Michael Zuckerman, Temple University Fox School of Business
12 November 2019

The future of uncertainty: captives and ERM

​Specialised risk managers and risk owners are there to do the heavy risk management lifting for their companies. Captive insurance is a specialised risk management function, designed to enhance an organisation’s ability to control and fund risk creatively. Captives must, therefore, be integrated into their owners’ overall enterprise risk management (ERM) processes to be effective.

​Companies can no longer afford to think that ERM has nothing to do with risk-financing or insurance for that matter.In The Risk Management Handbook, David Hillson defines risk as “uncertainty that matters”. ERM requires organisations to effectively manage and control uncertainty that matters, such as adverse events that disrupt their business operations and supply chain. An organisation that does not integrate its captive into the overall ERM process, treating it as “insurance not ERM”, is less effective because this specialised risk management asset is not being used to its fullest capability.

The Risk and Insurance Management Society defines ERM as: “a strategic business discipline that supports the achievement of an organisation’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio”.

ERM is strategic because the risk management process addresses the full spectrum of an organisation’s uncertainty that matters, enhancing its ability to create stakeholder value. Traditional risk management does not address the source of risk, it manages insurable risk. ERM focuses on the source of uncertainty that matters to the entirety of the enterprise.

The captive insurance company programme enables the ERM working group to fully address the complexity of uncertainty that matters from a portfolio view, ensuring risk is addressed in a holistic manner, including control, mitigation and financing.

A holistic view
ERM’s theoretical basis is that a company’s exposures often create interrelated risks, requiring risk management to take a holistic view and consider how risks cascade throughout the organisation. Coordinating and building lines of communication between and among all specialised risk management functions, such as IT, compliance and risk-financing, is a real challenge.

Every organisation must test the strategic nature of its ERM programme. Is the ERM executive risk committee, or ERM working group, properly staffed and functioning? Does it receive adequate and timely risk reporting from risk owners throughout the organisation?

If the organisation’s top-down and bottom-up process is working well, does the ERM working group communicate with the captive insurance company board? If not, why not?

The ERM working group is ultimately responsible for oversight of ERM performance. The ERM working group should therefore be sending directives to the captive board to determine the viability of financing risks it believes require prevention and mitigation strategies. If the ERM working group is responsible for controlling and managing all risks across the enterprise, this connection between the ERM process and the captive board is crucial.

The captive board has a responsibility to employ its resources to finance risk management when economically feasible, reducing the member insureds’ cost of risk and driving risk control. The captive’s access to risk data, global reinsurance, and capital markets should result in the efficient deployment of capital. This provides a broader, deeper, and more innovative source of risk capital to address the interdependence and correlation of risks associated with these strategic and operational objectives.

An organisation does not usually have enough financial capacity to fund risk on a portfolio basis without access to global reinsurance and capital markets. The captive provides a direct route to this capacity and possible reinsurance rate arbitrage. Companies can no longer afford to think that ERM has nothing to do with risk-financing—or insurance for that matter.

An examination of the 2019 editions of The World Economic Forum’s Global Risk Report and Aon’s Global Risk Management Survey indicates that disruption of business operations is a major source of uncertainty for most organisations.

These reports are not focused solely on traditional physical damage-driven indirect business interruption, or even contingent business interruption arising from physical damage to a contingent third party. They include the more elusive non-damage business interruption that may arise from climate change disruption to ecosystems and water supplies, cyber attacks, pandemics, mass killings, and climate-driven migration, to name a few. Business disruption risk certainly highlights risk interdependency and goes to prove the theoretical foundation for the ERM process.

Traditional risk management focuses on business interruption as an indirect loss arising from physical damage because it is a hazard risk that is traditionally insurable. The impact of the above referenced broader business disruption risk is the same as traditional business interruption, ie, lost profits, continuing expenses, and extraordinary expenses needed to recover pre-loss business operations with financial and reputational implications if the business continuity plan fails.

The ERM working group, however, is also concerned with the impact of business disruption risk on earnings before interest, taxes, depreciation, and amortisation, which can result in a credit rating review, increase in the cost of capital, create possible liquidity issues, and even result in bankruptcy.

But can we buy insurance for this broader business disruption risk? In addition to traditional business interruption coverage, organisations can buy insurance for contingent business interruption arising from its supply chain, and for business interruption caused by a cyber attack. But how well are these coverages coordinated? How easy is it to adjudicate a business interruption claim? Do organisations have the resources to repair, and recover normal business operations following a business disruption without damaging their financial integrity?

How many captives have developed a “difference in conditions” coverage approach to supplement the organisation’s various insurance coverages for the above-referenced business disruption risks? The more strategic approach would be to address the entirety of the business disruption risk in one portfolio-driven risk-financing programme, as opposed to multiple insurance policies leaving gaps in coverage and providing less control over the management of this insidious risk.

Risk-financing this emerging disruption risk requires financial capacity and robust risk control, which the captive can provide via its access to reinsurance capacity, and its authority to hold the member insureds accountable for effective risk control of the covered risks.

The property and casualty insurance market cycle continues to influence traditional risk management. Anecdotally, this trend is evidenced by recent discussions in the trade press and at captive insurance company conferences. For example, the fact that captive insurance companies are reported to be experiencing a revival in response to recent property and casualty insurance market hardening is troubling.

A captive insurance company is a strategic risk-financing tool that enables, in part, an organisation’s ability to meet its strategic objectives, as well as those operational objectives that are designed to meet its overall strategic objective.

Organisations that want to build out an ERM framework such as the COSO ERM Framework, for example, must design and implement risk management responses based on a portfolio view of risk, or uncertainty that matters. To this end, an organisation’s risk-financing strategy should include a captive insurance company to fund all or a portion of its exposures and risks associated with its strategy and operations, if economically feasible to do so, regardless of insurance market pricing conditions.

The role of the board
A captive insurance programme following best governance practices will have a board that is fully engaged, discussing uncertainty that matters to its member insured in its broadest terms. The communication between the member insureds’ ERM working group with the captive board should fuel the captive insurance company strategic planning process.

Captive boards should be focused on developing solutions for their member insureds to identify, assess, and address industry risk trends that increase organisational value. The ERM-centric captive insurance programme not only increases risk-financing capacity but uses its captive board to discuss the need for more effective risk control programmes to reduce frequency and severity based on its analysis of the risk data.

The captive board has access to claims and risk management data reported by its claims and actuarial science experts that provides for robust claims management and risk control discussion. The captive board can then use its excess policyholder surplus to fund improvements to the parent’s risk management identification and root cause analytic tools and processes that lead to more efficacious risk control programmes by way of issuing grants or dividends.

Furthermore, the captive’s board and its consultants can be more strategic in its design of integrated risk-financing programmes because of its access to the global reinsurance and capital markets.

The world is growing more complex, not less. The ERM working group’s communication with the captive insurance company board must be robust and focused on the portfolio of risks that could cause havoc across the enterprise. This communication will also improve the captive owner’s board’s understanding of its disruptive risks. Moreover, this will improve the board’s risk governance and oversight of disruptive risks. Furthermore, an integrated risk-financing programme for disruptive risks causing business interruption, for example, that employs a captive insurance programme will enhance the captive owner’s ability to improve ERM, creating value for the organisation and its stakeholders.

​​Michael Zuckerman is associate professor of risk, insurance and healthcare management at Temple University Fox School of Business. He can be contacted at:  zuckerm@temple.edu