Allianz-InsuranceAsia News Emerging Risks Roundtable

September 8 2016 by

Last month, InsuranceAsia News and Allianz Global Corporate & Specialty hosted a roundtable at Hong Kong’s China Club for risk managers to discuss their views on the latest emerging risks.

For more information about emerging risks, see Allianz’s Risk Barometer 2016, which identifies the top corporate perils for 2016 and beyond, based on the responses of more than 800 risk experts from 40-plus countries around the globe.

The top emerging risks for the long term, as cited by the respondents to the survey, are cyber, business interruption (including supply chain disruption) and terrorism. However, businesses in different sectors and industries, as well as different parts of the world, face varied threats, so we asked the roundtable participants to share their views on the risks that keep them awake at night.

Roundtable participants:
Chin Feng

Chief executive officer Hong Kong

Allianz Global Corporate & Specialty

 Nick Ferguson

Editor

InsuranceAsia News
Luis Chein

Director

WH Group

 Ken Chiu

Head of corporate security

Dupont
Josephine Lee

Manager, insurance

West Kowloon Cultural District Authority

 Julian Lo

Insurance manager

MTR
Jeff Lui

Director of insurance, Asia

Veolia

 Jason Milton

Chief executive officer

BMW Financial Services Hong Kong
Mark Mitchell

Regional chief executive officer Asia

Allianz Global Corporate & Specialty

 David Parker

Executive director

Chinachem
Joanne Tse

Head of risk management

BMT Asia Pacific

 Terry Yeung

Deputy director, insurance and claims

CLP Power
Boscal Yuen

Business risk and compliance manager

AsiaWorld-Expo

InsuranceAsia News: Allianz’s Risk Barometer identifies a wide range of emerging risks that occupy businesses around the world today. What are the principal emerging risks that you worry about in your businesses?

Josephine Lee: Apart from property damage and business interruption (BI), terrorism is starting to come on the radar, given the fact that attacks are growing in most parts of Europe. I don’t think Asia is immune from this.

Jason Milton: From a financial services perspective, data privacy — being able to respect client privacy, how we cross-sell, up-sell products, who owns the customer, access to our data, who we share with — I think risks arising from that are significant and whether or not we’re equipped at the moment to handle those I’m not quite sure.

Boscal Yuen: The top risk is reputation risk because if not handled well it can have a very negative effect.

Luis Chein: For us, because we are in the food business and we have a global operation, our number one risk is food safety, so that’s a priority for our entire group, and for this year commodity risk is also one that we’re monitoring very closely because of the hog price.

Ken Chiu: DuPont has a lot of inventions, patents and so on, and the security of this knowledge is crucial. So there are at least two concerns on the cyber front: one is our operation, which requires good security awareness about cyber risk from our employees, and the second is a good defence system against external threats.

Jeff Lui: Veolia helps cities and industries to manage, optimize and make the most of their resources. The company provides an array of solutions related to water, energy and materials – with a focus on waste recovery – to promote the transition toward a circular economy. Our main risk is to make sure that everything is structured and arranged properly. There can be a lot of risk involved in contractual issues between us and our contractors, as everyone has their own sets of documents that they try to impose on the other party. If we’re not careful we can end up with a big mess of contracts. In addition, there’s BI, operation risk, because we do operate with a lot of hazardous waste, flammable liquids and so on. Also terrorism, because we do run some key infrastructure.

David Parker: As a property developer we have hotels and are also big investors, so the core issues for us are property-related and construction-related. We have a US$30 billion programme of projects underway at the moment, so that creates a substantial level of risk for us. I agree that there are risks around extraneous events like terrorism and so on, but there are also growing risks in areas such as D&O where we’ve seen some claims from areas we never dreamt of, as well as third-party liability, particularly with the hotels. People are more and more aware, including mainland tourists, of the potential for claims in that area, whether legitimate or otherwise.

