Commercial Risk Europe — May 2016 by Calixa Creative

www.commercialriskeurope.com

EUROPEAN RISK FRONTIERS: FRANCE French risk managers say they need better BI and employee benefit coverages from insurers as well as improved cyber solutions despite progress in this area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10

DVS and Bfv merge Consistency of global programmes tops agenda

aladbury@commercialriskeurope.com

[BONN]—THE GERMAN RISK and insurance management association (DVS) and the German association of inhouse insurance brokers (Bfv) have merged to create one representative body for the national risk and insurance management community, called the Gesamtverband der versicherungsnehmenden Wirtschaft e.V. (GvW).

Bfv had always worked well together and the merger was a natural fit. The merger would help the German risk and insurance management community defend its interests and push for progress on critical matters such as more clarity and consistency on global programmes at national, European and international level, he added. Mr Mahnke said: “This is a historic day as we see the merger of the two representative associations of German risk and insurance managers. We have always worked well together and there is a large crossover of membership. But as a united force I believe we can achieve more for the German risk and insurance management community, for example in relations with the insurance industry.”

ANNOUNCEMENT The announcement was made during DVS’s annual general meeting at the Petersberg hotel late last month. This follows the announcement earlier last month. Jörg Henne, head of risk management insurance at electrical manufacturer EPCOS, part of the TDK group, and TOP OF THE LIST board member of the DVS since April 2013, One of the first things has been appointed on the agenda for the full-time chief executive GvW will be closer work with the German officer (CEO). insurance association— Alexander Mahnke, chairman of the DVS Alexander Mahnke the GDV. and CEO of insurance This should be at Siemens Financial Services, helped by the fact that Stefan told Commercial Risk Europe at Sigulla, former chairman of a roundtable meeting of the the DVS, is now a member of newly merged association’s the board of management of committee, that the “historic” HDI Global SE and chairman combination of the two of the GDV’s international associations would strengthen committee—the Kommission the position of German risk and Internationales Geschäft (KIG). insurance managers. He said the DVS and DVS: Turn to p20

AIG.

CEO Hancock stresses no need for breakup as AIG reports lower Q1 profits and revenues

01-CRE-Y7-04-Front.indd 1

Volume 7

#04

May 2016

EUROPEAN RISK FRONTIERS: PORTUGAL In Portugal cyber and new EU data protection rules were at the front of participants’ minds. Discussion also took in global expansion and political uncertainty at home and beyond. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-17

ELD.

DVS.

Adrian Ladbury

ELD is falling short, concludes EC probe Focus on improved implementation not revision Ben Norris bnorris@commercialriskeurope.com A EUROPEAN COMMISSION (EC) review of the Environmental Liability Directive (ELD) has concluded that the directive is not achieving its aims. Perhaps equally as damning, the review stresses that there is simply not enough information to fully assess how the ELD is working due, among other reasons, to a lack of awareness and reported cases in certain member states. This indictment of how the ELD has been implemented, is understood

SUPPORT FOR EC The Federation of European Risk Management Associations (Ferma) supports this approach and believes now is not the time for any new rules. It will make its case at the fourth ELD Stakeholder Conference in Brussels on 24 May. During this event, an

EC-driven action plan to improve the effectiveness of the ELD will be discussed and further work agreed upon. The EC was due to evaluate how the ELD has been applied and whether it is fit for purpose in 2014 via a Regulatory Fitness and Performance Programme (REFIT) evaluation and accompanying report. These two documents were delayed for various reasons, including late delivery of member state reports and political changes at EU level, and were finally delivered last month. ELD: Turn to p20

CYBER.

Cyber capacity builds but BI a challenge to increase the limits they purchase, he said. Cyber insurance prices in the US increased sharply in 2015, especially for healthcare companies, retail businesses and financial institutions, in response to a number of large data breaches. Rates have since started to stabilise through late 2015 and early 2016, according to Mr Christensen.

Stuart Collins news@commercialriskeurope.com INSURERS HAVE SIGNIFICANTLY

increased cyber insurance capacity for large corporates, but business interruption and property damage exposures remain challenging. RAPID EVOLUTION Overall, the cyber insurance market continues to evolve at a fast pace, according to David Christensen, cyber leader at Marsh in the UK. Standalone cyber cover has broadened. The price is trending flat to slightly upwards, though market competition is keen. Additionally, companies are starting

activist shareholder Carl Icahn to break up the group to avoid being aladbury@commercialriskeurope.com designated a Systemically Important Financial Institution (SIFI) by [BRUSSELS]—AIG PRESIDENT AND regulators. chief executive officer Peter AIG’s withdrawal from Hancock stressed his deterPICC actually started last mination not to break up March when it sold about the group as he announced it $500m of shares, leaving its would raise $1.25bn through stake at just over 8%. the sale of the bulk of its When the latest sale of stake in PICC Property and PICC shares is completed, Casualty Company (PICC). AIG will have just a 0.75% Mr Hancock did not share of the Hong Kong completely rule the breakup Peter Hancock insurer, the international out, however, as he responded arm of state-owned People’s to a question from one analyst during Insu-rance Company (Group) of the group’s first quarter results call. China. AIG is under pressure from “We’re transforming AIG into a

Adrian Ladbury

and is protecting the environment, necessitates a further assessment down the line, EC sources say. In the meantime, the Commission is focusing on improving implementation of the ELD as it currently stands and gathering information rather than suggesting wholesale changes.

CONVERGENCE NEEDED However, there often remains a significant difference between what corporates want to buy and what the market, as standard, has been willing to give, according to Graeme King, CYBER: Turn to p22

leaner, more profitable and focused insurer,” said Mr Hancock as the deal price of the sale was announced on 2 May. “By continuing to derisk our position in PICC P&C, we are enhancing our financial flexibility,” he added. Q1 WRITEDOWNS Three days later, Mr Hancock announced first-quarter results that showed falling revenues as AIG continued to “derisk” its portfolio, and sharply reduced profits, largely on the back of write-downs of alternative investments. Mr Hancock found himself once again explaining to equity analysts during the earnings call why

breaking the group up to avoid the higher capital charges faced by a SIFI is not necessary. After a lot of detailed questions about the fine detail of the results and progress on AIG’s turnaround effort, Josh Clayton Stirling, analyst with Sanford C Bernstein & Co, finally asked the big question. “I appreciate all the colour and update on the operating initiatives. Obviously, it’s great to hear about all the progress. I’m wondering if you’d be willing to [answer] a higher level question,” said Mr Stirling, as quoted by Seeking Alpha, the online reporting service. AIG: Turn to p22

5/5/16 17:11:00

The cyber risk landscape today...

Do you know that 73%* of companies underestimate cyber risks? Increasing interconnectivity & globalization of business and the “commercialization“ of cyber-crime are driving greater frequency and severity of cyber incidents. Allianz Global Corporate & Specialty provides a comprehensive solution, “Allianz Cyber Protect Premium1)“ with a full suite of offerings: Third Party Cover: For liability arising out of data loss, network interruptions, media liability and regulatory actions First Party Cover: For business interruption, extended business coverage and hacker theft Costs: For IT forensics, restoration, reputational and loss adjuster costs as well as response costs including notification

www.agcs.allianz.com *Allianz Risk Barometer 2015 surveying over 500 risk managers and experts from 40+ countries

Copyright © 2016 Allianz Global Corporate & Specialty SE. The material contained in this publication is designed to provide general information only. Information relating to policy coverage, terms and conditions is provided for guidance purposes only and is not exhaustive and does not form an offer of coverage. Whilst every effort has been made to ensure that the information provided is accurate, this information is provided without any representation or warranty of any kind about its accuracy. 1) In France, the name of our cyber insurance product is “AGCS Cyber Data Protect“ Allianz Global Corporate & Specialty SE, Commercial Register: Munich, HRB 208312

Cyber_ad_A3_V3r_2016_final.indd 1 02-CRE-Y7-05-Allianz.indd 2

26.04.2016 5/5/16 12:10:25 14:03:45

NEWS ANALYSIS Mergers & acquisitions

M&A insurance takes off with corporate buyers Stuart Collins news@commercialriskeurope.com

[LONDON] THE MERGERS AND ACQUISITIONS

(M&A) insurance market has been growing at a rapid pace as more and more corporates find a use for this evolving insurance product. With new players and capacity entering the fray, buyers can expect favourable market conditions and innovation, experts say. Demand for M&A insurance—also known as transactional or warranty and indemnity insurance—continued to increase during 2015. According to Marsh, a record 450 policies were placed last year, a 32% increase on 2014. Limits placed also increased—up by 45% to $11.2bn. This was driven by larger deal sizes as well as more insurance limits being purchased per transaction, the broker states in a new study. Interestingly, Marsh has seen a dramatic uplift in corporate buyers using transactional risk insurance. Private equity firms had traditionally used M&A insurance more extensively but in 2015, 44% of M&A insurance policies were purchased by corporates—up from 39% in 2014, according to the broker. Corporates are now using M&A insurance when buying assets in new markets or fields of business, or to better compete in auction situations, according to Andrew Hunt, Europe, Middle East and Africa transactional risk leader at Marsh. Anecdotally, transactional insurance is being purchased in around 10%-15% of M&A globally, according to Mr Hunt. This figure varies by jurisdiction. In some countries, like Australia and Sweden, it has become almost routine in certain types of deals, he noted. Real estate transactions continue to dominate the M&A insurance market, although other industries are catching up, according to JLT Specialty. Manufacturing, technology/telecoms, retail and food industries are using M&A insurance, it states in the recent report. Some of this shift is explained by private equity firms introducing solutions on the sell side to facilitate a “clean exit” for successful corporate buyers, according to Mr Hunt. However, corporates are also waking up to how they incorporate these solutions proactively into their deal process, he said. Growth in the M&A insurance market is also linked to the economic recovery since the 2008 financial crisis, according to Angus Marshall, M&A manager, UK, at AIG. It also reflects greater use of the product, suggesting good long-term prospects for the market, he said. “In the medium term, growth is sustainable with demand from the economic up-cycle. But penetration of M&A insurance has been increasing through each cycle,” said Mr Marshall. Corporates increasingly use the

03-CRE-Y7-04-News.indd 3

product, he said. “The product has turned a corner and become mainstream.” “In the past, lawyers questioned the cost of M&A insurance, the time it took to arrange cover and whether it would pay. Studies show that it does pay claims and we see that demand is increasing,” said Mr Marshall.

PRICE COMPETITION AND HIGHER LIMITS Increased capacity in the M&A insurance market has driven price competition and higher limits, according to Mr Hunt. Some primary insurers are now offering limits of $100m-plus; three to four times what they were offering a few years ago. In 2015, a number of new insurers began underwriting M&A insurance, while many established players increased their capacity, according to Teresa Jones, partner, M&A, at JLT Specialty. “Buyers considering M&A insurance now have much more choice, with a number of underwriters specialising in certain types of transaction. There is also more flexibility from underwriters and, as the market has matured and grown more sophisticated, it now offers a broad range of insurance solutions,” she said. According to Marsh, there are now in excess of 25 insurers offering M&A risk insurance globally on a primary or excess basis, a 30% increase in the past year

Angus Marshall

alone. In the UK and Europe the number of insurers increased by four to 16, with others due to come online. New players entering the market resulted in a merry-go-round of underwriters. This caused a temporary slight hardening of the M&A insurance market in the summer of 2015. As a result, average premium rates remained constant at 1.5% of the limit insured last year, while retention levels increased slightly to 0.8% of the deal size, according to JLT. However, as new players and capacity have bedded down, premium rates reduced to 1% on many deals and retention levels fell to 0.5% on average in the first few months of 2016, said Ms Jones. Increased competition is having a positive effect on the terms and conditions and coverage available, according to Ms Jones. For example, JLT secured a nil-policy retention structure on numerous real estate transactions in 2015. “With increased competition we will see more coverage enhancements and innovation,” said Ms Jones. For example, there have been developments around synthetic tax deeds, a broader appetite for known tax or litigation risks and blended cover to include risks like environmental and cyber liability. Increased flexibility from insurers has meant a willingness to underwrite deals in a wider range of jurisdictions, including emerging markets like central and eastern Europe, the Middle East and Africa. European and international insurers are also more willing to offer US-style M&A insurance coverage for cross-border and European deals, according to Mr Hunt. While this cover can cost more it provides a broader form of cover, he added. Now that the M&A insurance market has matured, there is likely to be an accelerated period of product development, according to Tim Allen, focus group leader, transaction liability, at Beazley Group. “While the market is not

‘commoditised’ quite yet, all carriers are looking to differentiate themselves and the more astute clients are focusing beyond pure placement when selecting their insurer,” he said. The differentiating factors tend to be broker and client service, certainty of counterparty and coverage development, said Mr Allen. For example, Beazley is in the process of developing new products, including those for the European real estate sector, US healthcare transactions and a capital markets-focused product. According to Mr Marshall, M&A insurance will evolve in phases. Recent developments have seen retentions lowered, premiums come down and limits increase. The next stage will see “changes in cover” and more innovation both in the product itself and around how the product interacts with other risk management techniques and insurance covers, he said.

CLAIMS PAYOUT M&A insurance is often used strategically to help smooth along a transaction, rather than to specifically transfer risk. However, M&A do not always pan out as expected and large claims are often made against insurers. Insurers reported more claims being made in 2015, although this appears to be largely in line with the increased premium written, explained JLT’s Ms Jones. However, the market has seen several large claim notices in excess of $100m and insurers are reporting claims frequency at 12%-15% of the number of policies issued. “It is too early to tell what impact this may have on costs, terms and conditions, although we do not expect any material changes in 2016,” Ms Jones said. A study of claims data by AIG found that a surprising number of M&A transactions worldwide result in disputes after closing. Some 14% of M&A policies written by AIG between 2011 and 2014 resulted in a claim, rising to 19% for deals valued at $1bn or more. According to AIG’s Mr Marshall, the claims study suggests that some companies are likely to be underestimating the risks associated with M&A. “Companies may be able to take the risks associated with M&A on their balance sheet but they should still consider W&I insurance as part of good risk management because the exposures are very real,” said Mr Marshall. The most common causes of claims, according to AIG, are financial statements (28% of claims) and tax (13%). Contracts were the third biggest cause at 11%. Also of note was the length of the liability tail on M&A insurance. It can extend well beyond a deal’s closing date. Trouble tends to come sooner than later though; 74% of claims were filed by policyholders within 18 months of the transaction closing. But a significant 26% were filed after the 18-month mark, said Mr Marshall.

