Skip Navigation Links.
Collapse IRMI OnlineIRMI Online
Expand How To Use IRMI OnlineHow To Use IRMI Online
My Paid Publications
Expand What's NewWhat's New
Expand DashboardsDashboards
Expand Commercial Liability InformationCommercial Liability Information
Expand Commercial Property InformationCommercial Property Information
Expand Commercial Auto InformationCommercial Auto Information
Expand D&O, PL, E&O, EPLI InformationD&O, PL, E&O, EPLI Information
Expand Workers Compensation InformationWorkers Compensation Information
Classifications and Cross-References
Collapse Risk Mgt. and Multiline InformationRisk Mgt. and Multiline Information
Expand Risk Management -- Why and HowRisk Management -- Why and How
Collapse Free Expert CommentaryFree Expert Commentary
Expand Brand Equity and Product RecallBrand Equity and Product Recall
Expand Catastrophe Risk ManagementCatastrophe Risk Management
Expand Claims ManagementClaims Management
Expand Construction Case StudiesConstruction Case Studies
Expand Construction QualityConstruction Quality
Expand Construction SafetyConstruction Safety
Expand Corporate AviationCorporate Aviation
Expand Corporate Fraud PreventionCorporate Fraud Prevention
Expand Courts and CoverageCourts and Coverage
Expand Cyber InsuranceCyber Insurance
Expand Drafting and Interpreting Insurance PoliciesDrafting and Interpreting Insurance Policies
Collapse Enterprise Risk ManagementEnterprise Risk Management
Add Spreadsheets to Your Risk Inventory (July 2009)
The Role of the CIO in the Risk Intelligent Enterprise (February 2009)
Where Was Enterprise Risk Management? (November 2008)
Critical Role for the Chief Audit Executive: Aligning Risk Assessment (October 2008)
Chief Audit Executives and Risk Management Silos (March 2008)
Risk Management's Chief Audit Executive (December 2007)
Prescribing Risk Intelligence for the Life Sciences Sector (December 2007)
Enterprise Risk Management in Uncertain Times (October 2007)
Taking Risks To Create Value—It's What Capitalism's All About! (September 2007)
Risk Management Practices Cannot Be "Bolted On" (July 2007)
When Risks Marry and Multiply (June 2007)
Balancing Risk Probability and Vulnerability (May 2007)
Addressing the Full Spectrum of Risks (May 2007)
Bridging the "Silos" (April 2007)
Traditional Risk Management Inadequate To Deal with Today's Threats (March 2007)
The Alchemy of Enterprise Risk Management: Examples from the Investment World (December 2003)
Practical ERM Applications: Risk Integration (September 2003)
Implementing Enterprise Risk Management: Getting the Fundamentals Right (June 2003)
ERM Lessons Across Industries (March 2003)
Practical ERM Applications: Capital Allocation (November 2002)
Practical ERM Applications: Assessing Capital Adequacy (September 2002)
The Language of Enterprise Risk Management: A Practical Glossary and Discussion of Relevant Terms, Concepts, Models, and Measures (May 2002)
Implementing Enterprise Risk Management: The Emerging Role of the Chief Risk Officer (January 2002)
ERM and September 11 (November 2001)
Modeling the Reality of Risk: The Cornerstone of Enterprise Risk Management (July 2001)
Enterprise Risk Management in the Financial Services Industry: From Concept to Management Process (November 2000)
Enterprise Risk Management in the Financial Services Industry: Still a Long Way To Go (August 2000)
Enterprise Risk Management: What's Beyond the Talk? (May 2000)
Expand Environmental Risk ManagementEnvironmental Risk Management
Expand EthicsEthics
Expand Global ImpactGlobal Impact
Expand Insurance ArchaeologyInsurance Archaeology
Expand InternalControlInternalControl
Expand Litigation ManagementLitigation Management
Expand MaritimeLawMaritimeLaw
Expand MediationMediation
Expand Political RiskPolitical Risk
Expand Privacy IssuesPrivacy Issues
Expand ReinsuranceReinsurance
Expand Risk Management TechnologyRisk Management Technology
Expand SecuritySecurity
Expand Terrorism Risk Management & InsuranceTerrorism Risk Management & Insurance
Expand IRMI InsightsIRMI Insights
Expand IRMI Update Newsletter ArchivesIRMI Update Newsletter Archives
Expand Risk Finance InformationRisk Finance Information
Expand Construction InformationConstruction Information
Expand Personal Lines InformationPersonal Lines Information
Expand Insurance IndustryInsurance Industry
Expand Glossary of Insurance & Risk Management TermsGlossary of Insurance & Risk Management Terms
Expand SearchSearch
Terms of Use
Privacy Statement
System Requirements
Support

