PwC U.S. risk and capital management leader Henry Essert and PwC global insurance regulatory director Ed Barron recently sat down to discuss the proposed International Capital Standards (ICS) for insurers. They addressed at length what the ICS is and what it could mean to insurers. Here are their thoughts on the standard, as well as some background information on capital management and related issues in the insurance industry.

1. Why have an ICS?

The ICS is about creating a consistent capital measure across globally active insurers and is being promoted as a solution for group-wide supervisors to better manage capital allocation around an international business. Insurers generally have developed their own capital standards, and what they have developed applies globally across groups. However, regulators need a capital measure to oversee insurers, and most of the regulatory measures are at the legal-entity level. During the last financial crisis, problems arose when parts of a troubled financial institution fell through a regulatory crack. Even before that, many insurance regulators were concerned that they did not have a good picture of companies as a whole because capital is measured differently in different jurisdictions. This makes it hard for a supervisory college to identify where there may be shortfalls in capital.

2. Who wants it?

Primarily regulators and, by extension, policymakers and politicians/elected representatives. At the end of the 2008 crisis, many of them were concerned about avoiding or better handling any subsequent crises. This prompted politicians (via the Financial Stability Board) to direct regulators to improve the regulatory system for all of financial services, particularly as it relates to capital standards. And, while the banking industry has received the most attention, the insurance industry is part of a wider move for change in financial services; in fact, the FSB is now firmly focusing on the sector. However, many elected officials in the U.S. are now concerned about adopting a "foreign" calculation that differs from what regulators in their jurisdiction have used. To run their business and generate a good return on capital, multinational and other groups need to have some way to measure how much capital they need in total on a consistent basis. They have devised their own ways of doing this calculation using a combination of current regulatory calculations and their own capital models (which are sometimes called economic capital models). They tend to do these calculations on their own without outside prompting and have concerns that the ICS calculation could conflict with what they are already doing. There has been extensive regulatory change in recent years, and the ICS is yet another initiative that insurers have to address – and in a very aggressive timeframe.

3. Does it reflect current practices or does it break from them?

Practices differ by country, so there is no single current practice standard to compare with, and the ICS is intended to be a truly global group measure. The current ICS proposal is not the same as any practice in any jurisdiction currently, but most people would say it is closer to European Solvency II approach than to the current U.S. practice. Accordingly, ICS (as it currently stands) would be a considerable change to the U.S. market. This is why the Federal Insurance Office (FIO) is leading a workstream on setting up a GAAP+ concept that will be more closely aligned to U.S. practice.

4. Who’s going to enforce compliance?

The International Association of Insurance Supervisors (IAIS) does not have any executive powers; its role is strictly to develop regulatory guidelines and best practices for national supervisors to adopt, either in whole or part. Application of the ICS is up to individual supervisors, and the question remains if they will act in many major jurisdictions. In theory, the ICS will apply (via ComFrame) to only internationally active insurance groups (IAIGs), of which there are roughly 50 worldwide. However, many observers expect that when the ICS becomes an industry standard, other companies also will use it to calculate and report their capital adequacy. Several jurisdictions do not have an IAIG. Therefore, we assume they would not be pressured into introducing an ICS concept. However, because most jurisdictions readily adopt many IAIS principles, we would not be surprised to see some of the principles within ComFrame and the ICS “trickle down” to smaller markets, especially where there is not necessarily global activity but a high concentration of regional activity (e.g., Asia). The reason countries tend to adopt IAIS guidelines is because, when the IMF/World Bank conducts its Financial Sector Assessment Program (FSAP) reviews, it uses IAIS principles as the benchmark for assessing the insurance sector. Therefore, it is in many people's interest to adopt IAIS standards to achieve strong FSAP results (which feed into sovereign rating, etc.).

5. Who at insurers will be most affected?

If the calculation is similar to others already in use, then primarily risk, actuarial, financial and compliance will be affected. If, on the other hand, the calculation is very different, then just about all functional areas could be affected because of a knock-on effect on product portfolio, pricing, investment strategy and so on. In either case, boards will need to demonstrate they understand the numbers and what they mean, particularly as they relate to strategic decisions. Taking a look at the bigger picture, the ICS is only part of a larger regulatory package for IAIGs called Comframe. Other aspects of Comframe, like governance, risk management policies and Own Risk and Solvency Assessment (ORSA) also will have an effect on many areas, regardless of where the ICS ends up.

6. How much investment/effort would implementation and compliance require?

This depends on the nature of both the calculation that is adopted and its enforcement. It is almost certain that the calculation will be complex. But, if the calculation is similar to what groups are already using, either because it is similar to the main regulatory calculation groups use or is similar to their own internal, economic capital calculation, then the investment/effort will be less significant. More importantly, if it winds up being similar to current calculations, then the new ICS would not have a major impact on how the company's business profitability is measured. However, if the calculation is different, implementation/compliance and business impact will be significant. Investment and effort may not necessarily be limited to basic compliance. Insurers can look to their experience with Solvency II, which entailed more than just change to capital standards, and required significant investment in new technology, as well as potential changes to organizational structures.

7. Will product offerings change? Are there certain products that may disappear?

If calculations are different than those now in use, then, yes, there would likely be impacts on premiums for some products, and some may even become nonviable. Many life companies are concerned that if certain types of calculations (notably, market-consistent calculations) are used, then long-term savings products may be too costly to remain viable. At the least, if certain products do not disappear, then their design may need to change (which would change the balance of insurers’ product portfolios).

8. What’s been the reaction of ratings agencies and analysts?

Ratings agencies typically have their own capital calculation formula and, for the most part, at the group level. It is not clear if they will replace their own with ICS but could do so if they think the latter is a comparable or better formula. Equity analysts typically are concerned with the ability to pay dividends or buy back stock, which happens at the parent company level. Accordingly, they typically do their analysis at the group level. They have not been a vocal part of this discussion but probably would find an ICS helpful. In fact, most stakeholders are likely to support the concept of a global capital standard for the insurance industry, but there almost certainly will be differences of opinion about what one should look like as details are hashed out about how the standard will actually work.

