CommTech 2006 Forum Newsletter - JLT
CommTech 2006 Forum Newsletter - JLT
CommTech 2006 Forum Newsletter - JLT
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Lugano <strong>2006</strong><br />
Contacts<br />
<strong>JLT</strong> Risk Solutions Ltd<br />
6 Crutched Friars<br />
London EC3N 2PH<br />
England<br />
Peter Hacker<br />
Tel: +44 (0)20 7528 4121 Email: Peter_Hacker@jltgroup.com<br />
Celine Lachevre<br />
Tel: +44 (0)20 7558 3356 Email: Celine_Lachevre@jltgroup.com<br />
Luke Foord-Kelcey<br />
Tel: +44 (0)20 7558 3514 Email: Luke_Foord-Kelcey@jltgroup.com<br />
Registered office: 6 Crutched Friars, London EC3N 2PH England.<br />
Telephone : +44 (0)20 7528 4444 Facsimile : +44 (0)20 7528 4185 www.jltgroup.com<br />
Registered in England No. 1679424. Vat No. 244 2321 96.<br />
References within this document to Jardine Lloyd Thompson, <strong>JLT</strong> Group, <strong>JLT</strong> and the Group mean the<br />
Jardine Lloyd Thompson Group. Client services are provided by relevant operating companies within the<br />
Jardine Lloyd Thompson Group. Jardine Lloyd Thompson Group plc is a holding company only, domiciled<br />
in England and does not provide client services.<br />
© Copyright Jardine Lloyd Thompson Group <strong>2006</strong> – all rights reserved.
Global Communications<br />
& Technology<br />
Industry Focus Group<br />
3rd Annual <strong>Forum</strong><br />
May 3-5, <strong>2006</strong><br />
Hotel Principe Leopoldo<br />
Lugano, Switzerland<br />
Lugano <strong>2006</strong>
Key <strong>JLT</strong> <strong>CommTech</strong> Partners
DURING THE GLOBAL COMMUNICATIONS & TECHNOLOGY<br />
INDUSTRY FOCUS GROUP 3RD ANNUAL FORUM, GLOBAL<br />
EXPERTS FROM THE COMMTECH, MEDIA, ELECTRONICS AND<br />
INSURANCE INDUSTRIES DEBATED AND EXAMINED THE ISSUES<br />
AND CHALLENGES FACING THESE SECTORS.<br />
IN THIS PUBLICATION YOU WILL FIND A SELECTION OF<br />
ARTICLES FROM THESE EXPERTS FURTHER INVESTIGATING THE<br />
ISSUES RAISED, AND REPORTS FROM THE SESSIONS HELD<br />
DURING THE FORUM.<br />
The Jardine Lloyd Thompson Group of companies is a leading risk management adviser and insurance and<br />
reinsurance broker. <strong>JLT</strong> is also a major provider of employee benefit administration services and related<br />
consultancy advice. <strong>JLT</strong> is quoted on the London Stock Exchange and is the largest European-headquartered<br />
company providing these services. <strong>JLT</strong> operates out of more than 100 offices in over 30 countries and employs<br />
more than 5,000 personnel.<br />
<strong>JLT</strong>'s Communication, Media and Technology Industry Focus Group develops unique solutions for insurance, risk<br />
finance and treasury departments of major Communication, Media and Technology companies around the world.
Contents<br />
Contents<br />
Introduction Peter Hacker, <strong>JLT</strong> 5<br />
The Failures of Corporate Governance after Enron Lynn Brewer 7<br />
Corporates increasingly look to capital markets<br />
for innovative risk solutions Peter Hacker, <strong>JLT</strong> 9<br />
Catastrophe Losses –<br />
where will the capital come from to fund them Michael Brown, Allen & Overy 10<br />
Continuity risk within the supply chain –<br />
the importance of the macro approach Chris Rigby-Smith, <strong>JLT</strong> 12<br />
Learning the lessons of recent catastrophes<br />
Franco Masciovecchio & Adrian McGarva, Glacier Re 14<br />
Supply chain management and critical information structure:<br />
the effect of outsourcing and more complex chains<br />
Joe Bona, AXA Corporate Solutions 17<br />
Cyberspace now on terrorists radar Nick Robson , <strong>JLT</strong> 19<br />
Network asset protection - protecting your critical assets<br />
Emily Freeman, <strong>JLT</strong> 20<br />
Corporate Governance driving end to “Deal Now Deal Later” insurance market<br />
Paul Wordley, Sian French, Kapil Dhir – Holman Fenwick & Willan 22<br />
D&O premiums fall, but pitfalls grow Ken McKenzie, Davies Arnold Cooper 26<br />
3
Introduction<br />
Introduction<br />
Jardine Lloyd Thompson’s Global Communications & Technology <strong>Forum</strong> took place in<br />
Lugano with risk managers participating in a programme developed together with our<br />
clients – ten leading companies from the sector.<br />
The changing landscape of risk and the shift from tangible to intangible has particular<br />
relevance for communications and technology companies and this theme was the focus<br />
for speakers and workshops.<br />
Where does risk come from The pace of change that affected your risk landscape is<br />
fast developing along with the frequency of events that act as an agent of change. It is<br />
unlikely that the shift of risk from tangible to intangible areas will reduce in future and<br />
you will have to rise to these challenges if businesses are to succeed.<br />
In this newsletter leading experts examine this debate alongside the business and<br />
insurance issues. Their articles cover specific issues regarding corporate governance,<br />
supply chain management, catastrophe losses, cyberspace threats, contract certainty,<br />
D&O as well as asset protection and innovative risk solutions from the capital markets.<br />
Peter Hacker, Partner and Head of <strong>JLT</strong>’s Global Communications & Technology Practice<br />
5
The Failures of Corporate<br />
Governance after Enron Lynn Brewer<br />
When Enron imploded, it represented the largest scandal in US business history. In the<br />
2 years following the demise of what was then America’s 7th largest corporation, the<br />
US capital markets lost somewhere between $4-7 trillion USD.<br />
Despite having all of the necessary components of “good” governance policies,<br />
including a vision and values statement that included respect, integrity, communications<br />
and excellence; a respected board of independent directors; a 63-page code of<br />
conduct; a corporate social responsibility policy that boasted transparency; and an<br />
internal whistleblowing hotline – the systems at Enron failed.<br />
In July 2002, eight months after the implosion of Enron, regulators in the US were<br />
forced to respond to what had become a wave of corporate corruption with the passage<br />
of Sarbanes-Oxley (SOX). Although the initial issues raised with Enron, WorldCom, Tyco,<br />
Parmalat and the hundreds of companies who have demonstrated a lack of integrity<br />
since Enron’s implosion was initially seen as an “ethics” issue, most companies see<br />
SOX and thus ethics as a regulatory compliance issue which simply means the focus<br />
has shifted from what is right vs. wrong to what is legal vs. illegal. Although companies<br />
are attempting to integrate governance, risk, and compliance – it appears as though the<br />
US has failed in its effort to regulate a conscience.<br />
Under Section 301 of SOX, every company listed on a US stock exchange must have a<br />
whistleblowing system which would presumably reduce the number of whistleblowing<br />
reports to the SEC; however, we have actually seen a 625% increase in whistleblowing<br />
reports to the SEC since the implosion of Enron in 2001. Statistically speaking, for every<br />
public company listed in the US, there are 51 whistleblowing reports – every month.<br />
Of course, one of the myths is that Enron is somehow unique. Enron is not unique. In<br />
fact, given the aforementioned statistics, it appears more likely that companies in the<br />
US operate more like Enron than not. A survey last year by a leading US business<br />
magazine revealed that 50% of CFOs are feeling pressure to “cook the books” with<br />
20% actually feeling more pressure than they did before Enron. This figure means that<br />
literally the US’s Fortune 100 companies may very well be cooking their books.<br />
The risk facing companies today has never been greater as even good companies are<br />
now suspect. And unfortunately SOX does nothing to dispel this myth. Historically,<br />
companies have focused primarily on “corporate performance management” (CPM).<br />
Although more “enlightened” companies recognize the importance of “quality<br />
management” or TQM, rarely do companies understand the correlation between<br />
performance and quality. Although important, these two components are insufficient<br />
without understanding the “intangibles” or non-financial performance to assess the<br />
integrity of a company. Unlike financial performance which is a lagging indicator,<br />
intangibles provide a predictive look at where a company is heading. The integration of<br />
all three of the key components: Intangibles, Quality and Performance (IQP), companies<br />
can have a clear and concise understanding of their structural integrity.<br />
7
The failures of corporate governance after Enron<br />
