In April 2016, the U.S. Department of Labor (DOL) released a regulatory package that established a new standard for fiduciary investment advice. Under the Fiduciary Rule, investment recommendation given to an employee benefit plan or an individual retirement account (IRA) is considered fiduciary investment advice and therefore must be in the “best interest” of the investor. As a result, financial advisers who provide investment advice under the new standard now face limits on receiving commission-based compensation. Considering that 50% of U.S. financial assets is held in retirement accounts, the impact of the rule is significantly affecting insurers, broker dealers and investment managers. The DOL has long been concerned that people rolling over assets from an employer-sponsored pension plan to an IRA are not being well-advised and, as a result, are investing in products that are not most suitable for their needs or are unnecessarily expensive. Central to the DOL concern is what it perceives to be a lack of transparency around the standard under which an adviser is providing advice and how he/she is compensated. This is not surprising because advisers operate under multiple standards, with a majority of asset flows falling under a “suitability” rather than fiduciary standard. To address these concerns, the DOL expanded the definition of the term “investment advice” under ERISA, thereby imposing fiduciary status under both ERISA and the Internal Revenue Code on firms and advisers who provide investment advice under this expanded standard. A fiduciary is subject to the duties of prudence and loyalty and is prohibited from acting for his/her own interests or in a manner adverse to those of the ERISA plan or IRA. Accordingly, fiduciary status will have a fundamental impact on adviser compensation, as advisers who are fiduciaries may not use their authority to affect or increase their own compensation in connection with transactions involving an ERISA plan or IRA. See also: Does DOL Ruling Require a Plan C?   A catalyst of widespread organizational change The DOL Rule is causing significant changes to the insurance industry that go well beyond compliance. While the industry needs to be prepared for the June 2017 applicability date, delayed from the original April date, the rule (even if delayed again) is also a catalyst for more meaningful change for both insurance manufacturers and distributors. In many cases, these changes have been contemplated for some time. Compensation – For starters, to mitigate any conflicts of interest resulting from distribution compensation, insurers should inventory current compensation and understand the impact of changing models to various distribution channels. The industry has been focusing on the issue of compensation for some time, anyway (e.g., moving to commissions for annuities), and the DOL rule provides further impetus for change. This change will not be easy, not least because the industry has a variety of products and uses different distribution models. To facilitate the transition to the new environment, carriers and distributors will need to understand the current hierarchy and how it might change.

1. What is the distribution channel? Is the distributor a fiduciary? If so, what exception or exemption is the distributor using?
2. How will changing the hierarchy affect agents’ livelihood?
3. Do you risk losing agents to a carrier that will pay “conflicted” compensation?
4. How do you factor in outside compensation (e.g., marketing fees and allowances, 12-B1 fees)?
5. Depending on the product shelf, there will be different types of conflicts.
6. Determine which transactions are prohibited. Determining “red” and “green” transactions should be relatively easy, but determining “yellow” ones will be much more difficult, especially because the rule is fairly ambiguous in this regard.
7. Understand each other’s point of view. Distributors will create rules for types of compensation they will allow in their systems. Although they are currently uncertain about how they will have to adapt, carriers will have to change their compensation structures and communicate them to distributors.

Carriers and distributors will also need to safeguard against personal and organizational conflicts of interest.

1. How do we pay our workforce and others?
2. What is non-cash compensation?
3. How do we provide incentives to agents to sell products and sell certain product classes over others?
4. What is the difference between suitability and fiduciary?
5. Inventory products and create a tool to identify potential conflicts. This will be a complex undertaking, but it will enable carriers to determine who and how much carriers pay and why, as well as if conflicts are permissible or need to be disclosed.
6. Perform a compensation impact analysis; assess the performance of distribution compensation as it currently exists and what seems likely in the future. This should include an assessment of the future model’s effect on revenue, profitability, market position, channel attractiveness and overall company performance.
7. As part of a change management strategy, ensure that there is regular, clear and informative communication – both internally and externally – on impending change.

Changes in agent training Once the fiduciary rule is in effect, agents will need to be advisers first and sellers second. Even though many insurers, especially ones with captive sales forces, have already tightened sales practices in recent years, this does represent a genuine cultural shift and a novel convergence between compliance and sales and distribution. As a result, agents will need more training on their fiduciary role – all the way down to call center scripts – and, with rationalized product lines, most likely less product training than in the past. Some carriers are experiencing impacts they didn’t foresee. Because of their increasing need to respond to fiduciaries’ requests, they’re having to adopt their distributors’ policies and procedures (including access data requests) and change their product portfolios, share classes and fee structures. If they don’t do this, they risk losing shelf space to insurers that do. Product rationalization – The DOL rule is intensifying carriers’ and distributors’ focus on product rationalization. Smaller product portfolios and resulting streamlined distribution models will facilitate carrier understanding of its product suite and compliance risks when providing “best interest” advice to consumers, reduce training required for agents and help the industry reduce costs and increase scale. For example, with annuities:

• There are many providers offering many similar products, and oftentimes riders emulate characteristics of other carriers’ products that companies can’t build themselves. The rule provides the industry further incentives to address the inherent inefficiency in this state of affairs.
• When determining which products to sell, financial strength is going to be a key product rationalization consideration for distributors because compensation will be more normalized with fewer products. When product portfolios shrink, lower-rated carriers’ products aren’t going to receive shelf space, especially if distributors can’t clearly demonstrate their benefits to customers. As a result of portfolio rationalization and likely decreases in commissions, both carrier and distributor consolidation is likely to increase.
• Moreover, this isn’t just a business decision but also a compliance one; distributors will have monitoring policy procedures to confirm adherence to this policy. Accordingly, distributors will have to establish a product selection methodology for each segment that accounts for appropriateness and applicability.

