Transcript Black Swan Risk Management
Managing Risks Across the Enterprise
Mining, Metals & Minerals Industry OCTOBER 22, 2013
Ken Sloan John Kopfer
US Mining Practice Leader Senior Vice President
Belinda Berwick
Vice President
KEN SLOAN
US MINING PRACTICE LEADER
MARSH October 22, 2013 1
PANELISTS INTRODUCTIONS BELINDA BERWICK
Enterprise Risk Management Vice President +1 704 374 8046 [email protected]
Belinda is a Vice President in the Enterprise Risk Management (ERM) Practice, and is responsible for partnering with clients to develop, enhance and integrate Enterprise Risk Management & Business Continuity Management Programs and processes.
JOHN KOPFER
Forensic Accounting and Claims Services Senior Vice President +1 612 692 7842 [email protected]
John is a Senior Vice President in the Forensic Accounting and Claims Services (FACS) Practice, and is responsible for supervising a staff of experienced professionals in the preparation and review of damages claims and insurance valuations where accounting expertise applies.
October 22, 2013 2 MARSH
TODAY
’
S AGENDA • Industry Issues and Landscape • Enterprise Risk Management Methods – Strategic Risk Management
- Black Swan risks
– Risk Mapping
- Project risk management
– Business Interruption & Continuity Management
- Quantifying risks/exposures - Business interruption valuations (AMBIL, CAMBIL) - Resiliency programs
• Questions and Answers
MARSH 3
Mining, Metals & Minerals Industry Landscape
• Continue to tackle a range of challenges; with an ongoing focus on current & emerging risks, known incidents & an evolving landscape.
• Enterprise Risk Management is receiving increasing attention; with organizations questioning: – Manage risk across diverse internal & external exposures; – Prepare for incidents across an interlinked business; – Identify single points of failure that expose an organization to systemic risk; and – Prioritize & focus efforts with limited risk management resources.
MARSH The industry is feeling the impact & continuing to look for cost effective ways to pursue opportunities & protect against risk.
October 22, 2013 4
Risk Management in the Mining, Metals & Minerals Industry
• Determine the right level of investment in risk management & achieve value in an Enterprise Risk Management approach.
• Any approach will need to combine innovative solutions with a deep understanding of the industry ’ s issues & requirements.
• From an insurance perspective, a risk transfer mechanism is unable to be implemented if the risk is unknown.
Key is to develop & implement an Enterprise Risk Management approach in accordance with the company size, strategic objectives, culture, operational reach, customer base & appetite for risk.
MARSH October 22, 2013 5
Enterprise Risk Management Approaches
• Range of Enterprise Risk Management approaches that organizations can employ to internally manage risk.
• Risk is likely being managed in a number of ways (e.g. safety hazard management, engineering risk assessments, financial risk analysis).
• Approach to be integrated on an enterprise level; with a focus on continuous improvement.
• Key to identify those methods that achieve the greatest value.
• Today ’ s session focusses on three approaches:
1.
Strategic risk management
(e.g. Black Swan risks)
2.
Risk mapping 3.
Business interruption & continuity management
6 MARSH October 22, 2013
1. STRATEGIC RISK MANAGEMENT
October 22, 2013
Strategic Risk Management
• Strong understanding of the strategic exposures.
• Recognize exposures & identify which risks would be considered “strategic”.
• One approach is to seek out those risks that are termed as
Black Swans
by risk management professionals.
• Black Swan risk is defined as one that has
rarity
, an
extreme impact
, &
retrospective predictability
.
• Represent both the: – Unknown-but-knowable unknowns (i.e. able to identify); and – Unknown-but-unknowable unknowns (i.e. true Black Swans).
What ’ s the correlation between Black Swan risks & the mining, metals & minerals industry?
October 22, 2013 MARSH 8
Black Swan Examples – Mining, Metals & Minerals Industry
• Below are some examples in the industry that either have the
potential to
OR
may satisfy
the Black Swan criteria.
• 2013: Chinese subsidiary of a Canadian-based gold company – Landslide that buried more than 80 workers in Tibet.
– Mud, rock & debris covered an area around 4 square kilometers.
– Led to questions about whether mining activities have adversely impacted the region’s ecosystem.
– Region has abundant deposits of copper, chromium, bauxite & other precious minerals & metals.
• 2012: Copper concentrates operation in the Philippines – Kilometer-long drain tunnel was breached due to rains that fell nonstop for days.
– Leaking of a tailings storage facility, which spilled silt into a river and creek.