Julian Lo: For MTR there are two main areas: on the operational side, there is cyber risk, safety risk, which is one of our prime concerns, pandemics, loss of patronage and so on; while on the construction side, we are building new railways and, of course, given the press interest around the express rail link, for example, there are issues of reputational risk, as well as the programme risk.

Terry Yeung: In the electricity business regulatory risk is our primary concern because we have long-term commitments in all these projects. Apart from Hong Kong, we also operate in Asia Pacific, notably mainland China, Australia and India, and any regulatory changes in any of these markets will affect our business in the long run. Also, as we have vertically integrated business in Hong Kong and retailing business in Australia, with a total of 5 million customers, reputational risk is also a very important aspect for us as well.

Joanne Tse: BMT is a risk consultant. When you mention the top risks, every company has a different nature of business, but in general cyber security is the risk we should pay most attention to. It’s one of the key concerns.

IAN: So if we look at cyber specifically, how are you actually managing this risk? How do you quantify the exposures?

Yuen: How to quantify the risk is based on the financial impact, so the common question is: ‘What is the worst case?’ For some threats such as ransomware, it can be very serious — it will lock your system, you can’t open any email or even access any server, and I hear that such cases are happening regularly.

Parker: For us it’s in the hotels mainly. IT is not mission critical to our property development — it’s important, we use it all the time, but we’ve got up to 4,000 people staying with us on any given day, so the cyber aspects of things like credit card swiping and so on, those are major issues. People have been trying to sell us cyber insurance, but I’m more concerned that we mitigate or eliminate the risk.

Yeung: Exactly, insurance is the residual risk that you want to transfer to the insurance market, but for cyber the setting of policy limits can be a challenge because what sort of limit should apply?

Mark Mitchell: Cyber is quite an interesting topic from our perspective because it’s a product that we’ve been trying to sell more of in the region and now we’re at the point where I think most people understand the product and understand the necessity of it. However, it is still difficult to quantify what your maximum potential exposure is to cyber, so therefore people are a bit perplexed about how much cover to buy. Corporations tend to be concerned about catastrophic cyber events rather than relatively small events, because as you rightly point out most clients appear to be spending their budget on security rather than their residual risk, but the market now has in excess of US$1.5 billion of capacity so most corporations could purchase coverage if they had the budget.

IAN: Julian, we saw recently a major outage at Delta in the US that took down its entire booking system. How does MTR address this type of threat?

Lo: We are proactive, we have backups to make sure our systems keep running. For example, our operations control centre located in Tsing Yi is the mastermind. If that system goes down we have a separate backup in another location that can come online very quickly in any situation.

IAN: Another part of cyber is obviously reputation. How is the industry’s approach evolving on that front?

Mitchell: There’s cover available but it’s on a cost-incurred basis rather than providing balance-sheet protection or providing insurance against volatility in share price. In the event there is a crisis that might impact the reputation of an organisation, we provide the costs associated with employing a PR company, crisis management firms and the like. What’s not yet available is insurance against the damage to the reputation of your brand, and I guess the natural evolution of that product would be to move in that direction eventually.

Lee: Given that cyber is a relatively new problem in the market and we don’t yet understand the loss trend, I think from a client point of view we need to better understand how it works when disaster strikes. A tailor-made approach for each organisation might be required.

Mitchell: Our approach typically with cyber is we have off-the-shelf style cyber products that you can buy with relatively limited information that provides a modest amount of limit — there are some customers who are quite sensitive about which information they provide around the security of their data — and then for customers who are more willing to be more open and transparent about the security of their data we have significantly higher limits and broader coverage available.

Yeung: As an insurance client I would prefer the insurer to understand better about the risk exposure before they insure us. It’s not just a matter of paying the premium in exchange for insurance. Insurers could add value to the process, for example, by conducting an IT audit for clients.

Parker: Or sharing with your clients the experience that you’ve had. I agree completely with that.

