When it comes to the list of disruptive technologies, are we giving chatbots enough credit? Chatbots are only beginning to show their potential, garnering initial headlines primarily due to Lemonade and its chatbot called Maya. That is interesting, considering that chatbots and AI will likely have a greater overall impact than many of the up-and-coming technologies we have grown to accept, such as autonomous vehicles. How is it possible that chatbots are silently sitting on the sidelines? It’s simple. They aren’t sitting silently. Chatbot development and use is in full swing. The headlines are picking up. Research organizations are putting forward more predictions about chatbots than ever. Chatbots are easier to implement than many technologies and, operationally, they will provide real value. Text-based or voice-carried artificial intelligence and service-focused functions can readily swap with current human-based adviser/service functions. As complex as they are on the back end, chatbots don’t require major hardware investment, such as sensors, and they don’t require an inordinate amount of coding. So, for all of their disruptive potential to the way we do business, they may be far less disruptive to operations and IT, though operations and IT (and customers) stand to benefit from chatbots. See also: Chatbots and Agents: The Dynamic Duo   In an era where impatience is growing and speed is rewarded, chatbots can dramatically improve service levels and meet or exceed expectations. They can also make the economics work for providing service and executing transactions for the growing ranks of high-volume, on-demand, low-premium risk products coming to the market. They are the future of nearly all personal business transactions. For insurers, chatbots can be their own distinct channel as well as augmenting existing channels, supporting a multi-channel world. Chatbots are growing in use and importance In Majesco’s Future Trends 2017 Report, we discussed the impact and potential of chatbot growth. Chatbots aren’t growing merely because they have service potential — they are growing because automated non-human service is gaining acceptance among the Gen X, Millennial (Gen Y) and Gen Z cohorts. Chatbots’ appeal and growth will likely make them one of the technologies to break out of age-based stereotypes. WeChat, China’s most popular chat app, is a great example. With nearly 1 billion users (889 million people), its impact is felt across generations and is even spurring older generations to adopt mobile technology. WeChat is popular — its users interact for an average of 90 minutes per day. Because it uses voice commands, it is also learning from conversations, illustrating the potential of chatbots to gain something from each interaction. Business Insider said that 80% of businesses will be using chatbots by 2020, with 42% believing that chatbots will improve the customer experience. In addition, 29% of customer service positions in the U.S. could be automated with chatbots or other technology. Chatbots offer immense potential for customers to interact with an insurer, through direct interactions within messaging or other social media apps. Other technologies and their impact on chatbots The “automated home” race between Amazon’s Alexa, Google’s Home, Apple’s HomePod/Siri and many other technology providers will enhance chatbot adoption and use. The more people become comfortable with interactions that are non-human, the easier it will be for people to feel comfortable in a chatbot purchase and service environment. Insurance is already adopting chatbot use and ramping up chatbot availability. In the past year, for example, insurtech saw a rapid rise in the use of chatbots within startups ranging from Elafris, which enables customers to download auto ID cards and pay bills, to Denim, which markets to consumers and links them with insurers or agents for renter or homeowners insurance. Robo-advisers represent a chatbot with real AI integration and rules management that can go beyond outside customer service and well into day-to-day executive assistance. In July 2015, Zurich shared how it was using robo-advisers in two ways: First to accelerate and improve policy processing and issuance that improved quality and accuracy for international casualty programs. Second, Zurich used them in the U.K. to conduct routine diary reviews for open claims that traditionally required attention by human operators. In the quest for improved customer service, quality, accuracy, speed and efficiencies, robots and robotics have significant opportunity for insurers. From automating processes to interacting with customers, the potential seems limitless, as well as creating a starting point for cognitive applications. A natural link: AI and Chatbots Cognitive systems help visualize, use and operationalize structured and unstructured data, pose hypotheses based on data patterns and probability and understand, reason, learn and interact with humans naturally. As a result, the systems help organizations create knowledge from data to expand nearly everyone’s expertise, providing continuous learning and adapting to the environment to out-think the competition and the market. AI and cognitive computing technologies like IBM’s Watson have been touted as the link between data and human-like analysis. Because insurance requires so much human interaction and analysis regarding everything from underwriting through claims, cognitive computing may be insurance’s next solution to better analyze and price risks using new data sources, while adding an engaging and personalized advisory interface to their services. A savvy insurance technologist can easily begin to draw the lines between that kind of intelligence management and its potential when linked to chatbot advisory and directive services. Just as many of today’s advisors and agents have experience in underwriting, tomorrow’s chatbot may carry with it the ability to market, gather data, quote, underwrite, issue policies and settle claims without human intervention. Putting one face on an insurance company probably couldn’t get more complete than that. See also: Hate Buying? Chatbots Can Help   For now, we can see the seeds of this complete chatbot value chain in its beginnings. At the recent SVIA InsurTech Bootcamp in August that we were involved in, we saw and discussed the array of opportunities to leverage chatbots, AI and cognitive … highlighting the opportunities unfolding. In June of this year, PolicyPal, a Singaporean startup, announced the launch of its AI-enabled mobile app, which includes a chatbot supported by IBM Watson Conversation technology. The app not only helps prospects through the insurance selection process, it explains complex insurance concepts to consumers to enhance their overall insurance knowledge. The AI, having educated itself, is in effect giving back through chatbot interactions. That is the future of insurance interaction, a market where both parties have something to learn and gain from the insurance relationship. When Gartner asserts that, “Chatbots will power 85% of all customer service interactions by the year 2020,” that may be enough to drive some business leaders to look into all that chatbots have to offer.

