Risk Managers on Climate Change Solutions: Raising the Red Flag

Climate change, pandemics, retirement and the threat of cyber attacks will be among the most-discussed perils around a risk manager’s boardroom table in 2007. Most of these issues probably sound familiar, but each peril demonstrates many more nuanced facets after talking with the presidents of the Canadian chapters of the Risk and Insurance Management Society (RIMS). As more information becomes available about each peril, each one presents new risks.

Discussions around climate change have advanced to the point where organizations are now thinking beyond the possibility of mere property damage. Companies are now realizing the potential impact that climate change will have on commercial risk as well. And while few dispute the negative effects of global warming and carbon dioxide emissions, some risk managers say they still meet with resistance when it comes to pandemic planning. For all intents and purposes, planning for a pandemic touches on similar issues as planning for a large round of employee retirements. Meanwhile, recent cyber attacks against a major Canadian retailer have turned this peril from a risk to a reality.

CLIMATE CHANGE

Climate change appears to have taken centre stage in today’s discussions among risk managers, according to Bruce Tainsh, president of Ontario Risk and Insurance Management Society. “Unlike the other two potential perils, which have had much exposure and discussion at risk management conferences, we are just starting to see serious risk-related discussions on climate change,” Tainsh wrote in an email. “Pandemic had the sole spotlight for awhile, but climate change will give it competition.”

Julie Chapdelaine, president of the Quebec Risk and Insurance Management Association, agrees. She says there is no doubt that climate change has crept onto the conscious of risk managers. “Now it is really about trying to know when and where the next catastrophe and loss will occur,” she says. “And after that, the rest of us will pay for the losses in the United States and Europe. This is one of the biggest problems that we will face in the long term.”

Chris Grelson is all too familiar with the heavy wallop that Mother Nature can deliver. Grelson is the president of British Columbia’s RIMS chapter. Based in Victoria, he works as risk manager for a local government. He says the recent storm activity in B.C. – which has generated more than Cdn$130 million in claims, the Insurance Bureau of Canada estimates – even caught him off guard. “There were a lot of uninsurable losses,” he says. “And so, my employer [a large land owner] and I were sitting here going: ‘Hmmmm, how do we deal with this?'”

Damage assessments are ongoing, he says, but the cost of uninsurable losses in wooded, tourist areas like Stanley Park continue to climb. “The question with respect to climate change is whether or not this was a one-time shot, or are we to expect this in the future?”

If this past fall and early winter are a reliable preview of upcoming seasons, “it is probably reasonable for the risk managers to assume that the underwriters will start building that information into their models and rates will adjust accordingly,” Grelson says.

Abhorrent, freak storms are generally reserved for our neighbours to the south, Tainsh points out. But new evidence suggests B.C. may face another peril in the future. “In Canada, we get cold winters, but the United States generally has a higher experience with natural hazards like hurricanes, wind, earthquake and flood,” says Tainsh. “However, we’re being told that Canada’s earthquake experience in B.C. is a significant risk for anyone that has an operation there. The markets are becoming more and more aware of that as possibly an under-insured exposure.” In fact, in February 2007, a small earthquake with a magnitude of 2.1 was felt in Salt Spring Island, B.C.

Bill Baker, president of the Northern Alberta Risk and Insurance Management Society, echoes Tainsh’s notion that his region is for the most part sheltered from the weather extremes typically reserved for south of the border. But that doesn’t mean Northern Albertans are completely in the clear. “It’s been mentioned, but in Alberta weather extremes are not as large of an issue for risk managers here,” he says. “Overall, we’re not really prone to flood or other natural catastrophes that could be brought on by climate change. It’s something that is being talked about, but not to a great degree.”

Beverley Duthoit, president of the Manitoba RIMS chapter, notes that the prairies do not have the same climate-related risks as coastal areas. Nevertheless, that doesn’t mean the prairies are immune from extreme climate changes happening across the country. “Yes, I absolutely do think that global warming and climate change is going to affect the risk management industry in Canada,” she maintains. “I think it’s a very big issue and I think all businesses have to take a look at their own risk profile as it impacts climate change.”

Some businesses may be affected more than others, Duthoit says. From her perspective, as a risk manager in the telecommunications field, an increase in frequency of ice storms and huge windstorms represents a serious threat. “I think climate change will affect all businesses in some way, even if it’s down to the cost of insurance, because ultimately insurance companies are going to pay,” she says.

Her advise to the insurance industry? Climate change is a risk that needs to be built into ratings models now, so that companies prepare for the risk now and not further down the line, when it is too late to do anything about it. She cited examples of situations to avoid, such as contemplating D&O insurance only after Enron’s financial collapse, or introducing terrorism coverage post-9/11.

“My comment is: ‘Hey, it’s a risk we know about now, so start dealing with it.'” Duthoit says. “It’s not going away. It’s only going to get worse. So the more you can educate yourself now with what you’ll be faced with in five to 10 years, the better prepared you’ll be.”