– Environmental regulator issued a suspension order; including significant financial penalties.
– Legal claims from a company stating that the event impacted their power generation activities.
– Recovery lasted for almost 1 year.
MARSH October 22, 2013 9
Black Swan Examples Continued
• 2010: Coal mining operations in the United States & New Zealand – Incidents led to underground mine explosions, which killed 29 workers in both instances.
– Later reports revealed that safety violations contributed to both the incidents.
– United States: - Report highlighted a failure to properly maintain ventilation systems, which allowed methane levels to increase. - Company and regulator were highly criticized for failing to meet basic safety standards.
- Significant legal costs & fines were incurred; including investigations into individual criminal liability.
– New Zealand: - Report identified that unconventional methods to get rid of methane were being used. - Event crippled the company, which is now bankrupt & includes charges being made against the CEO.
• 2010: Iron Ore operations in Africa – Fatal plane crash in West Africa.
– No survivors amongst the wreckage, which was carrying the Board of Directors.
– Travel management policy was not in place; with Board members traveling in the same aircraft.
– Lawsuits lodged against the company by family members of those who were killed.
MARSH October 22, 2013 10
Black Swan Risks & Strategic Risk Management
• With increasing exposure in the industry, companies are seeking ways to continuously improve their risk management practices.
• How does a company identify & mitigate risks that are seemingly unknown? • How does a company balance the risk with the reward?
• Recognize that such risks do have the potential to occur.
•
Which ones
&
when
?
MARSH Tracking unexpected risk events should be built into an Enterprise Risk Management program.
October 22, 2013 11
Tracking Strategic Risks & Black Swans
• Approach for tracking unexpected risk events should be flexible & scalable.
• Consider methods that aim to prevent the risk from occurring (i.e.
proactive
), as well as those that minimize the impact as the risk occurs (i.e.
reactive
).
• Proactive methods will assist in identifying the risks before they even emerge.
• Examples include: – Identifying & assessing risks in accordance with an appetite & tolerance for risk.
– Monitoring emerging trends & industry issues.
– Challenging business assumptions & conducting identification & analysis workshops.
– Developing risk indicator dashboards & tools.
– Implementing escalation triggers for early detection.
12 MARSH October 22, 2013
Hunting Strategic Risks & Black Swans
• One risk event could lead to another & ultimately lead to a risk materializing.
• Should hunt for risks by systematically considering business drivers & exposures that can negatively affect them.
• May involve developing risk maps that illustrate how risks interact with each other. • Idea is to identify how differing threats may become more likely & combine to present wholly new situations.
• e.g. 2011 Japan earthquake, resultant tsunami & radioactive leak at the Fukushima plant.
MARSH October 22, 2013 13
2. RISK MAPPING
MARSH October 22, 2013
Risk Mapping
• Benefits of conducting a Risk Mapping exercise even if Enterprise Risk is not a current focus.
• Risk Mapping will aid organizations at a range of differing levels – exploration phase, at initial construction, during mining operations, expansion activities… • Objective is to ensure that risks are proactively identified & assessed.
• Importance of developing an approach that offers more than a “toll gate” process?
Let ’ s focus on how Risk Mapping can aid in the effective execution of a project!
October 22, 2013 MARSH 15
Risk Mapping & Project Risk Management
• Utilize a Risk Mapping exercise to assist in the effective delivery of a project (i.e. on schedule & within budget).
• Align any Project Risk Management approach to the strategy & project objectives.
• Proactively identify, assess, evaluate (i.e. accept, control, transfer/share) & monitor risks.
MARSH We recognize that not all risk can be mitigated, but the objective is to ensure that projects are delivered on schedule & within budget!
October 22, 2013 16
Driving Results from Risk Mapping
• Broad level of responsibility to ensure that risks are managed in accordance with requirements: • Maintaining the effectiveness of current controls in minimizing exposure; • Identifying & effectively implementing additional controls for those risks that present an unacceptable level of exposure; and • Reviewing any occurrences of incidents & monitoring risks to understand how the profile may change & ultimately impact the project schedule &/or budget.
• Risk Mapping exercise should assist in making risk-aware decisions that aim to minimize exposure & maximize opportunity.
MARSH Awareness & accountability are critical to achieving success in a Risk Mapping exercise!
October 22, 2013 17
3. BUSINESS INTERRUPTION & CONTINUITY MANAGEMENT
MARSH October 22, 2013
Building Resiliency
• Business interruption & continuity management should focus on unmanageable or unplanned volatility.
