Office of the Superintendent of Financial Institutions
Now, more than ever, the Property and Casualty (P&C) industry is facing a climate of change. Changes in weather-related catastrophes, changes in technology, changes in business practices, all of these changes, and many more besides, are altering the potential risks facing P&C insurers.
Good morning and thank you for inviting me to speak at the 2016 National Insurance Conference of Canada. I want to congratulate the NICC on this, its tenth anniversary event; quite the milestone.
Today, I am going to use OSFI’s Own Risk Solvency Assessment (ORSA) Guideline as a frame to discuss the need for P&C insurers to identify and understand their changing exposures.
I will focus in particular on the part of the ORSA Guideline that underlines the need for institutions to go beyond focusing on the most apparent risks and broaden their scope to include emerging risks and the exposures that arise from risk transfer and mitigation activities.
Let us get started with emerging risks.
Perhaps the area most associated with emerging risk in P&C insurance is catastrophic disasters, whether natural or man-made. Why? Because catastrophic disasters are, by definition, rare, so previous loss experience is a relatively poor guide to the future.
The industry is always running a race between its ability to gain and understand data and potential drift in the exposures.
We saw this very clearly this year. While catastrophic events have cost the industry in Canada an average of $1 billion dollars per year since 2009, estimates for a single event, this year’s Fort McMurray, Alberta wildfire, are close to $4 billion in gross insured losses. This was the largest and costliest catastrophe in Canadian history, well beyond any previous experience.
Insurers need to continue to focus on staying ahead of these risks and be aware of the possibility that catastrophic events, particularly weather-related disasters, may become more frequent and more severe.
Industry response to catastrophes
No catastrophic event is the same as the one before it, but with additional experience and the emergence of new technologies, Canadian insurers have become better at responding to these disasters.
In the case of the Fort McMurray wildfire, the industry demonstrated that it had learned from the 2011 Slave Lake wildfires and the 2013 Alberta floods.
In particular, insurers demonstrated enhanced catastrophe responses due largely to the help of advanced satellite imagery, more powerful information technology and improved connectivity. These innovations led to better monitoring and assessment of exposures, and improved the insurer’s ability to connect their policyholders with claims adjusters.
While we at OSFI are not involved in market conduct, we still welcome these improvements. OSFI was created, in part, to contribute to public confidence in the financial system. And confidence in the insurance industry is not solely about companies having the money to their pay claims — it also hinges on the ability of insurers to pay claims fairly and promptly.
Preparing for earthquakes
Given we are in Vancouver today, we should talk about earthquakes.
A high-intensity earthquake in a large urban centre is a severe but plausible event that Canada has yet to experience. It is a peak peril that has a loss potential greater than any other event. Indeed, catastrophic losses from earthquakes may pose a threat to the financial well-being of many P&C insurers.
Accordingly, OSFI has issued guidance on earthquakes through its Earthquake Exposure Sound Practices Guideline (or Guideline B-9), which mandates adequate stress testing and earthquake modelling. Moreover, this guideline can also be used as the foundation for a comprehensive approach to catastrophe risk management more broadly.
Clearly, by complying with OSFI’s Minimum Capital Test (MCT) insurers take a big step towards being financially prepared for an earthquake.
However, the requirements set out in the MCT are not a safe harbour for earthquake preparedness. Insurers must also continue to stress test their particular exposures in assessing their own capital needs through their ORSA process. Frequently updated stress testing is critical, and can give insight into the potential impact of such a catastrophic event.
While we are on the topic of emerging risks, let us shift our focus to technology.
While technology can be used to mitigate some risks, it also introduces new risks — not all of which are fully understood.
For example, technological change is opening up new lines of business for P&C insurers. But because these lines of business are new for everyone, there is little loss experience to guide pricing, underwriting and claims management.
We see this clearly in the growing volume of cyber-risk insurance policies.
We will also see it grow as ride and accommodation sharing platforms become more popular, creating new perils for insurers to protect. Drone aircraft are already available, and autonomous vehicles may not be far behind, creating new areas of liability.
In pursuing these new lines of business, we expect insurers to understand the risks and perform the due diligence that new products require. Insurers should take a strategic approach to gain expertise in these new areas, considering the potential risks alongside the potential profits.
As always, proper risk management and governance of the underwriting, claims, actuarial and pricing functions are critical. When pricing in new markets with limited experience in claims and policyholder behaviour, implementation strategies must be considered in an insurer’s ORSA. In addition, comprehensive stress testing is key to determining how product profitability might evolve through the range of possible outcomes.
A robust risk appetite framework helps set the pace for insurers when entering into new markets; the risk boundaries within the risk appetite framework can act as a guide in circumstances where there is little or no claims experience.