As technology allows organizations to take integrity down to the desktop, companies<br />
can mitigate against the risks associated the ethical misconduct disasters we have seen<br />
with numerous companies. As strategic direction is implemented on an execution<br />
engine and integrated with an incident management system, allowing employees to<br />
raise important issues, companies suddenly begin to realize BI means more than<br />
business intelligence – it means business integrity.<br />
Lynn Brewer is a former Enron executive and whistleblower. While at Enron, she was responsible for risk<br />
management in energy operations, competitive intelligence for Enron Broadband Services, the e-<br />
commerce for Enron’s water subsidiary, and traded power at the height of the California power crises.<br />
She is the author of “Confessions of an Enron Executive: A Whistleblower’s Story and Managing Risks for<br />
Corporate Integrity.” She is founder and CEO of The Integrity Institute, Inc. www.IntegrityInstitute.com<br />
8
Corporates increasingly look to<br />
capital markets for innovative<br />
risk solutions Peter Hacker, <strong>JLT</strong><br />
The global capital markets are becoming increasingly attractive to corporates in the<br />
communications and technology sectors as some (re)insurers fail to keep pace with<br />
change. And the trend will gather momentum unless insurers can think consistently<br />
outside the box and interpret better the balance sheets and risk landscapes of<br />
“commtech” companies with their increasing and dominating concentration on<br />
“intangible assets”.<br />
The dynamic pace of change in these sectors offers a unique opportunity for (re)insurers<br />
to partner with corporates as they embrace converging technologies and new risk<br />
financing techniques. Convergence also means that competitors might be suppliers and<br />
suppliers might be customers and this interaction and dependence requires new risk<br />
approaches.<br />
(Re)insurers too often think in a linear way, but technology related risks are circular and<br />
involving a material degree of volatility. Volatility is not just risk for the insurance carrier<br />
but equally a chance to differentiate and set a new standard. Too often we hear from<br />
(re)insurers, if we can’t model it we can’t write it, but these are the new risks that<br />
customers face. In the past risks were tangible now they are increasingly intangible.<br />
The most important “intangible” risks to corporates, he said, are intellectual property,<br />
regulation and competition but none of these are materially insurable.<br />
Whilst we fully understand the restrictions on the last two risk classes which are de<br />
facto non-transferrable business risks, technical underwriters should focus once more<br />
intellectual property.<br />
“We can recognize that a growing number of communications and technology<br />
companies are now considering or using alternative risk financing arrangements such<br />
as credit default swaps or securitizations, with banks or finance houses related to<br />
credit, catastrophe risks and intangible assets. Others are applying risk financing<br />
“protected cell” structures that address the various accounting regulatory standards<br />
such as US GAAP (Fin46, FAS 113, EITF 93-6/14, EITF 03-8)) and/or IAS (IAS 27) or<br />
IFRS 4 implications”.<br />
Insurers and risk advisors such as insurance brokers must keep up with change<br />
including new accounting guidelines, perspectives for Solvency II and best practices for<br />
transaction documentation. We must look at convergence as an opportunity to partner<br />
with insureds for structured (re)insurance to broaden their income base rather than<br />
imposing further restrictions. Since the convergence between the communications,<br />
media and technology sectors will continue to blur and surpass the traditional<br />
boundaries if (re)insurance does not keep pace then it is a matter of time until it will be<br />
surpassed by the capital markets.<br />
9
10<br />
Catastrophe Losses – where<br />
will the capital come from to<br />
fund them Michael Brown, Allen & Overy<br />
The insurance market has always been able to bounce back from bad catastrophe loss<br />
years, and to replenish its capital needs. In the longer term, alternative structures to<br />
manage catastrophe risk need to be developed alongside the traditional market to<br />
handle demand for the spreading of risks of natural disasters and terrorist attacks.<br />
First, some basic statistics (courtesy of Swiss Re 1 ): during the 1970s insured cat losses<br />
ran at an annual average of US$3 billion. That loss level increased materially from the<br />
1980s onwards: the adjusted annual average during the period 1987 to 2003 had risen<br />
to US$16 billion per annum, a jump of over 500%.<br />
It may be misleading to look at the last two years on their own; but 2004 and,<br />
particularly 2005, were dreadful years for the cat market, with insured losses estimated<br />
at US$40 billion for 2004 and US$83 billion for 2005, with US windstorms Katrina,<br />
Wilma and Rita expected to cost US$65 billion. Swiss Re calculates that the cost of<br />
insured losses from those three events alone would absorb over 11% of the total US<br />
premium income generated for all US non-life business of all classes in 2005.<br />
Prior to 2005 the worst single losses had been caused by Hurricane Andrew in 1992 (at<br />
US$22.3 billion) and the al Qaeda terrorist attacks on New York and Washington in 2001<br />
(US$20.7 billion).<br />
It is in the nature of catastrophe business that losses will tend to be settled fairly quickly<br />
after the event, even if business interruption losses may take rather longer to calculate,<br />
and uncertainties over contract wordings may also serve to prolong the process (pace<br />
the long running argument over whether or not the damage to the World Trade Center<br />
twin towers constituted a single event and hence a single loss limit).<br />
One consequence of that is the speed with which involved insurance and reinsurance<br />
companies around the world need to move to restore their capital positions in order to<br />
maintain regulatory solvency. Whilst there have been significant insurer casualties after<br />
both after 9/11 and again after last summer’s US windstorms, the resilience with which<br />
most insurers have been able to restore their balance sheets has been very evident.<br />
Within 12 months of 9/11 the direct and reinsurance market had been able to raise<br />
over US$30 billion in additional capital. The FSA estimated in February <strong>2006</strong> that about<br />
US$22 billion had been raised in the wake of Katrina, though it will be noted that this is<br />
only about one third of the estimated cost of Katrina, Wilma and Rita and little more<br />
than one quarter of total estimated 2005 cat losses (US$83 billion).<br />
Before we look further at the implications of this shortfall, it is worth noting that there is a<br />
significant difference between an existing insurance company, with a claims legacy,<br />
raising capital to restore its capital base on the one hand and, on the other, a start-up<br />
venture with no such legacy tapping the capital markets in order to take advantage of the<br />
increased premium rates that inevitably follow from a bad cat year until such time as the<br />
capital injected back into the industry is sufficiently large to force prices down again.<br />
Inevitably new ventures are an easier sell. One saw that phenomenon after 9/11 where<br />
Bermuda’s start-up babies raised some US$14 billion in new capital. There is some irony<br />
in the fact that many of those self-same companies, now adolescents, have had to tap<br />
the capital markets again in recent months to meet losses on business written over the<br />
last 3 years – though most have been successful in doing so. And a further generation of<br />
new Bermuda start-ups have raised a further US$10 billion in new capital.<br />
But when one takes a sober look at the growth in cat losses, the spiraling rate of that<br />
growth, and the poor historically record of return on capital invested in the insurance
Catastrophe Losses – where will the capital come from to fund them<br />
industry, one has to ask whether that success will continue. It would be a brave man<br />
who would say that the 2005 windstorms are an aberrational event: earthquakes<br />
present a huge hazard in heavily industrialized zones in the US, Japan and elsewhere;<br />
climate change heralds the potential for heightened medium term flood risk as well as<br />
other changes in weather patterns.<br />
I am with Warren Buffett, boss of Berkshire Hathaway, who says: “I don’t know the<br />