Mitchell: The lessons from losses and sharing some of the experiences that we have is certainly very important, but what I hear is that generally the industry is not doing a good enough job around cyber in terms of sharing our experience from other territories where cyber is a more established product, such as the US and Europe.

Yeung: It seems that nobody knows how much a privacy breach costs in Asia. The fine in Hong Kong is quite nominal, probably about HK$50,000, but it’s more about the reputation, the breach costs, third-party liability, the need to recall and so on. Information like this might be helpful to share with the client so we understand what sort of range we’re talking about.

Feng: As Mark said, we don’t have enough data in Asia…

Yeung: That’s an interesting point, because how can you then price your product?

Feng: That’s the challenge. The industry as a whole is trying to figure out the right price for the risk, so we’re learning by gathering data. Something we did just proactively recently was to bring on board IT specialists in our region to go to your offices and see how to mitigate, what are the triggers that may incur a loss, so we can have that discussion.

Chiu: A growing concern is the trend of using social media for day-to-day communication, or even promoting business, etc. As for how to protect business information, it is no longer just a technology risk, but more like a human behaviour risk, so we put a lot more energy on creating a culture of cyber security risk awareness among employees at all levels and not just rely everything on IT department.

Feng: It’s interesting that you bring that up, because our policy contains a clause for human error, so if someone left their password and you get hacked through that, then that’s covered, so we do look at the human element as well.

IAN: Another of the top risks identified in the Allianz Risk Barometer is business interruption and supply chains. Luis, we’ve certainly seen issues in this area in the food industry, even recently here in Hong Kong, how do you approach these types of risks?

Chein: It comes back to the safety issues. For us, we go from the hog production all the way to the end product, so we start by making sure we raise the hogs in the right way. We have our own hog farms, especially in the US, so we can pretty much have full control of the safety on the hog production side. On the processing side, we do full controls to make sure from slaughtering to the production of packaged meat we make sure that we have safety controls and that we don’t have any defects on our product. In addition to these very good controls, we also have some insurance cover through the general liabilities if something happens with the product.

Chiu: The problem of continuous pressure on cost-reduction in the production may  have impact on the quality of the supplier. Even if you have a very strong safety and security requirements, it is all about how you manage your vendor, how you manage your supplier. Do you have sustainable operation model to make sure that they are performing what you wish? That could be challenging issue right now, particularly as we see a lot of manufacturing moving to developing countries. The risk can easily come back to you.

Yeung: It can be particularly challenging because it’s not only your tier-one contractors that you need to manage, but also sub-contractors making components from everywhere in the world, which explains why there was substantial CBI [contingent business interruption] losses after the Japan earthquake in 2011 and then the massive flood in Thailand.

Chiu: As for counterfeiting, if you do nothing about anti-counterfeiting then you’re not taking reasonable step to mitigate the risk to protect your brand and reputation, so you have to have some programme to go against the counterfeiting in the countries where your goods are sold.

IAN: Josephine, you had mentioned terrorism as a major concern for the West Kowloon Cultural District. Have you taken any steps to mitigate that risk?

Lee: Frankly, we don’t have any mitigation strategy in place at this point in time, but with the growth of West Kowloon Cultural District’s reputation in the global scene I think we should start to think about the exposure around this area. We’re going to have the Chinese opera theatre built in a couple of years’ time, we will have one of the biggest museums in Asia open in 2019 and other venues available on the waterfront.

Mitchell: Terrorists seem to love targeting iconic structures.

Yuen: It’s a similar concern at AsiaWorld Expo. We have a lot of concert events throughout the year. With the incident in Paris, it raises concerns of terrorism.

Mitchell: There was a study released recently on terrorism in Asia, talking about the traditional hotbeds for terrorism in the region, places such as Thailand, Indonesia but the two countries they identified as being at the forefront of emerging terrorism risk were Singapore and Hong Kong.

