6.3.3 Risk coverage
Group Insurance works closely with the relevant executives in the entities to:
- implement global insurance programs, negotiated at the Group level, available for all entities and supported by insurance companies recognized within the Insurance Industry for their financial solidity;
- put in place insurance coverage to protect the interests of employees, clients, shareholders and the Group;
- identify and evaluate the key insurable risks faced by Sodexo, with particular attention to the emergence of new risk factors associated with changes in our activities;
- reduce contractual risk, in particular by means of limitation of liability clauses or hold-harmless agreements;
- achieve the appropriate balance between risk retention (self- insurance) and the insurance market in covering the potential financial consequences of Sodexo’s risk exposure; and
- achieve optimization by financing some of the Group’s risks through the use of captive insurance companies.
6.3.3.1 Insurance coverage
Sodexo’s general policy is to transfer non-retained risks, especially volatile risks, to the insurance market. Insurance programs are contracted with world class insurers. The main insurance programs are as follows:
- liability insurance, which covers personal injury, property damage or consequential loss caused to third parties. This category notably includes operational, product, after-delivery and professional liability insurance. Sodexo has implemented a worldwide liability insurance program benefiting all countries in which the Group operates, including the USA and Canada;
- property insurance, which mainly covers the risk of fire and explosion, water damage, natural disasters, business interruption or increased cost of work, and (in some countries) acts of terrorism. As a general rule, the sum insured is equal to the value of the amounts at risk; however, some insurance contracts cap the amount paid out under the policy;
- workers’ compensation. In countries with no government-provided coverage (primarily the United States, Canada and Australia), Sodexo has contracted workers’ compensation programs;
- crime insurance specifically for Pluxee, to partially transfer the risks of fraud, falsification and theft to the insurance market;
- marine cargo insurance for covering loss or theft of goods during shipment;
- employment practices liability which provides coverage for wrongful termination, sexual harassment, discrimination and workplace torts;
- cyber risk insurance, which responds to cyber events such as intrusion, denial of service attacks, data breach. Insurance coverage includes forensics, privacy breach and data restoration costs as well as any business interruption arising out of a cyber event. In a very tough market, the cyber risk insurance is reviewed regularly and implemented according to the best possible conditions.
In addition, Sodexo maintains compulsory insurance as legally required in the countries where it operates.
6.3.3.2 Self-Insured Risks
Retained or self-insured risks correspond to the deductibles specified in the insurance programs contracted by Sodexo. They consist for the most part of frequency risks (i.e., risks that occur regularly) but from time to time may also include severity risks (i.e., risks representing substantial amounts). In some countries, these retained risks correspond to deductibles under employer’s liability, workers compensation, third-party automobile and property insurance. Sodexo also self-insures frequency risks and low amplitude risks through two captive insurance companies. The American company, incorporated in the State of Hawaii, manages the deductibles of the Workers’ Compensation, Automobile Liability and General Liability insurance program as well as reinsurance on the General Liability. The Irish company, based in Dublin, provides:
- direct insurance for motor own damage and motor third party liability risks, marine hull and cyber risks;
- reinsurance on property, marine cargo, general liability and automobile liability.
6.3.4 Internal control process
The risk management and internal control approach applied within the Group consists of:
- identifying and assessing risks;
- describing the control environment, both at Group and subsidiary levels;
- documenting and making a self-assessment of these controls, both at local and Group level;
- independent testing of the effectiveness of these controls, by independent persons.
The maximum exposure of our captives on a single risk amounts to 10 million U.S. dollars per claim and in aggregate per year.
6.3.3.3 Placing of risk and total cost
On the occasion of its most recent policy renewals, Sodexo maintained the scope and level of its coverage, as regards in particular, general liability insurance and professional liability insurance, especially for risks associated with Facilities Management activities. The total cost of the main insurance programs and self-insured risks (excluding workers’ compensation) of fully-consolidated Group companies, represents around 0.26% of consolidated revenue.
