Tag Archives: michael henk

What Blockchain Means for Insurance

Imagine an insurance industry without paperwork, a system where some claims are verified and handled almost instantly and applications/renewals are approved nearly as fast. Imagine being able to minimize fraudulent claims or loss adjustment expenses with a massive, decentralized database that leverages real-time data sources of almost unimaginable size. Imagine the cost savings to your company of improving efficiency across the insurance value chain (from product management, to underwriting, to claims, to customer service), all while potentially increasing the security of your policyholders’ data. Now imagine that the technology to do this already exists. It does. The hot name right now is “blockchain technology.”

It’s no secret the world is changing faster than ever before, with the “Internet of Things” promising to connect billions of people and technologies to the Internet in the next few years. As more and more people (and more and more things) are connected to the Internet, it’s important to focus on the risks but also important to focus on the opportunities. Emerging risks such as cyber liability, and more traditional risks such as catastrophic natural disasters, are affecting people in ways never seen before, simply because of their connections to the world. The insurance industry as a whole needs to take the lead on global risk management, and to do so the industry needs to leverage data. Lots of data. Big data. As of 2012, 2.5 exabytes of data was being created daily (that’s 2.5 billion gigabytes), and that figure has certainly increased since then.

Blockchain technology is one of the tools being used to manage these massive, real-time data sets, pledging enhanced security, increased innovation, automation of key functions, more utilization of peer-to-peer insurance, easier identification and prevention of fraud and many more opportunities that may not have even been conceived yet. Emerging risks lead to emerging opportunities, and blockchain technology is a key component in helping the industry take advantage of these opportunities.

See also: Blockchain: What Role in Insurance?  

But first, a step back. When the world is changing as fast as it is, it’s very easy to be sucked in by buzzwords and overwhelmed by the vocabulary. Let’s go back, gain a basic understanding of what this technology is and how it may revolutionize the insurance industry in the years to come, and determine if it is more than just the latest industry buzzword.

Put very simply, blockchain is the platform on which bitcoin (the world’s most popular digital asset and payment system) operates. It is a distributed database that maintains a continuously growing list of data records secured from tampering and revision. For bitcoin, the technology ensures that financial transactions remain secure and “pseudo-anonymous.” While originally developed for bitcoin, blockchain technology has been in use as an open source code since 2009. Recently, other industries are working to adapt this technology for their needs. Secure and pseudo-anonymous data sets sure seem like something the insurance industry could get behind, right?

The basics of the blockchain

At its core, the blockchain is a ledger of transactions and data that is stored on multiple machines. The key component of this technology is that the data is validated and confirmed in multiple “nodes.” Each computer (node) that stores the data runs an algorithm to confirm that a transaction is either valid or invalid before appending it onto the previous chain of data. This use of multiple nodes storing the data is known as a “distributed network,” which can take many forms. A network can include every computer connected to the internet, in the case of a public ledger, or a network of private computers that limit the access to the blockchain, in the case of a private ledger. The construction of the chain is made by “miners” who run algorithms to validate and store the latest ledger of data, the blockchain.

The basic principles of the chain imply that, once a transaction is validated, it is “glued” on to the existing chain that includes all past valid transactions. As the data is stored on multiple machines, it cannot be changed. The “valid” blockchain is the longest chain of transactions that the majority of the nodes agree is valid. With the addition of time-stamps for the transactions and cryptology applied to the information, this makes hacking in and changing the blockchain incredibly difficult. A hacker would have to break into a majority of the nodes to create a fraudulent transaction.

This major security innovation of the blockchain sounds like common sense when you talk about it but has only been made possible with technological advances in the last few years. For decades, an organization’s data has been stored in a centralized data repository. With these systems, a hacker only has to infiltrate the firewall and protocols of a single entity to change the information and defraud the data. If you’re running an insurance company, would you rather a hacker need to break into one system to ruin your firm or thousands?

Another positive aspect of the blockchain is pseudo-anonymity. Data is encrypted at the transaction level to preserve anonymity. This is only pseudo-anonymous because theoretically you can gain the knowledge of the past transactions of an individual, and, as such, may be able to identify that person’s blockchain. In reality, identification is extremely impractical because a hacker would have to break through the cryptographic protocols of the entire transaction history. Anonymity in transaction data is desirable to guard against data breaches that lead to fraud or identity theft.

Enhanced security?

