Published February 25th, 2022 by Kyle Langan

Focus of TCOR: Profitability

It is vital for the financial health and longevity of an entity to account for, and understand the effect of all expenses on its profitability.

Companies may assume they understand and measure their expenses and profitability correctly, right?  This is commonly untrue.

Learn How to Measure: TCOR explained

Inherent in all company’s operations are risks, and with risk comes cost.

Here’s what TCOR is and what you need to know about it in order to prevent lost profits within your company:

Total Cost of Risk (TCOR) is the cost of managing risks and incurring losses. [1] Total cost of risk is the sum of all aspects of an organization’s operations that relate to risk, including retained (uninsured) losses and related loss adjustment expenses, third party / administrative costs, transfer costs, risk control costs, and indirect costs. [2]

Third-Party Costs include the expenses associated with buying insurance (premiums, taxes, and fees). These costs are determined by your effective policy types and claims experience. [3]

Losses are the largest source of commercial profit erosion. They are controllable with the placement of proper risk control mechanisms. Direct costs stem from losses through retained costs, deductibles, and uninsured losses. [4]

Indirect loss costs are the unbudgeted expenses of loss events caused by business interruption, disruption and/or reputational loss. They are calculated through an indirect loss cost factor – specific to industry group and risk category. This part of the equation is the most challenging – it is not commonly measured.

With the right risk control plan in place, there are significant opportunities to reduce your TCOR by working to mitigate losses.

TCOR, an example:

Ransomware attacks increased in 2021; evolving tactics of cybercriminals demonstrated their growing sophistication and threat to organizations globally. [5] These criminals increasingly expanded methods to extort money from mid-sized businesses. They threaten to publicly release stolen information and/or disrupt victims’ internet access.

A commercial victim of a cyber extortion loss will incur significant indirect costs, thereby increasing its TCOR. This results from stolen money, access disruption, or loss of data, time, and human capital.

Scenario: Large Addiction Treatment Center Faces Cyber Extortion

2,500 records of Personal Health Information (PHI) are hacked. This was the only loss it faced in 2021. The treatment center has a cyber risk policy insured by Lloyd’s of London. It offers protection with a $1,000,000 aggregate limit and a $10,000 deductible.

Third Party Costs

• Risk Financing Premiums, Taxes, Fees = $7,500

Losses (Paid by Lloyd’s of London) [6] 

• 1st party crisis services median loss = $564,930
• 1st party legal costs = $48,185
• 1st party regulatory costs = $13,292
• 3rd party costs = $74,770
• 1st party business interruption = $126,279 (Lloyd’s of London will have a specific policy language regarding business interruption indemnity)

Direct Costs: Deductibles, Retention, Uninsured Losses

• $10,000 deductible

Indirect Loss Cost Factor:

• Indirect Loss Cost factor for cyber risk in this industry = 1.00
  • The indirect loss cost factor measures wasted time, energy, and resources spent on the claim process and recovery from the loss. Indirect losses erode EBITDA margins, which is why your risk manager should provide a strategy for how to measure, and ultimately recapture them.
• Initial loss = $827,456

Theoretically, a factor of 1.00 would mean the indirect losses would total an additional $827,456, equating to a total impact of $1,654,912.

However, because this is a single large ‘shock’ loss, we would cap the indirect losses at perhaps $200,000. That way, the friction is conservatively limited to $200,000. Most experts agree that there is an amount involved with handling the claim and the frictional costs, but there is usually a cap.

In conclusion, the addiction treatment center has an $827,456 loss — $817,456 that is covered by Lloyd’s of London, and a $10,000 self-insured deductible.

Additionally, it faces $200,000 in indirect losses that are eroding its bottom-line profitability. This is unaccounted for on an income statement, unless it is measured and quantified by your risk manager. Although it is uncommon, Conrey has this capability – email me at kylel@conreyins.com to have this calculated for your business.