• Goal is to take exposures & develop a risk management & insurance program that minimizes the impact of such events.
BEFORE
OPTIMIZE RESILIENCY
* while optimizing the efficiency of the operational & supply chain network
……………..
AFTER
EXPEDITE RECOVERY
* design business interruption & resiliency programs to minimize disruption when it occurs 19 MARSH October 22, 2013
Quantifying Risks/Exposures - Loss Preparedness Valuation Issues
•
Ensure CAT Coverages are adequate – Focus on BI Value
• Insurers: 12 month “ one-size-fits-all ” approach • Does not consider the unique characteristics of your organization, your ability to mitigate Benefit of “ AMBIL ” calculation •
Establish Appropriate CBI Coverage
• In years past often treated as “ throw in ” • coverage Many very large CBI losses seen in last 3 years following major losses – Japan EQ, Thailand floods and Sandy • Japan EQ largest CBI event in history; now carriers want CBI exposure quantification Supply chain mapping Nat Cat information •
Contingent Business Interruption Issues
• Your key suppliers and/or customers hit by storm but… No CBI coverage Very low CBI limits, Coverage not in place for CBI due to service interruption, Civil Authority, etc, Direct CBI coverage only; no indirect coverage MARSH October 22, 2013 20
Business Interruption Valuations What is it?
• Accurate determination of Business Interruption (BI) and Extra Expense values
–
Time-element exposure analyses including
: • Preparation of industry standard 12-month BI values for renewal • An income statement based approach, which provides insight as to the nature of business costs and expenses (fixed / variable) and details the composition of the calculated annual value of a Client.
• Preparation of Anticipated Maximum Business Interruption Loss (AMBIL) calculations, which identify the maximum time element exposures at risk for predetermined loss scenarios MARSH October 22, 2013 21
Business Interruption Values FACS Solution - AMBIL
• AMBIL
= Anticipated Maximum Business Interruption Loss
• Definition
: An AMBIL is a values reporting tool, which is an alternative to the standard unmitigated annual BI values required by the insurance markets. The AMBIL considers realistic repair/replace time lines and a client ’ s existing capabilities to mitigate the maximum potential losses to their supply chains by utilizing inventory, temporary operations, outsourcing, etc... The AMBIL calculation will present a more realistic measure of a client ’ s values at risk.
• Includes
the measurement of potential loss scenarios critical to the Client, either developed by the Client and or in conjunction with Marsh property risk control engineers.
• Combines
the expertise of Marsh Risk Consulting to provide an accurate determination of maximum values at risk.
• Reflects
the mitigating effects of continuity plans and processes that clients have invested in as well as routine mitigating steps that are available (use of inventory, temporary relocation, etc…) 22 MARSH October 22, 2013
FACS Business Interruption Valuations The Problem with Standard
“
One-Size Fits All
”
Calculations • Most calculations:
– Utilize 12-month fixed-value amount – Do not consider type of operation or business continuity plan in place – Seldom, if ever, consider AMBIL analysis
• Without proper value disclosures, underwriters are:
– – Denying blanket coverage Failing to understand the benefits that will result from effecting continuity plans and taking other mitigating actions MARSH October 22, 2013 23
Contingent Business Interruption (CBI) What is it?
• Operational losses incurred upstream (suppliers) and downstream (customers) leading to interdependency loss for your company.
– The contingent loss/failure must be the type of peril insured under your property policy.
Damage to suppliers’ suppliers’ facilities Damage to customers’ facilities Damage to customers’ suppliers’ facilities Damage to suppliers’ facilities
CBI
Damage to customers’ customers’ facilities
MARSH October 22, 2013 24
Identification and Analysis of your CBI Exposures Why is it Necessary in Today
’
s World?
2008 2009
In years past • CBI treated as “throw in” coverage
2010
Late July • Thailand Floods 2013 Renewals • New demands from insurers
2011
March 11 • Japan earthquake (largest CBI loss in history)
2012
October 22-31 • Superstorm Sandy
2013
• Companies are no longer self sufficient. Organizations now depend on: – Complex, integrated, and/or global supply chains. – Third-party relationships in areas such as purchasing, manufacturing, services, and/or logistics.
• Recent losses, as depicted above, have carriers requesting: – CBI exposure quantification.
– Supply chain mapping.
– Nat Cat information (probabilities).
• Without proper exposure disclosures, underwriters are: – Denying CBI coverage.
– Applying coinsurance.
