Triaging Operational Risks: A Practitioner’s Guide to Business Continuity

By: Skip Smith | November 30, 2023

Skip Smith, BS, MS, ARM is the president of Innovative Risk Solutions, LLC, a consulting company specializing in developing cutting-edge Risk Management programs around safety, Environmental Sustainability, Crisis Management, Business Continuity, and Disaster Recovery. Before starting his business, he served as the Vice President of Safety, Business Continuity & Disaster Recovery at Scripps Networks/Discovery Channel, where he led the global functions for Operational Risk. Skip has worked for a number of fortune 500 companies in various leadership risk management roles, such as Coca-Cola, USA, Novelis, Popeyes, Service Master, and Hooters Sports Distribution.

Topics: Catastrophe | Risk Management

In today’s business world, where uncertainties are ever-present, companies face a complex web of risks and potential disruptions. My work as an operational risk professional immerses me in the realm of evaluating business continuity and disaster recovery programs.

But how do you view the day-to-day effects of this complexity on the heartbeat of your business?

Imagine your business as a precisely calibrated machine, every part (hopefully) working in harmony. To achieve a level of operational excellence, professionals stepping into the operational risk field must be the masters of essential processes.

I’ve discovered that mastering business continuity and disaster recovery (BC/DR) is comparable to a high-stakes game — a “contact sport,” if you will. Expertise in this realm isn’t merely about assessing impacts; it also involves crafting highly efficient mitigation plans and drawing on sound metrics in strengthening recovery capabilities.

A key insight struck me when I realized that understanding business process “failures” is the foundation for building the skills to prevent them. This understanding led me to conduct more precise business impact analyses, identify potential risks on the horizon and devise strategies robust enough to defend against the unknown.

I invite you to join me on this expedition as I reveal the fundamental pillars of this crucial domain, setting the stage to be successful as a leader in BC/DR.

Conducting Business Impact Analyses

One of the core skills required for a business continuity and disaster recovery professional is the ability to conduct comprehensive business impact analyses (BIAs). This involves a meticulous review of critical business functions and operations, analyzing dependencies across vendors, facilities, personnel and technology infrastructure.

By measuring the potential impact of a business interruption, identifying vulnerabilities and pinpointing single points of failure, professionals can develop effective continuity strategies, budget recommendations and action plans.

Operational Mitigation Strategies

To reduce or eliminate identified risks, a proficient professional must recommend operational mitigation strategies. This involves assessing the financial, reputational and operational impacts of potential downtime, quantifying these impacts, and prioritizing mitigation efforts. A holistic approach, which includes categorizing and measuring business risks, enables professionals to identify and address threats across key business departments.

Understanding IT Systems and Process Interdependencies

Professionals in this field must possess a deep understanding of the intricate interdependencies between IT systems and business processes. This knowledge allows for the identification of critical junctions that may disrupt operations during downtime or disasters. To ensure you’re using the correct target strategies to safeguard against disruptions, think about the following four areas:

Mapping Critical Dependencies: By mapping these dependencies, professionals can pinpoint essential junctures susceptible to disruptions. This mapping process serves as the foundation for developing precise strategies to safeguard against potential disruptions.
Developing Targeted Safeguard Strategies: Armed with insights from mapping dependencies, professionals can create targeted strategies. These strategies are specifically tailored to protect critical interdependencies, ensuring a robust business continuity and disaster recovery framework.
Analyzing Operational Vulnerabilities: A key skill involves analyzing operational vulnerabilities arising from IT systems and process interdependencies. This analysis provides a comprehensive understanding of weak points, enabling professionals to proactively address potential issues and enhance resilience.
Implementing Contingency Plans: Professionals must be adept at crafting contingency plans based on the identified interdependencies. These plans outline precise actions to be taken during disruptions, ensuring a swift and effective response to minimize downtime and mitigate adverse impacts.

Establishing Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)

It is essential to establish clear and attainable recovery time objectives and recovery point objectives in collaboration with key operational departments and IT, ensuring the organization’s resilience.

