Pool Re CEO urges carriers to embrace systemic risks

The re/insurance industry will miss out on a “glorious future” if it chooses to avoid systemic risk – be it cyber, pandemic or terrorism, Pool Re CEO Julian Enoizi told delegates at the Bermuda Risk Summit on 15 March.

Enoizi was speaking to Bermuda’s re/insurers for the last time before the end of his tenure at Pool Re.

Pool Re was set up a year after the IRA bombing of the Baltic Exchange in 1992 as the first public-private partnership to cover insured losses caused by acts of terrorism. The mutual reinsurer is owned by its members but is underpinned by a UK Treasury commitment of support if ever it has insufficient funds to pay a legitimate claim.

Before the end of his eight-and-a-half years as CEO, Enoizi secured the renewal of Pool Re’s unlimited government guarantee. Pool Re’s other achievements under his leadership include: sponsoring the first-ever terrorism cat bond, Baltic Re; developing Pool Re’s coverage terms to include cyber and non-physical damage business interruption; and buying an annual cat excess-of-loss treaty from the private market.

Enoizi spoke at the summit ahead of the conclusion of the UK Treasury’s latest five yearly review of Pool Re. The company later announced, on 24 March, the review had “praised its innovative work as the world leader in terrorism reinsurance and set out a collaboratively agreed scope of works to ensure the continued success and fitness for purpose of the scheme”.

Easy targets

Pool Re has come a long way, Enoizi told the summit, but it must continue to evolve in a way that would allow it to repatriate more risk to the market.

“In 2014, when I did the first government review, we were easy targets. We were sitting on a ton of money, £5 billion, but we weren't doing anything with it because we hadn't learned to underwrite the risk,” he said.

“We were simply saying, ‘Well, if that money goes, then the government is going to pick up the tab’. My view is that you should pay the government for the benefit of an unlimited guarantee, and so Pool Re negotiated a fee with the government, in return for which we obtained the operational freedoms that benefit all stakeholders.”

An unlimited government guarantee is by another name, fiat capital, he said. “In 28 years, the guarantee has never been called on, the taxpayer has never paid a loss. But we have used that guarantee to develop a business, which has basically placed the government of the UK £12 billion away from any form of loss.”

The interest of government and the interest of the industry are “symbiotic” – one wants to be profitable and the other wants to protect its taxpayers. “The way to achieve this is to get the private market to play a larger role, but that only works if the partnership is equal,” he said.

The most important thing, he explained, is to return risk to the private market so that the government is left with the tail risk only. For that to happen, the industry has to better understand the risk it is taking on and to have more risk-reflective pricing. It isn’t acceptable to say that pricing doesn’t matter when there’s a government guarantee, he said.

“The industry should encourage the take-up of a product, or the old problem arises when there’s a loss - nobody's covered because nobody bought the product.”

Ecosystem

The biggest lesson the industry can learn from terrorism risk, is the need to “constantly adapt and evolve”, he said. “Over the last 29 years, the threat actors have changed, the threat vectors have changed, the political landscape has changed, and the insurance landscape has changed.”

The ‘actors’ have changed to include, for example, the far-right extremist who murdered British MP Jo Cox in 2016, while the ‘vectors’ have widened from the “sophistication” of 9/11, to a car driving into a crowd of people at Westminster in 2017.

To better understand terrorism risk, Pool Re started to think about an “ecosystem”, he said. This included hiring people from counterterrorism police and the security services. It also forged partnerships with academia, to better understand economic risk.

“We had 150 insurance companies all ceding their risk to Pool Re. Therefore, we had a huge amount of information and data, and we wanted to use that to create an economy of scale and to create an R&D facility for the industry, which we called Pool Re Solutions. Its role was to anonymise the data, and then overlay it with improved modelling techniques.”

In 2015, Pool Re established the International Forum of Terrorism Risk (Re)Insurance Pools (IFTRIP), which shares knowledge with the re/insurance industry and capital markets. Pool Re launched IFTRIP to encourage re/insurers “to come back and play in the terrorism space”, Enoizi said. “All of it was designed to return risk to the private market.”

Pool Re also proposed that the model it had created for managing terrorism risk could be used as a template for re/insurers to handle other forms of systemic risk.

“Systemic risk, uninsurable risk, difficult-to-insure risk, too-big-to-insure risk, or catastrophe risk, pick your label,” he said, “but we can use this template for better handling those other forms of risk.”

In the last seven years, Pool Re has grown by 10% - to £320 million (in gross written premiums), but the commercial market for terrorism risk has nearly quadrupled, from £30 million, to £110 million, he said.

