How effective are your risk transfer efforts?

A paper delivered at the inaugural conference of the Risk Management Institution of Australia in Hobart, Tasmania, November 2004.

Andrew Rennie, Periculum Services Australia

Summary

The transfer of risk to contract partners whose own insurance program in turn accepts the risk, is an important element of every organisation's Risk Management program and is particularly important for those whose insurance programs include significant levels of self insurance.

Risk transfer is achieved through indemnity clauses in contracts which are backed up by insurance, but the benefits may not be immediately obvious.

Indemnity clauses are of little use if the insurance coverage provided is not effective: vetting compliance is an important aspect of the risk transfer process.

This paper:

• highlights the benefits of risk transfer and the necessity for efficient record keeping,
• discusses a number of problems which can arise, and
• suggests options for maximising the efficiency of the insurance vetting and management process.

It draws on my own personal knowledge, observations and experience and I hope will encourage people to review the processes and documentation they currently employ.

Introduction

The contractual transfer of risk is simply the transfer of responsibility for certain risks to another party through contract. Categories of contracting parties include contractor, supplier, licensee and lessee. For the sake of this paper, I will refer to these parties as "business partner". Business partners are generally the parties best placed to minimise or eliminate operational risks.

Contract Clauses

Risk transfer is achieved by inserting skillfully drafted indemnity and insurance conditions into leases, agreements, licenses etc.

The indemnity clause requires one party to indemnify or 'hold harmless', the other, for the consequences of certain risks. The insurance clause specifies the type of insurance to be carried by the indemnifying party and generally specifies that the Principal is to be included as an additional Insured party in the policy. Public Liability insurance is invariably a requirement.

Purchase Orders often become the organisation's default contract when a more formal document has not been signed so should also contain appropriate indemnity and insurance clauses.

Indemnity clauses vary in their scope and the precise wording may depend on who is putting them forward - ie whether the contract is being drafted by you or the business partner.

Formats include:

• Indemnity towards you by your business partner which may include the business partner indemnifying you for certain actions of others who are not party to the contract,

• Indemnity by you towards your business partner which may include you indemnifying the business partner for the actions of others who are not party to the contract.

• Whilst you may want an unlimited or open-ended indemnity towards you, your business partner may insist on capping his liability.

• Conversely, you will want to limit === your === liability under any indemnity you will be giving.

If a contract is sufficiently important to you (perhaps the other party has a monopoly), you may have to make a commercial decision to accept what the other side is proposing or to not persist with what you wish to see. Conversely, you may win the day if your bargaining position is strong. Aim to give away the minimum but be prepared to concede if appropriate or commercially wise to do so. Difficulties may arise when both parties are strong advocates of Risk Management and each side is trying to limit their risk exposure.

Legally drafted standard clauses are recommended and their use should extend to all contracts with variations to suit particular types of contract. Appropriate clauses should also be used in situations where the contract is evidenced by an exchange of letters or a Purchase Order

Risk Assessment

A Risk Assessment will help to identify major generic risks before developing standard clauses for a particular category of contract and should also be used to identify the risks of specific contracts. Wherever possible, indemnities must be backed up by insurance or some form of bond or surety in order to guarantee that there will be funds available to honour the indemnity when required. Insurance may never be as wide as the indemnity you are requesting so you may need to assess the business partner's capacity to identify and finance any uninsured risks he is being asked to indemnify you for.

If the amount of self insurance is significant, either as total self insurance or through significant deductibles, you may find yourself in battle with your business partner should a claim arise. This is not a desirable situation since insurers are inclined to be more savvy than some business partners may be when faced with a cost being charged directly to their bottom line.

A Risk Assessment should help to identify the Maximum Foreseeable Loss. This should take into account such things as activities being conducted, materials and plant being used, potential for multiple casualties, age and profile of people exposed, asset values at risk and the likely size of court awards.