Whether or not a firm is offering insurance for cyber risks, insurers themselves are exposed to cyber risk. And that exposure is probably growing. Insurers continue to migrate toward digital channels in an effort to create tighter customer relationships, offer new products and expand their share of customers’ insurance portfolios; this increases their dependence on reliable web and mobile channels.
It is also important to recognize that insurers possess large amounts of personal, confidential information about their customers — including customer credit card and payment data — which can attract identity thieves and fraudsters.
Cyber-attacks on insurance firms can result in significant, tangible damages such as fines, legal fees, lawsuits and fraud-monitoring costs. A less obvious but no less significant impact may be the loss of policyholders’ trust. Since the insurance business relies on trust, a major breach can have a very real impact on an insurer’s brand.
The risks associated with a cyber-attack are two-fold; they involve both an element of protection and an element of response. On one hand, institutions must have solid defenses and controls in place to protect against an attack. But no one should assume that their cyber defenses will be 100 per cent successful. Likewise, we expect insurers to have cyber-attack response plans at the ready so that they can get operations back up and running quickly if their systems are compromised.
To help support financial institutions in this area, OSFI created a Cyber-Security Self-Assessment Guide to assist in gauging cyber-security readiness. OSFI encourages insurers to make use of this guide, or similar assessment tools, to regularly assess their level of preparedness in this dynamic environment, and to develop and maintain effective cyber-security practices that meet their current risks.
In my introduction I said that OSFI’s ORSA Guideline emphasizes the importance of both emerging risks and risks arising from risk transfer and mitigation. Let us look at that second element now.
At OSFI, we recognize that risk transfer and mitigation activities, such as reinsurance, are extremely useful tools for direct writers. Reinsurance can be used to reduce insurance risks and the volatility of financial results, stabilize solvency, make more efficient use of capital, better withstand catastrophic events and increase underwriting capacity. Insurers can also benefit from reinsurers’ knowledge and expertise when expanding into new lines of business.
Moreover, reinsurance can indirectly benefit policyholders, by allowing direct writers to offer coverage over a wider range of risks, and with higher coverage levels.
However, just as reinsurance helps diversify risk for the direct writer, it can also create new risks; especially counterparty credit risk.
The Leveraged Business Model and OSFI’s reinsurance review
In a speech that I gave in June 2015, I signaled OSFI’s concerns about a trend we were seeing in the use of reinsurance.
Our primary concern was in regards to a business model that involves insuring commercial risks in Canada, while reinsuring a very significant portion of that risk offshore.
In many cases, these risks are transferred with only small amounts of capital being maintained in Canada. That is why we refer to this as the leveraged business model.
Taken to extremes, this model introduces a highly concentrated counterparty credit risk to the direct writer. This risk could ultimately impair its ability to compensate policyholders in a severe but plausible event.
While this risk can certainly arise with unregistered affiliated reinsurance, it is not limited to that case.
These observations led us to review the reinsurance programs and risk management practices of many P&C insurers.
We also gained insight into the practice using the 2015 standardized reinsurance stress tests, and in some cases we supplemented our analysis by requesting that additional stress tests be performed.
Our work to date shows that the majority of institutions are managing their reinsurance risk prudently, in accordance with our Sound Reinsurance Practices and Procedures Guideline (or Guideline B-3). However, a small but significant group of insurers were flagged as having concentrated counterparty credit risk issues.
We also saw it necessary to expand the scope of our review so as to deepen our understanding of the broader reinsurance practices being used in both the P&C and life insurance industries.
Expanding our scope on reinsurance
Concentrated counterparty credit risk, and the governance and oversight of this risk in Canada, is still the focus for this expanded review. We are now looking more broadly at innovation in the use of reinsurance and the net risk impact on the direct writer.
Through this work we hope to determine if counterparty credit risk issues arise with the reinsurance strategies beyond the leveraged business model, and if so, to examine how those risks are being managed.
As we recognize the value that reinsurance can provide both for direct writers and their policyholders, we are also looking for insights that will help us to avoid unintended consequences of our actions.
As our thinking on reinsurance evolves, we will make sure to keep the industry informed and engaged. We will also ensure that any revised expectations are clear and that they remain suited to the current environment in Canada.
So while P&C insurers operate in this climate of change, OSFI expects the industry to remain vigilant. To date, the P&C industry in Canada has a good record of responding to change, and I have no doubt that this will continue.
We very much value our strong working relationship with the industry. As OSFI considers the prudential implications of this dynamic environment, we will continue to seek input from and engage in regular dialogue with insurers.
Let us continue that discussion now.
I would be happy to answer your questions or to hear your comments.