Doing ground up work

Wolfgang Boffo: It is true that such schemes already exist, but they are usually designed for specific industry segments, such as banking or financial services. So, even if these schemes are over-arching in their industry segment reach, they often are created to categorise only certain types of risk, like financial vs non-financial risk. In addition, these categorisations are also regional in use and designed by third-parties such as local regulatory bodies, or are built only for survey purposes, so their use can be limited in scope. Until now, there is no universal “one size fits all” categorisation scheme. This is, what we wanted to create based on corporates’ own public risk reportings.

Primarily, the decision to use 10-K reports came down to convenience. All listed companies in the US are required by the SEC (U.S. Securities and Exchange Commission) to file an annual 10-K report which are then published on the SEC website. So, from a technological standpoint, we can easily compile the reports without having to identify and navigate each client’s individual website. Second, every 10-K report will, in principle, list all potential risks a certain company considers important enough for reporting. The available number of these reports and their listed risks is quite impressive and representative of the bigger picture. As a sample, this provided an excellent framework for collecting and compiling the mentioned risks across various industry segments. It also allowed us to transfer this information into a categorisation scheme that is universal for (quite literally) all industry segments and all types of risks. This cross-industry approach proved important for providing the qualitative and quantitative input for further analytical work on white-spot areas of risk or new patterns and trends. 

The information provided via 10-K reports may, at first sight, look very structured. However, it unfortunately isn’t for the purpose of simply applying AI and data mining. This is, for now, why we decided on a hands-on approach to weed out the risks from the 10-K information, to cluster these and derive an accurate three-tiered hierarchical categorisation matrix. The many underlying risks, now well-structured in a table, are perfect feed-in input for AI and DM algorithms to be crafted.

It needs to be said clearly, that the categorisation scheme wasn’t developed from an insurers’ perspective to split the findings only between so far insurable and non-insurable risks. Because if we had done so, we would have followed outdated categorisation patterns. We aimed for a scheme to reflect all possible risks a company is confronted with. For this reason, the Risk Repository doesn’t rely on a lot of the typical insurance terminology one may expect from this type of categorisation. Still, on a fairly granular level, there are certain divisions of risk that clearly show relevance and where the boundaries of traditional insurance can and need to be pushed to remain important to corporates as a risk transfer partner.

It shouldn’t be too surprising that our results showed Business Interruption as the #1 risk mentioned across all analysed industries and companies. Also, companies aren’t listing root-cause for interruption with a differentiation between physical and non-physical damage. If you dig a bit deeper, you will find that a wide array of risks is mentioned that can cause severe interruption. It became clear going forward that across all industry segments, the dynamics in technological advancement like IoT and Industry 4.0 and their swift adaptation is seen as adding risk to a company’s operational capability. This plainly shows us that individual, but comprehensive risk transfer solutions are needed to effectively support our clients’ business resilience management efforts. These results are actually very much in line with our company’s ongoing understanding of risks. We intend to use the findings to further back up and cross-check our decisions for transferring such emerging exposure as comprehensively as possible.

The answer is two-fold. As mentioned before, we will now be adding more AI and DM work to our existing database, while also validating results currently in use. In addition, since only the mentioning or listing of risks alone doesn’t produce transfer solutions, we will now add risk event evidence and statistical relevance to our categorisation scheme. It consequently will allow us to better model and price risks. Risk managers will benefit from such information and become an even more valuable player within their company. Investors and supervisory board members will also be greatly supported from such information gathered in our Risk Repository, enabling them to make better investment decisions or provide a more comprehensive oversight of the risk landscape for a company or industry. The bottom line for Munich Re and its corporate clients is to continue to deliver solutions that are tailor-made to fit their exact needs. Our Risk Repository findings will be an invaluable component in improving upon our expertise and client expectation in this regard.