He also noted the “massive increase” in the commercial market, as it has taken on more and more risk, and stressed a debt of gratitude to Bermuda-based re/insurers who played their part in making this possible.

“Your participation in the two-and-a-half billion pounds that we managed to put into the re/insurance marketplace is £770 million, so a significant share of this journey. You have come and put capital at risk in London to protect the UK taxpayer from loss.”

The re/insurance programme has developed because the understanding of systemic risk has grown “enormously”, he said. “We understand terrorism way better today than we did eight years ago. We've imparted that knowledge, the insurers have taken more of a retention, the reinsurers have deployed more capital, and so more risk has been returned to the private market as a result.”

But the definition of terrorism is 30 years old, while the definition of war is close to a century old and it still requires a declaration of war, even though that last happened as long ago as 1939.

“Where does cyber fit within a modern definition of war? Where does economic war fit within a modern definition of war? And if you have a cyber-attack, and it's backed by a nation state, or a state actor, where does that fit? Is that an act of terrorism? Is it an act of war? Or is it neither? And if it's neither, it falls between the two and creates a gap,” he said.

When designing a template to manage systemic risk, the first thing to consider is the politics of the given country, and from that decide whether there is socialization of risk or mutualization of risk.

“I'm mutualization fan myself, but socialization isn’t necessarily a bad thing,” he said. “For example, in the UK, flood re is a tax on every homeowner, but the premium, or part of the premium, is used to buy a reinsurance programme.”

Another important consideration is for the re/insurer in a public-private partnership “to do themselves out of business over time”, he said, “by repatriating risk to the market” and by creating a mechanism for managing the risk - a mitigation service. This means some of the learning from the underwriting goes into advice for the consumer - to incentivize them to change their behaviour so that they start to take care of their own risk. “In that way, you build resilience,” he said.

Exclusion confusion

Systemic risks can be dealt with individually or holistically, but partnership with government is crucial.

“If we simply exclude these things every time they emerge, then the risk for us is that we become irrelevant as an industry,” he said. “But the government also needs to play its part. It needs to understand that we can't insure all of these risks.”

It is assumed that the industry can’t insure terrorism that uses nuclear, chemical, biological or radiological (NCBR) weapons.

“That we cannot insure the NCBR is a refrain you will always hear. In reality, I suspect we probably could insure the chemical risk, but I don't think we can insure the nuclear or the radiological. And, until two years ago, we probably all thought we could insure the biological but of course COVID has changed our minds on that.

“The government must design an economic model with us where we are able to take as much of the risk as possible, but where they accept they are on the hook for the tail portion of the risk. They should also create an enabling environment, whether that's regulatory or legislative, for us to pursue our activity and to encourage the customer to take care of themselves by buying our product.”

The mandatary take-up of insurance for terrorism, cyber, pandemic or non-damage business interaction would create “a huge moral hazard”, and this was a key topic in Pool Re’s latest review by the UK Treasury, he said.

“The premium in the system for cyber is projected to be $20 billion by 2025, which obviously is quite a large amount of premium compared to what it started out as two or three years ago. But it's nowhere near enough to deal with the systemic loss. And so, if we don't find a way to design these public-private partnerships, then there's simply going to be yet more protection gap.

“A holistic form of risk management means looking at a model with different perils under it according to the effect of what's happened, as opposed to the actual cause of what's happened. You've got the government sitting at the top as the insurer of last resort. Bear in mind, if they don't do this, they are the insurer of first resort because we're not covering that risk. What’s needed is for the reinsurance industry to get the benefit of a spread of different types of risks.

“If you then collaborate internationally with organizations like the World Bank or the OECD, you also get geographic spread of risk, which may be problematic in certain areas of systemic risk, but less so in others. But you also get that R&D facility, that greater understanding of the risk, and you also get the incentivization of the behaviour of the consumer. And so, you get a whole-of-society approach to risk and resilience.”

This enables a government to manage all of the risks in its national risk register. In other words, there are other risks that governments are managing all the time that sit on their balance sheet.

“These are opportunities for the re/insurance industry, but we never get to see them because those risks are carried entirely by the taxpayer. And I would argue that is actually wrong, that they shouldn’t be doing that.”

A pool for systemic risk

Enoizi read to delegates at the summit a recent statement from the UK’s upper house of parliament, the House of Lords: “The insurance industry can demonstrate its commitment to a public-private scheme by sharing the risk with government through the provision of capital and risk retention, contributing to economic confidence and resilience, as well as providing risk management mitigation, and transfer expertise and infrastructure capabilities.”

However, the common theme around the world, two years on from the beginning of the pandemic, is that governments “just don't have the bandwidth” to design a public-private re/insurance scheme, he said.

