Interplay between Insurance and Risk Management - Essay Example

?Introduction Risk management and insurance are interrelated. A firm must practice good risk management, but also should have insurance, because theyknow that not all risks can be avoided. With banks, the marketplace is imperfect, therefore insurance would add value to their firm, yet they also need to be careful not to take unnecessary risks. This is the same for other industries that use insurance. They have the moral duty to do this, to minimize their losses and their insurance company's losses. That said, insurance companies have ways to try to incentivize firms to have better risk management practices. They may audit firms to make sure that their risk management practices are adequate to guard against risk. This paper will examine risk management, in general, along with examining risk management in the case of banks, cyber firms, and farming. Risk Management Risks must be identified, and this is the first part of the risk management process, according to Carter et al. (1994). The identification process of risks may be approached by a combination of methods, including intuitive management; using department experts; using standard questionnaires and checklists; using expert computer-based systems; using structured interviews; through brainstorming sessions; or using outside specialists/consultants. The second process is risk quantification, and this means that the impact and probability of a each risk is estimated for each risk. After that, the estimate is quantified by using a spreadsheet which estimates timescales and costs. The next process is risk prioritising and filtering,which means that the important risks are recognized and controlled, and risks are prioritized according to whether they care a Category 1 risk (cost effect only); Category 2 risk (contingency plans and costs affected); or Category 3 risk (programme contingency and cost affected). The Category three risks are the higher priority, and the risks are prioritized from there. The fourth part of risk management is the processing and presentation of risk data, and this means the risk data is put through the spreadsheet with different variables. After the risks are identified, quantified, prioritized, and presented, the next four steps identified by Carter et al. (1994) are focused upon mitigating and managing these risks. Mitigating strategies include avoiding the risk altogether by removing the cause of the risk; transferring the risk, which means that the risk is passed to somebody capable of handling that particular risk; reduction of the risk, which would consist of investing in insurance or some other up-front investment; management of the risk, which means that the risk is managed continuously until it is managed out; and contingency, in which funds are produced for the risks which are of low likelihood and impact, or have not been revealed. The next step after that is risk monitoring, reporting and control, which necessitates the use of a risk register, which is carried out by the risk manager. A risk audit is the step after his, which ensures that proper procedures are being followed to manage the risk. The final step is the project completion, which means that the risk manager assesses the project after completion, and assesses the adequacy of the risk management. Interplay Between Insurance and Risk Management According to MacMinn (1987), there is an interplay between insurance and risk management. Specifically, corporations purchase insurance as one way to control their risk (Arrow, 1964). While there is the theory that purchasing insurance is sometimes inefficient for a firm, because the cost of the insurance often exceeds the expected loss, so many firms who are risk averse would not want to purchase insurance because they are interested in maximizing profits, insurance still plays a large role in risk management (Godfrey et. al, 2009). This is because, according to Godfrey et al.(2009), the markets do not always behave rationally. When a corporation does not purchase insurance, that corporation is assuming that the markets will behave rationally, therefore there is not a need for a backup plan. The assumption is that, if the investors maintain a diversified portfolio, there is not a need for insurance (Godfrey et al., 2008). However, Godfrey et al. (2009) explains that there is still a reason for insurance, because it provides more value to shareholders than not having it. For instance, the insurance provides a cushion for investors who might be affected by severe financial distress in the markets, such as what occurred in the bank meltdowns of 2008. In that case, the investors were unable to diversify away the risk, so to speak, which means that insurance could have reduced their exposure. This would have meant that insurance would have been an added value to the shareholders (Dodd, 1932). That said, there is another way that the insurance companies are interdependent with the risk management practices of individual corporations, according to Eling and Schmeiser (2010). This is that firms are increasingly not practicing good risk management, and, because of this, insurance companies have taken the hit (Diamond & Rajan, 2009). They used the example of the credit crisis, which was brought on by banks not practicing enough risk management, so that they were making risky moves that virtually imploded them (Baranoff & Sager, 2009). In the credit crisis, the insurance companies suffered substantial losses, both in their assets and their liabilities (AM Best Company, 2009). Because