The massive data breach suffered by Equifax has both serious consequences for consumers and potentially profound long-term implications for commerce and the nascent cyber insurance industry. In the three days since Equifax’s press release announcing the breach potentially exposing names, addresses, birthdates, Social Security numbers and other information for about 143 million U.S. consumers, both the federal Consumer Financial Protection Bureau and New York State Attorney General Eric Schneiderman have criticized the giant credit bureau’s response and, in particular, an “arbitration clause” that may severely curtail the legal rights of any consumers who take advantage of free credit monitoring offered by Equifax. The arbitration clause is included in the terms of service for Equifax’s credit monitoring program and, as reported by the Washington Post, bars consumers from participating in class action law suits, requiring instead that all disputes be settled by “binding individual arbitration” and limiting consumers’ rights to discovery and appeal. Equifax has stated the arbitration clause won’t apply in this case, but some have warned that the company’s statement may not be legally binding. Consumer beware. See also: VPNs: How to Prevent a Data Breach  The harm to consumers may last a lifetime as people have the same birthdate from cradle to grave, most will have just one Social Security number and many will use but one name. Yet, Equifax is offering just one year of credit monitoring. For now, it appears that Equifax is failing crisis response 101. Instead of impressing consumers, clients and public officials with its transparency and earnest desire to make things right, the company has attracted criticism that undermines efforts to limit damage to its reputation, rebuild trust and inspire confidence. The gold standard in crisis management remains Johnson & Johnson’s handling of the 1982 Tylenol tampering case that led to seven fatalities in Chicago. That is playbook for business. But the Equifax breach and its response raise several other critical issues. Most obviously, what should consumers be doing to protect themselves? (See “The Equifax Data Breach: What to Do” at the Federal Trade Commission’s website for a number of useful suggestions, including checking credit reports.) The less obvious but perhaps more profound issues raised by the massive data breach at Equifax pertain to the future of commerce and cyber insurance. With the breach exposing several of the data elements typically used to verify people’s identities, one must wonder what will happen if businesses and financial institutions lose confidence in their ability to confirm we are who we say we are. Imagine a world in which merchants can no longer accept credit cards. Imagine a world in which banks and credit unions can no longer make loans. Imagine a world in which one can no longer bank or trade securities online. And, lest one succumb to the notion that advanced biometric security measures will save the day, understand that biometric data is stored in computer files that can be hacked just like birthdates, Social Security numbers and the like. Changing stolen user IDs and passwords is easy, but what is the fix when hackers steal retinal scans, fingerprints and the like? The hope is of course that bright minds will find ways to protect us from criminal hackers and other nefarious parties who would do us harm, and yes — bright minds are already on the case. Witness in particular the rise of cyber insurance, and focus not on the compensation paid by cyber insurers in the wake of cyber incidents but rather on the underwriting done when cyber insurance policies are written and insurers’ work with clients to prevent and control losses. In many ways, this is emblematic of a larger movement in insurance and risk management from indemnification to loss prevention as the application of advanced analytics to big data enables intervention before losses occur. But while this might seem a new model, it is actually one that has been with us for quite a long time. People don’t buy boiler and machinery insurance because they want to be paid after boilers explode. Rather, people would prefer that boilers don’t blow up, and they want the benefit of the engineering and inspection services delivered during the underwriting process. See also: Aggressive Regulation on Data Breaches   Nonetheless, there will be times when cyber losses occur, and cyber insurers will be called upon to respond. The Equifax breach provides a mere hint as to the coverage limits insureds may require and the amount of capacity, or capital, cyber insurers may need to cover the risk. Insurers that can figure out how to price and underwrite cyber risk have a tremendous opportunity to do well by doing good. One key will be successfully quantifying and managing aggregation risk (the accumulation of risk as a result of covering multiple insureds using the same or similar systems, etc.).

Oh, hey, Walmart. Look at how you're winning at branding today. I used to work with brands that were sold at Walmart. I know from experience that the "Own the school year like a hero" tagline and point-of-sale sign was never designed to market firearms. With two clicks of a mouse, I confirmed that the sign is part of a campaign featuring back to school clothing items featuring superheroes. Unfortunately for Walmart, this "display" -- likely the work of a cheeky sales associate who did it for the laugh -- got lots of negative attention. See also: Will Brandless Become the Biggest Brand?   With more than 3,000 stores, the retailer has a tough job keeping tabs on its brand across all touchpoints. This speaks to the need for training and empowerment of all store employees to deliver on the company's brand promise -- every day, with all their actions. This one brand transgression has already thrust Walmart into the spotlight with some negative publicity -- at a critical time when families are flooding back to retail to restock for the new school year. A company's people are probably the most important part of their brand. In the age of instantaneous news, non-news and social sharing -- one bad decision on the part of a single employee can cast a negative impression on the entire brand. This is almost the same as was happened to United Airlines a couple of months ago, when line employees weren't truly empowered to do right by their customers. As was the case with United, I don't suppose that Walmart's brand will take a significant financial hit because of this one incident, no matter how awful we think it is. The strategic brand construct consists of two parts: 1) the part the company owns: the "identity," and 2) the part that customers own: the "image." One of the goals of branding is to ensure these two aspects match. That requires a 360-degree focus on the brand and requires everyone in the company to be a steward of the brand, from the most junior sales associate on the floor, all the way to the CEO, and everyone in between. When one oblivious sales associate makes a split-second decision to do something off brand, and that image is captured on social media and subsequently shared at the speed of light, that single action speaks for the entire brand. See also: Lessons From 3 Undisrupted Brands   For all brands, regardless the industry they're in, employees are the primary stewards of the brand experience. Train employees on your brand's vision, its core DNA and the essence of how every customer should feel when he or she interacts with the brand at any stage of the customer journey. Create incentives for employees to deliver an on-brand experience. And correct them -- or even dismiss them -- when they don't.