ERM and September 11

November 2001

Would the insurance industry have been in a better position today if ERM were more widely practiced before September 11? Jerry Miccolis says "Yes" and tells how ERM is used to test the aggregate effects of various scenarios and then to develop plans to mitigate those effects.

by Jerry Miccolis
Tillinghast-Towers Perrin

The world suffered a terrible—some have said "unimaginable"—loss on September 11: thousands of lives lost in a span of minutes; thousands of families devastated by death and injury; monumental icons of the public and private sectors severely damaged or destroyed; entire enterprises in multiple sectors crippled or felled. There are virtually no natural or man-made catastrophes in peacetime or in war to which we can compare these events. And the waves of uncertainty and anxiety propagated by these tragedies continue to roll through our personal and public lives, and through the economy.

Those waves broke immediately over the insurance industry. In the face of such loss and destruction, individuals and businesses turned to their insurers in the hope and expectation of some recovery, some compensation for the loss. Even before insurers calculated the full extent of the losses1, it was clear that they were so extensive, so sweeping, so all-encompassing that this industry, too, was among those critically stricken by the terror, its foundations shaken.

It also became clear, to those not already aware, how dependent worldwide commerce is on a financially stable insurance industry. While this industry will survive the current calamity, some individual insurers will not, and the industry as whole has come face-to-face with the reality that it, like the airlines—though in a much different way—will need support from the public sector in order to ensure its ongoing viability.

Over the past several weeks since that terrible day, more than one of our insurance industry clients has wondered aloud if the industry couldn't have been better prepared against this "unimaginable" act. More pointedly and poignantly, some have wanted to know if it would have helped at all before the event to have fully implemented the kind of enterprise-wide approach to risk management that many companies have espoused and begun to develop. Or would enterprise risk management (ERM), too, have been unequal to the task of dealing with something so unthinkable as this?

What we've said to them is that no system on its own will assure that human beings think of everything. And certainly no system can predict a particular kind of event—whether a "perfect storm" or terrorists hijacking and flying jet airliners into three buildings on a suicide mission with such destructive force and consequences. Nonetheless, the systematic, disciplined, and integrated way of thinking about risk that is at the heart of ERM would, quite likely, have enabled insurers to be better prepared to manage the unthinkable when it did occur.

In particular, we've said to our insurer clients that for extraordinary catastrophic events such as September 11, ERM could be especially effective in five areas:

  • Exposure management
  • Extreme event risk planning
  • Disaster response
  • Capital management
  • Stakeholder relations

Exposure Management

ERM's effectiveness in exposure management is grounded in its ability to enable insurers to identify "cross-silo" effects in advance and mitigate them. For historical reasons, the industry tends to think and manage in "silos." What a disaster such as the terrorist attack of September 11 reveals is that these silos can be simultaneously shaken by a common event, creating the "cross-silo" effect.

The attacks affected not only so many human lives but also so many different parts of our society and economy. For insurers, the breadth of the devastation meant that at the same instant, nearly every insurance line the industry offers suffered catastrophic loss—from workers compensation, to property, to liability, to life and health. Moreover, the exposure affected both primary and reinsurance sectors, and not only underwriting but also investment operations as equity values likewise suffered substantial losses.

