Tag Archives: donna galer

4 Keys on Cyber-Risk Accumulation

As the sale of cyber policies grows and other types of policies are extended to include cyber coverage, the industry is taking on a massive amount of new risk. Although it is true that auto, workers compensation, environmental policies and so many others were all new offerings at one time, there are some things about cyber that make it more unusual, more uncertain and more potentially dangerous for the insurance industry than new offerings of the past.

Simultaneity

It is entirely possible for hackers to plan and launch simultaneous attacks on a large number of targets. Those targets may be corporations, infrastructure such as power plants, government bodies, hospitals, or any other type of entity.

If a successful, very harmful simultaneous attack, whether ransomware, malware, or any other type of IT weaponry, was to be made on a sizeable number of entities, the losses occurring at one point in time could create serious liquidity pressures and even jeopardize solvency for an insurer.

See also: Urgent Need on ‘Silent’ Cyber Risks  

Individual insurers are modeling their aggregate exposures, but are they doing it comprehensively enough? Analysis must take into account not only the limits and reinsurance on their cyber policies (including such add-ons as contingent business interruption or other enhancements) but also what level of coverage is afforded in existing casualty and property policies as well as any other policies that may be triggered (such as D&O, E&O, reputation, etc.). In addition, correlated risks that have nothing to do with claims liabilities per se should also be considered. For example, what will they do if their contracted vendor networks, which are supposed to help insureds after a breach, are not resourced sufficiently to handle simultaneous attacks.

Ubiquity

Given the global nature of the internet, attacks may be not only simultaneous but ubiquitous. The entities affected may be all over the world. An insurer that relies on geographic diversity to protect its capital can lose the benefit of diversification when it comes to cyber.

A global event or series of events could have significant capital implications for insurers that have considered their cyber portfolio in part rather than in whole.

Unpredictability

There is scant history upon which to base underwriting and pricing decisions when it comes to cyber. The earliest policies were geared toward system failures, not cyber attacks. More recent policies were focused on data breaches and stolen data and the actual cover involved handling some of the expertise needs and certain expenses post breach. Now, cyber policies are dealing with ransomware attacks and cover business interruption and other loss. This is heady stuff when there are no historical patterns to use in predicting frequency and severity as there is with property or workers compensation. Ransomware attacks continue to escalate at a rapid pace. Who knows how much faster or greater this trend line will grow.

Some cyber attacks have been targeted while others are random. In either case, they test the ability of insurers to make predictions. This, in turn, makes it difficult for actuaries to price the product appropriately. How much business should an insurer write of a particular kind until it can be sure the business is priced correctly for the exposure?

A random attack might seem to better fit the principle of insuring against fortuitous events, however, it does mean that an insurer that relies on customer segment diversity to protect its capital can lose the benefit of such diversification. This is similar to the situation mentioned above in connection with geography.

A targeted attack will likely strike an entity (or entities) with the most money, records or other treasure worth capturing or destroying. Hence, the losses generated will be greater.

Initial attacks were focused mostly on retailers with hospitality and with banking and healthcare following. The great fear is that power and infrastructure will be next. The impact from attacks on power and infrastructure could be catastrophic in the extreme.

The flexibility to strike randomly or with fixed intent leaves underwriters in a quandary about which classes of business are riskier than others. How, then, can they manage their customer mix as do with other lines of business?

See also: What if You Had a Cyber Risk Score?  

Sponsorship

Hackers can work alone or in groups. They can also be actors for foreign governments. When Marissa Mayer spoke about the Yahoo attack, she commented on the unevenness between a company’s attempts at IT security versus an attack potentially perpetrated by a nation state. This phenomenon is something insurers must consider when parsing the words in their contracts. To what extent should there be exclusions, as there are in terrorism policies or other policies that exclude acts of war? To what extent is a future federal backstop needed?

Conclusion

This is not to say that cyber insurance should not be offered. Society has a protection need, and insurers have been answering that need since the first handshake at Lloyds. In addition, this line of business has been streaming new revenues into an industry that, in recent years, has had excess capacity. Rather, it is to say that insurers must put robust and innovative solutions in place to manage aggregation risk.

Is There Risk in Embracing Insurtech?

As insurers rush headlong into the digital scramble, they should keep in mind the proverbial iceberg. Not all the risks involved are strictly tied to the innovation itself. Certain ones are below the water level.