answer to these all important questions. What I do know is that our ignorance means<br />
that we must follow the course prescribed by Pascal in his famous wager about the<br />
existence of God. As you may recall, he concluded that since he didn’t know the<br />
answer, his personal gain/loss ratio dictated an affirmative conclusion.”<br />
Factors other than climate change lead to the inevitable conclusion that cat losses can<br />
only grow in the decades ahead. Expanding economies mean enhanced insured values;<br />
and as economies like China, India and Brazil develop, their industries, assets and<br />
revenues will increasingly be insured too. So insured values at risk are growing fast,<br />
just as the uncertainties of global warming loom to the fore.<br />
The traditional reinsurance market is just not, by itself, large enough to absorb this risk<br />
growth; and the flight to quality also has the perverse effect of concentrating the risk<br />
within fewer well-rated players. Majors such as Munich Re and Swiss Re have not to date<br />
experienced difficulty in tapping the equity or capital markets. There is a relatively limited<br />
appetite within the capital markets to provide capacity for (mainly) third party catastrophe<br />
risks. Swiss Re is one of a relatively select band of companies that has regularly<br />
utilized this market. But, with an apparent capacity of US$5 billion, this market has been<br />
stretched by Katrina and, for that and other reasons, offers no general panacea.<br />
Major single cat loss events will inevitably potentially exceed what the (re)insurance<br />
market capital bases can cumulatively support, particularly if their frequency increases.<br />
The structures in place to support Californian homeowners and businesses in the event<br />
of an earthquake, for example, show the need for combining traditional insurance and<br />
alternative capital market solutions.<br />
There remains a real question mark over whether some cat risks are insurable at all,<br />
terrorism being an obvious example. In the UK the Government has for some years been<br />
effectively the insurer of last resort of property and BI risks caused by terrorist attacks<br />
via its reinsurance of Pool Re. In the aftermath of 9/11, Governments were forced to<br />
step in temporarily to underwrite certain specific risks such as aviation liability. Further<br />
serious terrorist attacks will re-introduce pressure on Governments to share more in the<br />
assumption of such risks either in partnership with the insurance industry, or in place of<br />
it. Understandably there will be political resistance to such moves, and there are serious<br />
legal difficulties e.g. the prohibition of State subsidies in the EU.<br />
But with frequency and size of cat losses set to grow, pressures to find risk sharing and<br />
funding solutions within and beyond the insurance industry itself will become ever more<br />
urgent.<br />
Michael Brown is Co-head of the Insurance Group, Allen & Overy LLP.<br />
Allen & Overy is a global law firm. The firm has advised many leading insurance and reinsurance<br />
companies in the raising of regulatory capital. In the aftermath of 9/11 the firm was heavily involved<br />
in establishing an aviation liability insurance facility backed by the UK Government and is advising<br />
the owners of the World Trade Center on their insurance claims.<br />
Sigma report: Natural catastrophes and man-made disasters 2005, No 2/<strong>2006</strong>. To ensure that the<br />
comparison is true, the loss figures quoted here are inflation adjusted to 2005 cost levels.<br />
1 Source: MMC Securities Inc.<br />
11
Continuity risk within the supply<br />
chain – the importance of the<br />
macro approach Chris Rigby-Smith, <strong>JLT</strong><br />
Much has been debated on the issue of supply chains recently, within academia,<br />
professional institutes and also commercial organisations. With the occurrence of every<br />
new variant of disaster whether it be a terrorist attack, hurricane, tsunami, earthquake,<br />
flood or fires, it seems that the supply chain risk is a critical issue.<br />
Yet despite this heightened awareness, it is still a problematic area from a risk<br />
assessment perspective. Some fundamental questions that highlight this dilemma and<br />
confusion are:<br />
• What is the difference between supply chain risk management and organisational<br />
risk management<br />
• What is the difference between ‘outsourcing’ risk and ‘supply chain risk’<br />
• How can the supply chain risk be efficiently mapped and analysed<br />
• What solutions exist – risk financing or otherwise – to address supply chain risk<br />
• How can the supply chain work effectively as one to be adequately prepared, both<br />
to respond to a crisis and to manage the recovery from it<br />
Supply chains are becoming increasingly complex and interdependent in many sectors<br />
and this is self-evident within the communications and technology sectors. The need to<br />
source highly specific components from specialist sources, within a global marketplace<br />
is a fundamental driver for many organisations. All too often the process of managing<br />
the risks that ensue, is an afterthought of the established procurement function.<br />
The immediate dilemma for any major company in facing up to this situation, is how to<br />
break into the organisational structure and culture in such a way that a robust and<br />
systematic process can be put in place, which will collate the necessary information in a<br />
way that is replicable, on a regular basis, in the future. Fundamental to this is the<br />
process of identifying the best sources for that data and establishing commitment from<br />
the business leaders to provide it. Convincing the business of the value of risk<br />
management, in the first place, might be an essential part of this! The organisations<br />
which have already embedded risk management into their way of doing things will be<br />
those that most readily appreciate the need to understand risk within the supply chain.<br />
From a risk management perspective, there is a secondary and more specific dilemma,<br />
which is the need to meet the various and competing needs of different stakeholders.<br />
The insurance market continues to demand risk information on a location-by-location<br />
basis. From a property damage and business interruption insurance point of view, the<br />
analysis needs to provide maximum foreseeable loss figures, relating to an insured<br />
event, impacting on property insured or used by the insured at specific premises. This<br />
immediately has a tendency to drive the analysis towards high asset values or critical<br />
production processes at key locations. From a business point of view, the interest is<br />
much more in understanding what are the critical revenue streams, brands, markets<br />
and product groups, and the vulnerabilities within the associated supply chains. In the<br />
early stages, this second approach is not likely to be so locationally focussed. It is more<br />
likely to be interested in supply chain mapping and interdependencies.<br />
12
Continuity risk within the supply chain – the importance of the macro approach<br />
Two other issues arise with the first of these two approaches, the location-by-location<br />
analysis:<br />
• Firstly, it is unlikely that personnel at site level are going to have a sufficient<br />
appreciation of the upstream / downstream dependencies, beyond their immediate<br />
boundaries.<br />
• Secondly, the financial analysis of ‘see-through’ gross profit, that is needed for an<br />
in-depth risk assessment, will not be available at site level.<br />
It follows that one of the fundamental questions that an underwriter will ask relating to<br />
supply chain risk such as ‘Where are the critical single points of failure and what is the<br />
gross profit aggregation that arises from the interdependency’<br />
The second, more business-driven approach will concentrate upon the major<br />
brand/product/market combinations and establish early on where the sensitive points<br />
are within the vertical supply chains. Once the ‘see-through’ gross profit numbers have<br />
been clarified, an analysis of the infrastructure that supports them can be carried out.<br />
This will identify the priorities against which risk control and transfer measures can be<br />
targeted. These solutions might be straightforward insurance, physical risk control or<br />
business continuity planning, or more likely, a combination of them all.<br />
If the sensitive points (single points of failure) lie outside the boundaries of the<br />
organisation itself, then it becomes critical to build an understanding of the quality of<br />
