"By failing to prepare, you are preparing to fail." - Benjamin Franklin
It's here. Allianz has released its 2018 Risk Barometer, identifying the top global business risks facing companies according to 1,911 risk experts from 80 countries. Not surprisingly, business interruption/supply chain disruptions, cyber events and natural catastrophes took the top three spots (these were numbers 1, 3 and 4, respectively, in both 2016 and 2017). In order to ring in the new year on the right foot, here are three things you can do internally to minimize your company's exposure to some of these business risks:
1. Develop and implement cross-functional policies and procedures
Consider developing and implementing policies and procedures across your primary and support activities. You can work with cross-functional departments to establish robust controls involving factory performance, regulatory and trade compliance, sales and marketing practices, market corrective actions and recalls, workplace behavior, cyber hygiene, litigation readiness and record retention. Then take the next step of educating your workforce and managers on a regular basis to ensure these tailored best practices are indeed being practiced. For example:
Business interruptions along your supply chain: consider quality, cost, accuracy, delivery and sustainability controls to determine performance of your factories and logistics vendors against certain benchmarks, as well as implementing business continuity procedures in the event one of your factories, suppliers or distributors goes down.
Cyber events: consider implementing enterprise-wide cyber hygiene practices to minimize exposure to cyberattacks and data breaches.
Employment practices: consider developing and implementing an anti-discrimination, bullying and harassment policy, a return to work policy for injured employees to minimize instances of malingering, as well as succession planning procedures in the event of the departure of a manager or executive.
Marketing and sales practices: consider implementing a process where draft print and online materials are first routed cross-functionally to ensure the appropriateness of claims as well as regulatory compliance.
Of course, this is just a small handful of examples, and there may be many others applicable to your particular business.
2. Work with your CFO and Risk Department to determine appropriate risk transfer levels
Your insurance carrier may tell you that it is willing to insure you at a certain level. For example, it may tell you that it will provide $10 million in coverage subject to a $250,000 deductible. That means the insurer’s obligation doesn’t trigger until your company has paid the first $250,000 in losses related to a particular insurable event. In other words, the insurance company is dictating to you what your risk transfer point should be.
Consider instead working with your CFO and Risk Department to determine a transfer point that is more in line with your specific risk appetite and organizational goals. Among other things, determine what percentage impact to financial metrics such as earnings before income tax and depreciation, operating cash flow, or shareholder equity would be considered “material events”. Review your loss history and determine which losses occur with regularity and are predictable (hint, they aren’t really risks if they happen regularly). Then look at losses that could be reasonably likely but expensive to insure, at which point you may have to determine the cost trade-off. Finally, look at catastrophic exposures across your company which you absolutely must insure, unless your company has a riverboat gambler mentality (in which case, may the odds be ever in your favor).
By being proactive in determining your risk appetite and transfer points, you should be better able to understand your risk profile for purposes of business decision-making. Understanding your risk profile, as opposed to blindly transferring all of your risks to an insurer, can put you in a better position to reduce exposure across your business functions. This can also have the added benefit of reducing costs. Using the example above, a financial study of your risk appetite may conclude that a $1 million deductible would be more in line with your specific risk appetite and organizational goals. The premium cost of a $1 million attachment point is much less than one with a $250,000 attachment point.
3. Understand your insurance policies from a big picture perspective
I’m always amazed by the number of companies who do not know what is in their insurance policies and simply hope they are covered in the event something happens. I’ve seen many other companies who have had losses and didn’t realize those losses could have been covered by their policies. In fairness, insurance contracts are often legalese beasts that are decipherable primarily by sophisticated lawyers. You need to make sure the policies you purchase align with your specific business functions and needs. Enlisting counsel to analyze, select and negotiate your insurance program within the framework of your specific operations can be that ounce of prevention worth a metric ton of cure.
I recently worked with a product manufacturer with its primary factory based in the Philippines and suppliers based in two other Asian countries. The company shipped product from the factory to its U.S.-based warehouse via ocean cargo. However, a review of their insurance policy revealed that it only covered events in the United States and territories, as well as Canada. This meant if their factory shut down, they could not recover lost business income resulting from the delayed production. Even if the coverage territory included this factory, there were exclusions for earthquakes, tsunamis, floods and labor/strike issues, effectively eliminating a large number of risks that could occur in the Philippines. Moreover, the policy only covered the company’s “direct suppliers,” which would likely have excluded disruptions at the material suppliers. To top it all off, there was no marine cargo policy in place, so shipments lost at sea (the only way they transported product from the factory to their warehouse) would not be covered.
The importance of having a big picture understanding of your insurance policies cannot be understated. Where are your manufacturing operations, and to what extent does your policy respond to natural disasters and geo-political/labor risks that may arise in such locations? How sophisticated are your supply chain, logistics and distribution networks, and is your business interruption coverage protecting them? Does your cyber insurance policy adequately address the number of electronic data records you are storing, including customer data and credit card information taken as part of direct-to-consumer sales? Do you have cyber-terrorism coverage in place given the rise in state-sponsored cyberattacks? What exclusions could disrupt coverage you expected? Is your policy occurrence-based or claims-made, triggering specific claim notification obligations? Do you have overlapping coverage in more than one policy that could trigger sticky “other insurance” clauses? Again, these are just a handful of questions that should serve as a starting point. There may be many inquiries applicable to your particular business.
It is always important to begin a new fiscal year on the right foot. Taking these three steps should provide sustainable opportunity to navigate the top business risks of 2018 (and beyond) with more confidence. As always, we’re here to help.