Tips for Managing a Hurricane Claim

Despite early predictions of a mild 2017 Atlantic hurricane season, the latest forecasts reflect the likelihood of more named storms than originally anticipated. If that is not ample motivation for risk managers to double-check their hurricane preparation, then the reality that it only takes one major storm to generate a widespread disaster should be sufficient to warrant a review of their claims preparation.
This process will not only help spot potential gaps in your insurance, but also any issues in your planning that may affect the amount and delay the timing of a claim recovery. Based on recent experience, here are some tips for hurricane claims preparation and management.

Conduct a thorough review of your property insurance. Start by checking your deductible. After a loss, the first question risk managers often get from leadership is: “What’s our retention?” You also need to see if your policy has a blanket or percentage deductible. If the latter, is it a percentage of total insured value (TIV)? Do separate deductibles apply to physical damage and business interruption? Double-check your business interruption deductible. A 2% deductible on a business interruption loss equals seven days of self-retention (365 days x 2%).

In reviewing your policy, check the definitions of covered perils. Look for specific references to “storm surge,” “named windstorm” and “flood.” You’ll also want to make sure your policy covers costs to protect and preserve insured property that sustains physical damage and addresses business interruption losses when a facility is closed to preserve or protect property.

Check fee coverage for claims preparation. In a catastrophe, you may need to retain an outside claims consultant to manage your claim; this coverage—standard in some policies and optional for a nominal surcharge in others—comes in handy for complex claims.

Risk managers also shouldn’t overlook the extended period of indemnity, which gives policyholders additional time after a damaged property is restored to regain market share. And don’t miss assessing how your business interruption coverage addresses payroll; most policyholders want coverage that treats payments to hourly workers as a fixed expense (ordinary payroll), especially during catastrophe events.

During your policy review, be sure not to miss the opportunity to pre-select your adjuster. Designate an adjuster in your insurance policy and meet with them and your insurer’s claims director or examiner before any loss. Besides informing them about your company’s operations and claim strategy, a meeting helps structure the claims process.

List your claims team in your emergency response plan. Creating a team in advance—including claim advocate, restoration company, forensic accountant, engineers and building consultants—will mean they can be mobilized immediately following a major loss event.

After a loss event, communicate with key internal stakeholders. Keep your c-suite, operations, procurement and legal teams fully informed of your loss situation and claim process. And be sure all employees have ample instruction. They will need guidance for setting up loss accounts, invoicing, tracking internal labor, inventory, fixed asset ledgers and on any purchases to help mitigate the loss. They also need to understand the sensitive nature of any discussions with insurance company representatives.

Act quickly to assess the loss. Immediately evaluate the extent of property damage and obtain recommendations on temporary repairs and remediation needed to preserve and protect property. Show the adjuster the full scope of the loss so an appropriate reserve is established.

Designate a key member of your claims team to coordinate, manage and communicate activities of emergency resources, remediation, restoration vendors, environmental specialists and other providers involved in your claim. This encompasses all site inspections and remediation, timelines, target dates, ownership of issues and accountability, and facilitates expedited reviews of damaged inventory.

Work closely with your insurer throughout the loss adjustment process, as well, to negotiate partial payments based on expected short-term expenditures.

Get outside help for complex losses. By bringing expertise and special resources, such as drones and other technology, to determine extent and scope of loss, prepare accurate damage and business interruption assessments, claim experts can make a significant difference in your recovery.

Large-scale catastrophes can involve delays in insurance adjustment and elongated downtime, which can have enduring and widespread negative consequences for an enterprise. With careful planning, risk managers can help their organizations achieve faster and more complete recoveries.

For more information on hurricane preparedness and natural catastrophe planning, visit: http://www.aon.com/disaster-response/

Aon Introduces Single-Parent Captive Cyber Insurance Program


With cyberattack listed as one of their top risks, organizations are looking for ways to mitigate their risk in a market where cyber insurance rates are quickly rising. According to the Center for Strategic and International Studies, the annual cost of cyber crime and economic espionage to the world economy runs as high as $445 billion, or about 1% of global income.

