Our list of emerging risks for 2015 covers the kind of perils that keep risk managers up at night: cyber risk, oil price volatility, the changing demands of today’s workforce, the over-confidence corporations have in the ability of their entity to withstand a negative event, and more. It’s a long, eye-opening–but certainly not all-encompassing–list.
While it is a bit axiomatic to say, it doesn’t make it less true: the world is becoming increasingly complex and uncertain. As the ‘internet of things’ continues to grow, we have access to more and more data on anything and everything. This is good news – more information tends to lead to greater understanding. However, in this age of information overload, it is important to make sure you are using the right data to answer the right questions. We believe the rise in analytic tools will make a significant difference in the way risks are understood, measured, mitigated and transferred.
(Jump down: Analytics, Asset Management, Aviation, Brazil, Cyber, D&O, Employee Benefits, ERM, Environment, Executive Risk, Financial Institutions, Global, Personal Risk, Political Risk, Real Estate, Terrorism)
Political: Oil Volatility
The price of a barrel of oil has slipped by almost 40% in the last few months (from $115 to $70). Although this price reduction should contribute towards the growth of the world economy in the long run, it has a potential adverse and significant impact on oil-producing countries. These countries are now faced with the risk of either having their economies de-stabilised or run the risk of defaulting on their debts. As a consequence, some of the de-stabilised economies may begin witnessing a different mix of risks from collapse in the financial markets to K&R… Join me Friday when I take a deeper dive into the potential impacts of reduced oil prices, in What Oil Volatility Means for Political Risk.
Cyber: The Risk of the Cloud
Cloud computing is rapidly becoming a key component of many organisations’ technology enablement strategies as they continue to seek differentiation in competitive markets. Cloud however is a significant issue from a risk perspective, both in the context of governance and compliance, for example, geographic location of data – are you sure where personnel data is resident, and is that consistent with the jurisdiction of geographies where client organisations operate? Also in the context of distributed data across many cloud service providers means that accidental aggregation that can compromise the re-aggregated credentials is a real issue. Cloud therefore constitutes an arena where we are only now coming alive to some of the dimensions of complexity with which we are going to have to wrestle in the coming 12 months. Helping guide clients through the maze of uncertainty to get to the right risk transfer solution is something that we all need to reflect upon. I’ll go into this in a little more detail next week in Emerging Cyber Risks of 2015.
With oil prices tumbling and margins expanding, the fuel-intense transportation industry is perhaps a little more relaxed about the risks it is facing. There is, however, a fast-growing aviation risk that could affect businesses across all sectors, drone usage. Unmanned aerial vehicles (UAV’s) or drones are now being used by utility, construction, leisure, and media companies to name but a few. Our lives would really change if our online orders were delivered to our drone landing pad! Regulation of the operation of these aircraft varies widely across the world and sadly as a result of this and some ignorance “near miss” stories are frequent. Drone technology is very familiar from military activity but commercially it does have the power to change, save, and protect lives. With these rewards come risks, and these need to be understood and managed if you have an eye in the sky!
Terrorism: Growth of Islamic Extremism
The risk I’m keeping an eye on this year is a development of one that is already extant: the further growth of Islamic extremist ideology and militant action globally. With the so-called Islamic State seeking to consolidate fundamentalist governance in Syria and Iraq and al Q’aeda and its affiliates seeking to expand further into South Asia, the risks to organisations and individuals from new recruits to and returnees from jihad will grow and mutate. This will include the cyber-sphere as a vehicle for the spread of the ideology that drives militant fundamentalism and as a means of attack. Fragile states will find difficulty in containing Islamic extremism whilst intelligence agencies will be challenged to detect small armed cells or individuals acting on their own initiative.
Financial Institutions: Technology Partners
Banks jumping into bed with Apple and person-to-person lenders? Isn’t that fraternizing with the enemy? Maybe, maybe not. Financial institutions are smart to be pragmatic about how fast the world is changing and trying to find the right technology partners, but mistakes will be made. I have no doubt that there will be regrets by some institutions as they find their partners are not who they thought they were. Partners may become direct competitors or their partner’s technology may create weaknesses in the company’s online security. Or partners will be accused of bad behavior (think red-lining or insider trading) and suddenly your firm has serious regrets and your reputation is damaged as well. Come back next week to read what financial institutions should do about it, in Getting Hitched to a Tech Company, Without Regrets.
