Unquantifiable Exposures

Top Five Uninsurable Risks

The complexities and nuances of these risks make it impossible for risk managers to find total coverage.
By: | September 2, 2014 • 11 min read

Whether it’s a Sriracha hot sauce maker being threatened with closure by city council or General Motors fighting for its reputation after recalling more cars than it made in the past three years, companies face a world of complex risks.

And some of those risks cannot be transferred via insurance products.

Advertisement




How well are companies protected, for example, when new regulations get passed — such as the EPA’s proposed restrictions on coal burning plants that may drive some in the energy industry out of business, or the current political drumbeat against tax inversion practices?

What insurance covers a company whose rogue employee sells trade secrets to an outside company? How about when a pandemic shuts down operations?

Risk managers identify their organizational exposures as best they can and then work to manage or eliminate those risks. Sometimes, commercial insurance can be used to remove the bulk of that risk, but we’ve isolated five risks which many experts believe are uninsurable in many respects: For the time being anyway.

“For the most part, the insurance industry rises to the occasion and creates products for emerging risks that evolve over time,” said Carol Laufer, executive vice president, ACE Excess Casualty.

“For insureds, the purchase of products such as employment practices and cyber insurance eventually evolves from a discretionary spend to standard insurance coverage,” she said.

09012014_01_CS_sidebarWhile some coverage is available, these five threats are considered mostly uninsurable: reputational risk, regulatory risk, trade secret risk, political risk and pandemic risk.

For sure there are other challenging risks — such as weak economic conditions or skilled talent shortages — that also are uninsurable, but we have selected those for which risk managers are able to play an effective role in mitigating the risk.

Part of the problem in transferring such risks is the complexity involved in the exposures. Look at tax inversion — where a U.S. company merges with a foreign company to change their tax jurisdiction and lower their tax burden.

Is that a political risk? A regulatory risk? A reputational risk? It could be any one of them, or all three of them.

“I think it’s almost uncountable the ways that a loss could occur where that loss could be tied back to reputational risk or regulatory risk,” said David White, a national actuarial leader at KPMG.

At the same time, calling a risk uninsurable has nuances to it. Coverage for criminal fines and penalties, for example, are truly uninsurable. The law forbids such coverage, said Patrick Donnelly, chief broking officer, Aon Risk Solutions.

Advertisement




But for other types of risks, there may be various products offered by brokers and underwriters to address some, but not all of the specific exposures faced by a company, he said. Such coverage, however, may be rare or expensive, or corporations may find risk transfer to be an ineffective way of hedging the risk.

“I’m very careful about branding something as truly uninsurable,” Donnelly said.

“It’s not black and white.”

Reputational Risk

General Motors might be the quintessential example of a company undergoing a reputational hit. It recalled nearly 30 million cars, and faces numerous lawsuits and investigations related to a delayed recall of 2.6 million cars — some manufactured more than a decade ago — with a faulty ignition switch that has been linked to 13 deaths and more than 50 accidents.

Video: As this report from the New York Times indicates, automakers have a long history of trying to maintain their reputations in the face of major recalls.

But every day brings another contender for the throne. One day, it’s American Apparel’s founder being suspended, and possibly eventually fired, for alleged sexual misconduct. Another day, it’s a viral video of a Comcast customer service representative who refuses to let a customer cancel his account.

Or it could be yet another cyber theft of customer information or a celebrity spokesman tweeting out an offensive comment.

While there are insurance products that provide coverage for crisis management/public relations costs and product recall expenses, only a limited market exists for loss of income or net profit for reputational harm, said Emily Freeman, global technology and privacy practice specialist at Lockton.

“You need to be able to wrap your arms around the risk and the value of risk before you can insure it,” said Tom Srail, senior vice president, Willis. “What a company name is worth has long been a risk to the industry.”

Freeman said Lockton has been involved in creating customized solutions for large clients that address specific threats of reputational harm. The client and underwriter negotiate the period of indemnity and loss adjustment, she said.

“The perils are not on an ‘all risk’ basis, but rather categories listed that are relevant to the client, such as disgrace of key persons or breach of sensitive data,” Freeman said.

“In my mind,” said KPMG’s White, “you can’t find policies that cover all types of reputational risk from whatever event that occurred.”

Regulatory Risk

When you think of regulatory risk, many risk managers keep an eye on the rules of the Health Information Portability and Accountability Act (HIPAA), the Dodd-Frank Act or a regulatory agency such as the Food & Drug Administration.