However, regardless of product, the challenges of rationalization also represent an opportunity for insurers to have more profitable product portfolios because they can focus on what they’re best at. They also should be able to create products that are less capital-intensive and, with a level fee/different fee structure, potentially profitable in earlier years. In addition, rationalization can help solve the challenge of a shrinking captive and independent agent workforce; fewer and more transparent products should reduce the need to replace many of the agents who are at or near retirement age. Because of the ability to inexpensively manage small accounts and automatically comply with fiduciary standards, as well as the potential to increase scale as needed, robo-advisers should become an even more popular way for insurers to sell products. Data and technology – Moreover, the DOL rule makes capturing and maintaining new types of data a high priority for carriers and distributors. Agents will need to track, from the time contact is made with a client, how they acted in his/her best interest, and this record – which should be readily available to customers – will demonstrate that agents are being compliant (i.e., defensibility), as well as facilitate monitoring. Automating data capture, which should be especially effective via the robo-adviser channel, is the easiest way to ensure data is repeatable and transparent (again, defensible). This requires automating certain process to maintain compliance and be competitive in the future. Most of the industry has been aware of the need for technological changes, namely process automation, for some time – and many have been making them – but the DOL rule serves as yet another catalyst, especially for those companies that have been slow to act. See also: Stepping Over Dollars to Pick Up Pennies   Facilitating effective compliance Distribution traditionally has had little to no involvement in regulatory compliance, and the DOL rule represents a new challenge for most organizations. We recommend that compliance should:

1. Oversee distribution;
2. Provide quarterly “health checks” to the board of directors in to review compliance on a quarterly basis;
3. Maintain a traceability matrix that outlines key strategic and operational decisions related to rule requirements and thereby provides the company defensible documentation to minimize and mitigate losses.

Implications: Far beyond compliance As a result:

• The industry is likely to increase its already growing investments in and use of digital and online channels, including robo-advice.
• Some insurers are divesting their broker-dealers; as a result, we expect to see consolidation among smaller insurance broker-dealers, independent broker-dealers and regional brokerages over the next three years.
• The DOL’s move to increase transparency and eliminate conflicts of interest is helping drive convergence of regulation toward a broad fiduciary standard. Whether or not the SEC proposes to cover non-retirement accounts given the mandate for a federal uniform fiduciary standard under the Dodd-Frank Act, some fiduciary agents have already started to consider extending the DOL standard to an increased scope of accounts to avoid potentially awkward double standards for investors who hold both retirement and non-retirement accounts.

Regardless of political developments, we believe the rule’s core framework will remain intact. The industry has already made significant progress toward complying with it, and there is general recognition of the importance of removing conflicts of interest between financial advisers and retirement investors. As a result, financial advisers and firms should continue their work to meet the rule’s requirements.

Our first post covered the morning sessions on blockchain at the #CityChain17 event organized by MBN Solutions and held at IBM’s spacious SouthBank offices. Our next speakers focused more on applying the technology in your business. So, here are some more reflections from listening to those speakers, together with blockchain resources that I hope you’ll find useful. How to get from concept to implementation First up was Peter Bidewell (CMO of Applied Blockchain). Complementing the earlier technology detail, he unashamedly emphasized engaging the wider business, especially senior leaders (a popular topic for this blog). He emphasized that his firm was finding real business uses for the technology and that it specialized in the "smart contracts" capability of blockchain. The benefits of blockchain that he is seeing as more relevant for business clients are:

• Tamper-proof actions/events
• Peer-to-peer (avoiding cost of intermediaries)
• Innately secure (built-in encryption and consensus)
• Pre-reconciled data (automatically synchronized)
• Smart contracts

But to apply this technology in business he has found the company needed to develop a number of other augmentations/supporting capabilities. This includes a blockchain "mantle" with:

• Platform-agnostic implementation of blockchain
• Data-privacy "capsule" used within the chain
• Identity management service
• System performance improvements

See also: What Blockchain Means for Insurance   In addition to that "enhanced blockchain" capability, real world business applications have required a “full stack" of technologies:

1. Blockchain (of choice)
2. Mantle (the above enhancements)
3. Integration with other key business systems
4. Front-end (user experience, or UX)

Bidewell explained that a smart contract has nothing to do with replacing lawyers. Rather, it is a container of data and code (a block that can be placed on the chain/shared-ledger/network. It can contain:

1. Data
2. Permissions
3. Workflow logic
4. Token (if simulating passing of funds)

He finished by sharing some interesting applications. His company is working with Bank of America. Appii, Nuggets and SITA. The first of those is perhaps the most relevant for readers. BABB is to be the first blockchain-based bank, “an app store for banking.” The Appii pilot is also interesting, as it enables a sort of verified LinkedIn or CV (with qualifications/experience validated by providers). But the example that sticks in the memory best is real-time drone regulation for SITA; the world’s first blockchain-based registry of what all drones are: What’s the path to mainstream adoption? Acknowledging the emerging reality at this event (that commercial blockchain case studies are still in pilot stage), our next speaker shared his experience and thoughts on making greater progress. Brian McNulty is a founder of the R3 Consortium (mentioned in part one). This is the world’s largest blockchain alliance, with more than 70 major financial services firms and more than 200 software firms and regulators already members. R3 – Consortium Approach from R3 on Vimeo. What does R3 do? Well, apparently it collaborates on commercial pilots. It also provides labs and a research center to support organizations during their innovation. R3 has its own technology (R3 Corda implementation) and own "path to production" methodology. So, perhaps some resources worth checking out. Akin to what we have learned for customer insight and data science pilots, McNulty confirmed that the path to mainstream adoption will be a "burning platform." What story will make the case for such an unacceptable status quo that organizations must make the leap to blockchain (to avoid the flames)? He suggests a few pointers:

• Collaboration is increasing, adding complexity;
• The appetite of regulators in increasing, as they grasp the benefits of pushing for distributed ledgers as market solutions;
• More work is needed on standards (but the dust is settling, and competition is reducing)
• Will we get to cash on the blockchain? (probably more a move to digital assets on ledger being counted as monetary assets)
• The real burning platform will probably be increased operating costs (currently $2.6 trillion annually, with blockchain promising 20% savings)

Despite all that, McNulty confirmed that most businesses are still only at pilot stage. But, apparently, some FS firms are having IT developers trained en masse (so that blockchain can be considered as just another technology option to meet business requirements). Bursting the blockchain hype bubble Next was a man who should seriously consider a second career in stand-up comedy. Dave Birch is innovation director for Consult Hyperion. He gave a hilarious comedy session on the hype around blockchain. Using just genuine newspaper headlines, he revealed how blockchain is apparently the answer for every industry, transforming everything from banking to burgers and healthcare and ending global poverty. As an aside, he shared the amusing story of how Amex was conned during the “Great Salad Oil swindle” of 1963. He used that as analogy to the crucial issue of how not to get swindled by hyped blockchain claims. The key, it appears, is to always ask: What’s in the blocks? Birch also shared his four-layered model of a shared ledger:

1. Contract (smart contract built upon)
2. Consensus
3. Content
4. Communications (robust)

He described the lower three as a "consensus computer." He also introduced a taxonomy of blockchain implementations. This was divided into a simple binary tree built on two layers of questions:

• Is it a public or private ledger?
• Is it permissioned or double-permissioned?