Insurers actively participating in the digital revolution have done so in a variety of ways: 1) innovation labs, 2) insurtech accelerators with external partners, 3) investments in insurtech companies, 4) purchases of insurtech companies. These are reasonable approaches for staying current and competitive. However, there are some caveats that should be heeded.

Focus Risk

Insurance is not a simple business. Machines cannot be set to produce thousands of identical items, a sale is not final and competition is never at a low ebb. It is a complex business that relies on actuarial forecasting, capital models, complicated and multi-layered contracts, in many cases, and astute claims handling. Thus, companies must remain focused on the functions and metrics fundamental to the business, if they are to achieve good results.

Over the years, the insurance industry has adapted to paradigm shifts of all types, for example: 1) automation of internal operations, 2) agent/broker electronic interface, 3) paperless environments, 4) increased transparency with regulators and 5) product development responsive to new risks such as cyber or supply chain disruption. Now, creating new ways to interact with stakeholders digitally and developing products that are fit for purpose in a digital world should be within the capability bounds of these same insurers.

The caution is that insurers should not get so focused on their digital initiatives they lose proper sight of the basics of the business: underwriting, claims, actuarial, finance, customer service. Equally, insurers cannot lose sight of other disruptive forces in the environment such as climate change, terrorism and cyber threats.

See also: Insurtech: Unstoppable Momentum  

A piece appearing on AIR Wordwide’s website written by Bill Churney asks “Have You Lost Focus On Managing Catastrophe Risk?” He alludes to the fact that catastrophes have been light these past 10 years, which may cause inattention, and that many new insurance staffers were not working when Katrina, Andrew or Hugo hit, thus have no personal experience to tap for handling sizable events. A lack of focus on managing catastrophe risk could be critically detrimental for companies. And although there is nothing concrete to suggest that insurers have lost such focus, the question underscores the possibility of attention deficits. The need for continuous and careful attention to the rudimentary aspects of the business cannot be dismissed, even if they may not seem as exciting or timely as digital inventions.

Within memory, there have been companies that allowed themselves to lose necessary focus. Some got so focused on mergers and acquisitions that core functions were not managed properly while the emphasis was on cross sales and economies of scale. Some got so intent on improving customer relations that business imperatives were ignored in favor of appeasing the customer, and some got so diversified that senior management did not have the bandwidth to manage the whole enterprise.

How can the 2016 results at AIG be explained? Could the more recent focus on divestitures, staff changes and cuts, a drive to return dividends to shareholders and the CEO’s reported concentration on technology have caused it to lose its once unparalleled focus on profitable underwriting, rigorous claims handling and product innovation.

Investment Risk

With investments pouring into insurtech, it raises the question: What is left for anything else? Despite fintech investments starting to slow, KPMG reports, “There was a dramatic increase in interest in insurtech in Q3’16, and the trend is expected to continue. The U.S. was the top country in Q3’16 with 10 insurtech deals, valued at $104.7 million in total.”

These numbers do not capture the many millions of dollars that insurers are investing in insurtech activities internally, of-course. As mentioned above, they are spending money to create dedicated innovation labs and accelerator programs and to launch other types of speculative insurtech projects. Many older projects have become operational, including new business unit or company startups, the introduction of bots on company websites, telematics in vehicles, digitized claims handling…and the list goes on.

How does an insurer know when an investment in insurtech is enough or too much, thereby negating other necessary investments required by functions such as underwriting, claims or actuarial?

The caution is not about doing an ROI (return on investment) analysis for a specific project. It is about doing an ROI analysis for the portfolio of projects that are vying for funding vis-a-vis the need to keep the company solvent while maintaining progress with the digital strategy. The larger the insurer, the more used it is to managing multiple priorities and projects. For mid-size to small insurers, this skill may be less developed, and they may face even greater risk of getting out of balance.

Growth Risk

Insurance is one of the few industries for which growth can be just as risky as no growth. Industry pundits have long claimed that new business performs about three points worse than policies already on the books. The difference between a company at a combined ratio of 99 compared with 102 can be quite significant. The causes for this phenomenon have to do with such factors as: 1) the potential for adverse selection, 2) the reason customers choose to change carriers and 3) the costs associated with putting new business on the books. These are not the only ones. It is harder for actuaries to predict the loss patterns for groups of customers for whom there is no history in the company’s database.

See also: Infrastructure: Risks and Opportunities  

If the reason for investing in insurtech is to increase new business written, insurers should be cautious about how much and what kind of new business they will write because of their insurtech enhancements. To the extent that insurtech enables insurers to hold on to existing business, the outcome is less risky.

