance. Other variables - depending on the industry and the company's activities - could be environmental damage, compliance violations or reputational damage.

A data breach may not result in property damage or personal injury, but it may have a negative impact on reputation and cause various additional expenses and costs (e.g., for notifying the affected parties). In contrast, a natural hazard (e.g., flooding) causes mainly physical damage and can also lead to business interruption. Finally, a defectively designed product could result in personal injury and property damage, damage a company's reputation, and result in a business interruption (re-engineering of the product). This multivariate risk assessment allows conclusions to be drawn about the insurability of risks and, in combination with the causes, provides indications as to whether a risk could be covered under cyber, property, business interruption, liability insurance or another insurance solution.

Decide based on facts

In principle, a risk is insurable if it is assessed as critical or relevant and is insurable. Nevertheless, insurable risks are at least partially borne by the company itself on the basis of its individual risk-bearing capacity and risk appetite. It is important that the decision on the extent of self-bearing is made consciously and - if possible - based on facts. The organizational and methodological extensions of risk management described above and the link with insurance management create actual transparency about the risk situation and simplify the decision for or against an insurance solution or a specific coverage module. The reconciliation of the risk assessment and thus the effective risk with the current insurance sums also prevents underinsurance and overinsurance and promotes needs-based insurance solutions.

Author:
Max Keller heads the Funk RiskLab at Funk Insurance Brokers AG.
www.funk-gruppe.ch