This does not include intangible damage to an organization, however. Companies are purchasing more insurance to cover the risk. In 2014, the report said, the insurance industry took in $2.5 billion in premiums on policies to protect companies from losses resulting from hacks.

As a result, captive insurers are being used more and more for coverage.

Aon said it is addressing shortcomings in traditional cyber coverage with a cyber captive program with capacity of up to $400 million. Companies looking to form a captive would undergo a review to quantify their cyber exposures.

According to Peter Mullen, CEO of Aon Captive and Insurance Management, the program is designed to help clients understand their risk profile. “Once this is understood, they are is in a better position to make decisions about how much risk to retain in their captive and how much risk to transfer to the program,” Mullen said. “The program allows captives to purchase coverage up to $400 million on a reinsurance or excess insurance basis.”

The cyber captive program will be domiciled in Bermuda and is available to single-parent captives. The basis for coverage will be “a very broad form which includes coverage for property damage and business interruption following a cyber event,” he added.

“Building a large tower of limits can be hampered by differing policy terms and conditions and dislocation of rates at different layers in a program,” Mullen said. “Additionally, many organizations facing cyber risks that can result in physical impacts, such as property damage and business interruption, agree that a more comprehensive approach to cyber risk is needed.”

Gauging the Impact of Reputational Risk

The following article is part of a continuing blog series that will explore ideas, concepts, discussions, arguments and applications associated with the field of enterprise and strategic risk management.

In my previous article, I made the point that the public discussion of reputational risk lacks a set of common standards or definitions. This lack of consistency allows organizations to interpret or define the concept of reputational risk in very different ways. For some, reputation is beginning to be viewed as something like the “risk of risks” in the same way people are starting to discuss the concept of the “internet of things.” I questioned whether reputation or brand is actually a risk or a residual event stemming from other extenuating risk domains or actions.

Upon further reflection and discussions with academics and risk professionals who are thinking carefully about this issue, I would go further now to suggest that reputation or brand risk involves perceived or real human behaviors that are, to some extent, measured against societal, economic or moral standards. The adherence or deviation from established standards generates the basis for the risk, and the variability from the standard influences the duration of the outcome.

The bigger question is: What impact does reputational risk have on economic performance when possibly mitigated by the existence of a robust enterprise or strategic risk management methodology? Is the data available to see the “correlates” between a reputational risk event that trigger or influence operational key process indicators like EBIT, ROA, ROE and share price (public or private)?

What we do know from the Aon 2015 Global Risk Management Survey is that business leaders are concerned about reputational risk in general and the possible linkages with other hazard and operational risks within their organizations.

The respondents to the survey said that they worried that a reputational risk event would significantly impact financial performance.

reprisk1If reputation/brand risk was identified as a precipitating event, the respondents identified regulatory change, increasing competition, talent retention, cash flow/liquidity and share price volatility as “follow on” risk consequences. In effect, reputation/brand risk might constitute a “gateway” risk, where other related “follow on” risk consequences are triggered and serve to increase the overall volatility/impact of the reputation event.

Another way to view the data is to see what events could trigger a reputation event.

reprisk2In this case, the survey respondents identified nine non-correlated risks that could precipitate a reputation/brand event. Here social media plays an important role. The speed by which information, accurate or not, is transmitted, consumed and iterated across the nine risk categories may have a material impact on the basis and duration of the reputation/brand event. There is also an error component associated with social media. How many times have we witnessed an initial media report of a brand damaging event that turns out to be prematurely reported and the facts distorted, only to be corrected in a later reporting cycle?

Next up: Fat vs. thin tail distributions.

Defining Reputational Risk

The following article is part of a new blog series that will explore ideas, concepts, discussions, arguments and applications associated with the field of enterprise and strategic risk management.