For example, it remains to be seen whether drivers who want to buy insurance by the mile are a better or worse risk pool than other drivers, whether those involved in the sharing economy, such as renting rooms in their homes, are more or less prone to loss than homeowners who do not rent rooms. Are small businesses that are willing to buy their coverage on-line likely to file a higher number of claims or a lower number compared with small businesses who use an agent? Do insurance buyers who are attracted to peer-to-peer providers have loss experiences at a different rate than those who are not attracted to such a model?

Conclusion

The march toward more digitization in the insurance industry will and must go forward. At the same time, insurers should be wise enough to realize and address underlying risks inherent in this type of aggressive campaign to modernize.

Next Generation of Insurance Services

Insurers have not been noted for offering innovative services or for the quality of the product and service they do offer. Contrary to this general perception, insurers have, indeed, consistently innovated new service offerings, especially in the personal insurance space. This would include everything from on-line quoting to competitive rate comparisons, from 24-hour call centers to on-line bots, from electronic safety alerts and tips to electronic policies and from roving adjusters in technically equipped cars to digital appraisals.

Most of these service innovations have been a win-win for insurer as well as customer because they increase efficiency and timeliness for both. In terms of the quality of insurers’ service and product, a lack of: 1) clear wording and contract certainty, 2) transparency, 3) timeliness, 4) accuracy and 5) flexibility continue to trouble insurance buyers in both personal and commercial insurance spaces. However, technology, regulation and customer demand have all conspired to move the needle toward improved service delivery throughout the industry.

As the new millennium progresses, insurers will need to innovate in the service space in a more customer centric way. In other words, they will need to truly understand what the customer wants or values and will need to offer some of these things even when the benefit is more heavily weighted in favor of the customer. Of-course, insurers will achieve the vital benefit of growing or maintaining market share by doing so.

It is not a simple task to understand what the customer truly wants. That is because the means of collecting this information is not without pitfalls. Focus groups generally amount to too small a sampling to be meaningful. Futhermore, overall input is often skewed by what moderators or overly assertive participants say or do. Questionnaires typically have too few respondents to be statistically significant and tend lack original customer input, but rather, a ranking of what has been supplied in the question. Customer councils and advisory boards can provide some insights but members can be reticent to express all their true complaints or wishes due to the fear that they will become personae non gratae or any number of other reasons.

See also: How to Exceed Customer Expectations  

Among additional types of devices for identifying what customers are experiencing or looking for are: 1) customer satisfaction surveys done right after a service has been provided, 2) innovation lab experiments with actual customers, 3) extrapolations from best-in-class competitors or similar types of providers.

As stated in a McKinsey article, “The main reason so many companies fail to improve customer journeys is that understanding what customers value is not an easy task. Identifying what drives customer satisfaction and translating it into operational performance improvements requires deep customer insights, solid analytics and modeling the most important customer journeys, with cross-functional ownership and multichannel, end-to-end management.”

The same article provides some bottom-line numbers showing exactly how important customer service acumen is to insurers, “For example, in the past five years, U.S. auto insurance carriers that have provided customers with consistently best-in-class experiences have generated two to four times more growth in new business and about 30% higher profitability than firms with an inconsistent customer focus, in part because satisfied customers are 80% more likely to renew their policies than unsatisfied customers….”

The McKinsey data is similar to that compiled by J D Power in its review of property claims satisfaction in 2015-16, “The study finds that 81% of highly satisfied claimants (overall satisfaction scores of 900 or higher) say they “definitely will” renew their policy and 81% say they “definitely will” recommend their current insurer, while only 14% of displeased claimants (scores of 549 or less) say they “definitely will” renew and 7% say they “definitely will” recommend. Strikingly, 13% of displeased claimants indicate they have switched insurers due to their claims experience and 40% indicate an intention to shop within the next 12 months.”

This data strongly suggests that insurers have a great deal to gain by finding the best combination of techniques to get adequate customer feedback and input, whether the input is about current satisfaction levels or future service innovations, and acting effectively using the knowledge.

Importantly, input needs to be from the right set of customers, i.e. from the unique customer segment (s) being targeted. Some customer service enhancements may have universal appeal but others may only appeal to subsets of customers. This holds true for personal as well as commercial consumers.

When planning service innovations, it may be helpful to think of these within three broad benefit categories that the service should satisfy: 1) price to value, 2) ease of doing business, 3) psychological positivity.

