How SAM risk has changed – and how it is a bigger risk than it used to be
Sexual abuse and misconduct (SAM) risk management will likely change because of the ways SAM risk is bigger and harder to manage than it used to be and because the costs of failing to manage it well are also higher.
Where SAM was once concentrated in the priesthood, and among scout leaders, teachers, and sports coaches, it is now far more dispersed. These roles once enabled preferential abusers to be in close proximity with children with little chance of suffering any consequence from their abuse. Now, however, because SAM risk management has made it more likely abusers will be caught and punished, SAM is far more dispersed. As a result, SAM risk managers need to consider children and vulnerable adults in far more scenarios than they used to. Given recent claims experiences, for example, it is at the margins of organizations and their activities, particularly where the margin of one organization interacts with the margin of another, where exposure is highest and risk management often weakest.
That said, the most significant emerging element of SAM risk at the moment are the claims being made against organizations in States that have enacted window or look back legislation. Recognizing victims should be compensated for the damage they have sustained, the chief consequence to the organizations sustaining these claims are the potentially devastating financial implications; the recent Boy Scouts of America bankruptcy won’t be the last SAM related bankruptcy.
Arguably a more important consequence though is the ongoing damage to the credibility of organizations that have been managing SAM risk over the periods covered by the windows. For example, if the Pew Research survey results from last summer are accurate, Mass attendance and donations are falling faster for the Catholic Church than the falls in attendances and donations most denominations and religions are suffering in the US (because of the reduction in religiosity generally) because, despite much sound evidence to the contrary, the Catholic Church is perceived to have a current problem with SAM, not ‘just’ a past problem.
Though less commented on, the prospective changes to statutes of limitation for SAM will have significant long-term implications. Though some organizations have never used statutes of limitation to protect themselves from claims for past abuse, that option is being taken away – and in far more States than have enacted look back legislation. The main reason statutes of limitation exist is because of the difficulty of defending claims for things that happened beyond institutional memory; the further back the abuse is alleged to have happened, the harder it is to find the evidence that might enable an organization to defend itself. The implications for SAM risk management, record keeping, and occurrence-based insurance of longer statutes of limitation will be significant.
The size of SAM claims is also increasing, particularly for recent abuse. A claim for an individual victim of recent abuse passed $40m for the first time last year. The severity of SAM settlements has always been tied to the nature and number of risk management failures a child suffers from. One mistake might be a genuine mistake but two looks like negligence and three or four, never mind multiple victims, seem self-evidently to be grossly negligent. The swiss cheese model of risk management control failure – where holes in risk management controls need to align for events to happen at all – is used in SAM litigation to demonstrate smoking guns. Understanding how different controls interact will become more important.
At the same time that SAM risk is increasing, insurance for SAM liability is reducing. Some occurrence-based SAM insurers have already withdrawn from the market and more are reducing the capacity or coverage (or both) they are willing to offer. It is likely only a matter of time before many more exit. For example, it is hard to see how occurrence-based insurers will be able to continue to issue policies which, because of the prospective changes to statutes of limitation noted above, have functionally no end date. In some States, occurrence policies issued today will still be active in 2060. Given how much SAM risk has changed in just the last 5 years, it is hard to see how coverage, which is effectively open-ended and cannot be changed, can prudently be offered, never mind accurately priced, for a risk that is changing so much and so fast.
Claims made insurers are yet to enter the emerging stand-alone SAM market in any significant numbers, even though it has proven to be profitable (for the last 12 years anyway) and is hardly affected by the statute of limitation changes. Probably the main reason for this is that no one likes talking about SAM, and insuring SAM involves a lot more than just talking about it. On top of this, few claims made insurers have the experience or data necessary to start building a SAM portfolio. And, as the so-called casualty catastrophe, which is blamed on systemic under-pricing and under-reserving of casualty risk begins to unfold, asking insurers to enter a market with known issues and without the data necessary to understand risk drivers, and therefore how to price or reserve for the risk, is a big ask.
Though SAM risk has changed a lot, SAM risk management has changed less
The reason SAM risk management is likely to change is because it has fallen behind the risk it is managing.
The focus of most SAM risk management is still based on a traditional approach to risk management – of preventing negative events and mitigating the consequences of the events that cannot be prevented. Since current approaches to SAM risk management were first designed in the late 90s, risk management best practice has moved on. Enterprise-wide risk management (ERM) has become best practice, and with good reason. Among many differences compared to traditional risk management, ERM is focused on supporting an organization to meet its most important objectives. Risk managed according to objectives is managed more effectively than risk managed with the narrower focus of seeking only to prevent the negative.
As important as preventing negative events is, by focusing only on preventing and mitigating SAM, many organizations have made different and less forward-looking decisions than they would have made if they had been thinking about how, for example, to restore their credibility in the face of the deteriorating credibility noted above. That said, credibility is a by-product of achieving the more important objective of keeping children safe and being seen to be doing everything reasonably necessary to make that happen.
A related issue in terms of credibility is that some organizations managing long past abuse claims and also trying to prevent SAM today see these two activities as being distinct. In many ways they are but in credibility terms, they are intrinsically linked. To be seen to be doing anything but the right thing by the victims of long past abuse is to risk not being trusted with children today. Or, in the case of some organizations, to risk not being trusted at all.
A further problem with the traditional approach to managing SAM risk is that many organizations use the same safe environment principles in every context in which they manage SAM risk. Safe environments are essential, of course, but safe environment programs need to be adapted to apply appropriately in the many different contexts in which they need to work. The rules some organizations follow or impose on their constituent parts can be too strict to accommodate the necessary adaptation; in other cases, the approaches or guidance offered are so limited, basic elements of safe environments can be missed altogether.
The chief problem with safe environments, and with managing many other aspects of SAM risk, is also the same more fundamental problem causing the casualty catastrophe. There is functionally no SAM risk management data on which either a SAM risk manager or a SAM insurer can rely to make objective, well-informed risk management or underwriting decisions.
The three most likely changes
We think three changes to current approaches to managing SAM risk are necessary to enable the individually tailored yet objectively effective SAM risk management and underwriting which the new levels of SAM risk now demand.
- SAM risk management will likely need to adopt the objectives-based framework of ERM. This will provide organizations with a consistent framework in which to make directionally consistent decisions.
- To ensure risk managers and underwriters stay on track having set their strategic direction, and to ensure well-informed decisions, far more and far better SAM risk management data must be developed.
- To ensure risk management and underwriting decisions are implemented effectively, people, activities, and coverage are coordinated, and the need to adapt is identified and adaptation is implemented consistently, new SAM risk management and underwriting systems will likely be necessary.
The real problem is that, while the current risk management value chain can deliver ERM and systems, it cannot deliver data and, without data, ERM and systems aren’t much use.