“We need to design the mechanism ourselves as an industry and wait until the government catches up,” he said. “We can't wait for the government to be ready, because the next systemic event may happen before they're ready. And we can't afford to be in a situation where we're simply excluding it and showing ourselves not to have done anything about it.”

He suggested the creation of a pool for systemic risk, such as a pandemic, with capacity closed at, for example, £1 billion on day one. That might eventually become £5 billion as the ecosystem took hold and knowledge increased.

“That gives you economy of scale, a pool of premiums that you can invest in getting a greater understanding of the risk. And as you get a greater understanding of the risk, and you're able to price it more accurately, the insurance industry will take more risk, the reinsurance industry will take more risk, and resilience will grow because you’ve incentivized the behaviour of the customers, who at least have some cover for their risk.

“Having created your closed pool and then a systemic event happens, it's very easy for the government, should it choose to, to come in and just plug in an unlimited guarantee behind you. That creates liquidity in the system, which flows very quickly, because the other thing we do very well in the insurance industry is adjust claims.”

Parting gift

He concluded with what he sees as Pool Re’s three main achievements from its review by government.

“The principal thing is that we have transitioned Pool Re from being a privately owned entity into an arm’s length body. That's not something that we wanted to have happen - we’d operated for 28 years as a commercial entity, but because of that unlimited guarantee, it was deemed that we needed to be part of government because the guarantee was essentially something that other commercial entities do not benefit from,” he said.

The second thing it achieved was to negotiate the ability to continue to operate flexibly and innovatively, he said. Alongside that, it made sure it had strong and open dialogue, and a partnership approach, with the government.

The third thing was to retain the unlimited guarantee, which has allowed the UK to build resilience, he said. “That £12 billion of protection takes care of almost the entirety of conventional terrorism,” he said, “and the government would only be left with the tail end of the risk from NCBR, and also potentially from catastrophic cyber.”

From the UK Treasury’s latest review of Pool Re, Enoizi highlighted four points.

Firstly, for Pool Re to continue to evolve, more risk needs to be repatriated to the market, he said. That includes bifurcation of the risk between conventional terrorism, and non-conventional terrorism and cyber.

“And so, we've asked the government to allow us to look at those two risks differently, leaving the government with only the uninsurable part. The industry will entirely insure the conventional part of terrorism without even recourse to the guarantee. That is a huge opportunity for the industry to basically almost wind the company up because then the insurance and reinsurance markets will handle the entirety of conventional terrorism without even needing any kind of government support.”

Secondly, Pool Re has also changed its scheme to a treaty model to ensure the involvement of the insurance industry. “You guys in the reinsurance industry have played your part with that £2.5 billion largest standalone terrorism treaty anywhere in the world, but the insurance industry has got to learn again how to underwrite terrorism insurance and play a bigger role,” he said.

“We have 150 cedants in Pool Re and my guess would be that if 10 of them had a terrorism underwriter, I'd be surprised. So, we've got to teach the industry how to underwrite terrorism, how to price terrorism, how to manage terrorism, and how to advise on the mitigation of terrorism. Moving to a treaty system will do that.”

Thirdly, Pool Re has changed its pricing mechanism, which Enoizi said had been very rigid and consisted of four “zones”.

“What we're now saying is, if you as the underwriter can choose the price that you want to charge your client, we will reinsure you on a treaty basis. And what that means is they can charge 1000s of different prices from the Orkney Islands to a different price for say, central London or Manchester. That, again, is a massive change in terms of how you get to a more risk-reflective price.”

Fourthly, Pool Re has a mandate to spend a much bigger proportion of its premium volume on mitigating the risk.

“So, we're actually going to start to invest tens of millions of pounds into risk mitigation. I can't tell you what those are, because they're sensitive, but the idea is to contribute to the removal of threat vectors from the UK and therefore reduce the exposure of the industry,” he said.

The definition of terrorism is crucial, he stressed.

“All of this will be for naught if tomorrow we have a large-scale terrorism event and something we fully intended to have covered is not covered because the definition of terrorism hasn't kept pace with modern threat vectors and threat actors.”

As a final message to Bermuda’s re/insurers before leaving Pool Re, Enoizi said: “I'm very proud to leave Pool Re ready to face the next five years, ready to modernize. I've been privileged to lead what is a tremendous organization. And, for myself, what I'd like to do is to continue to work in this space of systemic risk because I truly believe that it is the future of our industry. If we don't get it right, we won't have a glorious future.”

Enoizi is joining Marsh McLennan-owned reinsurance broker Guy Carpenter as global head of public sector. His successor at Pool Re is Tom Clementi, who was most recently CEO of MS Amlin Underwriting.