<img height="1" width="1" src="https://www.facebook.com/tr?id=1987662231481674&amp;ev=PageView &amp;noscript=1">


Personalizing Risk Management for Community Associations

SAHOURI
Author
SAHOURI
Published
October 21, 2021

Risk Management is a broad term. The process of managing risk can be simple or complex depending on the needs and size of the community. Every decision the board makes is, in effect, an attempt to manage risk.

The following article, written by Lauri Ryder, CIC, CRM, CMCA, Real Estate Practice Leader at Sahouri Insurance was published in the October 2021 edition of Quorum Magazine.


What you will learn:


Classes of Risk.

Risk Management is a broad term. The process of managing risk can be simple or complex depending on the needs and size of the community. Every decision the board makes is, in effect, an attempt to manage risk.

There are six general classes of risk that will be evaluated. When creating a risk management plan, you need to take these classes into account. Each class encompasses topics specific to community associations.

  • Economic Risk – Are your unit owners paying their dues? Can you pay your bills? Can you obtain a loan if needed? Are your funds properly protected or invested? Do you need a special assessment?
  • Legal Risk – How does the current law or governing code apply to you? Are there new laws or regulations to consider?
  • Political Risk – Has there been a change in the interpretation of existing statutes or rules and regulations?
  • Physical Risk – Is there a possibility of damage to property or injury to persons? (This would encompass your typical insurance claims but also any damage that is incurred but not reported.) Are you in a flood-prone area? Does your building need maintenance or structural repairs?
  • Juridical Risk – What are the current legal trends? Have there been any adverse decisions by judge or jury? What case law applies to your association?
  • Social Risk – Does the association have a healthy public image and/or public relations? Is the association in tune with the social direction of their country/locality? How is social media affecting you?

Basic Rules of Risk Management.

The risk management process requires that you understand the history of your association. Your plan addresses historical trends and identifies areas for improvement. This should be completed with the assistance of professionals in their respective fields.

Each individual association will also need to be aware of their appetite for risk (i.e., how much risk are you willing to retain). It is nearly impossible to transfer all risk but depending on how much expense you are willing to bear upfront your risk level may be significantly reduced.

There are four basic rules of thumb commonly used in risk management:

  • Do not retain more than you can afford to lose.
  • Do not risk a lot for a little.
  • Consider the possibilities or likelihood of loss.
  • Do not treat insurance as a substitute for loss control or maintenance.

 

Identify Your Risk. 

The first step in creating your risk management plan is to Identify your Risk. To do so you will need to gather some information, including (but not limited to):

  • Copies of any previous risk management plan  
  • Governing documents and administrative & policy resolutions
  • Loss runs, noting open/pending losses and Frequency and Severity of reported losses
  • Documentation of any incidents that have been incurred but not reported as losses.
  • Maintenance records (including landscaping, snow removal, sidewalk, and pavement repairs, etc.)
  • Reserve studies and engineering reports
  • Copies of any current disaster management plans
  • Copies of current contracts
  • HR policies and/or employee handbooks
  • Details on applicable computer systems & protections
  • Financial statements & info on current investments

 

Analyze Your Risk.

The second step in the process is to Analyze the information you have gathered.

Insurance brokers tend to focus on the areas of risk management within our realm of expertise. We focus on aspects that lend themselves toward improving access to affordable insurance alternatives and obtaining the best available terms and conditions.

Your broker can provide you with important information about your loss frequency (number of reported claims, number of similar claims) and severity (amounts paid for each claim). They can extrapolate data for you and make recommendations based on this information and your exposures.

Note: typically, when we are bidding on insurance, we are focusing on loss information for a period of 3-5 years depending on the carrier requirements. However, when it comes to risk management plans it is better to have more information at your disposal as you create your overall risk map.

A community association is a business. Typically, professional risk managers require a review of a minimum of 10 years loss history.

But just obtaining loss history is not enough. The key here is that your insurance broker can only focus on losses that have been reported. If there have been damages incurred but not reported (the association decided to self-insure) these incidents should also be taken into consideration.

Data must be consistent and specific to be of any real use. In order to compare data sets, you need to know specifically what caused the loss. Only with this additional data can you tell if you have a frequency of similar losses. For example, in a high-rise, you might choose to categorize damages by floor or by which system or section was affected.

With this information, you can set about taking steps to mitigate future losses. Note: I would not recommend narrowing down to the specific units as that could present privacy issues when the information is shared to the community.

 

As each community is unique, it would be impossible to provide a one size fits all list. I believe it is more important to understand the process than to come away with a set list of questions. Each document you review will require input from a professional in that area of expertise.