Benefits from Risk Transfer

The contract price will indirectly include a contribution towards the business partner's current insurance premiums. However, should losses occur, future claims-related premium increases will be borne by the business partner rather than impact your own premiums which would be the case if your own insurance program were called on.

When losses do occur, it is generally easier to prove a breach of contract and call upon the business partner's insurance policy than to prove a Common Law breach of duty of care by the business partner.

Responsibilities as an Additional Insured As an Additional Insured on someone else's policy, you still have to assist in your own defence. This may involve some forensic work since if you are not able to produce a signed copy of the contract and evidence of the policy, there may be a problem in enforcing the indemnity.

Liability claims may not emerge for several years so your record system will have to be able to locate contracts which were completed several years ago in order to produce them in evidence.

If the business partner cannot be located or if he has gone out of business, you may need to claim directly on the business partner's insurance policy so it is also essential to locate the Certificate of Currency in order to identify the Insurer and prove that you are named as an insured party on the policy. In the short term, your own insurers may still have to file a defence in order to protect your interests.

Professional Indemnity policies are generally underwritten on a, "Claims Made", basis so if there is a potential for losses to arise several years after the contract, ensure that you require cover to be maintained for, say, 6 or 7 years. Consider also how you propose to verify that cover will be maintained for this period and whether you have systems which will cope with this.

Verifying insurance documentation for compliance

Certificate verification is an area greatly neglected by many organisations.

Unlike the USA, in Australia, we do not have a uniform standard for Certificates of Currency and the certificates provided, rarely disclose all the detail required to completely verify that cover complies with the contract. This means that some follow-up is generally required but how many organisations delegate th task of verification to a junior employee with little or no insurance knowledge. . For example :

• Certificates of Currency issued by some insurers may talk about cover being under a "Combined Policy" which is assumed to be a multi-policy package and may or may not include the policy category requested,
• Certificates may omit relevant aspects of the policy coverage such as large deductibles (sometimes, several hundred thousands of dollars),
• Aggregate limits, deductibles and Claims Made wordings are sometimes not disclosed,
• There have been court cases over misdescription of the 'business of the insured' which have led to the insurers repudiating cover. Failure to identify this misdescription in a policy you rely upon could be extremely dangerous,
• One certificate disclosed that it covered Excess Liability. The Limit of Liability and the period of cover were satisfactory but there was no information on the limit under the Primary cover. To the untrained eye, this certificate would have seemed valid and no further checking would have taken place. The implications are obvious.

When verifying insurance cover, it is important to check whether the insurers / underwriters you may have to rely on are solvent, and appropriately licensed by APRA to transact business in Australia. If offshore insurers are being used, you will also need to know how you will access them if you need to make a claim. You may also like to check insurers' solvency rating. A M Best covers the US and other parts of the world but provides limited information on Australian insurers. Standard and Poors might be a better option for the local market.

Insurance Brokers are generally considered to be agents of their clients, not the insurer, and do not guarantee the solvency or claim-paying ability of insurers with whom they place business. The situation is different when the Broker has an underwriting authority from an insurer since in that case, the broker is the agent of the insurer and acts with the insurer's authority.

Documentation received from brokers should therefore be reviewed with this in mind since it may have no legal status. A naïve reviewer might mistakenly think that broker-produced documentation implies obligations and a level of authority which may not exist.

Handwritten endorsements to documentation should be carefully reviewed to ensure that they are properly authorised so you can be confident that the insurer will not subsequently repudiate cover.

Unfortunately, in many cases, the people receiving and processing insurance documentation are often not skilled in the complexities of insurance and are frequently inclined to accept whatever is provided because they don't know any better. Indeed, why should the documentation require such levels of skill to be understood?

Auditing your verification processes

If you are not certain as to how well your organisation is handling the verification and compliance of insurance documentation, you should consider carrying out an audit of the process.