  • Price to value – the service is worth something
  • Ease of doing business – there is no frustration going through the process
  • Psychological – it feels gratifying to do business with the company

Looking at some examples should help to explain these categories further. Progressive’s, and now many other insurers’, use of telematics, which helps customers reduce premium cost or, at least monitor it, is a “price to value” service innovation. FM Global’s scientific and engineering services form a “price to value” proposition that is differentiating, their newly announced global flood risk mapping is a case in point. Metromile’s pay per mile model is more of a “price to value” related innovation whereas its announcement about handling some claims in one hour, is more of an “ease of doing business” innovation that is transformational. Slice’s on-demand commercial policy for those who do home-sharing is also an “ease of doing business” play which is also a “price to value” play (on-demand cost vs an annual premium). Lemonade’s policy to give profits to charities selected by customers is a “psychological” type of innovation. What customer wouldn’t feel good about profits emanating from his or her purchase going to a worthwhile cause. In Germany, Friend, a peer to peer insurer, is using its name and business model to make customers feel good about doing business with the organization.

See also: Next Generation of Underwriting Is Here  

These are today’s examples. The future requires new ones that will answer evolving customer needs and wants. Insurers should be thinking about emerging trends and the opportunities they present. Among the questions to be asked are the following: what follows the sharing economy, how will driverless cars change the insurance landscape, what needs will climate change generate, how will unmanned aviation progress, how will robotics revolutionize manufacturing and construction, what new technologies are in development, will threats, such as terrorism, increase or decrease.

Insurance is a complex business. There are many counterparties involved and many stakeholders including: insurers, customers, agents, brokers, reinsurers, lawyers, courts, vendors, medical care givers, shareholders, investors, regulators, etc. The fact that service delivery and innovation have been on the upswing in the past decades is a testament to the insurance professionals who serve the customer in a variety of capacities. Yet, there has been and will continue to be room for improvement and creativity.

New Risks Coming From Innovation

The triggers that have induced the insurance industry to innovate have dramatically changed in this millennium. Up until the 21st century, little innovation occurred, because insurers were looking to create products for emerging risks or underinsured risks. Innovation occurred most often as a reaction to claims made by policyholders and their lawyers for losses that underwriters never intended to cover. For example, the early cyber policies, which insured against system failure/downtime or loss of data within automated systems, were created when claims were being made against business owners policies (BOPs) and property policies that had never contemplated these perils. Similarly, some exclusions and endorsements were appended to existing policies to delete or add coverage as a result of claims experience. Occasionally, customer demand led to something new. Rarely was innovation sought as a competency.

Fast forward to today, when insurers are aggressively trying to develop innovative products to increase revenue and market share and to stay relevant to customers of all types. Some examples include: supply chain, expanded cyber, transaction and even reputation coverages.

With sluggish economies, new entrants creating heightened competition, emerging socio-economic trends and technological advances, insurers must innovate more rapidly and profoundly than ever. The good news is that there is movement toward that end. Here is a sampling of the likely spheres in which creativity will show itself.

Space

Insurers have already started to respond to the drone phenomenon with endorsements and policies to cover the property and liability issues that arise with their use. But this is only the tip of iceberg in comparison with the response that will be needed as space travel becomes more commonplace. Elon Musk, entrepreneur and founder of SpaceX, has announced his idea for colonization of Mars via his interplanetary transport system (ITS). “If all goes according to plan, the reusable ITS will help humanity establish a permanent, self-sustaining colony on the Red Planet within the next 50 to 100 years” according to an article this September by Mike Wall at Space.com.

See also: Innovation — or Just Innovative Thinking?  

Consider the new types of coverages that may be needed to make interplanetary space travel viable. All sorts of novel property perils and liability issues will need to be addressed.

Weather

Weather-related covers already exist, but with the likelihood of more extreme climate change there will be demand for many more weather-related products. Customers may need to protect against unprecedented levels of heat, drought, rain/flood and cold that affect the basic course of doing business.

The insurance industry has just taken new steps in involving itself in the flood arena, where until now it has only done so in terms of commercial accounts. Several reinsurers — Swiss Re, Transatlantic Re and Munich Re — have provided reinsurance for the National Flood Insurance Program (NFIP), for example. Insurance trade associations are studying and discussing why primary insurers should do more in terms flood insurance as a result of seeing that such small percentages of homeowners have taken advantage of NFIP’s insurance protection.

