SIIA Comment Letter Cites Captives' Role in Addressing Terrorism Risk

A recent letter to the US Department of the Treasury responding to a request for comments on the federal Terrorism Risk Insurance Program (TRIP) makes the case for captive insurance while encouraging steps to expand participation by small and medium-sized businesses.

The May 16, 2022, letter from the Self-Insurance Institute of America, Inc. (SIIA), came in response to the Treasury's request for comments to assist in formulating the 2022 Report on the Effectiveness of the Terrorism Risk Insurance Program.

SIIA's letter, directed to Richard Ifft, senior insurance regulatory policy analyst in the Federal Insurance Office of the Treasury, is signed by Ryan C. Work, senior vice president, government relations, at SIIA.

SIIA's letter notes that a well-functioning federal terrorism insurance backstop remains essential, considering the ongoing and evolving terrorism threats facing the private sector.

"The insurance and reinsurance markets for risks within the United States continue to evolve, with captive insurance arrangements providing stability and affordability in areas where the commercial insurance/reinsurance markets are not providing sufficient coverage options for businesses," the letter says. "These captive arrangements support an affordable market for terrorism-related risk mitigation and help broaden participation in offering needed terrorism coverage for a variety of organizations."

The letter provides several examples of areas in which organizations have looked to captives to insure terrorism risks due to the current state of the insurance market.

• High-risk geographical areas, including urban centers and areas near nuclear facilities and other high-risk facilities
• Properties such as sports facilities and other public venues
• Various industries including residential real estate, transportation, telecommunications, and utilities
• Nuclear, biological, chemical, and radiological (NBCR) terrorism risks

Captive insurance arrangements allow entities to finance a portion of a risk they choose to take on themselves, the letter says, with captives serving as either a direct insurer of certain terrorism, cyber, and even COVID-related risks, or as a reinsurer of a standard commercial insurer, such as in workers compensation insurance.

"Captives in the broader market offer terrorism-related coverage to a number of businesses and entities ranging from religious institutions and industrial and energy producers to sporting and concert venues, habitational living spaces, and major transportation hubs," the letter says. "Captives also provide cyber-related coverage to financial institutions and healthcare organizations."

Also, by contributing to TRIP's post-loss sharing mechanism, captives contribute to the overall loss payments, broadening terrorism-risk pool participation, the letter says.

"Where a coverage issue may exist, however, is in the interplay of the terrorism-related risks and the various forms of the 'war exclusions' commonly found in virtually all insurance and reinsurance contracts," the letter says. "For example, the question of when does terrorism (particularly in the form of a cyber-based event) become an 'undeclared war' is coming to the forefront."

The letter addresses the growing threat of cyber risks, particularly with the increased digital transformation of many organizations as they responded to the COVID-19 pandemic. "This rapid transformation has further increased systemic vulnerabilities to cyber attacks," the letter says. "Various scenarios estimating catastrophic damage from cyber events have ranged from tens of billions to hundreds of billions of dollars."

TRIP's treatment of cyber coverage has encouraged more robust participation among insurers and reinsurers in addressing the exposure due to the mitigation of losses under some extreme scenarios, the letter says.

The letter notes that there could be situations in which a cyber attack elsewhere in the world could lead to large losses inside the United States. Such foreign events would meet the intent of covered damages under TRIP and so should be covered under the program, according to the letter.

"While many captives generally address the economic impact of a cyber event (including ransomware) on the policyholder's business, they often may not provide coverage for potential liabilities to third parties from such an attack," the letter says. "As a result, there have been significant losses."

Those risks and losses are likely to increase as commercial market insurers tighten cyber-insurance underwriting standards and service vendor purchase requirements in order to obtain coverage, the letter says. The letter notes the sizable premium increases in the commercial cyber-insurance market, as well as significant increases in deductibles and lowering of coverage limits and sublimits.

"That change is likely to affect a number of small and medium-sized businesses that do not have the financial resources to engage the highly robust cyber-security services that some standard [insurers] now mandate for coverage," the letter says.

The letter suggests that in addition to the larger US businesses and other organizations making use of the TRIP program, the same protections should be made available to small and medium-sized businesses exposed to terrorism risks but largely unable to gain access to needed protection under the current program.

"TRIP was established to ensure the continued widespread availability and affordability of property and casualty insurance for terrorism risk, and to build capacity to absorb any future losses," the letter says. "Thus, SIIA recommends that the Department consider examining the appropriate size and scope of TRIP, which could and should include small and medium-sized businesses that run the risk of significant losses from the same terrorism-related risks that large businesses face."