No fear: Pool Re CEO urges Bermuda carriers to embrace systemic risks

The re/insurance industry will miss out on a “glorious future” if it chooses to avoid systemic risk—be it cyber, pandemic or terrorism, Pool Re chief executive officer Julian Enoizi told delegates at the Bermuda Risk Summit.

Enoizi was speaking to Bermuda’s re/insurers for the last time before the end of his tenure at Pool Re, a role that ended at the end of March.

Pool Re was set up in the UK a year after the Irish Republican Army bombing of London’s Baltic Exchange in 1992 as the first public-private partnership to cover insured losses caused by acts of terrorism. The mutual reinsurer is owned by its members but is underpinned by a UK Treasury commitment of support if ever it has insufficient funds to pay a legitimate claim.

Before the end of his eight-and-a-half years as CEO, Enoizi secured the renewal of Pool Re’s unlimited government guarantee. Pool Re’s other achievements under his leadership include: sponsoring the first terrorism cat bond, Baltic Re; developing Pool Re’s coverage terms to include cyber and non-physical damage business interruption; and buying an annual cat excess-of-loss treaty from the private market.

Enoizi spoke at the Bermuda Risk Summit ahead of the conclusion of the UK Treasury’s latest five-yearly review of Pool Re. The company later announced, on March 24, that the review had “praised its innovative work as the world leader in terrorism reinsurance and set out a collaboratively agreed scope of works to ensure the continued success and fitness for purpose of the scheme”.

Easy targets

Pool Re has come a long way, Enoizi told the Summit, but it must continue to evolve in a way that would allow it to repatriate more risk to the market.

“In 2014, when I did the first government review, we were easy targets. We were sitting on a lot of money, £5 billion, but we weren’t doing anything with it because we hadn’t learned to underwrite the risk,” he said.

“We were simply saying: ‘If that money goes, the government is going to pick up the tab’. My view is that you should pay the government for the benefit of an unlimited guarantee, so Pool Re negotiated a fee with the government, in return for which we obtained the operational freedoms that benefit all stakeholders.”

An unlimited government guarantee is, by another name, fiat capital, he said. “In 28 years, the guarantee has never been called on, the taxpayer has never paid a loss. But we have used that guarantee to develop a business which has placed the UK government £12 billion away from any form of loss.”

The interests of government and the interests of the industry are “symbiotic”—one wants to be profitable and the other wants to protect its taxpayers. “The way to achieve this is to get the private market to play a larger role, but that only works if the partnership is equal,” Enoizi said.

The most important thing, he explained, is to return risk to the private market so that the government is left with the tail risk only. For that to happen, the industry has to better understand the risk it is taking on and to have more risk-reflective pricing. It isn’t acceptable to say that pricing doesn’t matter when there’s a government guarantee, he said.

“The industry should encourage the take-up of a product, or the old problem arises when there’s a loss—nobody’s covered because nobody bought the product.”

Ecosystem

The biggest lesson the industry can learn from terrorism risk, is the need to “constantly adapt and evolve”, Enoizi said. “Over the last 29 years, the threat actors, the threat vectors, the political landscape, and the insurance landscape have all changed.”

The “actors” have changed to include, for example, the far-right extremist who murdered British MP Jo Cox in 2016, while the “vectors” have widened from the “sophistication” of the 9/11 World Trade Center attacks in 2001, to a car driving into a crowd of people at Westminster in 2017.

To better understand terrorism risk, Pool Re started to think about an “ecosystem”, he said. This included hiring people from counterterrorism police and the security services. It also forged partnerships with academia, to better understand economic risk.

“We had 150 insurance companies all ceding their risk to Pool Re. Therefore, we had a huge amount of information and data, and we wanted to use that to create an economy of scale and to create an R&D facility for the industry—Pool Re Solutions.

“Its role was to anonymise the data, and then overlay it with improved modelling techniques.”

In 2015, Pool Re established the International Forum of Terrorism Risk Re/insurance Pools (IFTRIP), which shares knowledge with the re/insurance industry and capital markets. Pool Re launched IFTRIP to encourage re/insurers “to come back and play in the terrorism space”, Enoizi said. “All of it was designed to return risk to the private market.”

Pool Re proposed that the model it had created for managing terrorism risk could also be used as a template for re/insurers to handle other forms of systemic risk.

“Systemic, uninsurable, difficult-to-insure, too-big-to-insure, or catastrophe risk, pick your label,” he said, “but we can use this template for better handling those other forms of risk.”

He noted the “massive increase” in the commercial market, as it has taken on more and more risk, and stressed a debt of gratitude to Bermuda-based re/insurers who played their part in making this possible.

