Capturing and modelling emerging risks
Ahead of his presentation at RiskMinds Insurance, we asked Dan Oprescu, Managing Director of Risk Surveillance and Analytics at Financial Institutions Commission of British Columbia to discuss what new risks are impacting the insurance industry.
If you google “emerging risks” or “new risks” you will not find a Wikipedia entry, yet. Nevertheless, emerging risks is what keeps CEOs and CROs awake at night.
What defines emerging risks? Emerging risks can be new and unforeseen/future risks and/or the evolution of previously known risks that are difficult to quantify but likely have an important impact on society and industry, including the (re)insurance industry. One of the main problems to quantify emerging risks is that there exists little historical data which allow for estimating potential losses and costs based on past experience. Common for all emerging risks is a lack of understanding of the threat they pose to firms and (re)insurers in today’s global and interconnected economy.
Amongst others, emerging risks include cyber risk, climate change, natural catastrophes, fiscal crises epidemics, resistance to antibiotics, cryptocurrency, water crises, and political and social instability. We will focus on cyber risk and natural catastrophes. These risks threaten firms with increased property damage and liability vulnerability. They could potentially lead to large secondary costs through disruption of supply chains and power networks. In addition, they have the potential of contagion and to affect many (re)insurers.
Risk.net presented IT disruption and data compromise among the industry’s top 10 operational risks in March 2018. Firms face the challenge of rapidly developing computer technologies and thus the rapid evolution of cyber risks. Potential liabilities could result from cyber-attacks, general failures of technology, threats to data security, cloud computing, and social media. Cyber-attacks could result in large recovery costs and reputational damage. Cyber risk is omnipresent, as each and every entity that relies on information technology and handles confidential information can be a target. One major challenge is that if firms invest in IT security and technology that does not necessarily help protect against cyber risks, because of rapidly changing attack patterns and developing technology.
Another emerging risk is that of natural catastrophes that have been perceived to increase in severity. Fire hazard has been seen to increase due to climate change resulting in less precipitation and hotter temperatures in the summer. British Columbia and Alberta have seen record losses due to wildfires in 2017. A change in demographics leads to greater losses if wildfires occur as potentially more houses get burnt and infrastructure gets destroyed.
In general, firms manage all forms of risk through a combination of policies and procedures aimed at preventing and mitigating each risk. This approach also applies to dealing with emerging risks. Insurance however is not an alternative to solid risk management. It is most effective in providing protection against residual risks that persist and resist additional proactive efforts. This approach will ultimately lead to finding appropriate insurance policies for emerging risks. Nevertheless, policy pricing and modelling assumptions are a major challenge for (re)insurers as there is lack of historical data. Understanding future claim levels and trends is essential to ensure adequate cover offered and that premiums are priced at the right level. In order to cap potential losses, insurers set low limits and various exclusions in insuring emerging risks. As emerging risks like cyber risks change their patterns quickly, policies might not be up to date and leave firms with protection gaps.
Each emerging risk will one day probably be treated like credit risk, be considered an “old and familiar risk” that can be managed, i.e. quantified and mitigated. One differentiator however is the potentially systemic nature of emerging risks. A cyber-attack most likely does not only target one firm but a cascade of firms doing business with the firm under attack. There is a substantial potential for contagion.
Regulators with a macroprudential mandate are carefully monitoring emerging risks as they need to be alert with possible systemic consequences these risks could cause to the stability of a financial system that they protect. This includes assessing each emerging risk on its complete chain of consequences, including systemic impacts.