Tony Lackey, president of the Canadian Capital Region RIMS chapter, believes climate change will affect every area of Canada. The effects range beyond property damage, touching also on the way a city’s industries function. For example, Lackey, who is based in Ottawa, notes that the Rideau Canal – a river that usually ices over and thus provides the stage for the city’s annual winter carnival – remained closed until mid-February. In addition, the ski hills and winter resorts in that part of the country were closed.

“It [climate change] has affected the tourism industry greatly,” Lackey said. “It’s a real concern. Not only does global warming affect our property, but it also affects our industries, as far as what we’ve been used to in the past and how we generate income. It makes it harder and harder to [operate from year-to-year], and how are we going to deal with that in the future? It’s really changing the way we’re going to live our lives in the future. It’s going to affect a wide spectrum of industries.”

Lackey cites a United Nations report by the Inter- governmental Panel on Climate Change, released in February 2007, in which a firm statement was made that scientific proof now exists that our approach to burning carbons is affecting the environment. In a large part, burning carbons is a main contributor to changes in weather patterns, the report says.

“The reality is that our climate is changing and it doesn’t matter which part of the country you live in,” Lackey says. “There are effects to the changes in the weather that we are seeing and how, as risk managers, are we to deal with that to keep it from affecting our organizations in a negative way?”

Some observe that although global warming has definitely come up around the boardroom table more frequently of late, the issue has been on the minds of researchers and governments for quite some time. While the Canadian government grapples with its role in the Kyoto agreement and ponders th
e idea of the implementation of carbon taxes for industries and manufacturers, Gordon Dolney, president of the Saskatchewan RIMS chapter, says that bringing an organization in line with such green initiatives could also pose financial risks that need to be balanced.

The implications of such initiatives will “have a dramatic effect on both how products are manufactured and the use of capital that businesses have,” Dolney says. “Because if we have to change our processes to be more green, then that’s going to be a risk factor that we have to take into account.”

Dolney questions what the long-term implications might be for organizations that have to shift large amounts of capital to meet new environmental regulations. “Are we going to be put in a cost disadvantage over the other countries we have to compete with, like the U.S. and offshore countries?” he asks. “Certainly in the broader sense, those environmental issues are going to affect risk managers.”

PANDEMIC PANDEMONIUM

Risk managers across all industries have had another issue dominate their consciousness lately – the possibility of a pandemic. Baker believes that when it comes to the peril of a pandemic, the size and complexity of organizations is irrelevant: “Pandemic planning is something that all risk managers have to grapple with,” he says.

Based on the conversations he’s had and the anecdotes he’s heard, Baker believes the degree to which boards are addressing the issue varies. Unlike their natural inclination to accept the effects of climate change or other loss events, some organizations are reluctant to acknowledge that the pandemic threat is real, he says. “Some businesses have accepted pandemic as a risk that’s coming and are actively planning for it, and other entities have not,” he says.

Transferring the risk of a pandemic can be tricky. “Can you transfer it contractually?” Baker asks. “Not likely. Can you insure for it? Not really. Once an entity accepts that it is about “when it will come” instead of “if it comes,” how are you going to pay for it? You [as a company] may experience up to 50% [employee] absences, so how do you continue operations, especially in an essential services organization such as health care, municipality or emergency services?”

Baker, the manager of risk management at Telus Corporation in Edmonton, says that in his organization, all risks that could affect the company are identified through a three-level risk assessment process. The risks are then ranked and presented to corporate governors and audit committees before being assigned as performance objectives of individual managers. “So there is a strong correlation between what the risks are, and how we’re addressing them from an enterprise-wide risk model,” he says.

Betty Clarke, president of the Newfoundland and Labrador chapter of RIMS, is the risk manager and business continuity coordinator for the City of Saint John’s. She says the city has a pandemic plan in firm place, but it’s largely dependent upon the provincial government. “We can make sure that we have the facilities available to look after people, but you need the [health care] staff in there.”

To ensure business continuity should a peril – any peril – strike, the city has developed a disaster recovery drill to test its different departments. “Downtime is not acceptable to any of us, so we need to make sure that we have discussed everything and have all of our information gathered and prioritized,” she says. The city is currently in the training and awareness stage, she explains, but by the fall a city-wide mock recovery process will be staged to test the different departments.

“First we have to have a planning meeting with all of the major people in the different departments,” she says. “We’re going to come up with a plan for each department [to deal with hazards] that could be anything from some kind of chemical falling into a swimming pool, to a blizzard or snow storm, or a structural fire that could wipe out the downtown core – even a flash flood or ice storm.”

In the spring, the city will, department by department, probably two or three at a time, warm up by training for the main event in the fall. “All of the audits and metrics will be done on it and we’ll be doing it as a yearly thing,” Clarke says. “So, if we find that there needs to be improvements, we’ll keep going until we get it right.”

A pandemic has the possibility of wiping out nearly half of a workforce like a tidal wave, Grelson notes. Even so, retirement is an issue for organizations that could see the same percentage of the work force edged out in a cumulative fashion. Grelson notes that for his employer, “within two years, 40% of the population of the workforce can retire, so that presents huge retention issues,” he says.

