For much of the banking business, the age of the “crisis” has passed. Business may or may not be as robust as a given bank would like, but the cloud that hung over America has passed, much like the harsh winter of 2014-2015 seen in many parts of the country.
An exception to this state of affairs comes when you look through the filter of financial institution insurance, and specifically directors and officers coverage. Ask Kristin Roger, vice-president and chief underwriting officer for financial institutions at the Travelers about the condition of the D&O market, and the answer won’t be a clear “hard” or “soft” as you might have received in the past.
Roger, with the company for 14 years, says that the crisis still exists, to a degree, in the insurance side of the industry.
Not completely out of the weather
Conditions are “very variable,” she says, depending on the nature of the company being underwritten. While the industry’s overall metrics have improved significantly from the crisis years, individual institutions continue to work their way through issues left over from the crisis.
But that’s not the only factor influencing the state of the market, according to Roger.
“We’re still in an environment of challenge to depository institutions,” she explains. The interest-rate environment is a major risk, in her view, with many institutions having reached for yield and potentially setting themselves up for trouble in the future as rates rise. Some carriers left the market after the crisis, some have come in with very specific appetites and all very cognizant of the growing body of threats to banks.
So harder market? Softer market? “It’s not a hard market nor a soft market—it’s an evolving market,’ says Roger. “We’re at an inflexion point. We’ve more or less exited the financial crisis, but there are still some capital pressures on some banks.”
Cyber-risks: Do board and management “get it”?
Underwriting banks remains a matter of very individual cases, says Roger. Ultimately, she says, while underwriting looks at the whole bank, the key element is the “M” of the CAMELS rating system—Management. Management is not as easy to underwrite as aspects of a bank that have hard metrics but to Roger it remains as important as any numerical quantity.
Beyond financial risks such as those arising from interest rate exposure, banks also face risks from the outside. Cyber security issues, for example, represent multi-dimensional risks to boards. Roger points out that the risk of losses to the bank from cyber intrusions and customer liability is only one aspect of risk here. Board members themselves face exposure should a customer sue because of ID theft or similar loss.
Part of what an underwriter looks for is the controls a bank has in place—the insurer’s own exposure hinges on the bank’s, after all. However, there is also the awareness and understanding of the board and management of those controls.
Overall, Roger says that banking companies seem to have firm understanding of the stakes in cyber risk, one of the major sources of operational risk today.
“Banks have this issue top of mind, as do their regulators,” says Roger, “as they should.”
ERM: key underwriting focus now
While not all sizes of banks face mandatory enterprise risk management requirements, the days when “ERM” and “community bank” never appeared in the same sentence have passed, according to Roger. She says expectations of attention at some level to ERM is as important to D&O underwriters as it is to regulators, who expect to see ERM efforts even where no formal requirements exist.
Roger says there aren’t underwriting requirements, but that what the underwriter learns about the attitudes of the institution, its management, and its board all factor into the underwriting process. Overall she says she sees more rigor among more banks in this matter.
She notes that underwriters acknowledge, in their reviews, that not every bank needs to have a formal ERM position or team—a bank may be too small to support that. But underwriters are looking for controls and structure supporting some degree of ERM.
In some cases, an institution may outsource risk functions, tapping expertise that it doesn’t have on staff for ERM.
“That is better than doing nothing at all,” says Roger, but she feels that getting good ERM from the outside is difficult.
Effective ERM takes a long-term effort and view, she says, so unless the consulting arrangement runs for some time, a third-party setup may not do all that management would hope for.
She says she would prefer to see some risk management talent on the bank’s own staff. She adds that the bank’s professional insurance agent can also be a helpful risk management advisor, given experience with other companies.
Emerging risks she’s watching
Roger says there are potential trouble areas that she has her eye on:
• Reaching for income in brand-new places: Roger says the need to boost earnings tempts some banks to try brand-new business lines, hoping for more revenue. The appetite is understandable, but she says a bank must be careful when going “outside their comfort zone.”
• Mergers & acquisitions: As more banks consider consolidation, there are risks that shareholders—both sellers and buyers—will feel shorted and will want to take it out on board members.
For this reason even members of a selling bank’s board must consider their coverage. Roger says it is typical to purchase a number of years worth of “tail” coverage to protect directors and officers from risks arising from the sale of institutions.
Roger points out that more deals are being done for stock, so holders of the old bank, should they be unhappy with their new company’s performance, may sue board members.