POOL Re – Helping to build resilience against terrorism risk
The oft-spoken phrase within insurance circles is “the premiums of the many, pay for the claims of the few”. This explains the basic principle of the industry, but why is this important to counter terrorism?
It was a significant sequence of terrorism events that upended that principle of insurance in 1992, courtesy of the Provisional IRA and their bombing campaign of properties in Manchester and the City of London. The claims were suddenly being made by the many, and the premiums being paid weren’t sufficient to cover the insurers’ losses.
In the aftermath, the insurance market began to withdraw cover for commercial property because of the cost and frequency of the attacks, leading to a market failure, leaving businesses unable to purchase the cover they needed. This created an additional and serious implication over and above the immediate impact of the attacks, leading to the creation of Pool Reinsurance (Pool Re) in 1993: a small entity whose brief was to manage a pool of money paid to them through the premiums of the insurers themselves.
The insurers choosing to pay these premiums to the Pool Re scheme became Members, and started resting easier knowing if a terrorist attack occurred causing property damage, they only had to pay a certain amount of the claims made, with Pool Re paying the remainder. In addition, the pool was backed by an unlimited guaranteed loan from government should the pool be used up.
That guarantee remains today but with a buffer of approximately £11bn that has built up over the last 31 years. The facility remains an exemplar to other terrorism pools worldwide and has expanded its cover to include non-damage Business Interruption as well as cover against CBRN and physical destruction from remote cyber-attacks, both of which the market remains reluctant to cover.
The purpose of that small reflection is firstly to emphasise the importance of the insurance industry to the UK economy, and to demonstrate that it needs, and often demands, as much assurance as possible.
Enter Martyn’s Law, or the Terrorism (Protection of Premises) Bill: a continued work in progress born out of terrible events, created to improve the security of public spaces, and to help reduce the impact of terrorism events at such locations.
It should come as no surprise that the insurance industry welcomes such legislation; anything that legislates improvements in mitigations and resilience, and therefore could reduce the size of claims made following loss events, has its full support. Where legislation exists, compliance by an organisation will mean it can get insurance in the first place; if the organisation can then demonstrate it’s going above and beyond with its mitigations, that provides even greater assurance.
I’m not an underwriter, or regulated to provide insurance advice, but underwriting decision making is informed by many things, including how well an organisation manages risks, from terrorism as well as other perils. Pool Re, with our free-to-use Vulnerability Self-Assessment Tool (VSAT), and NaCTSO, with the SASS (formerly PSIA) programme, incentivise good security and risk management behaviours by awarding a discount of 10% on terrorism premiums to qualifying businesses that have Pool Re cover, known as the Loss Mitigation Credit (LMC), by virtue of the assurance we, and the insurer, gain from the organisation achieving a low risk rating.
Although VSAT can be used by any organisation for benchmarking, the LMC is typically only achievable by larger organisations with sophisticated measures in place, that can demonstrate the best of behaviours and maturity. For organisations that can’t achieve the LMC, there are plenty of other ways that assurance can be provided; when was the last time you asked your insurer “what can I do to move from being a bad or average risk, to being a good risk or a risk of choice?”. Similarly, have you asked them about Pool Re cover?
Martyn’s Law will certainly support better behaviours through the intended legislation for standard and enhanced tier locations. Irrespective of that legislation though, more can and should be done to improve security risk mitigations, which does not have to include expensive or sophisticated methods.
Think about what is easily and financially achievable:
- Creating a Security Plan, and ensuring your staff understand it
- Conducting a Threat, Vulnerability, and Risk Assessment, including Terrorism
- Understanding the credible threat from terrorism
- Having a person responsible for security
- Reviewing, testing, exercising your emergency procedures
- Having robust training records, including proof that staff have been adequately trained and are competent
- Checking emergency communications
- Engaging with local policing teams and community initiatives
We are seeing, regrettably, several organisations trying to take commercial advantage of Martyn’s Law by selling products and services that they claim will make organisations in scope of the legislation fully compliant. My question about this is “how can they know what it will take to become fully compliant, when the legislation hasn’t even been finalised yet?” I would also ask why it is necessary to spend money on advice, services, products, guidance etc, when there are so many free resources available, some of which I have included below:
The NPSA and Protect UK websites should already be familiar to readers of this article. The Pool Re Solutions Centre offers something a bit different though, including Monthly Threat Updates, specific Sector Threat Assessments, Analysis pieces and more, which can really help organisations to understand the threat from terrorism.
For organisations wanting to learn more, visit: www2.poolre.co.uk/vsat
Matt Telfer-Maleary
Principal Risk Consultant
