{Slide 1} How could anyone suggest that insurance is becoming irrelevant? Especially at a time when we continue to enjoy the benefits of coverage for losses arising out of the acceptance of counterfeit currency. At a time when we are secure in the knowledge that in the event of a break-in, we can count on insurance to cover loss arising out of damage to furnishings, fixtures, supplies and equipment. In this era of the multimillion dollar deductible, we are fortunate still to have coverage for check forgery. Certainly these are the risks which would otherwise keep the management of global financial institutions awake at night.

How could anyone suggest that insurance is becoming irrelevant at a time when some of the most catastrophic losses have resulted from unauthorized acts committed to generate fees and commissions, and insurers have continuously sought to distance themselves from such losses. Fidelity insurance has, since its initial drafting, continued to become more and more narrowly defined. Coverage which once applied to criminal acts, was narrowed to cover only dishonest acts and further narrowed to cover only dishonest acts committed with manifest intent to cause loss and obtain individual financial benefit, which benefit was in turn narrowed to exclude compensation in the form of salaries, fees and commissions.

How could anyone suggest that crime insurance is becoming irrelevant when the average industry loss ratio for fidelity has in recent years dropped into the 20 and 30% range.

In fairness, most of us remember a time about 12 years ago when financial institution crime insurance almost ceased to exist. Fortunately underwriters found a way to preserve it through radically higher retentions and premiums, while narrowing the scope of coverage. Could it be that insurers have done such an excellent job of protecting this coverage from the possibility of loss, that it has, in fact, ceased to be relevant to some of the insured's most critical exposures?

The actions of the insurance industry as a whole, 12 years ago: severely limiting capacity, increasing retentions and raising prices, served to stimulate the rapid growth of the alternative market in the form of Bermuda insurers, captives etc., The alternative sector is now estimated to represent approximately 40% of the commercial market.

Are we again at a point where insureds are deciding that traditionally available insurance products simply don't serve their overall needs? I am not an advocate of blended programs on a primary basis at this time, however, one cannot pick up an industry publication without seeing an article on such programs and their alleged proliferation.

Today, I'd like to speak about {slide 2} changes in the financial service industry and {slide 3} about the new approach being taken in the industry to the assessment and treatment of risk. Within this context we can also review {slide 4} developments in directors' and officers' liability coverage and {slide 5} consider what steps the insurance industry can take, not only to keep from becoming irrelevant but to create a valuable partnership role with its clients.

I tried to find a statistic which would dramatically illustrate the growth of the financial service industry and I did find one that I think is striking. According to the American Banker, {slide 6} the deposits of the top 100 u.s. banks in 1977 totalled 481 billion dollars. In 1997 {slide 7}, the total deposits at just the top 10 U.S. banks, totalled 787 billion dollars.

During these twenty years, we have experienced convergence both in terms of mergers and loss of institutional distinctions. At one level, we have seen continuous interstate banking acquisitions by firms, such as, bank one and nations bank. While at the other end of the spectrum, we have seen the acquisition of such money center firms as, irving trust, manufactures hanover, and chase.

Twenty years ago, the insurance industry could offer products such as, the bankers blanket bond (form 24), the stockbrokers blanket bond (form 14), the mortgage bankers blanket bond, etc. Today such distinctions are meaningless. Certain banks are extensively engaged in the securities business both home grown and acquired. Securities firms in turn provide banking services. Both types of firms, as well as certain insurers, are also heavily involved in trading businesses. We not only have the traditional presence of some manufacturing firms in financial services, such as, general electric and general motors but also the growing involvement of software manufacturers with financial service products and electronic networks: microsoft, hewlett packard, and intuit. In addition, we see traditional in-house operations functions being outsourced to technology and consulting firms.

Such outsourcing creates a very mixed marriage, a joining of the fiduciary and technological cultures. {slide 8} In the traditional fiduciary, culture, if a client is injured by the failure of the fiduciary, the fiduciary is generally responsible. In the techno/consulting culture no such degree of responsibility exists. If you have occasion to contract with a software manufacturer, the front page of the contract may include large, bolded, black letters, stating that the manufacturer does not even represent, that the product will satisfy the implied warranty to do the job you are purchasing it to perform. Such outsourcing and software agreements may include some slap on the wrist penalties but, under no circumstances, is the vendor responsible for any consequential loss to the fiduciary and its clients. Operational functions are delegated, however, responsibility is not. From an underwriting perspective it can be argued that the outsource vendor can perform a function more efficiently. On the other hand, your insured financial client no longer has the control it once exercised. To the degree many of your financial clients come to rely on the same vendor for the same service, you may also perceive an increase in single point of failure risk. In any event, it is a practice which is well entrenched and expanding.