MARSH October 22, 2013 25
Understanding Your Company
’
s CBI Exposure FACS CAMBIL Analysis
• FACS Contingent Anticipated Maximum Business Interruption Loss (CAMBIL) analysis takes into consideration: – Operation business make-up and supply chain.
– Interdependencies upstream and downstream.
Key direct and indirect suppliers.
Key direct and indirect customers.
– Realistic repair/replace timelines. – Established business continuity plans and potential loss mitigation strategies (i.e., using existing inventory, temporary operations, alternative suppliers, substitute goods, etc.).
• FACS CAMBIL calculation is based on an analysis of potential loss scenarios to key suppliers and customers, and the effects of likely mitigation steps which includes a narrative report, supporting schedules, and other necessary documentation relating to the methodology utilized to calculate CBI exposures.
Immediate Benefit
• Insurers want to know the likelihood of an event causing CBI loss and are requiring additional documentation before renewing CBI coverage.
Future Benefit
• At the occurrence of an event, companies are able to mitigate time element loss and enhance recovery time as they already understand their CBI exposure and have quantified the effect of scenarios on their business. 26 MARSH October 22, 2013
FACS CBI Exposure Study The Process
•
STEP 1: IDENTIFY
and
EVALUATE
– Suppliers ’ manufacturing sites (direct and indirect): alternative suppliers, product cycle times, distribution channels, etc.
– Key product inputs: inventory levels, substitute goods, etc.
– Key customer sites (direct and indirect): sales concentration, shipment methods, etc.
•
STEP 2: QUANTIFY
CBI exposure amount under various loss scenarios = Lost sales less saved direct and indirect costs.
– A Contingent Anticipated Maximum Business Interruption Loss (CAMBIL) calculation. •
STEP 3: ASSESS
existing and needed loss mitigation strategies (i.e., using existing inventory, temporary operations, alternative suppliers, substitute goods, etc.).
•
STEP 4: MAP
natural hazard threats to key suppliers and customers.
– If a problem is identified in the above steps, we do a NATCAT map. •
STEP 5: ESTABLISH
appropriate CBI limits based on assessment of anticipated maximum CBI exposures at risk.
27 MARSH October 22, 2013
FACS CAMBIL Analysis Tier 1: Key Direct Suppliers and Customers
Client Tier 1 Include basic U/W information (location, Cat zone, etc.) Key Direct Suppliers Calculation
of client's sales affected by direct CBI loss; apply GE% to affected sales Identification of key suppliers and customers for major products ($$ threshold)
Direct Customers Calculation
of client's sales affected by direct CBI loss; apply GE% to affected sales
Calculate
net CBI exposure after mitigation through use of inventory, alternate qualified suppliers, or substitute goods
YES
Can CBI loss be mitigated?
NO
Unmitigated exposure: Need to evaluate
Tier 2 Indirect Suppliers Include basic U/W information (location, Cat zone, etc.)
Can CBI loss be mitigated?
NO
Unmitigated exposure: Need to evaluate
Tier 2 Indirect Suppliers and Customers YES Calculate
net CBI exposure after mitigation through redirection of goods, spot market sales, etc.
MARSH October 22, 2013 28
FACS CAMBIL Analysis Tier 2 and 3: Indirect Suppliers and Customers
Indirect Suppliers Indirect Suppliers Tier 2 Include basic U/W information (location, Cat zone, etc.) END NO Calculation
of client's sales affected by indirect CBI loss; apply GE% to affected sales Can
Tier 3 Indirect Suppliers
be identified?
YES Indirect Suppliers Tier 3 Gather public information regarding Tier 3 Indirect Supplier ; evaluate information for impact on insured END Indirect Customers Calculation
of client's sales affected by indirect CBI loss; apply GE% to affected sales
Include basic U/W information (location, Cat zone, etc.) END
MARSH October 22, 2013 29
Natural Hazard Threats to Company XYZ
’
s Supply Chain Japan Earthquake Zone Details
12 11 7 5 10 6 2 1 3 4 8 9 = Supplier = Significant = Severe = Catastrophic
Source: MunichRE NATHAN data – see Appendix A for more details on earthquake zones MARSH October 22, 2013 30
Contingent Business Interruption When Should CBI Assessments be Undertaken?
• Has your organization ever completed a comprehensive CBI assessment to establish coverage limits?
• Has it been greater than three years since a CBI exposure assessment has been undertaken?
• Has there been a material increase in revenue or profitability for goods / services dependent upon direct or indirect third parties?
• Has there been a change in the supply chain for a financially important good or service?
• Has the ability to mitigate potential losses changed since the last assessment, either for the better or worse?
