Property Risk

Beyond Protected

Research-based engineering and predictive analytics help underwriters take on bigger risks.
By: | December 14, 2016 • 8 min read

Properties designated as Highly Protected Risks (HPRs) can get significantly greater policy limits with a much lower rating structure for their P&C exposures if they continue to keep pace with technology.

Advertisement




Highly Protected Risk properties often are subject to a much lower than normal probability of loss by virtue of low hazard occupancy or property type, superior construction, special fire protection equipment and procedures and management commitment to loss prevention.

It used to be a property could attain HPR status with just state-of-the-art fire sprinkler systems. Risk managers now need to think HPR 2.0, experts say, and expand the concept beyond sprinklers to the risk exposures that develop in tandem with new upgrades.

“The idea that the majority of loss is preventable has been the center of our business model for 180 years,” said Brion Callori, senior vice president of engineering and research at FM Global, one of the first and largest HPR insurers.

“The amazing thing is how well it still works,” he said. “I think this is why it’s gotten more industry interest in last five to 10 years.”

Brion Callori, senior vice president of engineering and research, FM Global

Brion Callori, senior vice president of engineering and research, FM Global

Underwriters are quantifying and underwriting the exposures that face a single building, a campus, a system, or even a supply chain by using modern tools such as computer models, heat maps and predictive analysis.

Solar panels, clean rooms, data storage and mega warehouses are all examples of property uses adding new hazards. As HPR engineers study those additions, they are also able to design ways to tackle the hazards they create.

Take for example, automatic storage and retrieval systems used in warehouses built larger today with narrower aisles and higher stacking. The ability to store more inventory becomes more important as space grows increasingly expensive. Research on the most advanced sprinkler technologies available aims to protect products, help reduce losses and minimize business interruptions.

“As we move to a just-in-time, more global economy, that’s where the clients’ exposures have changed in the past 30 years; they are all over the world.” — Mike Martin, EVP, general manager of national insurance property, Liberty Mutual

More carriers, armed with research and statistics, have a new perspective on HPRs and are willing to invest in the market. The more “protected” a risk is against specific exposures, the more capacity an underwriter will commit, with broader terms and at a better price.

“As it expands in different industry groups, the HPR engineering and underwriting has been able to expand to follow that and meet the exposure of these different facilities,” said Greg DiPrato, senior vice president of the global property practice at Lockton.

The modern HPR method is based on a system FM Global created nearly two centuries ago to identify ways to reduce losses from fire, explosions or natural disasters at mills. To this day, FM Global engineers continually research how to improve on safety measures such as using more efficient fire suppression, finding the strongest roofing materials or identifying less risky locations.

Liberty Mutual Insurance is another leading HPR insurer with a long history of finding solutions to risk exposures with help from a dedicated team of engineers.

“The definition of highly protected risk has really not changed, not one bit,” said Mike Martin, EVP and general manager of national insurance property at Liberty Mutual. “As we move to a just-in-time, more global economy, that’s where the clients’ exposures have changed in the past 30 years; they are all over the world.”

Research-Based Engineering

The traditional insurance model is an actuarial model, where you look at the losses that happen in an occupancy or an industry class, project forward and say those are the losses you expect in the future, Callori said.

HPR designation for FM Global goes along with what’s called research-based engineering aimed at preventing loss. It’s tough to justify the return on investment for becoming HPR based only on reduced pricing or increased capacity in today’s marketplace.

Advertisement




“We want to learn from the losses that happened in the past and figure out how to prevent them from happening in the future,” said Callori. “Our clients can take control of their own destiny going forward, and the way we do that is through the engineering.”

“The buyers look for someone that can really add the value to the partnership and help them manage their total cost of risk, not only just the physical loss but also the business continuity,” Martin said.

While most new construction in the U.S. today is built to fire code, which usually confers HPR status, it’s what you put into it and what you do with it once it’s finished that can take away an HPR designation. Conversely, the exposures in almost any building can be adapted to attain HPR status, as long as you are willing to invest in the requirements, Lockton’s DiPrato said.

When a warehouse built to store steel is then converted to plastic products containing lithium ion batteries, it may lose its HPR status because the existing shelves and sprinkler system can’t adequately contain a lithium ion or plastic fire.

Adding solar panels atop a building creates a load factor, wind exposure and voltage exposure to firefighters that must be addressed. The HPR engineers will find ways to protect the buildings, DiPrato said.