9. With all this in mind, is a true ICS likely?

It’s too early to say for certain one way or the other, but even the regulators who question the necessity of an ICS seem reconciled to the notion that one should be developed. The debate now is what the one true ICS should look like, and how the calculation should be done is the main area of disagreement between and among geographies. For other aspects of the Comframe regulatory package, like governance, risk management policies and ORSA, there is significantly less disagreement.

10. What should insurers be doing now?

Building the ICS calculation formula and finalizing the rest of Comframe probably will take several years. The following are likely to be key steps in the journey:

• In the early stages, companies will want to understand how the different, proposed ICS options may affect them, to determine which option they favor.
• As regulators further develop the different options' details, they will want to study how different factors in the proposed formulas will affect companies. They will ask insurers to conduct studies of these different factors for their business (i.e., field testing).
• Once the nature of the ICS becomes clear, companies will need to implement the formula (and eventually, the rest of Comframe).
• All stakeholders should remain aware of ICS developments to assess where there is consensus and disagreement. If there continues to be significant divergence in how required capital is calculated across regimes, and if ICS adds complexity rather than reducing it, then most insurers will need to factor these developments into how they are modernizing or plan to modernize their risk, actuarial, financial and technology platforms to operate effectively and efficiently in the new environment.
• Insurers may need to redesign and reprice their products, as well as potentially rethink their business strategies. It is possible that they will need to divest certain businesses and add others.

What are current capitalization requirements?

Current capital requirements in the U.S. are set at a legal-entity level. There are no global requirements for a company that operates in more than one country, and calculation formulas for capital requirements typically vary in each jurisdiction. Solvency II gets close to mandating a group standard. However, it uses the concept of “equivalence” to deal with differing capital regimes between the EU and the rest of the world, rather than enforcing Solvency II capital standards on a third country. In other words, if a country outside of the EU is deemed equivalent, then the group headquartered in the EU can use the capital standard of the operation outside the EU within its group calculation on the grounds that EU regulators are comfortable with the system in that third country.

Are those requirements adequate if there’s another market shock like 2008 or a series of catastrophic events?

During the 2008 shock, some significant companies did not have enough capital, and governments intervened. In many cases, the formulas that set the capital requirements that proved insufficient are still in use. However, that doesn’t necessarily mean current requirements would be inadequate for future shocks. There’d need to be a model to test if current requirements are adequate for a defined market shock like 2008, but we would need to define exactly what "a series of catastrophic events" means before modeling its impact.

What results in undercapitalization?

The more risky the business, the theory is that insurers will need to hold more regulatory capital against the risk. To be undercapitalized is normally a reflection of poor reserving or liquidity management. More specifically, companies hold assets to defease their liabilities, which are calculated based on a more or less average level of claims. Additional assets are set aside (not available to pay shareholder or policyholder dividends) to pay for claims should they be higher than the average. This amount of additional assets is the regulatory required capital. If these assets set aside prove insufficient during a crisis, then undercapitalization results.

What is an adequate level of capital reserves (and, if the level varies by sector, what is the appropriate level for each)?

Figuring out the answer to this question is what the whole ICS global and country level debate is all about.

Which sector (reinsurance, P&C, life) has the biggest challenges remaining adequately capitalized?

There is no perception that this is a bigger issue for one sector compared with another. Problems have occurred in all sectors. Some future crisis events will affect all sectors, like credit risk events; others are more harmful for PC (wind storms) or life (pandemics).

Do different sectors have different standards? In other words, does life have a lower standard than P&C?

No, the same formula is used across the sectors. The formula will cover risks that are common across sectors with the same calculation. Different types of risk are covered by having different factors assigned to different exposures. Some of these will apply only to business/exposures written by life companies or PC companies.

Which are better capitalized, groups or subsidiaries (or does it vary)?

Each subsidiary typically has an amount of actual and required capital it holds on its own balance sheet. The group actual and required capital is the sum of these. Many companies hold actual capital in the subsidiaries just sufficient to cover the regulatory requirement in that subsidiary. They would hold any significant excess at the parent company. So for these types of companies, that would mean the group is better capitalized than the subsidiaries. But that is not always the case. A group parent company typically can send capital to subsidiaries, subject to meeting its own capital requirements if it is an insurance company. However, the normal capital flow is from subsidiaries to the parent, but the flow is constrained by the subsidiaries' own capital requirements. (Laws differ from country to country about how readily a company can move capital from one entity to another when it has a group capital position.)

Are there certain insurance lines that are difficult to adequately capitalize?

There are certain coverages for which the level of required capital is too high to make premiums affordable. Where this occurs, some form of government intervention typically occurs (e.g., flood insurance in certain areas). This is unlikely to change with or without an ICS. However, when the objective is policyholder protection, capital is not the only tool. Better risk management is also key, with tools such as the ORSA and governance protocols being paramount. If it is hard to quantify a certain risk type, then strong risk management principles should augment the degree of policyholder protection.

