A Triennial review has rejected expanding the Australian Reinsurance Pool Corporation’s (ARPC) role to include cyber terrorism, but recommends adding board expertise and the appointment of temporary observers if a planned Government-backed cyclone pool is added to its responsibilities.

The Treasury review finds the ARPC-administered terrorism reinsurance scheme introduced after the September 11, 20001 US attacks is still needed and a “computer crime” exclusion should remain, despite some advocacy for change.

The review notes market gaps are not uncommon in emerging areas such as cyber and capacity may increase as risks are better understood.

“Furthermore, insurance is not a panacea and not all risks can or should be insured,” it says.

“Governments, businesses and individuals, both in Australia and internationally, are increasingly becoming aware of the need for mitigation-based solutions to cyber risks. Indeed, over time these actions may even help foster insurer appetite to underwrite new risks.”

The review says the unclear motives of overseas-instigated attacks could place pressure on the Government to respond even when an incident may not be terrorism, while ARPC’s premium structure, based on postcodes and urban density, wouldn’t match risks for cyber events causing physical property damage.

Feedback against expansion suggested adding cyber would reduce already limited appetite for Australian terrorism risk through the ARPC’s retrocession program, and cyber insurers could be crowded out of the market.

ARPC’s role in taking on administration of the proposed northern Australia cyclone reinsurance pool was also raised as a hurdle for cyber, with the organisation facing significant change.

The review says the ARPC is taking the steps needed so it’s ready to administer both the terrorism scheme and implement the cyclone pool, due to start in July if legislation is passed next year.

But it recommends that if the new pool proceeds, ARPC should add a board member familiar with affordability issues in cyclone-prone regions, claims processes and mitigation. The person should also be well placed to help foster relationships with consumers, brokers and the insurance industry.

“Unlike the current terrorism pool, the cyclone pool is expected to pay substantial and more frequent claims,” the review says.

“While as a reinsurer the ARPC will not handle claims at a policyholder level; it is the responsible entity for a significant intervention in the Australian reinsurance market, and there is strong community expectations and interest in the scheme.”

Two board observers, one from the Australian Prudential Regulation Authority and another, such as the Australian Government Actuary, should also be appointed on a temporary basis to help ensure a smooth implementation of the cyclone scheme, it says.

The Terrorism Insurance Act 2003, introduced after the September 11 attacks caused the withdrawal of commercial cover, was intended to be a temporary measure and is regularly reviewed to see if it is still needed.

The latest report says there is still no viable alternative for insurers seeking cover at commercially reasonable prices and recommends the interval between reviews should be increased from three years to five.

“Any substantial growth in private market capacity is likely to take significantly longer time than the current interval between reviews,” it says.