Under the Microscope

Natural catastrophes rattled the global supply chain to its core in 2011. A massive earthquake, which triggered a tsunami and nuclear crisis, ground Japan’s manufacturing sector to a halt in March 2011. Many manufacturers, mostly of electronic and automotive products, picked up shop and moved operations to Thailand — only to have that country’s major industrial parks washed over during the worst flooding to occur in 50 years. Factor in political unrest in the Middle East, earthquakes in New Zealand, tornadoes in the United States and an unprecedented financial crisis in parts of Europe, and it seems as though companies looking for a safe harbour for their manufacturing and component sourcing operations have nowhere left to go.

Experts say 2011 has re-shaped the way risk managers and underwriters manage supply chain risk. During renewals this year, underwriters are expected to subject companies seeking coverage to a whole new level of scrutiny.

Traditionally, the emphasis when determining risk accumulations has been on physical assets — upon how many suppliers are the insureds relying, and where are these suppliers located? Now, sources say, risk managers and their brokers will also be asked to provide details about the:

• supplying manufacturers’ risk management programs;

• geophysical landscape surrounding the supplying factories;

• other major customers of that supplying factory;

• suppliers upon which the supplying manufacturer relies;

• manufacturers’ ability to withstand financial shocks.

In other words, the days of the unnamed supplier are gone. Welcome to a new era of examining the interconnectedness of the supply chain and the relationships that exist within it.

Urs Uhlmann, head of Zurich Global Corporate Canada, foresees a reduction in the availability of contingent business interruption limits, particularly for unnamed suppliers. “In those cases where unnamed supplier sublimits were provided, we will see a reduction in that, and probably a reduction in coverage of suppliers of suppliers,” he says. “It may be more difficult as an insured to get adequate limits, particularly if you don’t have the necessary information in your underwriting submission.”

2011 in review

According to Aon Benfield’s annual catastrophe study, insured losses from natural catastrophes in 2011 were nearly 300% higher than insured losses seen in 2010. Published by Impact Forecasting, the report says 253 separate events generated a record total economic loss of $435 billion in 2011. At $107 billion, the total insured loss from natural catastrophes was the second-highest on record, surpassed only by the $120-billion insured loss reported in 2005 (of which $90 billion in damage resulted from Hurricanes Katrina, Rita and Wilma).

What’s unique about the insured losses of 2011? Sources say business interruption and supply chain-related losses are outpacing physical damage. For example, looking at the flooding in Thailand, the country’s industry ministry estimated insured damages to the almost 10,000 affected factories hovered around $25.6 billion — including both physical damages and losses due to suspended business. Since only 1% of household residential properties in Thailand have flood coverage, losses related to this event will come almost entirely from the impact to the manufacturing and supply chains, A.M. Best noted in a briefing.

Law firm Reynolds Porter Chamberlain LLP (RPC) says the event constituted a double-whammy of sorts for insurers. “Many Japanese companies, particularly in the automotive and electronics sectors, moved production to Thailand, and/or found alternative component suppliers in Thailand after the Tohoku earthquake to minimize their business interruption losses,” RPC noted in an analysis posted on its website. “However, the recent flooding may lead to a substantial increase in insurers’ liability for those claims.”

To make a business interruption claim, an insured business must mitigate its losses in order to recover under its insurance. Many Japanese manufacturers moved production from earthquake and tsunami-hit regions of Japan to Thailand in order to mitigate those losses. “Moving production from Japan to Thailand was a ‘Plan B,’” RPC says. “The question now is whether those businesses have a ‘Plan C.’ The insurance market will be working with insureds to implement cost effective contingency plans as soon as possible.”

Links under a microscope

Events in 2011 constituted a wake-up call for risk managers in terms of supply chain risk, says Deborah Luthi, president and director of the Risk and Insurance Management Society (RIMS) and risk manager for San Francisco Water, Power and Sewer. “A couple of surprises came out of the events of 2011 for risk managers: how there are unexpected connections when the crisis occurs, and just how deep within our organizations those connections went in terms of supply chain,” Luthi says. “I think for risk managers it’s a challenge for us to uncover those connections before it’s too late.”

Examples of these connections within the chain go beyond the following, basic scenario: 1) organization depends on supplier; 2) supplier’s operations are hit by a catastrophe and no longer able to supply; and therefore 3) the organization’s production is crippled. Last year, for example, supply chain breakdowns saw organizations stumble when their suppliers halted operations. Their suppliers halted operations not because they had sustained damage themselves, but because one or more of their other major customers did. As a result, the customer was no longer able to purchase from its supplier, thus stifling that supplier’s revenue stream and consequently its operations. In a different scenario, an organization’s supplier ceased to be able to meet the organization’s demand because one of the supplier’s key material providers has been hit in an event.

Uhlmann says in order to develop an understanding of these connections, risk managers and insurers will have to drill down deeper than just analyzing the first link of a supply chain. “Most of us, whether you’re an insurer or an insured, have a good handle on our physical assets, we know where they are and what they are,” Uhlmann says. “If you look at some of the losses coming out of the Thai floods, I think some of the insurers may have been quite surprised as to the losses they faced because of the impact the floods in Thailand had in all different parts of the world, in all different kinds of industries.”

