COVID-19 is making organisations take a closer look at their risk management programmes. Speaking at Airmic Fest last week, Bradley Saunders, industry risk leader, Marsh Advisory, outlined the process for improvement.
The COVID-19 pandemic has shaken up the way organisations view risk and insurance – particularly those organisations that feel insurance has not responded to COVID-19 in the way they would have hoped.
“Pandemic risk has somewhat slipped through the gap of existing risk frameworks,” said Bradley Saunders, industry risk leader, Marsh Advisory in an Airmic Fest webinar on September 22.
“Many organisations ask themselves how they can optimise their risk programmes so this doesn’t happen to them again.”
The webinar, titled “Managing through to the next normal: mitigating the financial impact of COVID-19”, included Saunders’ breakdown of what organisations can do to optimise their risk programmes to protect themselves for the future.
He started with a familiar first step: a high-level risk and solution analysis.
“In the aftermath of all this and as general best practice, the first thing that organisations should do is take a complete step back and reassess at a fundamental level what the key current, and critically, emerging risks are for the organisation,” he said.
“They should then assign some kind of rating or scoring to each of these—perhaps potential impact and potential likelihood, so the risk can be ranked, analysed, heat mapped and so on.
“That’s not rocket science but what organisations might not take the additional time to do is map against all those risks all the existing risk transfer and risk mitigation solutions that are currently in place, and how comprehensively each of those minimises the impact of all of those risks on the business.”
Saunders added that organisations should also take a decision on solutions they do not currently have in place—a task that might require some work with a third-party risk advisor, as well as internal collaboration between those responsible for risk and those responsible for insurance.
The result will be a high-level qualitative analysis of how successfully the key risks to the business are being transferred or financed and mitigated by risk management.
“That will highlight prioritised areas that will require further investigation and investment,” he said. “Collectively that will chart the course for the rest of this strategic journey and give us our areas we need to focus on to optimise the risk programme.”
“Organisations can quite quickly build up a view on specific areas of risk management where they are falling short.” Bradley Saunders
Having highlighted focused areas of risk where an organisation’s insurance programme is falling short in terms of the protection it is providing, it is necessary to focus on those areas to ensure maximum value is being achieved from insurance as a risk transfer mechanism.
“Doing so will require a balancing of risk retention and risk transfer, which will be retaining risk where it is operationally and financially manageable to do so and transferring it when it is cost-effective and sometimes necessary to do so,” said Saunders.
“The best way to determine that balance is to employ some form of predictive analytics to forecast insurable losses for the forthcoming 12 and 24 months, and so on.”
The next step is to take that analysis and combine it with various internal and external factors such as cost of capital, insurable risk appetite, external risk transfer premium costs and the capacity the insurance market is willing to provide. Then it is possible to formulate a range of risk financing and risk transfer options and achieve the financially optimal blend of risk retention and risk transfer.
After that, Saunders recommended a more granular, focused assessment of the existing risk management maturity within the organisation, focused on the key areas of risk that have come out of the high-level risk and solution analysis of areas that require more focus.
Organisations should take a view on what constitutes best practise in risk management under those various headings.
“To do that it’s good to have some kind of third-party view of best practice risk management, perhaps the various ISO standards,” he said.
“By honestly assessing their existing practices against those best practices, organisations can quite quickly build up a view on specific areas of risk management where they are falling short, be that enterprise risk management on a high level or more focused health and safety, mental health and wellbeing of colleagues, or cyber risk.
“The output would ideally be a mapping of the current state of risk management across these key and critical heads of risk and then a plan to reach the desired future state constrained by any time and budgetary constraints.
“Once we have that, we then have a really tangible basis for focusing investment in respect of specific strategies and actions, be that a focus on business continuity planning or health and safety or training, or anything that crops up from these initial stages of analysis.”
Granular analysis of historical claims data can serve as a powerful tool for optimising a risk programme, particularly with regard to cost reduction and incident prevention. Saunders outlined how root cause loss or claims analysis—establishing where and when the claims are coming from—will help identify trends to focus risk mitigation and prevention strategies.
“Then, with the right granularity of data, organisations can also perform audits of claims handling and claims settlement processes which will identify any cost leakage as a result of inefficiency or excess costs as a result of poor claims defensibility, or maybe something like suboptimal third party repair partnerships for example,” Saunders said.
“Finally, reviewing open claims can target reductions in reserves which can potentially allow for reductions in provisions or maybe even letter of credit or collateral requirements for outstanding claims.”
An additional piece of the puzzle is underlying functional enhancement, he added.
“By functional enhancements I mean the true internal workings of the parts of the organisation that are responsible for risk and insurance,” he said.
“Current economic and business environments hugely increase external and internal pressures on risk managers and insurance managers, which is driving a need to re-evaluate strategies and processes with the objective of ensuing agility, efficiency and value protection for businesses.
“From an external perspective, risk managers need to ensure they are meeting the demands of the insurance market for good risk management, and being able to provide high quality risk information. Internally, they need to ensure that their teams are properly connected, properly governed and have sufficient processes to provide senior management with assurance that the insurance and risk functions are being resourced and run effectively.”
The whole process of reviewing and refreshing insurable risk frameworks and reviewing and refreshing the processes such as renewals and claims handling within the insurance lifecycle should deliver both time and cost efficiencies, leaving organisations with a risk programme that is built from the ground up and bespoke to the business and risk profiles in question.
“It should deliver true alignment between risk management, risk governance, risk financing, cost management and functional deployment—and we can use all of this as a well-defined basis for multi-year improvement planning for a risk programme,” said Saunders.
“As new risks emerge and the internal and external landscapes change, organisations can cycle back through this journey to make sure the risk programme is always suitable for the current environment.”
AIRMIC, Marsh Advisory, Coronavirus, Risk Management, Insurance, Reinsurance, Bradley Saunders, North America