You will need to know whether documentation is reviewed and verified centrally or decentrally , who coordinates and supervises the task , whether there are documented procedures for reviewing documentation, the number of business partners required to supply insurance documentation each year, the number of documents handled annually, who is conducting the verification process and the extent of their insurance knowledge.

This will provide a picture of whether this process is a key activity for the organisation and how well it is being handled.

Standardising Certificates of Currency

Several years ago I developed a Certificate of Currency for a Government Agency in order to overcome the extreme variability of the Certificates being presented. I believe an updated version is proposed the draft document "Insurance for Government Construction Projects Guidelines" 1.

I intended that the Certificate would be provided by the Principal to the business partner with the tender documents, draft lease or draft contract. The business partner would then submit it to his Insurer / broker who would review the contract documents and confirm that the policy did or did not meet the requirements of the insurance clauses in the contract. By doing this, Principals would get what they required - and improve the accuracy of the verification process. Following up on missing or ambiguous information under the current system is extremely time consuming and likely to be carried out by only the most dedicated individuals.

A Certificate could be tailored to match the requirements of any organisation's contracts

Alternatively, the various interested parties (RMIA, Brokers, and Underwriters) could jointly develop standard documentation and a protocol for broker involvement. The US ACORD system2 could be a precedent for this.

Consequences of non-complying documentation

Without verifying their insurance, how do you know your business partners can meet their obligations? If their insurance is not adequate, any indemnities will have to be honoured by your business partner. Do you know whether he has the means to fund this?

Enforcing indemnity obligations without solid knowledge of the insurance situation can make for a messy and inconvenient exchange with your business partners, perhaps permanently damaging an otherwise fruitful relationship.

If you are unable to access your business partner's insurers, you will most likely have no option but to involve your own insurance program.

A consistent certificate verification and tracking program may also reduce your own insurance premiums by minimising the number of claims you have to make on it.

Options for document verification: Centralised do-it-yourself approach.

This approach requires software or an elaborate spreadsheet or database and a staff member or two with insurance knowledge. The benefit is that you can implement a consistent tracking effort over which you can exert control, guidance and prudent risk decision-making.

The disadvantage is that it requires substantial investment of time and money.

If this is the way you want to head, you will want answers to the following questions

• Is the party named in the contract is the same as the Insured under the policies. You'd be surprised how often the names don't match! It is not uncommon to find policies issued to a business name which is technically unenforceable.

• Is your organisation named as an insured party? The main reason for having an insurance clause is to obtain cover for your company

• Is there a Cross Liability clause? Most broker wordings do have a Cross Liability clause but unless you check, you may find that it is missing and you don't have the cover you thought you had.

• Does "The Business" as described on the certificate, line up with the work being done? There have been several cases in recent time where the business as described in the policy did not match the work being done and the insurer denied liability.

• What is the basis of cover

- is the policy a claims made or an occurrence wording and what is the aggregate limit of liability in any one year (if applicable). - Expressions such as 'plant items' are not sufficiently explicit since we cannot tell how "plant" is defined.

• What is the excess or deductible? You could be heading for trouble if the excess or deductible is significant and it wasn't disclosed to you.

• In some cases, the general and specific policy exclusions may be relevant.

• Claims Made policies such as PI must be kept current for several years after the job is finished since they only respond to claims made during the currency of the policy. What processes do you have to monitor continuity of cover? Many claims do not come to light until several years later. If renewal of the PI cover is not followed through, there is not much point in asking for the cover in the first place.

Some of these requirements may be 'nice to have' and you may consider others to be absolutely essential. You will need to decide whether you are going to insist on them being complied with.

A checklist is a good way of ensuring a standard approach to verifying the details of cover. The suggested requirements are fairly industry-specific and you may not need to include them on your document but conversely, there may be others which you do require which could be added.

Most of these questions are common sense but unless the person verifying the certificate is on the ball, they could be missed.

Option : Decentralised , do-it-yourself approach.