“Everybody is worried about cyber hackers from another country, yet still the easiest way to get to your servers is for someone to just walk into your building if they are not questioned.”— Brion Callori, senior vice president of engineering and research, FM Global

After engineers identify a building’s hazards and make their recommendations on how to reduce losses, the client often must prioritize the budget to incorporate everything that’s recommended at every location, Callori said.

To help with that, engineers, such as those at FM Global and Liberty Mutual, have developed predictive analytics tools to help clients focus their limited capital for the most effective route to attaining highly protected risk status.

To help clients determine where best to invest, FM Global offers clients four predictive analytics tools: Risk Mark; Locations Predisposed; Relative Likelihood and Equipment Factors. These tools look at a structure, its location, its use and the machinery inside and make recommendation about likely losses and best value for investing in loss mitigation.

A quick review of losses at properties that follow recommended safety improvements compared with those that didn’t shows the HPR buildings had less loss, Callori said.  For example, 86 percent of the dollar value for 126 large losses at FM Global locations last year happened at non-HPR facilities.

What’s Next? Cyber and Energy HPR

“As a client develops a facility for their needs, the carrier engineers are brought into the process,” DiPrato said. “Lockton has broker engineers that work as consultants to the client and help in those discussions with the insurance carrier. There’s a lot that goes on to keep everything on an HPR status as technology keeps developing.”

Engineers are beginning to take the HPR approach to new directions, such as confronting alternative energy storage and cyber hazards. Field engineers look at physical security exposures and develop ways to protect against cyber hazards using HPR techniques in new ways.

“Everybody is worried about cyber hackers from another country, yet still the easiest way to get to your servers is for someone to just walk into your building if they are not questioned,” Callori said. “The HPR definition can evolve to hopefully protect [against] cyber hazards.

“We’re working on developing a tool that we think is going to be very valuable for the risk managers to actually understand what their exposures are,” Callori said. “That will be straight from HPR.”

Underwriters are going to start to think about HPR cyber protection in the same way they do about fire, said Michael Korn, a managing principal and leader of the national property practice at Integro Insurance Brokers. What are the data controls that are in place? Do you have really robust encryption? Do you have firewalls? How do you back up your information? What employee controls do you have over information?

Playing in the Primary

The most common HPR programs are structured as single carrier; quota share; and shared and layered, said Korn.

Each insurance company “has a particular appetite for where they like to play in a program,” he said.

Michael Korn, managing principal; leader of the national property practice, Integro Insurance Brokers

Michael Korn, managing principal; leader of the national property practice, Integro Insurance Brokers

“You have to put it together as part of a jigsaw puzzle,” said DiPrato. The way the market is today, with a lot of capacity and a lot of players out there, you can put together a lot of options, he said.

“The better the risk — the more HPR it is — the more underwriters are interested in being on it because the chances of having a loss are so much less,” Korn said. Some insurers have very large amounts of capacity and will do a single carrier deal.

Some larger risks might have 15 carriers, and each one is doing a different piece of the puzzle, Korn said.  For example, if a client needs $2 billion worth of capacity, a broker might set up a quota share, where one carrier assumes 30 percent of the program. The broker then builds a tower that goes all the way up to full value with additional quota share players, Korn said.

In a shared and layered program of the same size, a broker can set up a primary layer of $500 million, for example, and add additional layers to reach the needed $2 billion capacity.

Advertisement




The lower in the tower, the more premium the insurer gets because the chance of impact from a loss is much greater. Those insurers that write excess of the primary get less premium because they take on less risk.

“You approach certain insurers with the idea they want to play in the primary,” Korn said.

Other insurers are more capacity players and typically don’t offer engineering services. They “like to play in the excess,” Korn said. They put up capacity rather than engineering services and receive less premium, Korn said.

The value proposition for Liberty, “is not just the pure insurance product, but things that aren’t covered such as protecting a client’s market share, helping with revenue streams and also reputational risk,” Martin said. “Our loss prevention solutions support a good risk management team, helping them avoid some of those things.” &

Juliann Walsh is a staff writer at Risk & Insurance. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

2017 RIMS

Resilience in Face of Cyber

New cyber model platforms will help insurers better manage aggregation risk within their books of business.
By: | April 26, 2017 • 3 min read

As insurers become increasingly concerned about the aggregation of cyber risk exposures in their portfolios, new tools are being developed to help them better assess and manage those exposures.

One of those tools, a comprehensive cyber risk modeling application for the insurance and reinsurance markets, was announced on April 24 by AIR Worldwide.

