Collateralized reinsurance has become an essential tool for catastrophe-focused investment managers (insurance-linked securities managers). These private, customizable deals can provide exclusive investment opportunities. But they also require specialized underwriting expertise and a network of relationships not every insurance-linked securities manager possesses. Milliman consultant Aaron Koch provides some perspective in this article.
Credit risk sharing transactions offered by Fannie Mae and Freddie Mac present a new business opportunity for insurance companies seeking to invest capital. Milliman’s Jonathan Glowacki and Michael Jacobson say insurers must first understand the risks associated with these transactions before investing or insuring them. Their Contingencies article “The trillion-dollar marketplace” provides some perspective.
Here’s an excerpt from the article:
Given FHFA’s focus on de-risking the GSEs, mortgage credit risk offerings are likely to continue to become more prevalent in the marketplace as the GSEs seek to meet their annual conservatorship scorecard requirements and reduce capital. According to FHFA’s 2015 conservatorship scorecard, Fannie Mae and Freddie Mac were instructed to collectively transact credit risk transfers on reference pools of mortgages of at least $270 billion for the year. In actuality, the GSEs’ transactions covered reference pools exceeding $400 billion of the nearly $1 trillion of mortgages acquired by the GSEs in 2015. The 2016 scorecard requires the GSEs to transfer the credit risk on at least 90 percent of the unpaid principal balance of targeted groups of newly acquired mortgages, which represents the majority of expected acquisitions. Thus, it can be assumed that there will be a similar level or greater amount of credit risk transferred in 2016, assuming GSE mortgage acquisition levels remain consistent with 2015 acquisitions.
Insurance companies will have the opportunity to participate in this marketplace in 2016 through investment opportunities in the STACR and CAS debt structures as well as by writing credit insurance through anticipated ACIS and CIRT transactions. While the debt offerings require principal outlays equal to 100 percent of the notional amount of the securities, the credit insurance transactions to date have typically only required collateral between 15 and 20 percent of the credit risk assumed. The collateral requirements for the credit insurance transactions vary based on the rating of the insurance entities assuming the risk and the type of participation. For context, the $2.8 billion of credit insurance risk placed through the 10 Freddie Mac ACIS transactions in 2015 required minimum collateral of approximately $440 million (or approximately 16 percent of the risk assumed).
These debt securities and insurance opportunities may offer attractive risk/return profiles to strategic companies in the insurance sector. However, before entering into such agreements, it is important to understand the risk profile of the underlying collateral and the performance volatility inherent in the structure of the transactions. With data being published by the GSEs, it is now easier than ever before to evaluate the risk profiles of these exposures.
An insurance company’s overall culture consists of a set of subcultures. Experts within those subcultures make decisions differently. In his Best’s Review article “Culture Compass,” Milliman’s Neil Cantle explains why insurers need to approach modern business governance with less rigidity. He also describes how understanding culture can help a company empower its experts to make local decisions in harmony with established risk appetite and corporate values. This process produces an overall risk culture essential to the company’s governance framework.
We need to recognize that there is more than one valid perspective to be heard when deciding a course of action. Cultural Theory shows that four such views are always present: pragmatists believe that the world is uncertain and unpredictable; conservators believe the world is high risk; maximizers see the world as low risk and fundamentally self-correcting; and, managers know the world is risky, but believe it can be managed.
In conducting our work we want to ensure that each of these views is considered and debated, the surprising outcome being that the result of such a discussion is not a compromise, suboptimal for all, but rather will be a solution that actually works better for all parties. Creating a culture where this type of debate is acceptable is therefore an important, and often overlooked, part of the governance framework.
It turns out that culture is actually a much more important feature of our business than we might have thought—not just a nice-to-have after all, but actually an integral part of our control framework. When the board sets the risk appetite, it is establishing the tone for how business should be done. It must be clear what the objectives are and how you feel about the uncertainties associated with their delivery. By describing the types of risks that are to be actively sought, in return for a reward, those that are to be accepted and those that are to be avoided, the board is providing a set of guiding principles that staff can use when making its daily decisions about which actions to take next. In any situation, someone can ask: “Is this a risk we should be taking, and how much of it can we take?” Testing the likely consequences of the action against the risk appetite provides a way to move forward. The question also requires them to know what is going on more widely. Assuming the company has a finite appetite for risk, the answer to the “how much” part of the question requires you to know how much appetite has already been used elsewhere. This requires a culture that supports and promotes knowledge-sharing across department boundaries.
