Insurance risk - underwriting The risk related to our core business of providing insurance products and services to clients, and to the management of our net exposure to losses. |
What is the risk? |
Why do we have it? |
How is it managed? |
Binding authorities Hiscox generates considerable premium income through third parties authorised to underwrite insurance policies on our behalf. Third parties may accept risk outside of agreed parameters or normal guidelines, exposing us to financial and operational risks. |
Binding or delegated authorities give the Group access to a greater volume of business. They can contribute significantly to the Group's profitability and increase market share. |
Authorities we grant are closely controlled through strict underwriting guidelines, contractual restrictions and obligations. We have a Group-wide delegated authority policy which sets out the standards and principles in managing external third parties to whom authority is delegated. Contractual arrangements usually grant limited rights to bind us to risks, new or renewal. We vet all third parties prior to appointment and monitor and audit them regularly to ensure they meet our standards. |
Insurance risk - reserve The risk of managing the volatility of claim provision reserves set aside to pay for existing and future claims. |
What is the risk? |
Why do we have it? |
How is it managed? |
Reserve risk We make financial provisions for unpaid claims, defence costs and related expenses to cover our ultimate liability both from reported claims and from 'incurred but not reported' (IBNR) claims. There is the possibility that we do not put enough money aside for our exposures, which could affect the Group's earnings, capital and future. |
When underwriting risks, we estimate the likelihood of them occurring and their cost. Our actual claims experience could exceed our loss reserves, or we may need to increase levels of loss reserves. |
The provisions we make to pay claims reflect our own experience and the industry's view of similar business; historical trends in reserving patterns; loss payments and pending levels of unpaid claims; and awards as well as potential change in historic rates arising from market or economic conditions. Provisions are set above the actuarial mid-point to reduce the risk that actual claims may exceed the amount we have set aside. Our provision estimates are subject to rigorous review by senior management from all areas of the business, as well as from independent actuaries. The relevant boards will approve the amount of the final provision, on the recommendation of dedicated reserving committees. Details of the actuarial and statistical methods and assumptions used to calculate reserves are set out in note 26 to the consolidated financial statements. |
Market risk - investment The risk of financial loss resulting from adverse movements in market prices, exposure from trading and global operations. |
What is the risk? |
Why do we have it? |
How is it managed? |
Asset value We invest the cash we receive from our clients in premiums and the capital on our balance sheet until it might be needed to pay claims. These funds are inevitably exposed to market investment risk. Investment risk also encompasses the risk of default of counterparties, which is primarily with issuers of bonds in which we invest, and investment managers. |
Our investment portfolio is exposed to a number of risks related to changes in interest rates, credit spreads, and equity prices, among others. |
Our objective is to maximise our investment result in the prevailing financial, economic and market conditions without undue risk which could affect the Group's capacity to underwrite. Funds held for reserves are invested primarily in high-quality bonds and cash and as far as possible, are maintained in the currency of the original premiums for which they are set aside, to reduce foreign exchange risk. As many of our insurance and reinsurance liabilities have short time spans, we do not aim to match exactly the duration of our assets and liabilities. Our fixed-income fund managers operate within guidelines as to the type and nature of bonds in which to invest, which reflect the rate at which we expect to pay claims, while providing them some flexibility to enhance returns. A proportion of funds is allocated to riskier assets, principally equities. We take a long-term view on these assets so we can achieve the best risk-adjusted returns. We make an allocation to less volatile, absolute return strategies within our risk assets, so as to balance our desire to maximise returns with the need to ensure capital is available to support our underwriting throughout any downturn in financial markets. |
Market risk - investment The risk of financial loss resulting from adverse movements in market prices, exposure from trading and global operations. |
What is the risk? |
Why do we have it? |
How is it managed? |
Liquidity The risk we are unable to meet cash requirements from available resources to pay liabilities to customers or other creditors when they fall due. Also, the risk we incur excessive costs by selling assets or raising money quickly to meet our obligations. The failure of our liquidity strategy could have a material adverse effect on the Group's financial condition and cash flows. |
If a catastrophe occurs, we may be faced with large, unplanned cash demands, which could be exacerbated if we have to fund a large portion of claims pending recovery from our reinsurers. Although our investment policies stress conserving principal and liquidity, our investments are subject to market-wide risks and fluctuations. |
Our investment policy recognises the demands created by our underwriting strategy, so that some investments may need to be sold before maturity or at short notice. A high proportion of our investments are in liquid assets, which reduces the risk that they may make losses if they have to be sold quickly. Funds held for reserves are invested primarily in high-quality, short duration bonds and cash so the Group can meet its aim of paying valid claims quickly. Our cash requirements can normally be met through regular income streams: premiums, investment income, existing cash balances or by realising investments that have reached maturity. Our primary source of inflows is insurance premiums while our outflows are largely expenses and payments to policyholders through claims. We forecast our cash flow for the week, month, quarter, or up to two years ahead, depending on the source. We run tests to estimate the impact of a major catastrophe on our cash position to identify potential issues. We also run scenario analysis that considers the impact on our liquidity should a number of adverse events occur simultaneously, such as an economic downturn and declining investment returns combined with unusually high insurance losses. We maintain extensive borrowing facilities. These arrangements have been made with a range of major international banks to minimise the risk of one or more institutions being unable to honour commitments to us. |