The effect, particularly for multi-line carriers, was profound because of the interdependencies among the risks—interdependencies that insurers don't normally think about or account for. On September 11, the cross-silo effect nearly undermined the entire insurance system. Less severe events can also have outsized impact to insurers to the extent that these events penetrate across silos.

As we've tried to demonstrate throughout this series of articles, one of the strengths of ERM is precisely the ability to think systematically about these cross-silo effects. The structural simulation-based ERM modeling techniques that we've reported on enable insurers to develop "what-if" scenarios that uncover the interdependencies among their various business and financial strategies. While this scenario-building would not predict a particular event, it makes it possible for insurers to test the aggregate effects of various scenarios—across lines, across subsidiaries, across underwriting and investment sides of the house—and then to develop plans to mitigate those effects.

In a sense, then, asking what would be different today for the industry if companies had routinely practiced ERM is akin to asking, "What would have been different had insurance companies routinely practiced catastrophe modeling in advance of Hurricane Andrew?" We now know the answer to that question: companies would have known potential magnitudes and, importantly, concentrations of effects, and would have been in a position to do something about them. Indeed, some companies that had unwittingly "doubled down," through their multiple subsidiaries' simultaneous exposures to the same events, would perhaps have done something earlier and less drastic than selling certain subsidiaries under unfavorable post-event conditions.

Extreme Event Risk Planning

While ERM deals with events across a wide range of potential magnitudes, it offers additional benefits in the proper preparation for truly "extreme events"—those that have extraordinary, broad, catastrophic effects and that are exceptionally unlikely but that can bring multiple companies, even the entire industry, down. They are to "ordinary" catastrophes what, say, Noah's Biblical flood would be to the Johnstown flood. They are more severe even than September 11.

Because the impact of such extreme events is so immense, their effects cannot be mitigated in the usual ways, such as through exposure management. And, because they are so rare, it is grossly inefficient to pre-fund them—an insurer's capital would have to sleep for centuries in that case. But the scenario-building discipline of enterprise risk management does provide a means for insurers to think about these extreme events and consider alternatives for managing them. ERM forces the question: "What do we do if they do occur?"

In the present terrible case, if insurers—either individually or on behalf of their industry—had worked through such absolutely worst-case scenarios, they would have thought about potential solutions to backstop the industry should its capital ever become exhausted. That kind of advance thinking would very likely have strengthened the industry's stance in the current public policy debate. Negotiations over government guarantees, including the level at which the government should reasonably be involved, would be based on a well-informed, persuasive point of view because the case would have been formulated in advance of actual crisis conditions.

Disaster Response

The scenario-building and modeling capabilities of ERM also make it possible for companies to respond to crises much more efficiently and effectively. That is the case for both operational and financial responses.

On the operational side, ERM goes beyond standard emergency preparations such as backup computer and communication systems, by enabling companies to anticipate, and plan for, the impact on such "human systems" as customer service if a large contingent of claims administrators is suddenly diverted to address a single catastrophe. Some companies have already taken advantage of ERM's capability to link catastrophe event modeling with operational planning in this way.

For example, a Category 3 storm is due to hit the East Coast of the United States. These companies model the storm and, knowing its intensity and likely landfall, determine how many company people will be required, what skills and infrastructure support they will need, and the area to best stage people before the storm actually hits.

On the financial side, ERM-based structural simulation modeling allows insurers to quickly evaluate alternative financial responses to a disaster, whether the event creates a short-term emergency that requires an immediate infusion of capital or whether it creates a short-term opportunity, such as capital restructuring. In the first case, the ERM models will allow insurers to promptly determine how much capital they actually need (see the discussion below). In the second case, the models can guide rapid decisions on issues such as share repurchase opportunities.