Outsourcing might just be the most common business management earnings booster of the past 10 years—which means that it is also a top candidate for becoming a major emerging risk in the near future. There are two basic ways of controlling the risks of outsourcing – by specifying standards at the outset of the arrangement and by inspection of the process and output on an ongoing basis. But with the explosion of outsourcing over the past 10 years, even firms that had set down extensive and clear standards at the time of the original agreement and who have allocated the needed amount of resources for inspection of the processes and outputs are at risk from the complacency that comes from the passage of time without serious incident, the changing individuals on both sides of the agreement and the changing pressures on both organizations. An outsourced process is out of sight. If it also becomes out of mind, then it will likely move out of the emerging risk category into the current problem category. Come back next week when I discuss this in more detail in Emerging ERM Risk of 2015: Outsourcing.
Analytics: Balance Sheet Over-Confidence
An emerging risk I’d like to mention is the over-confidence corporations have in the ability of their balance sheets to withstand a severe reversal of fortune. Many if not most of the world’s largest companies are looking for ways to retain more risk and in the process to reduce their insurance expenditures. One of the reasons mentioned is that many insurers have lower credit ratings than the corporation itself; so why would a company entrust its financial health to weaker institutions? This argument makes sense in an average year, or indeed in most years. However, when a major crisis strikes a company, its strong credit rating is a mirage and insurance coverage becomes very welcome. Approaching the issue of optimizing insurance as a hedge to protect corporate financial objectives is therefore a critical need for most large corporations. When looked at this way, insurance takes on its rightful role as a way to reduce volatility of financial results. Join me next week as we walk through a real client example.
Environment: Extreme Weather Related Risk
Weather-related environmental risk and natural hazards/disasters continue to make the Top 10 list for many risk managers and insurance professionals across the globe. Why? Because we learned some very unfortunate lessons over the years thanks to likes of super storm “Katrina,” “Sandy” and other natural catastrophes in terms of the unexpected frequency and severity of pollution losses due to excessive rain, storm surges and overall damaged caused by water (e.g., pollution release from floating drums of chemicals, cross-contamination of neighboring properties from historic/pre-existing contamination, sewer authority system back-ups, landfill containment breaches, mold growth, etc.). Many businesses were negatively impacted financially via legal liability, fines/penalties, government regulations, financial disclosure requirements or simply public relations surrounding responsible corporate citizenship. If there are any golden rays of sunshine forecasted to break through the dark clouds up ahead then it would be the increased level of awareness by the risk management community and the acknowledgement of the need for adaptation and proper planning. Some can be in the form of reducing overall carbon footprint and greenhouse gas emissions and others via amendments to site improvement or development plans that incorporate better surface water management systems. We’ve blogged about this risk in the past (here and here) and as it’s important to address this business risk now as the underwriting community will continue to modify their risk appetite and terms and conditions for certain classes of risk.
D&O: Certification Requirements
Directors have rightly been concerned for some time about the uptick of claims activity and the focus on individual personal liability. Less attention has been paid to the tactic now deployed increasingly by regulators to tilt the evidential burden in their favour as and when a claim is brought. The single most favoured method of achieving this is “certification”: i.e. the process whereby regulators insist as part of a senior manager’s duties that they certify that everything in their particular part of the garden is rosy. Then, when a storm comes along—perhaps several years later—the certificate is taken out of the filing tray, dusted down and relied on as evidence of neglect in having “allowed” the problem to have arisen. Whether these “early trigger” exposures are adequately addressed in conventional claims made policies is open to question.
Executive Risk: Derivatives
Warren Buffet famously said in his 2002 Annual Report to shareholders, “In my view, derivatives are financial weapons of mass destruction, carrying dangers that, while now latent, are potentially lethal.” In the world of D&O insurance, “derivative” refers to a specific type of lawsuit that is brought by a shareholder on behalf of a company against a third party – usually the D&Os of that company. In a nutshell, the allegations are that the D&Os mismanagement harmed the company. While not a new exposure, it sure seems to have increased. The unofficial top three derivative litigation settlements (not including judgments) that have the largest cash component have now occurred in the last 24 months, with each well over $100M. And those cash component settlements would most likely have to be funded by the personal assets of the individual D&Os…or, and more likely, the oft-discussed Side A portion of a D&O insurance program. But what could a board of directors allegedly mismanage?
- M&A transactions
- Cyber-security issues
- Compliance issues (think costly FCPA or other regulatory (civil or criminal) investigations)
- Environmental issues
- Whistleblower issues
- Questionable executive compensation programs
The list goes on! Boom. Come back next week when I discuss this in more detail, in Are D&O “Derivatives” also Weapons of Mass Destruction?