“Your participation in the £2.5 billion that we managed to put into the re/insurance marketplace is £770 million, so a significant share of this journey. You have come and put capital at risk in London to protect the UK taxpayer from loss,” Enoizi told the Summit.

New understandings

The re/insurance programme has developed because the understanding of systemic risk has grown “enormously”, Enoizi said. “We understand terrorism much better today than we did eight years ago. We’ve imparted that knowledge, the insurers have taken more retention, and the reinsurers have deployed more capital, so more risk has been returned to the private market as a result.”

But the definition of terrorism is 30 years old, and the definition of war is close to a century old and still requires a declaration of war, even though that last happened as long ago as 1939.

“Where does cyber risk fit within a modern definition of war? Where does economic war fit within a modern definition of war? If you have a cyber attack, and it’s backed by a nation state, or a state actor, where does that fit?

“Is that an act of terrorism or an act of war? Or is it neither? If it’s neither, it falls between the two and creates a gap,” he said. When designing a template to manage systemic risk, the first thing to consider is the politics of the relevant country, and from that decide whether there is socialisation of risk or mutualisation of risk.

“I’m mutualisation fan myself, but socialisation isn’t necessarily a bad thing,” he said. “For example, in the UK, Flood Re is a tax on every homeowner, but the premium, or part of the premium, is used to buy a reinsurance programme.”

Another important consideration is for the re/insurer in a public-private partnership “to do themselves out of business over time by repatriating risk to the market” and by creating a mechanism for managing the risk—a mitigation service. This means some of the learning from the underwriting goes into advice for consumers—to incentivise them to change their behaviour so that they start to take care of their own risk.

“In that way, you build resilience,” he explained.

Exclusion confusion

Systemic risks can be dealt with individually or holistically, but partnership with government is crucial. “If we simply exclude these things every time they emerge, the risk for us is that we become irrelevant as an industry,” Enoizi said. “But the government also needs to play its part. It needs to understand that we can’t insure all these risks.”

It is assumed that the industry can’t insure terrorism that uses nuclear, chemical, biological or radiological (NCBR) weapons.

“That we cannot insure the NCBR is a refrain you will always hear. In reality, I suspect we probably could insure the chemical risk, but I don’t think we can insure the nuclear or the radiological. Until two years ago, we probably all thought we could insure the biological but of course COVID-19 has changed our minds on that.

“The government must design an economic model with us where we are able to take as much of the risk as possible, but where they accept they are on the hook for the tail portion of the risk. They should create an enabling environment, whether that’s regulatory or legislative, for us to pursue our activity and to encourage customers to take care of themselves by buying our product,” he said.

The mandatary take-up of insurance for terrorism, cyber, pandemic or non-damage business interaction would create “a huge moral hazard”, and this was a key topic in Pool Re’s latest review by the UK Treasury, he said.

“The premium in the system for cyber is projected to be $20 billion by 2025, which is quite a large amount of premium compared to what it started out as two or three years ago. But it’s nowhere near enough to deal with the systemic loss. If we don’t find a way to design these public-private partnerships, there’s simply going to be yet more protection gap.

“A holistic form of risk management means looking at a model with different perils under it according to the effect of what’s happened, as opposed to the actual cause of what’s happened. You’ve got the government sitting at the top as the insurer of last resort.

“Bear in mind that if they don’t do this, they are the insurer of first resort because we’re not covering that risk. What’s needed is for the reinsurance industry to get the benefit of a spread of different types of risks.

“If you then collaborate internationally with organisations such as the World Bank or the Organisation for Economic Co-operation and Development, you also get geographic spread of risk, which may be problematic in certain areas of systemic risk, less so in others.

“But you get that R&D facility, that greater understanding of the risk, and the incentivisation of the behaviour of consumers. You get a whole-of-society approach to risk and resilience.”

This enables a government to manage all the risks in its national risk register. In other words, there are other risks that governments are managing all the time that sit on their balance sheet.

“These are opportunities for the re/insurance industry, but we never get to see them because those risks are carried entirely by the taxpayer. I would argue that is wrong, and that they shouldn’t be doing that,” he said.

A pool for systemic risk

Enoizi read to delegates at the Summit a recent statement from the UK’s upper house of parliament, the House of Lords: “The insurance industry can demonstrate its commitment to a public-private scheme by sharing the risk with government through the provision of capital and risk retention, contributing to economic confidence and resilience, as well as providing risk management mitigation, and transfer expertise and infrastructure capabilities.”