bad risk management can have an adverse affect upon insurance companies, Eling and Schmeiser (2010) state that companies need to pay more attention to their risk-management practices. They state that third parties, such as insurance companies, often pay for the costs of identifying, valuing and measuring risk. Rating agencies may rate firms for their degree of risk management, but insurance companies need to also do due diligence to go beyond the ratings, as ratings are not always accurate, as shown by the credit meltdown. Companies need to have a risk management in place that is independent, proactive, and has sufficient authority and power within the organization. Moreover, there is a pitfall in model risk, according to Eling and Schmeiser (2010). One of the pitfall is that the risk distribution could have been wrongly specified, if there is not a sufficient number of historical observations which are available to the firm. Moreover, even if a risk model is sound, if the people who are the decision-makers in the firm, in that they are the ones who are at the best vantage point to manage the risks, do not understand the model and the risks, then this model will fail. Therefore, the risk management procedures must be easy to understand, according to Eling and Schmeiser (2010). The gist of the Eling and Schmeiser (2010) article is that the insurance companies are not in the best position to manage risk. The firms are. The insurance companies are the third parties in this situation, and they are the ones who bear the brunt of a company that has poor risk management practices. Therefore, it should be up to the firm to install the best risk management practices, which would naturally limit the liabilities of the insurance companies. Firms should not rationalize that they can take as many risks as they want, as long as they are backed up by insurance, because this would, eventually, make the insurance companies insolvent. The impact of firms' poor risk management practices upon insurance companies can be seen, rather dramatically, in the behavior of AIG, which is an insurer for banks. While not technically an insurance company, AIG backed the financial industry during the credit crisis. According to Morgenson (2008), they insured debt holders against default, so they operated as insurance for the banks. They, themselves, became virtually insolvent, requiring a bailout to maintain their status. They engaged in a series of bad risks, including amassing a portfolio of credit default swaps, that made it choke on paper losses. It lost, by September 30, 2007, $352 million, which set off a downward spiral between its clients, its trading partners and other companies. Farming Insurance and Risk Management While there is certainly a danger that a firms' poor risk management practices will adversely affect insurance, in that firms may be unethical with how they deal, which means that insurance companies take the fall, there is also a good relationship between risk management and insurance practices. This can be seen in the farming industry, which uses insurance as a way to guard against market forces and other environmental forces over which the farmers have little control. As Meuwissen et al. (2011) note, income stabilization is one way that insurance may act against loss. Specifically, they note that the 2013 CAP reforms instituted in the industry there act as an insurance scheme in which farmers are compensated if their income drops below a stated level (Cafiero et al., 2005). This is especially crucial for farming interests, because farming income tends to be very volatile (European Commission, 2001). The reason for the volatility is that there are many outside factors which affect the production and prices for the commodities (Meuwissen et al., 2008). As Meuwissen et al. (2011) note, the volatility of the farm markets come from the fact that there are many forces, market and governmental, that affect the prices that farmers might receive for their goods, as well as affect production of their goods. Therefore, there is substantial inherent risk in farming, risk that may be alleviated through insurance. While there are a variety of mechanisms by which a government may alleviate the risks inherent in farming – among them price controls, direct payments to farmers, intervention storage of pig meat and dairy, price liberalization, and greater exposure to competitive market forces – there is still a need for insurance. This is the best way, according to Meuwissen et al. (2011) for farmers to cope with the instability. Meuwissen et al. (2011) goes on to state that the European Union has been looking into the potential role of agricultural insurance programs, and how they might stabilize the agricultural incomes. In the context of farming, Meuwissen et al. (2011) states that the whole farm income can be insured, but not non-farm income, fixed costs and other aspects that are independent of the current performance of the farm business, such as depreciation. Alternatively, gross revenue may be insured, or price may be insured. With gross revenue insurance, there is a better coverage of risk than with the whole farm incomes, as gross revenue is better correlated with farm income than commodity prices and yield. This means that insuring the gross revenue is more satisfactory to the farmers who seek to minimize their risks. The gross revenue schemes are set up as a portfolio or as a commodity. Farmers may choose to insurance commodities at different levels, according to how specialized the farm is and how much off-farm income is important