Equally important is aligning these objectives with business priorities and critical processes, forming the foundation of robust BC/DR plans. To achieve this, conducting thorough risk assessments through detailed interviews and utilizing the gathered data to set baseline recovery objectives is crucial.

Integrating recovery time actual (RTA) into this process enables professionals to ensure rapid recovery, minimize potential losses during disruptions and establish measurable targets that significantly enhance essential business metrics. Moreover, it is vital to align business priorities and critical functions to create effective disaster recovery plans and establish measurable targets that drive essential business metrics.

Continuous Assessment and Improvement

To be a leader within your organization in this area, professionals must constantly evaluate and enhance recovery capabilities. This involves collaborating with IT teams and assessing the effectiveness of implemented mitigation strategies, as well as using reliable metrics for organizational sustainability.

Routine assessments and testing of existing recovery capabilities such as backup solutions, redundancy measures and business continuity/disaster recovery plans offer valuable insights for improving an organization’s resilience.

Gaining Consensus and Collaboration

Finally, professionals in this field must possess strong collaboration and communication skills. Facilitating discussions and workshops to gain consensus on process criticality metrics is vital in aligning the organization’s understanding of critical processes and their importance in maintaining business continuity. By fostering collaboration with key stakeholders, professionals can ensure a comprehensive and unified approach to disaster recovery planning.

The role of a business continuity and disaster recovery professional is vital in safeguarding organizations from potential risks and disruptions. By possessing the necessary skills in conducting business impact analyses, recommending operational mitigation strategies, understanding interdependencies, establishing recovery objectives, continuous assessment and fostering collaboration, professionals can effectively enhance an organization’s resilience and preparedness.

In an ever-evolving business landscape, the importance of these skills cannot be overstated, as they contribute to the long-term success and sustainability of businesses as they face adversity and — hopefully — opportunities. &

How a Carrier Partner Can Help Navigate a Challenging Management and Professional Liability Market

A combination of a choppy economy with increased claims frequency and severity could lead to rate increases in the Management & Professional Liability market.

Rates in the management & professional liability (M&PL) markets were on the rise from 2020 to early 2023 and are now falling rapidly.

M&PL divisions manage a number of different insurance products including management liability (D&O), professional liability (E&O), employment practices liability (EPL), fiduciary liability policies, cyber, etc. In 2023 and into 2024, a big influence on the marketplace has been the extremely aggressive and softening public company D&O market.

Though these rates have been softening for management liability, that may change over the next few years as companies continue to adjust their business models motivated by economic uncertainty. Layoffs were up nearly 200% last year, Forbes reported, even as other recession indicators, like the inflation rate, improved. A recession could lead to an increased claim activity and force carriers to raise rates.

“Whenever there is a meaningful downturn in the economy, we tend to see claim frequency pop up,” said George Schalick, Jr., senior vice president of the Management and Professional Liability Division at Philadelphia Insurance Companies (PHLY).

With continued fiscal uncertainty, businesses potentially already burdened with pandemic-related claims should seek a carrier with a long history in M&PL products. They will provide much-needed risk management guidance and be better positioned to support their insureds during market fluctuations.

Why Insureds Might See an Uptick in M&PL Claims

George Schalick, Jr., Senior Vice President of the Management and Professional Liability Division, Philadelphia Insurance Companies

The current soft market might come as a bit of a surprise as it does not track with previous underwriting cycles and economic conditions. Afterall, many privately held and non-profit organizations struggled during the early days of the pandemic with shutdowns and rapidly declining revenues. But the Government assistance programs, like the Paycheck Protection Program loans, helped keep many afloat during the tough times.

“During COVID many organizations stopped doing business until they were able to sort out all of the health and safety challenges,” Schalick said. “They were forced to lock down, but then all the government assistance programs allowed them to keep people employed. The increased volume of claims we anticipated we would see coming from the lockdowns and restrictions that were imposed upon businesses in the U.S. didn’t manifest at first.”

“Just because there wasn’t an onslaught of reported claims at the beginning of the pandemic, doesn’t mean the circumstances that would give rise to a claim being reported didn’t occur. Courts and the judicial system were closed or slowed and now that they are back open, we’re starting to see the circumstances that occurred during the COVID lockdowns becoming claims today,” Schalick said. “Litigation is progressing.”

