Risk Tolerance and Climate Resiliency
What you have to do and the way you have to do it is incredibly simple. Whether you are willing to do it is another matter.
– Peter Drucker –
Understanding climate risk tolerance is an essential element for managing your climate resiliency program.
Recently, I visited my financial advisor at the bank. Just as we have done countless times before, we reviewed my investment risk profile before we considered my savings plan options. It occurred to me that I often have similar discussions with my clients when I start a new assessment. However, often I am greeted with blank stares.
“What do you mean by risk tolerance?”
This little bit of risk and insurance industry jargon can be confusing to people outside of the profession. In this piece, I provide a very brief overview of how these concepts can help you manage your climate resiliency program. Generally, organizations that have a firm grip on their risk tolerance have much tighter management of their climate risk control costs.
Asking the Consultant Isn’t the Best Approach
In our experience, many organizations do not establish risk tolerances before they start assessment work. For example, the PIEVC Protocol raises questions about the organization’s risk tolerances as a preliminary step. Often, our clients pass over this step or ask us to use the default PIEVC metrics, without any further thought. Even worse, some ask us to apply our professional judgment on their risk tolerance. Generally, they do this to move past the question with as little fuss as possible. However, this is very much like asking your investment counsellor to invest your retirement funds, without your input. It can go very wrong!
Understanding Climate Risk Tolerance Requires Soul-Searching
Understating your organizational climate risk tolerance requires soul-searching. Other than insurance departments, most organizations do not evaluate their risk tolerance this way. While this is often the case for generalized risk issues, it can be worse for climate resiliency. Generally, climate issues are not mainstream concerns for most organizations. Even so, severe weather events can have significant direct and indirect impacts on your operations.
Generally, defining climate risk tolerance comes down to understanding and documenting the answers to a few simple questions. However, while these questions are easy to ask, they can be challenging to answer. Just as my investment counsellor will ask me how much of my retirement savings I am willing to put at risk to achieve higher returns in my investment portfolio, the questions are easy to ask but very tough to answer.
For resiliency issues, we generally focus on several key points:
- How much impact on your operations can you accept?
- How quickly can you recover?
- Do you have contingency and continuity plans to guide you?
- Will there be downstream impacts on your neighbours and customers?
- What levels of service interruption are unacceptable?
- Who else will be affected?
- Can affected third-parties influence your business?
- Your owners?
- Your decision makers?
- Potential new customers?
- Can you accept the reputational hit that inevitably follows a serious incident?
- Do your emergency response and continuity plans consider reputational issues?
As I said, these are really easy questions to ask. However, the answers can be exceedingly complex, crossing every business unit of your organization.
Understanding Climate Risk Tolerance is Best Defined Monetarily
Generally, it is best to place climate risk tolerance in monetary terms. You will need to establish the maximum financial impact associated with each of the issues you identify. Often, you can correlate this value with your overall corporate risk tolerance, if you have one.
You may find that placing some issues in monetary terms is relatively straightforward. For example, how much of a budget impact are you willing to accept to address any given climate incident? However, determining the boundary conditions around these parameters can be very complicated. You will need to establish who will pay for these events, if and when they occur.
While direct costs may exceed a departmental budget, you could perhaps address them through corporate contingency funding. In some cases, insurance or government disaster relief funding could also come into play. At any rate, the critical consideration at this point is establishing in monetary terms, just how much is too much.
Monetization can become complicated when you consider third-party impacts and interruptions in service to customers. Do you include these costs in your tolerance formulations? The answer to this question will vary from organization to organization.
To put this issue into context, I often cite the example of a significant infrastructure failure in a large Canadian municipality. The direct cost of the incident to the city was on the order of ten million dollars. However, the third-party impacts in terms of business interruption and loss of service were nearly one billion dollars. Just how much of this ancillary impact do you ascribe back to your organization? Remember, affected third-parties may pursue legal means to recover on their losses. Consequently, you may be liable, even in the best case, for at least the legal fees of managing this exposure.
Once again, these are easy questions to ask, but they are much more complicated to answers. Even so, to fully understand your climate risk tolerance, you will need to think about these issues and place a monitory limit on the level of exposure you can tolerate, wherever possible.
How Much is Too Much?
Beyond the monetary implications, you should also contemplate the social impacts of climate risk and how they can relate to you. These questions can be even more challenging, but nevertheless, you should include them in your review. Could there be human health and safety impacts caused by a failure in your systems? For example, often, mould issues arise after basement flooding, affecting the health of the homeowner, and potentially leading to significant costs. How much of these impacts do you include within the boundaries of your climate risk tolerance considerations? We have worked with clients that include these secondary impacts, and we have worked with others that specifically exclude them. These decisions are both sensitive, and very specific to your organization’s perception of climate risk tolerance.
When you include these human health and safety impacts, you also have to consider if you are willing to place these issues in monetary terms. There are mechanisms to calculate these costs. You can seek guidance from your insurance specialists to help. But, do you even want to do it? These are sensitive issues, complicated to explain, sensational in the media, and offensive to the public at large. Even so, you will need to establish some measure of “how much is too much?”. The answer can range from the very simple, “One is too many!” to very complex formulations, based on financial impacts related to events directly attributable to your organization. Just like my responses to my financial advisor, your response may be very different from the guy next door. All answers are correct, but they may all be different!
Understanding Tolerance Helps Control Your Costs
Ultimately, having a firm understanding of your risk tolerance establishes the foundation for effective cost control of your resiliency program. With this information, you are equipped to allocate dollars to those issues that you care about most. These will be the issues that can trigger your tolerance levels. Other problems may not require the same level of resource allocation. By targeting your dollars, you improve the cost-effectiveness of your overall resiliency strategy.
When I do a climate risk assessment, I use my client’s risk tolerance definitions to prioritize my recommendations. A good description of climate risk tolerance, monetized as appropriate, helps me place recommendations in the context of my client’s organizational structure. In this way, my work is more meaningful to decision-makers. Generally, it more closely aligns with their view of acceptable and unacceptable risks.
As a risk manager, I will often ask folks, “What keeps you up at night?” The answer to this question is the purest definition of risk tolerance. For an organization, climate risk tolerance represents those impacts that give your decision-makers sleepless nights. Typically, these are your climate risk tolerance priorities.
I deal with the same questions with my financial advisor. What sort of financial risk profile am I willing to accept? What kind of investments would give me sleepless nights? Similarly, the answers are based on a personal, subjective, evaluation of what I can accept.
Ultimately, your climate risk tolerance is a personal reflection on what your organization can accept, should things go wrong. Don’t rely on your consultant to do the soul-searching for you. Tell them what your tolerance is, and have them conduct their work through this lens. This approach is the surest way to get results from your resiliency work that genuinely reflect your organization’s culture and goals.
Call to Action
You are not alone. There are folks here to help you out. Seek the advice of climate risk and resiliency experts. However, ultimately, know yourself. What are you willing to accept? The answer to this question defines your tolerance and sets the foundation for cost control and climate risk prioritization.
We provide ongoing commentary on these issues. Feel free to contact us, we are always happy to discuss your personal climate risk tolerance profile.