Containment of financial loss, regardless of its cause, is a key goal of virtually every organization’s risk strategy, providing a compass for many of the actions taken to avoid, mitigate, transfer and retain risks enterprise-wide. Yet catastrophic events too often result in losses that exceed the expectations of management. Such losses highlight the need for organizations to more fully address their exposure to financial losses through the process of financial disaster preparedness.
Financial preparedness is a crucial component of disaster planning that addresses the actions necessary for an organization to mitigate financial losses following a catastrophic event. Long before a catastrophic disaster occurs, these actions need to be identified, understood and addressed. It is clearly not the optimal time to initiate the process while the fire is burning, the ground shaking or the water rising.
Recovery from a disaster can present many unexpected challenges that directly affect financial recovery, such as delays in restoration, issues continuing operations and generating revenue, unexpected costs and challenging insurance claims. These and other issues can make it difficult to project the outcome of a catastrophe and manage expectations within the organization.
Financial preparedness creates a solid foundation for a more resilient, timely and effective recovery process. It helps maximize financial recovery through insurance and other sources and, in doing so, minimizes economic loss. In short, it can mean the difference between significant financial loss and substantial recovery.
Understanding the Organization’s Risks
Financial disaster preparedness begins with a thorough understanding of the risks facing the organization. As an organization grows and its operations become more intricate, its risks change and tend to become more complex. Accordingly, risks need to be assessed continuously, an exercise typically orchestrated by the risk manager with support from throughout the company.
Beyond the many challenges of physical recovery following a catastrophe, additional problems affecting financial recovery often occur because key areas of risk were overlooked or their potential impacts were not fully understood. For example, a real estate services provider had adequate liability coverage for cyber breaches but did not anticipate the potential financial impact of an interruption of its IT systems. The company experienced a cyber intrusion that shut down its servers for 24 hours, resulting in a multimillion-dollar loss that was only partially covered by insurance.
Risks that are not identified or clearly understood in advance are difficult to manage in a cost-effective manner following a catastrophic event. Such risks expose an organization to unexpected and often avoidable financial losses. The process of risk identification, analysis, mitigation and transference is a critical part of the financial preparedness process.
Once risks have been identified and analyzed, seven key areas of financial preparedness must be addressed:
1. Planning for business continuity
The foundation of financial preparedness, business continuity planning entails understanding how, and to what degree, your organization will be able to service its customers and maintain solvency in the event of a major shutdown of operations or other catastrophic event. This can include a variety of actions, such as fulfilling orders using existing inventory, receiving support from other company locations, outsourcing production and/or services, and setting up a temporary location. These actions help ensure continuity of operations and, in doing so, also help mitigate the loss.
In planning for business continuity, it is important to consider unexpected occurrences and challenges. Catastrophic losses can occur in ways that were not anticipated or previously experienced by an organization. For example, as a result of Superstorm Sandy in 2012, a company lost two of its major data centers, one located in New York City and a backup center located miles away in New Jersey. The company’s management never anticipated the possibility of a hurricane impacting both data centers at the same time. Organizations must explore a wide range of possible causes of loss and the resulting impacts when assessing both the maximum possible and the maximum probable loss.
2. Understanding employee retention
Retaining key employees and other members of the workforce following a catastrophic event is essential to the continuity and restoration of a company’s operations. Organizations must assess whether or not insurance will be necessary to cover labor costs following a catastrophic loss.
3. Understanding and mitigating costs
In addition to labor, there are many other costs that will continue following a catastrophic loss. The key to managing these costs is assessing the organization’s (and each facility’s) structure of variable and fixed costs and determining how they will likely be impacted following a partial or complete shutdown of operations.
By understanding and assessing continuing costs, the organization can better plan for mitigation of those expenses and required insurance coverage. The preparation of a simple business interruption values worksheet does not typically go deep enough—the process requires a detailed understanding of operations and related costs, and ways they will be impacted following a loss.
4. Identifying other sources of potential funding
Insurance is typically the first line of defense following a catastrophic loss, but other sources of funding may also be available. For example, if the president formally declares a disaster, state and local government entities, eligible nonprofits (including hospitals, colleges and universities) and Native American tribes may qualify for federal disaster relief, including Federal Emergency Management Agency (FEMA) Public Assistance Program grants, U.S. Department of Housing and Urban Development Community Development Block Grant Disaster Recovery grants, and Federal Highway Administration disaster grants.