However, the common theme around the world, two years on from the beginning of the COVID-19 pandemic, is that governments “just don’t have the bandwidth” to design a public-private re/insurance scheme, Enoizi said.

“We need to design the mechanism ourselves as an industry and wait until the government catches up,” he said. “We can’t wait for the government to be ready, because the next systemic event may happen before they’re ready. We can’t afford to be in a situation where we’re simply excluding it and showing ourselves not to have done anything about it.”

He suggested the creation of a pool for systemic risk, such as a pandemic, with capacity closed at, for example, £1 billion on day one. That might eventually become £5 billion as the ecosystem took hold and knowledge increased.

“That gives you economy of scale, a pool of premiums that you can invest in getting a greater understanding of the risk. As you get a greater understanding of the risk, and you’re able to price it more accurately, the insurance industry will take more risk, the reinsurance industry will take more risk, and resilience will grow because you’ve incentivised the behaviour of the customers, who at least have some cover for their risk,” he explained.

“Having created your closed pool and then a systemic event happens, it’s very easy for the government, should it so choose, to come in and plug in an unlimited guarantee behind you. That creates liquidity in the system, which flows very quickly, because the other thing we do very well in the insurance industry is adjust claims.”

Parting gift

Enoizi concluded with what he sees as Pool Re’s three main achievements from its review by government.

“The principal thing is that we have transitioned Pool Re from being a privately-owned entity into an arm’s length body. That’s not something we wanted to happen—we’d operated for 28 years as a commercial entity, but because of that unlimited guarantee, it was deemed that we needed to be part of government because the guarantee was essentially something that other commercial entities do not benefit from,” he said.

The second thing Pool Re achieved was the ability to continue to operate flexibly and innovatively, he said. Alongside that, it made sure it had strong and open dialogue, and a partnership approach, with the government.

The third thing was to retain the unlimited guarantee, which has allowed the UK to build resilience, he said. “That £12 billion of protection takes care of almost the entirety of conventional terrorism, and the government would be left with only the tail end of the risk from NCBR, and also potentially from catastrophic cyber.”

From the UK Treasury’s latest review of Pool Re, Enoizi highlighted four points.

First, for Pool Re to continue to evolve, more risk needs to be repatriated to the market, he said. That includes bifurcation of the risk between conventional terrorism, and non-conventional terrorism and cyber.

“We’ve asked the government to allow us to look at those two risks differently, leaving the government with only the uninsurable part. The industry will entirely insure the conventional part of terrorism without even recourse to the guarantee,” he said.

“That is a huge opportunity for the industry almost to wind the company up because then the insurance and reinsurance markets will handle the entirety of conventional terrorism without even needing any kind of government support.”

Second, Pool Re has changed its scheme to a treaty model to ensure the involvement of the insurance industry. “You in the reinsurance industry have played your part with that £2.5 billion largest standalone terrorism treaty anywhere in the world, but the insurance industry has to learn again how to underwrite terrorism insurance and play a bigger role,” he said.

“We have 150 cedants in Pool Re and my guess would be that if 10 of them had a terrorism underwriter, I’d be surprised. So, we have to teach the industry how to underwrite terrorism, and how to price and manage it, and how to advise on the mitigation of terrorism. Moving to a treaty system will do that.”

Third, Pool Re has changed its pricing mechanism which, Enoizi said, had been very rigid and consisted of four “zones”.

“What we’re now saying is, if you as the underwriter can choose the price you want to charge your client, we will reinsure you on a treaty basis. What that means is they can charge different prices from the Orkney Islands to a different price for say, central London or Manchester. That, again, is a massive change in terms of how you get to a more risk-reflective price.”

Fourth, Pool Re has a mandate to spend a much bigger proportion of its premium volume on mitigating the risk.

“We’re going to start to invest tens of millions of pounds into risk mitigations. I can’t tell you what those are, because they’re sensitive, but the idea is to contribute to the removal of threat vectors from the UK and therefore reduce the exposure of the industry,” he said.

The definition of terrorism is crucial, he emphasised.

“All of this will be for naught if tomorrow we have a large-scale terrorism event and something we fully intended to have covered is not covered because the definition of terrorism hasn’t kept pace with modern threat vectors and threat actors.”

As a final message to Bermuda’s re/insurers before leaving Pool Re, Enoizi said: “I’m very proud to leave Pool Re ready to face the next five years, ready to modernise. I’ve been privileged to lead what is a tremendous organisation.

“For myself, I’d like to continue to work in this space of systemic risk because I truly believe that it is the future of our industry. If we don’t get it right, we won’t have a glorious future.”