At a recent International Security Conference (ISC) law enforcement seminar, Chief Chris Vinson of the Texas Police Chiefs Association explained why verified burglar alarms work better: “We will give [them] the priority response [they] deserve. We will arrive on the scene in time to make an arrest. And making those arrests [is] what it is all about because when you increase arrests, you reduce the crime rate. When you reduce the crime rate, you are reducing property loss. When you reduce that property loss, it reduces the insurance rate for those property owners. When those insurance rates drop down [and] the crime rates drop down, then the property values go up, which makes our constituents happy.” The burglar alarms matter so much because, with a video-verified burglar alarm, an operator at a central station can review on video what is happening at the site before calling 911 center. The operator serves as a virtual eyewitness to a crime in progress. And, when police are sure a crime is being committed, they respond faster and make more arrests. (To see an excerpt from the seminar, click here:  https://www.youtube.com/watch?v=nX3IzynaUUY) A recent meeting between several of the major alarm companies and Verisk discussed how best to collect and quantify the advantages of professionally monitored video-verified alarm solutions for the insurance industry. Insurers are looking for technology and data to help them contain costs, and law enforcement and alarm response times are a crucial component. In April 2015, the largest police chiefs association in the country passed a resolution endorsing verified alarms and priority response. The Texas Police Chiefs definition of a verified alarm requires Central Station monitoring with operators specifically trained to review videos and communicate the pertinent information to law enforcement. Home surveillance systems might work as a nanny-cam but lack the protocols and processes for alarm response provided by the central station. (Here is a link to the Texas Police Chiefs resolution on verified alarms:  http://www.ppvar.org/_asset/wfdzry/TPCA-Priority-Response-Resolution-2015.pdf) Without technology and new policies, property losses will only get worse as the number of officers declines. At the recent ISC conference, officials from Akron, Ohio, and Chula Vista, CA, said their police departments had already shrunk because of budget cuts, forcing them to reconsider response to alarms -- responding to false alarms represents between 8% and 15% of total calls for service at the 911 center. Akron adopted a “verified response policy” in 2014, and over the past year burglaries went down 5%, with increasing arrests. Retired Capt. Gary Ficacci said Chula Vista was policing 260,000 people with 212 police officers, one of the leanest staff/population ratios in the county. The economic downturn caused the city to lose about 40 officers and provided the impetus to change the alarm ordinance to promote a form of verified response. Chula Vista figures it spends more  than $100,000 in officers and staff for every arrest made in response to a burglar alarm, but video verified alarms could cut that number significantly. How much better can verified burglar alarms actually be? Radius Security in Vancouver, Canada, just completed a short study of its verified alarms compared with the traditional, unverified alarms. For Radius, its verified alarms were 1,000 times more effective. The arrest rate for unverified alarms is between 0.08% and 0.02%, while arrest rates for verified alarms are often in double-digit percentages. Why? Because law enforcement treat a verified alarm like a crime in progress instead of something highly likely to be a false alarm. Texas Chief Vinson says, “The calls that truly merit a higher priority response, those get pushed to the top. Those get the response they need to actually make arrests, and that is what we are all going for here, because if you take that guy off the street that is committing the offenses and you’ve solved that crime you have probably solved a handful of crimes that occurred before that he has already committed that he confesses to. And then you prevent all the crimes that he is not going to commit while he is sitting in jail. So, it is a big deal to make arrests on one of these calls, because it makes a difference in the actual crime rate that affects that city.” (For video on Radius Data, click here:  https://www.youtube.com/watch?v=AlXMGu-lT7g)

It sometimes seems that all we hear about are the complaints, when something goes wrong for a policyholder dealing with an insurance company, especially when a claim is involved. So we thought we’d bring you a story where everybody did the right thing – even beyond right, because the client couldn’t have expected to be treated as well as it was. It happens that we know this story because our founder, Dave Dias, was involved. But we’d happily share other stories on an occasional basis if you email them to me at jared@insurancethoughtleadership.com. This story begins in the first week of September 2014, when the Folsom, CA, campus of Bayside Church was burglarized. Bayside, a “mega-church” based in Granite Bay, CA, has campuses throughout the Sacramento area and has been holding services at a middle school in Folsom. During the week, someone broke into a steel container at the school and stole much of the audio-visual equipment that Bayside stored there. Dave Hanson, the CFO of Bayside, says the equipment was valued at $75,000 to $100,000. The case quickly went cold. The thieves had known what they were doing – for instance, they broke only into the container with the valuable equipment, not into containers with, say, materials for the children’s ministry – and didn’t leave clues behind. There were no witnesses and no security video. This is where the insurers swept in. Hanson says, “Dave [Dias, a former police officer who is the InterWest broker on the Bayside account] was thoroughly frustrated that someone would steal from a church, and Folsom PD had zero leads. So, in an attempt to help the police department, he said, ‘Let’s put up a reward.’” InterWest, a Sacramento-based broker, and Philadelphia Insurance, the carrier, offered a $10,000 reward for information leading to the return of the equipment. Within days, someone came forward with information, and police raided a house in nearby Carmichael. They not only found all the Bayside equipment but also recovered two stolen vehicles, an enclosed trailer, a watercraft, small amounts of drugs and numerous weapons, including three handguns, two rifles, an assault rifle and more than 3,000 rounds of ammunition. The owner of the house, a convicted felon, was arrested and is awaiting trial. “He had guns, ammunition, money, lots of acetylene torches, power tools; it was obvious he had stolen stuff from construction sites,” Hanson says. Recovering the equipment obviously saved Philadelphia Insurance from having to pay a large claim. But it also saved Bayside from having to pay the deductible and from the hassle of having to locate and rent equipment each week, until its claim was paid. “The partnership aspect of client, broker and carrier is the most important aspect here,” Hanson says. He notes that the Folsom police department, which had never worked a rewards case, got a high-profile win and says the main winner was the community. It no longer has to worry about a big-time, professional thief. Isn’t this sort of story better than what you usually hear when you tell someone you’re involved in the insurance industry?