The challenge moving forward, he says, is to improve data analysis techniques so that insurers can actually manage their accumulations and track the information provided to them by brokers and risk managers. “So when the next flood hits Thailand, for example, we will know more than just the physical assets we insure there,” he says. “We will know the impact [of the flood] on all of the various contingent business interruption limits we have provided to our insureds around the world.”

Colin Short, RSA Canada’s chief underwriting and risk officer, says risk managers should be prepared to provide as much information about their suppliers as they do for their own organization. “We ask for as much information on suppliers and the types of resources they have, the type of building they’re located in, as we do about our own insured,” Short says. “That’s something we’ve learned over the years: the importance of not just understanding the suppliers, but the customers as well. It could well be that your insured is selling to some big customers upon whom they are dependent. If those customers get hit by an event and they don’t need our in sured’s goods anymore, then you have a business interruption loss that way, too. It works both ways. You also have to know the insureds’ major suppliers, and what their alternative sources of production might be if the suppliers’ suppliers go out of business. Getting a handle on the exposures is understanding what these relationships and interdependencies are.”

Luthi points to an FM Global study, China and Natural Disasters — A Case for Business Resilience, to illustrate the magnitude of risk accumulations within the global supply chain. FM Global’s report examines the potential effects on the global supply chain if an event similar to the Mar. 11, 2011 earthquake and tsunami were to occur off the coast of China. Fourty-three per cent of the North American-based companies surveyed by FM Global were reliant upon Japan for key components in their product lines, but 86% are more reliant on China for key components.

“A natural disaster-related supply chain disruption in China would have a far-reaching and long-lasting negative economic impact,” Vinod Singhal, Brady Family professor of operations management at the Georgia Institute of Technology’s College of Management, says in the report. “It would slow down the global economy, as China is not only a major exporter of goods, but also a major importer of goods. It would cause shortages in many consumer and industrial products that could lead to inflation. And finally, it would devastate the share price of companies.”

The increased supply chain risk exposure in China underscores the need to look at supply chain resiliency beyond just certain risk management tactics and geography, the report continued. It should be more fundamental and strategic.

Increasing Collaboration

In order to get their arms around supply chain risk, risk managers need to start challenging some of the assumptions they have been working under for the past few years — particularly the assumption that suppliers and second-tier suppliers are mitigating risks appropriately, says Gary Lynch, global leader of Marsh Risk Consulting’s supply chain risk management practice. “Risk managers need to go beyond the first tier. They need to look further upstream in order to develop an understanding of the current state that ‘they’ — Tier 1 and Tier 2 suppliers, material providers, material brokers, material transportation providers and even the energy providers, particularly in Asia — manage the broad set of risks,” he says. “With the collection of all of this data, emerging best practices see risk managers then building this understanding into a profile of the environment in which their supply chains lie, and then actively monitoring it. It’s about shifting to data that really tell you more about the potential risks as things change. It’s a profile of the environment. Risk managers can then run analytics against it to measure the degree of exposure on an ongoing basis. They can measure the return on investment for risk management initiatives taken — like diversification of inventory, for example.”

FM Global’s report notes that 65% of companies plan to increase collaboration with the suppliers upon which they rely. One complication is that most of these suppliers are based in developing economies, where risk management is essentially in its infancy.

Uhlmann says the collaboration must start with knowing which company supplies which part to the organization. Furthermore, there should be clarity about the suppliers upon which the suppliers are relying. “And then, what are the alternatives in case one of those suppliers can’t deliver anymore?” he says. “In many cases, unfortunately, that information is not as easily available for large corporations as one may assume.”

The next step would be to try and find alternatives for when suppliers can’t meet their obligations, and to make sure that the organization’s suppliers have alternatives for their critical parts. “These are conditions that could and should be built into supply contracts,” Uhlmann says.

Lynch stresses there is more to this analysis than just laying out a series of risk mitigation expectations and expecting the suppliers to meet them. “The strategy today is to set an expectation and just tell your material providers to do that,” he says. “This means the material providers have to have either the expertise or the resources to do it, and they have to be motivated to do it. I don’t think that kind of thinking is optimal when it comes to correcting the problem.”

Lynch says an organization can establish an expectation of managing day-to-day risk through education programs, as well as by providing monitoring tools and incentive programs that are similar to — but not as severe as — whistleblower protection programs. “The point is, risk managers will have to get in there and apply what they believe is a valid way to manage risk,” Lynch says. “But they have to understand the motivations of the supplier.”

If the risk manager’s organization is not the supplier’s only customer, or if it’s not the supplier’s biggest customer, then the risk manager will have to bring data reflecting these facts back to the procurement team so that it is made aware of the situation. “It requires risk managers to understand lead times, single and sole-sourced materials and geographical aggregation of risk,” Lynch says. “They need to understand all of those concepts so that they can relay it back to the organization as it plans to move its business forward.”