A review of your governing documents, any changes in applicable statutes or regulations, and updating your administrative and policy resolutions will require the input of association legal counsel. If you have employees, they can also recommend updates to your employee handbook (or help you create one). Note: you may also be able to obtain sample employee handbooks from some D+O carriers.

Your attorney, in conjunction with your insurance broker, can also assist you with review of your current contracts to confirm there is no inappropriate limitation of liability wording or hold harmless and indemnifications sections not in favor of the association.

Your CPA, investment, and property management professionals can assist you in reviewing your financials for any problem areas. Ask yourself the following questions: Are you making the appropriate contributions to the reserve funds? Is your delinquency rate higher than expected? If so, how can you address the issue? Are you investing association funds appropriately? Do you have proper financial controls in place for payments and transfers between bank accounts? Is a second signature or approval needed for funds transfer or large checks?

If you have a site office with computer systems, or even just electronic access to the building and amenities, you should consult an IT professional. You need to consider the protection of those systems. What measures are in place to protect personally identifiable association information and association records? Do you have the appropriate firewalls and anti-virus software? Are software patches and anti-virus updates immediately addressed? Do you have a policy regarding creation and sharing of passwords? Are your security protocols up to date?

If your systems were compromised, how would you supervise access to pools, fitness centers, etc. Do you have backups of your system saved off-site and offline? Note: applications for cyber liability coverage will ask questions regarding your systems – this is a good place to start if you are looking to fully review your protections.

If you use a third party for credit card or direct debit processing of association dues, how are they protecting your unit owner’s information? Can the association be held liable if this vendor is compromised? What does your contract say about their limitation of liability or hold harmless and indemnification?

Association legal counsel can advise whether your state will hold the association responsible for notification and credit monitoring. If your vendor is not responsible for the costs, then the association may end up paying those expenses.

Associations should also understand the protections that their contracted property management firms have in place to protect their unit owners personally identifiable data. This protected data includes (but is not limited to) names, addresses, email addresses, banking info, credit card numbers, social security numbers, and birth dates.

If you currently have a cyber liability policy in place you should confirm whether hardcopy records are covered in addition to the digital. Privacy breaches have occurred during loss or mishandling of paper records.

If you have an aging building it is essential to consult the appropriate professionals for reserve studies and engineering reviews. Aging buildings need regular maintenance and systems should be updated or replaced as per professional recommendations. If your reserve fund is currently lacking, now would be a good time to determine how you can improve the financial health of your association.

In many associations, it is difficult to convince unit owners that expensive repairs are a necessity. Unfortunately, we have recently seen media coverage regarding Champlain Towers South Condominium and just how imperative those repairs can be. As I am writing, we still don’t have a clear understanding of what happened. We likely won’t have that information for a few months, but it seems clear that lives could have been saved if the appropriate risk management plans had been implemented.

Next Steps.

Once you have identified your risk and analyzed the information the next steps are Control, Financing, and Implementation. Several of the following articles delve into these roles of the risk manager in personnel and human resources, mitigating risk and risk transfer, financial risk management, investments, and other aspects of risk management specific to community associations. I hope you will take this opportunity to review those articles.

Your risk management plan should be an active process. This is not a singular task. The last step in the risk management process is Administration. To be effective, you must constantly monitor your plan and adjust as needed.

A successful risk management plan will involve education opportunities for your unit owners. For residents to fully embrace the plan they need to understand how it will benefit them in the long run.

If you need help with your plan or community outreach, contact your professional partners for assistance.

About the Author

Lauri Ryder is the real estate practice leader for Sahouri Insurance & Financial and has 15+ years of experience in the real estate insurance industry specializing in homeowners and condominium associations. Prior to moving to insurance, she worked in community association management which she believes gives her a unique perspective as a business partner.

Lauri believes that it’s important to continue to expand her knowledge base. In her quest for learning, she has earned several designations: The CMCA (Certified Manager of Community Associations), the CIC (Certified Insurance Counselor), and the CRM (Certified Risk Manager). Fun Fact: Lauri believes you can find beauty anywhere and loves to take photographs that prove it.

About Quorum.

"Washington Metropolitan Chapter Community Associations Institute’s monthly magazine is packed with articles and columns designed to help our readers preserve, protect, and enhance their communities-by running productive meetings; enforcing rules in a consistent yet reasonable way; becoming familiar with the legislative and regulatory pressures facing the industry; planning and budgeting for repairs and replacements; performing preventive and ongoing maintenance, and understanding historical and contemporary trends in common interest development." 

 

SAHOURI
SAHOURI
As an independent insurance brokerage firm, we guide our Guests through a technology-driven, consulting-based experience that integrates corporate Risk, Health, and Benefits policies through one, centralized Advocacy Team.