Humanity’s innate urge for creativity coupled, perhaps, with the promise of fame and riches have been important drivers of innovation throughout history. But what has served as the foundation for innovation? What has helped individuals make the leap from coming up with a great idea to executing it? In one way, the answer is insurance. Insurance and risk transfer are key historical inventions that contributed to the rise of innovation around the Industrial Revolution. Legal and financial advancements, such as modern insurance policies, have been just as significant to innovation as technological breakthroughs. They have allowed humanity to view risky situations as opportunities to progress. Before the Industrial Revolution, creative risks were, well, a lot riskier. In the days of hunter-gatherers and early agriculture, individuals or small family groups bore total responsibility for any consequences should a new crop be unsuccessful or sickness spread because an unproven concept failed. (Starvation and death are steep prices to pay.) As time progressed, hierarchical systems ensured the ruling classes quickly claimed and controlled any innovation devised by those low on the totem pole. Historically, oppression has rarely served to spark advancement at all, let alone at a decent pace. When formalized insurance came along, in addition to stocks, bonds, patents and other financial tools, it allowed people to share the risks and rewards of their personal creativity. Because the downside of failure was no longer as excessive, people were empowered to take bigger leaps. Insurance and its associated analytics removed many of the unknowns from taking a chance on a risk. Insurance and risk management are now so ingrained in the innovation process that we take it for granted as just another step on the way to progress. When you hear about modern space travel, for example, you don’t hear about the insurance policies that make it possible for entrepreneurs to launch ambitious new projects. Unfortunately, the only time we make the connection between insurance and innovative efforts is when something goes wrong. Case in point: It was only when an unmanned commercial rocket exploded last fall that many articles rushed to note it was insured for about $200 million. Today, insurance is stepping in to lower innovators’ risks in other creative ways. One example is a firm that created insurance protection from “patent trolls.” While patents are supposed to protect inventors, some people have found ways to exploit the patent system to enrich themselves instead, while also limiting actual innovation. The high litigation price of defending a patent has caused many start-ups to stall out. Patent trolls have forced even established companies like Apple, Google and Samsung to spend massive quantities of capital addressing seemingly gratuitous patent claims. The new solution steps in to help organizations keep creating. Recently, some insurance companies have begun to offer protection for the bitcoin business. The virtual currency has had its fair share of troubles in the last year or so, with cyber attacks and technical snafus costing investors millions upon millions of dollars. With the advent of protections similar to those offered by the long-established Federal Deposit Insurance Corporation, these organizations are making it possible for the bitcoin industry to mature, potentially ushering in a new, all-digital era for commerce. The New York Times Magazine recently dedicated an entire issue to the subject of innovation. It cited prominent M.I.T. economist Daron Acemoglu directly linking the advancement of society to the necessity of insurance and risk management. In other words, the better we manage risk, the more risks we take and the better off we may all be. This article was originally published on IAmagazine.com.

With the recent release of a new British standard BS 65000 on organizational resilience and the announcement by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) of a review of its 2001 enterprise risk management (ERM) framework, I believe that business is moving ahead of ISO 31000 as a necessary response to the evolving business environment and accelerating rate of technical change. Therefore, there is a strong case for a taking a fresh look at ISO 31000. As I’ve stated many times, the pace of business changes and evolution of management systems is accelerating in the 21st century. So, too, has the role of risk management. The ground is continuing to move under our feet. Long a supporter of Martin Davies' causal approach to risk management, I feel the albatross of risk heat maps and 20th century occupational health and safety (OHS) perceptions of risk are causing business to bypass risk management. Has Risk Management Been Lost in Operational Risk? In a recent article by David Vos titled “Ten steps to corporate risk analysis,” he refers to the need for quantitative risk analysis (QRA) and says “only about one quarter of corporate strategic planning departments truly use simulation analysis (the most useful means of evaluating risks), and only a third quantify their risks at all.” This left me dumbfounded, for if risk is the level of uncertainty on objectives, how can any system claim to be managing risk without quantifying it? It leads me to ask, outside banking and insurance, how many people are really “managing” risk as opposed to recording it? Could it be arrogance, where we have elevated ourselves to the “opportunity and decision making” levels of business, causing us to lose sight of our primary role in the business landscape? Is the Legal Department Taking Over Risk? In a recent article, I criticized plan, do, check, act (PDCA) as an outdated, serial approach to continuous improvement, proposing instead realization, optimization and innovations as an interactive real-time approach using mathematical predictive analytics. It seems the usually lagging legal fraternity is advocating a similar approach “that may be used by the legal department for risk management purposes. These innovative uses of available technology can increase the return on investment in the technology and provide an added incentive to move forward with new approaches to risk management.” Is the legal department to become the vanguard for ERM? With legal's relationship to corporate governance, that is not beyond the realm of possibilities! Although I am most likely preaching to the converted, we need to change the purpose of risk management from being administrative to being an active, valuable tool. This mandates, at a minimum, a reasonable level of understanding of statistical and analytic mathematics and the realization that an Excel spreadsheet cannot be proactive. As ISO 31000 is the only tool we have to wage this war, and 2009 was a lifetime ago in terms of business practice (basically, before the end of the Great Financial Crisis), I believe it requires a major overhaul or risk becoming irrelevant. Finally, risking the wrath of the ever-swelling ranks of generalist operational risk consultants out there: However altruistic was the original decision for ISO 31000 not to be certifiable, there is a need to introduce a method of certification to engender value and consistency into the reputation of ISO31000. My Suggestions for a Revised ISO 31000 As a starting point, I would suggest:

• Strengthen requirements on risk culture and risk appetite
• Mandate the use of quantitative risk analysis (QRA)
• Mandate the use of causal analysis and monitoring
• Take an active approach to risk management
• Incorporate BS65000 and resilience as part of ISO 31000
• Introduce certification to protect the ISO 31000 brandaszzz