But the threat of regulation is immense and often unpredictable. In just one year, 2012, there were 17,763 changes to laws, rules and regulations affecting the banking and financial sectors alone, according to The Network, a training and compliance company.

“From a risk management or risk mitigation perspective, you can’t really predict regulations. You can prepare for them, but you can’t predict them or price them.” — David White, national actuarial leader, KPMG

Plus, risks can emanate from all sectors of government. One recent example is Huy Fong Foods, the manufacturer of Sriracha hot sauce, which was temporarily shut down by a judge following a lawsuit by the city council of Irwindale, Calif., after four families (one of which was related to a city councilman) complained about odors.

Eventually, the city dropped its lawsuit and its declaration that the factory was a “public nuisance,” but it took months for the situation to resolve itself.

“From a risk management or risk mitigation perspective, you can’t really predict regulations. You can prepare for them, but you can’t predict them or price them,” White said. “Regulatory risk is handled through risk mitigation, not risk transfer.”

Tom Srail, senior vice president, Willis

Tom Srail, senior vice president, Willis

“Even in the United States,” Srail said, “a government or state can put an industry or a company, if they want to, out of business or severely restrict their ability to operate.”

Certainly, the energy industry has been facing that threat since 2008 when President Obama noted that coal-powered plants can still be built, but at a steep regulatory cost.

“It’s just that it will bankrupt them because they are going to be charged a huge sum for all that greenhouse gas that’s being emitted,” Obama said.

Advertisement




While a final rule has not yet been issued by the Environmental Protection Agency, the president has recently called on it to enact new emissions regulations. The U.S. Chamber of Commerce estimated the regulations will cost the economy about $50 billion annually.

“There are some creative products underwriters have tried over the years … but there is definitely nothing off the shelf or run of the mill,” Srail said of regulatory risk.

“There’s nothing easy to do.”

Trade Secret Risk

“I find trade secrets to be one of the most dangerous areas,” said attorney Rudy Telscher, a partner at Harness Dickey & Pierce, who recently won a patent infringement case at the U.S. Supreme Court.

“There are no boundaries. It’s such a nebulous area.”

It can include anything from a disgruntled employee taking customer lists or R&D information to his next job, a foreign government stealing trade secrets or a hacker burrowing into a computer system to steal a company’s version of its special sauce.

Globalization and the expanded use of supply chain partners increase the potential exposure. Plus, even when a company is able to pursue trade secret litigation, courts consider whether reasonable precautions had been taken to secure the proprietary information.

“The violation,” said Bob Fletcher, president, Intellectual Property Insurance Services Corp., which offers insurance to litigate intellectual property cases, “is not the use [of a trade secret]. The violation is, ‘How did you get the information?’ ”

In any event, said Aon’s Donnelly, “an organization would have a very difficult time obtaining an insurance policy that adequately protects them against the theft or wrongful disclosure of their trade secrets and the potential damage that could do to the company if that trade secret got out.”

Rudy Telscher, partner, Harness Dickey & Pierce

Rudy Telscher, partner, Harness Dickey & Pierce

More common than industrial espionage, however, are the run-of-the-mill business discussions that revolve around synergies and potential partnerships between enterprises. Often, the nondisclosure agreements (NDAs) covering such discussions are not specific enough to protect the parties, Telscher said.

It is the party receiving the information that is most at risk, he said. If the discussions dissolve, that party may find itself accused of acting upon trade secrets because the NDA did not specify the information that was to be disclosed and held confidential.

“The more information you receive, the greater the risk there will be a lawsuit if you don’t end up doing a deal and you move forward on your own,” Telscher said.

Political Risk

In this era of globalization, companies establish operations all over the world, and the world is not a stable place.

Upheaval — or the increasing threat of it — is prevalent on just about every continent of the globe. Certainly, the possibilities in the Middle East, Eastern Europe, Asia and Latin America are concerning to risk managers.

An Emergencies Ministry member walks at a site of Malaysian airliner flight MH17, which was brought down over eastern Ukraine, killing all 295 people aboard.

An Emergencies Ministry member walks at a site of Malaysian airliner flight MH17, which was brought down over eastern Ukraine, killing all 295 people aboard.

While political violence and trade credit coverage is available in the majority of cases, companies continue to face uninsurable exposures.

“It’s definitely tricky,” said Mark Garbowski, a shareholder at Anderson Kill.