To drive operational effectiveness and capital deployment efficiency, leaders of captive insurance companies are increasingly in need of improved methods for performance evaluation and tools that go beyond simple financial ratio analysis or industry benchmarking comparisons. This need includes validation of the risk management program relative to the captive’s purpose, strategy and goals, as well as transaction and decision process transparency, performance tracking, formal decision-support analytics and informed disclosure to oversight groups. For many organizations, captives offer considerable strategic and financial value; consequently, they play an increasingly significant role in the overall risk management program. Additionally, captives often compose an integral element of an organization’s strategic planning efforts. Captive growth and business strategies can be more fully supported by an enhanced ability to monitor, analyze and track performance relative to the captive’s existing risk portfolio and new coverage opportunities. The benefits of these measures can include improved risk transfer and control decisions, as well as validation of risk and insurance management practices, activities and decisions. By improving decision-support information, the leader of an organization’s captive may gain increased recognition and commitment from senior management, which in turn leads to greater ability to write new coverages and enhance the existing program. The following method for improving decision processes for a captive offers a new approach for measuring its current performance and evaluating its potential. Strategic Captive Opportunity and Utilization Technique The strategic captive opportunity and utilization technique (SCOUT) is a performance evaluation methodology that consists of a performance scorecard and a reporting dashboard. It provides a framework to evaluate, rank and prioritize current and potential business/risk opportunities and a foundation for improving decision-making and enhancing strategic utilization and planning. The scorecard is a database that captures strategic and tactical factors while the dashboard consolidates the scorecard data for monitoring, analysis and reporting. Together, these tools support decision-making capabilities. As a technique for measuring captive opportunity and utilization, SCOUT conveys meaningful information with simplicity, converts qualitative benefits into quantitative terms and delivers a formal process that is consistent and reusable. The SCOUT process involves evaluating the performance of each coverage underwritten by the captive, as it relates to the original purpose, strategy and goals for captive formation. It also provides a framework for assessing the potential success of proposed coverages, including pro forma financial analysis, volatility considerations and risk profile changes. See also: Innovation: Not Just for the Big Firms   Performance Scorecard The scorecard represents a model to evaluate quantitative and qualitative metrics through a consistent scoring methodology (see below). The metrics, or key performance indicators (KPIs), include strategic goals, operational objectives and expected economic benefits. Specifically, the model assesses five primary KPIs: 1) achieve operational excellence; 2) reduce costs; 3) build surplus; 4) maximize return on invested funds; and 5) improve the risk management function. Each KPI is broken down into critical components to fully capture economic and non-economic performance evaluation criteria. Accordingly, the KPI structure builds from strategic performance goals to detail-oriented tactical objectives. The KPIs provide a framework for monitoring the effectiveness of the organization’s captive strategies, including identifying gaps between actual and targeted performance, as well as assessing overall organizational effectiveness and operational efficiency. KPIs can also help track progress toward a desired outcome. Specific KPIs are selected based on their ability to determine if a strategy is working, gauge performance changes over time and focus management’s attention on what matters most. The KPIs also allow measurement of accomplishments, provide a common language for communication, help reduce intangible uncertainty and can be validated and verified. Using the SCOUT process, each coverage underwritten by the captive is analyzed separately using selected KPIs. Input data is obtained through annual financial statements, actuarial analysis and internal and external captive and coverage specialists. Each KPI component is rated based on the priority of the goal or objective (mapped on the x axis) and performance evaluation of the goal or objective (y axis). Ratings criteria range from a score of “1,” which represents “minimal importance/not met” relative to goal/objective priority and goal/objective performance evaluation, through “5,” which represents “critical/exceeded” for goal/objective priority and goal/objective performance evaluation. Additionally, each KPI component can be rated as quantitative or qualitative. When a dollar figure can be used to support the performance evaluation, the KPI component is quantitative; when benefits are more intangible and difficult to quantify, then the qualitative selection ensures these benefits are included in the performance evaluation process. Components of the Key Performance Indicators The five KPIs are made up of critical components that offer enhanced measurement detail. For example, the components within the “achieve operational excellence” KPI include current and historical loss ratios as well as premium materiality. Components of the “reduce costs” KPI are based on loss versus non-loss costs. Loss costs refer to lower insurance premiums achieved through the captive’s ability to change risk retentions, based on commercial insurance rates, risk tolerance and appetite and internal strategic business financial needs. A second element of “reduce costs” is savings from claims management and loss control activities as illustrated by loss rate trends. Claims management activities include early reporting, cost containment strategy, improved legal defense and subrogation, and increased management attention. Loss control activities include engineering, cost of risk allocation and contractual risk transfer. Non-loss cost components refer to tax dynamics, fronting fees, collateral needs or third-party vendor fees. The “build surplus” KPI represents the buildup of underwriting profit. Performance evaluation criteria are based on insured coverage versus pure balance sheet risk and whether the coverage is intended to protect business assets or stabilize premiums and losses or represents diversification into a profitable new business, such as extended warranties or service maintenance agreements. “Maximize return on invested funds” is the lone KPI that measures a potentially negative result as based on the amount of investment income that can be earned on surplus within the captive versus repatriating funds back to the parent to invest in higher income-producing opportunities. Known as opportunity cost, the performance evaluation criteria are based on selection of an appropriate internal capital rate, regulatory surplus requirements, catastrophic loss potential and future coverage needs. Determination of the internal rate of return is based on the organization’s financial strength, including cash and collateral needs, earnings, borrowing capacity and asset strength. Finally, the “improve the risk management function” KPI includes various qualitative criteria about the captive’s ability to improve control and administration of the risk management function and the flexibility of the risk management program. Component KPI metrics that measure improved control over the risk management function include the ability to negotiate or replace fronting insurers or reinsurers, consistent application of risk management throughout the organization, cost of risk allocation support, alignment of risk appetite and risk tolerance, underwriting dynamics and emerging risk identification. The component KPI metrics for improved flexibility of the risk management program include coverage forms and rates, coverage requirements and unbundled services. Component KPI metrics for improved administration of the risk management function include ability to protect reputation, governance structure and reporting, enterprise risk management application, coverage renewal automation, data warehousing and analytical capabilities. Reporting Dashboard The SCOUT dashboard offers predictive capabilities using a visual tool to track trends and align activities with goals and helps to identify when and where important adjustments should be made to the program. The visual display should allow end users to monitor what is going on at a glance by focusing on only the most important information needed to achieve objectives. Thus, managers will be able to step back from the details contained in the scorecard and identify key trends and relationships. The dashboard also serves as a reporting tool for senior management and board discussions and presentations while specific supporting data is contained within the performance scorecard. From a software perspective, the scorecard represents the back-end database while the dashboard represents the front-end interface and reporting. Scorecard results are designed to link to the dashboard for automatic updating. Because the dashboard is built upon information obtained in the scorecard, its final look and feel is unique to the captive’s original purpose and mission, goals and objectives. A potential dashboard application offers four design graphics, comprising: 1) select quantitative results; 2) quantitative metrics; 3) qualitative metrics; and 4) financial ratios. As the focal point of the dashboard, the “select quantitative results” section embodies the primary analysis in the display. Figures are taken directly from the performance scorecard. Each coverage underwritten within the captive can be detailed separately and sorted by policy year. Measurements include results for underwriting, loss rate, surplus and opportunity cost KPIs. Conditional formatting can be used to illustrate a check, exclamation point or X depending on performance result, in accordance with pre-defined rules. Sparkline graphics can be used to illustrate trends. See also: Demographics and P&C Insurance   The quantitative and qualitative metrics are captured within bubble charts through rankings of goal/objective priority and goal/objective performance evaluation within the scorecard. The bubble charts represent an effective xy scatter diagram, based on the metrics used for scorecard ranking. Finally, a financial ratios graphic can offer a traditional analysis of the financial performance of the captive as a whole. Within this analysis, actual versus benchmark ratios can be illustrated and sorted by fiscal year, including premium/reserves to surplus, risk retention to surplus, expense, loss, combined, policy year operating, investment income, asset to liability, reserves to liquid assets and operating ratios. Integrating SCOUT Into Organizational Risk Management Culture SCOUT offers a platform for supporting the business and growth strategies of the organization’s captive insurance company by offering a fully defined framework and methodology for consistent, sophisticated and continuous assessment of captive performance. The next step is for the organization to integrate SCOUT into its risk management culture to help in decision-making. For this to happen, the captive leader needs to develop a formal process for updating and maintaining the scorecard and dashboard, including data extrapolation of actuarial and financial statements and input from coverage specialists and strategic business unit leaders. When in place as a formal business process, SCOUT enables detailed and usable monitoring and tracking of risk management and risk financing functions related to a captive insurance subsidiary. It can also illustrate current and future economic benefits with both quantitative and qualitative metrics for strategic business unit leaders, board members, treasury and C-suite executives. As a platform for making better, faster decisions, the scorecard and dashboard can fit into the organization’s enterprise risk management efforts. Information is rolled up through the dashboard function while the scorecard allows for drill-down into the specific details needed to fully support decisions. Improved management and governance can then help captives take advantage of opportunities for new coverage types, enhancements, program improvements and corrective actions. Reprinted with permission from Risk Management Magazine. Copyright 2017 RIMS Inc. All rights reserved.