This latest edition of Milliman Impact entitled “Bolstering insurers’ cyber defences” explores the efforts of U.S. insurance regulators to address cyber security risks.
Here’s an excerpt:
Unsurprisingly, insurer cyber security has become an important issue for US regulators in recent years.
In the spring of 2015, the New York insurance supervisor wrote to more than 160 insurers encouraging them to view cyber security as an integral aspect of their overall risk management strategy. It also announced enhancements to the IT examination framework to include more detailed questions on an insurer’s cyber security policies, protections, and procedures.
More significantly, the NAIC has engaged in a burst of activity, having taken the significant step of establishing a Cyber Task Force in November 2014.
Creating the task force demonstrates US insurance supervisors’ commitment to addressing cyber security in the insurance sector, according to Christine Fleming, claims management consultant at Milliman in Boston….
The task force’s comprehensive work plan and timetable speaks volumes to the significance and urgency that US insurance supervisors and commissioners now place on cyber security, explains Fleming.
The task force is concerned with both the protection of consumer data held by insurers and improved monitoring of insurers cyber underwriting activities and exposures. During 2015, the NAIC embarked on four major work streams:
• Establishing guiding principles on cyber regulation
• Creating a Consumer Bill of Rights
• Modernising examination protocols to include cyber security
• Including a cyber security statement in insurers annual statement
Exposure to cyber risk concerns many organizations. However, sparse insurance-specific data make it difficult for actuaries to price cyber risk for small- and mid-size organizations. In this article, Elizabeth Bart explains three cases where she used untraditional methodologies to develop cyber insurance services. The excerpt below highlights one of the three situations.
A new cyber writer
A European cyber reinsurer with a focus on small- to mid-sized businesses started offering a cyber insurance product in the United States that is similar to its European one. Its original filing submission to states’ departments of insurance (DOIs) was based on reinsurance pricing which responded to competitive rates in the market. However, the DOIs rejected a majority of the filings because they lacked actuarial support.
For the same reasons cyber insurance buyers have a hard time comparing policies, comparing rate filings among competitors is equally challenging. With each insurer offering different cyber coverages, services, and limits, the severities, frequencies, and underwriting guidelines tend to be very different.
Relying on publicly available, generally accepted, nonspecific cyber frequency and severity information was the most straightforward way to support the premiums. There was not sufficient credible historical loss data available from the insurer, there was nothing comparable from other insurers’ filings, and, as mentioned, there was no aggregate insurance industry data available. With the insurer’s focus on small- to mid-sized businesses, the competitive marketplace was dictating premiums under $10,000 (depending on the size of the insured and the coverage limits). For this pricing, the Ponemon Institute’s often referenced $15 million loss event is not a likely scenario for this group.
By working with a combination of the client’s own reinsurance data and by data mining publicly available cyber data specific to the target insured, we were able to determine applicable frequencies and severities to demonstrate the appropriateness of the originally filed rates and successfully get approval for the premiums in all states.
Cyber risk is destined to become a much bigger part of insurers’ business yet it also comes with challenges. Insurers are grappling with a lack of historical data and the threat of aggregation and systemic risks. At the same time, regulators and ratings agencies are becoming more aware of the potential risks that cyber presents to insurers’ balance sheets and the industry’s reputation. This Milliman Impact article provides more perspective.
Individual sport and entertainment attractions have distinct insurance needs that make traditional actuarial and underwriting approaches insufficient. Insurers needs to customize policies according to the unique risks present at different events.
In the article “Insuring a lazy Saturday afternoon: Insurance for entertainment,” Milliman’s Will Carbone uses a hypothetical family outing to frame the distinct insurance needs associated with a county carnival and a baseball game. Here is an excerpt:
On Long Island, traveling carnivals pop up in parking lots all summer long, attracting kids of all ages and fans of Americana. On this sunny Saturday, I packed up the family and we headed down to the train station, the site of this weekend’s festival. My oldest son let us know definitively that our first stop would be the bouncy houses he loves so dearly. Much to our dismay, this particular carnival had all sorts of rides, games, and food, but did not have a single inflatable attraction. “Where is the bouncy house?!”