the supplier’s or outsourcing company’s own risk management and business continuity<br />
planning. It is increasingly acceptable that a customer should be allowed to satisfy itself<br />
in the integrity of the supplier’s continuity planning and physical risk control, and to that<br />
end, customer driven audits can be important. Depending upon the results of such<br />
audits, procurement decision making can be adjusted to reflect the risk quality, and<br />
contingent business interruption insurance protection can be tailored more precisely,<br />
thereby maximising the usage of premium and capacity.<br />
13
Learning the lessons<br />
of recent catastrophes<br />
Franco Masciovecchio & Adrian McGarva, Glacier Re<br />
Over the last two years, the insurance/reinsurance industry has seen insured losses in<br />
excess of $100bn from US hurricanes alone. When increased flooding in Europe, a<br />
higher incidence of Western Pacific hurricanes and US tornadoes are added to this, it is<br />
clear that the industry is facing a challenging period and will need to implement major<br />
changes.<br />
A feature of the events of the past two years is that natural peril catastrophe risk<br />
management has proven to be of vital importance. Improved contingency planning has<br />
in some cases, such as in Prague earlier in <strong>2006</strong>, proved to mitigate damage. In other<br />
cases, such as the levee failures in New Orleans, it has had disastrous consequences. It<br />
has become clear that catastrophe risk management is now vital and shortcomings in<br />
traditional modelling, which have become increasingly apparent, need to be addressed<br />
as a matter of urgency in this new environment.<br />
In addition to the headline loss costs and risk management failures, it is now generally<br />
accepted that both the frequency and severity of natural, climate-related catastrophes is<br />
on the increase. US hurricanes have had the most severe impact on the industry in<br />
recent years and scientific consensus is that hurricane activity is affected by a natural<br />
cycle phenomenon known as the Atlantic Multidecadal Oscillation (AMO). This cycle is<br />
thought to be in the early stages of a ‘warm phase’, which is expected to last for<br />
around five years.<br />
As a result of this, North Atlantic sea surface temperatures are continuing to increase,<br />
which triggers increased tropical storm activity. Current research indicates that the<br />
overall rate of hurricane landfalls is 25-30 percent above the average over the past 150<br />
years and ‘intense’ storms (known as category 3-5) will increase more than less severe<br />
storms (category 1-2) .<br />
For example, the US National Oceanic and Atmospheric Administration (NOAA) predicts<br />
that this year’s Atlantic hurricane season, which formally begins on 1 June, will bring 8-<br />
10 hurricanes, 4-6 of which are expected to be ‘intense’. While this is less severe than<br />
2005, it is still well above average for the previous two decades.<br />
Although the impact of climate change and ‘global warming’ is far from clear, it is<br />
generally accepted that the current level of ‘high activity’ of major natural catastrophes<br />
will continue for at least another 10-20 years. The insurance industry is therefore<br />
changing its mindset if it is to cope with the events of the future and will need to<br />
continue doing so.<br />
In addition to the increases in event frequency and intensity, damage vulnerability to the<br />
events of 2005 was also far worse than previously forecasted, most notably for major<br />
commercial and industrial risks. The risk management failures of 2005 and failure to<br />
accurately predict the impact of these events is now being integrated into the pricing<br />
and assessment of other perils – notably earthquake and flood.<br />
The breach of levees in New Orleans in the immediate aftermath of Hurricane Katrina is<br />
one clear example where infrastructure must be updated, or indeed provided, in<br />
vulnerable areas. When originally designed and constructed they were believed to be<br />
adequate given the probability of an event such as Katrina. Recent events and expert<br />
forecasts have shown that such measures need to be analysed and updated regularly.<br />
As a counter example following major losses in 2002, the <strong>2006</strong> spring floods in Prague<br />
14
Learning the lessons of recent catastrophes<br />
“tested” the preparedness for a flood situation. After two catastrophic flood events the<br />
attitude towards flood danger has changed dramatically. Flood defences (sandbags)<br />
were built immediately after the announcement of an emergency flood situation.<br />
This type of defences proved effective against this type of flood with lower return<br />
periods. The new mobile flood defence system in Prague was built-up on Wednesday<br />
after the announcement of an expected 10 years flow in Prague. However, the water<br />
remained in the river banks and therefore did not breach the flood defences.<br />
As the aftermath of the 2004/5 windstorm season and other natural catastrophes<br />
continues to be felt, and steps are taken to contain the impact of future occurrences,<br />
what does this mean in practical terms for the insurance industry<br />
The losses following the US 2005 windstorms, most notably Hurricane Katrina, could<br />
not have been avoided from better use of the then-current modelling techniques. The<br />
unprecedented scale of windstorm, storm surge, flooding and business interruption<br />
were unique, and most models failed the test.<br />
So as insurance changes, risk modelling is also changing to take into account the new<br />
and uncertain climate. Hurricane Katrina in particular proved that consequential losses<br />
must be included in future risk modelling. Losses such as storm surge following<br />
windstorms and fire following earthquakes are now an essential component of<br />
insurance pricing.<br />
At the commencement of the <strong>2006</strong> US hurricane season, capacity for catastrophe risks<br />
is now extremely scarce, and retrocession cover is particularly difficult to find, although<br />
Glacier Re continues to offer capacity in key catastrophe zones.<br />
Rating agencies are increasingly vocal – and unforgiving – on catastrophe risk<br />
management, which has led to a several key downgrades for reinsurers worldwide.<br />
Major reinsurers are therefore cutting back on both premium and exposure.<br />
Consequently, insurers are forced to hold bigger retentions and, to limit their need for<br />
reinsurance, are also cutting back.<br />
Against this background, pricing for catastrophe cover in US peak zones has inevitably<br />
increased substantially. For US wind industry loss warranties (ILW’s), prices have<br />
increased by over 400% at certain levels in the past 18 months.<br />
For re/insurers, the ability to effectively and accurately assess risk has become<br />
paramount. Companies need to be able to demonstrate catastrophe risk management,<br />
the ability to geocode and cat model each portfolio is becoming essential for buying<br />
cover. Furthermore, multi-line accumulation assessments are needed and differentiated<br />
analysis is needed when writing individual risks. Increased stress testing is also required.<br />
For insureds, intricate knowledge of risks and exposures is needed, so risk<br />
management is high on the agenda. Insureds need to demonstrate their risk analysis by<br />
providing complete information to insurers; ensuring the enforcement of state and/or<br />
statutory building codes; secure contingency plans for key supplies such as power and<br />
regularly testing emergency response procedures.<br />
However, both insurers and insureds often overlook the human element of catastrophe<br />
planning and response. People should manage a crisis; a crisis does not manage the<br />
15
Learning the lessons of recent catastrophes<br />
people. Getting the right people with the right knowledge and skills is an essential part<br />
of managing the aftermath of catastrophe experience.<br />
Part of this ‘human’ element is also to make sure that a clear understanding of the<br />
agreements and procedures between all parties, on property and all other insurance<br />
needs, is put in place from the outset. This ensures that the right cover is bought and<br />
helps avoid disputes further down the line.<br />
As the industry comes to terms with the experiences of 2004 and 2005, much has<br />
been done to increase understanding of the new nature of risks. The consequences for<br />
re/insurers and risk managers are far-reaching, but the industry has successfully<br />
adapted to change in the past and will do so again.<br />