Total loss with indirect loss cost factor = $1,027,456 (only $817,456 is covered by Lloyd’s of London)

Total Cost of Cyber Risk for the Addiction Treatment Center in 2021:

• $217,500: 2021’s total cost of cyber risk for this addiction treatment center. Keep in mind, this number only accounts for cyber risk, but it still serves as a useful demonstration for calculating TCOR.
  • Risk Financing Premium = $7,500
  • Deductible = $10,000
  • Indirect Losses = ~ $200,000

Note: Separate from TCOR, is Existential Cost of Risk (XCOR) — existential cost of risk is the “premium” that would be charged by an insurer if a company insured all of its risk exposures. This can be considered the cost a company incurs to finance the risk of its continued existence. Not all business risks can be reasonably called “insurable,” but XCOR provides a proxy for such a cost. [7]

 

References

[1] — [2]

Cost of risk. Cost of Risk | Insurance Glossary Definition | IRMI.com. (n.d.). Retrieved February 28, 2022, from https://www.irmi.com/term/insurance-definitions/cost-of-risk

[3] — [4]

Data-driven client outcomes for the insurance industry. TCORCalc. (2019, July 28). Retrieved February 28, 2022, from https://tcorcalc.com/

[5]

Zank, A. (2022, February 11). Officials saw more ‘professional’ cybercriminals, more infrastructure attacks in 2021. Advisen – Risk Manager FPN. Retrieved February 28, 2022, from https://www.advisen.com/tools/fpnproc/fpns/articles_new_24/P/422217002.html?rid=422217002&list_id=24

[6]

Cyber overvue. (n.d.). Retrieved February 28, 2022, from https://cyberovervue.advisen.com/search

Existential cost of risk xcor. Existential Cost of Risk (XCOR) | Insurance Glossary Definition | IRMI.com. (n.d.). Retrieved February 28, 2022, from https://www.irmi.com/term/insurance-definitions/existential-cost-of-risk-xcor

 

Published December 17th, 2021 by Kyle Langan

Although Southern California is famous for its mild winters, it does face unique risks of flooding, wind damage, and rain. This risk can lead to landslide and or infiltration from the outside to the inside of buildings.  Let’s first identify the root cause of why the upcoming winter season will be more severe than typical. Once understood, loss control recommendations can be made.

Good News and Bad News: Increased Snowpack

In August 2016, the Environmental Protection Agency warned of decreasing snowpack in California’s climate.[1] This problem is one of the endless negative impacts of climate change.

As the climate warms, less precipitation falls as snow. As a result, more snow melts during the winter, which decreases snowpack — the amount of snow that accumulates over the winter. Since the 1950s, snowpack has declined in California.[2]

However, 5 years later (December 2021), breaking news suggests a much-needed increase in snowpack for the Sierra Nevada is inbound.

A powerful storm system along the West Coast is dropping heavy snow in the mountains of the Sierra Nevada, and the Cascade Range.[3] The storm systems are excellent news for the drought-plagued region and its struggling mountain snowpack; without it, a resulting decrease in the extent of alpine tundra ecosystems could threaten some species.[4]

Mountain snow will be measured in feet with this storm, with more than five feet possible in the higher elevations of the Sierras.[5] “Total snow accumulations will be tremendous,” the National Weather Service in Sacramento wrote in a forecast discussion, calling it “easily the biggest snowstorm so far this season.” [6]

Warning

Although this storm system is great for the environment, it will be met with increased risk for property owners in California. The storm will bring positive change for California’s climate, but is simultaneously disruptive because of its potential flooding and impacts on travel.[7] Substantial wind and rain will enter lower elevations from the Pacific Northwest to Southern California.[8] The lower elevations of central California have the greatest risk of flooding, which does present unique risk to dwellings in the Sacramento and San Joaquin Valleys.[9]

Risk Management Techniques

Flood vents, floodplain management, and wind mitigation are all vital aspects of a risk control strategy for climate risk.

Flood Vents:

A flood vents are a useful guard against the buildup of excess moisture or water which are not healthy for structures to endure. They are permanent openings in walls that allow for the free passage of water. Flood Vents protect houses and buildings during floods by preventing hydrostatic pressure buildup that can destroy walls and foundations. This mitigation technique, allows floodwater to freely flow through an enclosure such as a crawlspace or garage.[10]

Characteristics of effective flood vents:

• Free passage of water flows automatically in both directions without human intervention
• Minimum of two openings
• No higher than one foot above grade

Flood vents are useful for allowing for the automatic entry and exit of flood waters for an at-risk property. It is a “wet floodproofing” technique is required for residential buildings. Commercial buildings have the option to wet floodproof, which can be more cost-effective compared to dry floodproofing.[11] Dry floodproofing includes measures that make a structure watertight below the level that needs flood protection to prevent floodwaters from entering.  This type of floodproofing is often used to protect non-residential structures, water supplies, and sewage systems.[12]

Mitigation + Floodplain Management:

Further, property owners should also transfer risk to an insurer.