This usually means that your firm's purchasing and merchandising departments are required to ensure that business partners comply with insurance requirements.

A number of firms use this method but because the process is decentralised, how can they be certain that the people handling the process are familiar with the intricacies of insurance and that there are no obvious gaps in cover

Checklists are useful her also but once you lose centralised control, how would you know how well the process is being adhered to?

Option: outsource the process to your broker.

If you have a large number of contracts, there can be a tendency to concentrate on the larger ones (say the top 20% by value) and have them verified by your broker. The problem with this approach is that these policies are generally arranged by larger brokers and are probably not the ones you need to worry too much about anyway.

This approach largely ignores the smaller contracts but guess which ones are the most likely to cause insurance problems? Yes you've got it - the ones where insurance is arranged by the local agent.

Outsourcing may seem more costly up-front - but only because most Risk Managers are not honest with themselves about the true cost of doing it themselves.

Insurance brokers will sometimes track Certificates and their fees are in the overall brokerage fee but remember that since certificate tracking is not a core activity, it is not likely to receive top priority from a broker so don't expect a red hot service for the multitude of smaller contracts you are involved.

Option: outsource the process to a specialist

Even the Big Boys in broking lack the specialised software and Internet technology to do this job with the same consistency as a specialised third party firm.

A specialist firm established with the right software and people, can provide a superior service with regular reporting on compliant and non-compliant certificates.

With auditors taking a greater interest in how well you manage this process, you should expect a specialist firm to provide you with statistics on the number of complying certificates received, performance of certain business partners, and the performance of particular insurers and brokers.

A specialist firm should be able to tailor the verification criteria and process to suit your particular needs

Common objection to outsourcing

A common objection to outsourcing to a third party firm is the fear of losing control but the sophisticated Internet technology available today can allow the process to be totally transparent to you - the administrative headache can be outsourced while overall control and monitoring can be retained by the Risk Manager via the Internet

At any time, you should be able to interrogate the system in order to satisfy yourself as to how things are tracking.

The quality of documentation becomes important when claims are received. The statistics from one organisation over a 4 year period provide an insight into the frequency of instances where indemnities were either called up from or provided to other organisations. From 135 reported incidents, 39 resulted in claims being pursued of which 20 (50%) resulted in indemnities being obtained and 3 (8%) resulted in indemnities being provided to other parties.

This illustrates the importance of indemnity and insurance conditions in contracts and diligently verifying the insurance arrangements backing-up the indemnities.

In summary, what I am advocating in order to make your risk transfer efforts as effective as possible is to:

• Know your risks.

• Agree with the business partner during the contract negotiations, who is responsible for what. This may be as simple as the business partner agreeing to accept all operational risks but in situations which the business partner can't control, you may have to modify the indemnity accordingly.

• Don't concede indemnity protection unless you fully understand the risks and implications and are happy to bear them.

• Develop and use properly drawn-up, standard Insurance clauses which must be:

• wide enough to pick up all reasonable exposures & indemnities

• extended to cover the Principal

• Included insurance and indemnity clauses in Purchase Orders as well as in contracts

• Insurance clauses should specify acceptable forms of proof of insurance - generally Certificates of Currency, but these can be problematic. Why not consider drawing up your own?

• Spell out in the contract who is responsible for payment of the policy's excess or deductible (this can be important if the amount is significant).

• Ensure you can access contract documents and Certificates of Currency for as long as you are likely to be sued.

• Consider what level of compliance you will accept (accept the fact that 100% compliance is not always possible)

• Consider who will monitor compliance and establish guidelines and checklists

References

1 Insurance for Government Construction Projects Guidelines - Update 18.8. 2004

2 ACORD - Association for Cooperative Operations Research and Development a global, nonprofit insurance association whose mission is to facilitate the development and use of standards for the insurance, reinsurance and related financial services industries. http://www.acord.org/about/mission.aspx