The global pandemic, systemic cyber attack and war in Ukraine are three recent events that took much of the insurance industry by surprise. Yet none really fit the definition of a black swan – an outlier that lies outside the realm of regular expectations - despite the term being routinely applied to them.
So why were so many insurers blindsided by them? Trevor Maynard, Senior Risk Advisor at the Cambridge Centre for Risk Studies (CCRS), says that there’s no reason to be surprised by such events: “History provides a list of those we have suffered before and gives us a good idea about frequency of any type of threat at a given level of severity.”
Maynard, who was head of innovation and also head of exposure management and reinsurance at Lloyd’s, says that CCRS’ scenarios have covered all three events well ahead of time, including the Ukraine situation. He believes that such shocks are more difficult to manage because of the unpredictability of timing or location; but insurers can be prepared.
“However, the noise of everyday business-as-usual can crowd out more strategic thinking,” says Maynard. “Various cognitive biases have a big effect too. These include availability bias, which prevents us from thinking about events we can't readily bring to mind, or cognitive dissonance, which causes our minds to ignore issues if they conflict with other desired activities (such as continuing to underwrite at prevailing rates in a soft market), or confirmation bias, where we only look for data that confirms our already held views.”
Seasoned emerging risk watcher James Illingworth, who has worked in the London market for nearly 40 years, 21 of which was with MS Amlin, agrees. He says that most insurance company risk teams had considered the possibility of the pandemic, systemic cyber risk and war in Ukraine: “However, the likelihood of their occurrence was not easily understood or modeled, particularly in the context of all the other potential extreme events that risk teams consider.”
He says it can be difficult to persuade management to act in advance, for such apparently remote circumstances.
“Furthermore, if management were to take action on all the potential circumstances that could arise it would significantly curtail businesses risk taking activities, or require additional hedging strategies, thus reducing income and/or profit.
“In an industry that competes for capital such action, on apparently remote risk scenarios, is not always palatable for management,” Illingworth adds.
Be prepared
It is possible to prepare for an actual black swan – an event that no-one foresaw – according to Maynard. It requires having generic response plans ready to go that focus on impacts and how we could deal with them, then the cause becomes less important, he thinks.
“There are usually precedents in history and our work at the CCRS has reviewed over 1,000 years of history to produce our risk taxonomy. We can prepare for these by setting aside time to review scenarios with sufficiently senior leaders - across all disciplines within an organization. For insurers this should include underwriters, claims managers, actuaries, chief executives, CROs, COOs etc.”
The Solvency II framework already requires consideration and management of adverse scenarios, Maynard points out. “From a management perspective, we advocate constructing scenarios as stress tests. That allows managers to draw up response plans to things that have not happened in their own experience, but are foreseeable surprises backed up by data.”
Maynard suggests approaching such scenarios as if they are live events that have actually happened. “This makes it easier to think, which of our policies will be triggered by this? Where is our wording not tight enough? Did we expect to pay losses under these policies for this type of event? Did we charge enough for this? What would our shareholders think? How will this affect our financial strength rating? And then, what actions should we take today to avoid adverse issues?”
Scenarios consider multiple futures, Maynard explains, they do not predict or forecast, they allow us to ask, “what if?” and to not limit ourselves to what is most likely. “At CCRS we are drawing together a consortium of companies to fund exploration of systemic risks over the next five years. We believe that collective action is more cost effective and synergistic,” he says.
Evaluating ENIDs
Illingworth also recommends loss scenario modelling, encompassing the full primary and secondary exposures and the potential for accepted limitations, for example contract wordings, to be overridden. “From this gross loss scenario, steps can be taken to either reduce gross exposure or to purchase additional hedging for example through reinsurance. However, in a competitive environment, risk cannot be fully avoided or mitigated. Insurers must attract business,” he concedes.
A more scientific approach to outlier risk could be adopted in the discipline of capital modelling, Illingworth believes. In the development of a capital model that closely reflects the risk of an insurance business, actuarial and risk departments are expected to evaluate and include Events Not In Data, or ENIDs.
“It would be beneficial for an orthodoxy to be developed that formally links the emerging risk process to the establishment of ENID capital loads. This will then encourage a wider consistency of what risk should be evaluated and modeled. The impact of this process on levels of capital will encourage oversight through the independent validation process and through the attention and consideration of management and boards,” Illingworth says. “Management will then be encouraged to justify or alter risk positions.”
Risks on the radar
Black swans by definition are impossible to predict, as Maynard points out. But there are many risks that can be foreseen and monitored. “Our business risk taxonomy has over 200 risks subdivided between: financial, geopolitical, technological, environmental, social and governance related. It is important to avoid the availability bias, so a comprehensive list is useful,” he says.
“Food system failures can have severe geopolitical and investment impacts in our view. These can arise from multiple causes either climate induced or manmade. Policy failures around climate change are possible, with very dire consequences. New technologies bring the potential for algorithm failure and unclear liabilities.
“We are starting to see discussion of various nature-based risks such as ecosystem degradation, these are likely to become mainstream business issues in the coming years bringing new risks, but also opportunities,” Maynard adds.
Illingworth identifies two important areas of risk that insurer management should watch: socio-economic disruption with political dislocation and systemic cyber risk.
“The cost of living crisis caused by higher borrowing costs, energy and food shortages arising from sanctions and the Russian blockade of Ukraine, and tighter monetary policy to counter inflation, provide a potent concoction of issues that have very quickly resulted in economic hardship for a very large proportion of the world’s population,” he explains. “The result of this will be further impetus for migrants to seek economic safe havens but also an increase in poverty across both the developing and developed world. Consequently, we should expect a surge in levels of crime and also riots, strikes, insurgency and civil commotion. This may result in further disruption of supply chains and associated shortages.”
For cyber risk, Illingworth sees parallels with the pandemic in the context of lockdown. “There are a set of scenarios that could result in widespread loss of information technology connectivity. The cause of this could be energy supply disruption, or multiple system failures caused by cyber warfare or terrorism.”