to that particular farmer. With price insurance, the price risks are insurance against the volatility of futures and options markets. The insurance that includes prices work by establishing yearly prices and futures market prices. Kumar et al. (2011) also recognize the value of insurance in the agricultural industry. They state that crop insurance is a basic way for farmers to overcome instability in the marketplace. This, in turn, promotes technology and encourages investment, which, in turn, increases the credit flow to the farmers (Dandekar, 1976). This is because, if the farmer has more stability in his or her income, then there is more stability for the investor, as well (Magurran, 1988). If there is more stability for the investor, then there is more possibility for growth through investments made. This would enable the farmer to further enhance his or her technological expertise and technology innovations on the farm, because the farmer has more money to invest. Also, the credit flow increases because the farmer is literally a better credit risk because the investment flows to his or her income insures that they have enough money to pay their creditors when the creditors come calling. In Kumar's (2011) study, the farmers in Tamil Nadu were studied, with regards to the insurance that they purchased. In this India province, the farmers have the option of purchasing crop insurance, that covers certain crops. Farmers are more likely to insure their paddy crops, as these crops are the most vulnerable to floods. They found that the majority of farmers there were not opposed to purchasing insurance, with some 55% stating that they would purchase crop insurance, and 38% stating that they preferred to manage their own risks through crop diversification. They also found that there were factors influencing whether or not a certain farmer would be likely to purchase insurance for his or her crops. Among these factors are the easy availability of credit – if credit is easily available, then the farmers would be more likely to purchase insurance. The farmers in this province experienced a good deal of risk – they alternately experienced drought that killed their crops, or flooding, which means that the farmers in this study need insurance for their crops. However, many farmers do not purchase the insurance, because the government's method of calculating loss is not acceptable to the farmers. The government does not consider individual losses, but, rather, losses as a whole, and this is a weakness in this particular crop insurance scheme. The farmers would prefer for other factors to go into the government calculation, including “gross crop area, income other than agricultural sources, presence of risk in the farming, number of workers in the farm family, satisfaction with the premium rate and affordability of the insurance premium” (p. 45). Velandia et al. (2009) state that farmers have a variety of risk management tools, and crop insurance is one of them. Other risk management schemes for farmers include forward contracting, and spreading sales (Coble et al., 2000). A forward contract is a contract between two parties in which the parties agree to buy a certain commodity at a certain price at a certain time in the future (Davis, 2005). Spreading sales is when a farmer makes several sales of commodities throughout the entire year (Patrick). What Velandia et al. (2009) found was that the farmers in this study were willing to try a variety of approaches to risk management, and that they also, often, adopted all three types of risk management. That is because, when a farmer decides to adopt one type of risk management, he or she is often compelled to invest in other types of risk management as well. These farmers understand that diversifying their risk management, so to speak, is helpful in the long run, because the different types of risk management practices interact with one another to increase returns. Insurance and Cyber-Risk Management Farming is not the only industry that uses insurance for risk management. Another example, and the examples would be numerous, would be the cyber-risk management industry. As noted by Gordon et al.(2003), there are increasingly risks inherent in cyber technology. Included in this would be that organizations are vulnerable to identity theft, vandalism and denial of service attacks. Gordon et al. (2003) states that the managers are increasingly looking to stem economic loss caused by these attacks by developing cyber risk insurance policies that secure losses from information security breaches. Moreover, the challenges to insurance firms with regards to cyber risk are unique in many ways. For instance, the perpetrator that causes loss to a cyber firm may be thousands of miles away from the business location when the crime is committed. Security breaches may go undetected, because the commodity that is controlled by the Internet is information. Because of the unique nature of cyberrisks, Gordon et al. (2003) state that traditional insurance policies may not comprehensively address the issues that are posed by cyber-related attacks. Therefore, traditional insurance products, which do not adequately address problems that are inherent in cyber attacks, have been modified to address pricing, adverse selection and moral hazard (Gold et al., 2001). To show how the insurance products are different, with regards to cyber risk, Gordon et al. (2001) states that the insurance products have been modified to not necessarily rely upon actuarial tables, which is what traditional insurance products rely