Mother’s Day is a special time to celebrate all those kisses and hugs, the rides to the mall, the doctors’ appointments, the countless soccer-basketball-baseball games, a special note tucked into a pocket or care package sent to camp. But remember, sometimes it’s what a person doesn’t do that matters, and some moms are just bad to the bone. More than 30% of identity theft cases involve a family member or close friend. The reason is simple: access. Whether it’s your mother, father, foster families, siblings, close friends or your spouse—access often is the only catalyst needed to turn your credit report into a crime scene. Here are a few examples from the Mommy Dearest files. Betz Noir Axton Betz-Hamilton discovered she was an identity theft victim when she rented her first apartment and was told that a deposit was required to turn on the electricity because she had bad credit. She thought she had no credit at all. Her credit report said otherwise. Her assumption at the time was that whoever stole her parents’ credit a while back had hit hers, as well. Then the truth came out. Betz-Hamilton’s mom, Pamela Betz, died in 2013. Shortly after that, Betz-Hamilton says her father discovered a box that contained credit card statements in Axton’s name, so he called to razz her about her profligate spending. He then discovered he also had some crazy spending, and so did his father, who lived with them. They all allegedly were hit by Mama Betz. Free resource: Stay informed with a free subscription to SPWNR No Cheers for This Mom Some mothers have a hard time giving their kids space to grow and become their own person. Others can be smothering to the point that children can’t do anything on their own, but Wendy Brown took it to another level when she used her daughter's identity and showed up for cheerleader tryouts at Ashwaubenon High School in Wisconsin. With her daughter living in another state with family, Brown, 33, decided it was time to get her high school diploma—and it seems, while she was at it, get another shot at the high school experience. She was caught by truancy officers and sentenced to three years in a psychiatric hospital. G.I. Jane Deferred Cassidy McKenna had just graduated from high school and was excited about enlisting in the armed forces. But when she signed up, they wouldn’t take her. While it’s generally known that bad credit can affect a soldier’s security clearance, the Armed Forces also will turn down prospective recruits with unpaid debts that are overdue or in collection, until the issues are resolved. McKenna said she didn’t know that she had bad credit. She had always lived at home and had no credit cards. The damage was caused by an outstanding electric bill for $1,755 and another $1,123 owed to a cable provider. When she confronted her mother about the bills, she said her mom went AWOL, only turning up at the Kerr County Courthouse, where she was answering McKenna’s theft charges against her. Apple of Her Eye? Mom and alleged fraudster Kristina Anh Giusti, 44, of Garden Grove, CA, first attracted the attention of the Chino Hills Police Department after an investigation into $800 in fraudulent credit card charges at local retailers. Investigators say the evidence they collected points to Giusti's making the charges. According to CBS Los Angeles, police found “altered credit cards issued in the suspect’s name, six laptops, two tablets, an embossing machine and a tip card machine used for forging credit cards. … Detectives also found a card encoder, several boxes of white stock credit cards, a money counter” and $11,000 in cash. Police allege the woman had two accomplices … one of them her daughter. ‘In the Family Way’ Fraud Hairdresser Jennifer Perik, from DuPage County outside of Chicago, is expecting both a baby and a criminal trial in the months to come. If the charges stick, she will join the ranks of identity-thief moms. Perik is accused of making $6,000 in fraudulent charges on a Discover card that belonged to her hair client, a 94-year-old woman. Investigators say that more than half that amount went to a sperm bank with offices in Virginia and Maryland that boasts high-quality donors. At a bond reduction hearing, Assistant State’s Attorney Diane Michalak said that Perik was seven weeks pregnant, but that it was not known if the pregnancy was the result of in vitro fertilization. We’re always talking about identity theft being the third certainty in life, yet the crime almost always takes victims by surprise—all the more if the perp is Mom. It’s always a good idea to take protective measures to reduce your risk, but even then it’s impossible to entirely prevent the crime from happening. You can, however, reduce the damage from fraud by detecting it as quickly as possible. Check your financial statements—ideally online, every day—for any fraudulent charges, and dispute anything you didn’t authorize. Request your credit reports, which you can get for free once a year, to look for new accounts that you don’t recognize. And your credit scores serve as your snapshot of your credit health—by tracking them over time, you can catch any big, unexpected changes that may be a sign of a big, unexpected problem. You can get your credit scores for free from many sources, including Credit.com. This Mother’s Day, celebrate the women who have done so much for us—and thank your lucky stars that your mom isn’t a fraudster. Or is she? … Maybe wait until Monday to investigate. This piece was written by Adam Levin. Levin is chairman and co-founder of Credit.com and Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.

In 1973, I began my insurance career as a claims’ adjuster. We handled some of the first claims in the new NFIP Flood Program. There was chaos. A year later, I was hired by Cumis Insurance to staff a new sales office in Baton Rouge,LA. The market hardened dramatically, capacity was limited and our office closed before we sold a policy. I learned about market cycles. My next job was as an insurance producer. My job and the agency business were good. We were paid 25% commission on homeowners policies, there was no transparency (comparative rating didn’t exist in our part of the world) and the most exciting change was when Safeco allowed field men (yes, they were all men) to wear blue or buff-colored shirts in lieu of the traditional white. During my first week at work, a colleague dropped an article titled "Marketing Myopia" on my desk and said, “read it.” The author was Theodore Levitt. The piece was then and still is a classic -- and framed my thinking about an issue that has only grown in importance and must become  the future of insurance. Levitt opened with an observation on the railroad industry, which declined because it defined itself incorrectly – “railroad-oriented instead of transportation oriented... product-oriented instead of customer-oriented.” Levitt also mentioned a fundamental misunderstanding about the success of Henry Ford. “We habitually celebrate him for the wrong reasons: for his production genius. His real genius was marketing. We think he was able to cut his selling price and therefore sell millions of $500 cars because his invention of the assembly line had reduced the costs. Actually, he invented the assembly line because he had concluded that at $500 he could sell millions of cars. Mass production was the result, not the cause, of his low prices.” From 1978 to 1981, I represented Fireman’s Fund/FAMEX in its GM dealers program. At that time, the No. 1 concern of General Motors and its dealers was that GM would gain 65% market share and that the government would then break GM into Cadillac, Buick, Oldsmobile, Pontiac, Chevrolet and GMC corporations. We all know how this played out. In 1993, I opened my consulting practice focusing on CHANGE – its management and architecture. (“The best way to predict the future is to create it,” as Peter Drucker said.) I spoke to the leadership of a community bank and said that, although GM, IBM and Sears were the giants in their respective industries, “one of these three will ultimately go bankrupt.” The bankers rolled their eyes and laughed. We all know how this played out. (In my children’s lifetime, I may prove right on the other two.) Later that same year, Drucker offered an op-ed in the Wall Street Journal, titled "The Five Deadly Business Sins." It said, “The third deadly sin is cost-driven pricing. The only thing that works is price-driven costing. Most American and practically all European companies arrive at their prices by adding up costs and then putting a profit margin on top… their argument, ‘we have to recover our costs and make a profit.' "This is true but irrelevant; customers do not see it as their job to ensure manufacturers profit. The only sound way to price is to start out with what the market is willing to pay.” Levitt’s voice echoes his agreement from the "Marketing Myopia" article, when he says, “Our policy is to reduce the price, extend the operation and improve the article. You will notice the reduction of price comes first.” Drucker’s wisdom closed the circle that began with my reading of "Marketing Myopia." In 1994, I became the executive director of the Louisiana Managed Healthcare Association (LMHA) – the health maintenance organization (HMO) association. I quoted Drucker dozens of times as I attempted to explain the difference between the then-existing fee-for-service system and the new world of “capitation” and “managed care." I was shouted down more than I was applauded. That same year, a couple named Harry and Louise (in a TV ad campaign) defeated Bill and Hillary’s attempt to reform healthcare. Fast forward another 20 years and Obamacare is the law of the land. At its essence is managed care – a price-driven costing model. The market won’t go back to cost-driven pricing. Two more observations from Drucker as your prepare for tomorrow -- or choose to ignore it: -- “Because the purpose of business is to create a customer, the business enterprise has two and only two basic functions: marketing and innovation.” Innovation is so necessary because customers are constantly changing. We must be defined and driven by clients. --“There are now only three possible roads the financial services industry can take. The easiest, and usually most heavily traveled, is to keep doing what worked in the past. Going down this road means, however, steady decline….The second road – to be replaced, and probably fairly rapidly, by outside innovators – remains a possibility for today’s firms. But there is also a third and final road – to become innovators themselves and their own ‘creative destroyers.’” Your future depends on more production but only at a price the market will pay. Your sustainability depends on innovating your processes to ensure profitable delivery whether your commission is hidden in the premium or disclosed or whether premiums are quoted net of commission. Today, when I drive by a dealer, the genius of Drucker is reinforced. Look at a pickup truck on the lot. The window sticker shows the “cost-driven price.” The sign on the windshield celebrating a $12,000 discount is the price-driven cost. If you want to sell a truck in today’s world, discounts are not optional! The same is true for insurance.

