Over the past two decades, enterprise risk management (ERM) has evolved from a novel concept to an accepted and mature business practice. As such, insurers have significantly improved their identification and mitigation of risks, especially in the areas of underwriting aggregation, capital inefficiencies, dominance of legacy systems and others. Certain emerging risk areas are definitely on insurers’ radar screens, such as: the Internet of Things (IOT), autonomous cars and climate change. Yet, there are other emerging risks that are not fully recognized or understood. These require a robust application of enterprise risk management techniques.
Alternative Capital at the Primary Level
So far, alternative capital providers, in the form of insurance-linked securities. collateralized reinsurance, etc., have made their impact felt among reinsurers. Primary insurers, of course, have used alternative capital in place of traditional reinsurance, usually CAT bonds. However, primary insurers have not felt the threat of being replaced by alternative capital.
The risk is real that large books of low-volatility policies, which would normally be covered by primary insurers, could be packaged by banks, reinsurers or other parties into securitized risk pools. Such packages would be attractive to investors, who want to participate in a different tranche of risk than currently offered at reinsurance levels. Thus, primary insurers could be bypassed altogether, at least, in terms of bearing risk and being paid for risking their own capital for doing so. Primary insurers would likely be needed to supply some services, such as actuarial and claims, by the party packaging the pool. But insurers could be replaced over time by other entities, given advancements in automation, coupled with artificial intelligence.
See also: Insurers Grappling With New Risks
Before a wholesale movement of business occurs, primary insurers themselves could package large books of their less volatile business and offer them as alternative capital investments. However, in doing that, they may hasten the scenario where other parties become the packagers, simply by virtue of providing the example.
Market Fragmentation
It is clear now that internet players, which are expert at digitization as well as a variety of other forms of innovation, will be insurers as well as distributors of insurance. What is less clear, but is nevertheless an emerging risk area, is how well they will perform at profitability and how much market share they will absorb. Despite the lack of clarity at this point, the risk boils down to increased fragmentation in the marketplace wherein large and small insurers, alike, will have to deal with more competition and a greater division of business among all players.
It is not uncommon for personal insurance buyers to bundle their home, auto and either small business or life insurance with one or two carriers. But with more choices in an already crowded arena and heightened ease of doing business, it is easy to picture the same individual buying his or her 1) auto coverage from a per-mile internet provider because of best rates, 2) homeowners coverage from another internet provider because of its social responsibility stance, 3) small business coverage from a traditional insurer because of its customer service and 4) life insurance from yet another internet provider because it requires less information and hassle.
It is also easy to see that more provider choices for customers will likely lead to less volume for any one insurer. Already there over 5,000 insurers domiciled in the U.S. Although the larger insurers control a disproportionate share, more active insurers may play havoc with that situation while knocking out some smaller insurers altogether.
Bottom-line, fragmentation risk carries burdens for insurers in terms of: 1) how to vary expense with volume, 2) how to keep their brand awareness and image vibrant and 3) how to encourage and manage continuous innovation.
Cyber Aggregation
Cyber has become a growing line of business among many, mainly larger insurers’ portfolios. When insurance pundits are questioned about where growth will come from, cyber is the answer cited most often, usually followed by privatized flood insurance.
See also: How the Nature of Risk Is Changing
Although loss modeling has come a long way for natural catastrophe events, it is still in its infancy when it comes to cyber events. Thus, the progress that insurers have made in managing how much aggregate business they write subject to hurricane or earthquake prone losses is far superior to their ability to manage cyber aggregations.
This risk area is incredibly significant because of factors that this author has written about previously. Cyber events can potentially be either or both simultaneous and ubiquitous, unlike natural catastrophes, which tend not to happen at the same time or simultaneously around the whole world. Consider the magnitude of the losses if the "Not Petya” cyberattack that happened to Merck were to have happened to the entire Fortune 500 or to half of the Fortune 1000 during the same week. The insured loss alone for the Merck attack was estimated by Verisk-PCS as
$275 million. Alternatively, consider the losses if hackers were to strike the electric grid in five major cities at the same time.
Insurers face the risk that they are assuming more risk than they realize or are capable of handling should a massive, coordinated attack occur. Until models are more perfect, insurers should proceed with an abundance of caution.