Unfortunately, some banks treat the purchase of insurance essentially as "commodity', transaction being driven entirely by price. Consequently, it is routine for banks to place their insurance programs out on an annual tender offer basis, and place little emphasis on developing stable and long-term relationships with both brokers and underwriters. All financial markets reward stability and consistency and the bank insurance market is no exception. The effect of this instability and fragmentation in the some of the insurance market has been two-fold.

Quality of underlying re-insurance - When account relationship is perceived by the both underwriters and brokers to be totally price driven, it is often impossible to re-insure the risk with the most reputable and stable re-insurers. This means that brokers must often place the risk with .re-insurers of lesser quality and stability. This, in turn, frequently leads to difficulties in claims settlement and other coverage issues, as weaker re-insurers are often reluctant to settle even the most valid of-claims. In addition, brokers also tend to charge a premium for these types of placements - meaning that brokerage commissions are higher as a percentage of overall cost and it is often difficult (if not possible) to find out the exact extent of these charges or to get full visibility into who the re-insurers are on the cover.

Lack of Enhanced Coverages and "Value Added" Services - Brokers and underwriters reward stable long-term relationships with the provision of "value added" services and enhanced coverage. Both brokers and underwriters add value to relationships through such vehicles as underwriter/broker financed risk management, audits and consulting services, assistance in structuring risk financing programs (such as captives, pooling arrangements, and finite programs), and other forms of expert operational risk management support. Long-term and stable relationships also invariably bring with them an increased willingness by underwriters to enhance coverage within existing premiums and deductible levels, to provide more favourable policy wording, and to continue to renew coverage even in the face of loss. Banks should consider the possibility of multiple year insurance contracts and also negotiating broker services based on fees as opposed to commissions.

Although globally over fifty different types of insurance coverages are available specifically for banks, six types are of primary concern.

The Bankers Blanket Bond/Financial Institution Bond (BBB/FIB)- This coverage generally consists of six basic insuring agreements: employee dishonesty, loss of property on premises, loss of property in transit, forgery, forged securities, and counterfeit money. The BBB/FIB has traditionally provided the cornerstone for any bank insurance program. Although, most banks world-wide purchase this coverage, which is mostly a function of management's perception of operational risk exposures as well as generally accepted business customs. Further, there are no rules either formal or informal for establishing bond limits. Only in some jurisdicticus there are legal or regulatory requirements that a financial institution purchase a BBB/FIB

Electronic and Computes Crime (ECC) Coverage -The ECC may either be a separate or stand-alone policy or appended to the BBB/FIB. It is designed to respond to financial loss from third-party fraud or mysterious and unexplained disappearance relating to the insured computer or telecommunications systems. It is for this reason that ECC coverage may not be written without a BBB/FIB being present. The ECC (in its London form) currently consists of eleven insuring agreements i.e Computer Systems, Insured Service Bureau Operations, Electronic Computer Instructions, Electronic Data and Media, Computer Virus, Electronic Communications, Electronic Transmissions, Electronic Securities, Forged Tele facsimile, and Voice Initiated Transfers. Generally, the ECC is purchased in the same limit as the BBB/FIB since it is truly a companion piece to the BBB/FIB.

Directors and Officers (D&O) Coverage - D&O coverage indemnifies directors and officers of the bank against liability claims arising from alleged negligence, wrongful acts, errors and omissions. The wording and insuring agreements of directors and officers policies are specific to the jurisdiction in which the coverage is being written. On a global basis, D&O coverage is rapidly overtaking the BBB/FIB as a institution's most important and expensive form of transferring operational risk through insurance.

Professional Indemnity (PI) Coverage - Unlike Directors and Officers liability insurance, banks professional indemnity coverage is intended to provide insurance to the bank itself against claims arising from alleged errors or omissions committed by bank's employees and officers in the performance of their professional duties(fiduciary and operations), investment advisory activities, private banking, etc. This is driven by the shift in emphasis away from lending income into income streams generated by fee for service.

Payment Card Coverage - Coverage for losses incurred by banks as the result of counterfeit, forged and or altered payment cards is currently available through most international payment card organizations such as VISA and MASTERCARD. This coverage is designed to address counterfeiting, forgery and or alteration of both the embossed plastic as well as magnetic encoding on the card. In addition, specialised coverage for merchants, banks, processors, and independent service organizations against fraudulent and/or excessive charge baclcs by participating merchants has recently been introduced. Underwriters view the loss, theft, or misuse of cards as a completely uninsurable risk. Therefore, no coverage for this exposure is available in the market.