5/5/16 17:10:47

RIMS conference roundup

NEWS ANALYSIS

Predicting risk set to get harder, finds RIMS survey Ben Norris news@commercialriskeurope.com

[SAN DIEGO]—ALMOST HALF OF the risk executives polled by the Risk and Insurance Management Society (RIMS) and Marsh believe forecasting businesscritical emerging risks will be more difficult in three years’ time, with another quarter saying it will not get any easier. In the 13th annual Excellence In Risk Management report, released at the RIMS conference in San Diego last month, survey respondents rate cyber attacks as the most likely critical risk to emerge for their business, followed by threats from regulation and talent shortage. The report is based on more than 700 responses to an online survey and a series of focus groups with leading risk executives conducted by Marsh and RIMS early this year. Nearly half the survey respondents (48%) said forecasting critical business risks will be more difficult in three years’ time. Another 26% said it would be the same. The report finds that while risk professionals are increasingly relied upon to identify and assess emerging risks, there remain organisational and other barriers to providing a critical “around the corner” view. Risk professionals and c-suite executives polled cited various barriers to understanding the impact of emerging risks on business strategy and decisions. The top reasons were a lack of crossorganisational collaboration, cultural/institutional issues, budget constraints, an inability to manage the magnitude of the risk and a lack of awareness of key risk management concepts. However, risk professionals and the c-suite ranked these barriers in different orders. C-suite respondents and risk professionals ranked cultural/ institutional issues one and two, respectively. However, for risk professionals the problem appears to be tied to an issue that has come up consistently throughout the years the survey has been running—a lack of collaboration across the organisation. “Lack of collaboration across the organisation is still an issue for many risk professionals. On the other hand, breaking down silos has become less of a concern for executives,” said Carol Fox, vice-president, strategic initiatives for RIMS and co-author of the report. “Tackling emerging risks often requires creative yet pragmatic approaches. It has to encompass internal crossfunctional conversations— formal and informal—around the intersection of risk and

04-CRE-Y7-04-News.indd 4

strategy, senior leadership engagement and tapping into external information sources. Risk professionals are encouraged to broaden the scope and collaboration around emerging risk issues within their organisations.” Survey respondents rated cyber attacks (61%) as the most likely critical risk to emerge for their business. This was followed by regulation, cited by 58% of respondents, and talent availability (40%). Next came technological change on 38% and customer demands on 36%. Based on the survey responses and insights from numerous focus group discussions, risk professionals generally agree on the

Carol Fox importance of identifying emerging risks. However, they also state that there is no clearly

established framework for doing so. The majority of the risk management respondents (60%) said they use claims-based reviews as one of the primary means to assess emerging risks, compared to 38% who said they use predictive analytics. This can be a problem, said the report’s authors. “The widespread use of claims-based reviews means that a majority of organisations are relying on studying past incidents to predict how emerging risks will behave, rather than using predictive analytic techniques like stochastic modelling and game theory to help inform their decision-making,” said Brian Elowe, Marsh’s US client

TOTAL COST OF RISK DOWN 2% FOR US CORPORATES ■ End of rate declines [SAN DIEGO]—The total cost of risk (TCOR) fell by 2% last year, according to the 2016 RIMS Benchmark Survey. This is the second year of decline. The survey also suggests that insurance rates for US commercial buyers have stopped falling. The survey, produced with Advisen and released at the RIMS conference in April, defines TCOR as the cost of insurance, plus retained losses and the risk management department’s administrative costs. It reveals that the decline in the TCOR last year was a result of falling property and liability insurance expenses, as well as decreasing risk management costs. The drop was tempered by increases in some areas, for example a 25% rise in professional liability costs. The survey also found that insurance premium decreases have stopped in the US. It reveals overall flat premiums at renewal from 2014 to 2015 across most sizes of business and categories of insurance. Cyber and transactional insurance emerged as growing niche areas, with Advisen predicting that the cyber sector could double in size to $5bn by 2020. The survey notes that the total cost of cyber risk for survey respondents was just $0.38 per $1,000 of revenue. “In order to innovate, organisations must first understand the costs, limitations and rewards of each new venture,” said RIMS president Julie Pemberton. “The Benchmark Survey is a highly informative resource that shows an industry-byindustry breakdown of how organisations allocate funds to hedge specific risks.” The annual RIMS survey benchmarks industry data for more than 52,000 insurance programmes from 1,457 organisations, including 197 Fortune 500 companies. It tracks changes in insurance policy renewal prices as reported by US corporate risk managers. —Ben Norris

executive leader and co-author of the report. The report notes that being ready for risks and alerting organisations of their potential impact is a key role for risk executives. “Whether emerging risks are on your doorstep, around the corner or on the far horizon, they have the potential to catch organisations unaware,” said Mr Elowe. “It’s important for risk professionals to maintain awareness of global risk trends and to make the connection to their organisations’ business strategies.” The report lays out recommendations to help risk managers and their organisations tackle emerging risks. These are: ■ Foster broad collaboration around risk issues in your organisation. Tackling emerging risks often requires creative but pragmatic approaches that encompass cross-functional support across the organisation and senior-leader engagement. ■ Challenge the agenda of your organisation’s risk committee. Does it include a review of broader trends and the potential emerging risks in its governance framework? Discussions around emerging risks should be a regular feature, not a once-ayear exercise. ■ Use a broad array of information sources to understand emerging risks. A narrow use of claims data and reliance on internal sources to understand emerging risks may limit your view. Reading and discussing with your peers ideas such as those brought forth in the World Economic Forum’s annual Global Risks Report, financial analysts’ reports and futurists’ blogs, can help you make connections that may otherwise escape you. ■ Push ahead on the use of data and analytics as a means to identify, assess and manage emerging risks. As technology continues to evolve and data accumulates, the potential for predictive analytics to inform your decision-making gets stronger by the day. ■ Seek external voices to challenge conventional thinking in your organisation. Although there will be trusted people with valuable perspectives in your company, an outsider’s view can help link unseen issues to create broader, more robust conversations around emerging risks. ■ Pay attention to social media; embrace it—or at least don’t tune it out. The world of communication is rapidly changing, with social media front and centre.

5/5/16 17:10:39

05-CRE-Y7-05-AIRMIC.indd 5

Untitled-1 1

5/5/16 14:06:50

01/03/2016 14:41:52

COMMENT

NEWS Association News

Light at the end of the tunnel as EC moves on non-financial reporting Ferma’s decision to tell the European Commission that ERM is the best method for companies to comply with new EU reporting requirements for non-financial or corporate socialresponsibility risks, is a good and potentially very significant move

nder the EC’s proposed Directive, which comes into effect in 2017, large public-interest entities, such as listed companies, will have to disclose in their management report “relevant and useful” information on their policies, main risks and outcomes relating at least to: environmental matters; social and employee aspects; human rights; anti-corruption and bribery issues; and diversity in their board of directors. If the EC agrees with Ferma’s argument that this needs to be organised by the risk manager on the back of a formal ERM system, then the European risk and insurance management community will have been given a huge boost. It is a simple fact that the majority of risk and insurance managers that we meet in Europe feel frustrated by the lack of recognition the profession receives in the wider business community. There are very few risk managers that Ferma represents who are either on the board or have direct and regular access to to that level. The situation is even worse in emerging regions such as Africa and Asia, where only the very biggest, multinational groups have fully embraced ERM. This is nothing new. This reporter for one has been interviewing

corporate risk and insurance managers in Europe, North America and more recently Africa, the Middle East and Asia for almost 25 years now and this topic just keeps on coming back. The fundamental problem is that the real value of ERM, just as with insurance, really does not become recognised until something goes horribly wrong. Then, inevitably, managers look for the reasons and people to blame. The lack of risk management and inadequacy of insurance is an easy option and the risk and insurance manager takes the blame. Incorporating mandatory demands for risk management in rules and regulations is not the total answer. It can of course have the opposite effect and instil the idea among general management that it’s really just a reporting tickbox exercise. This is definitely a problem we have encountered in the Middle East and, to a lesser extent, Asia. But mandatory inclusion of ERM in the management reports of big companies could be a big step forward as it would hopefully be much more difficult to turn this into a tickbox exercise. He added: “Risk reporting is a key element of the risk manager’s role. Because of the cross-functional nature of the risk manager’s mission, he or she is the best placed person in the organisation to provide assurance that the various types of risks, including those related to corporate social responsibility, have been identified and managed.” Let’s hope the EC sees the sense in Mr Willaert’s words.

Editorial Director Adrian Ladbury aladbury@commercialriskeurope.com

Art Director Alan Booth—www.calixa.biz Tel: +44 (0)20 8123 3271[w] +44 (0)7817 671 973[m] abooth@commercialriskeurope.com

Publishing Director Hugo Foster Tel: +44 (0)1892 785 176 [w] +44 (0)7894 718 724 [m]

WEB EDITOR /Deputy Editor Ben Norris Tel: +44 (0)7749 496 612 [m] bnorris@commercialriskeurope.com

hfoster@commercialriskeurope.com

ReporterS:

news@commercialriskeurope.com

UK/IRELAND: Garry Booth, Stuart Collins, Tony Dowding, Nicholas Pratt FRANCE/SPAIN: Rodrigo Amaral GERMANY: Anne-Christin Groeger, Friederike Krieger, Herbert Fromme EDITORIAL ENQUIRIES: enquiries@commercialriskeurope.com

Printing

For commercial opportunities email hfoster@commercialriskeurope.com

Mailing agent

To subscribe email subs@commercialriskeurope.com

Warners (Midlands) plc Action Mailing Services Ltd. Rubicon Media Ltd. © 2016 All rights reserved. Reproduction or transmission of any content is prohibited without prior written agreement from the publisher

Commercial Risk Europe is published monthly, except August and December, by Rubicon Media Ltd.—Registered office 7 Granard Business Centre, Bunns Lane, Mill Hill, London NW7 2DQ

While every care has been taken in publishing Commercial Risk Europe, neither the publisher nor any of the contributors accept responsibility for any errors it may contain or for any losses howsoever arising from or in reliance upon its contents. Editeur Responsable: Adrian Ladbury.

06x-CRE-Y7-04-Leader.indd 6

Ferma urges EC to put risk management at heart of non-financial reporting Stuart Collins

news@commercialriskeurope.com



[brussels] the federation of european risk management associations

(Ferma) says that risk managers and enterprise risk management (ERM) should be at the heart of new European non-financial reporting requirements. Ferma made the call in its response to a consultation on non-financial reporting guidelines being drawn up by the European Commission (EC). The guidelines supplement a European Union (EU) directive on non-financial reporting, which is due to be transposed into national law by December 2016 and come into effect in 2017. Ferma said the directive will affect many of its 4,700 risk manager members. “It is difficult for specialists in each department to connect different aspects of risk across functions, leaving grey areas where reporting may be incomplete,” said Ferma president Jo Willaert. “We therefore urge the Commission to recognise in the guidelines the fundamental role of risk managers and the value Jo Willaert of ERM methodology in the reporting of non-financial or corporate social responsibility elements, which require a deep understanding of the business model of the organisation,” he said. The EU directive on disclosure of non-financial information is intended to improve corporate disclosure around social and environmental policies and risks. The directive applies to “public interest entities” with more than 500 employees, such as listed companies, banks and insurance undertakings, as designated by EU member states. It will introduce minimum legal requirements for reporting information on environmental, social and employee, human rights, anti-corruption and bribery issues, as well as board-level diversity. The EC’s consultation on non-binding guidelines for non-financial reporting closed last month. Announcing the consultation in January, the Commission said: “These guidelines can assist companies in the reporting process, providing them with a methodology that will facilitate the disclosure of relevant, useful and comparable non-financial information.” In its response, Ferma urged the Commission to recognise the fundamental role of risk managers and the value of ERM methodology in such reporting. According to Ferma, organisations will need help in reporting risks linked to non-financial information, a role best suited to the risk manager. “Risk reporting is a key element of the risk manager’s role. Because of the crossfunctional nature of the risk manager’s mission, he or she is the best-placed person in the organisation to provide assurance that the various types of risks, including those related to corporate social responsibility, have been identified and managed,” said Mr Willaert. Having risk managers in charge of non-financial risk reporting makes it possible to validate the strength of an organisation’s response to related threats, said Ferma. “Reporting on these risks cannot be limited to the financial impact,” it said. The Federation suggests that the directive’s requirement to disclose “principal risks” is best met through the creation of a risk map, coordinated by the risk manager. Ferma recommended that the Commission’s guidelines refer to risk management frameworks developed by national risk management associations in Europe, including those from the Association of Insurance and Risk Managers in Industry and Commerce and the Association pour le Management des Risques et des Assurances de l’Entreprise. It also proposed that the process of risk identification, analysis and control, as well as consultation and communication, should be conducted in accordance with internationally recognised standards, such as the ISO 31000 or the COSO ERM Framework. The directive requires the non-financial statement to indicate how an organisation is managing connected risks. Ferma now wants risk management and risk managers to be a part of the guidelines that accompany the directive. “The guidelines should acknowledge the fact that there is already a profession that is particularly well equipped to perform an analysis of the risks linked to various areas like corporate social responsibility (CSR) matters. The risk manager, when deploying an enterprise risk management methodology for the organisation, is already doing what the directive would like to see [with regard to] CSR-related risks,” explained Typhaine Beauperin, chief executive officer of Ferma. “If the guidelines are to be practical and helpful for organisations, they need to indicate where to look and how to produce a correct non-financial statement. The work of our 23 associations is very relevant in this field and is very well connected with the business world,” she said.