If you think about it, a shared ledger is really a practical example of the much talked about RegTech. Dave pointed out that a shared-ledger solution would have uncovered the Great Salad Oil Swindle, because the macro production numbers would have been unbelievable. A lot of the hype is misguided, because blockchain can’t fix individual problems, but it can spot systemic errors. An interesting analogy he shared was an old idea of best way to avoid bank branch robberies. At the time when lots of architects were suggesting military-like protections for staff and vaults, one radical turn of the century designers suggested the opposite: a bank built mainly of glass. If everyone can see what is going on, the bank robber has nowhere to hide. That is the principle of blockchain, the power of radical transparency. So, businesses may get more value thinking how to radically redesign, rather than just reengineer, existing database solutions into a blockchain app. See also: Blockchain: What Role in Insurance?   Getting back to the customer benefit of blockchain Our final speaker brought us back to that emphasis during panel session – what is in it for the customer? (A topic that is preaching to the choir on this blog.) Peter Ferry, commercial director at Wallet Services, suggested that blockchain is gradually becoming an invisible technology option. The focus will return to customer needs and business requirements, with IT departments worrying about when blockchain is the right technology solution for needs. But when would it be relevant? How can blockchain make our lives simpler? As Ferry rightly pointed out, the development of the internet and today’s digital applications should be a warning. Mostly, digital technology has not made our lives simpler; if anything, they are more complex and demanding. The internet has developed differently than was originally dreamed (distributed and robust network for military purposes). Blockchain can potentially do a lot for customers, including: security by default, sovereignty of their own data and no single point of failure. Customer-focused design principles have to be applied to this enabling technology to deliver real value. So, there is a strong case for customer insight teams to partner with blockchain development teams to help enable this. For its part, Wallet Services used this event to launch its enabling technology. SICCAR can be thought of as Blockchain as a Service, including APIs, services and pre-fabricated business use cases. Might be worth checking out: How will you approach the potential of blockchain for your business? I hope this post was also useful, giving you food for thought and some useful resources/contacts. Where are you on this journey? Are you still learning about blockchain? Do you have plans to partner with blockchain development team? Are you already using customer insight to guide blockchain pilots? If so, please let us know what’s working for you or any pitfalls to avoid (using the comments section below).

Interest in insurtech grew substantially during 2016. Many traditional insurance companies have been hampered by legacy IT systems and regulatory transformation programs which means there have been limited funds to invest in innovation. This has left the industry somewhat behind others in the financial services sector, making the industry ripe for disruption. - KPMG - The Pulse of Fintech Q4 2016 Report.

Insurtech is an industry that is growing very quickly. In fact, between 2017 and 2020, the insurtech field is projected to grow 10% every single year. This growth is being fueled by the fact that insurance technology is rapidly improving, and the technology has tremendous benefits for insurers and policyholders alike. As the insurtech industry grows, some key trends have started to emerge. These trends will affect how the insurance industry as a whole progresses in the coming decade. Here are five of the top insurtech trends to watch out for in the remainder of 2017. Strong Investment In 2014, insurtech investment was $800 million. By 2015, this number surged to $2.6 billion. Because insurtech is undergoing strong growth, and it is still a very new sector, there will most likely be many more investment opportunities. In fact, KPMG notes that it expects investment interest in insurtech to remain "hot" throughout all areas of the world in 2017. See also: 10 Trends at Heart of Insurtech Revolution   Privacy Many new insurtech companies rely on customer data to provide key insights that can help insurers. While being able to analyze data can be extremely beneficial from an insurer’s standpoint, many customers are likely to continue to be wary about giving away any private information. To address this concern, insurtech startups are enhancing privacy features and security. This is particularly true as the insurtech sector begins to intersect with the health industry. Heavier IoT Use The internet of things, or IoT, is being used more and more in insurtech. In fact, in 2016, the IoT and AI combined accounted for 44%  of all insurtech investments. This is because insurance companies thrive on data, and the IoT provides opportunities for many brand new types of data to be collected. The IoT also has the potential to be useful in a wide range of insurance niches. For example, it can be useful in auto insurance, health insurance and home insurance. Artificial Intelligence As AI and machine learning technology develop, they continue to become more and more useful in many different industries. Insurtech is no exception. In fact, many insurtech companies are now starting to use AI and machine learning to advance their data gathering and analytics protocols. One company, Fokuku Mutual Life Insurance, even replaced 34 workers with AI. Throughout 2017, AI is likely to continue growing into a stronger force in the insurtech world as it helps to make companies more efficient and streamlined. See also: Top 10 Insurtech Trends for 2017   Cost-Saving Solutions Through digitization and automation, many processes and functions of insurance companies are becoming cheaper and more efficient. For example, one solution called CynoClaim, by Outshared, is enabling 60% of claims to be managed automatically. Now that's impressive! Such solutions can result in dramatic cost savings for businesses in the insurance industry. Because there is so much to gain from solutions like this, it is very likely that insurtech cost-saving solutions will continue to be invested in for the rest of 2017. Through these insurtech trends, the insurance world is undergoing a disruptive modernization. The old ways of conducting business in the insurance industry are being replaced with digital and consumer-centered practices. Technology is the key that has unlocked all of these changes. For the remainder of 2017 and beyond, insurance is likely to become better, cheaper and more precise. It is a very exciting time for all of us in the insurance and insurtech industries!

The April 2017 issue of Business Insurance Magazine features a cover story on the retail industry, and how the move to e-commerce is changing the risks faced by the insurance industry. The articles include “Retail caught flat footed by e-commerce,” and “Web revolution creates new era for retail risk management.” It is remarkable that both the retail industry and the insurance industry seem to be taken by surprise at the advance of online shopping. This is especially puzzling because the handwriting has been on the wall for so long that it is beginning to fade away. What are the lessons for the insurance industry today in a world where digital change is affecting every industry?

Before answering that, it’s a good idea to brush up on the history of e-commerce. The ability to shop and purchase items online began to appear in the mid- to late 1990s with the initial internet boom. In the early days, anyone who could put up a website thought they could reach the whole world and become rich and famous overnight. Thousands of those early web businesses achieved rapid valuations based on inflated expectations and then crashed and burned in spectacular fashion during the Internet bust of the early 2000s. But others were very successful and began to eat away at the business of the traditional “brick and mortar” retailers. Of course, Amazon.com is the most famous, starting in 1994 and selling its first book online in 1995. Although the company did not have a yearly profit until 2004, its growth in those early years was phenomenal, and there was little doubt that it would become a major force in retail.