Given the potential profitability of payment card operations, growing consumer demand for these services, and the potential for enhanced sharing of credit data between Saudi banks, it is inevitable that the number of payment cards in circulation within the Kingdom will increase dramatically in the near term. It is also inevitable that given global trends in payment card, fraud losses to banks will increase substantially. To address this growing operational risk, banks within the Kingdom will need to take a hybrid approach consisting of loss prevention, and regular and self insurance of risk.

Loss Prevention - The payment card industry has found that the most effective way of dealing with card fraud and abuse is prevention. Careful screening of both cardholders and participating merchants, on-line monitoring and analysis of account activity, anti counterfeiting measures, sharing of fraud information among institutions. and aggressive investigation and persecution of abuse has significantly reduced losses on a global basis. As Saudi banks increase their participation in the payment card market, it will be essential that they establish with the assistance of organizations such as VISA International and MASTERCARD International viable and effective loss prevention programs in this area.

Internal Risk Financing - All banks involved in payment card operations must understand that a certain level of loss to fraud is simply a cost of doing business. While loss prevention programs may keep this amount within manageable limits, each institution must establish self insurance mechanisms - funded retention, loss allocation, contractual transfer of risk to address these losses.

External Risk Financing - Due to the relatively high cost and coverage restrictions of conventional insurance, Saudi banks should explore the possibility of using alternative forms of external risk transfer including risk retention groups, risk pooling, and group captives to address the financing of their exposures.

Political Risk Insurance - First written in the early l96o’s, political risk insurance is designed to facilitate stability in international trade and investment by indemnifying certain operational risk associated with political and regulatory activities in the counterparty country. This type of coverage is written by commercial underwriters in the United States, the United Kingdom, and Western Europe. In addition, it is also available through the facilities of the Multilateral Investment Guarantee Agency (MIGA) of the World Bank. Political risk insurance may be written to cover a number or areas:

Confiscation, Nationalization, Expropriation, and Deprivation (CNE&D) This is most commonly purchased form of political coverage. These policies are generally used by organizations with assets permanently located in another country and respond when these assets are taken over by government action.

Contract Frustration - This entails the nonperformance or frustration of a contract with a overseas customer through an invalid action by that customer. This invalid action wrongfully invalidates an overseas transaction in such a manner that the bank is unable to obtain payment for its services or recoup its assets.

Currency Inconvertibility - This type of loss occurs when payment occurs in local currency and the local government is unable or unwilling to exchange the currency at prevailing market rates. This has traditionally been a problem in many developing countries.

Trade Disruption - This types of losses are associated with interruption of trading activities due to war, strike, change in government, or change in law or regulation in the counterparty country. Trade disruption coverage can provide protection not only for the direct loss of revenue associated with the disrupted transactions, but also potential loss of earnings, extra expense, loss of profits, and loss of market.

One of the major "revolutions" which has taken place in the bank insurance industry globally has been in the area of retention find deductible levels. Many banks have realized that retaining and financing significant portions of their operational risk exposure simply makes good business sense. No longer can insurance be used as a substitute for sound management and loss control. Generally deductibles should be used to eliminate coverage for, losses that are apt to occur with some degree of regularity. For example, when purchasing employee infidelity coverage under the BBB/FIB, the deductible level for employee dishonesty should be set sufficiently high to eliminate low level theft of cash by tellers and ATM technicians which occur rather frequently.

There are two primary types of deductibles:

Straight Deductible - This is a flat amount that is subtracted from each loss. The sum insured is then paid over and above this amount of retention.

Aggregate Deductible - These types of deductible protect against a series of losses which, in total, may exceed the amount which can be safely assumed by the bank. Often written in conjunction with a straight deductible, this "stop loss" protection limits the total amount of losses to be absorbed to a specific amounts An aggregate deductible may apply annually or during a specified policy period, may limit the amount to be retained by the accumulation of a number of deductibles, or it may require that claims in total exceed specified amount before coverage is afforded.

While many approaches have been devised by both insurers and insiders to determine the "correct" level of deductible, the most commonly used method is to calculate the deductible as a percent of total assets. The rationale behind this approach being that the larger the institution in terms of asset base, the better its capability to absorb losses without resorting to insurance. Currently. the factor used by many underwriters in determining the minimum deductible level is approximately .0005% of total assets. Thus, using this factor as a guide, a bank with assets greater than SR 60 billion should, as a minimum, be retaining approximately SR 3 million loss as its deductible for BBB/FIB, EEC, D&O, and PI coverages, with a negotiated deductible of SR 5 million as being optimal from the insurers standpoint.

