Alan M. Reisch

To be successful, the management of risk to commercial property must be focused on the particular locations and exposures involved, and must be understood to be far more than the traditional purchase of insurance, which is but one step in a far more involved process.

Risk is neither bad, necessarily, nor good. Risk is defined as “the combination of the probability of an event and its consequences.” There is most often the potential for events and consequences that will either prove beneficial to the ultimate objective, or threaten to decrease the likelihood that the objective will be realized.

To conceptualize the management of risk involves:

• Development of a clear understanding of objectives and goals;


• Identification and assessment of risks relating to those objectives and goals;


• Prevention of those risks that can be prevented;


• Management of those risks that can be managed;


• Transfer of those risks that can neither be prevented nor managed along with the residual risk that is inherent in the prevention/management undertakings.

Having done all of that, it is then necessary to evaluate on an ongoing basis whether what has been done is effective, and to make appropriate modifications when and where possible.

Although thinking about “risk management” is often equated with thinking about “insurance,” it is not until a decision is made that risk needs to be transferred and financed that insurance directly factors into the process. Knowing the types of risks that can be transferred, though, and the cost of effecting that transfer, will shape the process of managing and preventing risks in the first instance.

The recognition that this type of process can yield measurable results that impact an entity’s bottom line, and in some instances can result in a measurable return on investment, have led to the increasing vitality of a process known generally as “enterprise risk management.” ERP models show that the most effective way to understand, manage, prevent, transfer and finance risk is to view it across an entire enterprise.

The first stage in managing risk is to identify it. In the context of commercial property following the events of Sept. 11, 2001, and the development of concepts of “homeland security” it is necessary to consider not only those risks that have been traditionally recognized such as fire, theft, interruption of business, and criminal acts; but also to assess each properties’ vulnerability to political attack. As concepts of “threat levels” enter mainstream discourse, the vulnerability of properties, people and entities within them, has developed into a first-phase risk assessment exercise.

Risk professionals, governmental agencies and others have developed several metrics meant to assist in determining whether a particular property is either a likely target, or is sufficiently close to a likely target to be within its zone of influence. It is generally accepted that politically motivated attacks on persons or property are opportunistic, although well-planned. If a property falls within a target zone it is appropriate to work to prevent and limit risk by hardening the location or making it sufficiently difficult to be targeted so that other locations that are less well-protected or secured will be more appealing.

In considering how best to harden a particular location it is necessary to consider, among other things, perimeter security, vehicular traffic, parking, whether signage is appropriate, configuration of control and utility systems, access and egress, and matters as seemingly innocuous as the shape of a building. For instance, a U-shaped building located with its opening facing a public way with limited perimeter security may be a more appealing target than a well-protected high-rise structure. A suburban mall filled with shoppers and with no control of access and no ongoing surveillance may be a more appealing location than a retail area in a city that is well-patrolled.

The process of hardening a location will, in many instances, raise issues requiring a review of existing leases and other documents, as well as coordination with authorities. Whether in the office, retail, habitational or manufacturing sectors, the perceived needs of tenants, landlords and other stakeholders, such as lenders, often collide. Existing loan documents, leases and other contracts that govern these relationships often have not been structured in a way that allows these conflicting perceived needs to be easily reconciled.

Cooperation to make appropriate changes to these documents mid-term, and careful reworking of the documents at renewal or expiration, is a critical step in the process of managing these exposures over the long-term. This process involves a clearer focus on risk transfer and risk acceptance along with establishing a mechanism for dealing with unanticipated risks that require modification to how a property is controlled, configured and accessed.

Finally Insurance

After having hardened locations within and without a target zone, and having modified contracts and begun to prospectively modify those that cannot immediately be changed, the residual risk that has not been prevented, controlled nor transferred to others is either accepted or financed through the purchase of insurance.

It is right that the property/casualty insurance market, along with most others, remains firmly entrenched in a hard phase of its traditional cycle. Premium increases over the past several years have in many instances cumulatively exceeded 125 percent; some types of occupancies and coverages are sufficiently disfavored by insurers and it is not economically viable to finance full exposure. Increasingly large deductibles, self-insured retentions, diminished limits, and acceptance of non-financed risk remain the norm in many markets.

There are some signs, though, that the market is relaxing somewhat. It is also the case that there is tremendous capacity generally, and that structured and layered insurance programs can again be written with a reasonable degree of creativity and success. It remains expensive and can be difficult to obtain cover against acts of domestic terrorism, or acts of terrorism that are outside the scope of the Terrorism Risk Insurance Act of 2002; coverage for acts of terrorism that are within the parameters of the TRIA is available and in most instances is not priced to discourage purchase.