Blockchain technology comes with many inherent benefits. The main purported benefit of the blockchain is a direct result of the security: the ability to provide a stream of data that can be “trusted” for accuracy. Users will be able to quickly identify the movement of assets from one party to another.

Let’s visit a somewhat common transaction, buying a house, in a blockchain environment. A mortgage lender needs to verify that the owner of a property for sale has the right to sell it and that the buyer has the right to purchase it. Currently, this process can take a day for a “clean” title and possibly weeks for a title that has had prior liens on it. With the blockchain technology, this process can be done in a few seconds and save considerable cost because all of the property data can be stored in a blockchain. The data stored in a blockchain can readily identify whether the seller still owns the property and has not already sold it, and it can identify any liens on the property. The blockchain technology does the work of the “middlemen” in the transactions.

However, this doesn’t mean that the blockchain is bulletproof. As with any emerging technology, a parallel effort to undermine and manipulate the system has emerged alongside it. In August 2016, 120,000 units of the bitcoin digital currency, valued at $72 million, were stolen from a bitcoin exchange in Hong Kong.

Vitlay Kamulk, a researcher at Kaspersky Lab (an international software security group), stresses that we need to understand the vulnerabilities before widespread acceptance. While Kamulk’s comments were focused on bitcoins, his is an important lesson to keep in mind for all new technologies, including the blockchain. It is important to remember that no system should be considered “invulnerable,” and to continue researching advancements in security, even in something as locked down as the blockchain. Just as an insurance company must perform due diligence when entering a new market or changing its claims philosophy, companies must consider the potential risks from adoption of blockchain versus the potential efficiency gains.

Insurance industry blockchain benefits

Security vulnerabilities aside, it doesn’t take much imagination to see how this new technology could completely change the way insurance companies work. With this technology, claims costs can be lowered through the use of “smart contracts.” These are contracts that automatically enforce terms when certain conditions arise. As a very basic example, consider a smart insurance contract for trip insurance. After the airline posts a cancellation of a covered flight, it can automatically trigger payment to those who have purchased insurance without the need to use a claims department to verify the loss. This has the potential to save the insured the hassle of filing a claim and waiting through the claims process for payment. It saves the insurer the hassle of verifying the claim. This cost savings would be passed to the policyholder in lower rates.

Another insurance example is crop insurance. When insured crops are damaged by weather, a smart contract built on blockchain technology can use meteorological data to pay claims automatically. Wind speed data, precipitation levels, hail size and frequency and other weather-related data can be used to identify areas that are affected and trigger the payment of claims without the need of a claims adjuster. This would drastically reduce the loss adjustment expense that is related to these types of claims.

Blockchain technology also has the potential to limit fraudulent claims. False billings and tampered documents are less likely to “fall through the cracks” if the data is decentralized and immutable, which will reduce the amount of erroneous claims payments. Using this technology will enable insurers to lower their loss-adjustment expenses and pass on that savings to consumers. Furthermore, if this technology becomes widely used, it can help mitigate identity theft and other cyber liability losses.

Identity theft is the fraudulent acquisition and use of a person’s private identifying information. Usually this is done to realize a financial gain. Because the data is encrypted at the financial transaction level, the technology minimizes the amount of identifying information available in the blockchain, thus minimizing the risk of identity theft.

The encryption protocol used by the blockchain technology has the capability to limit cyber liability, as well. Cyber liability is the risk that personally identifiable information will be compromised by a third party storing an individual’s data. Current practice is to store this data in a central location with software to protect against hacking. Blockchain technology enables data to be run and stored based on the current blockchain without unencrypting the underlying data because the chain itself can be independently verified through separate nodes.

Though this technology may not revolutionize the manner in which insurance operates, it has the potential to introduce new models of business and increase the capacity of insurance. This technology could change the way insureds interact with their insurers.

Limitations of the blockchain

As with any emerging technology, these potential benefits do not come about without a few potential limitations, in addition to the security concerns. The most problematic of the limitations is scalability. For the insurance industry to use blockchain technology would take a remarkable amount of infrastructure. Currently, blockchain technology is limited by the amount of computing power available. For data to be decentralized, each node must be able to process the requisite data for each transaction for a growing number of participants. While smaller blockchains are currently successful with a limited number of participants, the insurance industry has a much larger population of participants that will need to have their data validated in a timely manner. This will mean not only more storage space but also enough computing power to quickly be able to validate each new transaction or data point.