Franco Masciovecchio is a Senior Underwriter at Glacier Re and Adrian McGarva is Chief Actuary at<br />
Glacier Re.<br />
16
Supply chain management and<br />
critical information structure<br />
Joe Bona, AXA Corporate Solutions<br />
AXA Corporate Solutions took part in the panel in the workshop regarding “Supply chain<br />
management and critical information structure: the effect of outsourcing and more<br />
complex supply chains”, and raised some key points regarding the following:<br />
Aggregation & Suppliers’ Extensions<br />
• Headline grabbing events in recent years, most notably, perhaps, “9/11”, refocused<br />
the attention on the criticality and susceptibility of outsourced supply<br />
chains to uncontrollable risks.<br />
• The identification and quantification of supply chain exposures is complicated and<br />
especially so in high-tech industries, which are characterised by complex multi-tier<br />
supply chains with considerable aggregation risks to the Insurers.<br />
• Aggregation concerns are reflected in the lower limits imposed by the Insurers on<br />
suppliers’ extensions.<br />
• Such limits imply potentially uninsured exposures to the Insured. This places<br />
added emphasis on the Insured’s need to risk manage the supply chain, focussing<br />
on aspects such as the supplier’s criticality to the business (in terms of turnover<br />
affected rather than contract price or number of widgets supplied) and the<br />
supplier’s vulnerability to interruption. Ideally this needs to extend beyond Tier 1<br />
suppliers to include critical Tier 2 / Tier 3 suppliers.<br />
IT Infrastructure<br />
IT infrastructure is an essential element of most operations and is increasingly<br />
outsourced. Most conventional insurance policies do not respond to IT failure (e.g.<br />
“millennium bug”, virus, software “glitch”), thereby constituting another Risk<br />
Management “hot spot”. If we take the example of a telecoms operator, the network is<br />
invariably resilient against loss of node. However, an IT failure could bring the entire<br />
network to a stop.<br />
Contract Risk<br />
Another aspect of concern to Insurers is inherited contractual risk. A recent example<br />
encountered by AXA was a situation where the insured signed a contract with an<br />
equipment supplier and servicing company which included a waiver of subrogation<br />
rights against the supplier for faulty workmanship, which resulted in a claim against the<br />
Insurer. Contractual risk will inevitably come under increasing scrutiny.<br />
Business Continuity<br />
• Business Continuity Planning is vital in this BI intensive sector and the periodic<br />
testing of BCP’s is essential in such a rapidly changing BI environment.<br />
• BCP needs to look beyond the physical aspects and consider support activities<br />
such as claims management. AXA Corporate Solutions Assurance has conducted<br />
pilot studies with clients in the Retail sector to consider how the management of a<br />
claim, arising in worst-case circumstances, might impact on the BCP and vice<br />
versa. The exercise aims to identify critical pinch points. For example if the BCP<br />
depends upon interim payments in the event of a claim, do all key players<br />
understand what is expected of them and what substantiating documentation is<br />
17
Supply chain management and critical information structure<br />
required This exercise involves the Insured, Insurer, Broker, Claims Adjuster,<br />
legal advisors, technical specialists and, not least of all, critical suppliers. This is<br />
an approach that lends itself well to the high-tech communications sector.<br />
Joe Bona is AXA Corporate Solutions UK’s Head of Risk Engineering.<br />
18
Cyberspace now on terrorist<br />
radar, experts warn Nick Robson, <strong>JLT</strong><br />
Review of terrorism patterns have revealed that commercial computer, IT and<br />
telecommunications networks are increasingly likely to become a direct or indirect<br />
target, a panel of experts warned during the debate on Cyber terrorism.<br />
Nick Robson, a <strong>JLT</strong> partner and an expert in terrorism and political risk said: "If we look<br />
at the history of terrorist activity it is reasonable that it is only a matter of time before<br />
attention is refocused on economic targets. It is accordingly reasonable to expect that<br />
there is a growing threat to business, though many corporations and institutions do not<br />
seem to have identified the nature of this threat and where it will come from.”<br />
He said that previous trends in terrorism indicated that it was only a matter of time<br />
before terrorists utilised cyber vulnerabilities to support or indeed execute attacks. Such<br />
action could have significant consequences for the communications sector.<br />
The consequences of a cyber attack to the power industry for instance would cause<br />
communications operations to close down for a period of time, expose customers to<br />
loss of service, increase liability exposure and ultimately damage reputation for service<br />
delivery. Companies need to identify their risk and where possible manage it.<br />
Apart from security management, it is important for businesses not to consider<br />
themselves only to be the victims or subjects of terrorism, but to contemplate whether<br />
they have a relationship with the risk that allows them to perhaps exert some further<br />
management over it. Whilst this may seem like an extraordinary statement, in emerging<br />
markets this is of particular importance given the impact a business can have on<br />
prospective terrorist activists, who may be drawn from disenfranchised local groups etc,<br />
who may in turn have been impacted by commercial business investment.<br />
The protection of critical components within internal and external IT infrastructure will<br />
become even higher priority in particular relating to perils coming from non-physical<br />
events such as cyber hacking which could take down a network.<br />
<strong>JLT</strong> along with leading insurers has recently developed new unique risk financing<br />
approaches to protect critical components and intangible assets.<br />
Peter Yapp, Deputy Director of international business risk consultants, Control Risks said<br />
that the "War on Terror" against one group of terrorists was a misnomer because the<br />
majority of the terrorist attacks are committed by local operatives operating as<br />
"franchise bombers" or completely independent operatives. There is no single threat<br />
and one of the key issues for the future is cyber terrorism.<br />
“They tend to go from the body count to commercial targets. It is reasonable to assume,<br />
for example, that they will target critical points in our network such as IT infrastructure<br />
in the energy sector.”<br />
Mark Whitaker, Head of Security Consulting at consulting engineers Buro Happold said:<br />
"Commercial companies need risk mitigation strategies that are based on detailed<br />
advice on the assessment on the ground. Companies operating in foreign markets<br />
should understand what the dynamics are in that country for their industry, what if any<br />
problems there may be with the Government and special interest groups. They also<br />
need to ensure that their assets are secured by design".<br />
19
Network asset protection -<br />
protecting your critical assets<br />
Emily Freeman, <strong>JLT</strong><br />
Today’s companies perform innumerable transactions and infrastructure functions<br />
through public and private computer networks, including new wireless applications.<br />
Computer attacks, operational mistakes, and network outages may completely paralyse<br />
an organisation by bringing down the information infrastructure and communication<br />
lines. These issues are complicated by a network of outsourced and offshore third party<br />
providers who increasingly provide critical IT and business process services.<br />
To properly face the challenges of IT downtime and damage to critical digital assets,<br />
such as software applications and data, enterprises are investing in business continuity.<br />
In the United States, the Sarbanes-Oxley Act of 2002 has explicitly mandated viable<br />
disaster recovery plans and data protection for public companies. Certain high<br />
compliance industries, such as financial services and power/energy, are under<br />
regulatory pressure to focus on recovery plans. Chief Information Officers are well<br />
aware of the vulnerabilities of critical information and communication systems. However,<br />
robust a company’s prevention strategies are, there is no absolute guarantee of safety<br />
from threats such as viruses and denial of service, terrorist attacks, or operational<br />
mistakes.<br />