IAN: As we have an underwriter represented here at the table, are there any issues specifically related to buying cover for some of these emerging types of risks that anyone would like to bring up?

Parker: A good thing I’ve seen recently in a couple of areas is a growing willingness on the part of insurers to do bespoke cover. For Hong Kong, it seems that’s a very good trend, but the problem is that when you try to extend something like that into China, where every single policy apparently has to be approved by the CSRC [China Securities Regulatory Commission], it means you can’t get any bespoke cover. So as all of us are spending more time and energy and effort and investment in China that’s going to be an issue.

Mitchell: That’s a good point. In Hong Kong we have freedom of form so we are able to manuscript quite readily, and likewise in Singapore, but you’re right that in China we have to file to use and the process is quite arduous, so it’s definitely problematic to get the extended coverage you might be used to in places like Hong Kong, but there is some flexibility coming in to the Chinese system we’ve noticed. When you have a core product filed then your ability to endorse or to alter that product is now available in China.

Lui: The difficulty I see is with exposures that are more risky than your typical risk, but nevertheless something that you believe should be placed in the insurance market. When you try to find established insurers to take those risks, they’re usually very risk averse and won’t take it. They’re scared. And if you do manage to find an insurer, it’s perhaps someone who is new to the market and may not be very helpful when you have a claim. It’s very hard to place a risk to insurers who you know can give you a certain type of confidence in terms of paying out when you have a claim. This is a trend that’s troubling for me. If every insurer is trying to get business where they don’t have to pay anything out, then why do I have to buy insurance in the first place?

Tse: The first thing is to quantify the risk that you have because when you’re talking about buying insurance — my focus will definitely be on the risk control side, so when we talk about risk within the organisation we ask clients to think whether you can do anything to prevent this.

Lui: I agree. I usually present all the risk-aversion mechanisms that we have in place to the insurers simply to lower our insurance cost, because that’s something we try to use to bargain our premiums with. But sometimes it doesn’t matter what you say, the first answer is “No”. They see a potential risk without really understanding it. If that’s the case, then more and more people will have to go offshore and that’s not good for the Asia market as a whole. It’s a worrying trend.

Yeung: I agree. In fact, the insurers are still more product-oriented than customer-oriented. It seems the insurance industry is still keeping a distance from their clients. If the insurance companies were more proactive in helping clients understand the risk exposure and help in the risk management process it would be a win-win situation instead of treating insurance as a commodity to buy.

Mitchell: I’m certainly not going to be the first to suggest that the industry is doing its absolute best to respond to all the customers’ needs, but I think there is a willingness in the industry to listen more and try and be innovative. Like all of our customers we need to innovate to stay ahead so I think there is more openness to trying to manuscript covers for specific clients or bring new products into the market to deal with some of the emerging risks you’re identifying in surveys such as the Allianz Risk Barometer. Is it perfect? No it’s not, but we’re doing our best to try and be innovative and stay ahead of the curve. We’re hiring for the first time in Asia a regional head of innovation whose role will be to spend all of his or her time only talking to the customers to understand what risks you’re seeing emerging in the marketplace that we potentially can convert into a product or a service. It’s not perfect, it’s a 300-year-old industry and sometimes it takes time for things to change.

Milton: I wonder whether it’s the nature of the structure of the industry. Because the business is intermediated, you don’t necessarily get access to the insurer, there is that broker between you. I think that part of the industry needs to change and that will impact pricing, because for sure as the insurance companies become more sophisticated, become more customer orientated, the role of the intermediary between the risk bearer and the risk manager becomes less and less necessary. That all needs to change for the innovation and the bespoke products to really come through.

Feng: It’s all about the core value proposition, so the more complex the risks are, I think we should all be talking to the customer directly. Our approach is not just a product push, it’s more about hiring the consultants to help you guys mitigate your risks, to dot your Is and cross your Ts before you even buy the insurance. We have to bring some value to the equation.