Advertisement




“Based on the policies I have seen, there will always be some aspects of it that will be fully outside the scope of what can be covered.”

And only “a minority” of companies actually buy the cover, said John Hegeman, AIG senior vice president, specialty lines-political risk.

“I think the principal reason is most risk managers view it as a self-insured business risk,” he said.

“Pretty much anything an insured thinks is really essential to their operations can be covered, but you have to identify it and understand what it is.”

Often, said Richard Maxwell, chief underwriting officer and global head of political risk and trade credit insurance for XL Group, corporations wait too long in the face of deteriorating conditions and insurers will not accept the risk.

“Buy the cover before the barn is on fire,” he said.

Generally, policies cover a host of risks, including government expropriation of an asset, destruction of an asset due to war or political violence, credit default of trade receivables, and when foreign governments block transfer and convertibility of currency.

Some countries, such as Iran, Iraq, Afghanistan and the like, are not insurable, said Jochen Duemler, CEO and head of Euler Hermes Americas Region, which offers risk coverage in nearly 200 countries.

Argentina is a recurring problem, and as for Venezuela, it’s not uninsurable, he said, “but we would say we pretty much have no exposure there and are very, very reluctant” to offer coverage.

Overall, policies exclude losses that occur when currency is devalued, losses that occur as a result of a nuclear incident and non-payment of premium, or any losses to suppliers or partners as a result of political violence, except for trade receivables.

Policies also require insureds to make certain warranties and representations that are included in the insurance contract.

Policy disputes can arise when property is expropriated or licenses are cancelled due to what a foreign government says are reasonable or legally justified regulatory actions, according to an article on political risk coverage by Robert C. Leventhal, an attorney with Foley and Lardner.

Another area of dispute emerges when assets are jeopardized by “creeping expropriations,” such as a series of actions by the government as opposed to a single act, he said.

Pandemic Risk

Many risk managers aren’t too worried about the Ebola pandemic in West Africa that has already killed more than 900 people. And they probably aren’t all that worried — if they even know — about the four cases of pneumonic plague in Colorado that are life-threatening.

But who among them can forget the H1N1 pandemic influenza virus known as the swine flu, that in 2009 killed more than 250,000 people worldwide, including more than 3,600 in North America.

At one point, the U.S. Centers for Disease Control and Prevention estimated that as many as two in five workers might become infected or have to stay home to care for an ill family member.

Video: Researchers at the Massachusetts Institute of Technology studied the role airports play in spreading disease and pandemics, according to this report by Voice of America.

A pandemic flu is something all risk managers should worry about. And there’s no coverage for it.

“A pandemic is a very difficult exposure to insure in any meaningful way. You can do some work around it, but it’s a very, very difficult risk to insure and no one really insures it,” said John McLaughlin, managing director of the higher education practice at Arthur J. Gallagher & Co.

For schools or universities, his specialty, there may be some loss of tuition coverage available, but “it’s not very cost effective.”

Advertisement




For business, supply-chain insurance may offer some protection, but that coverage still has a limited take-up.

Companies may also be able to craft special wording for property or D&O policies, he said.

“You never say never. There’s always some solution that you can work up,” he said.

But, McLaughlin said, a healthier perspective for a risk manager is to analyze how the risk would impact the organization and to devise solutions that are not insurance-related.

Anne Freedman is managing editor of Risk & Insurance. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

Black Swan: EMP

Chaos From Above

An electromagnetic pulse event triggered by the detonation of a low-yield nuclear device in Earth’s atmosphere triggers economic and societal chaos.
By: | July 27, 2017 • 9 min read

Scenario

The vessel that seeks to undo America arrives in the teeth of a storm.

The 4,000-ton Indonesian freighter Pandawas Viper sails towards California in December 2017. It is shepherded toward North America by a fierce Pacific winter storm, a so-called “Pineapple Express,” boasting 15-foot waves and winds topping 70 mph.

Advertisement




Normally, Pandawas Viper carries cargo containers. This time she harbors a much more potent payload.

Unbeknownst to U.S. defense and intelligence officials, the Viper carries a single nuclear weapon, loaded onto a naval surface-to-air missile, or SAM, concealed below deck.

The warhead has an involved history. It was smuggled out of Kyrgyzstan in 1997, eventually finding its way into the hands of Islamic militants in Indonesia that are loosely affiliated with ISIS.