The personal lines segment of the property and casualty (P&C) industry has been the golden child of late, having exhibited a willingness and apparent propensity for the adoption of new tech. While personal lines may be the first that place new technology has gained a foothold in the insurance industry, it is hardly where the real potential is hiding. In contrast to personal lines, which has historically been the industry’s “volume game,” commercial lines remains a segment where high degrees of expertise and specialization allow insurers and brokers to carve out very specific and profitable niches in the market, making the definition of the best risks necessarily relative. The specificity of commercial lines business is precisely why these insurers are poised to become the beneficiaries of new tech driving efficiency gains up and down the value chain. See also: Innovation: ‘Where Do We Start?’   Right now, insurance companies are entertaining new ideas about what to cover, how to cover it and how to most effectively bring commercial insurance products to policyholders. In an era inundated by new tech, the bests ways for commercial lines insurers to identify, compete for and win the right to write the best risks include investing in solutions and partners that enable better communication, better products and significantly better distribution. Better Communication Within commercial lines, there’s a high degree of variation between how things get done depending on the characteristics of the risk (e.g., exposures, premium size, geography, etc.). The universal truth, however, is that there is a big market opportunity for technology to improve communication and collaboration between underwriters, brokers and policyholders. Insurance policies in general, and complex commercial policies in particular, take too long to write, require too much back-and-forth between brokers and underwriters and let too many premium dollars fall through the cracks due to inability to quickly close a customer. What is perhaps saddest about the current state of affairs is that the breakdown in communication begins at the start of the sales process. A recent survey from Channel Harvest Research revealed that brokers wish insurers would put greater emphasis on what the company is willing to write. Commercial lines agents often invest significant data entry time on applications or key information into an insurer portal only to be declined due to underwriting ineligibility. One could easily equate such a situation to Amazon asking customers to submit an onerous, multi-page order form for something before revealing whether the product is even available. Despite this kind of situation having been normalized in the insurance industry, it is also an area where new technology is already making a positive impact in typical insurance processes. The essential first step for any commercial insurer to get a look at the best or most desired risks is to clearly articulate the company-specific definition of the best risks. While this may seem almost oxymoronic, commercial insurers must be able to clearly define and communicate niches and specialties, so that business partners and channels know instantly what is within the company’s wheelhouse without wasting underwriting time with ineligible or undesirable risks. Better Product It seems safe to assume that no one responsible for the regulatory aspects of insurance product approval or filing has ever been heard saying “Boy, that was easy!” Regulatory complexities, to make matters worse, can be compounded when an insurer attempts to design and bring to market a non-standard product. New insurtech entrants are doing everything from automating and managing the filing process with the multiplicity of state insurance divisions to providing artificial intelligence (AI) to identify like contract clauses that can be brought to bear when designing product. Because insurance is responsible for producing an astounding amount of legalese, taking collective advantage of it just makes good sense, doesn’t it? Thanks to insurtech, it’s increasingly possible to automate the development of contract language and manage getting it filed with insurance departments with almost Turbo Tax-like efficiency, helping insurers laser-focus on emerging market opportunities instead of on creating more legalese. Better Distribution In the age of the internet, too often there’s a rush to judgment that improving distribution means taking a product online or cutting out brokers and going direct. The truth is that better distribution is smarter, more targeted distribution that puts the buying decision in front of the potential policyholder at exactly the moment insurance is needed for something (and often this requires a broker, especially as you move up market). See also: Insurtech Is Ignoring 2/3 of Opportunity Some commercial insurers are finally starting to realize the thinking that every match must be a “home game,” and that distribution and underwriting (the sales process) must happen on a company website or portal, is hopelessly outmoded. Insurers today are delivering APIs to distribution partners, thereby empowering partners to create a native rate/quote/bind experience specific to the channel. Why can’t workers’ comp be sold directly in a payroll app? Why can’t a liability policy be issued directly from drone controller software? Why can’t a policy be endorsed at the time new equipment is procured? Why can’t a cyber policy be issued commensurate with the sign-up for AWS or GCP or Azure? There’s easily as much opportunity, if not more, to sell insurance at the point-of-sale (PoS) in commercial lines as the personal segment. By identifying the right buying trigger, insurers can tap into a supply line of the best risks. Conclusion At the end of the day, the definition of the “best” risks varies from one commercial lines insurance company to another, but ultimately, the best risks are those each company individually determines are a good fit for the company strategically. Figure out what best means to your company, clearly articulate your definition of best to the world, tailor product to cover the niche and sell the heck out of it.

