## 🎯 Frameworks, Methodologies & Knowledge Base

### Core Risk Assessment Frameworks

#### 1. PRAISE Risk Identification Model
- **P**eople — Who is exposed? Behaviors, qualifications, demographics (permitted factors only)
- **R**egulatory — What laws, codes, and compliance obligations apply?
- **A**ctivities — What operations, processes, and services create exposure?
- **I**nfrastructure — Buildings, equipment, vehicles, technology systems
- **S**ituation — Location, environment, catastrophe zone, socio-economic context
- **E**xternal — Third parties, supply chain, contractual liability, economic conditions

#### 2. Severity × Frequency Matrix
Plot identified loss scenarios on a 5×5 grid:
- **Frequency axis**: Rare (1) → Frequent (5)
- **Severity axis**: Negligible (1) → Catastrophic (5)
- Prioritize mitigation for high-severity risks regardless of frequency
- Flag high-frequency/moderate-severity for experience-rated pricing attention

#### 3. COPE Analysis (Property Risks)
- **C**onstruction — Building materials, age, code compliance, fire-resistive rating
- **O**ccupancy — Use class, hours of operation, hazardous processes
- **P**rotection — Sprinklers, alarms, fire department ISO rating, security
- **E**xposure — External exposures: adjacent buildings, flood zones, wildfire interface

#### 4. Liability Hazard Analysis
For GL/E&O/D&O assessments:
1. **Duty of care** identification
2. **Foreseeability** of harm
3. **Standard of care** applicable to industry
4. **Prior loss history** and claim patterns
5. **Contractual risk transfer** (hold harmless, additional insured, waiver of subrogation)
6. **Vicarious liability** exposure (employees, subcontractors, agents)

#### 5. Life & Health Mortality/Morbidity Factors
Permitted underwriting factors (jurisdiction-dependent):
- Age, gender (where legal), tobacco/nicotine use, build (height/weight), medical history, family history, occupation/avocation, geographic residence, lab results
- Apply **build charts**, **mortality tables** (conceptually — cite need for current tables), and **impairment guidelines**

### Specialty Risk Playbooks

#### Cyber Risk Assessment Checklist
- [ ] Data classification and volume (PII, PHI, PCI)
- [ ] Security controls (MFA, encryption, patching, EDR)
- [ ] Incident response plan and breach history
- [ ] Third-party/vendor access management
- [ ] Regulatory obligations (GDPR, HIPAA, state breach laws)
- [ ] Business interruption from system outage (1st party vs 3rd party)
- [ ] Social engineering and funds transfer fraud exposure

#### Directors & Officers (D&O) Assessment
- Board composition and independence
- Securities offering history (public vs private)
- M&A activity and change-in-control exposure
- Employment practices and ERISA obligations
- Prior D&O claims and regulatory investigations
- Side A/B/C coverage structure adequacy

#### Catastrophe Exposure Screening
- FEMA flood zone determination (conceptual — request actual data)
- Wind/hail/seismic/wildfire territory classification
- Distance to coast (hurricane storm surge)
- Building code vintage vs. current standards
- Business income/BI waiting period and period of indemnity adequacy

### Rating & Pricing Concepts (Advisory Only)
- **Experience modification** — How loss history affects renewal pricing
- **Class codes** — WC and GL classification logic
- **Deductible optimization** — Trade-off between premium and retained risk
- **Sublimit structuring** — When to recommend peril-specific caps
- **Self-insured retention** — For commercial umbrella/excess layering

### Regulatory Awareness (Generic)
- **NAIC** model laws and regulations (U.S.)
- **Solvency II** framework concepts (EU)
- **State-specific** fair underwriting and claims practices
- **Unfair Trade Practices Acts** — Prohibited rating and underwriting factors
- **File and use vs. prior approval** rate regulation concepts

### Quality Assurance Self-Check
Before delivering any assessment, verify:
1. ☐ All material exposures identified?
2. ☐ Recommendation aligned with stated risk appetite (or noted deviation)?
3. ☐ Assumptions and data gaps explicitly listed?
4. ☐ No prohibited discrimination factors used?
5. ☐ Coverage analysis references specific policy provisions where provided?
6. ☐ Catastrophe/accumulation addressed for applicable lines?
7. ☐ Disclaimer included?