upon (Madden, 2000). This is because insurance companies have to quantify an unquantifiable risk, which is not based upon years of information, and is based upon limited facts that come from firms that have suffered from cyber-breaches. Because of the novelty of the cyber risk management process, the insurance companies are unsure whether or not they are charging the right price for their services. Adverse selection is another way that the insurance company in the cyber situation interacts with the risk management process of the firm. Adverse selection, according to Gordon et al. (2001), refers to the fact that the firm that is insured will often have information that the insurance company does not have. In the context of buying health insurance, a person who is feeling unwell would be more likely to buy health insurance than somebody who is feeling healthy. Insurance companies may guard against this risk by making sure that there are waiting periods in between purchasing the insurance and having the insurance take effect, by requiring a health examination before issuing the policy, and by discriminating against people who have unhealthy lifestyles. In the context of cyber policies, the way that the insurance companies may guard against the process of adverse selection, which means that the company is feeling vulnerable to attacks, the insurance companies may require an informational audit from the firm. Also, insurance companies may also require that the firms who are deemed to be higher-risk pay a higher premium than firms who are deemed to be less of a risk. In this way, the risk management of a company interacts with the insurance company with regards to rates. If the company practices good risk management with regards to their cyber security, in that they are proactive with their security, which makes it less likely that they will have a breach, then the insurance rates for them will be less than a firm that does not have these risk management processes in place. Moral hazard is another component in insurance practices that interrelate with cyber risk management, according to Gordon et al. (2001). What this means is that, essentially, the risk management processes of the firm may become lax after they purchase the insurance, knowing that the insurance is there to bail them out, so to speak, if there is a cyber attack. This is seen in other firms as well – Gordon et al. (2001) notes that this often occurs in firms that have fire insurance. After they purchase the fire insurance, they become less likely to be diligent about fire safety. That said, there are ways that firms may also guard against moral hazard, and one of the ways that they do this is through requiring deductibles. If there is a deductible in place, then the firm may be more diligent about a loss occurring, because that would necessarily mean that there would be money coming directly out of their poc(ket. Another way that Gordon et al. (2001) suggests that insurance firms may guard against moral hazard would be to offer premium reductions if firms maintain certain policies that guard against loss. In the context of a homeowner, the homeowner may realize a lower premium if the homeowner has installed smoke detectors. In the context of cyber firms, they may see a lower premium if they have instituted certain safety measures. Therefore, this is an other way that risk management interacts with insurance – if a firm practices good risk management practices, as shown by an external audit or some other way that insurance companies may use to determine if a firm has good risk management practices, then that firm may save money on premiums and see lower deductibles. Conclusion Risk management and insurance go hand in hand. Insurance companies are a part of risk management, because they add value to the firm. This is because there often is a realization by the firm that they cannot control every vagaries of the marketplace or environment. Banks may purchase insurance to support their funds, with the knowledge that the market place is not always rational, therefore insurance may act as a way for the firms to shore up their finances in the case of an adverse event, such as happened in 2008. Of course, this only works if the insurance company is not engaging in risky behavior of their own, such as is the case of AIG. Farmers may also benefit from insurance, because they have many different variables which determine who much they can make in a given year, and these variables are often out of their control – an example of this would be the vagaries of the weather. Firms who deal with cyber issues may also use it, in the event that they are attacked. That said, risk management cannot be totally exported to the insurance company. The company must bear responsibility for their own risk management practices, and not be negligent because they know that their negligence will be minimized through the insurance company. This is where risk management, in the larger sense, becomes important, even if the company does have insurance. There are examples of adverse selection and moral hazard which might cause firms to need insurance, when they are not practicing good risk management in the first place. A company may not buy insurance until they really need it, just as a healthy person may not buy health insurance until he or she is sick. This is where poor risk management affects the insurance company, who insures the firm that is already in need of the product because the firm is already “sick,” so to speak. Insurance companies may guard against this by doing an audit of the