The Importance of Contingent Business Interruption

August 2002

In this article, Gary Bausom explains that underwriters can choose to ignore and exclude contingent business interruption, but it will be done with an opportunity cost in terms of premium income.

by Gary J. Bausom
Bausom & Associates, Inc

Why do we care about contingent business interruption (CBI)? The answer: There are real risks as well as opportunities. The crisis of September 11 and the events in the aftermath produced the largest single insurance loss in world history—spanning many lines of coverage including property, life, liability, aviation, workers compensation, and business interruption (BI). The most current projections estimate total insurable losses at $60-70 billion, with approximately 25 percent of that total attributable to BI and CBI losses. The result has been a turning point in the market with regards to coverage and its availability.

Companies' profitability depends on maintaining a high quality, dependable supply chain. Instead of vertical integration, we entered the age of virtual integration through a collaborative network of suppliers, competitors, and customers. Business-to-business (B2B) procurement and purchasing cooperatives are increasing rapidly and more closely tying businesses with their suppliers, contract managers, and customers.

Fifty percent of all B2B e-commerce is expected to flow through buying exchanges by 2004, compared with only 1.4 percent in 2001. (Chris Mahoney of UPS, Global Supply Chains) Businesses must provide their managers with tools to assess the strengths, weaknesses, opportunities, and threats to supply chains and an ability to categorize suppliers' risks. The trend is for more responsibility of risk evaluation if falling on the insurer versus the insurer.

The aim of this article is to provide better insight into understanding supply chain mapping including the people networks, processes, and technical tools necessary to underwrite CBI risks more effectively. Exposures in a rapidly changing environment can be evaluated more efficiently with the help of software-supported systems. In the high-tech automobile and aviation industries, for example, the use of Integrated Metrics (IM) has become more widespread and has helped to calculate contingent business interruption exposure more effectively. IM has given the companies and their insurers a better understanding of potential risks.

Keys To Understanding Risks—Supply Chain Mapping

Supply chain mapping is an efficient process that allows risk managers (RMs) to identify and quantify BI and CBI risk. The primary component of supply chain mapping is the people network and looking at the enterprise business by business to assess the risks and opportunities. RMs must include internal and external enterprises and look at building components versus buying, corporate procurement, and contract manufacturers.

Each business has principal products and operating sites that need to be evaluated case by case and documented. Then, using technology, RMs pull all of the data together, creating a data base spreadsheet of gross versus net exposures, with the delta being redundant capacity and/or inventory.

Below is a Pro-Forma Exposure Report that can be used in supply chain mapping to obtain CBI net exposure. This is an illustrative example that may require further detail for actual submission.

PRO FORMA EXPOSURE REPORT

Supplier	Location	($USM) Gross Exposure	(Months) Time Element	($USM) Net Exposure	How Mitigated
Intel	Cupertino, CA	$1,500	3.0	$375	Shift production to Juarez location
Cisco	Taipei, Taiwan	$1,000	3.0	$250	Qualify new supplier in Tokyo
Flextronix	Rotterdam, Netherlands	$3,000	4.0	$1,000	Shift production to Singapore or Menlo Park
IBM	Zurich, Switzerland	$1,000	6.0	$500	Shift to Glasgow, Sussex or Stuttgart, Germany
IBM	Paris, France	$2,500	2.0	$417	Shift production to Munich or Frankfurt
Etc.

Global Risk Management (GRM)

To gather the information for such a report, risk managers must look to both the Intranet and extra-net components. Global risk managers have a multitude of functional areas to consider for the Intranet. They include risk management, global operating sites, finance, operations, security, information technology, real estate facilities, contracts, logistics, procurement, legal department, human resources, and environmental health and safety. For the extra-net, evaluating risks at outsourced locations is vital to controlling CBI exposure and must be included in the evaluation.

The next step is to assess the risk components in order to aggregate the enterprise exposure. Data acquisition for the enterprise should include, but is not limited to, the following areas: the enterprise business direction; contract manufacturer's data, assets, and inventory valuations, logistical service needs; industry data; procurement requirements; and business continuity plans.

Capturing and evaluating CBI exposure requires a good deal of time and team effort. The net time element and recovery comments are the most critical elements of the analysis.

