Tag Archives: financial institution

Obamacare: Where Do We Stand Today?

The healthcare industry is changing – same old headline. Since we’ve been in the industry, the “unsustainable” cost increases have been the talk every year, yet somehow we have not reached a tipping point. So what’s different now? How has ACA affected the healthcare industry, and more specifically the insurance companies?

The drafters of ACA set up a perfect adverse-selection scenario: Come one, come all, with no questions asked. First objective met: 20 million individuals now have coverage.

Next objective: Provide accurate pricing for these newly insured.

Insurance companies have teams of individuals who assess risk, so they can establish an appropriate price for the insurance protection. We experience this underwriting process with every type of insurance – home, life, auto. In fact, we see this process with every financial institution, like banks, mortgage companies and credit card companies. If a financial institution is to serve (and an insurance company is a financial entity), it has to manage risks, e.g., lend money to people who can repay the loan. Without the ability to assess the risk of the 20 million individuals, should we be surprised that one national insurance carrier lost $475 million in 2015, while another lost $657 million on ACA-compliant plans?

If you’re running a business and a specific line has losses, your choices are pretty clear – either clean it up or get out.

See Also: Healthcare Quality and How to Define It

Risk selection is complex. When you add this complexity to the dynamics of network contracting tied to membership scale, there is a reason why numerous companies have decided to get out of health insurance. In 1975, there were more than 2,000 companies selling true health insurance plans, and now there are far fewer selling true health insurance to the commercial population. Among the ones that got out were some big names – MetLife, Prudential, Travelers, NYLife, Equitable, Mutual of Omaha, etc. And now we’re about to be down to a few national carriers, which is consistent with other industries – airline, telecommunications, banking, etc.

Let’s play this one out for the 20 million newly covered individuals. The insurance companies have significant losses on ACA-compliant plans. Their next step – assess the enrolled risk and determine if they can cover the expected costs. For those carriers that decide to continue offering ACA-compliant plans, they will adjust the premiums accordingly. While the first-year enrollees are lulled into the relief of coverage, they then get hit with either a large increase or a notice to find another carrier. In some markets, the newly insured may be down to only one carrier option. The reason most individuals do not opt for medical coverage is that they can’t afford it. If premiums increase 15% or more, how many of the 20 million have to drop coverage because premiums are too expensive? Do we start the uninsured cycle all over again?

Net net, ACA has enabled more people to have health insurance, but at prices that are even less sustainable than before. ACA offers a web of subsidies to low-income people, which simply means each of us, including businesses, will be paying for part or all of their premium through taxes. As companies compete globally, this additional tax burden will affect the cost of services being sold. As our individual taxes increases, we reduce our spending. While ACA has the right intention of expanded coverage, the unintended consequences of the additional cost burden on businesses and individuals will have an impact on job growth.

While it’s hard for anyone to dispute the benefits of insurance for everyone, we first need to address the drivers behind the high cost of healthcare, so we can get the health insurance prices more affordable. Unfortunately, ACA steered us further in the wrong direction. Self-insured employers are the key to lead the way in true reform of the cost and quality of healthcare.

LiveMed Brings Digital Human Touch

Many tasks and actions have been replaced by digital solutions. This is nothing new. However, sometimes nothing beats a face-to-face with a customer. Now, using a VideoTech platform, Silicon Valley start-up LiveMed replicates the physical face-to-face with a digital one.

I’ll start with an event that happened to me last year. I’ll skip the details, other than to say I was required to confirm my identity and sign a document by a department in a financial institution.

With my passport and utility bill in hand, I went in search of a branch (which isn’t as easy as it used to be, even in Central London). It didn’t help that the fax machine at the first branch I found was out of order, so I had to find another one, which I did! After much back-and-forth on the phone between the department, the branch and me, we completed the process, and I was on my way.

What struck me at the time was how out-of-date this financial institution was. Not just technically or digitally but also in terms of customer experience. And it was completely unnecessary.