With organisational challenges and outsourced IT services, boards and senior<br />
management are concerned about the extent to which the IT infrastructure is backed up<br />
and how quickly operations can be resumed should disaster strike. For some industries,<br />
corruption of data or network outages during a high or peak season could seriously<br />
erode financial performance and concern investors.<br />
Consider the following:<br />
• According to the 2005 Symantec/Financial Times Survey, business continuity<br />
compliance requirements are raising the level of attention paid to the cost and<br />
efficacy of business continuity programs. Executives responsible for business<br />
continuity, however, reported significant gaps in overall preparedness, particularly<br />
as it relates to testing and financial assessment of loss impacts.<br />
• In January <strong>2006</strong>, the FBI released its 2005 Computer Crime Survey, reporting that<br />
9 out of 10 organisations surveyed were victims of some sort of computer security<br />
incident, and almost two-thirds suffered financial loss as a result of the cyber<br />
incidents. Viruses, worms and spyware headed the list of incidents.<br />
• 2005 Swiss Re’s Corporate Risk Survey reported that computer-based risks such<br />
as hackers, viruses, piracy, and unauthorised disclosures rank highest among<br />
executives worldwide and is the leading societal risk.<br />
Traditional First Party and Generic Cyber Insurance – Limited at<br />
Best<br />
Most organisations have little or no insurance to cover operational risks related to<br />
electronic data, applications, and computer networks. Property insurance markets have<br />
either not offered or withdrawn coverage for non-physical events. Some organisations<br />
have investigated or purchased “cyber policies” that offer limited coverage, uncertain<br />
methods of determining loss, and low limits of insurance per hour. Often these policies<br />
also contain inadequate limits for contingent business interruption or exclusions that<br />
limit coverage for inside perpetrators of computer crimes. Time period deductibles have<br />
also been overly onerous and virus coverage has been limited.<br />
20
Network asset protection - protecting your critical assets<br />
Broad Protection through the Network Asset Protection Policy<br />
<strong>JLT</strong> Risk Solutions is introducing a new insurance product called Network Asset<br />
Protection, designed specifically for business organisations anywhere in the world<br />
and which addresses the first party risks associated with digital assets and<br />
computer networks.<br />
The insuring agreements include Loss of Digital Assets, Non-Physical Business<br />
Interruption and Extra Expense and Cyber Extortion Threat.<br />
This policy provides unique coverages and approaches to addressing these risks:<br />
• Insured causes of loss include:<br />
• Accidental Damage or Destruction<br />
• Administrative or Operational Mistakes<br />
• Computer Crime and Computer Attacks<br />
• Broad terrorism coverage available by endorsement<br />
• Clear methods and alternatives of determining loss, including agreed amount<br />
• Worldwide coverage<br />
• Contingent coverage for covered causes of loss arising from business process and<br />
IT outsourcing<br />
• A low minimum four hour time retention minimum with coinsurance options<br />
• No internal per hour limitation for recovery<br />
• Expanded coverage for special expenses including forensic expenses, customer<br />
notification expenses, and public relations<br />
• Broad coverage for events arising out of malicious or criminal attacks, including<br />
acts committed by rogue employees<br />
• $25,000 minimum premium with up to $10 million in primary limits available.<br />
Emily Freeman is part of the Financial and Professional Liability Practice of <strong>JLT</strong> Risk Solutions in<br />
London specializing in Technology Professional Liability, Media/Intellectual Property, and<br />
Cyber/Network Risks.<br />
21
Corporate Governance driving<br />
end to “Deal Now Deal Later”<br />
insurance market<br />
Paul Wordley, Sian French & Kapil Dhir – Holman Fenwick & Willan<br />
Conclusions of the Contract Certainty Workshop<br />
The Starting Point - Structure<br />
It was generally accepted that the starting point for considering the relevance of<br />
contractual issues to buyers and the implementation of their insurance arrangements is<br />
to consider the “insurance architecture” that is to be utilised in the risk transfer process<br />
from the buyer (transferor) to the seller (transferee) via the broker (intermediary).<br />
Insurance architecture considerations will include the establishment and/or use of a<br />
buyer’s captives, fronting issues and ensuring proper (or actual) risk transfer versus<br />
funding arrangements.<br />
It is important that all stakeholders in the transaction process clearly understand the<br />
objectives and needs of the buyer and the seller, including an understanding of the<br />
insurance architecture. The objectives must be articulated clearly at the outset of a<br />
potential transaction. This forms a proper starting point to deal with the insurance<br />
documentation.<br />
Specifics – Past, Present and Future<br />
The following specific points were discussed and developed during the conference:<br />
• Traditionally, the insurance market has worked on the basis of “deal now, detail<br />
later” and the relevant documentation has followed well behind the actual<br />
transaction and the inception date of the insurance contracts concerned. This is<br />
becoming increasingly unacceptable for a variety of reasons: firstly, proper<br />
business practice dictates that all concerned in the transaction – buyers, seller and<br />
intermediaries – know exactly what constitute the terms of the transaction at a<br />
stage at or before the date where all the parties will rely on the transaction i.e. the<br />
inception date (“check before you commit”); secondly, good corporate governance<br />
and sound risk management principles dictate that appropriate individuals within<br />
the buyer and seller know the detail of the transaction, thus providing certainty to<br />
the buyer in the context of a business which is not stationary that he has bought<br />
protection for the risks that he has identified in his business and, from the seller’s<br />
standpoint, an understanding of the risks that have been underwritten (“know what<br />
you have”).<br />
• Contract certainty initiatives as promoted by the Financial Services Authority in the<br />
London Market (which tend to be copied elsewhere particularly where London<br />
Market participants are involved in a transaction) require a similarity of certainty in<br />
the insurance procurement process, namely the use of appropriate professionals<br />
and service providers and the use of brokers not just in the insurance structuring<br />
process but also, for instance, in the event of anticipated claims.<br />
• Moving on to the content of individual transactions, these should conform with the<br />
actual transaction that is being undertaken. However, it was agreed that there were a<br />
number of issues that need to be considered when structuring the contractual terms<br />
and conditions and in particular certain protections that can be built in to protect both<br />
the buyer and indeed the seller. These include consideration of the following:<br />
Proper law. Many parties enter into transactions that are silent as to the proper<br />
law. However, it is important to consider exactly what law is applicable to the<br />
22
Corporate Governance driving end to “Deal Now Deal Later” insurance market<br />
insurance transaction in question since this will determine the nature and the<br />
extent of the remedies available to either the buyer or seller depending on what<br />
sort of breach of insurance contract is being considered. An example of this is the<br />
Draconian remedy under English law that an underwriter has available for material<br />
misrepresentation or non-disclosure of a fact that influences the underwriter in his<br />
decision to write or price the risk which is the subject matter of the insurance<br />
transaction. There are other examples under different legal systems of terms that<br />
have similarly, or perhaps more or less Draconian effect in the event of<br />
misrepresentation or non-disclosure when obtaining coverage. These should be<br />
dealt with by careful consideration of the risk profile of the seller, a relative<br />
valuation of the exposures, consideration of how the parties want to deal with<br />
breaches of contract and so on.<br />
Jurisdiction. In conjunction with proper law, jurisdiction is key to ascertaining the<br />