• Purchase flood insurance
• Look into Flood Hazard Areas (SFHA)
• Look for Flood Insurance Route Maps (FIRM) near your area

Wind Mitigation:

Windstorm is normally a covered peril whether an organization purchases “named peril” or “all risks of loss” coverage.[13] Alternative options include a supplemental parametric insurance policy that pays out pre-agreed funds based on wind speeds.

Wind and water can cause damage to exterior walls, roofing as well as glass breakage and interior water damage.[14] In addition, damages to other insured property are at risk: docks, piers, landscaping, swimming pools, golf courses, tennis courts, outdoor restaurants/bars, etc. Damages to these areas drastically increased the amount of a potential claim.[15] Therefore, insurance policies that cover these exposures are important to consider. This way, indemnity is available if losses are present. If you are not certain if your assets are protected, contact Conrey.

[1-2] EPA

[3] Leonard

[4] EPA

[5-9] Leonard

[10-11] Smartvent.

[12] FEMA

[13-15] IRMI

References

EPA – What climate change means for California. (2016, August). Retrieved December 17, 2021, from <https://www.epa.gov/sites/production/files/2016-09/documents/climate-change-ca.pdf>

FAQs. SmartVent. (n.d.). Retrieved December 17, 2021, from <https://smartvent.com/resources/faq>

FEMA: Dry Floodproofing. Dry floodproofing. (n.d.). Retrieved December 17, 2021, from <https://emilms.fema.gov/IS321/HM0103040text.html>

Leonard, D. (2021, December 13). Storm blasting California with massive mountain snow and flooding rain. The Washington Post. Retrieved December 17, 2021, from <https://www.washingtonpost.com/weather/2021/12/13/california-rain-snow-atmospheric-river/>

Published November 29th, 2021 by Kyle Langan

Within the walls of the beachfront condominium development, Champlain Towers South, abundant cracking and crumbling on columns, beams, and walls of the parking garage existed.   In 2018, a hired engineer warned of major structural damage to concrete slab below the building’s pool deck.  So, how did this not get corrected in the 3-year window of time leading up to the collapse and tragedy that ensued?

Board of Directors’ Failure to Employ Basic Risk Management Principles

Champlain’s board of directors was responsible for maintaining and repairing common elements including buildings, pools, and parking garages. Reserve studies accomplish this – an engineer can adequately advise of all elements, along with maintenance and replacement. At Champlain, the condo’s association had only $706,460 in reserves, which was well short of the $10M needed for structural repairs.

The Business Judgement Rule has extreme significance for the prevention of another occurrence like the tragic one in Surfside.  Boards must follow the advisory of the professionals; i.e., engineers, insurers, CPAs, and attorneys. Regular inspection of a building’s structural integrity and setting proper reserve levels are both vital. Board members need to be educated individuals that listen to expert business judgment from qualified professionals.  More importantly, directors must follow the recommendations to prevent losses. Additionally, had business judgement been followed at Champlain, it would have provided a strong defense to litigation coming from a unit owner’s family or third party affected by the loss.

D&O coverage offers litigation protection for individuals on the board and the responsible entity for a loss of this nature. To read more about the importance of D&O risk financing, click here. With this in place, personnel on the board and the entity itself will both experience financial protection from any economic losses. Champlain Towers South only had $49 million in total coverage, which was not sufficient because of the litigation that ensued after the obvious negligence.

Preventing Another Surfside Miami Condo Collapse

Risk mitigation: For commercial properties, engineers must file copies of safety inspections with local governments. This is vital for the longevity and structural health of the property, and it is now a requirement by Florida statute.

