RIMS Membership Has a Say in COSO’s New ERM Framework

When Risk & Insurance Management Society (RIMS) members use the new ERM framework published Sept. 6 by the Committee of Sponsoring Organizations of theTreadway Commission (COSO), they may recognize their own ideas prominently displayed. Carol Fox, RIMS vice president of strategic initiatives announced the call for public comment on Risk Management Monitor in June 2016. She said feedback from the industry, and particularly RIMS members, is reflected in COSO’s ERM Framework: Integrating with Strategy and Performance.

“RIMS members took advantage of the unique opportunity to influence one of the industry’s major guidance documents. For several weeks, members collaborated and drafted a response, which was publicly available through the end of last year,” said Fox, who participated on the project’s advisory council. “We were very appreciative that COSO reached out to RIMS and other professional associations, whose input strengthened the content, ideas and approaches featured in Integrating with Strategy and Performance.

A summary of the public comment feedback includes:

  • More than 200 responses–double that of the internal control update
  • Over 70% of responses from individuals
  • Over 50% of participation outside of North America
  • Almost 50% had affiliations beyond COSO memberships
  • Almost 50% of respondents had 10 or more years of risk management experience
  • Positive ratings outnumbered negative ratings by 4.5 to 1

The new publication serves as an update to 2004’s Enterprise Risk Management – Integrated Framework, which is internationally regarded as the standard for applied risk management frameworks. Developed by PwC under the direction of the COSO Board, its simple, five-component structure considers various viewpoints and operating structures while highlighting the importance of enterprise risk management in strategic planning. It also emphasizes embedding ERM throughout an organization, as risk influences strategy and performance throughout the organization.

“The complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting,” said COSO Chair Robert B. Hirth Jr. “Our overall goal is to continue to encourage a risk-conscious culture.”

Enterprise Risk Management: Integrating with Strategy and Performance is available in printed form, e-book, on-line subscription and pdf licensing for large organizations, accounting and consulting firms. Additionally, COSO is planning for the framework to be translated into several languages, including Chinese, Japanese, Spanish and French.

Visit www.coso.org for purchase information and for a link to the framework’s executive summary.

Lloyd’s Plans for Post-Brexit Subsidiary

Just one day after the U.K. set in motion its process for withdrawal from the European Union by triggering Article 50, Lloyd’s announced it was establishing a subsidiary in Brussels, intending to be able to write EU business for the Jan. 1, 2019, renewal season.

The new company will write risks from all 27 European Union countries and three European Economic Area states once Brexit is completed. Because Britain remains a full member of the EU for at least two more years, there will be no immediate impact on existing policies, renewals or new policies, including multi-year policies written during this period of time, the insurer said. The Brussels subsidiary will have its own board of directors and, unlike some banks that have said they will move hundreds of employees to the EU, it will only employ dozens of staff in areas such as information technology and compliance.

Hank Watkins, president of Lloyd’s North America spoke to Risk Management about the company’s plans and the why it chose Belgium as its new location.

RM: How did the process of finding a new EU base begin?

Watkins: Within a week or two of [the Brexit vote] last June, Lloyd’s was on its way, looking across Europe for a new domicile, if you will, for our European business. We are not moving out of London—what we have done is set up an insurance company in Brussels, purely to allow us to passport around the European Union. Because we are not necessarily confident that the U.K. will be able to negotiate passporting rights with the other countries, we are assuming they are not. If they are ultimately successful, then we will just close up and go back home, but that probably will not be the case.

RM: How will the subsidiary work?

Watkins: If you are a policyholder with Lloyd’s, where you previously would have received a policy with all of the syndicates subscribed to it, and that would have been stamped by each of those syndicates, you will also receive an identical policy for the European exposures. It will have the Lloyd’s insurance company name on it and the syndicate stamp of that insurance company and the Lloyd’s syndicates. It is just a little more paperwork for us. The policy is the same—it does not change coverage and it does not change pricing—It is more of an administrative effort to align with what the regulator expects. And our ratings are not affected, we are still S&P-, AM Best- and Fitch-rated A or better and the central fund is still very strong.

RM: Why Belgium?

Watkins: We found a regulator there who is allowing us basically to cede 100% of the premium and the risk back to the syndicate in London. Every other country has some variation of wanting to maintain part of the risk in their country but that does not work for us. So Belgium is a very strong regulator centered in the heart of Europe and a great talent pool as we build out the platform—which won’t be that large, by the way, because we are not necessarily moving people there.