One of the more striking conclusions contained in Aon’s 2015 Global Risk Management Survey is that damage to reputation and/or brand was considered by the survey cohort to be the most significant risk to the enterprise. The survey was conducted in Q4 of 2014 and received input from over 1,400 respondents coming from both the private and public business on a worldwide basis.

The “Top Ten” most identified risks included:

  1. Damage to reputation/brand
  2. Economic slowdown/slow recovery
  3. Regulatory/legislative changes
  4. Increasing competition
  5. Failure to act or retain top talent
  6. Failure to innovate/meet customer needs
  7. Business interruption
  8. Third-party liability
  9. Computer crime/hacking/viruses/malicious codes
  10. Property damage.

The survey results should not come as any real surprise given the number of sensational news stories coming from around the world that highlight potential or real reputational or brand problems. We have witnessed data breaches ranging from credit card identity theft in consumer retail, to serious product recall notifications in the food and beverage industry, to product performance/ warranty failures in the automotive arena, as well as “hints of reputational quality,” defined as “trust” in the early stage politics of the presidential selection process involving private vs. public use of email servers. There is little doubt that news, sensational or not, impacting reputational or brand, will continue for some to come. The real question is: Should anyone care?

Defining reputational/brand risk is hard to accomplish:

Based on some additional research done by my colleague Sylvesto Lorello, reputational risk is not a new concept, but it arguably has no established or universally agreed upon definition. Academic and business thinking about this subject continues to evolve. Within the insurance underwriting community that I have been in touch with, reputational or brand risk is being compared in scope to contingent liability risks, but with a serious caveat: the basis of the risk is highly variable and the duration of the risk event/loss event is difficult to pin down economically.

The concept of reputation and brand for example, are notably absent from the 2004 framework for enterprise risk management proposed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). It is also overlooked in the Basel II international accord for regulating bank capital, which was also issued in 2004.

A lack of common standards or definitions of reputational risk mean that companies perceive it in different ways. Some risk practioners are beginning to view reputation as a “risk of risks” similar to the dialogue surrounding the “internet of things/objects.” Interestingly, an emerging dialogue is developing around whether reputation or brand is actually a risk or a residual event stemming from other extenuating risk domains or actions.

The ISO 31000 (2009)/ISO Guide 73:2002 definition of risk is the “effect of uncertainty on objectives.” In this definition, uncertainties include events (which may or may not happen) and uncertainties caused by ambiguity or a lack of information.

The U.S. Federal Reserve in 1995 defined reputational risk as “…the potential that negative publicity regarding an institution’s business practices, whether true or not, will cause a decline in the customer base, costly litigation or revenue reductions. In this case, the definition points to the potential for hard data from which basis and duration can be calculated.

Definitional issues aside, eventually societies will develop benchmarks with which to measure reputational or brand acceptability. One way of thinking about this approach is shown in the following exhibit.

UntitledHere we ignore some of the more difficult definitional discussion around a combined reputation/brand perspective, and limit our view to reputation alone. From a practical early stage standpoint, an entities reputation could be view from potential threat and potential impact perspective. On the threat side, it may be possible to segregate threats into four categories:

  • Risk to reputation stemming from employment activities;
  • Risk to reputation coming from product or customer issues;
  • Risk to reputation derived from governance; and,
  • Other less easily classified risks to reputation.

These categories appear for graphical purposes as if they are mutually exclusive, but in reality, there are good examples of causal overlap that increased risk volatility and severity. Recent oil spills and automobile product failure/recalls are enduring situations where more than one causal category created a economically catastrophic reputational problem.

On the other side of the graphic we outline the potential impacts to reputation coming from the threat categories. Again, while not mutually exclusive or exhaustive, the impact areas include:

  • Customer base
  • Financial valuation
  • Brand and media
  • Staf
  • Other less easily defined impacts.

Coming next, who are the stakeholders and how might one approach measuring reputational risk.