Education: An essential part of the public sector’s mitigation strategy is the increasing education requirements for board members and property managers. Directors on any board must be nuanced in the ways of how to properly and timely maintain an entity and its assets. Also, increased education can help achieve an essential goal for housing associations: balancing reserve funding with reasonable assessment for owners. This is significant because it introduces elements of Enterprise Risk Management, which holistically addresses loss exposures, mitigation, and financing of an entity. For the design of a risk financing & mitigation plan that will increase the profitability and valuation of your entity, contact kylel@conreyins.com.

With a strategy that implements the risk mitigation techniques above, negligence can be identified and solved. Negligence from the board of directors was the root cause of what led to the Champlain Towers South collapse in Miami; it is now being addressed reactively to prevent another similar tragedy.

Recommendation: A board of directors should follow the strategies above, avoid negligence, and purchase D&O insurance. That way, in case a catastrophic loss does occur, directors’ personal assets are not lost in defense costs during litigation. Risks should be financed up to the level of the industry group median, at a minimum. Then, directors should identify what percentage of losses go over this median, and determine how much coverage they want to purchase based on the risk appetite of the entity. Coverage medians and maximum losses within industry groups of a company should be analyzed by your risk manager. If they are not, contact me.

References

Surfside Condo Collapse Webinar – Hosted by USLI <https://www.usli-events.com>

Various ideas coming out of the State of Florida concerning how to handle the collapse <https://www.floridabar.org/>

Published September 2nd by Kyle Langan

HURRICANE IDA is commanding many of the current headlines and updates in the news. Preliminary loss estimates from the storm are approaching $25 billion in New Orleans, LA.^[1] Why should catastrophic events matter to you? One important reason is controlling the risk your most cherished asset faces. For most people, this is their home, while for others, it may be a valuable commercial property. Homeowners and facilities managers alike must maintain high level awareness of their property in order to mitigate risk and prevent loss.

$14.5B Network

New Orleans employed a proactive risk mitigation investment strategy by constructing a $14.5 billion network of seawalls and levees that the Army Corps of Engineers built after Katrina.^[2] New Orleans’ current infrastructure system features hundreds of levees positioned in a protective ring around the city, the longest storm surge barrier in the U.S., a floodgate at Lake Ponchartrain, and the world’s largest pumping station.^[3] With this proper protection in place, the city was effectively able to avoid another Katrina. This infrastructure guarded the city well against Ida and sets a model for other at-risk cities to follow. Katrina was catastrophic because very high storm surges overtopped levee systems in New Orleans and St. Bernard Parish.^[4]

New Orleans’ levee system functioned as designed, according to Kelli Chandler, regional director of the New Orleans Flood Protection Authority: in the metropolitan area, “there was no breaching or overtopping of the levee system,” she said.^[5] Katrina and Ida were not identical; however, the city experienced success during a storm of similar intensity to Katrina. Ida was a category 4 hurricane, with 150 mph winds. Katrina was a category 3, with 125 mph winds, but moved faster and was larger in size than Ida.^[6] The magnitude of losses that were prevented can be seen in the appendix below:

Results: New Orleans’ demonstration of effective, proactive risk control

 

Inadequate Risk Control (Katrina)	Proper Risk Control in place (Ida)
* $174.7 Billion in damages	$25 Billion in damages

* Adjusted for inflation ^[7]

Proactive risk control is similarly necessary to prevent structural issues for commercial properties. Buildings deteriorate gradually over time, so managing the risk of this deterioration before problems arise is key. A strategy with this in mind is how New Orleans reduced a hurricane’s damages by over $100 B. The estimated ROI from the $14.5B investment was roughly $150B in prevented damages.

As buildings age, they can lose structural integrity. If simple repairs are procrastinated, they can develop into greater issues with higher loss potential. This can cause significant damage that may increase danger and interrupt operations.^[8] Structural engineering and building codes have evolved the safety of commercial properties. Still, additional loss prevention is necessary for longevity and success. Facilities managers must adequately protect commercial buildings and mitigate the risk they face. Proactive risk control helps to prevent losses. Further, risk transfer increases capacity to prepare for inherent losses.

Constant maintenance and inspections are vital to mitigate property risk. This, along with the loss prevention advice below, is your solution to commercial property risk mitigation. Risk solutions are our specialty at Conrey.