Every employer will have to grapple with an aging population in an era when the industry is already suffering from a shortage of professionals, Duthoit notes.

Grelson has ideas for filling the potential void that a workplace exodus might leave behind. In his view, it’s going to involve some creativity on the part of employers. Raising the retirement age and introducing flexible work schedules are a few options for consideration, he suggests. “What we’re going to see is employers having to be innovative, because if they get into a bidding war and just use money as the main attraction, well that’s not going to work.”

Grelson cautions employers to consider also the effect of the massive loss of corporate memory and knowledge that will leave with the retiring employees. “A lot of places don’t have all their processes and information documented very well,” he notes. He gives the example of a utility for a small, local government that has been using the same man to repair water mains for 20 odd years. “He knows where your shut-off valves are, and all of those wonderful little pieces that go into completing that job. If those aren’t documented and that guy leaves, now we have inefficiencies while the new crew is trying to figure out how it all works.”

Looking at his own employer, Grelson wonders what it will be like when their treasurer, a long time employee, decides to quit. “You can bring her any question and she is able to rattle off answers and history on how we got to a decision based on her personal experience,” he observes. “If she’s gone, that’s gone too.”

VIRTUAL THREATS, HARD REALITY

Just like losing corporate knowledge through a pandemic or retirement is a live issue, so, too, is losing corporate knowledge through the theft of information – usually in the form of a cyber attack. Cyber attacks rank among the top three concerns for risk managers.

Baker, for example, points to the recent hacking into corporate information stored by TJX Cos., the U.S. parent company of Winners and Home Sense. Hackers broke into the firm’s system in mid-December 2006, stealing millions of people’s credit card information. Baker refers to the incident as a wake-up call for both individuals and risk managers.

“I think it’s a watershed, in that people have woken up and said: ‘Yes, this can affect me. I do have a lot of personal information out there.'” The issue, Baker contends, is carrying a much heavier weight now with individuals and Canadian companies.

One consequence of this type of peril, says Grelson, is the impact of cyber attacks on an organization’s reputation. “There is a responsibility for a keeper of personal information to ensure that that doesn’t get out there,” he says. Referring to the TJX Cos case, Grelson notes that on the Winners/Home Sense Web site, an apology letter is posted from Winners and Home Sense president Michael MacMillan in an effort to provide damage control.

However, unlike an organization’s relationship with the threats posed by climate change and pandemics, cyber risks are a peril over which organizations can take control, Tainsh says. “Cyber threats are a concern, but there is a perception that it is more within the control of an entity to reduce risk than the other
two,” he says. “Also, since cyber threats and their impending risks are pretty clearly dealt with in policy language, the other two issues are less clear.”

COVERING ALL BASES

Shareholders and members of the public have had a wake-up call to the threat of hacking and identity theft, thus prompting organizations and their directors to place greater consideration on this peril as a real risk. But there are mixed feelings among risk managers about the necessity to protect directors and officers through D&O insurance.

Baker maintains that all companies will increasingly face liability exposures covered through D&O insurance. “I think in Canada the environment is slowly becoming more litigious and shareholders are becoming more active and vocal,” he says, adding that it’s a natural evolution of the business environment. “It’s a changing business environment, where there is a lot more emphasis on the accuracy and validity of publicly-made statements of directors and officers of entities. I think the public is going to be holding those individuals accountable for their actions and the information that they disclose to the public.”

Tainsh believes the issue primarily affects companies that are largely affected by regulations, such as energy or financial entities. The cost and availability of D&O coverage, he says, is not really an issue for Canadian companies.

“Right now it seems like we are in favourable market conditions,” Tainsh says. “There is increased capacity, there are more people writing it, and there is a decrease in the severity of claims of this nature,” he comments, adding that this is a distinct contrast to four or five years ago. “Canada has had some history, but it’s mostly due to the U.S. experience. But lots of Canadian companies have U.S. operations and you must take that into account.”

Duthoit believes the availability of D&O insurance will always be an issue for Canadian risk managers. In her view, however, the situation in Canada is cooling down. “I think a lot of premiums went up significantly when those claims first came out of the wood-work [in the U.S.], and I think it was typically an overreaction. Canadian buyers suffered because of an overreaction to what was happening in the U.S.,” she argues.

But the reaction is “wearing off” and premiums are beginning to decline, she notes. “Insurers are making good returns on their investments right now or are making money,” she says. “They realize that they did overcharge and that the risk doesn’t justify the premiums that were being charged.”

While the issues that risk managers face are continuously evolving, the consensus among risk managers seems to be that the best way to protect organizations is to keep abreast of research about pandemics, climate change, cyber threats or market trends. At the end of the day, perhaps the most important thing is to keep conversations going — with the boards to whom they answer and with each other.

As Clarke puts it: “We learn from each other, if someone comes to the table with a problem we work through it and we all learn from it.”