See also: Why AI Will Transform Insurance  

I could enumerate many examples of e-commerce successes and failures, but the point is that the move to e-commerce has been gaining steam for more than 20 years, putting a number of household names out of business along the way (think Borders, Circuit City). Many others filed for bankruptcy or were acquired at bargain basement prices. Many retailers have been closing stores and trying to revamp their business models for a decade or more (Sears, J.C Penney, Macy’s). And a wave of local retailers have found it difficult to compete with big online retailers.

The Business Insurance articles do a nice job of describing the implications for the insurance industry and retail risk managers of this transition to e-commerce, identifying how the movement changes the risk landscape. The main question is, what took everyone so long to realize that online shopping would have a transformative effect on the retail industry? It did not happen overnight, and the implications could have been foreseen and planned for long ago. To be sure, some retailers and some insurers were forward-thinking and adjusted for the transformation, but far too many were blindsided, as indicated in the articles. What does this mean for insurers today?

Besides the changing nature of retail and the companies populating the space, commercial lines insurers should focus a critical eye on every industry segment they serve. Today, the pace has quickened, and a wide range of emerging technologies, societal trends and demographics are causing upheaval in every industry. For example, the transportation sector faces issues such as autonomous vehicles, ride sharing, vehicle electrification and new transportation technologies – developments that are sure to completely reshape that industry sector. Similar cases can be made for change in manufacturing, energy, entertainment, travel and other industries. This time around, those industries and their insurer partners will not have 20 years to monitor developments. Many of these industries are likely to see substantial changes within the next three to five years. The changes to products, business models, companies and industry structure will, in some cases, dramatically change risks. For some, new technologies and solutions will enable very significant reductions in risk, and for others, new risks will emerge.

See also: A Gap That Could Lead to Irrelevance  

The main messages for insurers are these: Don’t be complacent. Don’t assume this is all hype and will never happen. And don’t assume that you will be retired before any of these transformations take hold. Plan and prepare now, seizing the opportunities to succeed in the digital age.

Last week, we discussed a major strategy issue for insurers: What happens when we have the knowledge to move forward but are stymied by a Knowing/Planning/Doing gap? It can be difficult for insurers to get from the point of knowing to the point of planning, let alone doing. We dipped into a relevant book by Stanford professor Jeffery Pfeffer, titled, The Knowing-Doing Gap: How Smart Companies Turn Knowledge Into Action. And we drew on Majesco’s findings in our most recent thought leadership paper, Strategic Priorities 2017 — Knowing vs. Doing. So, if insurers know what needs to be done and aren’t doing it, what is standing in their way? Is it possible that the organization has built its own barriers to progress? Recognizing harmful habits Habits rule our individual lives. While there are many factors and hypotheses about why we don't do what we know we should, the root cause can be viewed by looking in the mirror.  Human decisions and behaviors are powerfully driven by habits. Throughout our evolution, we have relied on habits for things as vital as our survival and as mundane as accomplishing daily tasks. Our brains are constantly making countless decisions and processing from an endless flow of information in our environments. In his book, The Power of Habit, Charles Duhigg says scientists believe habits form as a way for the brain to save energy or effort.  A habit is created and maintained through a three-step process, or “loop.” It starts with a Cue, a trigger that tells the brain which behavior pattern to use, followed by a Routine, which is the physical, mental or emotional response to the cue, and then the Reward, which helps the brain decide if the particular loop was beneficial and should be remembered for future use. Once a loop is repeated enough times with a favorable outcome, it becomes more automatic … a system with straight-through processing. In this way, habits are good things. They promote efficiency. They aid in quick decisions. They become rules we can count upon. The downside is that with continued repetition, habits become more ingrained and harder to change. And just like individuals, organizations are driven by habits. Duhigg puts it this way: “It may seem like most organizations make rational choices based on deliberate decision making, but that’s not really how companies operate at all. Instead, firms are guided by long-held organizational habits, patterns that often emerge from thousands of employees’ independent decisions. And these habits have more profound impacts than anyone previously understood.” We often hear, “It’s always been done this way.” This is the death for innovation … something not needed in today’s world of change and disruption. See also: Getting Culture Right: It Starts at the Top Habits can speed up decisions and operational tasks, but they can lead to the same problems that we know as “bad habits.”  Majesco’s Strategic Priorities research suggests many insurance companies are stuck within long-held organizational habits, finding it difficult to change even when they know customer expectations, technology and market boundaries are changing the world around them. This challenge of knowing versus doing is represented in Figure 1, which links the forces of change iden­tified in Majesco’s Future Trends 2017: The Shift Gains Momentum report with the reality of how insurers are responding, both in terms of planning as well as doing. This highlights a significant gap. In addition, those initiatives where insurers are actually doing something tend to be those that are traditional areas of priority and understanding, like security, talent and legacy system replacement rather than those that are transformational and require new thinking, different approaches and different business models. Look around within the organization, and there may be hundreds of habits that are carryovers from past processes that once had good reasoning. In one insurer, for example, a certain type of claim is always sent to the legal team for review before settlement because one time (a long time ago) the lack of review resulted in litigation. Since that time, policy language has changed, and similar litigation is rare. But the review is a habit that has stayed in place. If the organization can remove the review, many more claims could be automated. It’s a hurdle worth moving. A Way Forward to Doing Duhigg describes two approaches for changing harmful organizational habits so that beneficial change can take place. The first involves the implementation of and commitment to a small number of “keystone habits” by company leadership.  A keystone habit is one that has a ripple effect on other habits that, over time, can transform the company. Implementing the keystone habit leads to improvements in other areas, much like a habit of exercising has been shown to lead to other positive habits like better eating and increased productivity. To illustrate this, Duhigg described how Paul O’Neill’s singular focus on improving worker safety at Alcoa during his tenure as CEO rippled through the company’s other processes and ended up transforming it from a struggling, dysfunctional company into an economic powerhouse. The second approach is to wait until a crisis occurs and use it to shock the organization into change. While effective, waiting for a crisis certainly seems like a less desirable option. But sometimes it takes a major failure to motivate organizations to change their old, established ways of doing things. In fact, Duhigg notes that good leaders seize crisis “opportunities” to remake organizational habits, and some even prolong the sense of emergency on purpose. See also: A Gap That Could Lead to Irrelevance   The insurance companies that are not yet acting on the changes, or that don’t act soon, unfortunately may find that the gap between them and the leaders may become too large to be overcome. It’s best to weed out detrimental habits and make room for growth. In our last blog in the series, we’ll look at some practical ways that insurers are closing the growing gap between knowing and doing. We’ll also look at the myth of stability that keeps insurers from taking much needed risks to build a secure future. In the meantime, be sure to read Majesco’s recently released report, Strategic Priorities 2017 — Knowing vs. Doing.