One of the significant methods for measuring the effectiveness of banks in managing their operational risks is the evaluation of the losses. In evaluating levels of loss several factors should be kept in mind:

Recurring Vs Catastrophic Losses - In general, routine recurring losses (small teller frauds, thefts of cash from ATMs, low value check forgery, etc.) should not exceed the banks deductible level. Although, all banks should attempt to control and reduce these losses to the lowest practical level, some losses must be expected as a cost of doing business. In fact, implementing a true "zero loss" environment would probably be far more costly than simply observing an acceptable level of small losses. Insurance should be viewed as catastrophe cover and should only be used to assist the institution in dealing with the consequences of "low probability and high cost" risks. Again, insurance should not be used as a substitute for sound and effective management of operational risks.

Frequency, of Claims Payment - If deductible levels have been established properly underwriters expect to pay a loss on an account every 7 to 10 years. However, with a loss frequency of more than 1 per 5 years indicates both a deductible level which is too low and problems with the bank's internal controls

Allocation of Losses

In an organisation, such as a bank which consists of many different departments and subsidiaries. it is good risk management to charge a unit directly for its losses However, it may be very difficult for smaller units to handle their self-insurance as self-insurance levels may be handled more easily by large units or subsidiaries. Therefore, in order that all units be allocated their fair share of premiums and loss costs, it is often necessary to establish an internal pooling or loss allocation system. Banks may add to the credibility and create accurate allocating systems by using acturial methodology and techniques. Such a system allows for the direct allocation of loss in some cases and the sharing of loss in others. This can make a system of higher deductibles practical.

For example, consider a bank with fifty branches and other non bank subsidiaries. A SR 5 million loss spread among the fifty units in one time period would amount to SR 0.1 million on the average. If an appropriate deductible is charged to the unit that actually suffered the loss and loss-sharing levels of the other units are adjusted relative to their size, a relatively large loss may be absorbed relatively painless. Further, very large losses could be amortized over a period of years. However, there are two important issues to consider in constructing such a system.

Penalize Frequency; Accommodate Severity -Allocation system should penalize frequency and be more forgiving of severity. This is based on the fact that severe or the high cost low probability risks" are far more difficult to control than incidents which to occur frequently and that if many incidents are allowed to occur frequently, it is inevitable that one or more will be severe. For this reason, charging units directly for loss costs can significantly improve loss controls, but the size of the penalty should be appropriate to the size of the operation.

The System Must be Accurate and Understandable - Allocation systems must be both accurate and clearly understandable to unit managers. Many allocation systems have failed because they became very complex in an attempt to create a degree of accuracy that may serve no useful purpose. The following example may serve to illustrate the point:

In this bank, a deductible of SR 1 million is set for Head Office and other wholesale nondepository subsidiaries (i.e trust company, the private bank, etc) while deductible as low as SR 50,000 are set for the small branches - a total of 35 units. Each unit pays 100% of its deductible for losses occurring in its units, and 50% of the loss in excess of the deductible up to an amount no greater than 150% of the stated deductible amount. Thus, a unit with a SR 50.000 deductable would pay the first SR 50,000 of the loss plus 25,000 of the next 50,000 loss for a total possible deductible of Sr 75,000. All units then share equally an excess losses up to the institution's aggregate of SR 1,000,000 deductible. Therefore, the largest loss which could be shared is SR 925,000 which when divided by 35 units is SR 26,428 per unit. If this is still too large a burden for the smaller units, the risk sharing percentages may be adjusted or a cap set on the maximum loss to be borne by smaller units, with the remainder shared corporate-wide.

In evaluating the level of premiums paid by banks for their insurance coverage it is useful to use the standard insurance industry metric of “Rate on Line”_ This is simply the . ratio of premium charged to sum insured (i.e. premium charge/sum insured = "Rate on. Line"). Globally, the spread for Rate on Line runs between 1% - 2% for highly preferred risks with excellent loss records and high retention to approximately 10 % for low quality risks with high loss records and low retention.

Therefore, as may be readily seen insurance pricing is designed to insure that underwriters will recapture the cost of all but the most catastrophic (and lowest probability) losses through the premium structure The premiums of conventional insurance programs may be structured in a number of ways:

Guaranteed Cost Programs - The standard approach for determining a bank's insurance premiums is by means of a guaranteed cost rating. most Saudi banks currently use these types of insurance programs. The guaranteed cost plan is intended to pre-fund all losses that are expected to occur during the policy period. This approach applies predetermined rates to an exposure base to determine premiums. The premium is guaranteed in the sense that it will not vary. However, depending on actual loss incurred during the policy period, premiums may be adjusted at renewal to reflect actual exposures which existed during the rating period. Therefore, reserves for losses that have been Incurred But Not Reported (IBNR) or paid remain with the insurer and investment income accrues to the insurer and the insured receives no benefit from them. However, if the insured has poor loss experience during the policy period, the insurer has no recourse for these which could far exceed earnings generated from the reserves.