In its latest effort at self-promotion, industry “disrupter” Lemonade has posted an article on multiple web sites. Here is the article from one source: “Lemonade: World’s First Live Policy” Below are some excerpts from the article and some observations and questions of my own. “Then, customers would need to pay for some changes, and probably get a new policy sent to them in the mail (snail mail, of course). That’s where the red tape and long wait times come in….” So, the changes listed in the article that Lemonade will allow their insureds to make without customer service assistance wouldn’t in some cases result in additional premium? And what carrier mails an entirely new policy for changes as described in the article? This is nonsense, and it is not an accurate nor an honest statement. “As far as we know, no other insurance company allows its customers to modify their coverages or even cancel their policy on their own.” This is disputed in one comment at the bottom of the article linked above. More important, if anyone actually CARES about the customer, why would they want to facilitate an untrained person to make a change that, unbeknownst to them, could create a serious exposure gap? So, Lemonade would allow, with no questions asked and no intervention by customer service, one spouse to remove another spouse even if both are named insureds on an insurance CONTRACT? The insured, without question or counsel, can remove a landlord as an additional insured on a policy even if the lease contractually requires the landlord to be covered? How many insureds read their leases or insurance policies? How many would know the potential liability they’re incurring? Do the people at Lemonade understand this? This is why knowledgeable insurance agents serve a purpose. Most insurance agents are required by law to pass examinations and engage in state-approved continuing education to provide counsel to consumers for these types of decisions. How is a consumer who knows pretty much nothing about insurance supposed to make coverage decisions on her own without the training that state regulators require of agents? What do regulators think about this practice? “Even if you buy renters insurance directly from the likes of GEICO or Progressive, the only part that’s direct is taking your money and sending you a policy. Everything else requires customers to contact customer service — which we all know can be… painful. That sucks.” What can be far more painful is the inability of an uneducated, ill-informed and unsuspecting consumer to contact customer service to obtain the counsel and advice of a properly trained and knowledgeable insurance agent. See also: Lemonade’s Crazy Market Share   It sounds like Lemonade is adopting a practice that saves THEM a lot of time and lessens THEIR need to hire competent insurance advisers and SELLING it as a benefit to consumers. In other words, Lemonade is reducing its workload, increasing consumers’ risks of loss and making customers thank the company for it. On top of that, because Lemonade is not intervening in the insured’s own bad judgment, is the company also insulating itself from E&O claims such that customers will have no coverage under either their own policy or Lemonade’s E&O coverage? Who is the real beneficiary here? I think most insurance professionals can answer that question. Caveat emptor.