Digital FinTechs and InsurTechs have been onboarding new clients in less than 10 minutes, without any physical interaction. Identities can be proven and verified in a matter of minutes with background checks, a photo of your passport and a selfie.

The use of eSignatures is widespread. In the U.S., the Electronic Signatures in Global and National Commerce Act is a federal law put in place to facilitate the use of electronic signatures in commerce (long-form definition on Wikipedia, here). In the European Union, the equivalent regulation is the Electronic Signature Directive (see Wikipedia reference here) that defines the use of eSignatures in electronic contracts within the E.U.

Both these legislative frameworks require the same thing, which is that electronic signatures are regarded as equivalent to written signatures.

Given all this, was it really necessary for me to spend several hours inconvenienced and, frankly, wasting time?

Last month, I wrote about the use of VideoTech in the claims handling process In that piece, I talked to InsurTech startup Vis.io about its use of video technology to both reduce cost for insurers and improve the customer experience for claimants.

This week, I move to the front end of the insurance process—client onboarding and policy administration—and talk to LiveMed. To tell me how their solution brings together the use of video, customer identification and eSignatures, I Skyped with Silicon Valley-based co-founder and CEO Yair Ravid.

Ravid explained to me, “LiveMed is a platform that allows financial institutions to confirm customer identity remotely, collect signatures remotely and provide a video record of the customer engagement.”

The way it works is simple.

When a face-to-face discussion is required, the insurer emails a link to the customer. This can be for events such as confirming a customer’s understanding of the insurance policy conditions or witnessing the signing of all parts of the policy agreement.

The customer activates the link and is connected via a live video to an insurance agent. The agent uses the LiveMed platform to conduct a secure, face-to-face discussion with the client. The platform allows documents to be shared between the two parties, which they can both review and amend in real time, before both parties sign electronically and the document is locked down.

The whole session is recorded and kept for several years in case a customer disputes the policy conditions or that he even signed the policy in the first place. (If you are interested in an example of a policyholder disputing an electronic signature, read this article in the Insurance Journal about Bonck v White.)

Knowing whom you’re talking to

While digital facial recognition technology (and other biometric measures) are advanced and sophisticated, humans remain better at visual identification. In some jurisdictions, that remains the only option because biometrics are not yet permitted for identity verification.

“Humans understand the face holistically,” according to the study “The Limits of Facial Recognition” by Tim De Chant. And visual identification still carries great weight in the process of verifying a customer’s identity and in fraud detection. Humans are better at assessing if we are who we say we are or if our claim is suspect.

There will always be occasions when a face-to-face meeting is required to complete a transaction. LiveMed enables this human interaction without requiring the customer to go to a branch or an insurance agent to visit the customer’s home.

More than a VideoTech platform

Behind the video interaction, LiveMed’s algorithms verify the authenticity of documents supplied by the customer. Ravid told me, “When a customer brings in a fake document, we have a high success rate at identifying if it is a fake. We’ve developed a solution that takes real IDs, studies different parameters against them and then compares these with the documents being presented. The institution still relies on human judgment, but LiveMed gives the agent a reliable tool to help with the decision.”

The LiveMed platform uses webRTC, an open-source platform that provides browsers and mobile applications with real-time communications (RTC) capabilities via simple APIs. It also runs as a cloud or an on-premise solution to cater to an institution’s specific requirements and policies on security, data and technology.

It is a device-independent platform that delivers both mobile and web. Ravid explained, “We’ve worked hard to make this very easy to use for the customer. Simply click on the link, go online with the agent, finalize or review the document, open the signature box and then sign with their finger. Simple!

“We take any format document or webpage, whatever, and turn them into a series of pictures. This allows changes, sketches and amendments on the screen by both parties, [in] real time. Then these pictures, or pages, are locked and put together and sent to both parties as a record. We are patenting the technology because we believe it to be unique.”