In the case of FEMA Public Assistance grants, the documentation and reporting processes can be onerous, with a multitude of eligibility requirements that address the applicant, facilities, work performed and costs incurred. FEMA also has many insurance requirements, particularly for organizations that have received FEMA funding for previous disasters. Developing an understanding of these and other federal guidelines and implementing necessary procedures and controls before a disaster occurs can help ensure that maximum funding is secured in a timely manner, and can also help withstand audits by federal agencies.
5. Assessing liquidity needs
It is critical to maintain liquidity following a loss event. A careful assessment of the amount and timing of potential recovery from insurance and other sources of funding, consideration of continuing costs and extra expenses to maintain operations, and the need for capital to rebuild operations can shed light on the requirements for cash reserves and access to credit during an extended operational shutdown. While insurers may provide advances following a catastrophe, final settlement often takes longer than expected. Planning in this area can help avoid unexpected cash shortages that put business continuity at risk.
6. Developing a loss response team
Before a loss occurs, it is essential to identify and train the team that will support the organization following a loss event. Internal resources should include a broad spectrum of resources spanning the risk, legal, finance and accounting, operations, sales, engineering, and procurement departments. Additional external resources may include debris removal companies, general contractors, engineers, attorneys, accountants and other consultants. Developing your team and outlining their roles before a loss occurs will help expedite the recovery process, increasing its overall effectiveness and saving costs.
7. Assessing insurance coverage
An organization must conduct a review of its coverage at least annually and even more frequently when faced with significant changes in operations. Often, companies discover too late that their insurance policies do not provide sufficient coverage for property damage, business interruption and extra expenses. Many also discover unclear or ambiguous policy language that creates settlement issues.
An annual policy review should provide an understanding of the risks covered, sublimits, exclusions, deductibles, waiting periods and coinsurance requirements. This process can help ensure that risks are covered in the manner intended by management. Following annual renewals, it is also important to determine if any risks need to be further addressed and mitigated due to changes in coverage that may have occurred during the underwriting and renewal process.
The review should include an assessment of the organization’s covered locations and confirmation that the policy lists (or contains appropriate blanket coverage for) all existing locations, especially recently added ones. It should also include an assessment of the statement of values to determine whether property values are current. Property values may need to be updated as companies add, upgrade or sell equipment, invest in new capital, and change physical structures.
The organization’s business interruption values should also be assessed. This means, at a minimum, assessing each location and operation to determine the organization’s exposure to a loss of net income and expenses that would likely continue following a catastrophic event. As your business grows or declines or margins change, business interruption values will likely change as well. Failing to update these values could result in a gap in coverage due to insufficient policy limits, or potentially trigger a coinsurance penalty if designated in the policy.
In assessing insurance, it is important to pay close attention to sublimits, exclusions, waiting periods and deductibles, all of which can significantly impact an organization’s level of financial recovery. As an example, a large entertainment facility experienced a significant loss when an electrical outage led to the cancellation of a show on a busy weekend. Management was surprised to learn that the loss was not covered due to a 48-hour waiting period for “service interruption.”
The period of indemnity specified in a policy may also have a major impact on recovery. Insurance policies typically define the period of indemnity as beginning on the date of loss and extending through the period during which the property can be repaired, rebuilt or replaced, with reasonable speed, to the condition that existed prior to the loss (or, alternatively, the date business is resumed at a new location). Many policies also provide an “extended period of indemnity” of 30 days or more to give the business additional time to restore normal operations. This extended period can provide critical support for financial recovery.
It is also crucial to understand your needs with regard to employee payroll following a catastrophic loss. Business interruption insurance policies may provide full, limited or no coverage for “ordinary payroll” following a catastrophic loss. Ordinary payroll refers to payroll expenses of employees other than executives, department managers, employees under contract and other employees deemed vital to continuing operations. Companies with a critical need to keep such employees after a loss typically require this type of coverage in their policy.
Coverage for extra expense should also be assessed and considered in light of potential actions following an interruption of operations. This coverage generally addresses expenses incurred during the period of restoration to avoid or minimize the suspension of operations at either the current location or temporary locations.
A variety of special coverages are available to cover other areas of risk and may be appropriate for risks specific to the organization, such as insurance for contingent business interruption (to cover losses sustained by your organization as a result of physical damage occurring at your suppliers’ or customers’ facilities), supply chain disruption and cyber incidents.