Valuing Resiliency

Daniel Galvao, Leader,Financial Products Practice, Marsh Canada
Steve Osselton, Canadian Practice Leader, Marsh Risk Consulting

Even before the Mar. 11, 2011 earthquake, tsunami and nuclear crisis in Japan, many organizations were operating with a heightened level of concern about vulnerabilities to suppliers in remote locations.

The Asian financial crisis of 1997 and the global credit crisis of 2008-09 prompted many businesses to secure alternative suppliers to protect against the possibility that key suppliers would go bankrupt or stay “offline” for a prolonged period of time because of suspended financing arrangements. In Canada, where our manufacturing and service platforms are increasingly integrated with emerging markets, many business leaders are growing concerned about their organizations being overexposed to a single vendor or a concentration of vendors in a particular region. This is particularly true for organizations that have been affected by recurring natural disasters or political disruptions.

Although it may be tempting to categorize the events in Japan as highly improbable, they do serve to emphasize that organizations operating in global economies are exposed to increasingly complex and interrelated risks.
Since the beginning of 2010, in addition to the devastation in Japan, the world has experienced:

• a series of destructive earthquakes in Christchurch, New Zealand;
• political and social revolution in the Middle East and North Africa;
• massive flooding in Australia;
• an outbreak of tornadoes and other severe weather events in the United States;
• volcanic eruptions in Iceland and Chile;
• pirate hijackings of supertankers off the coast of Africa; and
• the largest oil spill in the history of the petroleum industry in the Gulf of Mexico.

For many organizations, the Japan disaster has been a risk awareness “tipping point,” prompting them to examine risks that were previously off the radar and uncover potential “blind spots.” Events in Japan caused many to realize that business continuity and supply chain risk management programs are inadequate to respond to today’s riskier, more global and connected environment.

Since we cannot reliably predict the probability of events considered “remote,” organizations should rethink their business models and strategies to reduce their vulnerability to a single event. They should build organizational resilience.
Managing remote risks that are not addressed in conventional business decision models and planning horizons can be challenging. Hence “degree of resilience” needs to become a key risk indicator. This phrase alludes to the reduction of single dependencies or points of failure, and the degrees of preparedness an organization has developed to assure objectives and strategic imperatives are met. By better understanding their business, value chains and critical points of vulnerability, as well as ensuring appropriate contingencies are in place, organizations can enhance the resiliency of their supply chains to prepare for the next disruption, whatever the source.

Value-Driven Approach to Resiliency

To remain competitive, organizations have progressively “leaned” their supply chains. In other words, they have removed excess inventory and capacity, pushed non-core services to lower-cost providers, shedded and consolidated physical assets and reduced third-party providers or suppliers. Two sectors hit hardest by the Japan earthquake, automotive and high-tech, have led the way in this effort. These actions have driven efficiency, reduced costs and improved speed to market. But in consolidating inventory, leveraging single-source suppliers and accessing suppliers in geopolitically and socially riskier environments, many organizations have taken on greater sourcing risk.

Managing resiliency today is as much about avoiding or minimizing risk through design as it is about expediting recovery. The supply chain risk management strategies used by most organizations today can be divided into four main categories:

• insurance-driven programs, typically based on specific assets (such as facilities or key machinery, for example);
• compliance-driven or functional-based programs;
• threat-driven or event-based strategies; and
• value-driven or flow-based programs.

The first three strategies, driven by insurance, compliance and/or specific threats and events, tend to make up the majority of practices organizations use today. But in reality, these only take into account a small portion of risks and exposures.
A value-driven approach represents an integrated, end-to-end view of the extended supply chain and strives to account for the organization’s total exposures. In this approach, which is increasingly being embraced by organizations around the world, risk is viewed in the context of value, or how the organization makes money.

The value-driven approach begins with an articulation of the market, and product or service families or categories that are of greatest value to the organization. Value might be determined based on revenues, brand strength, strategic importance or other factors. Essentially, the value-driven approach requires an organization to ask itself: If all of our capabilities were to be destroyed tomorrow, forcing us to start from scratch, which areas would we build out first?