Sharing Economy

As a single definition for the sharing economy begins to take shape, suffice it to say that it exists when individual people offer each other products and services without the use of a middleman, save the internet. Whether the product being offered is a used handbag, a piece of art or a room in a private house or whether the service is website design, resume writing or a ride to and from someplace, there are a host of risk issues for both the buyer and seller that are not typically contemplated by the individual and not covered in most personal insurance policies. This is fertile ground for inventive insurers. How can they invent a coverage that is part personal and part commercial? Smart ones will figure out how to package certain protections based on the likely losses that individuals in the sharing economy are facing.

Driverless Cars

So much has already been written about the future of driverless cars, but so many of the answers are still outstanding. How will insurance function during the transition; who will be liable when a driverless car has an accident; who will the customer be; what should the industry be doing to set standards and regulations about these cars and driving of them; how will subrogation be handled; how expensive will repairs be; how will rates be set? A full list of unanswered questions would be pages long. The point for this article is – how innovative will insurers be in finding answers that not only respond to these basic questions but also provide value-added service that customers will be willing to pay for?

See also: Insurance Innovation: No Longer Oxymoron  

The value added is where real innovation comes into play. Something along the lines of Metromile’s offerings for today’s cars is needed, such as helping drivers to find parking or locate their parked cars. Such added value is what might stem the tide of the dramatic premium outflows that are being predicted for insurers once driverless cars are fully phased in.

Corporate Culture and Reputation

Recent events indicate that corporations need some risk transfer when it comes to the effects of major corporate scandals that become public knowledge. The impact from the size and scope of situations such as the Wells Fargo, Chrysler, Volkswagen and other such scandals is huge. Some of the cost involves internal process changes, public relations activities, lost management time, loss of revenue, fines and settlements. Reputation insurance is in its infancy and warrants further development. And though insurance typically does not cover loss from deliberate acts, especially those that are illegal, there is enough gray area in many scandals that some type of insurance product may be practical despite the moral hazard and without condoning illegal behavior.

And the Risk

All innovation poses risk. Risk is uncertainty, and innovation leads to uncertain outcomes. Just as insurers must create solutions, they must be willing to acknowledge risk, assess risk, mitigate risk and prepare for some level of risk to materialize. So, as insurers are now actively trying to innovate, they must make sure that their enterprise risk management practices are up to addressing the risks they are taking.

For each new product, some of these risk areas must be explored:

  • Is there a risk that projections for profitability will be wrong?
  • If wrong, by how much, and how will this shortfall affect strategic goals?
  • What is the risk appetite for this product initiative?
  • What is the risk the new product will not attract customers, making all development costs wasted expense?
  • What is the risk that price per exposure will be incorrectly estimated, hurting profitability?
  • What is the risk for catastrophic or shock losses relative to the product?
  • How will aggregation risk be handled?
  • What is the risk that litigation concerning the policy coverages will result in unintended exposures being covered?

Conclusion

Regardless of whether or not they have been dragged into innovation by disruptive forces, insurers are finally ready to do more than tweak products around the edges. The risk of not innovating appears to be greater than the risk associated with innovating.

An Underestimated Source of Risk

When directors or CEOs or senior managers think about risk, they generally envision risks associated with the company’s finances, manufacturing, data, supply chain and customers. Human resource risk is often underappreciated, and that can be a serious misjudgment. Recent events, lawsuits and settlements prove this point.

It is true that the risk associated with talent and a lack thereof has risen in the risk hierarchy of most organizations. However, the many other serious risks associated with managing existing talent are often relegated to the bottom of the risk register.

The reasons for this underestimation are varied. Many executives tend to think that: 1) human resource matters are supplemental to the business rather than integral, 2) being an “employer at will” protects the company and enables it to make human resource decisions however it sees fit, 3) a single employee, applicant or retiree is no risk to the organization as a whole (even though a single employee can potentially cause a “class” to be formed under the law). The danger inherent in underestimating HR risk is that it does not get adequately addressed with mitigation plans.

Not all organizations will have the same exposure to risks. Even if they did have the same exposure, some will have more safeguards already in place and warrant a lower risk ranking than some other organization. The discussion that follows is not meant to imply that all HR risks must be prioritized at the top right hand corner of a heat map. It is meant to highlight the potential impact that some HR risks can have on an organization.