A common question we often hear CEOs, CFOs and directors of businesses and public and private institutions ask is, “What terms and conditions should I consider when buying cyber insurance?” We have compiled a list of some of the most important terms and conditions to consider. However, you should discuss more nuanced industry and organization specific terms and conditions with your broker and insurance coverage attorney. 1. Crisis Services Crisis services include the costs for computer forensic investigations to determine the cause of the data breaches, obtaining legal guidance, notifying victims, providing credit monitoring to the victims, and promoting media or public relations campaigns. According to Net Diligence’s 2014 Cyber Claims Study, almost half of the total amount of insurance company payouts from data breaches was for crisis management services. The Ponemon Institute’s 2014 Cost of Data Breach Study: U.S. also reported unusually high churn rates following news of data breaches. Your organization will want professional assistance to communicate to your customers, regulators, business partners and vendors that you are taking appropriate and reasonable steps to protect your customers with respect to any loss of data and that you will take reasonable steps to try and safeguard your customers’ data going forward. 2. Regulatory Defense (including fines and penalties) Regulatory agencies, such as the Federal Trade Commission and Department of Health and Human Services, actively investigate data breaches within their jurisdictional powers. There are many examples of corrective actions, penalties and fines imposed by the Office of Civil Rights on behalf of HHS for HIPAA violations, including the $4.8 million in HIPAA settlements following the data breaches at New York-Presbyterian Hospital and Columbia University. This is especially important to keep in mind if your organization is a healthcare provider (a HIPAA-covered entity) responsible for its patient information or has a self-funded health plan (a separate type of HIPAA “covered entity”) where your organization is ultimately responsible for the security of the plan participants’ data. Many policies have a sublimit for regulatory defense. You may think you have a $10 million policy, only to find out that you have a sublimit for regulatory defense of $500,000, which may leave you woefully underinsured. Net Diligence reported that the average healthcare sector payout in 2014 was $1.3 million, with the median regulatory defense payout being a little more than $1 million and the mean regulatory settlement cost being $937,500. 3. Prior Acts Coverage/Retroactive Date Prior acts coverage provides protection against prior acts that may lead to a claim during the policy period. The “retroactive date” is the date when your coverage begins, and can be subject to negotiation. Although Verizon’s 2015 Data Breach Investigations Report noted that the time from compromise to discovering the compromise is at its smallest deficit ever recorded (days or less, 45% of the time), data breaches can take many months to detect. Here is a common example: On Jan. 1, 2015, a particular program offers a patch to mitigate certain security vulnerabilities. A hacker finds that your company failed to install the patch and uses it as a means to enter your network, sets up a program to start filtering and collecting your data and then installs the patch to prevent detection of the intrusion. You apply for cyber insurance soon thereafter. Just after closing the 2015 Christmas holiday shopping season, the hackers send your data out, at which point you detect the intrusion. Your insurer subsequently notifies you that it is denying coverage for the claim because of prior acts that occurred before coverage began. This is why you want the broadest “prior acts” coverage possible. You may also want to negotiate an extended reporting period, as a subsequent insurer may claim that the data breach events did not occur during its policy period. 4. Network Business Interruption Coverage This covers certain losses while your network is interrupted as a result of a data breach. This is especially important if your organization engages in e-commerce. How much profit would you lose if your organization was down for several days while law enforcement and your computer forensics consultants investigated the cause of a data breach? 5. Contingent Business Interruption Coverage (resulting from the acts or omissions of third parties) Many organizations rely on third parties for processing data. For example, many healthcare providers rely on third-party billing companies and clearinghouses to process payments, making them “business associates” under HIPAA. Similarly, self-funded health plans frequently contract with third-party business associates for claims management and other plan administration functions. If the business associate suffered a data breach affecting your patients’ (or enrollees’) data, your organization may bear the ultimate responsibility for the breach. Accordingly, your organization will want coverage to offset this potential loss. Your organization may also want to consider negotiating the self-insured retention or deductible in case of a loss so that the third party is responsible to pay for the deductible if it results from the third party’s acts or omissions. 6. Defense Option/Reimbursement of Costs Some cyber insurance policies require the insurance company to hire consultants and attorneys to defend your organization, while others agree to reimburse reasonable and necessary costs. Using your own consultants and attorneys make sense if they know your system and are familiar with your business, so you won’t have to pay for them to come up to speed on your organization. You will want to consider which path you will want to take. 7. Costs of Restoring and Recreating Data The cost to restore or recreate data if taken or damaged can be extensive. Your organization will need to assess the cost of this coverage and its need. 8. Extortion Coverage Criminals continue to run phishing scams where a user clicks on a link that serves to encrypt a laptop or other computer. Oftentimes, one laptop or computer can infect others, and you’ll want to negotiate this coverage to simply pay for the data to be restored.