Once clear priorities are defined, value and supply chain networks can be mapped, single points of failure can be identified and potential impacts quantified. This enables the organization to prioritize additional investments needed to manage the risk.
The organization can then explore a variety of potential solutions. These might include diversification, inventory allocation, repurposing, alternative or multi-sourcing, the purchase of additional insurance or even exiting a particular market if the risk is deemed too high. This process supports decision making by providing the organization with quantitative and qualitative data that demonstrates the return on investment of a given strategy, or its effect on recovery time. As always, leadership is critical. Leadership is a major factor in recognizing needs and vulnerabilities, and in supporting the investments required to improve organizational resilience.

Solutions

Contingent business interruption When a business suffers a direct physical loss to its own assets, a standard property policy will likely be triggered and provide coverage. But disruptions to supply chains can come in many forms. These include indirect interruptions suffered by suppliers or as a result of events where no physical damage is incurred. To mitigate these risks, organizations should consider contingent business interruption (CBI) insurance and supply chain insurance.

The broadest form of CBI insurance provides coverage for actual losses sustained for interruption to both direct and indirect suppliers and receivers. A more restrictive form of coverage applies only to named suppliers and receivers listed on the policy. This coverage often varies by policy, carrier, the territory in which the policy is issued and where the contingent exposure exists.

Typically, CBI coverage is triggered by an insured peril such as a natural catastrophe and ensuing physical damage to the property of the suppliers and/or receivers. However, businesses are increasingly seeking coverage for other trigger perils, such as the insolvency of a key supplier (credit risk) or the inability to receive goods or services due to political disruptions when purchasing CBI insurance.

Before purchasing CBI insurance, buyers should carefully consider the following:

• Coverage may be subject to geographic or peril restrictions. For example, if the territory of the underlying property policy is Canada only, then
  the CBI coverage might not apply to suppliers outside of Canada.
• CBI coverage will typically be subject to a sub-limit and may be subject to an annual aggregate.
• Time element extensions taken for granted as part of direct business interruption coverage – such as ingress/egress and service interruption – typically do not apply to contingent business interruption losses at supplier locations, unless coverage is specifically negotiated on this basis.

In addition to CBI, trade disruption insurance has emerged as a viable option over the past two years. This provides coverage for a broader set of exposures tailored to address an organization’s specific supply chain risks.

Supply chain insurance

Trade disruption insurance (also referred as supply chain insurance) is essentially standalone contingent time element coverage for interruptions arising from both physical loss and non-physical loss events. Loss events could be either at the third-party suppliers’ locations or through the mode of transportation, and could happen up until such time as the organization receives its supply from the third-party suppliers. This coverage for non-physical loss events is critical to successful risk transfer of supply chain risk. Examples of covered events include strikes, riots and civil commotion, quarantines, supplier bankruptcies, port or border closures and service interruptions with no physical damage. Coverage can be obtained for both direct and indirect third-party suppliers.

A key underwriting element – and for some insurers, a requirement – for supply chain insurance is that the insured perform a supply chain risk assessment in conjunction with a review of the organization’s current insurance programs. Such an assessment can benefit an organization whether it is looking to purchase supply chain insurance or not. The assessment enables better, risk-informed decisions regarding the suppliers, supplies and services that comprise its product family supply chain.

Such an assessment typically includes:

• a value segmentation analysis to help select the key product or service for supply chain risk identification;
• development of a detailed map of the suppliers, with geocoding, financial information and alternative suppliers for same/similar goods or services;
• identification of single points of failure, triggers and current mitigation strategies, with a quantification of the impact of disruptions to suppliers, supplies and services; and
• prioritization of supply chain risks so that mitigation and transfer options can be efficiently allocated.

Using discipline, analytics, decision modeling and appropriate risk management and risk transfer mechanisms, organizations can gain control of their supply chains and become more resilient in advance of and in the face of the next disruption.