Rogue Employee Risk

The rogue employee is one of the most amazing phenomena among human resource risk categories. In financial services, rogue employees have wreaked havoc on otherwise solid and long-standing businesses. Two noteworthy examples are Barings Bank, London’s oldest merchant banks, and UBS, one of Switzerland’s financial giants. Roughly 20 years ago, Nick Leeson, a Barings Bank derivatives trader, gambled away the equivalent of $1. 4 billion of bank money from a secret “error” account. The bank went bust and was bought by ING for a nominal sum. In 2011, UBS announced it had lost $2 billion due to unauthorized trades by a director at its global synthetic equities desk.

And financial institutions are not the only organizations exposed to rogue employee actions that create huge risks and large losses. For instance, GNP, parent of Just BARE and Gold’n Plump, just recalled 55,608 pounds of chicken because of what it called a “product tampering incident” at one of its processing plants.

Here are some of the ways in which such an employee can create risk in just about any industry sector and for which organizations need to develop safeguards as part of their mitigation plans:

  • Abetting a data breach affecting customer/employee personal data
  • Sabotaging mechanical or technological equipment
  • Sabotaging products intended for sale
  • Stealing company property, including intellectual property
  • Mishandling customers/patients on purpose

See also: Risk Management, in Plain English

A fundamental safeguard is thorough vetting during the employment process. Others include: 1) active supervision, 2) automatic, system alerts when authorities are exceeded or other rogue actions are attempted, 3) robust internal audits.

Regulatory Violations Risk

Organizations must deal with employee-related regulation at the local, state and federal level. The number of major federal regulations has grown significantly in the past few decades and now includes such well-known acts as: the Fair Labor Standards Act, Title VII, Age Discrimination Act, the Americans with Disabilities Act, Employee Retirement Income Security Act, Family and Medical Leave Act and WARN Act. Each of these has numerous elements that must be understood and complied with, including gray areas that need to be thought through before any action regarding an employee can be decided on.

The Fair Labor Standards Act has been the high-risk area of late. There have been numerous types of suits under this act related to: 1) misclassification of employees into exempt and non-exempt categories, which has implications for overtime pay, 2) incorrect calculation of overtime pay for those due it, 3) mismanagement of paid break time.

A $188 million judgment against Walmart, which is being appealed, had to do with paid versus unpaid break time. Interestingly, this case revolves around the company not living up to the policies in its own handbooks, not around a failure to fulfill specific requirements spelled out in the law. This case is, therefore, illustrative of two important points. First, settlements can be financially significant even for the largest of companies. Second, when dealing with human resource matters, formal programs or policies, which constitute a contractual obligation, have to be considered.

See also: Building a Strong Insurance Risk Culture

Wage and hour suits are likely to keep increasing in 2016 due to the success of recent plaintiffs, new regulations regarding overtime pay and an overall concern among employees that wages are not sufficient or not fair. In an article titled “Why Wage and Hour Litigation Is Skyrocketing,” Lydia DePillis writes, “The number of wage and hour cases filed in federal court rose to 8,871 for the year [ended] Sept. 30, up from 1,935 in 2000.”

Title VII and age discrimination cases have been associated with large dollar losses over the years. Given the many federal, state and local statutes, coupled with a more informed and litigious employee population, organizations can inadvertently step into non-compliance pitfalls rather easily.

Organizations should always follow the laws that apply to them. Risk enters into the equation because there is always the potential that someone in management is unaware or careless or, worse yet, disrespectful of the laws. Thus, the organization is continuously exposed to the risk of violations. Every effort should be made to be compliant, including: 1) having a clear set of core values that guide lawful behavior, 2) educating management and all employees about the laws and how to comply with them, 3) investing in strong compliance processes and 4) making sure violators are dealt with quickly and appropriately.

HR Program Risk

Human resources professionals create and administer many expensive programs such as retirement, benefits, compensation and incentive programs. A large error in terms of budgeting or managing such programs could lead to a sizable financial risk for the organization.

Imagine an actuarial error that creates severe pension underfunding or a poorly managed self-insured medical benefit plan that costs double what benchmarks would suggest. Or, consider a new incentive program that produces the antithesis of the behavior it was intended to promote. The risk can be major, not unlike the size and seriousness of a natural catastrophe or product recall or supply chain debacle.

CEOs need to ensure that HR programs and policies are being handled by expert professionals, whether staff or consultants. At the same time, senior management needs to invest the attention and support necessary to ensure these are well-designed and implemented according to specification.

The comments in this article are neither meant to be all-inclusive nor to be construed as advice.