Industry Insight No.1: Enterprise Risk Management and the Insurance Act
Construction analysis: Sarah Schütte of Schutte Consulting Limited examines enterprise risk management, the Insurance Act 2015 (IA 2015) and how they will affect the construction and engineering industry.
Why is this issue important?
Many articles have been published about the forthcoming changes to insurance law but the industry also needs to think about how the changes will impact on the management of corporate (or enterprise) risk (known as ERM). The risk management aspects of IA 2015 need focusing on because, with proper thought given to the changes and what they mean, the industry will be able to manage its way through.
What is the background to this?
IA 2015 comes into force on 12 August 2016, meaning there will have been an 18-month lead-in since Royal Assent was given on 12 February 2015. Before IA 2015 was passed, there was over a decade of consultation, reports and proposals by the English and Scottish Law Commissions, Bills and readings. Changes to consumer insurance law, known as CIDRA, came into force in April 2013. The industry has--or should have--been watching how the changes to consumer insurance law have impacted in practice with an eye to how similar changes could affect the commercial world, because it has been obvious to most that changes to commercial insurance law would come, it was just a question of when and to what degree.
Why do you say insureds 'should have' been keeping an eye on the changes coming in?
I would like to think that all risk managers and insurance managers have been reading about the changes, developing their thinking, and taking advice, but I know from experience that is not possible. Insureds need to be clued up because IA 2015 is coming into force in less than a year. Recent research shows that 'most UK corporate boards organisations and insurance buyers do not fully understand the implications of [IA 2015]' (Mactavish, 30 March 2015). Time is ticking.
Why is insurance so important to the construction and engineering industry?
Insurance plays a unique role in protecting parties against the consequences of risk events arising and unlocks investment in risk-averse situations. Damage and delay are features of many construction and engineering projects and insurance products are key to mitigating these risks. On a macro scale, this sector is at the sharp end of risk and consequence when one considers the size, complexity, economic benefit and social value (or capacity for social change) of projects. We also see projects getting bigger: organisations delivering massive infrastructure development ('mega- projects' or 'super-mega projects') need insurance support. From a different perspective, consider the on-going need for R&D into risky technical disciplines, such as underwater drilling, where the UK excels, but needs to keep on top of its game. Insurance can make it viable to use cutting-edge technology or one-off solutions from a risk management perspective. Finally, add the international dimension, where there is a strong desire to use UK-centred companies, who have the longevity and experience to deliver large-scale projects in a global environment. All these industry examples need an insurance cushion.
So IA 2015 impacts on UK-headquartered companies only?
No, this is a misconception. IA 2015 affects anyone purchasing commercial insurance, which is subject to English law. Because London is at the heart of the international insurance market, this could be any company around the world. Thus, ERM officers in international organisations must consider whether English (or Scottish) law may apply to any aspect of their insurance programme (or indeed any reinsurance programme that sits behind local fronting insurers or captive insurers for larger organisations), and start planning implementation and management strategies. If they are not familiar with English law this will naturally be more difficult and time-consuming, and I recommend they take advice.
What is the timeline for insurance policies about to expire?
All policies or amendments to policies agreed on or after 12 August 2016 will be subject to IA 2015. Given that:
insurance policies are usually procured on an annual basis
the renewal process can take some time, and
extensions or other changes post 12 August 2016 to policies already in place now will be subject to the new law
insureds should start gearing up for IA 2015 now.
What are the five most important conceptual changes?
I think these are the most important:
One must understand that the broad philosophy of IA 2015 is to rebalance the relationship between insured and insurer. The existing law (the Marine Insurance Act 1906 (MIA 1906)) has long been criticised for providing insurers with remedies (from the insured's perspective, these are often seen as 'get-outs'), which are seemingly out-of-touch with commercial reality. So this ought to be a good thing for insureds.
Insurers will no longer be able to avoid contracts (ie cancel them and decline cover) simply because insureds misrepresented or did not disclose something which would have made a difference to how the underwriter rated the risk. Instead, insureds will have a duty to make a 'fair presentation' of the risk, a slightly less onerous requirement (IA 2015, s 3). It remains to be seen what exactly this will mean in practice, but IA 2015 provides some useful guidance (information must be 'reasonably clear and accessible', 'substantially correct' and made 'in good faith').
One point to be particularly aware of is IA 2015's stance on what is called 'data dumping'--ie swamping the insurer with information when the risk is being placed without pointing them to the key aspects of the risk. IA 2015 expressly forbids this and thus risk managers and brokers may need to change their approach to placement and renewal.
The status of 'warranties' changes. Under the current law, MIA 1906, s 33 discharges the insurer from liability once and for all from the date a warranty is breached. Currently everything in the proposal form completed by insureds converts to a warranty so this is draconian. The new IA 2015, s 10 will ban this and will soften the position on breach of warranty so that insurers are only off-risk during the period of breach--ie the insured can remedy the breach. So if you warrant you will have a burglar alarm switched on 24/7, and it is turned off, insurers will come back on risk when you turn it back on again. Under the current law they are off risk as soon as the alarm is turned off--and can refuse all claims from that point.