RM: How will insureds be impacted?

Watkins: Companies with no risks in the European Union will see no impact, and it will be seamless for international companies with risks in the EU. Also, it is probably not as well known, but because we are not just large, commercial risks, we do insure a lot of homeowners on the coastlines and a number of private yachts and aircraft, so this is a way to seamlessly include coverage for them in Europe as well.

More Insurers Opting to Form EU Subsidiaries

A growing list of insurers are choosing to form subsidiaries in the European Union to ensure continuous coverage for their European clients following the United Kingdom’s withdrawal from the EU in June 2016. They wish to protect themselves in case Brexit impacts their ability to sell insurance policies and products across the EU from bases in Britain.

FM Global recently announced it is opening an office in Luxembourg, noting that the license allows it to “continue to deliver seamless insurance coverage to its policyholders” throughout the European Economic Area (EEA), where it has operated for more than 50 years.

“We chose Luxembourg as our EEA hub because it’s a multinational business-friendly financial center with regulatory expertise that enables us to remain true to our mutual insurance company business model,” Chris Johnson, executive vice president who will serve as its managing director said in a statement. “Most notably, Luxembourg is a hub that permits EU passporting—which fits our business model perfectly.”

Lloyd’s said in March it will establish an EU base in Brussels that will allow its markets to continue to write risks from all 27 EU and three European Economic Area states post-Brexit. “It is important that we are able to provide the market and customers with an effective solution that means business can carry on without interruption when the U.K. leaves the EU,” Lloyd’s Chief Executive Inga Beale said in a statement. She added that Brussels met the critical elements of providing a robust regulatory framework in a central location.

Lloyd’s said its intention is to be ready to write business for the Jan. 1, 2019, renewal season.

U.S. insurer AIG also announced recently that it is moving its headquarters from London to Luxembourg; and Lloyd’s insurer Hiscox said in May that it has decided to establish a subsidiary in Luxembourg, after debating between Luxembourg and Malta.

Luxembourg has said that as well as insurers, it is in talks with firms including asset managers, banks and financial tech companies.

Large Venues Reviewing Security Measures

Venues that attract crowds, such as large sports events and concerts are reviewing their security measures, both inside and out, to prevent an attack such as the suicide bombing after an Ariana Grande concert in Manchester, England, that killed at least 22 people.

Most venues have strict rules about bags, backpacks and coolers. Some check items thoroughly before allowing them inside an arena and others do not permit them at all. Venues also employ security detail to check those attending events as well as plainclothes detail to monitor the crowd. In the Unites States, the Department of Homeland Security warned that the U.S. public may experience increased security at public events.

Hong Kong’s AsiaWorld Expo, where Ariana Grande is scheduled to hold a concert in September, said it plans to improve security at all concerts and events. Besides baggage inspection, there will also be metal detectors and search dogs, it said in a statement.

According to the South China Morning Post, the Hong Kong venue said it will begin using metal detectors to screen for potential threats, in addition to its usual backpack and baggage inspections. It also said it would consider using search dogs for any suspicious items or requiring visitors to wear security straps to track them while in the venue.

One mega event, the annual Indianapolis 500 over Memorial Day weekend, took to heart the task of keeping attendees safe. Adding to security planning measures for more than 300,000 attendees was the safety of Vice President Mike Pence, who was expected to attend—and arrived on Sunday morning.

Indy 500 crowd, May 26, 2017. Photo by Dana Garrett

Reuters reported that the Indy 500 has a Homeland Security SEAR 2 (Special Event Assessment Rating) designation, which means federal assets can be brought in to enhance security efforts during the event.

The Indy 500 is regarded as the world’s largest single day sporting event. Only venues on par with the Super Bowl and the Democratic and Republican conventions are given higher security ratings. Local, state and federal agencies contributed to security efforts at the Indy 500, including sniffer dogs, license plate recognition equipment and multiple security checkpoints to enforce restrictions.

There are those who believe, however, that even with enhanced measures, terrorist acts cannot be completely anticipated or stopped.

“Whatever is done—and in this case it’s British intelligence which is considered among the best in the world—it won’t prevent such incidents happening,” Jean-Charles Brisard, president of the Centre for the Analysis of Terrorism told Reuters. “You can bring back the perimeter, add security gates and as many controls as you want, but that will not change the fact that a determined individual will carry out his act if he is not caught before.”