The old-fashioned ways are no longer viable

Asking a customer to come into a branch carrying paper documents just isn’t going to cut it any more. Nor is the cost of sending a representative to meet the customer. In this digital, mobile age, time is precious, and money is tight.

We are also in the consumer protection age of regulation. Financial institutions need to be able to prove beyond doubt that their conduct is acceptable and that customers fully understand the financial decisions they are making.

This requires evidence both parties can rely on should there be a dispute. (See my previous research notes on RecordSure and its use of AI for compliance monitoring.)

With LiveMed, the finance institution “sees” the person in real time without the inconvenience or cost of a physical, in-person meeting. And because the transaction is completed there and then, the insurer doesn’t have to wait for documents to be sent and processed. And both parties can be certain there are no mistakes (that it’s right the first time) because everything is checked and verified on the video call.

What next for LiveMed?

Ravid is one of three co-founders who bootstrapped LiveMed and took the start-up through the UpWest Labs accelerator in Palo Alto. LiveMed has now raised its first $400,000 from seed funding on its way to raising $1.5 million in a Series A. The minimally viable product (MVP) is built and in pilot with several financial institutions, and the new funding will enable the LiveMed to launch the platform into the U.S. financial services market.

This article was first published at www.dailyfintech.com 

Communicate, Communicate

In an increasingly digital world, the modern day update to the old real estate refrain of “location, location, location” may be “communication, communication, communication.”

It may also be true that companies are only as good in the customers’ mind as the quality of their last transaction. That is particularly true when there are infrequent transaction, thus limited opportunities to make up for mistakes. In financial services, banks may have daily transactions with their customers, but insurance companies have far fewer transactions, many of which are associated with unfortunate events. Finding a way to make the most of these interactions can be important in retaining customers for the long term, in a world of low switching costs and lots of transparency.

I was reminded of this when I got an email alert from my personal lines property and casualty carrier. Like much of the East Coast, we found ourselves dealing with a winter wonderland over the weekend, which included icy roads, snowy hillsides and falling trees. Many people lost power.

In any event, the email alert reminded me that our carrier was aware of the potential implications coming from the storm and was ready to help. The message included various forms of contact info and was an opportunity to remind me of the benefits I can gain from the relationship. As my thumb moved to delete the message, I was reminded of the value of the coverage, and I realized this was one of the few messages I’ve gotten that didn’t convey a billing increase or some other “bad” information.

I had been thinking that the renewal would be coming in four months and that I probably needed to begin shopping for coverage to see what the market looks like, in anticipation of another premium increase. Getting the email reminded me that insurance is not just about rate but also about what happens when the world goes sideways.

This realization leads back to a challenge – which is to say an opportunity – for carriers to start thinking differently about the form and frequency of interaction with customers. Different demographic cohorts may have preferences for different communication channels, but one likely universal truth is that individuals want to know that they have the opportunity to do the same thing that other “smart people” like them are doing.

Amazon, of course, does a remarkable job with this. The retail brokerage investment company I deal with is nearly as good, and, as a consequence, there is little chance I will ever look to move assets. Conversely, the life insurance company I have had a relationship with for three decades only has a dialogue with me when sending documents required by regulation. In fact, when I have chosen to initiate dialogue with the carrier, it has proven to be both painful and incredibly time-intensive to get things done.

The recent example with my homeowners insurance was a pleasant surprise. It might even cause me to slow the shopping process or be more accommodating of the rate increase, which is no doubt coming.

All of this has potentially significant implications for the marketing and technology organizations for insurance carriers. Increasingly, the competition is not against other, similar companies. The issue really becomes how well carriers operate against a customer service standard that is being framed by retailers and financial institutions that are more transactionally intensive. As the lines between traditional industries and products families become blurred through the use of better technology, carriers will need to up their games considerably to maintain relevance.  Checking in on customers after an unfortunate event is a step in the right direction.