The quote in the headline -- "The customer's perception is your reality" -- is from the renowned business trainer Kate Zabriskie, and I hope you agree it is absolutely true. No matter how excellent you think you are, or your company is, at service delivery, your future success as an enterprise depends principally upon how good you are in your customers’ minds when responding to their ever-changing needs. Or, as John Mackey (CEO, Whole Foods) put it, “For us, our most important stakeholder is not our stockholders, it is our customers. We’re in business to serve the needs and desires of our core customer base.” But what are those needs? Are they those that you may have already identified, based on your experience? Has your considerable operational expenditure, in people and systems, really met what your customers need? Or is our thinking unconsciously restricted by our knowledge of what we can and cannot easily achieve? There are many publications, a plethora of business processes ideas and of course the Internet itself, all crammed with customer relationship management theories. I don’t suggest that these are wrong, but what I do believe is that most financial services customers want something better than the superficial contact often delivered regularly by mailshots or e-mails. The “relationship” they require is more like that of their general medical practitioner! Namely a service that is accessible, resulting in knowledgeable and courteous attention, one that is effective, on call always but available only when needed. This article focuses on customer perception and service delivery for existing insurance customers and associated stakeholders. More specifically about how appropriately the enterprise responds to customers’ post-sales questions, claims and changes about personal lines policies. It might first be helpful to consider, in general terms, the prime means of post-sales service delivery in the UK currently deployed by insurance companies, brokers, claims service companies, etc. These channels are principally face-to-face in offices; via the Internet; over the telephone, including SMS texting; and, to an under-developed extent, through mobile service platforms. Branch contact used to be normal, but face-to-face customer contact seems on the decline. No doubt the cost of staff, the use of alternative technologies and the need to drive down costs have all contributed to the demise of the branch office. The challenge then is how to achieve the goal that Sam Walton (founder of Wal-Mart) described as “customer service that is not just the best but legendary.” Well, I imagine that the words “call center” do not spring immediately to your mind as “legendary.” At their best, call centers provide a good and necessary service, but I do not believe that the sophisticated telephony statistics and in-house customer surveys yield an entirely accurate picture of customer perception. In the main, customer perception is that call centers are a dismal fact of life. They often describe their experience as an endless series of numerical options and pre-recorded messages. These are followed by an interminable wait brought to an unsatisfactory climax by what they perceive as a “factory service,” so often a conversation with an underpowered and strictly timed operator, who seems in a hurry to deal with the next call. Is this the sort of post-sales service your customers deserve? Does it really surprise and delight your customer with “legendary” service? From an enterprise point of view, call centers are generally sub-optimal. Staff turnover can be high, recruitment and training costs significant, with onerous levels of supervisory oversight. Management often experiences prolonged stress, justifying service delays and fretting how to improve service without incurring more costs. Most call center staff cannot make significant changes to policy records, or handle customers' resulting needs themselves; instructions have to be prepared for other processing technical staff. Is there a better or additional way, other than a call center, in which the increasing expectations of existing insurance customers can be met and exceeded? Is it possible to achieve this and at the same time drive a huge chunk of operational costs out of the business? The answer is emphatically yes! In fact these benefits can be achieved quickly and cheaply compared with traditional legacy and Internet technology. The solution is to deploy the latest and powerful mobile technology directly to customers, to empower them to access their own records and to make self-service changes, raise claims and initiate inquiries directly to a database or a secure copy. Today’s customer is never far from a smartphone or tablet. The expectation from an enterprise is that of mobile technology being available to post-sales and post-renewal. Customers do not want to be pinned down to call center hours or a static location from which to call to make changes or to deal with claims. Any company that offers a post-sales insurance service that suits the time and place of their choice must surely have a significant and differentiated product. If that same company, as a result, is able to eliminate a huge percentage of its operational costs, then it also will derive a massive commercial advantage. Let’s see how this can be achieved. To explain and to avoid confusion with traditional legacy solutions, I will briefly describe the provenance of modern mobile technology platforms. It was not long ago that mobile phones were used solely for voice calls and texts. Today’s smart phones and tablets are multifunctional devices that can insert themselves into the very DNA of the customer-enterprise relationship. This is possible by means of developing intelligent mobile processes. Operating systems for smart phones such as Mac iOS, Android, Windows and RIM are now fully mature and open a window of opportunity for the development of third-party software. But quality matters, too, and development needs to be easy and intuitive to use because mobile users demand more choice, more ways to use their phones more functionally. The Internet just allowed us to connect with anyone in the whole world. But with mobile technology we will connect anytime and anywhere with everything through “the Internet of Things” (IoT). Manufacturers and retailers are investing immense amounts of money in intelligent appliances, and very soon your home will be as smart as your car. This technology offers a unique chance for insurance enterprises to integrate intelligent mobile devices in their post-sales service delivery. For example: How would this work in practice? Mobile and tablet applications are limited only by vision and imagination, and space in this article permits only a brief summary. There are two principal post-sales areas where advantage can be gained, namely policy changes/inquiries and claims reporting/progress. Imagine your home and contents policyholder receiving a renewal notice and reviewing the cover. This might show that the sums assured need revision and that a newly acquired item of jewelry should be added; perhaps an optional extra such as legal expenses cover is to be considered. By means of an appropriate mobile phone or tablet, the policyholder “logs in” and views current policy details. No doubt this will include a reminder that renewal is almost due. Using the form of graphic display the policyholder is used to (sliders and check boxes on smart phones for example) the cost of changes are modeled. More information about the legal expenses cover is requested, received and possibly some questions answered. Mid-term changes are frequent, too, so any relevant date and details of change may subsequently be selected once the policy records are accessed from the mobile. When the customer is satisfied with the modeled changes, the new risk profile is sent to the insurer and a new premium generated. If accepted (or remodeled), payment details are collected, and no doubt certain questions required by the insurer are “check-boxed,” instant confirmation is given and promptly afterward updated documents e-mailed to the policyholder. All of these events take place at a time, day and location of the customer’s choice. Unless the customer chooses otherwise, no call center conversation is required; no staff are needed to manually process the changes. In this example, all the requested changes were within the insurer’s underwriting and rating rules; had they not been, then an appropriate message would be generated ensuring, that a call center contact is focused upon more specialized and justified issues, requiring a smaller number of trained and empowered people. In effect, the call center becomes a skill center, a quite different entity. Reporting claims and dealing with claims progress issues can easily be imagined, and again the limit is process appetite and creativity. Mobile technology has the advantage of a camera, GPS and verifiable date and time. So this data can be assured and becomes invaluable within the claims oversight process. Photographs can be taken, with assured dates/times/locations of loss-related events, damage, articles etc. These can be attached to a mobile claims notification, with appropriate inbuilt guidance, and sent to the claims department to initiate the process. The mobile can be used to receive calls, texts and e-mails. Even voice messages or videos from the customer can be attached. Adjusters can be appointed automatically subject to a “rules engine”; replacement goods can be selected and offered via the mobile connection; estimates and invoices can be generated or photographed for sending on to the claims department. The effect of these customer processes upon service delivery is abundantly clear. But what of the opportunity to save costs? In my experience, between 25% and 50% of inbound customer calls are of a standard, non-exceptional nature. Conservatively, once fully operational, I would expect mobile technology for post-sales activities to drive out 30% of staff and call center costs of the enterprise. For those who also use call center or technical staff to actually manually process changes, as well, similar levels of savings could be achieved in that part of the operation. At this stage it is reasonable to ask, if the technology is available now, the advantages so attractive and already being employed by other enterprises, why have insurers, generally, not yet filled this space? I speculate that there are five reasons: - The skills required to build mobile technology platforms are not generally available in most insurers' computer departments. Mobile process development is new and different, and simply importing legacy or internet systems on mobiles produces ugly, cumbersome customer applications. The solution is the careful selection of a third-party provider, working with staff, to introduce these new skills into the computer department. - Core processes and enterprise data is jealously guarded by departments. Security is also of paramount importance. They are right to be careful! These assets must not be put in harm’s way. Until complete confidence is established, the safe solution is to use replicated rules engines and validate changed data outside the core processes. The use of the latest and most secure encryption technology is paramount. - Most IT departments have a tremendous backlog of legacy system updates. It’s essential but difficult to focus on a new mobile future when you are trapped in the technology of the past developments. By using a third-party provider to quickly develop applications and train existing staff, an enterprise can begin to move forward and avoid being left behind by newer competitors. - Development is seen as possibly expensive and probably protracted. In fact, the opposite is true. It is surprisingly quick and relatively inexpensive to develop the latest generation of applications for mobile platforms compared with legacy systems. Payback can often be achieved within months of launch. - There may be a lack of imagination or strategic understanding of what mobile applications can achieve. It is, in my opinion, dismally true that some of the few mobile insurance “apps” available download little more than contact details, or a claim form. Recreating on a mobile what an enterprise already does on the Internet misses the point entirely and wastes a unique opportunity. In conclusion, mobile technology has rendered the call center, in its current form, obsolete. The only question is how long the process will take. It will be fascinating to see the more agile and visionary insurance enterprises seize the opportunities presented by mobile technology.