5/5/16 18:00:08

BEHIND THE NEWS ISO standards

ISO to deliver new anti-bribery standard considered medium to high risk,” he says. Mr Caldwell is also concerned about reliance on inefficient systems, such as manual tools and spreadsheets that do not provide the necessary visibility, to manage anti-corruption programmes. “Today, risks and regulations—including those related to anti-corruption—are more complex and intertwined than ever before,” he says. “Therefore, companies that Commercial Europe.pdf 1 3/29/16 manage theirRisk anti-corruption

Nicholas Pratt npratt@commercialriskeurope.com

NEW STANDARD FOR

managing anti-bribery programmes is in the pipeline as corporate corruption climbs the risk agenda. The International Standards Organisation (ISO) is in the final stages of developing a new standard—ISO 37001 AntiBribery Management Systems— which will be “designed to help organisations implement effective measures to prevent and address bribery and instill a culture of honesty, transparency and integrity”. The body believes its forthcoming standard will give investors and other stakeholders more confidence that effective anti-bribery and corruption measures are in place. The World Bank estimates that more than $1tn is paid in bribes each year. The ISO’s draft standard, which is expected to be finalised and available later this year, has received overwhelming support from 91% of ISO members involved in its creation. “Bribery can be prevented if organisations in the public and private sectors, with genuine intent, implement effective controls,” says Neill Stansbury, chair of the ISO project committee developing the standard. “The overwhelming positive vote on the draft version of ISO 37001 gives us further confidence that it will be an effective tool to help organisations of all kinds take effective measures to combat bribery in all its forms.” The new ISO standard seems timely, given a recent report that suggests a worrying lack of confidence in many corporates’ anti-corruption programmes and doubts about just how thoroughly suppliers and partners are checked. The report, produced by Dow Jones Risk and Compliance and research firm MetricStream, surveyed more than 300 companies worldwide. It found that 37% were only ‘somewhat confident’ or less in their due diligence programmes. French Caldwell, chief evangelist at MetricStream, says these doubts reflect the quality of information being collected. This view is supported by the fact that only 27% of surveyed firms monitor their partners on a quarterly basis or more. While many organisations have developed anti-corruption programmes that include due diligence on their business partners, often they do not go far enough and only focus on initial onboarding or contract renewal, says Mr Caldwell. “Even when information is complete and accurate, it can become stale quickly. To maintain confidence in business partner practices, companies should implement ongoing monitoring as a minimum with those partners that are

07-CRE-Y7-04-BTN.indd 7

risks and compliance requirements in an integrated and automated manner, as part of their larger enterprise risk management and GRC framework, are better positioned to preserve their integrity, protect their brands and reputations, and perform exceptionally,” he adds. The survey’s findings come against a backdrop of increased regulation around anti-corruption, such as the UK Bribery Act and the Foreign 11:00 AM Corrupt Practices Act in the US.

“We’re seeing large-scale anticorruption investigations and record fines targeted not only at companies but also at individual executives,” says Joel Lange, managing director of Dow Jones Risk and Compliance. “In this heightened regulatory climate, a company’s success, reputation, and very survival is largely dependent on the effectiveness of their anticorruption programmes.” The survey also shows a regional disparity in attitudes to corruption, with respondents

highlighting Iran, China, Russia, Iraq and the Ukraine as the countries most prone to corruption. Mr Caldwell says it is important that any due diligence programme reflects the different level of associated risk. “For example, a partner in the UK that only does business with other western European organisations is much lower risk that a partner in central Asia that does business in countries that have high levels of official corruption,” he points out.

CMY

5/5/16 17:10:23

France

EUROPEAN RISK FRONTIERS

We kick off our 2016 European Risk Frontiers survey, this year sponsored by HDI Global and World Broker Network, in France. As in previous years, we took the opportunity to ask some of Europe’s leading risk and insurance managers about the big issues affecting their industry. As reported by Rodrigo Amaral, the French participants expressed the need for insurers to better deliver on BI and employee benefit coverages. They also demand improved cyber solutions but report that progress is being made in this area. We then discuss how insurance buyers should make the most of the ongoing soft market, which lines might be bucking the general trend and interconnectivity as a key risk driver

French Risk managers demand innovation for BI and employee benefits Balancing price and extended cover a tough call in soft market

David Vigier



[paris]—french participants in the 2016 European Risk Frontiers survey would like the insurance market to deliver innovation in key areas such as business interruption and employee benefits. At the same time, they are trying to take advantage of current soft market conditions to bolster their insurance programmes, while striving to nurture good relationships with insurance markets. When it comes to innovation, business interruption is a leading concern. French companies have stressed the need for broader coverages, especially as emerging threats such as terrorism and cyber attacks are often not covered by traditional policies. “The market could promote a sense of expanding current business interruption coverages. They could include new kinds of risks, new kinds of events that disrupt the activities of companies,” said Regis de Poncins, risk, insurance and safety manager at CFAO, the multinational logistics and distribution group. “Current coverages are mostly linked to property policies but we could think about extending them to other coverages in a relatively automatic way. It is already possible, for example, to add business interruption risks to policies that cover the transportation of merchandise. But that can be done only on a case-by-case basis and it is an option that has not spread widely enough across the market.” “Business interruption could also be added and offered in a more systematic way to construction all-risk coverages when there is a long-term project. It is a sector where the market could benefit from innovation that takes it beyond traditional coverages,” he added.

NEW SOLUTIONS

David Vigier, a prominent member of France’s risk management association AMRAE, believes it is time for the insurance market to come up with new solutions for employee benefits. “Right now, insurers provide insurance for companies’ employees in case of accidents, death, disability and so on when they are travelling on duty. There is another product, which is kidnap and ransom,” he said. “I would like my brokers and insurers to think about products that cover all the employees of a company, no matter the risk. In other words, it could cover at the same time accidents at the working site and any event that can take place when employees are travelling to places such as Brazil, Mexico or Venezuela and suffer terrible experiences such as kidnapping.” Mr Vigier also urged insurers and brokers to add value to the coverages they sell, particularly through services to help companies better manage personnelrelated risks. “Service is key when it comes to coverages. Insurance capacity is important but it is the end of the process. At the beginning of the process, insurers need to be in a position to provide advice to the client and its employees,” he said. “For example, what does the employee need to be aware of when travelling to a certain foreign market? Another element that could be included in this kind of product would be crisis management. I would really look forward to receiving a proposal of an

08-CRE-Y7-04-ERF-France.indd 8

that in two or three years we may suffer losses. In which case, I do not want the cost of my insurance to take a swing. I do not want to hear my insurers claiming that the prices proposed a couple of years earlier are not viable anymore and we have to review the premium budget. We have to keep in mind that insurance is very often a long-term play.” The French market is characterised by fierce competition between underwriters, with rate increases rare. As a result, insurers are seeking good risk profiles in a quest to reduce loss ratios. This is enabling companies with solid risk management processes to negotiate lower rates even in hardening segments, such as motor insurance. “We have already optimised our insurance budgets because in the past we have launched tenders to select insurers and brokers. For several years, we have taken advantage of soft market conditions,” said Patrick Lacroix, risk manager at the energy services group IDEX Services. “For example, we launched a tender for motor insurance recently. We had to change our underwriter in the segment because our insurer left the market. We do a lot of prevention work with our motor fleet and we have results to show.”

EXPERT BENEFITS

“ I believe that in the past people may have done some foolish things with captives but the market is much more mature now than it was 20 years ago. Solvency II is adding a burden and pressure in this respect. It is necessary to balance the positive and negative effects of regulation and sometimes it is not clear to me on which side of the line we are walking.” David Vigier insurance product that covers employees wherever they are and whatever kind of event they participate in.” Mr Vigier also stressed that companies should bear in mind the value of forging long-term relationships with their underwriters. That is important in the current soft market where buyers are often tempted to simply drive down insurance costs as low as they can. “The better buying strategy in the current market is to be opportunistic to a certain level. If the market allows you to build some interesting group programmes, you would be a fool not to take advantage of the cycle,” he said. “But we know that the insurance market has its cycles and we have to anticipate the day when the market will turn hard again. I believe that companies therefore need to nurture long-term relationships with their insurance suppliers.” He added: “It is a question therefore of balancing these elements. I have to be in a position to take advantage of competition in lines such as property and general liability, while at the same time being mindful

He continued: “So I met a number of insurers along with our broker, we explained our risk management process to them and some of them were very interested. In the end, I obtained lower premium rates, even though my previous contract was already very competitive.” “In a soft market, we try either to reduce the amount of premiums via tenders or by negotiating directly with underwriters to increase our levels of coverage through the purchase of additional lines, or to reduce deductibles,” Mr de Poncins remarked. Another consequence of the soft market is that captives have become less attractive for risk owners who can find competitive rates and plenty of capacity from insurers. “We have no plans today to set up a captive,” Mr de Poncins pointed out. “If we were meeting any difficulties to place our risks in the market, the situation could be different. However, that is not the case today. The soft market does not push companies towards creating captives.” Another disincentive for the creation of captives is the increasing regulatory burden with which they have to comply. “Solvency II is putting an extra pressure on captives and sometimes it is overkill,” Mr Vigier said. “Regulation is positive but it seems to me that some rules can be very cumbersome for companies where their main business is not insurance or reinsurance. They call for a set of skills and competence that very often are not available.” Regulators have justified their tough stance on captives by arguing some are created for reasons other than risk management strategies. However, Mr Vigier said the captive market has evolved and that this is less of an issue today. “I believe that in the past people may have done some foolish things with captives, but the market is much more mature now than it was 20 years ago,” he said. “Solvency II is adding a burden and pressure in this respect. It is necessary to balance the positive and negative effects of regulation and sometimes it is not clear to me on which side of the line we are walking.”

5/5/16 17:10:03

EUROPEAN RISK FRONTIERS France

CYBER RISK CONCERNS REMAIN BUT MARKET FIGHTING BACK 

CYBER RISK IS A PRIORITY FOR

french companies and some are beginning to see progress when it comes to transfer solutions. “Cyber risks are at the top of the list of risks today,” said David Vigier, a prominent member of AMRAE, France’s risk management association. “Companies are experiencing more and more cyber attacks and leakage of data. A law is about to be published that makes companies liable for the data they manipulate and store in their systems. So obviously companies feel this is an area where they are increasingly under threat. Also, we may well imagine that some people could use IT techniques to promote terror attacks against companies.” Reputation damage is one of the leading consequences of cyber threats and is difficult to manage, participants agreed. “Reputation and image is a critical issue, especially for business-to-consumer companies,” Mr Vigier said. “Nowadays we have to invest time, energy and people to handle all the social networks where reputation can be impaired. It is a very complex area. How do we control reputation risk and how can we transfer it to the insurance market? This is something extremely concerning that we are working on.” Mr Vigier would like to see the insurance market come up with better support for companies in this area. The provision of coverages is only part of the solution, he added. “There is some work to do about reputation but this is not about insurance alone,” he said. “We have to think beyond just insurance capacity. We need to think in terms of risk management financing services, to be provided by insurers and maybe some other firms.” He continued: “In terms of reputation risks, we need to think about the actions that the company must take to defend its reputation, to prevent its brand being impaired. If you ask an insurer whether they would be able to put some reputation-related capacity on the table, they would look at you with blank eyes and not understand how

it works. But this is about taking care of something that is right now a huge issue for companies. Insurers and brokers have a role to play in this field.” In the view of some risk managers, the insurance market has made progress in delivering satisfactory solutions for cyber risks. “Lately we have benefited from innovation introduced by the market in the field of cyber risks,” said Regis de Poncins, risk management, insurance and safety manager at CFAO, the logistics and distribution group. “We have acquired a policy in the latest renewal period and it is something that we did not have before.” One of the biggest challenges for the market is to come up with coverages that can serve the needs and are within the budget of both large and smaller corporate clients. The latter, in particular, tend to be particularly cautious when purchasing expensive coverages for risk exposures that are difficult to measure. “I would be interested in innovative coverages for fraud and cyber risks. These are issues that are very much on the agenda of companies today,” said Patrick Lacroix,

risk manager at IDEX Services, the energy services firm. “We have seen some significant fraud losses in France in recent years, and the number of cyber attacks is increasing. On cyber risks, there are solutions available but we are still evaluating the purchase of coverages. Before any buying decision is made, the company needs to audit the risk internally. We must examine whether there are internal procedures that allow us to mitigate this risk and what else we can do in that sense.” In addition to a proper assessment of the cyber exposure, cost of insurance continues to be a concern, Mr Lacroix said. “Cyber risk coverages may be more competitive today than in the past, but there is still work to be done in this area. They are still expensive and deductible levels remain high,” he pointed out. “So it is still necessary to weigh very well the cost of the insurance coverage and the potential costs of a loss, compared to the exposure of the company to the risk. The final decision will rest on premium prices and deductible levels.” —Rodrigo Amaral

Connectivity shaping risk landscape



AS COMPANIES BECOME INCREASINGLY connected with the global economy, they also face growing risks but have seemingly less time to tackle them, said French risk managers taking part in our European Risk Frontiers survey. Terrorism and supply chain disruption, for instance, rank high on their list of concerns. Patrick Lacroix, risk manager at IDEX Services, the energy services group, believes that greater connectivity tends to increase the risks that companies face. “Our main risks include legal and environmental risks. A third very important issue concerns risks related to people,” he said. “For example, the risk that there is an explosion in our facilities that causes the death of staff members, or of third parties.” “Legal risks have been amplified by the complexity of the world in which we live. Another element that contributes to the speed with which risks manifest themselves today is communication. Today we communicate ever more, via social networks, via the internet. So the risks spread around much quicker than before,” he added. According to Regis de Poncins, risk management,

08-CRE-Y7-04-ERF-France.indd 9

insurance and safety manager at the logistics and distribution group CFAO, terrorism and supply chain rank among the key threats faced by firms. “When we mention the risk of terrorism, we are talking not only about the risks for the business but also the impact on people,” he said. “Another important concern for us is the risk of trading with certain countries.” Mr de Poncins continued: “There are also risks related to our business partners, especially concerning suppliers. This is linked to the daily operations of the group. We have long-term contracts with partners that sometimes can be put in jeopardy and if that happens it has an impact on the business of the company. For instance—for strategic reasons, when there are changes in the share capital a supplier may wish to modify the partnership agreement.” David Vigier, a member of France’s risk management association AMRAE, expressed the importance of managing human resource risks, particularly when activities are on the global stage. “An important set of risks relates to people. If people are not taken care of there is no way the company will deliver good services to customers,” he said. “This is

something that is absolutely key for the sustainability of the company, whether it refers to the retention of talent or the way people are treated by the company. Does the company have in place the right procedures when staff members are travelling so that they can feel safe in terms of medical attention or security? These are critical aspects for any company.” Mr Vigier said it is of paramount importance for organisations to have risk management structures in place that are worthy of the name. It is up to risk managers and their teams to engage the company in this process, he added. “Especially in the case of listed companies, you need to have extremely robust risk management procedures,” he said. “You also need to be able to communicate with shareholders about the actions that you have taken to manage risks. Changes do not happen all of a sudden; it is a matter of increasing the appetite of stakeholders to receive adequate information about the risks related to the business of the company and the measures taken to mitigate them.” — Rodrigo Amaral

