Tag Archives: car

Risk Management: Off the Rails?

First, there was science…

Some sources suggest probability theory started in gambling and maritime insurance. In both cases, the science was primarily used to help people and companies make better decisions and, hence, make money. Risk management used the mathematical tools available at the time to quantity risk, and their application was quite pragmatic.

Banks and investment funds started applying risk management, and they, too, were using it to make better pricing and investment decisions and to make money. Risk management at the time was quite scientific. In 1990, Harry M. Markowitz, Merton H. Miller and William F. Sharpe won a Noble Prize for the capital asset pricing model (CAPM), a tool also used for risk management. This doesn’t mean risk management was always always accurate — just see the case of LTCM — but managers did apply the latest in probability theory and used quite sophisticated tools to help businesses make money (either by generating new cash flows or protecting existing ones).

Then, risk management became an art…

Next came the turn of non-financial companies and government entities. And that’s when risk management started becoming more of an art than a science.

Some of the reasons behind the shift were, arguably:

  • Lack of reliable data to quantify risks — Today, certainly, there is no excuse for not quantifying risks in any type of an organization.
  • Lack of demand from the business — Many non-financial organizations of the time were less sophisticated in terms of planning, budgeting and decision making. So, many executives didn’t even ask risk managers to provide quantifiable risk analysis.
  • Lack of qualified risk managers — As a result, many risk managers became “soft” and “cuddly,” not having the skills or background required to quantify risks and measure their impact on business objectives and decisions.

Many non-financial companies quickly learned which risks to quantify and how. Other companies lost interest in risk management or, should I say, never saw the real value.

Today, it’s just a mess…

What I am seeing today, however, is nothing short of remarkable.

Instead of being pragmatic, simple and focused on making money, risk management has moved into the “land of buzz words.” If you are reading this and thinking, “Hold on, Alex. Risk velocity is important; organizations should be risk resilient; risk management is about both opportunities and risks; risk appetite, capacity and tolerances should be quantified and discussed at the board level; and inherent risk is useful,” then, congratulations! You may have lost touch with business reality and could be contributing to the problem.

See also: Risk Management, in Plain English  

I have grouped my thinking into four problem areas:

1. Risk management has lost touch with the modern science.

These days, even the most advanced non-financial organizations use the same risk management tools (decision trees, Monte Carlo, VaR, stress testing, scenario analysis, etc.) created in the ’40s and the ’60s. The latest research in forecasting, modeling uncertainty, risk quantification and neural networks is mainly ignored by the majority of risk managers in the non-financial sector.

Ironically, many organizations do use tools such as Monte Carlo simulations (developed in 1946, by the way) for forecasting and research, but it’s not the risk manager who does that. The same can be said about the latest development in blockchain technology, arguably the best tool for transparent and accurate counterparty risk management. Yet blockchain is pretty much ignored by risk managers.

It has been years since I saw a scientist present at any risk management event, sharing new ways or tools to quantify risks associated with business objectives. That can also be said about the overall poor quality of postgraduate research published in the field of risk management.

2. Modern risk management is detached from day-to-day business operations and decision making. 

Unless we are talking about a not-for-profit or government entity, the objective is simple: Make money. While making money, every organization is faced with a lot of uncertainty. Luckily, business has a range of tools to help deal with uncertainty, tools like business planning, sales forecasting, budgeting, investment analysis, performance management and so on.

Yet, instead of integrating all the tools, risk managers often choose to go their separate ways, creating a parallel universe that is specifically dedicated to risks (which is very naive, I think). Examples include:

  • Creating a risk management framework document instead of updating existing policies and procedures to be aligned with the overall principles of risk management in ISO31000:2009;
  • Conducting risk workshops instead of discussing risks during strategy setting or business planning meetings;
  • Performing separate risk assessments instead of calculating risks within the existing budget or financial or project models;
  • Creating risk mitigation plans instead of integrating risk mitigation into existing business plans and KPIs;
  • Reporting risk levels instead of reporting KPI@Risk, CF@Risk, Budget@Risk, Schedule@Risk; and
  • Creating separate risk reports instead of integrating risk information into normal management reporting.

Risk management has become an objective in itself. Executives in the non-financial sector stopped viewing risk management as a tool to make money. Risk managers don’t talk, many don’t even understand business language or how decisions are being made in the organization. Risk analysis is often outdated, and by the time risk managers capture it, important business decisions are long done.