There have been three major global cyberattacks in the last six months. These attacks have caused extensive system damage and monetary loss. Some companies affected remain crippled weeks or months after the attack. Will this rate of “one every other month” continue? Nobody knows, of course. But, as a recent Wall Street Journal op-ed suggests, ransomware will remain the dominant attack method of choice, and the problem “isn’t going anywhere.” The article claims that “cybercriminals launch hundreds of millions of attacks daily across the globe, and recent studies have found that as many as 60% involve ransomware.” Why? Because they are easy, and they work. Without a robustly secured network, it is impossible for most entities to withstand a targeted or random cyberattack. So most companies, big or small, generally enlist the help of third-party vendors, which traffic a multitude of software products, modules or platforms to keep cybercriminals from exploiting vulnerabilities. But, because nothing is fail-safe, companies must still consider buying insurance to protect against the staggering potential of loss that a global cyberattack can cause. See also: Why Buy Cyber and Privacy Liability. . .   Cyber is no different from other risks that an organization could be exposed to (e.g., fire, burglary, flooding, power failure, strikes and liability issues). Businesses have to consider insurance against cyber-attacks and the relating financial consequences. This kind of insurance policy is known as Cyber Liability Insurance Coverage, or CLIC. With the estimated annual costs to the global economy from cybercrime estimated between $375 billion and $575 billion in 2014 alone and the average cost of a corporate data breach at more than $3 million per incident, it is understandable why cyber insurance is catching on. Still, there seems to leave a lot of room for error, rounding or otherwise, in a market where U.S. insurers wrote approximately $1.3 billion in cyber coverage last year. This is expected to reach $14 billion by 2022. There is industry data that shows insurance premiums could range from $800 to $1,200 for SMEs/SMBs with revenues of $100,000 to $500,000 (on the low end) to more than $100,000 for SMEs/SMBs with revenues in the millions. Allianz SE, the largest insurer in the world, expects these premiums to skyrocket by 2025. Furthermore, the Insurance Information Institute estimates that the third-largest risk for companies worldwide is cybercrime, not in the least due to cyber attacks such as WannaCry and Petya/NotPetya. As it stands right now, insurance companies have limited resources to address the growing number of CLIC applicants. There are the obvious factors that come into play when calculating an insurance premium: the nature of the business, the vulnerability (attractiveness for cyber crooks) of the data, the size of the company and the amount of revenues, etc. But pinpointing the exact risk is still evolving. Currently, insurers mostly rely on questionnaires or third-party onsite assessments to estimate the cybersecurity posture of applicants, which is time-consuming and expensive. Because this branch of insurance is not mature enough, there is a lack of specialized and qualified personnel that have the experience and expertise to perform cyber risk assessments. In many cases, the onsite assessments are conducted by junior staff members of the insurer and junior security consultants using non-standardized methods. My guess is that insurance companies still don’t know exactly what they are insuring and what to charge, because there are still inefficiencies in the market. There are conflicting definitions of what exactly makes a system “secure” and what constitutes a threatening vulnerability that must be decided upon. Knowledge still has to be gained to determine how to manage risk. Most insurance companies are large enough to have a staff of security officers and to use third-party vendors to protect themselves from cyber vulnerabilities. But what to do about assessing insurance candidates? The good news is that there is progress being made where advanced simulation can help assess the various attack vectors that are being used today. The value of such a CLIC assessment would derive from being able to put an aggregate “risk score” on an insurance candidate. The score would be based on known and acceptable risk calculating methods such as NIST, CVSS3 and DREAD. It would be provided to each applicant based on the results from a simulated assessment done on its network, testing all its security controls. See also: How Data Breaches Affect More Than Cyberliability   The value from such technology comes from insurers being able to know within a few hours if they should provide coverage to an applicant based on demonstrated risk, how much coverage to provide the applicant without putting the insurers at risk and how much in premiums to charge based on an accepted risk score provided after the assessment. Providing a uniform score for cyber insurance applicants reduces the exposure level for insurers, possibly saving millions of dollars and could even lead to revenue growth by raising premium prices to match the risk level.

I was in New York City recently and found myself talking to the founder of a fintech. His company had recently raised several million dollars from a large investment bank. It raised some questions about how insurers go about partnering with startups. Things were going really well. I asked him about progress engaging with the bank as a “supplier.” I guessed that a bank that had invested such a sizable sum would be eager to get its hands on the startup’s technology. I wanted to hear how banks had solved some of the problems around partnering with startups experienced by insurers. It turns out they have the same challenges. The founder told me that the first thing he had to do post-investment was to sign a policy confirming that he does not use child labor. His team was currently in the process of filling in a 60-page questionnaire on data security. It was months before he expected to be live with any kind of even limited pilot. The startup was one of the first to be accepted by the bank’s incubator. Recognizing the process challenges, a technical employee had been seconded from the bank to help the team four days a week. The employee was advising on how to build technology to be compliant with the bank’s requirements. This was helpful – but rather than shortening the timeline had merely made its requirements achievable. All this oversight “red tape” despite the fact that most of the founding team are former employees of the bank and that one of bank’s senior managing directors was a director (through the investment). See also: Startups Take a Seat at the Table   I was surprised by this. On some dimensions, fintech is ahead of insurtech, notably on investment volumes (see page 3 of our presentation to the Slovenian Insurance Association). But it seems that banks suffer from the same challenges engaging with startups. This made me wonder: Is the startup-as-a-supplier model a failed experiment? How can it be that a bank is willing to invest millions in a startup but then finds it so hard to use its product? It is too early to know for sure if the model is a failed experiment. However, it is fair to say that the model is not currently working for most insurers. This blog proposes two changes in the way that insurers could partner with startups – one pragmatic, the other radical. Design a "startup-grade" governance framework (or "sandbox") It is very easy to produce slideware that tells management teams to be more “agile” and launch “innovation pods.” The problem is that an innovation strategy needs to be rooted in detailed operational analysis to be effective. A vital component is a “startup-grade” governance framework – in other words an onboarding and oversight process that is commensurate with a startup’s resources and the scale and likely risk of any early implementation. For example: What are reasonable information security requirements for a small-scale trial; how does procurement get comfortable with a pre-revenue business? These are questions that companies tend to tackle in an ad hoc way at the moment. There are two consequences: First, engagement processes are slow, and, second, solutions are bespoke. In other words, companies are not “formalizing” their learnings to speed up future engagement processes. We believe that insurers with ambitions to engage with startups should design these governance frameworks – sometimes referred to as “sandboxes” – soon after settling on their innovation “vision.” Avoiding this operational detail will slow or kill the startup partnership. Critical in all of this is differentiating between genuine “red lines” and “nice to haves.” An insurer must, for example, be satisfied that its startup partnership is not contravening the rules imposed by the GDPR; on the other hand, the procurement process could probably be shorn of company-imposed requirements like the need for suppliers to show three years of audited financials. At Oxbow Partners, we are currently helping several clients develop startup-grade frameworks and the processes that sit underneath. A new startup partnership model: "buy in-spin out" A startup-grade governance framework may, however, not work for all companies. Some will simply find it too hard to find an acceptable compromise between their standard compliance processes and the needs of a startup. There is some legitimacy to this outcome: As we have pointed out, the penalties of non-compliance with legislation will mean a “sandbox” is not to every organization’s taste. This would mean that for some companies the startup-as-a-supplier model will not work. So how do these companies get access to the best ideas, technology and talent? It seems to me that the point of failure in the current model is that a startup is an outside partner. This is beneficial in some ways – a management team that has incentives to build a business; separation from a corporation to allow for creative and rapid development. But where there are advantages there are disadvantages: Alarm bells might ring in a corporate risk team when they see the words “creative” and “rapid.” We therefore suggest more attention should be paid to an alternative model, which we call the “buy in – spin out” model. (Some companies are already offering elements of our model, but not, as far as we know, in the form we are proposing.) In this model, corporations would buy a controlling stake in startups early in their lifecycle and run them as internal development teams. The startup’s objective is to make the technology work for the “host” organization. This simplifies the startup’s objectives, makes the governance framework clearer and also gives the startup access to internal resources to comply with these requirements. See also: Will Startups Win 20% of Business?   At a certain point, each side has the opportunity to buy the other out. Either the startup believes that its idea is broadly marketable and buys out the “host” with a consortium of investors (“spin out”). Alternatively, the corporation thinks that the business gives it competitive advantage, in which case it might offer a higher price than the consortium. Clearly, there are many issues to test before implementing the “buy in – spin out” structure. The most obvious is startup appetite: The startup will have a deep fear of either being crushed by a corporate owner or being tarnished by the host when trying to distribute to competitors. The solution may not yet be clear, but the problem is well-defined. While there is a lot of activity around partnering with startups, we are yet to see many implementations beyond limited POCs. Insurers need to ensure they are not just defining their “vision” but building an effective operating framework to make it happen. This article was first published on the Oxbow Partners Blog.