 

Loss Prevention for Commercial Properties:

 

• How effective is your facilities manager? — Hire excellent facilities managers because they act as the first line of defense. They identify repairs that need to take place, which is a crucial role. Proactive assessment will save money and ensure buildings remain safe to occupy.^[9]
• Are you planning for repairs and maintenance? — In the long run, it is favorable to financially prepare for unexpected expenses to occur. Routine maintenance should be budgeted for in advance.^[10] According to the University of Michigan School for Environment and Sustainability, 72% of commercial buildings in the United States are aged 20 years or older; it’s around this milestone that facilities managers should budget significant funds in advance for upgrades.^[11]
• When are building inspections conducted? Inspections should occur:
  • Annually;
  • After any significant event, such as wind storms, earthquakes or hurricanes;
  • Before and after any major addition or renovation.^[12]
• Who is performing inspections? — Ensure inspections are performed by qualified inspectors who have location-specific expertise. Inspectors must be familiar with indicators of damage. Structural engineers must assess the major structural components of the building to identify any necessary corrective actions. They should document inspections to allow for year-to-year comparisons of issues, with photos.^[13]
• Are local building codes known? —Building codes help maintain safety and sound structure in buildings. It’s essential to know and understand local building codes; this way, requirements are met. Regulations in harsher environments may have additional requirements.^[14]
• Are issues being dealt with swiftly? —When an issue arises, they must be acted upon as early as possible. Early action lowers costs versus allowing issues to mature and become more serious or perhaps dangerous. The safety of those who live or work in the building depends on structural issues being addressed and resolved.^[15]  A failure in this loss prevention technique can result in a devastating event like the one New Orleans experienced in 2005 with Katrina.

For risk management guidance on par with New Orleans’ successful risk reduction infrastructure, consult with Conrey Insurance Brokers & Risk Managers. To speak with a member of the Conrey Team, call (714) 838-5835 or contact us and experience The Conrey Difference for yourself.

— Kyle Langan, Risk Manager at Conrey

 

[1] S&P Global.

[2] Editorial Board.

[3] Castillo, A.

[4] Levenson, E.

[5] Castillo, A.

[6] Levenson, E.

[7] Staff, U. S. I. C.

[8-15] Johnson Financial Group.

 

References

Castillo, A. (2021, August 31). Battered by Hurricane Ida, New orleans’ storm protection infrastructure holds fast. American City and County. https://www.americancityandcounty.com/2021/08/31/battered-by-hurricane-ida-new-orleans-storm-risk-reduction-infrastructure-holds-fast/.

Editorial Board. (2021, August 31). Opinion | Hurricane Ida shows the huge investments to protect New Orleans after Katrina paid Off. it’s a lesson for other cities. The Washington Post. https://www.washingtonpost.com/opinions/2021/08/31/hurricane-ida-shows-huge-investments-protect-new-orleans-after-katrina-paid-off-its-lesson-other-cities/.

Johnson Financial Group. (2020, January 24). Risk insights: Structural issues and aging buildings. Johnson Financial Group. https://www.johnsonfinancialgroup.com/resources/blogs/business-guidance/risk-insights-structural-issues-and-aging-buildings/.

Levenson, E. (2021, August 30). How hurricane Ida compares to Hurricane Katrina. CNN. https://www.cnn.com/2021/08/30/us/hurricane-ida-katrina-new-orleans/index.html.

S&P Global (2021, August 31). Hurricane Ida losses likely short of Katrina totals, could hit $25B. ProgramBusiness. https://www.programbusiness.com/news/hurricane-ida-losses-likely-short-katrina-totals-could-hit-25b?utm_campaign=dnf-2021-08-31&utm_source=dnf&utm_medium=email.

Soergel, A. (2015, August 28). From resilience to resurgence after katrina. U.S. News & World Report. https://www.usnews.com/news/articles/2015/08/28/new-orleans-economic-resurgence-after-hurricane-katrina.

Staff, U. S. I. C. (2021, August 11). Inflation calculator: Find US dollar’s value from 1913-2021. US Inflation Calculator |. https://www.usinflationcalculator.com/.