3. Risk managers continue to ignore human nature.

Despite the extensive research conducted by Noble Prize winners Daniel Kahneman and Amos Tversky (psychologists who established a cognitive basis for human errors that are the result of biases) and others, risk managers continue to use expert judgment, risk maps/matrices, probability x impact scales, surveys and workshops to capture and assess risks. These tools do not provide accurate results (to put it mildly). They never have, and they never will. Just stop using them. There are better tools for integrating risk analysis into decision making.

Building a culture of risk awareness is critical to any organization’s success, yet so few modern risk managers invest in it. Instead of doing risk workshops, risk managers should teach employees about risk perception, cognitive biases, fundamentals of ISO31000:2009 and how to integrate risk analysis into day-to-day activities and decision making.

4. Risk managers are too busy chasing the unicorn

Instead of sticking to the basics and getting them to work, many are busy chasing the latest buzzwords and innovations. Remember how “resilience” was a big thing a few years ago? Before that, there was “emerging risks,” “risk intelligence,” “agility,” “cyber risk” — the list goes on and on. It seems we are so busy finding a new enemy every year that we forget to get the basics right.

See also: Key Misunderstanding on Risk Management

Lately , consultants seem to have too much say in how modern risk management evolves. The latest installment was the new COSO:ERM draft, created by PwC and published by COSO this June.  The authors sure did “innovate” — among other “useful ideas,” they came up with a new way to capture risk profiles. That is nice, if risk profiling was the objective of risk management. Sadly, it is not. Risk profiling in any form does little to help executives and managers make risky decisions every day. For more feedback on COSO:ERM, click here.

To be completely fair, the global team currently working on the update for the ISO31000:2009 also has a few consultants who have a very limited understanding about risk management application in day-to-day decisions and in helping organizations make money.

I think it’s time to get back to basics and turn risk management back into the tool to help make decisions and make money.

I am interested to hear your thoughts. Please share and like the article and comment below.

What I Learned at Google (Part 2)

We didn’t intend to write a series on the symposium that Insurance Thought Leadership hosted at Google last week for C-suite executives of major companies and for regulators, but I want to build on the wonderful post yesterday by Iowa Insurance Commissioner Nick Gerhart, about the insights he picked up there. For me, the symposium underscored a crucial point about the pace of innovation — how it can be faster than we expect at times but can also be slower.

And it’s crucial to get the timing right.

The faster-than-expected part comes from a partner at one of the major Silicon Valley venture capital firms, which we visited as part of the symposium. All these firms track where entrepreneurs are seeing possibilities and where investments are happening, and the partner said that in all of 2014 the firm had been visited by exactly zero people hoping to innovate in insurance. Yet, just in the fourth quarter of 2015, the firm met with 60 companies looking to innovate in insurance.

Even as innovation has surged in fintech, in general, investment in insurtech start-ups has been minimal, about 1% of the total for fintech. But that may now be changing. Start-ups may accelerate the disruption in insurance.

You’ve been warned.

The slower-than-expected (at least for me) part comes from a consensus about driverless cars at the symposium. The group discussions at all five tables reached almost identical conclusions: that fully driverless cars will be feasible technologically in roughly four years but that it will be 10 before they are a major presence on the road.

In Silicon Valley-speak, saying something is 10 years out means it verges on science fiction. After all, 10 years at a pace set by Moore’s Law means that you have some 30 times as much computing power available to you at no increase in cost — if you need that much more power to make something happen, it’s hard to know for sure that it works 10 years ahead of time.

But the concerns of the insurance C-suiters and the regulators were more prosaic. They felt that anyone who might be left behind because of driverless technology would kick up a fuss and that state governments, likely led by the legislatures, could intervene on behalf of constituents to slow the transition.

Perhaps insurance agents would fear the shift of auto insurance from a personal responsibility to a corporate one, shouldered by the manufacturers of the driverless cars or by operators of fleets of the cars — if no person is involved in driving, how can an agent sell personal lines insurance?

Maybe car dealers, already fighting a rear guard action to prevent direct sales by manufacturers to consumers, would fear further loss of their intermediary role — why would a fleet operator need a dealer to purchase of tens of thousands of cars?

Basically, think of anyone who might lose business because of driverless cars and the promised reduction in accidents — parking garages, emergency rooms, whatever — and you can see an obstacle. Not everyone will be explicit about their complaints. It’s hard for an operator of prisons or funeral homes to demand more business. But our discussion groups were sure that opposition would surface in lots of ways and that politicians, always running for reelection, would lend support.