With Hurricane Harvey gone and people in Houston starting to pull their flood-ravaged lives back together, here comes Hurricane Irma. This is what Irma looks and feels like at the moment, as described by our friend and colleague Guy Fraker, ITL's chief innovation officer and a resident of the Florida Keys:

"If the forecasted winds and waves come to fruition, the house will be a total loss. We normally have 1.5- to 2-foot 'waves' on our mile-wide channel. Saturday and Sunday are projected to see 27- to 31-foot waves, lasting 11 to 13 seconds each, for 15 hours. With winds topping 150 mph pushing debris on water 30 feet above normal, this is Andrew all over again."

Guy has a gig in Baltimore this week, and his wife, Becca, is with him, so the one hopeful note is:

"The car is on the fourth floor of the Ft. Lauderdale airport, with essentials, and we loaded up the luggage—so we'll see."  

While we can still hope and pray that Irma, with its currently 180 mph winds, swerves north and away from land, Harvey and perhaps Irma provide the first real test of the newly innovative insurance industry. We've been talking a good game for a couple of years now, but how fast will we really be to pay claims? How good will the drones be at assessing damage? How much smarter have our assessments of risks become? Will "gig" workers make a difference? 

We also, of course, face the question that comes with every disaster: In this moment of truth, are we as an industry really trying to give people peace of mind and get their lives back to normal as quickly as possible, or is that just a marketing claim and something we tell ourselves so we can feel good about what we do? I'm hoping we're sincere and have learned some of the hard lessons from Sandy and Katrina about where points of contention are and about how we need to treat customers. We'll see. 

Finally, we have to figure out what to do with the National Flood Insurance Program, which is set to expire at the end of the month. Even if Washington weren't dysfunctional, an answer would be elusive. We all know that the NFIP doesn't work. What would work is rather harder to define.

If you find these topics half as compelling as I do, then I commend to your attention four articles that we've published over the past week, which I'll describe here rather than just include in the six articles below. I tackle all three topics—the test of innovation, the need to honor our commitments and the NFIP question—in "Harvey: First Big Test for Insurtech." (My advice on the social responsibility front: Be like J.J. Watt, not Joel Osteen.) Bill Wilson suggests a solution for the NFIP in "Time to Mandate Flood Insurance?" Michael Murray suggests that the federal government could get out of flood insurance entirely, in "Harvey Hammers Home NFIP Issue." He also offers a thorough, insightful exploration of the public trust issue in "Hurricane Harvey: A Moment of Truth."

I'm hoping that next week's note will be much cheerier—but not counting on it.

Cheers,

Paul Carroll, Editor-in-Chief

P.S. Back in April, I wrote about— OK, I mocked —Juicero as an example of how innovation can run amok even when smart people are involved. The heavily funded startup's business model was to have you buy a $700 device for the privilege of getting access to the company's overpriced juice—only to have a Bloomberg reporter show that she could squeeze the juice packets by hand faster than the high-powered, super-smart, internet-connected juicer could. Well, Juicero, mercifully, closed up shop over the weekend.

Good riddance—but rest assured that this won't be the last spectacularly bad idea to draw funding. Keep your guard up.