Even for these ambitious and murderous militants, outfitting a freighter with a nuclear device in secrecy and equipping it to sail to North America in the hopes of firing its deadly payload is quite an undertaking.

Close to $2 million in bribes and other considerations are paid out to ensure that the Pandawas Viper sets sail for America unmolested, her cargo a secret held by less than two dozen extremist Islamic soldiers.

The storm is a perfect cover.

Officials along the West Coast busy themselves tracking the storm, doing what they think is the right thing by warning residents about flooding and landslides, and securing ports against storm-related damage.

No one gives a second thought to the freighter flying Indonesian colors making its way toward the Port of Long Beach, as it apparently should be.

It’s only at two in the morning on Sunday, December 22, that an alert Port of San Diego administrator charged with monitoring ocean-going cargo traffic sees something that causes him to do a double take.

GPS tracking information indicates to him that the Pandawas Viper is not heading to Long Beach, as indicated on its digital shipping logs, but is veering toward Baja, Calif.

Were it to keep its present course, it would arrive at Tijuana, Mexico.

The port administrator dutifully notifies the U.S. Coast Guard.

“Indonesian freighter Pandawas Viper off course, possibly storm-related navigational difficulties,” he emails on a secure digital communication channel operated by the port and the Coast Guard.

“Monitor and alert as necessary,” his message, including the ship’s current coordinates, concludes.

In turn, a communications officer in the Coast Guard’s Alameda, Calif. offices dutifully alerts members of the Coast Guard’s Pacific basin security team. She’s done her job but she’s about an hour late.

At 3:15 am Pacific time on December 22, the deck on the Pandawas Viper opens and the naval surface-to-air missile, operated remotely by a militant operative in Jakarta, is let loose.

It’s headed not for Los Angeles or San Diego, but rather Earth’s atmosphere, where it detonates about 50 miles above the surface.

There it interacts with the planet’s atmosphere, ionosphere and magnetic field to produce an electromagnetic pulse, or EMP, which radiates down to Earth, creating additional electric or ground-induced currents.

The operative’s aim is perfect. With a charge of hundreds and in some cases thousands of volts, the GICs cause severe physical damage to all unprotected electronics and transformers. Microchips operate in the range of 1.5 to 5 volts and thus are obliterated by the billions.

As a result, the current created by the blast knocks out 70 percent of the nation’s grid. What began as an overhead flash of light plunges much of the nation into darkness.

The first indication for most people that there is a problem is that their trusty cellphones can do no more than perform calculations, tell them the time or play their favorite tunes.

As minutes turn to hours, however, people realize that they’ve got much bigger concerns on their hands. Critical infrastructure for transportation and communications ceases. Telecommunication breakdowns mean that fire and police services are unreachable.

For the alone, the elderly and the otherwise vulnerable, panic sets in quickly.

Hospital administrators feverishly calculate how long their emergency power supplies can last.

Advertisement




Supermarkets and other retailers anticipating one of their biggest shopping days of the year on that Monday, December 23, instead wake up to cold homes and chilling prospects.

Grocery stores with their electricity cut off are unable to open and product losses begin to mount. Banks don’t open. Cash machines are inoperable.

In the colder parts of the United States, the race to stay warm is on.  Within a day’s time in some poorer neighborhoods, furniture is broken up and ignited for kindling.

As a result, fires break out, fires that in many cases will not draw a response from firefighting crews due to the communication breakdown.

As days of interruption turn into weeks and months, starvation, rioting and disease take many.

Say good-bye to most of the commercial property/casualty insurance companies that you know. The resulting chaos adds up to more than $1 trillion in economic losses. Property, liability, credit, marine, space and aviation insurers fail in droves.

Assume widespread catastrophic transformer damage, long-term blackouts, lengthy restoration times and chronic shortages. It will take four to 10 years for a full recovery.

The crew which launched the naval surface-to-air missile that resulted in all of this chaos makes a clean getaway. All seven that were aboard the Pandawas Viper make their way to Ensenada, Mexico, about 85 miles south of San Diego via high-speed hovercraft.

Those that bankrolled this deadly trip were Muslim extremists. But this boat crew knows no religion other than gold.

Well-paid by their suppliers, they enjoy several rounds of the finest tequila Ensenada can offer, and a few other diversions, before slipping away to Chile, never to be brought to justice.

Observations

This outcome does not spring from the realm of fiction.