Despite the vastly increased capital in the financial service industry, and the fundamental changes I have noted, we have yet to see any radical change in the way financial institution insurance products are crafted. The fact that the bankers blanket bond is now referred to as a financial institution bond, does not represent the type of change we might have expected to occur.

In addition to the externally observable changes in the financial service sector, there are also radical changes occurring in the way individual firms view their own risks. While I refer to individual firms, these approaches are spawned by regulatory bodies and consultants and as such, are widely evidenced. While the nomenclature may vary from firm to firm, the principles being applied are the same.

Today, financial and other types of firms are attempting to view risk systemically. Given the fact that one of the universal dependencies within a financial service firm is upon technology, it is a critical component in the assessment of the overall control environment.

I have observed an interesting, ancillary development as a result of the growing emphasis on and influence of technology. This development is the increasing reliance upon non-verbal communication. This non-verbal communication takes the form of flow charts, thinking models, graphic representations, and techno/consultant code. {slide 9} As an example, this slide represents Sanwa Bank's approach to risk assessment, as reported earlier this year in the ABA Banking Journal. You will note the conceptual flow of policy: creation at the executive level, approval at the board level, and execution by line management, with all three segments interacting, and oversite provided by a risk council.

{slide 10} Sanwa's risk council includes compliance, insurance/contingency planning, appraisal/environmental, asset-based finance, credit review and audit {slide 11}. The risks focused on are: strategic, reputation, credit, market, interest rate, liquidity, fiduciary, transaction, and regulation/compliance.

{slide 12} My own firm has developed this thinking model. Although this model is too busy to be an effective slide, it shows how we view the conceptual architecture of risk management: from the business objectives, to risk assessment, to control activities, and monitoring.

We initially developed a similar risk listing to Sanwa's, with slightly different nomenclature {slide 13}, including business continuity, people risk, physical security, and model risk. We subsequently summarized all risks into five categories: market/credit, revenue volatility, expense variation, operating and capital.

As I mentioned, regulators have been a major catalyst in the advancement of risk management and have themselves become much more sophisticated. The American Banker announced just last week, that the OCC had assembled a team of eleven Ph.D. economists to help examiners evaluate model risk, assessing the complex mathematical formulas which comprise financial models.

J.P. Morgan's organizational structure of risk management involves a corporate risk management group, focusing on financial risks, complemented by an operating risk committee, similar to sanwa"s risk council.

In terms of graphic non-verbal communication, I have also observed the proliferation of color-coded status reports {slide 14}: showing that a given goal has been achieved (green), is still in process (yellow), or simply has not been addressed (red). Such reports have become further sophisticated by, in certain cases, replacing yellow and red with gray and blue, indicating that although still in progress or not achieved, the specific issues are themselves not that critical. While representing a very effective form of immediate communication, such traffic light snap shots require a verbal context in order to convey any degree of depth and nuance.

In terms of techno/consultant code, I was recently the first presenter at a morning seminar and advised the audience, that, as there was no ordained consultant on the panel, I had been asked to prepare the benediction, which I thought I would share with you:

Let us praise the great paradigm, which empowers us as team players, within the holy bands of job family architecture, to freely participate in multi-functional task forces, in a corporate environment of enriching diversity, so that we may utilize our personal and collective tool kits and skill sets in performing never-ending self assessments, all, in order to favorably impact the fortunes of the almighty stockholder. Amen.

I advised that later on we would pass the template.

It reminds me of a bumper sticker I saw recently {slide 15}, "We are Microsoft, resistance is futile, you will be assimilated!"

In essence, regulators demand that financial institutions identify risk laterally across the organization, regardless of its nature. This includes business risk and operational risk including fortuitous event risk. This does not mean, as some of my colleagues suggest, that a risk is a risk is a risk, and all should all be treated and funded in the same manner. What it does mean is that there are a wide variety of risks, which require a complex control infrastructure and a multiplicity of risk transfer/funding mechanisms, whether contractual or through internal and external funding arrangements.

This systemic approach does not dwell on the fine distinctions which have traditionally been drawn between insurable and non-insurable risk and indeed highlights the limitation of that approach with respect to operational risk. Take, for example, the exposure to business interruption loss. The exposure to financial loss from the interruption of business for a week, a month or a year, is essentially the same, regardless of the cause of the interruption. In fact, in contingency planning, or what has come to be called business continuity planning, relatively little attention is focused on the cause of the interruption. Business continuity plans, as required by regulators, assume the loss of an entire facility without consideration of cause. The plan is designed to restore the operation at an alternate site with alternative technology, as quickly as necessary, to preclude serious loss.