Another stumbling block that needs to be overcome is the expertise. The expertise and experience needed to create the blockchains and implement the necessary systems to use this technology are still in their infancy. A few digital currencies use this technology, but it is not widespread enough to support the needs of scaling the technology to a point that can be used by most industries, especially insurance. The speed and stability of this technology will require a substantial investment of capital.

There may be further concerns with regard to data privacy. The most prevalent user of this technology is the bitcoin system, which operates a publicly available blockchain with open source code. Implementing this type of network into a “permissioned” or semiprivate network to protect personal information might pose significant roadblocks. This will include the implementation of standardization in the protocols used to verify each and every transaction, which is a crucial component of creating the blockchains. The total metamorphosis of the way that data is verified and stored will not come without a considerable cost.

See also: How Will Blockchain Affect Insurance?  

The most problematic challenge that may delay this technology being implemented in the insurance industry is regulation. Insurance needs to be a highly regulated industry to protect policyholders and the integrity of the companies that provide coverage. The use of blockchains to offer new insurance services, such as peer-to-peer insurance, will leave questions regarding who the regulatory authority is, as the transactions will be conducted over a widely diversified geographic space. Which regulatory body will ensure that policyholders will be protected in the case where a peer-to-peer contract holder does not have sufficient funds to pay a claim? Currently, regulation in the U.S. is on a state-by-state basis, which does not lend a great deal of flexibility when dealing with new products that may be funded by those overseas using this technology. The issue of regulatory governance seems to be the largest hurdle that the insurance industry will face if it embraces this technology.

The first industry adoption efforts

It’s not difficult to see the potential efficiencies that blockchain technology can introduce into the insurance industry in broad terms. However, this sort of technology really can’t shine unless it’s implemented in a consistent and compatible way, based on minimum standards to exchange data and transactions. To that end, a number of insurers and reinsurers have launched the “Blockchain Insurance Industry Initiative” or B3i, to “explore the potential of distributed ledger technologies to better serve clients.” The member companies tout the speed and efficiencies that blockchain may bring to the insurance industry and are exploring using the technology for inter-group retrocessions.

The ultimate goal of B3i is to “explore whether Blockchain technology can be used to develop standards and processes for industry-wide usage and to catalyze efficiency gains in the insurance industry.” With major players in the insurance market exploring the use of the blockchain, it’s important for all insurers to monitor the situation. The B3i is the first major effort to implement the technology into solutions across the insurance value chain rather than isolated use in individual companies. It’s a big development, and insurers should keep their eyes on it.


Blockchain technology has many benefits that can aid the insurance industry, but they come with some large question marks. The structure of the blockchain can help to save claims costs and even open up new avenues of marketing insurance as well as the potential for offering new products in a timely manner. The insurance industry has usually lagged behind other industries when it comes to implementation of emerging technologies, and this will most likely continue with regard to blockchain technology. Insurers will likely wait until a larger-scale version is “tried-and-true” for other industries before embracing it themselves.

Download the full PDF here.

How to Handle Pirates, Kidnappings, Ransom

Imagine that your job involves negotiating with international criminal organizations or, at the very least, assisting those who do. No, you do not work for some mercenary military force or in illicit arms and drug deals; you work in insurance. It may seem like the start of a movie, but it is a very real segment of the insurance industry, generating hundreds of millions of dollars in premiums annually. What is this line? It’s kidnap and ransom (K&R) insurance, which, in the modern world of global expansion and technological revolutions, is a virtual necessity for major players in every market and a major opportunity for the insurance industry.

An emerging line

K&R insurance originated following the kidnapping (and eventual murder) of Charles Lindbergh’s baby in 1932. It remained a niche coverage form, covering celebrities and their families, and was relatively unused in the U.S. until the Patty Hearst abduction in 1974. From that point on, policies became more and more popular among the Hollywood elite. Today, the major purchasers of this coverage are large companies with a significant international presence. The policies are designed to protect individuals and corporations operating in high-risk areas around the world. Over the years, policies have evolved from covering named individuals to covering named categories of persons (family, employees, employers, etc.) of a covered individual. The coverage is typically offered along with other management liability lines such as directors and officers. Lloyd’s of London, which has a reputation for focusing on just this kind of specialist insurance in the international market, has a long tradition of providing kidnap and ransom policies. While there is personal lines availability for persons such as freelance journalists, mission workers or high-net-worth families, this article focuses on commercial K&R coverage.