In May, 1999, during the NATO bombing of the former Yugoslavia, high-ranking Russian officials meeting with a U.S. delegation to discuss the Balkans conflict raised the notion of an EMP attack that would paralyze the United States.

That’s according to a report of a commission to assess the threat to the United States from an EMP attack, which was submitted to the U.S. Congress in 2004. But Russia is not alone in this threat or in this capability.

Wes Dupont, vice president and general counsel, Allied World Assurance Company

North Korea also has the capability and the desire, according to experts, and there is speculation that recent rocket launches by that country are dress rehearsals to detonate a nuclear device in our atmosphere and carry out an EMP attack on the United States.

The first defense against such an attack is our missile defense. But some experts believe this country is ill-equipped to defend against this sort of scenario.

“In terms of risk mitigation, if an event like this happens, then that means the best risk mitigation we have has already failed, which would be our military defense systems, because the terrorists have already launched their weapon, and it’s already exploded,” said Wes Dupont, a vice president and general counsel with the Allied World Assurance Company.

The U.S power grid is relatively unprotected against EMP blasts, Dupont said.

And a nuclear blast is the worst that can occur. There isn’t much mitigation that’s been done because many methods are unproven, and it’s expensive, he added.

Lloyd’s and others have studied coronal mass ejections, solar superstorms that would produce a magnetic field that could enter our atmosphere and wipe out our grid.  Scientists believe that an EMP attack would carry a force far greater than any coronal mass ejection that has ever been measured.

An extended blackout, with some facilities taking years to return to full functionality, is a scenario that no society on earth is ready for.

“Traditional scenarios only assume blackouts for a few days and losses seem to be moderate …” wrote executives with Allianz in a 2011 paper outlining risk management options for power blackout risks.

“If an event like this happens, then that means the best risk mitigation we have has already failed … because the terrorists have already launched their weapon, and it’s already exploded.” — Wes Dupont, vice president and general counsel, Allied World Assurance Company

“But if we are considering longer-lasting blackouts, which are most likely from space weather or coordinated cyber or terrorist attacks, the impacts to our society and economy might be significant,” the Allianz executives wrote.

“Critical infrastructure such as communication and transport would be hampered,” the Allianz executives wrote.

“The heating and water supply would stop, and production processes and trading would cease. Emergency services like fire, police or ambulance could not be called due to the breakdown of the telecommunications systems. Hospitals would only be able to work as long as the emergency power supply is supplied with fuel. Financial trading, cash machines and supermarkets in turn would have to close down, which would ultimately cause a catastrophic scenario,” according to Allianz.

It would cost tens of billions to harden utility towers in this country so that they wouldn’t be rendered inoperable by ground-induced currents. That may seem like a lot of money, but it’s really not when we think about the trillion dollars or more in damages that could result from an EMP attack, not to mention the loss of life.

Allianz estimates that when a blackout is underway, financial trading institutions, for example, suffer losses of more than $6 million an hour; telecommunications companies lose about $30,000 per minute, according to the Allianz analysis.

Insurers, of course, would be buffeted should a rogue actor pull off this attack.

Lou Gritzo, vice president and manager of research, FM Global

“Depending on the industries and the locations that are affected, it could really change the marketplace, insurers and reinsurers as well,” said Lou Gritzo, a vice president and manager of research at FM Global.

Gritzo said key practices to defend against this type of event are analyzing supply chains to establish geographically diverse supplier options and having back-up systems for vital operations.

The EMP commission of 2004 argued that the U.S. needs to be vigilant and punish with extreme prejudice rogue entities that are endeavoring to obtain the kind of weapon that could be used in an attack like this.

It also argued that we need to protect our critical infrastructure, carry out research to better understand the effects of such an attack, and create a systematic recovery plan. Understanding the condition of critical infrastructure in the wake of an attack and being able to communicate it will be key, the commission argued.

The commission pointed to a blackout in the Midwest in 2003, in which key system operators did not have an alarm system and had little information on the changing condition of their assets as the blackout unfolded.

Advertisement




The commission’s point is that we have the resources to defend against this scenario. But we must focus on the gravity of the threat and employ those resources.

Our interconnected society and the steady increase in technology investment only magnify this risk on a weekly basis.

“Our vulnerability is increasing daily as our use of and dependence on electronics continues to grow,” the EMP commission members wrote back in 2004.

But “correction is feasible and well within the nation’s means and resources to accomplish,” the commission study authors wrote. &

Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]