For millions of Americans, the end of summer marks an important tradition: fantasy football drafts! Even with the National Football League seeing a slight downturn in television ratings for the first time in years last season (the possible causes of which are too complex to address here), fantasy football continues to grow in popularity. The Fantasy Sports Trade Association estimates that almost 60 million people in the U.S. and Canada will play fantasy sports in 2017 (with fantasy football being the most popular). Fantasy football continues to be a colossal enterprise that drives significant interest to the NFL, as well as a wide array of supporting industries looking to monetize our apparently unquenchable love of this game within a game. One such secondary industry, which began developing several years back, is fantasy football insurance. Although some of the original companies may have fallen by the wayside, there are still a few companies selling these "insurance" policies, intended to provide coverage for a fantasy owner’s investment in the event a starting player gets hurt. Although some of the details have changed over the years, these policies continue to raise interesting questions under insurance law. See also: How Literature and the NFL Shed Light on Innovation   As a starting point, let’s recap how fantasy football works. A group of participants, or “owners,” form a league to compete against one another based on the statistical performance of NFL players in real, live games. Teams are typically made up of a quarterback, some combination of running backs, wide receivers and tight ends, a defense and a kicker (with backups for key positions). More advanced leagues may also incorporate defensive players and special teams. Before the NFL season starts, the owners hold a draft – or sometimes an auction – to divide the desirable players (expected to accumulate strong statistics over the season) and build their rosters. Each week during the NFL regular season, fantasy teams square off against each other, earning points based on their players’ performance in NFL games. Whichever squad scores more points that week wins, and the teams that accumulate the most wins have a short playoff during the last few weeks of the season to name an ultimate champion. Fantasy football is popular for countless reasons, but, for many, it’s a form of competition among friends (or even strangers), and, as with any competition, there is an opportunity for wagering. Although many leagues are simply for fun, very often leagues have an upfront buy-in (ranging from a few dollars to thousands), with the champion taking home cash at the end of the season. Fantasy football certainly combines elements of both skill and luck in ways that many more traditional gambling ventures, like slot machines or craps, can’t claim, but, in many regards, fantasy football serves as a statistics-based gambling enterprise. The insurance products available online are intended to protect an owner’s “investment” in the league; that is, the cash buy-in. Typically, an interested owner picks a player he wants covered from a list of eligible players on the insurance company’s website and determines how much “coverage” to buy. Prices vary depending on a few different factors (coverage options, a player’s history of injuries, etc.). For example, in updating the research for this article, I was able to buy a $50 policy on one of my star wide receivers for $6.40 using a coupon code found online. If my insured player misses 8 or more games due to injury, the policy will pay me $50 to make me whole for my league buy-in. But what am I really insuring? All insurance policies require an insurable interest, which means that a policyholder must have a valid legal or financial interest in the thing he wants to insure. People buy insurance policies to cover lots of things: their body, home, car, business, life. We buy insurance for these things because we have an insurable interest in them – if something bad were to happen to them, it would harm us. In most states, to form a valid insurance contract, the insurable interest must exist both at the time the policy is purchased and at the time of the loss. If the policyholder has no insurable interest, the insurance policy is typically deemed void (although many courts still enforce the policy against an insurance company that accepts premiums knowing that no insurable interest exists). A mere “contingent” or “expectant” interest that isn’t based on a legal interest or right is typically not enough to be insurable. Without an insurable interest, the contract essentially becomes a wager that something bad will happen to the thing insured; there is only the upside of a payout if the insured matter is harmed, without any downside to a disinterested policyholder. These fantasy football insurance policies challenge the insurable interest requirement by expanding what kind of interest can be insured. Is owning a player on a fantasy football team, and betting on that team, a sufficient legal interest to be insurable? Maybe, maybe not. Technically, betting on fantasy football is legal in most states, especially those that allow betting on games of skill. The betting also likely complies with federal law: The Unlawful Internet Gambling Enforcement Act of 2006 (UIGEA), which attacks funds transfers associated with internet gambling websites, specifically carves out fantasy sports from its reach. (In recent years, the rise in prominence of daily fantasy sites, such as Draft Kings and FanDuel, has brought the legality of betting on fantasy sports into question, but this article assumes that ordinary participation in a season-long fantasy league with a cash entry fee complies with the statute.) But even if legal, it is undeniable that a fantasy football owner’s sole monetary interest in his players is the league entry fee, which is a wager against the other owners in the league; to the winner go the spoils. The purpose of the insurable interest is to prevent using insurance policies as a form of gambling, so it would make little sense that a policyholder could have an insurable interest in a (possibly legal) wager. In this regard, fantasy football insurance is a wager on a wager, and probably lacks an insurable interest. Another challenge for these insurance products is that the insurance companies have no way of confirming that the policyholder even has the insured player on his or her team. In years past, carriers selling these policies made actually no effort to determine if the policyholder actually had the covered player on a team. Now, at least one company is asking customers to click to confirm that the player is on the customer’s roster, but the insurance company has no way of knowing if the policyholder keeps that player on the roster throughout the season. Trades and other transaction are one of fantasy football’s most popular features, as owners enjoy managing their teams and shuffling their rosters. If I trade away my covered player in Week 2, and he has a season-ending injury in Week 3, the policy should be void, because I no longer hold an insurable interest in the player covered. The insurer also has no way of determining how much my insurable interest should be; policyholders are allowed to buy any level of coverage. See also: 4 Goals for the NFL’s Medical Officer   Because of the absence of a valid insurable interest, these policies do not likely qualify as “insurance” policies under most states’ laws. So what are they? The law would probably consider them to simply be a bet that a particular player will get seriously injured. And not only is it a bet, it’s a bet made over the internet, which raises even more problems. Such bets likely violate federal law. UIGEA allows owners to bet on fantasy football because the outcome reflects the knowledge and skill of the owners and is determined predominantly by the real-world statistics of the NFL players on each owner’s team, but a bet on whether a player will get injured certainly fails this test and is likely considered a violation of the statute. But policyholders don’t need to panic quite yet. Consumers have no liability under the UIGEA – the law solely targets the financial institutions that process the transactions for unlawful internet gaming. In the end, fantasy football insurance companies aim to provide well-intentioned products to owners, ensuring enjoyment of their leagues and mitigation of risks. Most “policyholders” simply have a fantasy football team that they’ve spent some money on and want to hedge their bets in case a star player gets hurt. But do not be surprised to see courts or regulators step in to provide clarity on the legality of these policies if these products ever make a significant jump in popularity.