In fact, some technical concerns about driverless cars have surfaced in recent months. It turns out that Google cars have more accidents than human drivers do, albeit only minor accidents thus far and, most importantly, not because of any fault by Google — careless people seem to bump into Google cars a lot at stoplights. Google also acknowledges that the cars would have caused at least some accidents if not for intervention by the highly trained humans sitting in the driver’s seat. So, the technology still has a ways to go.

The pace of technical progress has still been faster than I expected when Chunka Mui and I published Driverless Cars: Trillions Are Up for Grabs nearly three years ago, and we staked out what was then a very aggressive position. The federal government recently stepped on the gas, if you will, by announcing a plan to spend $4 billion on driverless technology over the next decade and to reduce regulatory hurdles for adoption. The rationale — which we have long predicted the government would have to adopt — is that 25,000 lives could have been saved last year on U.S. highways if a mature form of the technology had been in use.

For me, then, the fundamental question from our symposium is: How do you position yourself for a technology that may be wildly important, yet whose timing is uncertain?

Two thoughts:

–A line that carries considerable currency in Silicon Valley is: “Never confuse a clear view with a short distance.” Even if you’re sure that something will happen as part of the transition to autonomous vehicles, keep in mind the issue of timing.

–Then think big, start small and learn fast — a dictum that just happens to come from another book Chunka and I wrote, The New Killer Apps: How Large Companies Can Out-Innovate Start-UpsThat means you get in the game now, with as big a vision as you can conjure up for yourself or your company. Then you start experimenting to see what works and what doesn’t — while spending extremely little money. You make sure you can kill the experiments as soon as you gather the needed information — no pilot projects allowed, at least not in the early days, and certainly no grand plans to go to market. And you keep iterating until both you and the market are ready. Then you start cashing checks.

Actually, one more thought: Consider coming to the Global Insurance Symposium that Nick and the fine folks in Des Moines (my dad’s hometown) are putting on in late April. Nick is as forward-thinking a regulator as I’ve met, and there will be lots of people there who can help you on your journey, whether that involves driverless cars or something else entirely. I’ll be there….

Is Verizon About to Outmaneuver Insurers?

Today, my (snail) mailbox contained a postcard from Verizon offering to turn my car into a connected car. To be more precise, the offer was to my 22-year-old daughter — neither my wife nor I got the same offer. In essence, Verizon provides a device that plugs into the OBD port, a second device that clips on the visor and a smartphone app to control the service. This is an excellent example of other industries seizing on opportunities that should be prime territory for insurers.

Verizon’s hum service (www.hum.com) includes capabilities in six areas: roadside assistance, diagnostic alerts, a vehicle locator, a certified mechanics hotline, maintenance reminders and hotel/car rental discounts. It’s being pitched as a great holiday gift — just plug it in, and you are ready to go!

This is by no means the only offer of this type. Other companies such as Automatic Labs (www.automatic.com) sell OBD devices that provide a variety of services. Automatic has a “Do not disturb” app (Androids only) that keeps the phone quiet while someone is driving, to minimize distractions and reduce the urge to text. The Automatic device/apps will also alert the driver when she is exceeding the speed limit, track when the ignition is on/off, send help if you crash and trigger actions like closing the garage door when you leave the house.

At SMA, we’ve been advocating more varied value propositions for telematics for some time. Some insurers outside the U.S. have ventured into value propositions that have included vehicle location, vehicle performance and some of the other services offered by Verizon. But, in the U.S. today, the primary value proposition for personal auto is the potential to reduce premiums; a few companies are providing other services, such as encouraging safe driving.

What is frustrating is that the insurance industry was the pioneer in telematics and experimenting with the use of OBD devices, car navigation systems and mobile apps based on real-time vehicle data. These efforts stretch back to the late 1990s, with pilots by UK-based Norwich Union, then Progressive and others. Unfortunately, most insurers have been thinking about the potential in the context of current insurance products — a coverage-based view.

The connected world is emerging rapidly, presenting many opportunities to provide services to homeowners, businesses, vehicle owners and other segments. Many of these services are aimed at improving safety and providing peace of mind to individuals and businesses.

Hmmm… sounds curiously like the core mission of the insurance industry.

Will You Own a Self-Driving Vehicle?

The introduction of self-driving vehicles (SDVs) poses many questions. Working for Zurich, I’m often asked about the insurance and liability implications: “What happens if my SDV is involved in an accident, and who pays?” Increasingly, I am facing a line of more technical and legal questioning. For example, “Who homologates the vehicle, approves its circulation, certifies that it complies to safety standards?” Or even, “Am I allowed to operate an SDV to run my morning errands?” I expect these questions to become more complex as we get closer to the reality of our purchasing our first SDVs.