In both cases, what is important is the preexisting ability to model the effects of simultaneous and complex interrelationships among such elements as underwriting results, cash flows, asset values, and the company's own stock value so that the company is ready when quick decisions need to be made. Also, at the present moment, companies need to make hard decisions about their reinsurance coverage. ERM-empowered companies would have done this "homework" in advance as, clearly, shrinkage in reinsurance capacity would have been a plausible scenario in any thoughtful ERM exercise, even before September 11.

Capital Management

As briefly touched upon above, ERM models help determine the proper amount of capital needed to run an insurance enterprise. That is, ERM analysis helps companies achieve the right balance between having sufficient capital to meet policyholder security requirements on the one hand and achieving the capital efficiency that owners demand on the other hand.

Beyond determining overall capital adequacy, these ERM models also are effective in allocating total capital to business units in a manner that reflects the relative contribution of each unit to enterprise-wide risk. This is a critical component in establishing proper financial performance criteria, such as return on risk-adjusted capital, that help management decide which businesses are creating, or destroying, enterprise value.

With capital now a much more precious commodity in the insurance industry than it was just a short time ago, these capital adequacy and capital allocation activities have taken on added urgency. Those companies that have been practicing ERM-informed capital management find themselves at a distinct competitive advantage.

Stakeholder Relations

ERM also serves to improve communications and relationships with key stakeholders. While that is true of all stakeholders—from employees to customers to vendors—it is most especially true for insurers' three key financial and "adjudicating" stakeholders: regulators, rating agencies, and investment analysts.

First, if you both have a disciplined ERM process in place and communicate that fact to these stakeholders, they will be reassured that you are well prepared for a disaster. Second, in the event of a disaster, the ERM process as discussed above will have shown you already what your total exposure is likely to be and what controls you can put in place to manage the exposure, so that you can rapidly, and accurately, answer the inevitable questions on those areas from these interested parties. You will have removed a source of a great deal of uncertainty for them, uncertainty that influences which companies they place on their "watch lists."

Conclusion

The answer to the question our insurance company clients have asked—whether the industry would have been in a better position today if ERM were more widely practiced before September 11—appears clearly to be, "Yes." And it is certainly the case that, going forward, stakeholders will insist on the more rigorous exposure management, scenario testing, response preparation, and capital management that ERM encompasses.

Clearly, September 11 has made much more real and immediate the need for serious risk management. Whatever stage of ERM implementation an insurance company may be in, even if only in the early investigation stage, management would be well advised to accelerate those activities without delay.

ERM does help us all think about and plan for the unthinkable, even while we hope and pray that those plans never need to be implemented.

1Insured losses will likely exceed $35 billion and could top $55 billion when all business interruption and third-party liability claims are settled (see the white paper September 11, 2001: Implications for the Insurance Industry, available on the Tillinghast-Towers Web site at www.towersperrin.com).

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

More Risk Management Information from IRMI
Books, Manuals, Newsletters IRMI
Online 		SilverPlume
Sage
Practical Risk Management IRMI Online SilverPlume Sage
The Risk Report IRMI Online SilverPlume Sage
Construction Risk Management IRMI Online SilverPlume Sage
Contractual Risk Transfer IRMI Online SilverPlume Sage
Risk Financing IRMI Online SilverPlume Sage
Exposure Survey Questionnaire IRMI Online SilverPlume Sage
Guidelines for Insurance Specifications IRMI Online SilverPlume Sage
How To Draft and Interpret Insurance Policies
IRMI Insurance Checklists IRMI Online SilverPlume Sage
RMIS Review IRMI Online
Free Risk Management Articles in IRMI.com
25 Risk-Conquering Ideas
Risk Management
Effective Contractual Risk Transfer in Construction
Risk Management - Why and How
Insurance Continuing Education Courses from IRMI
Litigation Management (CE)
Contractual Risk Transfer in Construction (CRIS CE)
Check It Out
Save 36% with the IRMI Professional Library
© 2000-2009 International Risk Management Institute, Inc. (IRMI). All rights reserved.