Added to the delayed pandemic litigation is a concern over newer claims that might be filed as the country inches toward an economic downturn. Though a recession was avoided in 2023, experts think a soft dip could occur in 2024, with 76% of economists saying there’s a 50% or less chance of an economic downturn this year — that almost always results in more management liability claims.

“During the Great Recession in 2008, we saw an almost immediate spike in claims because of the economic conditions and the pressure it placed on organizations. They were making personnel changes with significant belt tightening almost immediately.” Schalick said.

What’s in Store for M&PL Policy Rates in 2024?

Despite an uptick in claims and increased economic uncertainty, management liability rates haven’t increased, resulting in market-wide pricing levels that may not meet the increased pressure of rising settlements and jury verdicts.

“Rates are going the other direction and settlement values are not falling,” Schalick said.

The mismatch between rates, claim frequency and severity is, in part, because carriers experiencing the dramatic soft market in the public D&O market are seeking premium gain in the private and non-profit market.

“In the public company market, the rates have been decreasing significantly. The rates were increasing in the private, not-for-profit market, and rightfully so, but there’s a desire to supplement overall mid-size D&O for carriers who also write private not-for-profit, and they see that as an opportunity to aggregate premium,” Schalick said. “So the always competitive landscape in the private, not-for-profit market has dramatically increased in the last 18 to 24 months.”

Still, companies of all sizes and types should be concerned about management liability rates in the future. Legal system abuse is resulting in increases in both the amount of litigation and the size of verdicts plaintiffs are receiving.

Certain areas of the country are particularly vulnerable to this type of legal system abuse. As a result, insureds in these localities are likely to be vulnerable to rate increases.

“The environment is so positive for the plaintiff that forces premium increases so carriers are able to stay in that market long term,” Schalick said.

Why a Tenured Carrier Partner Can Help Insureds Navigate An Uncertain Market

It’s clear that insureds are facing an uncertain M&PL market over the next few years. Fortunately, carriers with a long history in the M&PL space will be there to offer stability.

Philadelphia Insurance Companies has been supporting this market for 35 years. PHLY is committed to offering long-term rate stability, even as economic and claims trends start to push premiums upwards. They have an appetite for all sorts of companies, large and small, for-profit and nonprofit alike.

“We’ve been at this game for a long time and are one of the most tenured underwriters in this space,” Schalick said. “We like to stay very consistent.”

PHLY has worked with both for-profit and non-profit on management liability policies. With dedicated M&PL teams throughout the company’s 13 regions, PHLY provides the support agents and brokers are looking for on behalf of their clients. The teams know their regions well and can respond to local trends. They’re also dedicated to making the renewal process as easy as possible for their partners and policyholders.

“We have real confidence in our results, so we focus a lot on making the renewal experience as painless as possible for all agents and insureds,” Schalick said.

The company is also investing in tools to help insureds avoid losses. Earlier this year, they launched a new online risk management platform, PHLYGateway, which offers resources for insureds on how to create an employee handbook and trainings on issues such as recognizing workplace sexual harassment and discrimination.

If insureds have questions, they can consult a Best Practices Help Line, provided via the platform. That way, they can get on the spot risk management guidance to help them prevent claims.

To learn more, visit: https://www.phly.com/mplDivision/managementLiability/default.aspx.

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Philadelphia Insurance Companies. The editorial staff of Risk & Insurance had no role in its preparation.

7 Questions for RGA’s Carmony Wong

Navigating Global Travel Uncertainties: Business Travel Risk Insights from HUB’s Will Mule

Planck’s Leandro DalleMule Discusses the Ethics of AI in Insurance

3 Keys to Combat ‘Big Brother’ Fears with Safety Technology

More from Risk & Insurance

Searching For a Surety Partner? Look For Someone Invested in Stability for the Years to Come

4 Traits of Insurers Who Are in It for the Long Haul

8 Questions for Nan-Wei Gong and Scott Sexton of FIGUR8

Rising Star Stephen Kyriacou Discusses the Growing Potential of Litigation Risk Insurance