As a strong supporter of public transport, I am keen to understand how the path to autonomy will influence urban buses, trams and the like. Will the trend for car clubs, and sharing in general, extend to SDVs, or will vehicles be mostly owned by individuals and fleet managers? And if SDVs do become a shared mode of transport, how will customers react to boarding a two-seater “autonomous pod,” left dirty by that nice gentleman who just stepped out?

No one has a crystal ball that can predict the potential legal, cultural and behavioral impact of SDVs, so it’s important that we experiment and learn — like the researchers at CityMobil2 are doing with a number of demonstrations across Europe. Zurich has just announced it will work with them and, we hope, other similar organizations.

Every big oak was once a small acorn.

Inside Perspective on Auto Fraud, Part 1

This is Part 1 in a two-part series on automobile insurance fraud.

Introduction

Traffic engineers would love to unblock the clogged arteries of Southern California’s freeway system, where rush hour is anything but “rush” — more like gridlock. But in a land where one’s car is one’s empire, one’s freedom and personal statement, carpooling is a tough sell. The high-occupancy vehicle (HOV) lanes have scant occupancy. In fact, cars carrying multiple passengers are such a rarity that they, alone, raise red flags for auto insurance claims adjusters.

Operating under the radar is a fast-growing segment of the “underground economy” — organized criminal enterprises that stage automobile collisions to defraud insurance companies of medical payments. In some cases, the entire incident is created on paper, with fictitious vehicles and false identities. In other cases, the perpetrators take real vehicles with legitimate insurance policies out to vacant lots or remote fields to crash them and then fill out a report. The most compelling cases are the ones where participants intentionally ram vehicles together on city streets — often a rear-end collision in a left-turn lane — then dial 911 and wait for police and emergency medical services (EMS) to arrive. This approach triggers a police report and EMS records, which lend an air of legitimacy to the event. It really happened.

Based on instructions from a stager, the driver and two or three passengers — who are known as “stuffed passengers” — report neck and back injuries. The passengers later visit a physician or chiropractor who is in collusion with the criminal ring. The patients sign in and leave without receiving any treatment. If the insurance company balks at paying the specious claim, the claimant enlists the help of an attorney who is also party to the scheme. The attorney is tenacious, willing to go to court, generally able to bluff until the insurance company backs down and settles.

In the process, everybody except the insurance company gets easy money. Property damage to the vehicle is paid to the owner of the vehicle, while multiple players split the proceeds of the settlement for medical payments. In a typical case where the insurance company settles for, say, $6,000, each vehicle occupant might get $1,000, the lawyers and doctors collect their fees and the enterprise leader retains 50% of the professional services fees plus the balance of the claimants’ settlement, if any. If the enterprise leader successfully stages dozens of such incidents a month, it’s a lucrative business.

This practice exploded in Southern California in the mid-1990s. If you are a special investigations unit investigator, you are dealing with this every day. The average caseload for an adjuster or claims representative might be 150 or 200 a day, depending on the size of the company. At least 25% of that is some flavor of fraud. It’s either a false claim or an embellishment to it. People are doing it. Even people who think of themselves as law-abiding are doing it, because they don’t think of insurance companies as victims. This type of activity is so prevalent that our undercover investigators would hear paramedics on the scene saying, “Okay, which one of you is going to the hospital this time?”

Automobile insurance fraud is such easy money that the business is even creating unlikely bedfellows. For example, in south central Los Angeles, the Bloods and Crips — gangs that have had an intense and bitter rivalry — are now cooperating with one another in organized insurance fraud, because it’s more profitable to join forces.

Six Steps to a Successful Insurance Scam

Constantin Borloff (not his real name), the former leader of a successful and sophisticated fraud enterprise that operated in San Diego, Los Angeles and San Francisco, shares his top tips for making fraud pay. Having paid his debt to society, the ringleader now tells insurance companies how he was able to steal so much money from them, who does it and why it’s so easy.

Go for the Med Pay Money
Borloff would insist that vehicle insurance policies have med pay coverage — coverage for reasonable expenses to treat accident-related bodily injury. Because this coverage follows the vehicle, passengers in a vehicle that has med pay coverage will likely be covered, as well. Borloff gave vehicle owners a list of insurance companies that would freely provide these policies.