Credit risk The risk of loss or adverse financial impact due to counterparty default or failure to meet obligations with agreed terms. |
What is the risk? |
Why do we have it? |
How is it managed? |
Credit risk - reinsurance We buy reinsurance to protect us, but if our reinsurers are unable to meet their obligations to us it would put a strain on our earnings and capital, and could harm our financial condition and cash flows. |
We cover clients against a range of catastrophes and protect ourselves through reinsurance. We face credit risk where we seek to recover sums from other reinsurers. |
We buy reinsurance only from companies that we believe to be strong. A dedicated Group credit committee must approve every reinsurer we use, based on an assessment of their financial strength, trading record, payment history, outlook, organisational structure and external credit ratings. Our credit exposures to these companies are closely monitored, as are the companies themselves, so we can quickly identify any potential problems. We consider public information, our experience of the companies, their behaviour in the marketplace and consultants' and rating agencies' analysis. |
Credit risk - brokers We may lose money if the broker fails to pass the premium to us, or if the broker fails to pass the claims payment to the policyholder. |
The vast majority of our business is written through brokers. We face credit risk where we transfer money to, and receive money from, brokers for premiums or claims. |
We follow the same careful process for selecting and monitoring the brokers we work with as for our reinsurers. We also minimise the risk further by dealing with only the most credit-worthy brokers, taking into account market data and our experience. In some instances for large losses, we pay policyholders directly to reduce broker credit risk on material transactions. |
Operational risk The risk from derivative exposures involving people, processes, systems and external events resulting from running a uniquely diversified insurance business. |
What is the risk? |
Why do we have it? |
How is it managed? |
Regulatory change The insurance industry is exposed to continuous regulatory change, which may impact the capital we are required to hold. We are also exposed to new and emerging risks, including through legal or political decisions or legislative changes. |
Insurance is a regulated industry. There may be times where the regulatory landscape undergoes a significant shift which directly impacts our business. |
The Group supports sound prudential regulation as a key element in the stability and sustainability of the insurance and wider financial markets in which we operate. We continuously monitor new regulation and review our internal processes to facilitate compliance. Our approach is to combine local expertise with a globally consistent framework to manage regulatory change and provide effective compliance with the varied and evolving requirements. |
Information security (including cyber security) Information security risk relates to not protecting information which could compromise the confidentiality, availability or integrity of our data. Cyber security risk is the threat from globally connected networks such as the internet. It differs from the exposure posed by underwriting cyber risks, which is considered an insurance risk. Information security risk can result in loss of profit, and legal, regulatory and reputational consequences. |
We operate in a world where the volume of sensitive data and the number of connected devices and applications have increased exponentially. Also, cyber-attacks are increasingly frequent and sophisticated. Our business depends on the integrity and timeliness of the information and data we maintain, own and use. |
Information security risk is managed as a business risk, not an IT responsibility. We employ an information security policy and cyber security risk strategy. We have dedicated IT security resources which provide advice on information security design and standards. We also have an information security group, including experts from around our business to assess and manage these threats. Our cyber strategy combines industry standard perimeter security with data-centric protection for specific highly confidential information. We constantly deploy and evolve systems, policies and procedures to mitigate internal and external threats to the IT infrastructure. In 2016 we rolled out Group-wide mandatory training on information and cyber security which is also mandatory for all third parties and contractors. Our stress testing and scenario analysis considers the impact and likelihood of information security exposures to assess their effect on our business, as well as management actions, including response plans. |
Information technology and systems failure The risk from major IT, systems or service failure which can significantly impact our business. |
Our information technology and systems are critical to conducting business and providing continuity of service to our clients, including supporting underwriting and claims processes. |
We have dedicated IT resources which support the Group's technology needs and oversee our critical systems and applications. Our stress testing and scenario analysis considers the impact and likelihood of an IT or systems failure, to assess the effect on the business and discuss what management actions could be taken to mitigate the risk. A formal disaster recovery plan is in place to deal with workspace recovery and the retrieval of communications, IT systems and data should a major incident occur. These procedures would enable us to move the affected operations to alternative facilities quickly. The plan is tested regularly and includes simulation tests. |