RIMS board member William Montanez, director of risk management for ACE Hardware Corporation, says his organization is increasing its compliance activities. The point is to ensure the company’s suppliers can withstand both natural catastrophes and man-made events such as a financial shock. “We’re in the process of beefing up our compliance departments and making sure we have the proper people in place to communicate that information, particularly to senior management,” he says. “At the end of the day, that comes back to us in the risk management department. We can build that part of the story into our underwriting submission.”

Most companies are not going to volunteer this information. But ultimately the organization’s fiduciary duty is to gather that information and validate the information it’s given, Montanez says. He feels site visits are the best way to understand major suppliers’ operations. For example, he notes that in countries outside of North America and Europe, government resources such as flood maps are likely to be scarce. “I would think that if surveys aren’t available in those individual countries, then perhaps as a company you can hire a hydrologist or a specialized engineer to properly evaluate your exposure,” Montanez says. “Some of it would just be common sense, but you would be surprised how many companies never think about it. Sometimes, all it takes is a site visit.”

Meeting new demands

The evolving requirements can be daunting. For risk managers at multinational organizations, developing an understanding of each and every supplier with this degree of data is overwhelming. “What really seems to have changed is that, at a risk identification level, you’re seeing the risk manager making more of a connection with the business priorities through quantification of value,” Lynch says. Risk managers are developing an understanding of which products have the widest profit margins for their organizations, and then prioritizing those products’ supply chains. “They need to have some of that alignment up front, otherwise they’re just going to get run over,” Lynch says.

Montanez agre es, noting that priorities will vary from company to company. That’s why it’s important to engage senior management, he says. “You have to have involvement from senior management on what, exactly, the game plan is going to be in case something does happen,” he says. “You can’t start thinking about and implementing solutions when you’re in the middle of the battle. When these things start to happen, it’s too late to start planning, you have to start implementing. In order to do that, you have to know what will be top-of-mind for your particular organization.”

Reshaping the chain

The events of 2011 will likely not only re-shape the way in which supply chain risk is managed, but there’s a good chance it will re-shape the chain itself. Short refers back to the insurance notion of ‘proximate cause’ when considering how the global supply chain might shift. In other words, he looks to the main drivers of the 2011 losses.

“Just-in-time management has led manufacturers to keep a very low level of ongoing stock,” Short says. “In order to keep costs low, and to utilize capital more efficiently, a lot of them have gone to this system or methodology whereby they call upon their components when they need them. I think the buffer of stock a lot of these firms have kept has reached a minimum level, such that any disruption to the supply chain has an effect over and above the impact that a normal interruption should have. I think they are so dependent upon the ability to source the components when they need them, without holding them in their own stock, that they have placed themselves in an over-dependence on their suppliers. And if anything goes wrong with their suppliers, then the impact gets magnified all the way down the supply chain. That’s when things go really wrong. And that’s what’s happened here.”

Uhlmann agrees. He says the cost benefit of outsourcing might be outweighed by its associated risks. “As a corporation, when you assess your exposures overall, I think the supply chain risk will gain influence,” he says. He predicts companies will consider more carefully the trade-off “between getting the cheapest deal for your supplier” and “actually making sure you can deliver on your product” so as to avoid a negative impact on the brand. “I do think that some companies may change their approach to outsourcing,” he says. “The trend [towards just-in-time outsourcing], if it isn’t reversed, will definitely slow down. It’s so difficult to control the impact on your business if everybody else is producing for you and you don’t have proper control over them.”

Supply chain risk management is moving beyond response and recovery, and minimizing impact, experts say. For Lynch, a properly managed supply chain presents a strategic opportunity. “It not only allows you to respond quicker than your competitor, but it also allows you to take significant market share as a result of a failure of someone else in that space,” he says.

Perhaps one of the most publicized examples of a manufacturer gaining market share thanks to a competitor’s faltering supply chain is that of General Motors Co. and Toyota. The Globe and Mail reported in February 2012 that Toyota, battered by disruptions to its supply chain following the Japanese quake and tsunami, had taken a second hit when the flooding in Thailand cost the car manufacturer another 240,000 vehicles in lost production worldwide. As a result, Toyota ceded its title as the top seller of vehicles in 2011 to GM (a company that not so long ago teetered on the edge of bankruptcy) and Volkswagen AG.

“What we did as risk managers was traditional back office data collection, risk measurement and risk identification,” Lynch said. “That’s now potentially turning into something the decision makers — the executives, the financial institutions and the hedge funds — want. They’re asking: ‘How do I exploit the opportunity? How do I understand the interdependencies?’ This data is something to which the risk manager has access.”

Risk managers’ skills, mindsets and tools are evolving in order to create a sustainable solution for supply chain risk, Lynch adds. They are doing more than simply taking a snapshot of the risks. “Risk managers have to create something that’s going to live and breathe with the organization, so that if the organization changes its contract manufacturers or introduces a new product line in a new market, the solution is agile enough and the technology is there to support it.”