Asset Management: Demand for Transparency
A key emerging risk in the asset manager space is fees, transparency and conflicts of interest. As the number of retirees increases, there will be increasing pressure on asset and wealth managers, and annuity and pension providers to demonstrate value for money and to maximise the size of retiree’s pension pots. Regulators, in particular, will be under political pressure to look closely at this sector. Asset managers should act now to ensure that they understand their obligations to all stakeholders and to ensure that they have achieved a sufficient level of disclosure and transparency.
Real Estate: Cyber Risk of Tenant Data
Real estate is a brick and mortar (OK, glass and steel) industry that would seem to be immune from cyber crime. But owners, particularly residential owners, are increasingly interacting with tenants online, which may include payment of rent. If they’re taking online payment (or if they’re just keeping online records), owners are going to be collecting potentially sensitive information. While the tenant portals the owners maintain are likely to use up-to-date security measures, we’re learning that there may be no place in the cyber realm that is completely safe. A large residential REIT just sustained a data breach of tenant information when someone hacked into their tenant portal. This is probably the leading emerging risk for the real estate sector.
Benefits: The Changing Face of Human Capital
The Millennial generation is at your door with fresh ideas about making work (and life) meaningful. It’s time to stop just strategizing on how to manage Millennials—and time to start truly retooling your human capital strategies to succeed and grow with a workforce that will be driven by their generation. From the C-suite, human resources and every management level on down, reviewing your organization’s value proposition and its ability to attract, retain, motivate and engage employees should be your highest priority heading into 2015. (Because you’d better believe, Millennials absolutely require engagement.) I’ll be going into this in more detail in my Thursday post, The Changing Face of Human Capital in 2015.
Brazil is at a delicate time. The news of corruption cases are growing and it reaches and influences the insurance market and creates consequences in some types of insurance. Currently, for example, we have the information that many executives are involved in corruption cases. So, the search for the protection of these executives is increasing the number of D&O claims, especially in hiring lawyers for their defense. This situation also impacts the works and construction sector, since many engineering companies are under investigation and, therewith, construction and infrastructure suffer a delay in the works, which decreases the hiring of engineering insurance risk. Cash flow problems are also now faced by engineering firms because the irregularities found in their contracts are generating delays in payment of invoices. This makes the public and private works – even those that are not under investigation – have trouble in meeting their schedules, which certainly result in an increase in guarantee insurance claims/sinister. Faced with this whole picture, and if the economy does not grow in 2015, other sectors will also be vulnerable, such as:
- Transport insurance: due to the decline of the industry and trade
- Automobile insurance: impact generated by the decrease in production and vehicle sales
- Benefits insurance: reducing the number of employees as result of the fall industry and trade
Personal Risk: Device Ubiquity
One of the fastest growing risks we face on a daily basis is being victimized by the accessibility and convenience offered through the growth of online devices. One of last year’s most alarming revelations was a Russian website broadcasting thousands of unsecured webcams from across the world, including several infants in cribs. More than likely, this is the first in what will be a growing trend as the number of Internet-connected devices grows into the Internet of Things (IoT). The more our devices are connected to the Internet, the greater the opportunities available to hackers for exploiting potential security lapses. Exploiting security flaws is especially easy when one installs a new device but does not change any of the default settings. Fortunately, taking a proactive role in your home’s Internet security can mitigate most of the potentials for risk. As the British Information Commissioner’s Office pointed out,
The danger of using weak passwords has been exposed….after a new website was launched that allows people to watch live footage from…insecure (Internet connected) cameras across the world. The website, which is based in Russia, accesses the information by using the default login credentials, which are freely available online, for thousands of cameras.
Global: A Risk is a Risk is a Risk
As I have maintained for some time emerging risk is a somewhat misused term. It has been used in the insurance industry to mean new risks that were not or are not currently insurable in any meaningful way i.e. the market is not sufficiently developed either by way of capacity, geographical spread and multiple capital providers. In fact I believe risks are the same as they ever were, it’s just which ones come to prominence. What drives this may not be the apparent real threat but more a perceived threat which, fueled by media, can become the ‘risk’ of the moment. Think H1N1, Ebola, terrorism, gun control, data privacy etc. The real measure of a risk is still severity and likelihood and these are not constant; they are continually moving. It is therefore really important to stay focused on which risks are the real threats to achieving the enterprise objectives and manage these as a priority. Of course some of the issues I mention may be more or less significant depending on your sector and location so may be a priority for you. My consistent message is that risk managers should maintain the position of the voice of reason in their organisations so that resources do not get diverted away from managing, reducing and controlling the risks that will have the most impact on the organisation into the latest ‘emerging’ risk.