forum for dispute resolution in the event of coverage issues. Different jurisdictions<br />
will interpret the proper law in a different way. In the absence of express<br />
jurisdiction clauses, and in the event of a disputed insurance claim, both the buyer<br />
and the seller will have to perform a comparative coverage analysis to look at the<br />
possible jurisdictions available to them and the expected outcome (in terms of<br />
proper law and coverage) that each particular jurisdiction will assign to the<br />
insurance contract in question. Almost as important for European-domiciled buyers,<br />
a local legal system may not have the necessary skills, pool of expertise and<br />
familiarity with what can be very technical issues in insurance claims (for example<br />
root-cause analysis and coverage issues) and often perceive that certain<br />
jurisdictions, such as the courts of England and Wales are best placed to deal with<br />
such issues, given the history of the Commercial Court in dealing with insurance<br />
and reinsurance claims throughout the 20th Century. Note that the same effect can<br />
be achieved in an alternative way: it is possible to specify the jurisdiction of the<br />
Commercial Court but also have a proper law clause that introduces some of the<br />
more benign insurance rules and procedures that are prevalent in, for example,<br />
Mainland Europe. Alternatively, the parties can specify private and confidential<br />
arbitration in a location of their choice and subject to a proper law of their choice.<br />
Finally, it is possible to use alternatives to litigation, such as Queens Counsel<br />
clauses or appraisal clauses, where issues of policy response and quantum of<br />
coverage respectively are referred to contractually binding, non-appealable,<br />
adjudicators.<br />
Information Provisions. Where information is required to be provided to<br />
underwriters, there is a need for care in identifying the responsible person for<br />
passing on that information, particularly within a buyer. These provisions can arise<br />
in the context of either the provision of information pre-inception (disclosure<br />
obligations) or upon the happening of a loss-event (notice provisions). It is possible<br />
to stipulate in the insurance contract that information has to reach a certain level<br />
within a company – for example an officer in the risk management department, a<br />
main board director or indeed the legal department – before it triggers any<br />
information requirements under the policy, such as notification of loss or, if<br />
appropriate, an increase in material risk. For underwriters to accept such<br />
provisions however, insureds have to provide a vast amount of information about<br />
the adequacy of the information transfer process up and down the management<br />
chain. Effectively, in this scenario, the insured has the benefit of insurance against<br />
the failure of the information mechanism.<br />
23
Corporate Governance driving end to “Deal Now Deal Later” insurance market<br />
Misrepresentation and non-disclosure. As noted above in relation to the harsh<br />
remedies available in respect of insurance disputes in certain jurisdictions, for<br />
example England and Wales, it is possible to incorporate provisions into the policy<br />
that restore some of the balance. The idea is to replicate the continental idea of<br />
“proportionality” where the remedy is ascertained to be proportional to the breach.<br />
In effect, for minor misdemeanours, underwriters do not get off the hook. At the<br />
other end of the spectrum, major misdemeanours such as fraud or the deliberate<br />
provision of misleading information, are punishable by forfeiture of the claim or<br />
perhaps even the policy. There are of course graduating remedies in between since<br />
the remedy must be proportionate to the breach and is compensable by damages,<br />
e.g. if there is an enhanced risk then the underwriters may well set-off against the<br />
claim an entitlement to charge an increased premium or additional terms and<br />
conditions be imposed.<br />
Conditions Precedent to Liability. It is important that conditions that are precedent<br />
to liability (i.e. breach of which means that an insurance contract does not respond)<br />
are clearly stated as such and it is possible to insert a clause that limits conditions<br />
precedents to those clauses that are described specifically as such. The same can<br />
be done with warranties. In the alternative, certain jurisdictions, such as the<br />
Commercial Court in London, will look at the relevance and materiality of individual<br />
clauses to ascertain whether they are conditions precedent or warranties,<br />
notwithstanding the description of such clauses in the contract.<br />
Contract Risk Management. Although not directly related to the insurance<br />
transaction itself, it was recognised (particularly in the workshop) that there were a<br />
number of legacy contract issues where insureds have long-standing contracts<br />
with, for example, suppliers. Many legacy contracts do not accurately reflect the<br />
commercial relationships in a current application and indeed underestimate in<br />
terms of the available remedies the insured’s rights in the event of a supply chain<br />
disruption. A full understanding of the supply chain and contract risk management<br />
(including continuous assessment of the insurance architecture) in the supply chain<br />
is essential in order to ascertain what risks are being retained by an insured and,<br />
consequently what could be transferable to the insurance markets.<br />
Claims handling. Another issue to emerge from the workshop was the need to<br />
address, prior to inception, the importance of understanding what would happen in<br />
the event of a claim: what authorities were available to be exercised by the insured<br />
and what would be the role of loss-adjusters, bearing in mind that in a number of<br />
areas, there will be the need for a very rapid response to a developing claims<br />
situation where protection of reputation and brand are as important as dealing with<br />
the normal business aspects of a claim such as resumption of production, issues as<br />
to liability and so on. Part of this process should, based on the workshop discussion,<br />
include some scenario analysis and stress evaluations of potential likely claim<br />
scenarios and how these would be dealt with. This should form the basis of a written<br />
claims handling protocol that is negotiated along with the main insurance contract.<br />
Business continuity planning and crisis management. Following on from the<br />
above, it was considered in the workshop that it was most important that both<br />
business continuity planning and crisis management were considered alongside<br />
any claims-handling protocol, not least recognising the alternative resources that<br />
would be required in the context of business continuity planning and crisis<br />
24
Corporate Governance driving end to “Deal Now Deal Later” insurance market<br />
management, such as brand and reputation consultants. It is essential that all of<br />
those involved in the rapidly developing, complex claims process, including those<br />
tasked with ensuring, to the extent possible, that nothing is done which prejudices<br />
insurance cover whilst underwriters are, as and where appropriate, adequately<br />
protected.<br />
Each of the above, if done successfully, is considered essential to ensuring that<br />
claims certainty – which is the natural consequence of contract certainty is<br />
achieved. Whilst there will always be an uncertainty in the insurance industry – by<br />
its very nature insurance deals with the uncertain as well as the certain quantifiable<br />
– it was felt by all those involved in the workshop and indeed in the general<br />
discussions that an emphasis on and a proactive approach to dealing with the<br />
contractual process would benefit all concerned.<br />
Paul Wordley, Sian French and Kapil Dhir, Holman Fenwick & Willan<br />
25
D&O premiums fall, but pitfalls grow<br />
Ken McKenzie, Davies Arnold Cooper<br />
The good news for buyers of Directors’ & Officers’ insurance is that premiums have<br />
continued to fall, with an estimated additional 9% thought to have come off premiums<br />
during last year. Though there is some indication that environmental exposures and<br />
global warming may start to drive rates back up again in the near future.<br />
Capacity, however, seems to be on the rise again, with UK consultants Towers Perrin<br />
indicating that it is approaching $1.5 billion, the historical high of 2000.<br />
Although there has been an increase in the number of class actions initiated by<br />