The State of Cyber Insurance

Cyber attacks are escalating in their frequency and intensity and pose a growing threat to the business community as well as the national security of countries. High-profile cyber incidents in 2014 reflected the expanding spectrum of cyber threats, from point-of-sale (POS) breaches against customer accounts to targeted denial-of-service (DoS) attacks meant to disable a company’s network. Businesses in ever-greater numbers sought financial protection through insurance, buying coverage for losses from data breaches and business outages.

Boost in Cyber Insurance Demand Drives Insurers’ Response

Healthcare facilities, universities and schools continue to be on cybercriminals’ radar, but attacks in the hospitality and gaming, power and utilities and other sectors reveal that no organization is immune to a cyber attack or failure of technology.

Healthcare and education clients had the highest cyber insurance take-up rates in 2014, followed by hospitality and gaming and services. Universities and schools present attractive targets because they house a vast array of personal information of students, parents, employees, alumni and others: Social Security numbers, healthcare information, financial data and research papers can all be compromised.

The broader scope of hacktivists contributed to the increase in cyber insurance purchases in 2014. Sectors that again showed notable year-over-year increases in the number of clients purchasing cyber coverage included hospitality and gaming and education. Other areas that stood out in 2014 included the power and utilities sector, with more clients buying standalone cyber coverage. Power and utilities companies frequently cite the risks and vulnerabilities associated with the use of supervisory control and data acquisition networks — which control remote equipment — and the cost of regulatory investigations as driving factors behind their cyber coverage purchases.

The reasons for purchasing cyber coverage vary from board mandates seeking to protect corporate reputations to companies looking to mitigate potential revenue loss from cyber-induced interruptions of operations. Insurers responded to this demand by offering broader cyber insurance coverage in 2014, including coverage for contingent business interruption and cyber-induced bodily injury and property damages. They also expanded availability of loss-control services, including risk-assessment tools, breach counseling and event response assistance.

Cyber Limits Rise

Companies with revenues of more than $1 billion have increased their cyber insurance limits worldwide by 42% on average since 2012, according to Marsh Global Analytics estimates. Over the same time period, healthcare companies have bought 178% more cyber insurance, and power and utilities firms have expanded their coverage by 98%.

Rising spending on cyber insurance

Source: Marsh Global Analytics. Percentage increase in spending by companies with more than $1 billion in revenues on cyber-risk insurance from 2012 through 2014.

Cyber Rates and Coverage

Increases in the frequency and severity of losses and near-constant headlines about attacks and outages kept cyber insurance premiums generally volatile in 2014. Average rate increases at renewal for both primary layers and total programs were lower in the fourth quarter than in the first. The increased loss activity prompted pricing challenges for some insureds, particularly retailers, where renewal rates rose 5% on average and as much as 10% for some clients.

Market capacity also varied according to industry. Most industries were able to secure cyber coverage with aggregate limits in excess of $200 million, while the most targeted industries, like retailers and financial institutions, faced a challenging market.

Insureds also face heightened due diligence from underwriters seeking to drill down beyond simple reviews of the company’s general information security policies. For example, insureds in the retail sector are being asked about their deployment of encryption and EMV (credit card) technology. And all insureds are now routinely asked whether they have formal incident response plans in place that outline procedures for protecting data and vendor networks and, more importantly, if such plans have been tested.

A Growing Concern

In 2015, managing cyber risk is clearly a top priority for organizations. For example, business interruption (BI) drew a lot of attention in 2014, a trend likely to continue throughout 2015. While BI has historically been thought of as the effect of a critical system going down for an extended period, technology failures and cyber attacks can create far-reaching outages affecting secondary systems, clients and even vendors. Such events can also lead to higher recovery costs, which are becoming a concern for boards of directors and senior management.

There is also concern stemming from the expansion of regulation and litigation. Regulators were active in policing cyber risks in 2014, and oversight is likely to expand significantly in coming years. With cyber risk seen as a critical issue on both sides of the aisle in Washington, D.C., companies will face regulatory challenges in 2015 and beyond.

