Often called emerging risks. Going back to Knight’s definitions of Risk and Uncertainty, there is very little risk contained in these potential situations. Emerging risks are often pure uncertainty. Humans are good at finding patterns. Emerging risks are breaks in patterns.
What to Do about Emerging Risks…
Emerging risks are defined by AM Best as “new or evolving risks that are difficult to manage because their identification, likelihood of occurrence, potential impacts, timing of occurrence or impact, or correlation with other risks, are highly uncertain.” An example from the past is asbestos; other current examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc. Lloyd’s, a major sufferer from the former emerging risk of asbestos, takes emerging risks very seriously. They think of emerging risks as “an issue that is perceived to be potentially significant but which may not be fully understood or allowed for in insurance terms and conditions, pricing, reserving or capital setting”.
What do the rating agencies expect?
AM Best says that insurers need “sound risk management practices relative to its risk profile and considering the risks inherent in the liabilities it writes, the assets it acquires and the market(s) in which it operates, and takes into consideration new and emerging risks.” In 2013, Best has added a question asking insurers to identify emerging risks to the ERM section of the SRQ. Emerging Risks Management has been one of the five major pillars of the Standard & Poor’s Insurance ERM ratings criteria since 2006.
How do you identify emerging risks?
A recent report from the World Economic Forum, The Global Risks 2012 report is based on a survey of 469 experts from industry, government, academia and civil society that examines 50 global risks. Those experts identified 8 of those 50 risks as having the most significance over the next 10 years:
- Chronic fiscal imbalances
- Cyber attacks
- Extreme volatility in energy and agriculture prices
- Food shortage crises
- Major systemic financial failure
- Rising greenhouse gas emissions
- Severe income disparity
- Water supply crises
This survey method for identifying or prioritizing risks is called the Delphi method and can be used by any insurer. Another popular method is called environmental scanning which includes simply reading and paying attention for unusual information about situations that could evolve into future major risks.
What can go wrong?
Many companies do not have any process to consider emerging risks. At those firms, managers usually dismiss many possible emerging risks as impossible. It may be the company culture to scoff at the sci fi thinking of the emerging risks process. The process Taleb describes of finding ex post explanation for emerging Black Swan risks is often the undoing of careful plans to manage emerging risk. In addition, lack of imagination causes some managers to conclude that the past worst case is the outer limit for future losses.
What can you do about emerging risks?
The objectives for emerging risks management are just the same as for other more well-known risks: to reduce the frequency and severity of future losses. The uncertain nature of emerging risks makes that much more difficult to do cost effectively. Insurers can use scenario testing to examine potential impact of emerging risks and to see what actions taken in advance of their emergence might lessen exposures to losses. This scenario testing can also help to identify what actions might lessen the impact of an unexpected loss event that comes from a very rapidly emerging risk. Finally, insurers seek to identify and track leading indicators of impending new risk emergence.
Reinsurance is one of the most effective ways to protect against emerging risks, second only to careful drafting of insurance contract terms and conditions
Many of the largest insurers and reinsurers have developed very robust practices to identify and to prepare for emerging risks. Other companies can learn from the insurers who practice emerging risk management and adapt the same processes to their emerging risks.
Normal risk control processes focus on everyday risk management, including the management of identifiable risks and/or risks where uncertainty and unpredictability are mitigated by historical data that allow insurers to estimate loss distribution with reasonable confidence. Emerging risk management processes take over for risks that do not currently exist but that might emerge at some point due to changes in the environment. Emerging risks may appear abruptly or slowly and gradually, are difficult to identify, and may for some time represent an ill formed idea more than factual circumstances. They often result from changes in the political, legal, market, or physical environment, but the link between cause and effect is fully known in advance. An example from the past is asbestos; other examples could be problems deriving from nanotechnology, genetically modified food, climate change, etc.
For these risks, normal risk identification and monitoring will not work because the likelihood is usually completely unknown. Nevertheless, past experience shows that when they materialize, they have a significant impact on the insurers and therefore cannot be excluded from a solid risk management
program. So insurers have implemented unique specific strategies and approaches to cope with them properly.
Identifying emerging risks
Emerging risks have not yet materialized or are not yet clearly defined and can appear abruptly or very slowly. Therefore, having some sort of early warning system in place, methodically identified either through internal or external sources, is very important. To minimize the uncertainty surrounding these risks, insurers will consistently gather all existing relevant information to amass preliminary evidence of emerging risks, which would allow the insurer to reduce or limit growth of exposure as the evidence becomes more and more certain. However, Insurers practicing this discipline will need to be aware of the cost of false alarms.
Assessing their significance
Assess the relevance (i.e. potential losses) of the emerging risks linked to a company’s commitment— which classes of business and existing policies would be affected by the materialization of the risk—and continue with the assessment of the potential financial impact, taking into account potential correlation with other risks already present in the firm. For an insurer, the degree of concentration and correlation of the risks that they have taken on from their customers are two important parameters to be considered; the risk in question could be subject to very low frequency/high intensity manifestations, but if exposure to that particular risk is limited, then the impact on the company may not be as important. On the other hand, unexpected risk correlations should not be underestimated; small individual exposures can coalesce into an extreme risk if underlying risks are highly interdependent. When developing extreme scenarios, some degree of imagination to think of unthinkable interdependencies could be beneficial.
A further practice of insurers is to sometimes work backwards from concentrations to risks. Insurers might envision risks that could apply to their concentrations and then track for signs of risk emergence in those areas. Some insurers set risk limits for insurance concentrations that are very similar to investment portfolio credit limits, with maximum concentrations in specific industries in geographic or political regions. In addition, just as investment limits might restrict an insurer’s debt or equity position as a percentage of a company’s total outstanding securities, some insurers limit the percentage of coverage they might offer in any of the sectors described above.
Define appropriate responses
Responses to emerging risks might be part of the normal risk control process, i.e., risk mitigation or transfer, either through reinsurance (or retrocession) in case of insurance risks, through the financial markets for financial risks, or through general limit reduction or hedging. When these options are not available or the insurer decides not to use them, it must be prepared to shoulder significant losses, which can strain a company’s liquidity. Planning access to liquidity is a basic part of emerging risk management. Asset-selling priorities, credit facilities with banks, and notes programs are possible ways of managing a liquidity crisis.
Apart from liquidity crisis management, other issues exist for which a contingency plan should be identified in advance. The company should be able to quickly estimate and identify total losses and the payments due. It should also have a clear plan for settling the claims in due time so as to avoid reputation issues. Availability of reinsurance is also an important consideration: if a reinsurer were exposed to the same risks, it would be a sound practice for the primary insurer to evaluate the risk that the reinsurer might delay payments.
Advance Warning Process
For the risks that have identified as most significant and where the insurer has developed coherent contingency plans, the next step is to create and install an advanced warning process. To do that, the insurer identifies key risk indicators that provide an indication of increasing likelihood of a particular emerging risk.
Finally, sound practices for managing emerging risks include establishing procedures for learning from past events. The company will identify problems that appeared during the last extreme event and identify improvements to be added to the risk controls. In addition, expect to get better at each step of the emerging risk process with time and experience.
But emerging risk management costs money. And the costs that are most difficult to defend are the emerging risks that never emerge. A good emerging risk process will have many more misses than hits. Real emerged risks are rare. A company that is really taking emerging risks seriously will be taking actions on occasion that cost money to perform and possibly include a reduction in the risks accepted and the attendant profits. Management needs to have a tolerance for these costs. But not too much tolerance.
This is one of the seven ERM Principles for Insurers