Insurance is not a substitute for risk management

The insurance industry has done a really good job of convincing us that it is an alternative to risk management, rather than being just one of many risk management tools.  It isn’t deliberate, as such.  People in insurance just want to sell as much insurance as possible.  And it is easier to understand and buy an insurance policy than develop a risk management system.  

But as a result, the relationship between risk management and insurance for some risks has become so skewed, some people and organizations buy insurance as the way they manage some risks – like property insurance and hurricane risk.

Many organizations also rely on another organization’s insurance in contractual risk transfer, rather than consider how well the underlying risk is being managed.  That can be an expensive mistake, given that poor or non-existent risk management can negate the insurance being relied on.  And if you ask people to buy insurance rather than manage risk, what do you think they will do?  And you can’t rely on insurers to ensure risk management is effective; that’s not their role, and insurance contract terms often protect insurers from the poor or absent risk management they know can be all too common. 

But I digress.  It matters that there is a healthy relationship between risk management and insurance because that relationship impacts the relationship an organization has with its risks, and the health of that relationship is central to how well an organization generates and optimizes value and/or reward. 

At a strategic level, the scope of insurance coverage will always be inherently limited compared to the scope of risk management.  Insurance deals with transferable risks and unexpected financial costs – and mostly it does a pretty good job at it – but, ignoring the risks it doesn’t address, it often deals poorly or not at all with disruption or reputation costs.  Depending on the person, organization, or risk, these costs can be far more significant than money.  And the volatility of the scope, cost, and availability of insurance, which will only get worse in a world that is changing ever-more rapidly, contrasts sharply with the reliability of effective risk management.

At a tactical level, the unhealthiness of the relationship can rapidly become an acute problem; how do organizations that rely on insurance to manage risk, manage risk when insurance coverage is withdrawn?  Or its cost rises 10x, or coverage is cut to pieces? 

The unhealthiness of the relationship is, however, most damaging at a systemic level.  Over-reliance on insurance can lead to too little attention being paid to all the other aspects of a risk’s management, allowing all the underlying costs of a risk to keep rising almost unnoticed, like the temperature of the water the proverbial frog is happily sitting in.  Florida is, tragically, an all too clear example of this in action.

And sometimes, the temperature of that water can suddenly rise, causing (with apologies for the mixed metaphors) the elastic to snap.  

The elastic?  The elastic is the ability of insurers to adapt the scope and cost of their policies almost endlessly because insurance is a numbers game.  As long as an insurer charges more than a risk costs, whatever it costs, they make money; charge less, they don’t.  

Changes in the cost of a risk are less important than the insurer’s ability to adjust to them.  In fact, in a competitive marketplace between insurers, changes in the underlying cost of a risk present opportunities, further delaying adaptation in other elements of a risk’s management.

The snap?  The snap is the impact on coverage when the underlying changes to a risk or its costs are beyond insurers’ ability or willingness to adapt.  Snaps happen when too little attention has been paid to all the elements of a risk’s management for too long, partly because insurance has adapted to cover the need to do so.

This is what has happened to sexual abuse and misconduct (SAM) risk.  The resulting snap – insurers withdrawing coverage for SAM, imposing strict underwriting and coverage provisions, and raising premiums sharply – has left many organizations with SAM risk management controls (usually just the four compliance controls) that are inadequate at preventing abuse, and no controls for mitigating any of the consequences of abuse they cannot prevent.  This is unsustainable.

If you are in this position, we can help.  Please contact us to learn more about how we can help.

Author

Tim Jaggs, BOKRIM Founder

E: tim@bokrim.com

T: +1 (925) 450 6540

Leave a comment

Like this article?