Insurers can 'contract out' of some of the changes although it needs to be highlighted. Some insurers are already preparing alternative sets of contract (policy) terms, so organisations need to understand the consequences.
What can organisations in the construction industry do to prepare themselves for the changes?
One of the things IA 2015 does is to look beyond the corporate identity at the people within it who are responsible for its insurance. The legal responsibility for disclosure on behalf of the insured will fall to individuals, and more widely than at present. What needs to be disclosed to insurers is what falls within or ought to fall within the knowledge of a company's senior management and those responsible for procuring insurance.
Secondly, and as a natural follow on, collating material to be presented to insurers (or 'disclosure') should be delegated organisationally to the chief risk manager and/or insurance manager and their teams. They should be the conduit through which raw factual data about projects and claims is gathered and assessed and then processed into an accurate presentation to ensure compliance.
Of paramount importance, then, is the principle of implanting within the business an experienced risk manager. For the purpose of insurance placement, he or she must make an honest appraisal of the business's risk information and then bundle it up and present it to the insurance market (directly or via a broker). The risk manager necessarily plays a central part in the exercise of assessing which pieces of information comply with the requirement to 'make a fair presentation of the risk'.
I call this exercise 'knowledge collation'. The task is not easy for a risk manager to do confidently and competently. The introduction of IA 2015 means exactly what is required in a knowledge collation exercise is less certain than it has been for over a century. We will not know exactly what a risk manager has to do to comply with the new rules until a few test cases are heard.
What practical tips can you give for dealing with IA 2015 in the context of risk management?
Here are my top ten:
Understand the organisation inside out
Start at the top: the business's objectives and values, the locations in which it operates, the services it offers, the top brass's (CEO, COO, CFO) appetite for acquisition, risk etc.
Then break it down to a local level: there may be individuals who resent being overseen by a remote parent.
Find knowledge champions
Given that IA 2015 defines 'information' and 'knowledge' widely, the risk manager will need detail, including identifying discipline heads and senior managers who have day-to-day project responsibility. The risk manager must be brave and interrogate. He or she should not shy away from asking difficult questions, or requesting copies of documents.
Establish a structured ERM system
Identify reporting lines, expectations and responsibilities. Review it regularly to check what is and isn't working, and whether it needs strengthening (eg map where inadequate or poor quality information emanates from and why). Invest in regular corporate risk appraisals, preferably with an independent external, who can scrutinise objectively.
Plot pertinent information
Cross-refer significant project information (by value, PR importance or 'difficulty') into the ERM system for the maximum view.
Dovetail all the business's fixed dates into the ERM system
AGM, insurance renewal, quarterly investor reports etc.
Work with the organisation's finance team to identify 'sticky' projects or issues requiring special attention
For example, significant unpaid fees may be symbolic of underlying performance or delivery issues.
Work with the organisation's legal team, in particular those who specialise in claims or disputes
Remember that in the professional indemnity/errors and omissions arena, 'circumstances which could give rise to a claim' are enough to trigger the notification duty, and failure to do so leads to a risk of meeting a coverage defence from insurers. If in doubt, the organisation's insurance broker should be notified on a precautionary basis.
Develop a good relationship with the organisation's broker
They know the insurance market inside out and are able to guide the organisation through the minefield of disclosure, and underwriter expectation. For larger businesses, getting to know the organisation's underwriter and--importantly--their claims manager is also recommended. Like construction, insurance is a relationships business.
Pay attention to the insurance wording
Insurers are amending their wordings to deal with IA 2015. They may decide to contract out of certain IA 2015 provisions or to use this as an opportunity to change other aspects of the cover. The risk manager needs to be ready to engage and react, including adjusting ERM activities.
Maintain paper trails
Keep breaches to a minimum, remedy swiftly and effectively, and record the events, because the organisation will not be covered during the period of breach, and there could be a coverage issue as to whether the action taken to remedy the breach is effective and/or when.
Any other thoughts on these issues?
Remember the bigger picture. The underwriters who analyse whether to cover an organisation's insurance programme will consider both the factual data which is presented (disclosed) to them and the ERM structure and processes, because both inform the organisation's risk profile and therefore its attractiveness--to insurers as much as to investors. Ultimately, taking action to comprehend and act upon IA 2015 will have practical financial benefit (ie it could reduce the premium charged). Conversely, failing to do so will negative the organisation's market position, which would be costly. While profit margins in construction remain very tight, and while there is continued consolidation in both the insurance and construction markets, organisations should try to remain lean, energised and focussed. Getting on top of risk management in the context of insurance is one way to achieve this.
As a final comment on changes to insurance law, the government's Enterprise Bill, which just has had its first reading in the House of Lords contains a provision enabling firms to claim damages from insurers for the late payment of claims. Watch this space for more on this potentially significant development.
Sarah Schütte is a solicitor-advocate and runs her own legal and training consultancy, Schutte Consulting Limited. She has over 15 years' experience as a construction and engineering solicitor, including ten years in industry. She works with a wide variety of industry clients, law firms, seminar organisers and educational establishments to support their projects, disputes, risk management and insurance strategies and training programmes.
The views expressed by our Legal Analysis interviewees are not necessarily those of the proprietor
This article was first published on Lexis®PSL Construction on 5 October 2015