Bill Gates famously said that we always overestimate the amount of change that will occur in the next two years and underestimate the change that will occur in the next 10. Looking back 10 years, we find a world devoid of iPads, iPhones, mobile apps, big data technologies, the Internet of Things, viable driverless cars or even social media beyond a niche early adopter group. We also find a world without direct online sales of commercial insurance, without persistent low interest rates, without widespread use of catastrophe bonds and without VCs who could spell "insurance." But while most insurers believe that massive changes may occur in the next decade, few believe that the next two years will be substantially different from the last two when it comes to the need for significant product changes, the impact of predictive analytics or the threats of new digital distributors. Insurers devote less than one cent of each premium dollar today to transforming their technology capabilities to thrive in the next decade. Insurers Making Technological Progress Although technology spending is essentially flat, and less than a quarter of it is spent on transformational initiatives, on average, insurers are making progress. Use of predictive analytics is growing, and 18% of insurers believe it will have a materially positive effect on their business this year. Big data technology is expanding, as well, even though it continues to be directed not at big data sets but at solving enterprise data problems. And 10% to 20% are already embracing machine learning to improve their rating algorithms. Other AI usage is still in the potential stage, with insurers exploring the possibilities of leveraging machine vision for property underwriting and claims, and natural language processing for customer service. Digital investments continue, even if there is still little agreement about what constitutes a “digital strategy” for insurers. Portals are enhanced, and mobile is deployed as carriers seek to better engage their customers, distributors and other stakeholders. See also: 10 Trends at Heart of Insurtech Revolution   Core system replacements are still painful and expensive but necessary to enhance the speed of product launches, improve digital service and data accessibility and reduce technical risk. Insurers have a new willingness to consider cloud-based core systems, with 20% already having deployed some core capabilities in a cloud environment and the same number planning pilot programs this year. The maturity of cloud providers and the growing awareness of their own limitations are mitigating carriers’ security concerns. Security, meanwhile, continues to consume 10% of IT budgets, with no end in sight, and additional regulatory requirements add compliance pressure to certify procedures and formalize CISO roles. A boom in analytics and digital across multiple industries is making it harder for insurers to find and retain IT talent, which is driving new strategies, from partnering with colleges and universities to develop new sources of talent to improving ease of employee return, to reacquire experienced staff. With flat resources and burgeoning needs, 40% of insurers are improving governance to make sure resources are allocated effectively and aligned with strategy. Laying Bare the Underlying Structure of the Insurance Industry Meanwhile, improved technology lays bare the underlying structure of the insurance industry. It’s not only distributors standing between insureds and primary insurers that are intermediaries facing the threat of disintermediation—it’s every link in the value chain between people or organizations with risk and pools of capital willing to take on that risk for a profit. This means primaries and reinsurers, as well. Alternative distribution, distributor-developed programs, reinsurer-funded insurtech startups and catastrophe bonds and other risk derivatives all threaten the traditional insurance value chain. All of these stem from the technology-enabled democratization of the ability to analyze, package and transfer risk. At the same time, technology offers the opportunity to ask new questions about the structure of insurance offerings. Is there any reason why minimum required coverage should be sold in all cases bundled with additional coverages, advice, service and risk management? Insurers are finding that some market segments prefer only one or two of these, while there are additional opportunities to monetize some of these offerings separately. Many insurers are unsettled by the emergence of well-funded insurtechs, whether they are new competitors or providing enhanced capabilities to existing competitors. Despite the billions invested, insurtechs will not put major insurers out of business or radically transform the market in the next two years. Many will not even be in business in two years. The Imperative to Learn from Insurtech However, insurtechs will raise the bar on customer experience and process efficiency, as well as on the use of analytics to drive product and processes. They will show insurers how to expand the market by profitably serving underserved segments, and demonstrate how to incorporate emerging technology into key business processes. Insurers that do not learn from insurtech will lose out to those that do. In part driven by the example of insurtechs, insurers are expanding their own formal innovation programs. These may take the form of a small group of educators and evangelists within the company, a dedicated R&D organization with a fully equipped lab and a protected budget or direct investing in startups. See also: Insurtech: Unstoppable Momentum   Two Ingredients of Successful Innovation Whatever innovation path insurers take, the primary determinant of success is the CEO’s and business unit leaders’ commitment to operationalize innovations, and their tolerance for the risk of failure. Without these two ingredients, insurers may perform “innovation theater” but are unlikely to benefit from any discoveries, and are unlikely to be prepared when the next decade of change sneaks up on them.

There are several seminal moments when I first experienced something that forever changed the trajectory of my life: --While senior director of research and development at ACORD in 1992, I worked with New Science, a research firm. The insurance industry was heavily investing in the development of AL3 batch data standards via point-to-point dial-up connections. New Science, however, was looking way down the path toward global, online, real-time transactions through a single network connection. Working with New Science was the first time I heard the word "internet." --I distinctly remember walking through the Indianapolis airport and seeing someone holding a “brick” next to his head. It was the first time I saw a mobile phone in operation, a Motorola Dynatic 8000X. Priced at $3,995 and weighing in at 28 ounces, the phone took roughly 10 hours to take on a full charge and offered only about 30 minutes of talk time on a highly limited analog network. Some of us remember running off airplanes to banks of payphones to check voice mail and to make calls between connections. Now it’s almost impossible even to find a pay phone. --My first date with Mary Ann Hildebrand was Oct. 9, 1971. Game 1 of the 1971 World Series featured the Pittsburgh Pirates against our hometown favorites, the Baltimore Orioles. A week later, I held her hand and kissed her for the first time. And, after 41 years of marriage, the rest is history, as they say. I also clearly remember listening to and meeting Thornton May in 1992 after his scathing commentary, “Luddism Looms Large,” appeared in ComputerWorld. It was the first time I heard the term "Luddite." The term goes back to followers of Ned Ludd, the late 18th century British antitechnology leader who protested the replacement of human labor and skill with machines. Ludd energized a movement throughout the textile industry as his followers protested by destroying machines and property. Luddism today is a more general term for those who are opposed to technology change. See also: Key to Digitizing Customer Experience   When it comes to online verification, the insurance industry is filled with Luddites, compared with other industries. Every time an insurance policy or business relationships changes anywhere in the world, verification of insurance and compliance checking is required. This should happen digitally, right? In this day and age.... Instead, verification is delivered via a form, whether paper, fax or PDF. All have the same problem: The information in them is as of a point in time. The information is locked, and the receiver can't do anything with it. Compare that with these industries:

• To verify stock price information, you don’t have someone send you a form saying what it was last week or last month. You don't even have to log onto the individual company websites, or have to go to the NYSE or NASDAQ. You just search for the company, and you see today’s price as it dynamically changes, in addition to historical pricing and a raft of other information.
• To verify the status of a flight, you don’t have to log onto the individual airline websites. You just search for the airline and flight number and you see the schedule, if it’s on time in addition to city and gate information.
• To verify my ability to pay, no one takes impressions of credit cards anymore. I do not show paper or PDF versions of my three-month-old credit card or bank statements to prove that I can pay. Nor does anyone take a picture of a check, my face and driver's license. Someone I'm paying reads my card or check electronically, automatically verifying that funds are available.

