LinkedIn profile
follow on FB
RSS Feed
Board's Evolving Role in Insurance, Risk Management
I gave my first directors and officers (D&O) liability insurance presentation to a board of directors in 1996. The CFO of this publicly traded company asked me to discuss the highlights of its recently renewed D&O insurance program. The presentation lasted less than five minutes—and not one question was asked by any of the board members present. In fact, most of them were engaged in other conversations that they must have deemed more important or more interesting than insurance. My presentation was a mere formality: the board essentially rubber-stamped the CFO’s insurance
decisions.
Since then, a board’s involvement in insurance decisions, like D&O coverage, has changed dramatically. Now our firm presents to its client public company boards and audit committees at least once a year. Board members are no longer passive and disinterested when it comes to insurance. Instead, most are well informed about the liabilities directors face and want to fully vet their D&O insurance protection—specifically its structure, limits and scope of coverage. Questions often arise about insurance carrier solvency, the importance of differences in conditions A-side coverage, appropriate coverage limits and the terms and conditions of the policy. A decade ago, CFOs generally made all these decisions; in today’s ever-litigious corporate environment, many executives now defer these important decisions to their entire boards for input and formal approval before finalizing major insurance placements.
Risky business
Boards are also becoming more engaged in risk management, specifically enterprise risk management (ERM). Traditional risk management identifies exposures to loss, examines various techniques to address the risk and then selects the most appropriate techniques to control it. Note that risk management focuses only on accidental losses, not all losses. A key technique used in risk management is insurance or risk transfer; however, insurance is only one facet of risk management. It’s been suggested that the paradox of insurance is that it is a good first and last response to managing risk, but is not always the most appropriate response. There are other important risk management tools, such as risk avoidance, self insurance, loss prevention, loss control, contractual risk transfer and alternative forms of risk financing.
All-encompassing risk
In contrast, enterprise risk management deals with all aspects of an organization’s risk, not just accidental loss. The Risk and Insurance Management Society defines ERM as “a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.” The Committee of Sponsoring Organizations of the Treadway Commission defines ERM as a “process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Both definitions are mouthfuls, but the point is that ERM is all-encompassing and comprises the spectrum of organizational risk. Note the key takeaway that ERM is a process “effected by an entity’s board of directors.” Since the recent financial and economic meltdown, the board’s involvement in ERM has grown significantly. Boards are expected to more effectively identify and assess risks across the organization, driven in large part by anxious shareholders and other stakeholders who want to ensure that both the balance sheet and shareholder value is properly protected. As such, the board’s role in ERM is one of the hottest topics in corporate governance.
Proposed rules
In July 2009, the Securities and Exchange Commission (SEC) took these responsibilities even further by proposing new disclosure rules regarding board oversight of ERM, which could impact how boards approach and manage risk in the future. The proposed amendments include newly mandated disclosures on the boards’ increasing involvement with ERM. If you thought directors of a public company had a tough enough job fulfilling traditional fiduciary and stewardship duties, imagine how those directors must feel knowing they could be held responsible for not accurately identifying and assessing all entity risks and for not properly planning a response for each one. If the SEC proposal passes, Christmas will come early and often to the plaintiff’s bar.
More responsibility?
The process of identifying and managing traditional and known risks is certainly doable for directors. But should they also be held accountable for the highly improbable “Black Swan”? According to Black Swan author Nassim Nicholas Taleb, “a Black Swan is a highly improbable event with three principal characteristics: It is unpredictable; it carries a massive impact; and, after the fact, we concoct an explanation that makes it appear less random, and more predictable, than it was.” He considers 9/11 the prime example of this phenomenon. Think about being responsible for identifying something that is unpredictable, something that has a huge negative impact, and after the fact, experts assert that you should have predicted it. That is one tough exercise for anyone. Boards need to be well equipped to deal with these increasing responsibilities, relying heavily on outside professional service providers to guide them through the labyrinth that is ERM. Whether or not the proposed SEC risk management oversight rules are enacted, ERM will become a recurring theme in boardrooms across America. In fact, it just moved to the top of the agenda.
by Spence Hoole