Motor bucking soft market trend



MOTOR LIABILITY PRESENTS THE toughest challenge for commercial insurance buyers in France today, according to participants in the 2016 European Risk Frontiers survey. They said that overall, the commercial insurance market continues its long-term soft trajectory, which has led insurers to adopt ever more aggressive sales strategies. However, they said that motor insurance has bucked this trend, with rising rates and capacity being restricted for some risks. “The insurance market is pretty soft on traditional P&C lines. We can transfer property and general liability risks in good conditions. There is plenty of competition and prices are reasonably low,” said David Vigier, a prominent member of AMRAE, France’s risk manager and insurance-buyer association. “One insurance line that is not going through a soft market is motor liability. It has been hardening for the past ten years or so.” According to Mr Vigier, insurers have been very picky when it comes to writing motor liability business and this is particularly true for those with large motor fleets. “We are doing a good job at mitigating the cost of the hard market on the balance sheet but it is still a concern,” he said. “The motor liability market has been extremely difficult. Quite a few companies have struggled to find capacity, especially for public transportation and big fleets. Their first concern today is to find someone, in France or elsewhere, who is keen to provide the required capacity. Once an insurer is found, there is the matter of premium rates, which are often very high.” According to Patrick Lacroix, risk manager at energy services group IDEX Services, the state of the motor insurance market is a consequence of the aggression with which underwriters pursued this business in the past. “Motor insurance prices dropped in France for many years as the market is very competitive, but of late insurers have had to restore their technical results and some have raised rates as a result,” he said. “At the same time, there has been a boom in bodily injury compensations in the French market. Losses have become more significant than in the past and this development has impacted insurers’ results. But even then, with a good risk profile it is still possible to obtain lower rates.” This is because, as a rule, insurers highly value companies that do their homework when it comes to risk management, Mr Lacroix said. “There is a lot of capacity in the market and we also see that many insurers are adopting aggressive sales strategies. They are interested in companies’ risks,” he remarked. “They want to develop their businesses and this is a good thing for us buyers because there is fiercer competition between insurers. Today, insurers contact companies directly. In the past, contacts were always done through brokers.” This is also true for companies that have a big exposure to international markets, such as CFAO, the logistics and distribution group that operates mostly in Africa. “Underwriting conditions have not changed globally of late. Conditions remain mostly favourable to buyers,” said Regis de Poncins, CFAO’s head of risk management, insurance and safety. “There may be changes in one or another line but they are due more to loss levels and the particularities of our activities. In general, there have been no developments in the market with a negative impact on our programmes.” This situation looks set to remain unchanged for a while yet. Mr De Poncins noted that there are few, if any, signs that the abundant capital driving current market conditions will dry out. “There is much availability of capital, which provides capacity for several kinds of risks,” he said. “There are also new players in the insurance market.” — Rodrigo Amaral

5/5/16 17:10:12

France

EUROPEAN RISK FRONTIERS

Commercial Risk Europe editor ADRIAN LADBURY interviewed Dominique Guérit, managing director of HDI Global SE, France, as part of this year’s European Risk Frontiers survey. Mr Guérit said customers in France are focused on intangible risks such as contingent business interruption and cyber, as well as global programmes. The key for insurers such as HDI is to focus on innovation, sophisticated risk analysis/engineering advice and teamwork, he said. Furthermore, he stressed that insurers must be prepared to walk away from risks if price, terms and conditions are not adequate

Service is the key factor in today’s market PARTNERSHIP IS ALL

ADRIAN LADBURY [AL]: What are the big risks that you think keep your customers awake at night? DOMINIQUE GUÉRIT [DG]: Not surprisingly, the

■ A combination of strong management, local expertise and ongoing collaboration between client, broker and insurer are key to success for global programmes, according to Benoit Le Corre of France-based broker Verlingue, a member of the World Broker Network

main concerns of our customers are also our main concerns—there is a natural overlap as we are insuring their business. Contingent business interruption remains a worrying area for many customers because this is a real risk that is difficult to measure and assess and yet can have a big impact on the balance sheet. This was clearly shown by the losses generated by the Japanese earthquake and Thai flood losses in 2011. Some of the companies that were damaged by these losses either directly or indirectly via their supply chain could never actually quantify the actual losses and so make claims. This was a harsh lesson for the whole market. This, along with cyber, is the kind of risk that keeps risk managers and insurers awake at night. It is also the kind of risk that insurers need to analyse very carefully before they underwrite, ensuring that the price is adequate, potential accumulations are appreciated and reinsurance is in place.

AL: The market remains very competitive, with new players still arriving in the corporate space. But what customers say they are really looking for is not more capacity but broader and more innovative services in areas like loss engineering. Are you able to offer such services? DG: When it comes to sophisticated risk analysis, our clients actually hold the detailed data and knowledge about their own business. We have clients in very complex and sophisticated industries such as steel and power generation whose engineers know more about their business than us. But, critically, what we can bring is a worldwide perspective, historic loss data for specific sectors and a very constructive dialogue with our experts and engineers. Customers really value this good technical feedback and comparison. AL: How do you feel the insurance industry needs to improve service levels for risk managers? DG: Information is critical as we support our customers. We have to be able to store and retrieve information and make it available for the whole company and customers alike. This is one of our challenges and objectives. Information is key. We need to be able to deliver exactly what the customer is looking for and in the timeframe demanded.

“ Contingent business interruption remains a worrying area for many customers because this is a real risk that is difficult to measure and assess and yet can have a big impact on the balance sheet. This was clearly shown by the losses generated by the Japanese earthquake and Thai flood losses in 2011. Some of the companies that were damaged by these losses either directly or indirectly via their supply chain could never actually quantify the actual losses and so make claims. This was a harsh lesson for the whole market. This, along with cyber, is the kind of risk that keeps risk managers and insurers awake at night...”

AL: Global programmes have become very important for customers as they expand internationally in search of growth. How exactly are you improving in this area? DG: Transparency is really important. It is vital to have a wide international network. It is equally important to have a team that works together so the customer is confident that whatever has been proposed will be delivered and they can rely on good people who ensure that any problem is solved as quickly as possible. AL: How can you continue to grow your business in such a soft market, dominated by high capacity and competition?

10-CRE-Y7-04-France.indd 10

DOMINIQUE GUÉRIT DG: There is a huge amount of capacity

available currently but not for everything by any means. There is a lot of following capacity but not really any new capacity that is able to lead international programmes. For this, we are competing with a rather small group of existing international insurers. I do not see that this group has grown [during] recent years. In this market, service is paramount and you have to be prepared to walk away when necessary.

LOBAL PROGRAMMES ARE FAST BECOMING A CORE TOOL IN THE

management of corporate risks for the fast-rising number of French and European companies with international operations. However, this is not a simple area to manage. Risk managers rely heavily on their broker to make sure the programmes are compliant and that claims are paid when and where they are supposed to be. This year’s European Risk Frontiers survey asks Europe’s risk managers what risk managers, brokers and insurers need to do to ensure that international programmes work as intended. Benoit Le Corre, director of communications and marketing at France-based broker Verlingue, said new risks and their global dimensions have a direct impact on how companies should design and handle their international insurance programmes. He added that Verlingue believes effective management of global risk relies on five essential elements. The first is a need for a structured risk identification approach to fit the specific needs of each client. “The international dimension of a company with cross-border operations—whether it’s in three countries or 30—can expose it to unknown, new or underestimated risks. The collection of all local data such as activity descriptions, IT process description or industrial process description, loss runs and current insurance documentations is the best way to an efficient and thorough analysis essential for drafting insurance solutions,” he explained. The second key element is an up-to-date knowledge of each country’s local regulations, legal requirements and cultural differences. “The increasingly complex challenges of international insurance management include being aware of and complying with countless local regulatory demands and obligations. Unexpected taxes, legal requirements, non-admitted policies, local insurance obligations or cash-before-cover obligations are some examples that companies need to comply with. If these areas are ignored, or if the customer or broker is unaware of these local realities, it can lead to heavy sanctions or penalties or a refusal of the right to carry on operations in the country. Local regulations evolve and it is critical to update each client’s knowledge of them,” said Mr Le Corre. The third essential element is data management and communication. “A global data management system to meet the demands set by experienced international clients, brokers and insurers is essential. Multiple languages, currencies, easy access and uniform reporting are expected features for enjoying secure access to shared client data, projects, policies and service activities,” explained Mr Le Corre. Fourth is the need for strong expertise to design innovative insurance structures. Mr Le Corre said all international companies need to have access to the full spectrum of insurance options. These range from standard international insurance architecture, such as global programmes combining a master policy with locally admitted policies placed in the local risk locations, to tailor-made innovative solutions, he explained. And, finally, a strong global network that really works is a critical element, said Mr Le Corre. “The ability to coordinate a client’s global risk exposure on a centralised basis is pivotal. The combination of local delivery through an international and responsive network with centralised global oversight and management, enables clients to stay informed day-to-day on the management of their coverages all around the world, while monitoring the implementation of their risk management strategy,” he explained. In conclusion, Mr Le Corre said risk management and transfer is a dynamic process. “It requires a strong partnership between client, broker and insurer. We believe the key is a combination of strong management, local expertise and ongoing collaboration between the client, broker and insurer,” he said.

5/5/16 17:09:55

Conﬁdence is on the agenda.

Insurance solutions for ﬁnancial institutions from AIG. Today’s ﬁnancial institutions face more risk than ever, due to a growing breadth of regulations and heightened enforcement. Having the right coverage is critical. At AIG, we offer cutting-edge insurance solutions built to meet the challenges of risk today—and will keep innovating to meet the challenges of tomorrow. Learn more at www.aig.com

Insurance and services provided by member companies of American International Group, Inc. Coverage may not be available in all jurisdictions and is subject to actual policy language. For additional information, please visit our website at www.aig.com. AIG Europe Limited is registered in England: company number 1486260. Registered address: The AIG Building, 58 Fenchurch Street, London, EC3M 4AB

AIG13069 D&O_Confdnce Ad_A3_CommRiskEurope NOV 15.indd 1 11-CRE-Y7-05-AIG.indd 11

04/11/15 6:17 pm 5/5/16 14:06:26

Portugal

EUROPEAN RISK FRONTIERS

Across the next few pages we bring you the Portuguese leg of our European Risk Frontiers survey. This year the project is sponsored by HDI Global and World Broker Network. The survey asks leading European risk and insurance managers about the key issues affecting their companies and job role. At the roundtable discussion in Porto we heard about the key business risks for Portuguese participants, with cyber and new EU data protection rules very much front of mind. Discussion also focused on the risks associated with global expansion and political uncertainty in Portugal and beyond. When it comes to insurance, discussion concentrated on areas for improvement and a tough workplace accident market for buyers. Rodrigo Amaral reports…

Cyber_chief_among_ leading_risks 

[porto]—Cyber risk, market volatility and new responsibilities as a result of mergers and acquisitions rank among the main risks faced by Portuguese companies today, according to participants of the 2016 European Risk Frontiers survey. During a lively roundtable in Porto, heads of risk management and insurance at some of Portugal’s largest companies explained which subjects keep their bosses awake at night and what risk practitioners are doing to manage and transfer such threats. These threats range from challenges linked to Portuguese companies’ recent expansion abroad, to more traditional operational risks such as explosions, workplace accidents and fire. The severity of each risk can vary considerably depending on the size of the firm and sector in which it operates but some issues emerge as common worries for Portuguese risk managers. Top among them are cyber risks. “IT systems and their availability constitute an important risk for our company,” said Marcos Pinto, a risk manager at Sonae Industria, a manufacturer of wood products. “Companies are increasingly interconnected, business processes are strongly dependent on information systems and consequently IT systems are highly critical for us. This risk is mitigated by a disaster recovery plan, which is being currently renewed.”

affected firms to reassess their risk exposures and adapt their risk management activities to new areas of work. State-owned APDL, for example, has become a larger company by adding the Viana do Castelo port to its original facilities. It has also expanded its presence in the tourism cruise sector as a result of further mergers and acquisitions. “Our company has been through a number of mergers and, as a result, now we are responsible for managing 208km of inland waterways that include 80 private harbours and other structures,” Ms Martins said. “It has been very much focused on tourism, with the boom in the Douro river.” She added: “One of our main concerns is the risk of accidents in the waterways or in our harbours involving the ships. The mergers have given us enhanced visibility as we deal with a large number of international tourists.” The task of keeping tourists and cargo safe is compounded by the need to invest in infrastructure maintenance and improvement. This raises further challenges for the company. “We have a large project to enhance safety in the waterways that we manage,” Ms Martins said. “We want to improve communications with ships and take other measures to achieve that goal. The risk of not obtaining the funding necessary for this task is a concern for us.” Yet raising money is not an easy job in Portugal, with the government short of resources and the country’s banking sector going through a protracted restructuring process. “A major risk is liquidity,” Mr Pinto said. “The focus is to ensure that the company can obtain the financing required to carry on with operations, strategies and financial obligation.”

SYSTEM BREAKDOWN

“Our main risk today is linked to our IT systems,” agreed José Luis Amorim, head of risk management at Sonae holding group. “On the one hand, there is the matter of IT security. But today, companies also have a huge dependence on IT systems. If there is any kind of event that puts our systems into jeopardy, our businesses cannot function.” “The dependence on IT systems is also a concern for us,” said Paula Martins, head of internal audit and quality at Administração dos Portos do Douro, Leixões e Viana do Castelo (APDL), a port authority. “Traffic control and other vital activities are very reliant on them.” Keeping cyber threats at bay provides companies with a broad set of challenges. As IT systems evolve so do the nature of virtual threats, pointed out António Cândido, chief risk officer at engineering services group EFACEC. “Every year we test our IT disaster recovery system. We find some problems and we fix them. Then, in the next year, there are new problems that need fixing,” he said. Participants also stressed that cyber risks have a tendency to create problems beyond the disruption of IT systems. There is also the growing risk that access to IT systems is denied by hackers. “The matter of IT extortions is an increasing worry,” said Rufino Ribeiro, risk manager at oil group GALP. “Hackers not only invade a system but they block it as well. If companies do not pay a ransom, they do not unblock access to it. It is a huge problem for companies because some national laws forbid the payment of ransom. This is the case in Portugal, for example.” Long-nurtured corporate image and reputation

12-CRE-Y7-04-Portugal.indd 12

TRADITIONAL CORE

can be swiftly compromised by a cyber incident and even a negative social media campaign by third parties. Therefore, reputation risk is a big concern for Portuguese risk managers. “Reputation risk is a concern as well,” Mr Amorim said. “There is a great variety of potential events that can impact our reputation and the effects can be impossible to control. Of course, we have mitigation measures in place but we cannot stop some news piece being made public that affects us.” Some sectors of the Portuguese economy have gone through a consolidation process. This requires

Mr Pinto also flagged up the importance of more traditional operational risks. “Our business is the transformation of recycled wood into manufactured wood products, with a significant operational risk, which arises from fire and explosion accidents,” Mr Pinto remarked. “Therefore, this risk is a key concern and we are active in implementing standards, best practices and investments that are capable of reducing these risks.” “We have to be constantly worried about the risks of accidents and explosions, and there is [also] the cyber risks issue, which is very much on people’s minds today,” Mr Ribeiro said. He noted that a growing regulatory burden is adding to the list of threats that Portuguese companies have to manage. “Regulation and compliance are factors that are out of the control of companies and have a big influence on our businesses.” Another issue is market volatility, which can affect revenues as prices go up and down according to the whims of investors and economic winds. “In terms of contract risks, commodities prices have an impact on our business, especially of copper and steel,” Mr Cândido said. “We try to hedge this risk and use price review formulas in the contracts, but sometimes price volatility plays against us.”