Lee: Yes, absolutely. The gap between the client and the underwriter should be narrower. The broker can play a vital role in providing the value, but there should be direct communication between all parties in terms of product innovation, market demand and the real needs of the client.

Chein: Our US, Europe and China operations view this quite differently. In the US and European we have a broker engaged, but on the China side they have a totally different view. They don’t see brokers adding any value at all, so they deal directly with the insurance company. What is the best approach?

Mitchell: The Hong Kong and the China markets are at different stages of evolution in terms of being intermediated. Hong Kong is very much an intermediated market, so brokers tend to dominate, whether it’s the local brokers or global brokers they control about 80% of the commercial market space, whereas in China brokers control about 5% of the commercial business and the rest is direct sales forces of the big Chinese insurers, so the brokers haven’t yet persuaded like they have in markets such as Singapore and HK, which I guess is why you see that.

Lui: My experience with our Chinese projects is brokers sometimes really don’t add anything, but there are some newer brokers who are able to help us negotiate better terms and conditions within the policies themselves and who are able to actually help in terms of dealing with claims, but in China in general relationships are key. If you have a very good relationship between the insurers and yourselves they will pay out very quickly, otherwise it’s very hard to get adequate compensation. That’s what we have to deal with in China. Generally, for me, a broker is someone who can introduce me to the different products within the market, who is very knowledgeable about the market themselves. That’s where they’re very useful because I don’t have enough time to go around talking to different insurers, looking at what products are available.

Milton: I’m lucky, I’m not a buyer, because I’m pretty sure the risk management departments in many of your organisations are pretty bare, which then does force you down the intermediated route because you don’t have the time to scan the market and do the job that you’d probably like to do. I wonder whether there’s quality really coming into the industry these days.

Mitchell: There are a few things we’re trying to do differently to try and resolve it. We’re bringing a lot more interns into our business than we have in the past and we’re working with general insurance associations, in Singapore specifically, to bring young people out of the universities into the insurance industry, but the other thing we’ve started to do is job swap some of our people with our clients. It’s an interesting way of sharing information and knowledge and experience.

Milton: It’s important that risk management can compete for the very best talent that we need to bring into the industry. We’re talking about emerging risks and, with respect, I’m not sure how some of us of a certain vintage can possibly understand where these risks are coming from if you haven’t got that young talent in the organisation.

IAN: Are governments and regulators doing enough to help? It seems that Singapore has been proactive, but what about here in Hong Kong?

Parker: The Hong Kong government doesn’t do, unfortunately, the sort of things the Singapore government does, not just in this sector, but in lots of sectors. When I was in the financial services industry many years ago we worked with HKU Space to create a diploma programme because there weren’t any ways for people to get basic skills and understanding. I think that’s an area where insurers, brokers and perhaps us as clients could help, but someone needs to take a lead and that probably needs to be someone from the industry.

Yeung: The emphasis right now in Hong Kong is quite different from some years ago. Now when you look at the premium growth in HK, probably 70% is from life insurance, so that might explain why the emphasis is more on the other side rather than on general insurance.

Feng: I’m listening to all these topics around cyber, terrorism. The issue is going to come down to the legislation. In the US they put it in their annual reports, disclose all security breaches by each listed company, which promotes awareness of directors’ due diligence. Something like that has to happen in Asia.

IAN: Perhaps time will tell, but for now our time has run out. Thank you all for taking part.

Mitchell: Yes, thank you all. Any opportunity to meet with clients is always most welcome. We do want to get closer to clients and we do as an industry want to be more innovative, and the only way we can do that is to know what the emerging risks are that are on your agenda so in that respect this morning was very helpful and thank you very much for the input.

MORE FROM: Analysis
Partner Content
Join the mailing list Designed to help you stay ahead, our daily newsletter provides a round-up of the latest news and insights, delivered straight to your inbox.
Print Edition
Subscribe to receive our quarterly print magazine.