An employee’s peace of mind is equal in concern with the physical injury when it comes to a worker's comp claim. An upset employee can lose motivation, incur a bad attitude and rationalize the over-use or abuse of WC benefits. I am adamant that employee satisfaction is as key a factor in WC claim outcomes as it is in overall employee productivity and job performance. It is not the adjuster’s primary role to manage an employee’s peace of mind at the start of a new report. While we expect good “bedside manner” from an adjuster, she must reserve a defensive position and be a “bad-cop” if necessary. An astute employer sees the opportunity in meeting an employee’s concerns at the time of an injury. It is like adding another critical brick to strengthen the foundation of employee satisfaction. The immediate task can be simple. A little bit of confident communication goes a long way. Step one is to put yourself in the injured employee’s shoes and imagine being faced with an inability to work. It is not a comfortable feeling. Quick Tip: Prepare a “Top-10” Information Sheet for Quick Use Concept: Include a quick-reading “Frequently Asked Questions” checklist as part of an overall information packet for new WC claimants. Suggested Top 10 and Recommended Answers: 1) Which doctor do I use? – Identify the preferred list, contracted clinic or emergency facility. Explain degrees of employee choice if any does exist in your jurisdiction. 2) What if I can’t do my job? – “If the doctor determines you cannot perform your job, we will try to match you with a temporary alternate assignment. If there is no ability for you to work, your wages will be paid as a WC benefit.” 3) How much will I be paid? – Provide the statutory calculation formula for the comp rate and specify that the employee’s specific rate will be determined by the claims adjuster within 48-72 hours. 4) When do I start getting checks? – Explain the jurisdictional waiting period. 5) How do medical bills get paid? – “All bills will be paid directly to the doctors/providers. You do not pay any bills for accepted and covered treatment.” 6) Do I need an attorney? – “We will help facilitate your benefits. An attorney is not necessary unless you face a disputed issue and want it to be heard by a judge. However, it is your option and right to consult an attorney at any time.” 7) What do I do next? – Explain any other internal steps and forms; explain that an adjuster will make contact and go over additional information. If you have a designated adjuster, provide a name and contact info. 8) What about my health benefits / 401k contributions, etc? – Explain your policies and the jurisdictional requirements that continue benefits during a WC claim 9) Will I lose my job or be fired? – Explain that filing a WC claim is not a basis for termination but also reserve the right for progressive discipline because of safety violations, attendance, job abandonment, fraud and any internal policies that might relate to WC situations. 10) What if I have other questions? – Provide a designated internal WC contact with an open-door policy.