5/5/16 17:09:13

Risk Frontiers MADRID Volatility Rules!

Hotel Miguel Angel Madrid, Spain 21 JUNE, 2016

■ The big picture in Latin America—focus on the economic outlook in Argentina, Brazil and Mexico ■ The political risk landscape facing Spanish and European companies when doing business in Europe ■ Brexit—a real threat to European recovery. How should European risk managers prepare for a possible UK exit and break up of the EU? SPEAKERS INCLUDE: ■ Jan Randolph, Director of Sovereign Risk, IHS Global Insight ■ Rafael Docavo-Malvezzi, Global Head of Risk and Americas Regional Product Lead, Political Risks and Trade Credit, XL Catlin ■ José Carlos Nájera, Chief Underwriting Officer, MAPFRE Global Risks ■ Nicholas Greenwood, Director, Afi Analistas Financieros Internacionales

FREE

for corp orate risk & i nsuranc e manage rs and brokers

HOW TO REGISTER

ONLINE: ■ http://www.commercialriskeurope.com/rfmadrid16 CALL: ■ +44 (0) 1580 201 783 EMAIL: ■ awhite@commercialriskeurope.com

http://www.commercialriskeurope.com/rfmadrid16 13-CRE-Y7-05-RF-Madrid.indd 13

5/5/16 17:22:26

Portugal

EUROPEAN RISK FRONTIERS

NEW EU DATA PRIVACY RULES WILL HAVE ‘BRUTAL’ IMPACT ON MANY FIRMS, WARNS RISK MANAGER 

[PORTO]—FORTHCOMING European regulation on data privacy is set to escalate cyber risks and have a “brutal” impact on many firms, warns a leading Portuguese risk manager. “At the European level, new data privacy laws constitute a major issue for companies,” said José Luis Amorim, head of risk management at Sonae Group, during the European Risk Frontiers survey. “We are all dependent on IT systems and we all have a significant exposure to data that belongs to clients. Although lots of people are happy to make private information available on Facebook and other platforms, their views change if that same information is found in a company’s database.” “We have millions of clients in retail business and we store a lot of information about them. The soon to be implemented directive on data protection is going to have a huge impact on all companies that have that relationship with their clients,” he added. The European Parliament adopted the General Data Protection Regulation (GDPR) on 14 April (see related article on page 19). It imposes new obligations on companies that hold information belonging to third parties, and on supervisory bodies to ensure adequate data security measures are in place. According to Mr Amorim, the GDPR could add a huge financial burden on companies through heavy fines. The GDPR establishes that fines for data protection breaches could be as high as 4% of a company’s global turnover. But there are many other areas of concern for companies, he said. “The forthcoming rules are brutal, for example from the point of view of communicating incidents,” Mr Amorim said. “We need to be aware that all our systems are the target of successful attacks, even if we do not know about them. But the time gap to communicate any events that we find out about will be very short, a mere three days. In other words, companies will not have time to even perform an investigation about the causes. “Secondly, the fines to be applied could reach enormous values, as they will be linked to companies’ revenues. Many firms work with large revenues but narrow profit margins. If fines are indexed to revenues, the impact will be brutal.” Mr Amorim stressed that many companies will have to rush to adapt their practices to the new data protection rules in time. This will only compound the challenges they face from cyberrelated risks, he said. “The new rules will be triggered in 2018, so companies will not have a lot of time to adapt to them,” Mr Amorim explained. His own company is already taking

12-CRE-Y7-04-Portugal.indd 14

“ We have millions of clients in the retail business and we store a lot of information about them. The soon to be implemented directive on data protection is going to have a huge impact on all companies that have that relationship with their clients” JOSÉ LUIS AMORIM

measures to avoid falling foul of the regulatory onslaught. “We have a project to implement a robust data protection system, in addition to the one we already

have in place, as for several years we have known that tighter regulation was coming,” he said. Even then, he stressed, companies are exposed to a tremendous risk, not least because cyber criminals are also evolving and often at a faster pace than companies and regulators. “The problem is that information has a market value and hackers usually have more time and better resources available to them,” Mr Amorim said. “And they can hide themselves, which companies cannot do.” Then there is the matter of suffering for the sins and omissions of business partners. “IT risks lie not only within our companies; they are with our partners as well,” Mr Amorim warned. “In fact, it has been statistically shown that in the past five years a large majority of intrusion incidents were performed via

“ Insurers like to say that they are offering cyber coverages, but once you take a closer look at the policies they do not cover anything. Perhaps they make sense for banks and financial companies; but for industrial firms, which make actual investments, having the current coverages in place is equivalent to having nothing at all. The insurance market has been talking about cyber risk solutions for a couple of years already but in reality there are zero viable options for us in the market today...” RUFINO RIBEIRO

the systems of business partners, rather than companies’ own systems.” He continued: “The new data privacy laws add a new dimension to the cyber risks problem. It is not a dimension that will help to solve the problem. If Target, in addition to dozens of millions of dollars in losses, had to pay a fine equivalent to a share of its global revenues, it is hard to imagine how this would have helped the company solve the problem.” In December 2013, hackers stole credit card data on 40 million of US retailer Target’s customers, and information from 70 million others. The net cost of the breach, before tax, was $184m, the company said in its latest earnings report. The insurance market has been called on to help companies face this threat. Mr Amorim acknowledges that insurers and brokers have made some progress but it is still hard to argue that the market is meeting the needs of corporate buyers. “I believe that insurers have succeeded to translate into the policies some cyber coverages that make sense. And they have helped us to evaluate our exposures,” he said. “But we have concluded that their diagnoses of what they can do for us lie well below what we are already doing. Insurers are behind buyers in terms of the appreciation of the risk.” Rufino Ribeiro, risk manager at the oil group GALP, put things more bluntly. “Insurers like to say that they are offering cyber coverages, but once you take a closer look at the policies they do not cover anything,” he said. “Perhaps they make sense for banks and financial companies; but for industrial firms, which make actual investments, having the current coverages in place is equivalent to having nothing at all.” He concluded: “The insurance market has been talking about cyber risks solutions for a couple of years already but in reality there are zero viable options for us in the market today.” —Rodrigo Amaral

5/5/16 17:09:25

EUROPEAN RISK FRONTIERS Portugal

Cost of workplace accident cover jumps in Portugal 

[porto]—portuguese companies are suffering a rare hard market for commercial cover as the cost of workplace accident insurance has risen steeply during the past two renewals, say risk managers participating in our European Risk Frontiers survey. Rates have more than trebled for companies with bad risk profiles. Such conditions are, however, a peculiarity of the Portuguese market where workplace accident insurance is mandatory for all companies and fierce competition between insurers drove the segment to the brink. “In the segment of workplace accidents, there has been a trend, in the past year or two, for prices to go up,” said Luis Campilho, insurance manager at EFACEC, the engineering services group. “We have stability clauses in our policies that provide us some guarantees. Our loss ratios, which had improved two years ago, have gone up a bit of late, but we still managed to maintain the same rates of our previous contract. But the segment is indeed under pressure.” Sources say the crux of the matter is underwriters previously pushing prices and conditions so low that many were struggling to make ends meet. In fact, a number of acquisitions have taken place in Portugal during recent years involving insurers that, to different degrees, were among the most aggressive players. “The insurance supervisor has demanded that subscribers act more responsibly, because there was a time when technical results for workplace accidents were disastrous,” said Rufino Ribeiro, risk manager at oil and gas group GALP. “Consequently, rates have gone up. Large companies, however, have significant negotiation power and have not suffered much with the price rises. Mid-market companies have suffered more.” He added: “We are still negotiating our workplace accidents programme but the initial signs are that insurers will be looking to raise prices as well.” The hardening has been so marked that companies are making an extra effort to reduce their exposures to the risk.

12-CRE-Y7-04-Portugal.indd 15

“We have already detected this trend some years ago and have engaged with our insurance stakeholders [broker and insurance companies] to deal with it. We have agreed with them to have policy conditions impacted by the work accident performance,” said Marcos Pinto, a risk manager at Sonae Industrial. “In a proactive way, through our HSE teams and insurance companies, we have been implementing internal awareness campaigns in our industrial plants to tackle our main risks of work accidents. We are taking similar approaches to other insurance lines as well. Instead of simply placing the risk in the market directly, we strive to work together with insurance companies to tackle the most important risks that have been identified.” Other than workplace accident cover, Portuguese buyers tell a familiar story about the state of the commercial insurance market. “We did not notice any significant variations in price and conditions in our latest renewal,” Mr Campilho said. They face, however, difficulties in buying all the coverages they would like. “We would like to see the market innovate in the field of guarantees for some kinds of production goods,” said Mr Campilho. “We had, until 2013, a policy that covered large industrial transformers. But it was an extremely expensive coverage and it was restricted to transformers. We tried to extend the coverage to other equipment, including robotics, but it was not possible.” “We have identified some issues in casualty lines,” said José Luis Amorim, head of risk management at Sonae Group. “We have a global programme and, as is the practice in the market, we work with large insurance groups. But those groups often do not have, at local level, as robust a presence as they have in the largest markets and this becomes a problem in Portugal.” He continued: “We are very much exposed to personal injuries in our stores. But we have faced a lack of ability of insurers to meet our needs in this area, as they do not have a big enough physical structure in Portugal to provide us with quick answers to accidents that result in personal injuries. If the reaction to an accident is not quick,

it causes plenty of disturbance to the person who suffered the injury.” Mr Amorim would also like to see progress on coverage of electronic gadgets that companies increasingly rely on for their daily operations and communications. “Another area where the market is not answering our needs is theft or accidental damage to electronic equipment,” he said. “For a long time insurance companies did not understand that the risk they were exposing themselves to when they sold policies that covered electronic gadgets and loss ratios are, in fact, brutal. It is a serious problem, not only for buyers, but also for insurance companies. We sell electronic equipment and insurance— and we have more problems with the latter than with the former.” “We have been in touch with insurers and we concluded that this is a global problem,” Mr Amorim went on. “Our gadgets are ever easier to use, they have more capacity and they are more expensive too. The risk of finding oneself without equipment is a big one and insurers find it very hard to deal with this.” Mr Ribeiro, on the other hand, believes the insurance market needs to better deliver on political risks; an increasing concern for Portuguese companies as they expand abroad. “Insurance markets still do not have satisfactory solutions for political risks,” Mr Ribeiro said. “Take the case of Repsol in Argentina: is it possible to buy a coverage against this kind of risk? I do not think there is capacity for it and it is something that can affect any of us. You can suddenly lose all your investments in a certain country.” Repsol had its Argentinean operations nationalised in 2012. “There may be capacity available for political risks but we get some brutal quotations,” Mr Ribeiro said. “When we consulted the market about coverages for Morocco and Nigeria, the answers we had offered very low limits at a high price.” —Rodrigo Amaral

5/5/16 17:09:37

Portugal

EUROPEAN RISK FRONTIERS

Adapting risk management

to global expansion



[PORTO]—SINCE THE FINANCIAL crisis, Portuguese companies have intensified their search for new sources of revenues and have increased their presence in markets around the world. The search has taken them to some of the most challenging places to do business, which is causing headaches for risk managers. African nations such as Angola and Mozambique, as well as Latin American countries such as Brazil, are natural markets for expanding Portuguese companies. Once operations begin, firms and their risk managers often have to deal with issues such as civil turmoil, wars, crime and corruption. “Our first major risk is often the access to reserves of oil and gas,” said Rufino Ribeiro, risk manager at GALP, the hydrocarbons group. “We cannot choose the location of the reserves, we have to go where they are found, and they tend to take us to some challenging places.”

Piccap

BIG RISK, HIGH COST

“A second risk is related to the execution of projects. We have a number of investments spread around the world. We are developing several projects in Africa and South America. These are large projects, entailing big risks and very high costs. In our business, a short-term horizon is five years from now and the long run is 20 years. We are making investments with the year 2030 in our sights. We have just started to extract oil in Brazil in a project that dates back to investments made in the year 2000,” he added. It is not surprising therefore that geopolitical developments need to be followed closely by companies such as GALP. Implications for business risk and opportunity can be huge. “Geopolitics is an issue,” Mr Ribeiro said. “Oilproducing countries can be complicated business environments. Sometimes there are armed conflicts and other difficult situations to deal with.” In order to enhance risk management capabilities to cope with increasingly global operations, his company has restructured its activities. “Two and a half years ago we restructured our risk management and insurance departments; nowadays our focus is broader, not restricted to risk transfer,” he said. “We deal with management issues, sustainability and other topics that are essential for the future of the company.” The task has not been simple but the outcome is a more integrated approach to risk mitigation, Mr Ribeiro remarked. “The restructuring has required a major effort. We are present in 18 countries, in Africa, the Middle East, South America and Europe, and we have increasingly felt the need to integrate risk management activities within the group,” he said. GALP is not the only Portuguese company to tackle risks on a global basis. EFACEC, the engineering services group, has faced similar challenges as it spreads across the globe. “Some of our projects are often developed in the

driven by business partners in foreign markets. It is therefore a good idea to take measures to reduce the risk of a nasty surprise. “We perform analysis of our business partners as part of our risk management processes. We evaluate their financial situation, taking a look at their balance sheets to check how solid they are,” Mr Cândido said. “We check whether they are involved in court cases and so forth. We started to do that three years ago and we have looked into more than 500 companies. We have a code of ethics and we invest in formation and training of our staff.” Sometimes, however, there is not much choice and companies have to mitigate the risk through internal measures. “We make an analysis of our business partners,” Mr Ribeiro said. “We develop efforts to educate our staff on bribery prevention and sustainability. Our measures are audited and have visibility. In sectors such as ours, when you go to some countries it is impossible not to work with certain companies, so you cannot choose your partners very much. But we expect our staff to follow our internal rules in a strict way.” Careful selection of business partners is also necessary because of a global clampdown on corruption and money laundering. The US Foreign Corrupt Practices Act and the UK Bribery Act are the two most visible pieces of legislation that demand companies improve their behaviour. Government bodies in Portugal, however, have also pushed good practice.