institutional investors, the number of US class action suits seems to have dropped in<br />
2005, possibly reflecting a reduction in alleged loss totals to investors.<br />
Settlements continue to ride high in spite of a softening of the market. Nortel Networks,<br />
for example, reported a $2.5 billion litigation expense thought to result from D&O<br />
insurers having walked away from their much publicised problems. Profit forecast<br />
shortfalls continue to offer fertile ground for corporate claimants. New policy products<br />
keep coming and the market for them remains highly competitive.<br />
Sarbanes-Oxley (SOX) continues to cast its long shadow, so much so that many companies,<br />
including global communications and technology companies, are contemplating or have<br />
actually initiated de-listing in the US. Dual US/UK listed companies caught up in US securities<br />
action have included Vodafone, Cable & Wireless, and Shell. While de-listing might not have<br />
been a complete answer originally, the SEC is proposing new arrangements which will make<br />
it easier for non-US companies to de-list and obtain deliverance from their compliance<br />
obligations on the basis of three alternative tests for “well known seasoned issuers”.<br />
Anti D&O activists managed to get by before SOX and many notorious suits pre-date its<br />
implementation. However, in HealthSouth, perhaps the best known post SOX D&O case<br />
to date, having frozen the assets of CEO Richard Scrushy, the SEC allowed tens of<br />
millions of dollars to be released to Mr Scrushy for personal use on legal and other<br />
expenses, perhaps a sign of a lack of working D&O cover<br />
This July will finally see the much-delayed implementation of Section 404 for relevant<br />
non-US private issuers, obliging them to include both a management and auditor<br />
statement on the effectiveness of internal controls over financial reporting in their<br />
annual reports. Or will it A May 17 SEC announcement that small US companies will<br />
have more time to comply has raised some expectations that the non-US deadline will<br />
also be extended once again.<br />
Nearer to home, the UK (whose “comply or explain” approach is apparently preferred by<br />
the European Union Commission to a full blown European Corporate Governance Code)<br />
is nearing the end of a long road towards the new Company Law Reform Act, predicted<br />
to come into law at some point during 2007. The long consultation process involving<br />
white papers, independent reviews, successive reports and reviews of codes is finally<br />
drawing to a close. For D&O insurance purposes, the most interesting measures the<br />
new bill proposes are to:<br />
• Codify the duties of directors.<br />
• Allow shareholders to agree to limit auditors’ liability to the company so that their<br />
financial liability relates to their responsibility for the loss. (No news, however, on<br />
the once-mooted cap for directors).<br />
26
D&O premiums fall, but pitfalls grow<br />
• Overhaul the machinery for derivative action by shareholders against directors or<br />
third parties.<br />
The new Act will roll up the Companies (Audit Investigations and Community Enterprise)<br />
Act 2004 which itself relaxed the rules on the degree to which companies can<br />
indemnify their directors in defence costs and actual third party liabilities. They can<br />
advance and pay such costs (even in a claim by the company); however they become<br />
repayable in the event of a unsuccessful defence of criminal proceedings or claim by<br />
the company; fines imposed in criminal proceedings, regulatory penalties and liability to<br />
the company itself cannot be indemnified.<br />
In a late and surprising move at the end of last year, by the Companies Act (Operating &<br />
Financial Review) (Repeal) Regulations 2005, with effect from January <strong>2006</strong>, the<br />
Government abolished the newly introduced Operating and Financial Review (OFR), a<br />
move which may have taken much of the social, community and environmental spirit<br />
out of currently proposed reforms. This may be a good thing for non-executive directors<br />
who were potentially exposed to liability in discharging the role of moral conscience of<br />
the company.<br />
However, having just bowed to pressure from the Confederation of British Industry (CBI)<br />
to strangle the OFR in its infancy, the Government was forced to re-open consultation<br />
on the mechanism under threat of judicial review by Friends of the Earth. The results of<br />
that consultation, which closed in March have resulted in the OFR remaining out of the<br />
Bill. Indeed, current indications are that the UK government are moving in the direction<br />
of shielding directors and officers from liability for untrue or misleading statements<br />
except where bad faith or recklessness is involved; it looks as though the vetting<br />
procedure of the courts for the new derivative actions will apply this principle.<br />
Animal rights extremism has scored another own-goal in the UK where the threat of<br />
circulation of shareholders’ details on the web has prompted immediate injunctive relief<br />
and enhanced the likelihood that registration requirements will be relaxed in the new<br />
Bill.<br />
The role of non-executives remains problematic. Expensive to keep, they are arguably<br />
superfluous in a well-run company and not always best placed to perform their<br />
supervisory role. In Equitable Life, though criticised by the Penrose Report for being<br />
effectively incompetent to monitor actuarial activity, the case against the non-executive<br />
directors (and auditors) famously collapsed.<br />
The new Bill still recognises no special role or distinct obligations for non-executive<br />
directors, and that may pose its own challenge to the insurance industry.<br />
Meanwhile the EU Council has adopted a directive updating accounting rules and<br />
modifying the Fourth and Seventh Company Law directives to enhance confidence in<br />
corporate financial statements and reports. This establishes collective responsibility of<br />
board members for such statements, enhances transparency in off balance sheet and<br />
related party transactions and introduces the requirement for a corporate governance<br />
statement. EU states are supposed to adopt the changes into domestic law within two<br />
years.<br />
In spite of the softness of the market, severability remains a key area of concern,<br />
highlighting the risk that information of which only certain directors may be aware can<br />
27
D&O premiums fall, but pitfalls grow<br />
be imputed to other innocent directors, either through the mechanism for placement of<br />
policies, or operation of the policy language itself. This issue has placed an increased<br />
focus upon the desirability of severability clauses and effective protection for all<br />
directors. Without such clauses, very rigorous due diligence personally conducted by<br />
and on behalf of each director may be necessary.<br />
Another sensitive subject is Insured v Insured exclusions. These have been a feature of<br />
some directors’ and officers’ policies for decades. Their effect varies very considerably<br />
from jurisdiction to jurisdiction given the different rights which arise. In the US, for<br />
example, where extensive rights are available to shareholders individually and as a class<br />
to bring action against directors, the scope of policy risk and cover can be considerably<br />
wider than in a jurisdiction like the UK where directors owe duties not, prima facie, to<br />
shareholders, but to the company: if the company is an insured under a corporate<br />
reimbursement clause and a simple form Insured v Insured exclusion denies cover for a<br />
claim brought by an insured, what cover is left The answer may lie in the increasing<br />
sophistication with which insurers modify the cover through carve-outs and exceptions.<br />
The potential for extradition is beginning to cause concern. Enacted with anti-terrorism<br />
firmly in mind, the UK Extradition Act 2003 has been more of a threat so far to directors<br />
and officers, with examples like the three bankers resisting extradition from the UK to<br />
the US on Enron charges raising the question why the Act is being used in this way<br />
when there is no US reciprocity yet.<br />
The D&O market, fuelled by much uncertainty over ongoing corporate reform in the UK,<br />
US and Europe, continues to be one of the most fast-moving and volatile, behooving<br />
buyers to monitor developments closely.<br />
Kenneth McKenzie is a Senior Partner, Head of the Insurance Practice at Davies Arnold Cooper<br />
28
CD POSITION<br />
GUIDE ONLY<br />
28<br />
29