31 MARSH October 22, 2013
Continuity Management
• Holistic management process that identifies impacts that have the potential to threaten an organization.
• Provides a framework for building resilience.
• Safeguards the interests of the organization.
• As Business Continuity Management is concerned with reducing the impact of a risk as it materializes, it often forms part of a broader Enterprise Risk Management program.
• Gaps in resiliency are often identified during a risk assessment (e.g. Risk Mapping).
MARSH How does an organization build resiliency to minimize impacts associated with a risk materializing (e.g. supply chain failure)?
October 22, 2013 32
Resiliency Programs
• Range of resiliency approaches in the marketplace, which span across the business continuity management paradigm.
• From emergency preparedness and response, business continuity & disaster recovery planning, crisis management, & supply chain risk management.
• Resiliency program should provide for a business-aligned, measureable, adaptable & repeatable process.
• Will be able to identify & quantify the business “ need ” for enterprise resiliency at both a macro & detailed level.
• Also allow for more efficient & effective deployment of limited resources to products & services that are the most critical.
What does an effective resiliency program look like?
33 MARSH October 22, 2013
Resiliency Program Inclusions
• Reference materials & international guidelines continue to provide generic blueprint for developing resiliency programs.
• Actual approach should be tailored to the organization.
• For example… – Highlighting the business priorities.
– Identifying & measuring the impacts of disruptions across an extended supply chain.
– Quantifying, qualifying & prioritizing the identified impacts.
– Determining the options for managing risks within an acceptable threshold.
– Quantifying & modeling options to establish the measureable effect on reducing disruption risk.
– Funding & executing the options that provide for the greatest return on investment.
– Documenting, executing, validating, monitoring & maintaining the resiliency options.
34 MARSH October 22, 2013
Practical Risk Management: Flexible & Scalable
• Unexpected risk events need to be tackled & assumptions challenged.
• Understand that it is far easier to focus on those risks that are considered known & plausible. • Range of risks that can strategically impact an organization, such as Black Swan risks.
• Certainly, not all risk can be eliminated – counter-productive & cost ineffective. • Focus on flexible & scalable approaches that: – Add VALUE & not just a process to a heavily regulated industry (i.e. the right fit); and – Assist in making RISK-BASED DECISIONS (i.e. balancing the risk with the reward).
MARSH October 22, 2013 35
Key Questions to Consider
• Does your organization have a detailed understanding of acceptable/tolerable risk? • Does management agree on: – What the strategic risks are?
– The relative importance of these risks?
• Does your organization have a process in place to evaluate risks & improve the management of: – Under managed risks?
– Over managed risks?
• Does your organization have in place a resiliency program that: – Considers a range of potential exposures; including the associated insurance coverage?
– Aims to minimize impacts associated with business disruptions (e.g. more than a record that “ collects dust ” ?) – Does your organization have in place an Enterprise Risk Management program that adds value?
MARSH October 22, 2013 36
In Summary
• Even the most unexpected risks can materialize –
rare, extreme impacts, retrospective predictability
.
• Within the mining, metals & minerals industry, we can turn to a number of risk management methods that will assist in minimizing exposure.
• Message is that an Enterprise Risk Management approach is required to not only prevent risks from occurring, but also minimize their impacts as they occur.
• Certainly, risk & opportunities need to be balanced – as without risk, there is no reward!
• Understand the balance, & develop Enterprise Risk Management programs that are effectively integrated & aligned to the organization & its risk appetite.
37 MARSH October 22, 2013
QUESTIONS AND ANSWERS
October 22, 2013
This document and any recommendations, analysis, or advice provided by Marsh (collectively, the party, including other insurance producers, without Marsh ’ Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage.
“ Marsh Analysis ” ) are not intended to be taken as advice regarding any individual situation and should not be relied upon as such. This document contains proprietary, confidential information of Marsh and may not be shared with any third s prior written consent. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. Any modeling, analytics, or projections are subject to inherent uncertainty, and the Marsh Analysis could be materially affected if any underlying assumptions, conditions, information, or factors are inaccurate or incomplete or should change. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Except as may be set forth in an agreement between you and Marsh, Marsh shall have no obligation to update the Marsh Analysis and shall have no liability to you or any other party with regard to the Marsh Analysis or to any services provided by a third party to you or Marsh. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or reinsurers. Marsh is one of the Marsh & McLennan Companies, together with Guy Carpenter, Mercer, and Oliver Wyman.
Copyright 2013 Marsh Inc. All rights reserved.
MA 13 MARSH