ANTI-CORRUPTION

course of three or four years and sometimes they are located in places with difficult access,” said António Cândido, the company’s chief risk officer. “Even before we are granted a project, we need to do surveys and other kinds of work on the field. The security of our colleagues is therefore a big concern for us.” EFACEC has more than 2,400 employees working on projects around the world. However, its international activities still require partnerships with businesses in foreign markets, which can be a source of risk. “Many of our projects abroad are developed with local partners,” Mr Cândido said. “Choosing the right partners may be a difficult task. A partnership is to some extent like a marriage and you should have enough time to know your spouse very well.” The selection of adequate partners requires a careful approach. Global companies have seen themselves involved by proxy in corruption, slavery, money laundering, environmental damage and other scandals

“Conselho de Prevenção da Corrupção, an anti-corruption body, issues every year a set of recommendations that public sector entities must follow,” said Paula Martins, head of internal audit and quality at port authority Administração dos Portos do Douro, Leixões e Viana do Castelo. “And we notice that every year the list of recommendations gets longer. It includes the implementation of codes of ethics, the training of all staff members and other measures. And there are auditing entities that check out whether we are adopting those policies or not.” As they grow abroad, Portuguese companies would like to receive more support from their insurance partners. They note that it can be a struggle to set up coverages for their activities in foreign markets. For instance, quicker responses to contract-related commitments would be a welcome development. “We have many projects abroad and we purchase a good number of insurance policies so that we are covered,” Mr Cândido said. “Sometimes, we have only a short time available to arrange a specific coverage after the contract is signed. We are allowed ten or 15 days to present these coverages and sometimes that is not enough to link up with our insurers in order to put the policy in place. Response time is key.” —Rodrigo Amaral

Economic and political risks to the fore in Portugal Concern over mandatory insurance for every industrial site DAYS WHEN PORTUGAL’S DIRE ECONOMY WAS A THREAT TO THE  THE survival of the eurozone are behind us, but the country’s economic and

political uncertainty continues to cause concern and add to the challenges faced by Portuguese firms. Despite improvements in recent years, economic growth in Portugal remains sluggish. It reached a mere 1.5% in 2015. The European Commission forecasts 1.6% expansion in 2016. Unemployment, at more than 12%, continues to be high, along with corporate debt levels. The banking sector is going through a wave of acquisitions by foreign companies after a number of lenders went bust. At the same time, its current centre-left government relies on a precarious coalition and finds itself under pressure to dump austerity policies, a move that could compromise the country’s difficult fiscal position. All this is causing concern for Portuguese risk managers. “Right now, one of the risks that worries us most is political risk in Portugal,” said José Luis Amorim, head of risk management at the Sonae Group during a roundtable that made up part of this year’s European Risk Frontiers survey. “We have a very important exposure to the Portuguese market and, as a consequence of the current situation, risks derived from political and economic instability have increased considerably,” he added. “Political and economic risks are very important for us,” agreed António

12-CRE-Y7-04-Portugal.indd 16

Cândido, chief risk officer at engineering services group EFACEC. “A significant part of our business is linked to projects that we develop abroad. In order to be able to take them forward, we rely on the banking sector, which provides us credit lines, financial guarantees and so forth. The cost of this is [highly] correlated to country risk. Some clients abroad demand that guarantees are provided by specific financial institutions, and our competitors from other countries do not face the same challenges to access the required banking guarantees.” The uncertain political direction of the Portuguese government and the need to raise taxes for the cash-strapped public purse, generate yet further worries for companies. “There is a trend in Portugal for supervisory entities to become autonomous in financial terms,” Mr Amorim said. “Which means that they will have an economic interest in tighter supervision. I am afraid we will increasingly see those bodies chasing fines.” He added: “It is something that Portuguese companies are already used to enduring on the tax side. Every time a company receives a visit from the tax authorities, many mistakes are found and fines are applied, although they are finally not paid out because they do not make any sense. It is something that could spread to other areas too, where there are some exposures that are difficult to control.” Domestic political risks can even affect insurance coverages. There is the potential for legislation to become erratic and result in demands that companies find hard to comply with. “In Portugal, there is a new regulation regarding mandatory insurance for industrial sites,” said Rufino Ribeiro, head of risk management at oil group GALP.

“It demands that an individual policy is signed for each site, which does [not] make any sense. Just consider the fact that we have over 700 gas stations in Portugal. That could mean that we need to arrange 700 insurance policies. It is an absurd situation.” Companies are now trying to understand what the new rules imply when signing new insurance policies. But the devil is in the detail, or, more to the point, in its absence. “To make matters worse, complementary regulation for the law has not been completed, so we cannot even be sure how it applies,” Mr Ribeiro said. “But it could create an unimaginable administrative burden for companies.” “We are discussing with our brokers how we are going to deal with this,” pointed out Luis Campilho, insurance manager at EFACEC. “At the moment it is not clear what we are supposed to do.” One possible outcome is that nothing will come to fruition from the law. The European Risk Frontier participants noted that this is not an unusual occurrence in Portugal. If this is indeed the case, it will only generate costs for companies that attempt to comply, while those that simply ignore it will be let off the hook. Again, this would be nothing new for Portuguese firms. “A few years ago, a law was implemented that made it mandatory for companies to have in place financial guarantees for environmental liability,” Mr Rufino said. “Companies had to do a lot of internal work to assess exposures but in the end, complementary legislation was not approved, compliance to the law was not audited and nothing has really happened. It only created large costs for companies.”

5/5/16 17:09:47

EUROPEAN RISK FRONTIERS Portugal

Local and independent

advice key when expanding to Portugal, argues MEDIAN MEDIAN–Corretores de Seguros is the Portuguese member of World Broker Network, co-sponsor of this year’s European Risk Frontiers survey along with HDI Global. The broker’s technical director João Almeida-Santos explains why it is so important for multinational companies keen to expand in Portugal to take truly local advice



risk managers who work for

companies that are considering expansion to Portugal need local expertise and support to handle specific risks and some complex local rules and regulations, according to João Almeida-Santos, technical director at MEDIAN–Corretores de Seguros, the Portuguese member of World Broker Network (WBN). That support is naturally best provided by experienced professionals on the ground who know Portuguese laws and customs inside out, Mr AlmeidaSantos told Commercial Risk Europe in interview for this year’s Portuguese leg of the European Risk Frontiers survey. Mr Almeida-Santos said many risks are unique to the Portuguese market and solutions that work elsewhere in Europe or worldwide cannot be easily applied. “In Portugal, workers’ compensation is compulsory and has seen recent developments on coverage and premium rates. Because of long-term bad underwriting results, the market has hardened significantly and underwriting is more demanding,” explained Mr Almeida-Santos. Close control of claims statistics is imperative to secure good underwriting in the renewals processes, he added. Mr Almeida-Santos said that liability is another crucial area. “Portugal is one of the countries with more compulsory liability insurances, most of them with statutory wordings. These have to be issued locally, using a local registered carrier. Liability compulsory covers go from general TPL for specific industries,

17-CRE-Y7-04-Portugal.indd 17

environmental (accidental and impairment) and professional indemnities,” he explained. Then there is the matter of natural catastrophe risk that has become tougher to manage in recent times. “Earthquake is vital and Portugal has a national universal tariff that defines premiums by region and construction age. All of this is well known to Portuguese risk managers and established brokers here, but it is not known to cross-border companies looking to come to Portugal,” said Mr Almeida-Santos. Mr Almeida-Santos said the Portuguese insurance market has witnessed several mergers and acquisitions in recent years, mostly triggered by the weak financial performance of some major players, predominantly in the financial markets. “Banks have been rescued and most have been obliged to sell their insurance arms. The soft market clearly has ended, increases in some lines are significant, underwriting is more demanding, and more and better information is being required. This is also a consequence of the implementation of Solvency II,” he explained. The best approach for brokers and insurers in this market is to focus on service, according to Mr AlmeidaSantos. “Our strategy, as always, has been focused on servicing the client. Time has proved that good service creates strong bonds with clients and shows that the work done is benefiting them both when things are good and when conditions and premiums are more demanding,” he said. Mr Almeida-Santos said poor technical results posted by insurers are being scrutinised “severely” and in some cases the national insurance regulator (ASF)

is intervening actively and determining conditions on some policies. Mr Almeida-Santos said that more needs to be done on claims and MEDIAN is working with WBN in this important area. “A lot has still to be done on the claims side. We have developed specific practices for assisting our clients with managing their claims ratio, allowing control on renewals. Also we have been able to work together with our WBN international partners, giving them information on how claims are handled in Portugal and assisting them and their clients in better understanding atypical behaviours of their local operations. This ultimately allows them to improve work conditions and local procedures,” he said. MEDIAN and WBN have seen growth in demand for global programmes. Mr Almeida-Santos argues that networks of independent brokers such as WBN offer customers a more customised and less bureaucratic service. “For two decades, we have handled dozens of international programmes coming to Portugal. Being part of a network such as WBN enables us to share the expertise we have developed. We believe it is critical for international programmes to cope with regulation and compliance, reducing risk on tax and financial requirements,” he said. “At the same time, being independent and locally owned, clients are assured of superior local knowledge, while avoiding the bureaucracy and culture clash, smoothing the workflow and handling the process of multinational programmes,” concluded Mr AlmeidaSantos.

5/5/16 17:08:59

INTERNATIONAL PROGRAMME NEWS

» THE BEST OF IPN Commercial Risk Europe’s International Programme News (IPN) is a monthly web-based service that delivers news and analysis on risk transfer and financing developments at international level. It examines initiatives from insurers, brokers and captive managers to help risk and insurance managers improve the way they manage and transfer their cross-border risks. Below are two leading articles from last month’s edition. You can access the full IPN newsletter at http://www.commercialriskeurope.com/ipn-home/ipn and sign up to receive the monthly email alert at http:// www.commercialriskeurope.com/ipn-signup.

» Is there still a role for reinsurance in global programmes? higher retention levels have reduced reinsurers’ influence on pricing big ticket insurance, according to Aon Benfield’s Bryon Ehrhart. Traditionally, the reinsurance market was hugely influential in the provision of primary insurance. Hard markets were brought on by a change in the reinsurance market, often caused by a major catastrophe. But for global programmes, this has not been the case for some time. During the past ten to 15 years, the influence of reinsurance on global programme renewals has declined significantly, according to Bryon Ehrhart, chief executive officer of Aon Benfield Americas. This is because big international programme writers have largely raised their retentions to very material levels of around $25m to $50m of retained risk per account. “So a lot of what used to be reinsurance influence on those large global schedules has declined greatly,” explained Mr Ehrhart. This is true across most lines. Mr Ehrhart said that for large business lines—general liability, workers’ compensation, commercial auto, directors’ and officers’, and marine—retentions have gone up significantly in the past ten to 15 years. This is also true of insurers that are the next tier down from the big global players, he added. Mr Ehrhart pointed to commercial property, where if reinsurance retained real influence it would have reduced the costs of global programmes substantially. “In the most exposed sections of the US east coast, it [reinsurance] has gone down by approximately half in the past four years,” he said. “If insurers were following reinsurance pricing trends, you would have seen property rates decline steeply for the catastrophe component, and we just haven’t seen that. “In my estimation, there has been more pricing discipline by insurers in the past five to ten years than what you have seen out of the reinsurance market. I don’t mean the reinsurance market has been undisciplined, it is just that they have seen unusually high levels of new capital flowing to the property cat opportunity and it has largely come from pension funds.” Property catastrophe is the one area where reinsurers still form a meaningful part of the capital that is deployed by insurance companies. “The pension funds have altered the pricing dynamics and they have been in favour of insurers; and I don’t believe that the insurers have passed a lot of that on to the lower retail pricing of insurance in the commercial space, although they have in personal lines,” said Mr Ehrhart. However, Mr Ehrhart added: “There are signs, from recent quarterly conference calls with insurers, that maybe there is some reassessment of the ability to use reinsurance to more carefully manage risks that are not clearly available to be hedged with pricing or underwriting terms and conditions. In the past two quarters there has been some reassessment as to whether the retentions are too high—and

18-CRE-Y7-04-IPN.indd 18

where they have been high during the past ten years, is that driving a performance that reflects poorly against their peers?” This is perhaps reflected in the news earlier this year that AIG had entered into a two-year reinsurance arrangement with Swiss Re, under which a share of AIG’s new and renewal US casualty portfolio will be ceded to the reinsurer. Another area where reinsurance has traditionally played an important role for corporates is the captive sector. The use of captives is not in decline and is in fact getting more and more sophisticated, said Mr Ehrhart. “They are finding ways to do closing insurance or reinsurance transactions to free up the collateral to make it available for the next or more recent set of risks that are taken by the captive. So we are seeing more sophisticated strategies around collateral management devoted to captives. But are the captives ceding more risk to insurers or reinsurers? I would say not materially,” he said. —Tony Dowding

»B I top cyber risk concern according to Aon captive survey Business interruption caused by data breach is the top cyber risk concern for businesses across all industries, according to Aon’s 2016 Captive Cyber Survey report. Third-party liability was the next biggest concern overall, followed by first-party breach costs and data and systems restoration, according to the survey of 128 captives managed by Aon. Loss of intellectual property, bodily injury and property damage were of least concern, it found. While business interruption was the top cyber risk across all sectors, the survey did find marked differences between industries for other risks. Third-party liabilities and first-party costs were of higher concern for dataholders, while producing companies ranked the loss of intellectual property second only to business interruption. Data and systems restoration featured second highest for the transport sector, while critical infrastructure was the only sector to place emphasis on property damage and even then it was ranked fifth. “While media coverage of cyber risk incidents tends to focus on data privacy and regulatory fines, across the board clients’ number one risk concern is business interruption, both during and after a breach. With continued digital transformation, we see this risk remaining at the top of executives’ cyber risk concerns across all industry groups,” Aon Global Risk Consulting stated. While physical damage was consistently rated as a low risk concern, with the exception of critical infrastructure, Aon believes this will become a bigger issue in the future. “Although property damage/bodily injury is currently rated as the lowest concern, with the Internet of Things we are beginning to see the link between digital and physical losses increasing, resulting in growing concern among both corporations and insurance providers,” it said.