I was reminded of this on my most recent speaking engagement. At 4 a.m., I arrived at my destination city. I stepped into a cab and was efficiently whisked away to my meeting location. Cabs no longer take a physical impression of my credit card. Instead, my card with an onboard chip was inserted, read and charged. Boom! Verified. Unlike other industries that have online verification available, today’s convoluted and wildly expensive verification of insurance is a vortex of manual effort, paper, email, faxes and procedures. Data is both late and locked in certificate forms (paper or PDF). To begin getting our arms around the size of this opportunity, here are three sets of statistics to reflect on:

• $1 trillion-plus of vehicle loans in the U.S. require verification at least once a year -- twice a year if the policy is six months, and perhaps 12 times a year if the insured is paying monthly.
• 1.2 million companies with 28.8 million commercial trucks and 3 million drivers provide forms as proof of insurance. How many do you think are out of date? Fraudulent?
• 42.6 million independent contractors provide form-driven proof of insurance when they bid on a job.

Companies that receive data on forms have no assurance that the information is real or accurate or complies with their needs. Even with extensive and expensive manual checking, no one really knows if the data on the form is valid. We have an expensive, lose-lose proposition. Trying to fix the problem by addressing the form is like trying to fix cigarettes with a new type of cigarette. Problems with the underlying technology preclude a solution. See also: Secret to Finding Top Technology Talent   When a form-based proof/certificate of insurance is shared today, no one asks for a non-disclosure. There is also no password or encryption beyond the PDF format. Insurance rates, rules and forms are filed and approved by state agencies, which by nature make them available to the public. You can also go to web sites to search and view insurance carrier forms. Insurance verification is not just at origination or signing of a contract. Insurance verification is continuous. Once it goes on, it goes on and on.

The $2.5 million payment and corrective action plan that the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) required for CardioNet to settle potential charges of noncompliance with the Health Insurance and Portability Act (HIPAA) Privacy and Security Rules contains many important lessons for other healthcare providers, health plans, healthcare clearinghouses (Covered Entities) and their business associates. A remote cardiac monitoring provider, CardioNet is paying the $2.5 million settlement payment and implementing a corrective action plan to settle potential OCR charges it violated HIPAA by impermissible disclosure of unsecured electronic protected health information (ePHI). The first OCR HIPAA settlement involving a wireless health services provider, the CardioNet Resolution Agreement and Corrective Action Plan (Resolution Agreement) announced by OCR on April 24, 2017, adds to the rapidly growing list of announced OCR HIPAA enforcement actions that clearly show all covered entities and their business associates the substantial enforcement liability risks of failing to finalize and actually adopt, implement, administer and maintain the necessary HIPAA Privacy and Security policies and procedures required by HIPAA as well as some of the steps OCR expects to fulfill these requirements. CardioNet OCR Investigation and Resolution Agreement As has become increasingly common in recent years, the CardioNet settlement arose from concerns initially brought to OCR’s attention in connection with a HIPAA breach notification report. On Jan. 10, 2012, OCR received notification from the provider of remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias that a workforce member’s laptop with the ePHI of 1,391 individuals was stolen from a parked vehicle outside of the employee’s home. CardioNet subsequently notified OCR of a second breach of ePHI 2,219 individuals. The facts outlined in the resolution agreement highlight compliance weaknesses existing in the operations of many HIPAA covered entities and business associates. According to the resolution agreement, OCR’s investigation in response to these breach reports revealed a series of continuing compliance concerns, including:

• CardioNet failed to conduct an accurate and thorough risk analysis to assess the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI and failed to plan for and implement security measures sufficient to reduce those risks and vulnerabilities;
• CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented;
• CardioNet was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices;
• CardioNet failed to implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of its facilities, the encryption of such media, and the movement of these items within its facilities until March 2015; and
• CardioNet failed to safeguard against the impermissible disclosure of protected health information by its employees, thereby permitting access to that information by an unauthorized individual, and failed to take sufficient steps to immediately correct the disclosure.

See also: Healthcare Buyers Need Clearer Choices To resolve these OCR charges, CardioNet agrees to pay $2.5 million to OCR and implement a corrective action plan. Among other things, the corrective action plan requires CardioNet to complete the following actions to the satisfaction of OCR:

• Prepare a current, comprehensive and thorough risk analysis of security risks and vulnerabilities that incorporates its current facility or facilities and the electronic equipment, data systems and applications controlled, currently administered or owned by CardioNet, that contain, store, transmit, or receive electronic protected health information (“ePHI”) and update that risk analysis annually or more frequently, if appropriate in response to environmental or operational changes affecting the security of ePHI.
• Assess whether its existing security measures are sufficient to protect its ePHI and revise its risk management plan, policies and procedures and training materials and implement additional security measures, as needed.
• Develop and implement an organization-wide risk management plan to address and mitigate any security risks and vulnerabilities found in the risk analysis as required by the risk management plan.
• Review and, to the extent necessary, revise, its current security rule policies and procedures based on the findings of the risk analysis and the implementation of the risk management plan to comply with the HIPAA Security Rule.
• Provide certification to OCR that all laptops, flashdrives, SD cards and other portable media devices are encrypted, together with a description of the encryption methods used.
• Review and revise its HIPAA security training to include a focus on security, encryption and handling of mobile devices and out-of-office transmissions and other policies and practices required to address the issues identified in the risk assessment and otherwise comply with the risk management plan and HIPAA train its workforce on these policies and practices.
• Investigate all potential violations of its HIPAA policies and procedures and notify OCR in writing within 30 days of any violation.
• Submit annual reports to OCR, which must be signed by an owner or officer of CardioNet attesting that he or she has reviewed the annual report, has made a reasonable inquiry regarding its content and believes that the information is accurate and truthful.
• Maintain for inspection and copying, and provide to OCR, upon request, all documents and records relating to compliance with the corrective action plan for six years.

