Marsh Tracks Top Captive Trends

The number of captive insurers continues to increase globally, from 5,000 in 2006 to more than 7,000 in 2016. Once formed primarily by large companies, the captive market has opened up to mid-size and small businesses. The industry is also seeing a trend in companies forming more than one captive, using them for cyber, political risk and other exposures, according to a recent Marsh report, Captives at the Core: The Foundation of a Risk Financing Strategy.

Organizations are seeing disruptions in a number of areas and are relying more on their existing captives, Marsh said. Because of their flexibility, captives are also being used to respond to market cycles and organizational changes such as mergers and acquisitions.

While North America and Europe still dominate in numbers of captives, other regions have shown more interest in the past three years. In Latin America, captive formation increased 11% in 2016, the study found.

Within the United States, there is more competition among domiciles and some of the newer domiciles are experiencing growth. The top-growing U.S. domiciles in 2016 were Texas, Connecticut, Nevada, New Jersey, Tennessee, and New York. Domiciles outside the U.S. seeing the most growth include Sweden, Guernsey, Singapore, Malta, and the Cayman Islands.
As organizations’ exposures increase in number, complexity and severity, shareholder funds generated by captives are becoming more important. According to Marsh:

For many clients, captives are at the core of their risk management strategy, going beyond the financing of traditional property/casualty risks.

Specifically, we are seeing an increase in parent companies using captive shareholder funds to underwrite an influx of new and non-traditional risks, including cyber, supply chain, employee benefits, and terrorism, as well as to develop analytics associated with these risks and fund other risk management initiatives.

Risk management projects funded by captive shareholder funds in 2016 included initiatives to determine capital efficiency and optimal risk retention levels in the form of risk-finance optimization; quantify cyber business-interruption exposures; accelerate the closure of legacy claims; and improve workforce and fleet safety/loss control policies.

For example, Marsh-managed captives used to address cyber liability increased by 19% from 2015 to 2016. Since 2012, in fact, cyber liability programs in captives have skyrocketed 210%.
“We expect to see a continued increase, driven in part by companies that are already strong captive users and by those that may have difficulty insuring their professional liability risks,” Marsh said.

Increasing Risk Complexity Outpaces ERM Oversight

More organizations are recognizing the value of a structured focus on emerging risks. The number of organizations with a complete enterprise risk management (ERM) program in place has steadily risen from 9% in 2009 to 28% in 2016, according to the N.C. State Poole College of Management’s survey “The State of Risk Oversight: An Overview of Enterprise Risk Management Practices.”

Yet this progress may lag behind the increasingly complicated risks that need addressing. Of respondents, 20% noted an “extensive” increase in the volume and complexity of risks the past five years, with an additional 38% saying the volume and complexity of risks have increased “mostly.” This is similar to participant responses in the most recent prior years. In fact, only 2% said the volume and complexity of risks have not changed at all.

Even with improvements in the number of programs implemented, the study—which is based on responses of 432 executives from a variety of industries—found there is room for improvement. Overall, 26% of respondents have no formal enterprise-wide approach to risk oversight and currently have no plans to consider this form of risk oversight.

Organizations that do have programs continue to struggle to integrate their risk oversight efforts with strategic planning processes. “Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks facing the entity especially as it relates to coordinating these efforts with strategic planning activities,” the researchers found.

According to the study:

Many argue that the volume and complexity of risks faced by organizations today continue to evolve at a rapid pace, creating huge challenges for management and boards in their oversight of the most important risks. Recent events such as Brexit, the U.S. presidential election, immigration challenges, the constant threat of terrorism, and cyber threats, among numerous other issues, represent examples of challenges management and boards face in navigating an organization’s risk landscape.

Key findings include:

Can ORSA Work For All Businesses?

In addition to impacting the way countless organizations conduct business, the 2008 financial crisis was an awakening for regulators charged with reviewing and setting the rules that shape the way organizations assume risk. Insurance, perhaps the riskiest business of them all, did not go unscathed.

Not only are insurers responsible for managing their own internal risks, but careful calculations and guidelines are built into their business models to ensure that the risks fall within set parameters. Regulators will argue, however, that this wasn’t always the case.

Own Risk Solvency Assessment (ORSA) was adopted and now serves as an internal process for insurers to assess their risk management processes and make sure that, under severe scenarios, they remains solvent.