However, physical loss is typically not addressed by a cyber policy. Property policies do not consistently respond to these types of losses either, Aon said. “This evolving area of risk needs to be watched carefully and companies should stay ahead of it by regularly connecting with their risk management expert and cyber insurance broker,” it added. Despite the growing frequency and scale of cyber attacks and increasing management focus, 60% of large companies do not buy cyber insurance, according to the report. However, purchasing is more prevalent for companies in data-rich sectors such as healthcare, retail and financial. Around 70% of companies classed as dataholders said they purchase cyber insurance, while just 17% of product companies (pharma, chemical and food) do so. Smaller companies were more likely to buy cyber insurance (55%) than larger companies (40%). Larger companies may have greater confidence in cyber security, but the low take-up also reflects the absence of meaningful capacity for larger risks and an inability to buy sought-after coverages like business interruption and contingent business interruption, as well as uncertainties surrounding the insurance industry’s willingness to pay claims in untested waters, Aon said. Only 47% of companies said they have included cyber premium in their budget. Dataholders were most likely to budget for cyber cover. Where companies do buy cyber insurance, 61% buy limits in the $10m to $25m range. This is extremely low given the exposures, Aon said. Only 17% of respondents buy limits in excess of $100m and most of these are companies in the critical infrastructure sector, it added. The main considerations when buying cyber insurance are terms and conditions, respondents across all sectors agreed. This is followed by pricing and capacity and limits. Claims resolution was another notable concern, especially for heavy industry. The cyber insurance market is expected to quadruple within four years, from around $2.75bn today to between $7.5bn and $10bn on an annual basis by 2020, according to Aon. There are now some 60 insurers offering cyber insurance around the world. “Currently, only about 12% of companies’ information assets are covered by insurance, whereas 51% of their physical assets are covered. Such figures suggest significant room for the cyber insurance market to grow in the coming years,” Aon said. The broker said that coverage has broadened and limits have increased for middle-market accounts, but not large accounts. Retentions remain stable for middle-market accounts, but there have been some material increases for large accounts, it added. Pricing also continues to rise in the wake of significant breaches, with some insurers reducing capacity or withdrawing from the market altogether. “While double-digit increases are being experienced across the board, pricing varies dramatically based on industry, size and scope of exposure,” Aon said. “Renewal premiums continue to increase even for insureds with no change in exposure profile,” it added. —Stuart Collins

5/5/16 17:08:43

E-NEWSLETTER

» THE BEST OF THE WEB Commercial Risk Europe reports the leading news stories of relevance to Europe’s risk and insurance managers every week in its electronic newsletter. Below is a round-up of the most popular articles published last month. To sign up for the free CRE weekly newsletter please go to http://www.commercialriskeurope.com/ more-information/newsletter/sign-up-here

» Willis sees potential end to soft commercial risk market in US A report from broker Willis Towers Watson on the state of the US commercial insurance market suggests that the soft market may finally be coming to an end. The broker said pricing declines that most buyers have enjoyed for several renewal cycles are slowing in a “complex” commercial insurance market, which raises the probability that companies will experience some price increases in various lines. The report was published in time for the annual Risk and Insurance Management Society conference, which took place in San Diego last month. Willis said that, overall, “ample” capacity in the global insurance market continues to buoy market conditions. However, it added that signs of increased underwriting scrutiny, combined with potential challenges stemming from the rapidly changing carrier landscape, are driving movement in some lines of business. The broker said that in the property market rates are expected to fall for most buyers. But the pace is definitely slowing, it added. “Some will find decreases only in the single digits, whereas last year they might have enjoyed double-digit reductions. Property rates are expected to decline 7.5% to 10% for companies without great exposure to natural disasters and 10% to 12.5% for those more exposed,” said Willis Towers Watson. “For general liability, rates for the remainder of 2016 are expected to be down—5% to flat—although for buyers with recent claims, increases of 5% to 10% are anticipated. Workers’ compensation costs are forecast to remain steady, with small increases or decreases for most buyers,” continued the broker. Willis Towers Watson said that in auto liability an increase in the frequency and severity of losses is driving rates up as much as 10%. Some leading insurers are re-evaluating their appetite or exiting the class of business, commented the broker. The broker added that the cyber insurance marketplace is increasingly “fragmented”. Willis Tower Watson reported that cyber renewals are seeing primary premium increases of 5% to 15% for most buyers, and 15% to 30% for point-of-sale retailers and large healthcare companies with no losses. Matt Keeping, head of broking for North America, Willis Towers Watson, said: “At the macro level, the market remains stable and pricing is still considered soft, but we may be starting to see the bottom end of that softening. In property, for example, there’s only so much the marketplace can give back. And while

19-CRE-Y7-04-BoW.indd 19

we remain in a period thankfully free of huge mega-disasters, losses line by line have taken their toll on marketplace competition. Plus, with interest rates low, insurance companies remain under revenue pressure. “The changes in the marketplace—the changing puzzle pieces—will force some insurance buyers to consider moves they might otherwise have been content to ignore. That, in turn, will raise the question of how carrier partners are chosen in the first place,” he added. —Adrian Ladbury

» Companies face new risks as EU data protection regs adopted The European Parliament has voted to adopt the General Data Protection Regulation (GDPR), with the new rules coming into force in 2018. The vote in mid-April completes a four-year journey for the European Union’s (EU) Data Protection Reform Package, which includes the GDPR. The rules will strengthen EU citizens’ data privacy rights and harmonise regulation across member states. Companies that operate in Europe have until May 2018 to comply with the new law, or potentially face fines of up to 4% of annual turnover or €20m. The European Parliament believes the new laws will uphold European citizens’ “fundamental right” to data protection while stimulating the EU’s Digital Single Market by “fostering trust in online services by consumers and certainty for businesses”. Member states have two years to apply the GDPR and businesses have the same timeframe to comply. The European Commission (EC) believes this is sufficient time to adapt to the new rules. It said it will work closely with member states to ensure the new rules are “correctly” implemented at national level. The Commission will also engage in open dialogue with stakeholders, notably businesses, to ensure there is full understanding and timely compliance with the new rules. The rules will apply to all EU organisations, as well as non-EU entities that do business in the EU with EU data subjects’ personal data. The tougher fines under the GDPR will be imposed within two years of the regulation being ratified. Mandatory data breach notification requirements are another headline initiative of the GDPR. Under the regulation, data controllers will be required to report data breaches to their data protection authority. The notice must be made within 72 hours of

data controllers becoming aware of a breach, unless there are exceptional and justifiable circumstances. Where the risk to individuals is high, data subjects must also be notified of a breach. A timescale for this process is not specified by the regulation, noted IT governance, risk management and compliance solutions firm, IT Governance. The firm also pointed out that regular supply chain reviews and audits will be required to ensure they are fit for purpose under the new regime. The GDPR introduces mandatory Data Protection Impact Assessment (DPIA) for certain firms. The DPIA, which is effectively a risk assessment, is needed when data processing carries “high risk” for the data rights and freedoms of individuals. The DPIA must lead to a document that explains data protection risk management processes. This document needs to contain an assessment of the risks linked to the rights and freedoms of individuals’ data. It will identify the risks, evaluate their frequency and severity and state how they will be mitigated. If the DPIA concludes that data processing will result in high risk activities, and there are no apparent mitigation solutions available, an organisation is obliged to enter mandatory consultation with the supervisory authority. Under the GDPR, a data protection officer (DPO) will also be mandatory for certain companies. A DPO is a mandatory function when a company processes personal data on a large scale or carries out regular and systematic data processes. Such organisations will need to employ a DPO to inform and advise staff on their data protection obligations, monitor compliance and be a contact point for the public and public authorities. The DPO is a protected function, which means they have to be independent and will have direct access to the highest management level. Firms whose core business activities are not data processing are exempt from this obligation. The GDPR does not specify the credentials necessary for data protection officers but does require that they have “expert knowledge of data protection law and practices”. During a webinar, Marie Gemma Dequae—scientific adviser to the Federation of European Risk Management Associations (Ferma)—said she and the Federation are concerned that the DPIA could stifle innovation and cause problems for members. “It could become an obstacle to innovation and development because when consultation with the supervisory authority is needed, data processing is suspended or delayed and the

company has to wait for authorities to evaluate the impact assessment,” warned Ms Dequae. Ferma is also worried that the definition of high risk relating to the DPIA is too vague and broad. It fears this raises the risk of the DPIA failing to hit its target and not delivering a real risk-based approach to data protection. “Another question is this definition of high risk data processing. What does it mean? It is important for high risk to be well defined, clear and unambiguous because it will not be a real risk-based approach if the definition stays vague or too broad,” said Ms Dequae. She also said that questions remain over the precise role risk managers will play in delivering the DPIA. “For data controllers, the question is will it be the chief risk officer or risk manager in charge of the impact assessment and [will they] organise it with the advice of the DPO?” asked Ms Dequae. Whatever companies decide, the former Ferma president stressed that the relationship and integration between DPOs and risk managers will be crucial to ensure thorough data risk management is achieved. IT Governance this week laid out further key changes to data privacy regulation in the EU as a result of the recently adopted GDPR. Firstly, personal data will be defined more broadly, bringing more data onto the regulated field. Secondly, parental consent will be required for the processing of personal data of children under the age of 16. EU member states may lower the age requiring parental consent to 13. There are also changes to the rules for obtaining valid consent. Furthermore, data subjects have the “right to be forgotten” under the GDPR. It provides clear guidelines about the circumstances under which this right can be exercised. In addition, companies will only have to deal with a single supervisory authority across the EU. This is designed to make it simpler and cheaper for companies to do business. According to the EC, citizens will now have “more information on how their data is processed, presented in a clear and understandable way”. “Businesses will also benefit greatly from the new rules,” it added. “The reform will boost legal certainty for businesses, with a single set of rules across the EU. Thanks to the one-stop shop, companies will only have to deal with one single supervisory authority—rather than the 28.” This, together with the simplifications brought by a single regulation, will save an estimated €2.3bn every year, noted the EC. It went on: “With the new rules, non-EU companies will have to apply, when offering their services to customers in the EU, the same rules as EU companies; thus creating a level playing field.” —Ben Norris

5/5/16 17:08:34

Continued from Page One

NEWS

ELD: Review stresses inadequate data on application of ELD CONTINUED FROM PAGE ONE The EC concludes in its REFIT evaluation that implementation of the ELD still varies “significantly” from one member state to another, in terms of the number of ELD cases and the way it is implemented. It is also concerned by a “patchwork” of environmental remediation. The EC says a few member states appear to make use of the ELD relatively frequently for environmental damage incidents, using it as a mainstream enforcement tool in circumstances where EU law might in any case require action. However, other member states appear to apply national legislation for environmental damage incidents instead of the ELD, it writes. The use of complementary and compensatory remediation methods could also be more frequent, adds the EC. “The observed ‘patchwork’ of environmental remediation, together with the lack of some key data on implementation and on the cost (both administrative and financial security), is a major challenge which needs to be addressed in the action plan following this evaluation,” writes the EC in its report. An EC source close to the ELD told Commercial Risk Europe that the directive works but only at a “low level”. He believes more needs to be done to achieve its aims. “I personally estimate that we exploit at present around 20% of possible EU environmental liability through the ELD. We should try now to do everything to exploit the potential of the ELD much more through better implementation so that we may harvest another 40%. In a future evaluation of the directive we will see, in a couple of years, what else can be done to bring the directive up to 100% of its potential,” said the source.

The EC notes that one of the major challenges in delivering the REFIT evaluation was a lack of data on ELD incidents and comparable incidents treated under national legislation. Other problems included a lack of awareness and information among stakeholders on the ELD; insufficient resources and expertise to implement the directive; uncertainties and ambiguities about key concepts and definitions, such as the ‘significant’ threshold over which the ELD kicks in; underuse of complementary and compensatory remediation; and insufficient data about environmental damage, remediation cases and costs. Valerie Fogleman, an environmental legal expert at law firm Stevens & Bolton, said the EC’s conclusion that it has too little information to draw strong conclusions about the ELD is telling. DATA DIVERSION “They say they couldn’t do the REFIT report adequately because they didn’t have enough information. They have conclusions but they are almost preliminary conclusions. They need to get more information,” said Ms Fogleman, who has previously written an official EC report on the effectiveness of the ELD. Gathering information and improving ELD implementation is now the focus for the EC. It is not suggesting any changes to the ELD at this time. “Significantly, what this report is not saying is ‘revise the ELD’. It is basically saying: ‘we have not got enough data and we need more’. So the EC is saying in the report we can’t conclude that we need revisions to the ELD until we get more data,” Ms Fogelman explained. The EC source agreed with this conclusion and told CRE that a further, as yet unplanned, evaluation of the ELD will be needed. In the

Hungarian red sludge spill in 2010

meantime, the focus will be on improving implementation of the ELD as it currently stands, he said. “We try now to focus on the most important things—this is raising awareness, information, training, interpretation of terms and concepts, administrative support to practitioners at authorities, companies and NGOs, data collection and accessible registries of ELD cases,” said the source. Ferma supports this approach and opposes any revisions to the ELD at this time. “It took six years for all member states to implement the ELD into their national legislation. They [have] just started to develop an ELD ‘expertise’. It is time to consolidate, not to introduce new changes,” said Carl Leeman, Ferma’s environmental expert. “The focus should be on what is working well and strengthening best practices. For instance: ELD training sessions for risk managers funded by the EU, like the one we organised last year in June, or a register of ELD events administered by the EU would be beneficial for everyone without setting budget constraints on companies and diverting investments,” he added. The EC’s REFIT evaluation does draw some positive conclusions on the ELD. It says that implementation of the directive continues to improve. It states that industry and other

stakeholders contributing to the evaluation are largely satisfied with the current legal framework. The REFIT evaluation finds that the directive has improved standards of prevention and restoration of environmental damage to a “certain degree”. It concludes that the application of the ‘polluter pays’ principle and use of strict liability has been improved across Europe as a result of the directive. Furthermore, it finds that the ELD has increased EU-wide liability for biodiversity damage, as well as public participation and access to justice for people affected by damage and nongovernmental organisations. CONSULTATION CONTINUES All of this will be taken into account during an EC ELD consultation with European institutions, stakeholders and the public. Ferma is following this process closely and will present its views at the fourth ELD stakeholder conference late this month. “The EC’s action plan will be discussed during this event and we intend to convey our messages on that day,” said Mr Leeman, who is also chief risk officer at Katoen Natie. As part of its action plan, the EC proposes a multi-annual rolling work programme for member states’ experts and stakeholders in order to improve evidence and help align national solutions.