“Well, not all carnivals have the same rides,” I tried to explain.
This example highlights the difference between providing coverage for traveling carnivals, theme parks, and other one-off facilities compared with a franchised location. With few exceptions, each of these entertainment spaces was tailored to maximize profit.
For small, mobile operations, this means selecting the rides and games that will make them attractive to the host facility. For the insurer providing cover for the carnival, this means that the pricing needs to be done on a more granular level. Typically, the approach is to price the coverage for each attraction rather than for the collective carnival. A premium is determined for each attraction, and the cost of coverage is based on the sum of the premiums for the attractions at the carnival. This simplifies the underwriting efforts as a unique quote is only needed once for each attraction and does not need to be tailored to each insured.
Pricing individual rides becomes difficult when the ride itself is a unique risk. Larger scale operations seek to provide the big thrill that will draw in crowds. Those big thrills are coming not from tried-and-true roller coasters but from the cutting-edge rides that are considered a “one-of-a-kind” experience. By definition, these rides don’t have a credible history on which underwriters can gather data and price the risk, increasing the challenge of pricing these facilities.
The Spring 2016 edition of Milliman’s Issues in Brief features articles about the dynamic reporting of management information (MI), valuing lifetime mortgages, the Own Risk and Solvency Assessment (ORSA) process, and embedded value reporting.
Latent occupational diseases began to emerge in the 1970s as complex risks that could result in future, unknown costs. While asbestos comes to most people’s minds, asbestos claims have generally been handled in tort outside the workers’ compensation systems. Compensation for exposure to coal dust (black lung) generally predated asbestosis and has been handled under workers’ compensation since 1973, under both state workers’ compensation systems and the Federal Coal Mine Health and Safety Act of 1969. So what other latent occupational diseases are potentially of interest to workers’ compensation insurers?
Agent Orange coverage and benefits are still being shaped and molded today. Claims started coming to the Department of Veterans Affairs shortly after the Vietnam War, but were mostly denied until the 1990s when a list of presumptive diseases was created, making it easier for veterans to receive benefits. Similar to black lung, the rules guiding who receives benefits have been changing over time. Under the Agent Orange Act, the Department of Veterans Affairs has expanded the list of “presumptive” conditions. However, the area where less progress has been made is deciding who is covered. Just last year coverage was expanded from “boots on the ground” soldiers to include Air Force personnel who served on the aircraft used to spray Agent Orange. “Blue Water” veterans of the Navy are still fighting to get coverage today.
The effects of black lung and Agent Orange exposure have a potentially obvious link back to their source; however, other occupational hazards are harder to track. The link between coffee roasting and lung cancer is being investigated, with diacetyl exposure being the possible connection. A lack of accurate occupational information in the workplace-illness records or death certificates makes the connection harder to identify. The debate is likely to rage on, even as the number of small, artisanal coffee shops—not to mention the number of potentially exposed employees—continues to grow.
Every beer drinker in America knows about the recent growth in the craft brewery business. Like a genie popping out of a bottle, a new tap seems to show up in your local watering hole every week. Similar to coffee roasting, the milling part of the beer brewing process releases dust into the air. This dust poses two problems; it’s potentially combustible and it can be irritating to the respiratory system. Air handling at breweries is very important and proper dust management guidelines are in place, but it is not clear how effectively these guidelines are followed or the number of people working in the industry. The exposure may continue to grow and, as with coffee roasters, should be tracked.
Readying itself for the potential cascade of occupational hazard claims on the horizon is in the best interest of the insurance industry. One way to do this is to push for improvement in occupational definitions, especially in medical records accompanying workers’ compensation claims. Developing a sterling database to help identify the connections between occupational exposure and conditions would also be helpful. In the end, no insurer wants to see their centennial celebration at the local Knights of Columbus ruined by a magnum cluster of latent injury claims.
The European Supervisory Authorities have published the regulatory technical standards on Packaged Retail and Insurance-based Investment Products (PRIIPs). Milliman is working with clients to ensure a smooth implementation project to successfully achieve compliance as required by the end of 2016. Karl Murray provides perspective in this article.