Advertisement




Last year at RIMS, AIR announced the release of the industry’s first open source deterministic cyber risk scenario, subsequently releasing a series of scenarios throughout the year, and offering the service to insurers on a consulting basis.

Its latest release, ARC– Analytics of Risk from Cyber — continues that work by offering the modeling platform for license to insurance clients for internal use rather than on a consulting basis. ARC is separate from AIR’s Touchstone platform, allowing for more flexibility in the rapidly changing cyber environment.

ARC allows insurers to get a better picture of their exposures across an entire book of business, with the help of a comprehensive industry exposure database that combines data from multiple public and commercial sources.

Scott Stransky, assistant vice president and principal scientist, AIR Worldwide

The recent attacks on Dyn and Amazon Web Services (AWS) provide perfect examples of how the ARC platform can be used to enhance the industry’s resilience, said Scott Stransky, assistant vice president and principal scientist for AIR Worldwide.

Stransky noted that insurers don’t necessarily have visibility into which of their insureds use Dyn, Amazon Web Services, Rackspace, or other common internet services providers.

In the Dyn and AWS events, there was little insured loss because the downtime fell largely just under policy waiting periods.

But,” said Stransky, “it got our clients thinking, well it happened for a few hours – could it happen for longer? And what does that do to us if it does? … This is really where our model can be very helpful.”

The purpose of having this model is to make the world more resilient … that’s really the goal.” Scott Stransky, assistant vice president and principal scientist, AIR Worldwide

AIR has run the Dyn incident through its model, with the parameters of a single day of downtime impacting the Fortune 1000. Then it did the same with the AWS event.

When we run Fortune 1000 for Dyn for one day, we get a half a billion dollars of loss,” said Stransky. “Taking it one step further – we’ve run the same exercise for AWS for one day, through the Fortune 1000 only, and the losses are about $3 billion.”

So once you expand it out to millions of businesses, the losses would be much higher,” he added.

The ARC platform allows insurers to assess cyber exposures including “silent cyber,” across the spectrum of business, be it D&O, E&O, general liability or property. There are 18 scenarios that can be modeled, with the capability to adjust variables broadly for a better handle on events of varying severity and scope.

Looking ahead, AIR is taking a closer look at what Stransky calls “silent silent cyber,” the complex indirect and difficult to assess or insure potential impacts of any given cyber event.

Stransky cites the 2014 hack of the National Weather Service website as an example. For several days after the hack, no satellite weather imagery was available to be fed into weather models.

Imagine there was a hurricane happening during the time there was no weather service imagery,” he said. “[So] the models wouldn’t have been as accurate; people wouldn’t have had as much advance warning; they wouldn’t have evacuated as quickly or boarded up their homes.”

It’s possible that the losses would be significantly higher in such a scenario, but there would be no way to quantify how much of it could be attributed to the cyber attack and how much was strictly the result of the hurricane itself.

It’s very, very indirect,” said Stransky, citing the recent hack of the Dallas tornado sirens as another example. Not only did the situation jam up the 911 system, potentially exacerbating any number of crisis events, but such a false alarm could lead to increased losses in the future.

The next time if there’s a real tornado, people make think, ‘Oh, its just some hack,’ ” he said. “So if there’s a real tornado, who knows what’s going to happen.”

Advertisement




Modeling for “silent silent cyber” remains elusive. But platforms like ARC are a step in the right direction for ensuring the continued health and strength of the insurance industry in the face of the ever-changing specter of cyber exposure.

Because we have this model, insurers are now able to manage the risks better, to be more resilient against cyber attacks, to really understand their portfolios,” said Stransky. “So when it does happen, they’ll be able to respond, they’ll be able to pay out the claims properly, they’ll be prepared.

The purpose of having this model is to make the world more resilient … that’s really the goal.”

Additional stories from RIMS 2017:

Blockchain Pros and Cons

If barriers to implementation are brought down, blockchain offers potential for financial institutions.

Embrace the Internet of Things

Risk managers can use IoT for data analytics and other risk mitigation needs, but connected devices also offer a multitude of exposures.

Feeling Unprepared to Deal With Risks

Damage to brand and reputation ranked as the top risk concern of risk managers throughout the world.

Reviewing Medical Marijuana Claims

Liberty Mutual appears to be the first carrier to create a workflow process for evaluating medical marijuana expense reimbursement requests.

Cyber Threat Will Get More Difficult

Companies should focus on response, resiliency and recovery when it comes to cyber risks.

RIMS Conference Held in Birthplace of Insurance in US

Carriers continue their vital role of helping insureds mitigate risks and promote safety.

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]