Net Time Element

The delta between the gross and net BI is the time element. The net time element is the time it takes to get up and running again after interruption. It is reported in terms of months or percentages of a month. An analysis of the operations, restoration times, and recovery strategies illustrates where the largest impact loss would be. All options—including in-process and finished goods inventory on hand, availability of sister plants, and availability of subcontractors—must be evaluated. Each supplier may produce more than one product or have more than one location, and each variable needs to be considered.

Recovery Comments (RC)

The RC should state if there is a confirmed recovery strategy in place. Mitigating comments should also include answers to the following questions.

• Is there excess capacity at other sites, where are those sites, and how much they can cover during a BI?
• Are alternate supply sources available?
• Is buffer inventory available and how much?
• If no second source is available, is one being evaluated?
• Is the use of subcontractors possible (for example, IBM can shift to three European Union facilities)?
• What is the time frame for recovery?
• Do recovery time elements vary and why?

Aggregating Exposure

It is important to consider in these evaluations that this is only one site, one product. If a company has 200 product lines and 15 businesses, the aggregate exposure escalates very rapidly. Understanding clients' aggregation processes and underlying data is essential to insurers' effectiveness in aggregating their portfolio risk assessment.

Once exposures have been quantified on a product-by-product basis, then it is necessary to evaluate risks across accounts and the portfolio. In quantifying exposure, different considerations must be given to different suppliers. They are not all created equal in terms of risk. For example, a sole source supplier has more critical implications than one with many alternative choices.

Validating Exposure: Total Gross Earning = BI + CBI

Checks and balances are necessary at the end of the risk analysis process to validate the exposure. This analysis can be broken down on a product-by-product basis with a focus on the percentage vertical integration of a particular product.

Risk Assessment—Use of Technology

Technology can be applied once the people and processes in the supply chain mapping process have been clearly identified. Only then can you take this information and use technology to aggregate the data, calculate net aggregation, and perform exposure assessment. Technology helps bring together real-time components of the Intranet and extra-net. In other words, the data from inside the company as well as that from the outside world of suppliers, and contract manufacturers can come together using technology.

Standard platforms must be used so that information can be easily transferred between all parties. Historically, many companies sought proprietary technology that was expensive to maintain and difficult to communicate with others. The best technology to use is that which is simple, basic, and allows data files to be shared easily. It includes software such as Microsoft Office 2000 Professional or XP Office Professional so that information and data between programs such as Access, Excel, Word and Powerpoint can be easily shared and transferred.

Reporting Must Be Standardized

Standardization of reporting is critical because you can't compare apples to oranges. We must define the terms to be used carefully and similarly across companies. Otherwise, the value of information is truly diminished.

Summary

Evaluating CBI risk is a complex and timing-consuming process; however, insurers can move along way forward by ensuring they have the following:

1. Communication Vehicles—You may consider requesting a copy of the written RM policy statement that has been endorsed by senior management or the board of directors. This communication can also obtain good calibration on an RM's priorities and perhaps provide some insight on how the general management of the firm measures success.
2. Built-in Risk Hedges—Are you considering risk impact to the business versus amount of insurance purchased? Risks, both direct and indirect, must be hedged in addition to considering insurance. Hedging is having built-in work arounds for alternative sources of supply.
3. Disaster Recovery Plans—Are there actual plans in place should a business interruption occur? September 11 has undoubtedly shown us that in the event of a catastrophe, companies must have in place a well-designed and up-to-date communication and disaster recovery plan. According to Roger Morton (in conjunction with Joel Childs of FedEx, "Hope for the Best; Plan for the Worst"), some of the primary steps to follow after a business interruption include the following.

• Provide top management with disaster recovery roles.
• Assign staff members to disaster teams.
• Know where to get disaster recovery assistance.
• Develop and implement the plan.
• Test the plan and train all employees.

A firm's failure to respond to the disaster effectively can be more destructive than the emergency itself. Public perception is critical to the company's ability to maintain brand reputation, customer loyalty, and therefore stakeholder value.

This article has focused primarily on assessing, aggregating, and validating the CBI exposure. Underwriters can choose to ignore and exclude CBI; however, it will be done with an opportunity cost in terms of premium income.

---

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.