Implications of CardioNet and Other HIPAA Enforcement For Covered Entities and Business Associates The CardioNet resolution agreement contains numerous lessons for other covered entities and their business associates, including:

• Like many previous resolution agreements announced by OCR, the resolution agreement reiterates the responsibility of covered entities and business associates to properly secure their ePHI and that as part of this process OCR expects all laptop computers and other mobile devices containing or with access to ePHI will be properly encrypted and secured.
• It also reminds covered entities and their business associates to be prepared for, and expect an audit from, OCR when OCR receives a report that the organization experienced a large breach of unsecured ePHI.
• The resolution agreement’s highlighting of the draft status of CardioNet’s privacy and security policies also reflects that OCR expects covered entities to actually finalize policies, procedures and training for maintaining compliance with HIPAA.
• The discussion and requirements in the corrective action plan relating to requirements to conduct comprehensive risk assessments at least annually and in response to other events, and to update policies and procedures in response to findings of these risk assessments also drives home the importance of conducting timely, documented risk analyses of the security of ePHI, taking prompt action to address known risks and periodically updating the risk assessment and the associated privacy and security policies and procedures in response to the findings of the risk assessment and other changing events.
• The requirement in the resolution agreement of leadership attestation and certification on the required annual report reflects OCR’s expectation that leadership within covered entities and business associates will make HIPAA compliance a priority and will take appropriate action to oversee compliance.
• Finally, the $2.5 million settlement payment required by the resolution agreement and its implementation against CardiNet makes clear that OCR remains serious about HIPAA enforcement.

While the $2.5 million settlement payment sends a strong message about the risks of violating HIPAA by itself, this lesson takes on even greater significance when considered in light of OCR’s January 2017 announcement of its imposition of another HIPAA civil monetary penalty against Children’s Medical Center of Dallas and the growing list of expensive settlement payments that OCR has exacted from other covered entities wishing to avoid CMPs for their alleged HIPAA violations. In January 2017, for instance, OCR announced Children’s paid a $3.2 million CMP assessed by OCR for failing to adequately secure electronic protected health information (ePHI) and correct other HIPAA compliance deficiencies that resulted from its failure to take appropriate, well-documented actions to timely to secure ePHI on systems and mobile devices and other actions needed to comply with other HIPAA privacy or security requirements. Of course, covered entities and business associates need to keep in mind that that actions and inactions that create HIPAA liability risks also carry many other potential legal and business risks. For instance, since PHI records and data involved in such breaches usually incorporates Social Security Numbers, credit card or other debt or payment records or other personal consumer information, and other legally sensitive data, covered entities and business associates generally also may face investigation, notification and other responsibilities and liabilities under confidentiality, privacy or data security rules of the Fair and Accurate Credit Transaction Act (FACTA), the Internal Revenue Code, the Social Security Act, state identity theft, data security, medical confidentiality, privacy and ethics, insurance, consumer privacy, common law or other state privacy claims and a host of other federal or state laws. Depending on the nature of the covered entity or its business associates, the breach or other privacy event also may trigger fiduciary liability exposures for health plan fiduciaries in the case of a health plan, professional ethics or licensing investigations or actions against health care providers, insurance companies, administrative service providers or brokers, shareholder or other investor actions, employment or vendor termination or disputes and a host of other indirect legal consequences. See also: Healthcare Disruption: Providers Are Making Newspaper Industry Mistakes   Beyond, and regardless of the technical legal defensibility of its actions under these and other laws, however, the most material and often most intractable consequences of a HIPAA or other data or other privacy breach report or public accusation, investigation, admission also typically are the most inevitable:

• The intangible, but critical loss of trust and reputation that covered entities and business associates inevitably incur among their patients, participants, business partners, investors and the community; and
• The substantial financial expenses and administrative and operational disruptions of investigating, defending the actions of the organization and implementation of post-event corrective actions following a data or other privacy breach, audit, investigation or charge.

In light of these risks, covered entities business associates and their management should use the experiences of CardioNet and other covered entities or business associates caught violating HIPAA or other privacy and security standards to reduce their HIPAA and other privacy and data security exposures. Management of covered entities and their business associates should take steps to ensure that their organizations policies, practices and procedures currently are up-to-date, appropriately administered and monitored, and properly documented. Management should ensure that their organizations carefully evaluate and strengthen as necessary their current HIPAA risk assessments, policies, practices, record keeping and retention and training in light of these and other reports as they are announced in a well-documented manner. The focus of these activities should be both to maintain compliance and position their organizations efficiently and effectively to respond to and defend their actions against a data breach, investigation, audit or accusation of a HIPAA or other privacy or security rule violation with a minimum of liability, cost and reputational and operational damages. As the conduct of these activities generally will involve the collection and analysis of legally sensitive matters, most covered entities and business associates will want to involve legal counsel experienced with these matters and utilize appropriate procedures to be able to use and assert attorney-client privilege and other evidentiary privileges to mitigate risks associated with these processes. To help plan for and mitigate foreseeable expenses of investigating, responding to or mitigating a known, suspected or asserted breach or other privacy event, most covered entities and business associates also will want to consider the advisability of tightening privacy and data security standards, notification, cooperation and indemnification protections in contracts between covered entities and business associates, acquiring or expanding data breach or other liability coverage, or other options for mitigating the financial costs of responding to a breach notification, investigation or enforcement action.