U.S. insurers required to perform an ORSA must file a confidential summary report with their lead state’s department of insurance.  The assessment aims to demonstrate and document the insurer’s ability to:

  • Withstand financial and economic stress with a quantitative and qualitative assessment of exposures
  • Effectively apply enterprise risk management (ERM) to support decisions
  • Provide insights and assurance to external stakeholders

While ORSA is requirement for insurers, a new study by RIMS and the Property Casualty Insurers Association, Communicating the Value of Enterprise Risk Management: The Benefits of Developing an Own Risk and Solvency Assessment Report, maintains that ORSA can be used for all organizations looking to strengthen their ERM function.

According to the report:

Whether or not required by regulation or standard-setting bodies, documenting the following internal practices is a worthwhile endeavor for any company in any sector to utilize in their goal to preserve and create value:

  • Enterprise risk management capabilities

  • A solid understanding of the risks that can occur at catastrophic levels related to the chosen strategy

  • Validation that the entity has adequately considered such risks and has plans in place to address those risks and remain viable.

The connection between the ORSA regulation imposed on insurers and the development of an ERM program within an organization outside of the insurance industry is apparent.

ORSA and ERM both require the organization to strengthen communication between business functions. Breaking down those silos are key to uncovering business risk, but perhaps more importantly, is the interconnectedness of those risks.

Secondly, similar to ERM in non-insurance companies, ORSA requires risk management to document its findings, processes and strategies. Such documentation allows for the process of managing risks to be effectively communicated to operations, senior leadership, regulators and stakeholders. Additionally, documentation enhances monitoring efforts, the ability to make changes to the program and is a benefit that allows ERM to reach a “repeatable” maturity level as defined by the RIMS Risk Maturity Model.

Developing an ERM program has become a priority for many organizations as senior leaders recognize the value of having their entire organization thinking, talking and incorporating risk management into their work. Examining and implementing ORSA strategies can be an effective way for risk professionals to get their ERM program off the ground and operational.

Business Interruption Seen as Top Risk Globally

A survey of more than 1,200 risk managers and corporate insurance experts in over 50 countries identified business interruption as the top concern for 2017. According to the sixth annual Allianz Risk Barometer of top business risks, this is the fifth successive year that business interruption has been seen as the biggest risk.
top-10-risks

“Companies worldwide are bracing for a year of uncertainty,” Chris Fischer Hirs, CEO of AGCS said in a statement. “They are concerned about rather unpredictable changes in the legal, geopolitical and market environment around the world. A range of new risks are emerging beyond the perennial perils of fire and natural catastrophes and require re-thinking of current monitoring and risk management tools.”

While natural disasters and fires are what businesses fear most, non-damage events such as a cyber incident, terrorism or political violence resulting in denial of access are moving higher up on the scale, according to the report. These types of incidents can cause large loss of income to companies, without actual physical loss.

The second concern, market developments, could result from stagnant markets or M&As, or from digitalization and use of new technologies.

Cyberrisk, third on the list of perils, has jumped up from 15th place in just four years. Cyber was identified as the second concern in the United States and Europe.

According to Allianz:

The results indicate that cyber risk occupies a significant portion of a company’s exposure map. The risk now goes far and beyond the issue of privacy and data breaches. A single incident, be it a technical glitch, human error or an attack, can lead to severe business interruption, loss of market share and cause reputational damage. Of the top 10 global risks in the 2017 Allianz Risk Barometer, a cyber incident could be a potential root cause or trigger for 50% of them. In addition, the toughening of data protection regulation regimes around the world is also contributing to this risk being at the forefront of risk managers’ minds, as penalties for non-compliance are increasingly severe.

Fourth on the list, natural catastrophes added up to $150 billion in total economic losses in 2016—with insured losses accounting for $42 billion of those losses—up from $28 billion in 2015, according to the report. Businesses also are more concerned about the impact of climate change and increasing weather volatility year-on-year.

Trump outlook for 2017

“Opportunities and challenges,” says Ludovic Subran, head of Euler Hermes Economic Research and deputy chief economist of Allianz research. “Companies which are domestic, either a regional multinational or national, will benefit. However, the business environment for large multi-national corporations who do have global, strongly regionally diversified business models will be more challenging. Stronger regional interests will make the lives of companies more complicated as there will be increasing protectionist regulation.”