Sectors that have already seen significant regulatory activity — for example, healthcare, financial services and education — will likely face more stringent regulations and larger fines. All industries should pay attention to existing and impending regulations, tighten controls and prepare to present and defend their compliance regime. Civil litigation in the wake of a breach or disclosure of a cyber event also escalated in 2014, with class actions at times following the disclosure of a breach by mere hours.

As demand for cyber insurance grows, remember that risk transfer is only part of the solution. Enhanced information sharing between industry and government is another step toward having a comprehensive risk-mitigation strategy. Insurers and brokers are expanding the availability of loss-prevention and risk-mitigation services such as risk-assessment tools, breach preparation counseling and breach response assistance. The expanded roster of services and enhanced coverage can provide additional value from policies, usually without a specific added premium.

Third Parties Pose Problems With Cyber

In today’s cyber world, business is done digitally. Trusted cyber relationships between partners must be formed to effectively conduct business and stay at the forefront of innovation and customer service. Having these trusted partnerships comes with a major drawback, however.

Look at it from this perspective: If your organization is the target of a malicious actor, yet they find your defenses too difficult to penetrate, the attacker can use a partner company to find a way in. Depending on the difficulty, the attackers could target multiple third parties in an attempt to gain access to your network.

The important factor to keep in mind here is that just because your organization may have top-notch security practices in place, it does not mean your partners do, and they can be targeted for their valuable insider access to your systems.

Related story: Third-party vendors are the weak links in cybersecurity

Third-party companies, no matter how trivial they may seem to your everyday operations, need to be thoroughly vetted. If they are given secure insider access as part of doing business with your organization, their systems must be reviewed and assessed for security vulnerabilities. The adage, “you’re only as strong as your weakest link,” could not be more true when it comes to third-party vulnerabilities.

Coming to grips with risk

Partners may think of themselves as unlikely targets, but even your HVAC vendor could be creating a gaping hole in your security network that malicious actors may use to gain access to your sensitive information.

For example, financial enterprises have extremely large networks of third-party vendors and partners, from payment processors and auditors to Internet providers and other financial institutions. Being able to map your third parties’ public Internet space and network presence allows you to identify indicators of compromise and risk that paint an accurate depiction of your partners’ potential attack surface.

When we think of potential targets for hacking, we naturally think of big companies or government agencies-organizations that have large volumes of critical and sensitive data. But because these organizations typically have the funds and resources to implement sophisticated security, they are usually not the weak link when it comes to an attack.

Because these organizations cannot be easily accessed, malicious actors adjust their attack strategies to use alternate paths to their desired goal-less secured partners with privileged access. Once a vulnerable company is compromised, its trusted access into other partners allows malicious actors to bypass security controls with exploits that didn’t work previously. Adversaries now are free to roam the connected partner networks, essentially undetected.

Dealing with the problem

The moral here is that insider threats don’t necessarily have to come from within an organization. Trusted third parties, once compromised, create significant security risks to sensitive data. Organizations must look beyond their own defensive perimeters and consider monitoring their partners to better understand their complete attack surface-especially large and complex organizations in which new services are frequently delivered on outward-facing infrastructures.

Understanding the complete attack surface not only provides the intelligence to prevent abuse, but it provides insight into how an attacker may view a path of attack. Additionally, gaining insight into third-party partners, vendors and suppliers is crucial in creating an informed and dynamic risk management program.

Most organizations are busy enough dealing with their own IT infrastructure, so double-checking the risks associated with their partners may not be at the top of their priority list. However, in today’s cyber threat landscape, if you don’t take into account the security posture of your partners, you will never be able to truly mitigate your risk and are leaving gaps in your defenses for anyone to access your critical information.

This article was written by Jason Lewis. Lewis is the chief collection and intelligence officer at LookingGlass. Lewis is a network analyst who has technology initiatives in the private and public sectors.