A friend of mine asked me if the cyber-risk threat was a bit of flimflam designed to sell more insurance policies. He compared cyber-risk to the Red Scare of the 1950s, when families scrambled to build bomb shelters to protect them from a war that never came. The only ones who got rich back then were the contractors, he concluded. I found his question incredible. But I realized that he didn’t work in the commerce stream, per se, which quelled my impulse to slap him around. See also: 3 Things on Cyber All Firms Must Know   I shared with him some statistics that sobered him up quickly. I explained that cyber-crime costs the global economy more than $400 billion per year, according to estimates by the Center for Strategic and International Studies. Each year, more than 3,000 companies in the U.S. have their systems compromised by criminals. IBM reports more than 91 million security events per year. Worse yet, the Global Risks 2015 report, published in January by the World Economic Forum (WEF), included this rather stark warning: “90% of companies worldwide recognize they are insufficiently prepared to protect themselves against cyber-attacks.” Cyber protection is not just about deploying advanced cyber threat technology to manage risk; you also have to educate your employees to not fall victim to unassuming scams like “phishing,” which is stealing private information via e-mail or text messages. It remains the most popular con as far as stealing company data because it’s so painfully simple. Just pretend to be someone else and hope a few people fall for it. While most people understand the threat to data privacy for retailers, hospitals and banks and other financial institutions, few realize that manufacturers are also vulnerable in terms of property damage and downtime. In 2014, a steel manufacturing facility in Germany lost control of its blast furnace, causing massive damage to the plant. The cause of the loss was not employee error, but rather a cyber-attack. While property damage resulting from a cyber-attack is rare, the event was a wake-up call for manufacturers worldwide. According to The Manufacturer newsletter, “the rise of digital manufacturing means many control systems use open or standardized technologies to reduce costs and improve performance, employing direct communications between control and business systems.” This exposes vulnerabilities previously thought to affect only office computers. In essence, according to The Manufacturer, cyber attacks can now come from both inside and outside of the industrial control system network. See also: Now Is the Time for Cyber to Take Off   Manufacturers also need to be concerned about cyber attacks that would: a) interrupt their physical supply chain or, b) allow access to their system via the third-party vendor. Manufacturers must then take steps to mitigate those risks. When Target and Home Depot were hacked several years ago, it wasn’t a direct attack on them but an attack on one of their third-party vendors. By breaching the vendors’ weak cyber security, the criminals were able to access the larger prize. To circle back to my friend’s weird fallout-shelter theory, it’s certainly a good idea to have a backup plan in case one is hit by a proverbial “cyber-bomb.” But rather than hunker down and wait for the attack to occur, it’s critical to educate employees, vet vendors’ cyber-security and adopt -- and continuously optimize -- a formal cybersecurity program.

How often is a representative of our industry asked to weigh in on a pressing issue of the day? The answer is: rarely, if ever. Within our culture, thought leadership and the insurance industry are rarely intertwined. Thought leaders are sought out for their opinions and ideas. They are experts in their field who can see the “bigger picture” on issues important to many. College professors, politicians, editorial writers and financial analysts are some of the professionals in which thought leadership seems to most comfortably reside. The reasons behind our exclusion, I suppose, are varied. Perhaps most people are unaware of the nature and impact of the industry on their daily lives -- "out of sight, out of mind.” It also easy for industry executives to lose sight of the forest for the trees. Each insurance policy we negotiate on behalf of our clients must be carefully constructed to cover a myriad of conceivable risks. One missing word or poorly constructed sentence will result in a potentially devastating claim rejection. A requisite focus on detail can crowd out the bigger picture. See also: Thought Leader in Action: At Walmart   We are the equivalent of firewatchers. Business owners depend on us to identify, root out and transfer risk in a number of ways. Our constant state of heightened wariness has a leveling effect. For many of us “firewatchers,” small things matter a great deal— a shift in the winds, a dry summer or an untended campfire or a change in claims management, carrier appetite or operations. To live in the moment and be aware of the need to be diligent now does not allow for the forward-looking characteristics normally reserved for someone considered to be a thought leader. Young people searching for a career rarely associate the words "exciting," "challenging" and "stimulating" with the insurance industry. A young insurance producer is never the lead in a TV drama and certainly not a sitcom. Of course, perception is only a piece of the puzzle. The ideal skill set demanded for an insurance professional may discourage young people who view being a thought leader as a career goal. Yet, any modestly observant and well-read person can see a great deal is happening in the world and in our business. The rapidly shifting landscape requires muscular thought leadership from insurance professionals—not one, but many. One of the many issues we as an industry face is the perception of being slow to change, to adapt and “flex” when necessary. A cursory review of some of the recent system combinations in the industry reveal just how inflexible we are in modifying how we do what we do. CFO Magazine’s recent article titled “Insurance’s Innovation Gap” (April 3, 2017, by David Katz) was not flattering. The mounting challenges of cyber security, alone, demand herculean thought leadership. Although nearly every nonprofit and commercial organization would benefit from the addition of cyber liability coverage to its insurance portfolio, many do not have this coverage. We believe they do not fully appreciate the potentially ruinous risks or are perhaps waiting for some bellwether event to push them into a purchase. It is our job as risk managers and insurance professionals to identify and negotiate adequate coverages, build a persuasive sales argument and successfully communicate it. Of course, even as we take the lead in managing current cyber risks, new and heightened risks are evolving. Thought leadership must look ahead to evolving cyber threats and begin to formulate a risk management response. Emerging artificial intelligence applications also require strong thought leadership from the risk perspective. As many are working to make the wildest dreams of this technology reality, insurance industry professionals must be equally imaginative in analyzing emerging risks and developing coverages to mitigate and transfer these risks. As the gig economy (the economy centered on short-term contracts) spreads through wide swaths of the commercial landscape, insurance industry professionals must provide the thought leadership required to manage emerging risks. The speed with which the gig economy is advancing only adds to the urgency. While Uber was founded only eight years ago, it now operates in 570 cities worldwide. The breadth of the gig economy also calls for thought leadership. The simple risks posed by dog walking apps, for example, are as new as morning. The risks to both those who walk and own the dogs are as numerous as the minutes in the rest of the day. The promise of driverless cars challenges our thought leadership in more than one way. Assurances regarding the safety of this technology notwithstanding, there will be a place for risk management. Insurance industry professionals must identify and evaluate the risks, while developing appropriate coverages. As an industry, we must also prepare for potential lost revenue as safe technology takes the seats formerly occupied by accident-prone drivers. Drone sales are expected to nearly triple from 2.5 million in 2016 to 7 million in 2020, the FAA said last year. Without getting fancy about it, risks and claims stemming from drone sales will also likely nearly triple in these four years. Thought leadership must anticipate the type and extent of these risks, while calculating the cost of the claims. Discussions of drones may also lead to the perils of terrorism. As events in Europe demonstrate, terrorists are prepared to turn even motor vehicles into weapons. These acts appear to be random and are exceedingly difficult to predict. Thought leadership is required to mitigate the unknown risks—a very tall order—and anticipate the claims. It is not something we as an industry can do alone, but we must be active participants when the solving begins. See also: Thought Leader in Action: At Starbucks   The new administration in Washington also calls for thought leadership. As rules regarding the internet, the environment, healthcare and so much more shift, the insurance industry must provide thought leadership to insureds who are affected by these changes. As a general principle, the insurance industry must take a seat at the table. There are many moving pieces in any functioning society. These include technology, human capital, innovation, infrastructure, transportation, public utilities and hundreds more. Risk is not simply one of the moving pieces; it is a major component running through all of them like a coil of rope. This is our area of expertise. It is where our thoughts must be heard. This article was originally published at Carrier Management.