Yet, the insurance industry will only address business interruption caused by physical damage. This is an accident of history, stemming from the fact that the coverage developed from fire insurance, at a time when the principle dependency of the insured was upon its physical plant. The insurance industry recognized this dependency and became quite expert in protecting the physical plant from serious fire damage. Those who created the highly protected risk industry, including the factory mutual firms, became state of the art experts on sprinklers and all forms of fire suppression, detection, and prevention.

Today, an insured's principal dependency often is not upon the physical plant but upon technology systems and the information within them. {slide 16} However, a business interruption solely caused by system failure, whether software or hardware, remains uninsurable.

Insurers argue that they don"t understand the exposures. This response is not adequate when the resources are available to the industry to evaluate and underwrite the risk, based on assessment of the technological environment and the adequacy of the contingency plan. In this way, at the appropriate attachment point, insurance could be made relevant to the overall exposure of business interruption not just one segment of it.

I realize that you are not fire insurance underwriters, but the principle is exactly the same. In circumstances where exposures have evolved and significantly changed, is the insurance industry to remain wedded to the past? What I am suggesting is as simple as the old distinction between sales and marketing. Will the insurance industry focus on selling its existing products, however re-decorated, or on producing new solutions to the insured's current needs?

{slide 17} It has been my observation, with respect to the life cycle of insurance products, that they often originate in anathema and end in ennui. Some of you will remember the consternation in the 1970's, when courts held that the bond covered certain kidnap ransom (k&r) situations. The insurance industry responded predictably, maintaining that it had not anticipated this exposure or charged a premium and would, therefore, absolutely exclude this peril. Thereafter, insurers seized the opportunity to offer a separate expensive, highly restrictive coverage, which over time continued to broaden and eventually wound up a virtual throw-in back under the bond.

We saw the same cycle when the employee retirement income security act was passed with the dreaded out of house exposure. I suspect we may see the same thing happen with the employment practices exposure: first excluded, then separately written and eventually back into the basic commercial general liability form. Of course, in this soft market, there is a lot of motivation to sell anything new or charge more for that which was previously provided in another form.

D&O insurance may provide an example of coverage revisions being introduced to suit the needs of the insurer rather than the insured. I refer to the allocation issue relative to securities claims. The main reason a large financial institution purchases D&O coverage, although I think some risk managers lose sight of this, is to protect individual directors and officers in those circumstances where the firm cannot indemnify them, as in a stockholder derivative action.

When the first insurer announced that, in securities litigation, it would, for twice the premium, acknowledge a 50/50 allocation between the individuals and the entity, my reaction was, that for twice the premium, I could now reduce the coverage I actually wanted by 50%. Doubling the cost and halving the coverage did not seem particularly attractive to me then or now.

In terms of the insurance product life cycle, D&O seems to be at the bells and whistles stage, with an estimated billion dollars in global capacity and the availability of coverage for the entity, pollution, outside directorships, employment practices, spouses and more. I've even heard discussions in which the significance of the aggregate limit has been denigrated on the basis that if we use it up, we'll just buy more from somebody else.

Where should the industry be focusing its creative energies, if it is not to be wedded to the past, or consumed with redecorating old structures?

At the primary level, for a firm with a reasonable loss history, insurance remains a very cost effective method of risk transfer for a variety of risks. There is also significant downside to present multi-year blended offerings, which I believe to be as yet immature products. However, current insurance products do not begin to reflect the growth and change which has taken place in the financial service industry and in its exposures.

Perhaps change can most effectively begin at a level above the limits of traditional insurance. As some of you know I am presently trying to create a new type and level of financial institution coverage on a somewhat more catastrophic basis.

Although I had initially thought in terms of $1 billion excess over $100 million, at this time, it appears that $500 million may be the achievable level of coverage. This program would reflect the lateral thinking I have spoken of, embracing three risk areas: {slide 18} traditionally uninsurable risk, risk which may have technically been insurable below $100 million but only at prohibitive cost and/or retention levels, and risk excess of existing programs.

Traditionally, uninsurable losses would include unauthorized acts and business interruption not caused by physical damage. Insurable but cost/retention prohibitive exposures would include corporate professional liability. The program could, on an excess basis, also apply to D&O and crime.

{slide 19} The insurance industry, through its narrow focus, has already ceded much of what might have been part of its potential risk management role to the rapidly growing consulting business, and I am not referring to brokers who now call themselves consultants. This, to some extent, may parallel the loss of a significant portion of the risk funding role to the more broadly defined, alternative markets. Insurers will never be all things to all people nor should that be the goal. However, I believe we have reached a critical point at which insurers must define an expanded role within the context of the rapidly evolving circumstances of what has come to be called risk management. It has been written that:

"Revolutions are not the cause of change, change prepares the ground for revolution"

"There is a time of departure, even when there's no certain place to go."

http://www.rims.org/ifrima site developed by Information, Inc.; content and graphics © copyright IFRIMA and Information, Inc.