The EC source said this programme will focus on implementation tools, improving the evidence base and “probably” on financial security. He said the ELD work programme will be developed during the next six to 12 months. It should be fully ready in 2017, with some parts probably coming online earlier, he added. The REFIT evaluation and accompanying EC report states that an ELD register will also be considered as part of any action plan. “The register will satisfy the needs of insurers, operators and competent authorities for better baseline setting, calculation of risks, decisions on remediation etc, as well as the Commission’s need for better data,” the EC writes. The EC further lays out three ways to address the uneven interpretation and application of key concepts of the ELD, raise awareness and knowledge among stakeholders and practitioners, and provide administrative support where resources are scarce. It suggests first that guidance or interpretative notices on key concepts should be drafted. Second, that the ELD training programme should be continued and widened. Third, it suggests that an administrative support and assessment facility or “clearing house” should be explored to help all kinds of ELD practitioners provide information and respond to the demand for expert advice on risk, damage and remediation assessment. The EC says the key priority is to promote alignment of national solutions and practices within the framework provided by the directive and identify how this can be applied effectively and coherently in a wider legal liability framework. Efforts are also needed to deliver better evidence on the actual impact of the ELD, both on the environment and on relevant stakeholders, states the EC in its report.

DVS: Jörg Henne is appointed full-time CEO of merged organisation CONTINUED FROM PAGE ONE “We are trying to improve our relationship with the GDV because communication has not been great in the past. It needs to improve, especially in key areas of innovation like cyber and business interruption and with the development of new laws and rules and regulations. We are working with Stefan Sigulla, who is now chairman of the KIG at the GDV and [we] need to establish a ‘red telephone’ system so that whenever something occurs that we need to talk about we can do so,” explained Mr Mahnke. The need for more clarity, consistency and certainty around global programme compliance is a key area of focus for the German risk and insurance management community. The Federation of European Risk Management Associations (Ferma) is also stepping up its efforts to seek more clarity from the International Association of Insurance Supervisors (IAIS). It has importantly gained the support of the Risk and Insurance Management Society in the US and the Pan-Asia Risk and Insurance Management Association. The European Captive Insurance and

01-CRE-Y7-04-Front.indd 20

Reinsurance Owners’ Association is also making progress in its efforts to seek a common and internationally agreed position on the validity of difference in terms and difference in conditions (DIC/ DIL) clauses. Ferma’s campaign is being led by Dirk Wegener, vice-president of the Federation, a DVS board member and global head of corporate insurance at Deutsche Bank Group. Mr Wegener recently told Commercial Risk Europe that Ferma is currently awaiting the results of an online member survey to clarify exactly what it needs to focus on. “Preliminary results of the survey indicate that the availability of DIC/ DIL coverage is a critical issue,” said Mr Wegener. FUTURE MOVES “After a review of the final survey results, we aim to approach prospective initiative members to form this coalition and discuss objectives and approaches,” he said. The new German association will clearly put its full weight behind this campaign. “International programmes is one example of a subject that we need to do

more on as an industry and community. We need a clear position on that as a market and need to consolidate and work with sister associations around Europe and with Ferma to present a united case to the IAIS,” Mr Mahnke told CRE. “We would like to be more involved and the merger with the Bfv will help because it presents a united German voice. But this is not something that needs to be done on a national level but rather on a European level via Ferma. This is one of the reasons why we have Dirk Wegener on the Ferma board. We have to find a more effective way of presenting our view,” he added. Mr Henne agreed that the merger will help with causes such as the campaign on international programmes. “This is also part of the merger because we will have a stronger voice and will be able to more effectively represent the German insurance buyer community at a European level and worldwide. Our strong position in the German market has not really been transferred to the European level and this merger has moved us towards having one voice here in Germany at least,” he said. Hans Jörg Schill, managing director of Fraport’s in-house broker, Airport

Assekuranz Vermittlungs-GmbH, and a board member of the GvW, added: “We need clarity on how to structure an insurance progamme to ensure we comply with all the legal and tax requirements.” LEGAL CERTAINTY Klaus Braukmann, group insurance manager at Continental and board member of the GvW, said: “We need uniform global coverage for everywhere where it is not allowed by local law currently. We need to find a way that makes it possible via DIC or DIL, or whatever is needed to ensure we do not violate compliance rules.” Antje Mertens, head of insurance services at Eberspächer Gruppe GmbH & Co KG, and another board member of the newly merged association, added: “We need legal certainty. We work very hard to try and ensure that we are compliant but no one can say that they are 100% compliant under the current system with all these variations on a worldwide basis. It is not right that you can sometimes only really find out if you were compliant in the event of a loss.”

5/5/16 17:11:21

21-CRE-Y7-05-Zurich.indd 21

5/5/16 15:08:24

Continued from Page One

NEWS

CYBER: US insurance prices increased sharply during 2015 CONTINUED FROM PAGE ONE cyber underwriter at Allianz Global Corporate & Specialty. “For example, clients do not differentiate between physical and non-physical damage from a cyber event, but the cyber market does not generally offer property damage for cyber events,” he said. A survey of captives by Aon last month revealed that large companies were less likely to buy cyber insurance than mid-sized firms. Some 55% of smaller companies buy cover, compared with 40% for larger companies. Just 17% of product companies (pharma, chemical and food) and around a third from critical infrastructure and heavy industry said they purchased cyber insurance. According to Kevin Kalinich, global practice leader for cyber risk at Aon Risk Solutions, the cyber insurance market has built appropriate coverage and limits to address the majority of identifiable information-related cyber exposures. These policies suit the retail, healthcare, financial institutions and hospitality industries. The majority of other organisations in sectors such as manufacturing, critical infrastructure, transport and heavy industry are concerned about cyber-related business interruption, extra expense, tangible property damage and bodily injury covers. “These are areas where the traditional cyber insurance market is in development mode with respect to limits—there are requests for $1bn of limit versus the $200m to $300m offered—and scope of coverage,” said Mr Kalinich. Cyber insurance penetration rates are still relatively low among large companies, according to Chris Storer, head of cyber solutions for Corporate Insurance Partner, the industrial client division of Munich Re. Even where companies do buy cyber insurance, they often buy narrow cover not necessarily fitting the unique exposures of their enterprise, he said. However, penetration rates will increase with new data breach laws in Europe and as cyber risk and insurance finds its way into the c-suite, said Mr Storer. Take-up rates should also increase now that insurers are offering more “appropriate” cover and limits, he added. In the past six to nine months there has been a notable step-change in buyer behaviour, according to Paul Bantick, UK technology and media group leader and underwriter at Lloyd’s insurer Beazley. Big corporates are now looking to buy large, bespoke and comprehensive standalone cyber insurance

programmes, including coverages such as business interruption, supply chain, property damage and bodily injury, he said. “Large corporates are looking to buy more tailored cover and more catastrophe-style cover than in the past. We have also seen increased demand for higher limits and retentions, together with bespoke wordings,” said Mr Bantick. CAPACITY COUP Last month, Munich Re announced a partnership with Beazley to offer high limits and broad primary cover. The move is just the latest by insurers to build a more meaningful cyber insurance offering for large corporates. “Primary cyber markets once offered limits of $15m to $20m, making it hard for large corporates to obtain meaningful cover. But Beazley, for example, can now underwrite broad primary cyber cover of up to $100m in limit under our partnership with Munich Re,” said Mr Bantick. There is now an active excess cyber insurance market in London, the US and Bermuda, while some primary insurers are now able to offer much higher limits and deductibles, according to Mr Bantick. “Some large corporates are buying cyber insurance programmes of $500m, while higher limits are available. The $1bn cyber programme may not be all that far away,” he said.

While it is possible to achieve limits of $500m, it is harder to build towers of cover above $300m, according to Mr King. In particular, it may be difficult to get excess markets to support a broad primary cover, he said. “Bespoke cover, such as including property damage or very broad CBI, can offend certain markets and this can make it very hard to build a large tower of insurance,” he said. “There is almost no appetite for property damage, and CBI is a big problem for some markets. CBI involves taking on the risk of disruption in the supply chain and there are real aggregation risks for insurers,” said Mr King. However, Mr Storer believes the partnership between Munich Re and Beazley should provide large companies with a sound basis to build significant towers of coverage. It should also give the following market the confidence to support the broad primary cyber insurance they offer, which can include property damage and bodily injury, as well as dependent business interruption, he added. “To have a successful cyber programme you need broad cover and sizeable limits; and for that, you need a credible lead partnership,” said Mr Storer. According to Mr King, good broking is, in some cases, eroding insurers’ resistance to certain cyber cover. Brokers are targeting flagship

accounts to extract broader coverage from the insurance market, he said. While the cyber insurance product does have some limitations, for clients that are well prepared and that understand both the human and technical aspects of cyber risk, the insurance market is willing and able to provide good cover, said Mr Christensen. “The vast majority of our clients can purchase the limits they are seeking but there are always cases where the market is not able to provide what is needed,” he added. There is a need to build cyber capacity going forward, according to Mr Christensen. “As clients’ understanding of cyber risk improves, they will require higher limits that may exceed market capacity,” he said. While cyber insurers are likely to increase limits as they become more comfortable with the risk, alternative capital providers could also enter the market in the future, according to Mr Christensen. STANDARD OPERATING SYSTEM Ongoing efforts to standardise cyber exposure reporting and develop cyber models could eventually attract alternative capital to the market, adding capacity through cyber cat bonds and sidecars, he noted. However, the property market should not be underestimated, said Mr Christensen. “In the future, property catastrophe underwriters could loosen

terms and conditions around cyber as they become more comfortable with the risk and with developments in data and analytics,” he said. The Aon cyber captive survey showed an appetite among large corporates to retain cyber risk in a captive. The captive can be used to customise coverage, control claims administration, fund lower deductibles and build capacity. Interestingly, the survey also identified interest in sharing cyber risk, opening up the possibility for industry cyber mutual insurers similar to those operating in the energy sector. Some 94% of captives surveyed by Aon said they would share risk with others in their industry as part of a captive facility writing cyber. “While modelling of cyber exposures and building customised solutions for large organisations is in its infancy, once we recognise that this unconventional risk requires creative solution approaches, industry-based cyber mutuals do not seem so farfetched,” said Mr Kalinich. Given the offerings from the commercial cyber insurance market— and the challenges in assessing and pricing cyber exposures—risk-sharing mechanisms like industry mutuals are likely to be some way off, believes Mr Christensen. However, Marsh’s captive survey has identified an uptick in single parent captives writing cyber insurance. Capacity is not the only issue holding back cyber insurance purchases for most large corporates, according to brokers and insurers. Although some clients do max out market capacity, the challenge of assessing cyber risks and responding to underwriters’ information requests are also affecting take-up rates among large corporates in the UK, according to Mr Christensen. Underwriting large corporates requires a large amount of work on bespoke wording and disclosure— especially for business interruption— which could discourage some companies from buying cover, explained Mr King. “Many large clients come to the market with minimal information on the likely business interruption losses from a cyber event. It is difficult for underwriters to understand what the worst-case scenario could be based on such limited information,” he said. According to Mr King, proposal forms for large corporates are very detailed and complex and, as a result, they are often incomplete when received by underwriters. “Part of the problem is that the scale of information required to underwrite cyber risk properly is often hard to source in large corporates,” he said.

AIG: Contingency against adverse market is baked into our plan CONTINUED FROM PAGE ONE “I’m wondering if you can update us a bit on your conversations within the group as well as just your general thinking on some of the big strategic questions, like remaining at SIFI… or how you’re thinking on divestitures evolving as your businesses become more modular,” he added, referring to AIG’s decision to restructure into three core operating units and a legacy operation to deal with runoff,

01-CRE-Y7-04-Front.indd 22

which was announced in February. A big part of the recovery plan sparked by the aggressive campaign from activist invester Mr Icahn was an announcement that AIG planned to return $25bn of capital to investers during the next two years. Mr Hancock said he would like to beat that goal. Mr Stirling asked whether that would need more sales or maybe the breakup demanded by Mr Icahn—who now has two representatives on the AIG board— to avoid SIFI status after all.

Mr Hancock said this was not the plan. “I think that as we’ve indicated, the $25bn goal is achievable with all of the actions that we’ve laid out. So, I would say that there is contingency against adverse market environment baked into our plan. So I do not think that being a SIFI in any way inhibits that $25bn goal. It’s not a binding constraint at all,” he said. But he did not rule it out completely, referring to an agreement AIG came to with the New York regulator to pay a $35m fine to

settle allegations that international businesses it has sold had marketed insurance in the state to multinational companies without proper licensing. “I think that the MetLife decision certainly raises the opportunity, should it be favourable, to consider that down the road. But I repeat that our current designation as a non-bank SIFI does not constrain our objectives as laid out in our strategic update. So we are watching very carefully the appeal process and we point to the efforts that we’ve

made as a company to [deleverage] the company, to derisk the company, since the crisis,” explained Mr Hancock. “We have great confidence that our plan to improve operating margins, to return capital to shareholders, will deliver expansion in ROE in our operating portfolio; and the thoughtful divestiture of the legacy assets in an orderly way will realise the optimal balance between book value growth and ROE expansion,” added Mr Hancock.

5/5/16 17:13:08

Your

responsiveness

Our

parametric solutions

Back

in business

When natural catastrophe strikes, how long will it take to get your operation up and running again? And how quickly do you receive payout to cover your expenses? In the slowly-unfolding aftermath of an event like the Honshu earthquake and its devastating tsunami, damage estimates are subject to time-consuming assessment and uncertainty of ﬁnal outcome. Our Business Continuity Cover removes this uncertainty because it relies on a simple, unambiguous trigger mechanism: when an earthquake’s seismic intensity exceeds a certain level, we pay. And you can rebuild your business. It’s as simple as that. We’re smarter together. swissre.com/corporatesolutions Swiss Re Corporate Solutions oﬀers the above products through carriers that are allowed to operate in the relevant type of insurance or reinsurance in individual jurisdictions. Availability of products varies by jurisdiction. This communication is not intended as a solicitation to purchase (re)insurance. © Swiss Re 2016. All rights reserved.

Size: A3 + 3mm bleed - PDF set up as 4 color - ﬁle: ARM-16-08662-P1_CS_Parametric_Comml_Risk_Europe-4-4

23-CRE-Y7-05-Swiss-Re.indd 23

5/5/16 14:04:52

What is Craftsmanship ? SM

To be crafted is to meet exacting standards. It’s the human touch that combines art and science to create something unique. We tend to think about craftsmanship in terms of physical things: fine wine, classic cars, custom furniture and iconic structures. But what about the underwriting of insurance to craft protection for your unique and valuable things? And the service behind that coverage when you need it most — like claims and loss prevention? For your business.

©2016 Chubb. Coverages underwritten by one or more subsidiary companies. Not all coverages available in all jurisdictions. Chubb®, its logo, Not just coverage. Craftsmanship.SM and Chubb. Insured.SM are protected trademarks of Chubb.

Your employees.

24-CRE-Y7-05-Chubb.indd 24

Your home. The people you love. Things that need a particular kind of protection and service. The kind Chubb provides. Not just coverage. Craftsmanship.

Not just insured.

Chubb. Insured.

5/5/16 14:04:28