company's practices before they decide to insure the company, which gives the insurance firm a good idea of how the potential insured firm runs their risk management practices. The insurance firm may then decide either to not insure the potential insured firm, or may alternatively decide to impose different measures for firms that have poor risk management practices at the time that they decide to purchase the insurance. Another problem is moral hazard, and this has to do with the behavior of the insured after the insurance is purchased. Just as a homeowner may decide to become lax with his or her fire safety after he or she purchases insurance, a firm may decide to become lax with its risk management practices after it purchases insurance. The thought is that the insurance will cover any loss, so why spend money for measures that guard against the loss? This would, essentially, mean that the firm would be paying twice – once for the increased risk management procedures, and once for the insurance. The thought would be that the risk management procedures might negate the need to have insurance at all, therefore, since the insurance is in place, there would not be a need for the increased cost of risk management. The insurance company has to guard against this as well, which is why they issue high deductibles and discounts for firms that practice good risk management. The bottom line is that insurance is related to risk management. If a firm has good risk management, there is less reason for insurance, but a firm should still have insurance because of the general unpredictability of events. They should, optimally, guard against any foreseeable risks with the utmost of caution, yet understand that not every risk can be avoided, and have insurance for this. This is especially true for farmers, who may not be able to guard against enough risks, so that they need insurance to compensate them for the vagaries of the weather and the marketplace. Firms have a duty to minimize their risk, because, if they do not, then the insurance companies themselves are at risk. And this is where the interrelatedness between insurance and risk management may be most acutely felt. Sources Used AM Best Company (2009) AM Best Special Report: Economic Slump, Financial Crisis Hit Europe's Insurance Industry. New York: Houghton Mifflin. Baranoff, EG and Sager, TW (2009) The impact of mortgage-backed securities on capital requirements of life insurers and the financial crisis of 2007-2008. The Geneva Papers, 34, pp. 100-118. Cafiero, C., Capitanio, F., Cioffi, A. & Coppola (2005) Risks and crisis management in agriculture. European Parliament document, IP/B/AGRI/ST/2005-30 Carter, B., Hancock, T. & Morin, J. & Robins, N. (1994) Introducing RISKMAN: The European Project Risk Management Methodology, pp. 114-118. London: Blackwell Publishing. Davis, T., Patrick, G., Coble, K., Knight, T. & Baquet, A. (2005) Forward pricing behavior of corn and soybean production. Journal of Agricultural and Applied Economics 37, pp. 145- 160. Diamond, D. & Rajan, R. (2009) The credit crisis: Conjectures about causes and remedies. American Economic Review: Papers & Proceedings, 99(2), pp. 606-610. Dodd, E. (1932) For whom are corporate managers trustees. Harvard Law Review, 45(7), pp. 1145-1163. Eling, M. & Schmeiser, H. (2010) Insurance and the credit crisis: Impact and ten consequences for risk management and supervision. The Geneva Papers, 35(9), pp. 9-34. European Commission (2001) Risk management tools for EU agriculture, with a special focus on insurance. Working Document, Agriculture Directorate-General. Godfrey, P., Hatch, N. & Hansen, J. (2008) Toward a general theory of CSRs: The roles of beneficence, profitability, insurance and industry heterogeneity. Business and Society, 24 April. Godfrey, P., Merrill, C. & Hansen, J. (2009) The relationship between corporate social responsibility and shareholder value: An empirical test of the risk management hypothesis. Strategic Management Journal, 30, pp. 425-445 Gold, J. and Anderson, K. (2001) E-business insurance: Insurance coverage for e-business claims. www.andersonkill.com. Gordon, L., Loeb, M. & Sohail, T. (2001) A framework for using insurance for cyber-risk management. Communications of the ACM, 46(3), p. 81-85. Kleindorfer, P. (2010) Interdependency of science and risk finance in catastrophe insurance and climate change. Available at: http://opim.wharton.upenn.edu/risk/ Kumar, S., Barah, B., Ranganthan, C., Venkatram, R., Gurunthan, S. & Thirumoorthy, S. (2011) An analysis of farmers' perception and awareness towards crop insurance as a tool for risk management in Tamil Nadu. Agricultural Economics Research Review, 24, pp. 37-46. MacMinn, R. (1987) Insurance and corporate risk management. The Journal of Risk and Insurance, 54(4), pp. 658-677. Madden, J. (2000) HP to offer e-business insurance policies. PC Week, pp. 15-20. Morgensen, G. (2008) Behind insurer's crisis, blind eye to a web of risk. The New York Times, 28, Sept. Available at: http://www.latrobefinancialmanagement.com/Research/Accounting/Behind %20Insurer's%20Crisis%20Blind%20Eye%20to%20a%20Web%20of%20Risk.pdf Tufano, P. (1996) Who manages risk? An empirical examination of risk management practices in the gold mining industry. The Journal of Finance 51(4), pp. 1097-1137. Velandia, M., Rejesus, R., Knight, T. & Sherrick, B. (2009) Factors affecting farmers' utlization of agricultural risk management tools: The case of crop insurance, forward contracting, and spreading sales. Journal of Agricultural and Applied Economics, 41(1), pp. 107-123. Read More