Is Your Terrorism Coverage Giving You a False Sense of Security?

Robert Cruz


February 2, 2012

In an uncertain world, risk managers understandably rely on the terrorism coverage they have purchased. If a terrorist attack occurs, they expect claims to be paid quickly so they can resume business. What risk managers may not realize, however, is that the claims process could be delayed if a major attack occurs. This is largely due to the way the federal backstop program that was established following the 9/11 terrorist attacks.

The 2002 Terrorism Risk Insurance Act (TRIA), its 2005 extension and 2007 reauthorization, the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA), were instrumental in creating a terrorism insurance market where none existed. The backstop helped establish today's market by protecting insurers and enabling them to offer coverage for a risk that was seen as uninsurable by most private carriers.

TRIPRA is considered a success, with robust take-up rates and affordable premiums. However, TRIPRA, which is up for reauthorization in 2014, also creates an inextricable link between the federal government and the private insurance market. It establishes thresholds, deductibles and other requirements that insurers must meet before they are eligible for federal funds. To be truly prepared for the aftermath of a terrorist attack, risk managers need to understand how the public/private partnership works and, specifically, how claims could be impacted.

The Threat Persists

While the United States has been free of major terrorist acts for more than a decade, the threat has not disappeared. Both international and domestic terrorism networks present ongoing risks, and schemes that have been thwarted over the past 10 years suggest that terrorists continue to plot death and destruction in areas around the world.

According to catastrophe modeling firm AIR Worldwide, an analysis of 32 terrorism plots against the United States since September 11, 2001, shows that approximately 60% of the cases involved explosives and another 30% involved small arms. Government sites and transportation were the most common targets. The threat goes far beyond those entities, however. AIR has a comprehensive database of nearly 300,000 "landmark" targets across the country, including transportation hubs, energy utilities, bridges, medical facilities, other national infrastructure, tourist attractions and private-sector properties.

How TRIPRA Works

To activate the program, the secretary of the treasury, secretary of state and attorney general must certify the event as an act of terrorism. Following that certification, there are a series of financial calculations and requirements that insurers must meet to be eligible for federal funds. These requirements could put insurers under financial pressure: such a case highlights why every risk manager needs to take a hard look at his or her insurer's ability to meet its obligations.

As the federal backstop has been extended and modified over the past decade, insurers have become responsible for covering a greater share of terrorism losses. To trigger TRIPRA backstop funds, the terrorism event must result in aggregate industry insured losses of at least $100 million, up from $5 million in the original act and $50 million in the extension act.

Furthermore, before federal funds are released, insurers must pay insured losses equal to 20% of their earned premiums for TRIPRA-applicable property/casualty lines from the previous year. That figure has also risen since the act's inception, up from 17.5% in 2006. Above that threshold, the federal government will pay 85% while losses and the insurer is responsible for a 15% overall coinsurance premium. The result: industry retention has risen to $27.5 billion. In addition, TRIPRA has an annual program cap of $100 billion.

To put that in perspective, the Insurance Information Institute puts the losses from the September 11 attacks at $40 billion (in 2010 dollars). A large-scale attack has the potential to meet or exceed that level.

Understanding the Limitations

Taking into account all of these requirements, and a range of other factors, TRIPRA may not be the solution risk managers are counting on to cover losses and get their businesses functioning quickly after a disaster. There are several actions risk managers can take now to address these issues, including assessing their insurer's possible exposures.

While some insurers may be hesitant to discuss their terrorism aggregates (how much terrorism insurance they have written in a particular zone), it is nonetheless critical information. It affects how quickly claims can be processed and paid, and whether the insurer will have the resources to pay claims directly or if the insurer will need to wait for federal funds.

Risk managers should also understand who gets paid first and what the criteria for payment is. Will the first priority be the insurer's biggest clients? It is important to know where on this list a particular business falls since that will determine how quickly claims are paid.

The reality is that practically all businesses need liquidity to survive after a major shock from any type of disaster, whether the capital is used to address physical damage or business continuity needs. A prolonged delay in claims payment could result in serious hardship or even financial ruin.

Risk managers should also be aware of TRIPRA's limitations. It is only for companies with assets in the United States; international exposures are excluded under the act. To understand their needs following a possible attack, risk managers must identify their business's specific risk profile. They should identify possible terrorism risks and exposures, analyze how the exposures would impact critical business functions such as supply chain, operations and sales, and put in place a risk management strategy that takes into account varying claim-payment scenarios. Risk managers should also consult with their brokers about standalone terrorism coverage that is not dependent on TRIPRA.

While it is clear that there would not be a sizeable terrorism insurance market without the TRIPRA backstop, its requirements, deductible thresholds, triggering events and caps have the potential to directly impact an insurers' performance and claims-paying abilities.

The terrorist threat shows no signs of abating and terrorism insurance is must-have coverage for many businesses. There is no way to predict exactly how the insurance market and TRIPRA will respond in the event of a destructive act with multi-billion dollar losses. What's clear for risk managers is that they need to be ready for multiple scenarios, including one in which claims are delayed substantially. If liquidity and claim payments freeze up, risk managers have to prepare their companies to move ahead under the adverse circumstances that would follow a terrorist attack.
Robert Cruz is senior director of information governance for Smarsh. He has more than 20 years of experience in providing thought leadership on topics including eDiscovery, information governance, data privacy, and regulatory compliance.