In theory, claimants are supposed to repay med pay money if they receive a settlement, but that doesn’t happen, according to Borloff. “For all history, maybe two times the insurance company asked for money back. If you say you don’t have money and can’t pay it back, they say, ‘Okay, don’t pay back the money.'”

Find the Inattentive Insurance Companies
Borloff also selected insurance companies with a reputation for laxity, the ones whose claims representatives didn’t take a stand and ask the hard questions. “Big companies like State Farm or Farmers have millions of policies, good special investigation units and more experienced adjusters, so that’s where you would see more problems. It’s better to go to the smaller company or where it’s not their main business. These companies usually pay more, while the big companies usually pay a little less.”

Insiders in the business share this information, so they know which companies to avoid and which ones would pay off like loose slot machines in Henderson, NV.

What would make an insurance company an unattractive target? “I don’t know what will stop me,” Borloff. said “All insurance companies are bound by law to pay. So for us, the system is working perfectly. The insurance company can fight, and they have a lot of resources to fight, but eventually they have to pay something. Maybe more, maybe less, but eventually they have to pay something.”

Choose Participants Who Won’t Raise Suspicion
In a perfect world, your participants are white American citizens with clean driving records and their own driver’s licenses. Judges and juries look most kindly upon this type of claimant, according to Borloff.

It is equally important that their behavior fits accepted patterns. For instance, policies should be active for four to eight months before the staged collision. Claims should be modest, usually no more than $5,000 or $6,000. Activities were choreographed to avoid triggering red flags. “I know insurance companies have about 25 red flags,” Borloff says. “What the claims adjusters know, the criminal enterprise knows twice. I knew about all these red flags, and I tried to avoid them.”

Distributing the cases is one way to avoid detection, Borloff said. “If the enterprise will do, say, 20 collisions a month, the claims will go to five different insurance companies, each to a different attorney — 10, 15 or 20 different attorneys — and any given adjuster will have at most two cases to a specific attorney. Will the adjuster be suspicious about it? I don’t think so. It’s very difficult for the insurance company to catch these people in this situation.”

Borloff tells of a fringe case where a woman, working against the advice of her stager, staged four accidents in a single week. She submitted claims to four different insurance agencies. All four claims were paid, but this pattern of activity could have exposed everybody in the fraud enterprise to scrutiny and discovery.

Pay More Than Lip Service to the Medical Treatment
When private investigators were first sent to wait outside medical clinics to observe and videotape (the comings and goings of visitors), the first people they caught were the ones who walked in, signed in and left within a minute. People quickly learned to stay longer inside the clinic and have follow-up visits at intervals that would seem appropriate for their injuries and type of care.

Keep Your Stories Straight
Cappers and stagers write notes for people so they can remember their stories when talking to claims representatives and, later on, if they meet with an attorney and go into depositions. Somehow, somewhere, there is a record of all this. If the ring is dealing in volume, there must be good notes, or they won’t remember the details of a case, and that’s how they get tripped up. Some stagers get tripped up simply by having these notes in their possession — in their offices or briefcases, waiting to be found during a routine traffic stop or search.

Insulate the Players From Each Other
These groups tend to function as classic cell networks. In an effective cell network, the claimant may or may not be exposed to the other people involved, or may be only exposed to the doctor but not to the attorney. That’s how these people are protected from one another. Participants may not have a knowledge of what else the group is doing. When we arrested 72 people on a state level and brought them into interrogation rooms for 72 hours, it was pretty clear that they only knew their own activities or those of friends they had brought into the group. They had no knowledge of the bigger scheme. That’s how you protect your enterprise.

The parties in these fraud rings learn never to admit to anybody that the accident was staged. Everybody in the enterprise knows it, but if you tell even one person, there’s a point of vulnerability. It is especially important to insulate the medical and legal providers, because their professional licenses are critical to facilitate these claims. They take it all the way and never back down.

How often would a criminal enterprise walk away from a case because an insurance company’s special investigations unit got involved? “I would not walk away, but I would accept lower settlement, for sure,” Borloff said. “One time, one of my colleagues made a terrible mistake and sent 63 cases to Allstate — one attorney, same office. They came to me and said, ‘What should we do now, SIU is after us?’ I said, ‘Don’t give up, try to fight,’ but they decided to give up. It was the biggest red flag. They lost money. It upset people.” Giving up is tantamount to an admission of wrongdoing.

This series of articles is taken from the SAS white paper of the same name. © 2013, SAS Institute Inc. Used by permission.