Retrospective Rating Programs - Retrospective rating programs are based on the risk management ability and performance of the bank. For these arrangements which offer the insured the opportunity for substantial cost savings over a guaranteed cost plan if the loss record is good. Consequently, if the loss record is poor, the insured may end up paying more premium to the insurer than under self-insurance. Retrospective rating programs offer a system of rewards and punishments depending upon the effectiveness with which the bank manages its risk. Retrospective programs may involve a variety of methods.

No Claims Bonus - The simplest of the retrospective rating programs is the no claims bonus. Under this type of policy a percentage of the premium is returned to the insured at the end of the policy period if no claims are filed with the insurer.

Incurred Loss Retro- Here, an initial premium is paid at policy inception and is adjusted during subsequent years as actual incurred losses become known - with deposit premium being adjusted upward or downward based on loss experience. Generally, premium adjustments are computed annually and a minimum is established for the protection of the insurer. It is adjusted on the basis of losses that have actually been paid, as opposed to losses that have actually occured which may be more than losses that have been paid. This eases the insured's cash flow problem and allows the use of the loss reserves. The difference Between the standard premium and the amount paid by the insured is normally secured by a Letter of Credit or other acceptable financial guarantee.

Loss Multiplier Plans - Since all retro methods are essentially cost-plus contracts, a simple way to compare retros is by comparing the amount of "load" for non-loss costs on a percentage basis. Dividing the premium by the incurred losses gives an index known as the Effective Loss Multiplier (ELM) - thus a plan with an ELM of l30% is less expensive than plan with an ELM of 150%. Some plans utilize this-concept for determining the premium by simply multiplying the incurred losses by a stated loss multiplier subject to agreed upon minimum and maximum premium levels. This greatly simplifies the calculation process for both insured and insurer.

Present Value Discount Plans- Under these plans, losses are forecasted and then discounted back to present value at some agreed upon interest rate. Insurer expenses are added and a flat premium is charged. This premium is intended to be adequate to cover losses and to avoid the need for adjustments. However, most plans include provisions for eventually adjustment if actual losses are substantially higher or lower than expected.

Fixed_ Cost Participating Dividend Plans - This type of program is really a hybrid between retrospective and guaranteed costs policies as it gives the insurer an option to return a portion or all of the under-writing profits to the participant if it chooses, but generally does no allow the insurer to charge an additional premium for worse than expected losses. While the potential savings are not as great as under a pure retrospective program, the insured is in a no loss position. This is because maximum premium which may be charged is equal to the guaranteed cost premium less any applicable "dividend" discounts granted by the insurer.

Multiline Aggregate Program - Becoming increasingly more attractive as operational risk exposures rise, multi-line aggregate programs use a single insurance policy to cover all of the institution's exposures subject to an aggregate deductible applied to all covered losses. Once the aggregate deductible is satisfied by the payment of one or more claims, the policy would respond to any additional losses upto the aggregate limit. The theory is that by combining the various types of insurable exposures the overall predictability of loss costs is enhanced. An insured may then pay directly for planned and budged loss costs and rely on the multi-line aggregate policy to cover unplanned "high value low probability risk".

Banks which have strong internal audit and investigative functions and are able to properly document losses, generally experience little difficulty in getting claims paid in a prompt and satisfactory manner.

As a very general measure, insurers typically pay about 75% of the claimed value for about 90% of the items for which legitimate claims are submitted. Therefore, if an insured submitted ten legitimate claims totaling SR 1 million in a year, they could reasonably expect to receive between SR 600,000 and SR 800,000 in compensation less deductibles. It is extremely important that the bank clearly understand what is covered and more importantly what is not covered under the insurance contract. The filing of frivolous claims for which no coverage was contemplated in the policy not only creates extra work for the banks but also serves to antagonize both brokers and underwriters. However, it should be noted that claim payment is almost entirely a function of the quality of claims. Fully documented paid in full by underwriters, while poorly documented claims are, at best settled for a negotiated amount below that claimed or denied completely. In addition the quality of claims documentation and processing by both the bank and its broker directly effects the speed with which claims are settled. If underwriters must repeatedly request additional documentation in order to reach a settlement decision, claims processing becomes a drawn out and cumbersome process. In addition, if a bank has inadequate audit trails and investigative documentation procedures it will be necessary to secure the services of outside accountants, attorneys' or loss surveyors to conduct a proper investigation and generate claim documentation which will be acceptable to the underwriter. This process is both costly and time consuming and materially erodes whatever financial settlement is ultimately reached with the insurer.

It should also be noted that nowhere in any BBB/FIB or ECC contract a condition precedent to liability exists which requires a court judgment against a perpetrator to prove a claim. In fact, no condition precedent to liability exists in the insurance contract that incidents of either internal or external fraud be reported to the police.

Although this may be a legal/regulatory requirement and is certainly a prudent action on the part of the bank.