There are four major perils covered by the typical K&R policy: kidnapping, extortion, detention and hijacking. Some policies now cover cyber-threats under their extortion coverage, which may overlap with companies’ cyber-perils policies. Overlapping cover can also occur in the context of piracy at sea, where traditional marine cover may meet the cost of the ransom but will not meet the (usually very substantial) costs involved in the crisis management process. K&R policies are indemnity policies; they reimburse for losses incurred by the insured. Types of losses can widely vary, and include: ransom payments, loss of ransom in transit, medical expenses for the victim, psychiatric expenses, reward payments, asset protection, funeral expenses, child care expenses, business interruption expenses and, perhaps most importantly, the fees and expenses of crisis management consultants.

All major K&R policies include the cost of services of crisis management and security consultants, which can be thought of as loss mitigation teams. These consultants provide advice to the insured’s family or employer on how best to respond to the incident. Should the local authorities be contacted, or even trusted? How can you make the kidnappers prove they have your employee? Where should you meet with the kidnappers? How should you deliver the ransom? These are not easily answered questions, and most likely should not be answered by someone at your company. Crisis managers have accumulated a wealth of expert knowledge about economic kidnappings. They take the tremendous burden of dealing with kidnappers away from a company or a family and prevent emotions from taking over and exacerbating an already tenuous situation. These firms have a relationship with kidnappers. They know who to trust, who can be bribed and how much resolution is going to ultimately cost. Typical policies do not cap the expenses that can be paid to crisis management teams.

Coverage for a unique population

A unique feature of K&R policies is that the personnel covered by a policy most likely do not (and cannot) know that they are covered. Policies are typically purchased by a company to cover key personnel traveling in dangerous areas of the world. If those covered were aware of it, it would likely change their activity, potentially increasing the risks they take. In extreme cases, it could even lead to collusion between kidnappers and potential victims. For instance, if a covered individual knew that a company had coverage and would pay in the event of a kidnapping, he or she might work with kidnappers for a portion of the payout. Clearly, it is in the best interest of the companies that those covered remain unaware of the coverage or, more realistically, unaware of the limits and conditions of the specific policy purchased.

This scenario leads to some obvious ethical questions and some unusual adverse selection questions. Does the existence of this coverage actually increase the propensity for organizations to commit kidnappings? While evidence exists that the number of kidnappings has increased dramatically over the last 20 years, especially post-9/11, it is not possible to differentiate between the potential moral hazard inherent in a K&R policy and the increased “riskiness” of doing business because of globalization, population increases and global financial unrest. In the 1980s, the United Kingdom’s Prime Minister Margaret Thatcher launched an investigation into the policies. She was concerned that the existence of the coverage might encourage policyholders to pay ransom and might allow them to be less cautious about the amount of ransom they paid. Nothing came of that investigation and, while tension between governing authorities and insurance providers remains, the coverage continues to grow today.

Another potential dilemma arising from the existence of this coverage is whether a victim’s company will even inform the insurance company. The vast majority of kidnappers demand that no one be informed about the occurrence. Companies need to balance this demand with the need to contact authorities or the insurance company. If a company does not inform its insurer of the kidnapping, the insurer will likely try to deny coverage; however, if it does inform their insurer, it is potentially jeopardizing the employee’s life. As mentioned, there is also the potential ethical dilemma of negotiating with, and potentially making payments to, kidnappers. In the event that the kidnapping is perpetrated by a known terrorist organization, as is becoming more common in Middle Eastern states, the victim’s company may be placed in the awkward position of having to negotiate with terrorists, against the advice and publicly stated goals of Western democracies. It is important to remember that negotiating with terrorists is not encouraged.

Financing kidnap and ransom policies

Typical K&R policies are relatively inexpensive (when compared with directors and officers coverage) but are also very profitable because of the low frequency of the losses. Basic policies start as low as $500 a year, though pricing depends on the situation. Underwriting a K&R policy is like underwriting any other type of insurance. There are pricing incentives for good (less risky) behavior and penalties for bad (riskier) behavior. Underwriting characteristics used vary from company to company but often include the nature of a company’s business, total revenue, number of employees, travel patterns and foreign locations of employees, as well as previous loss experience.

The market, while still small, is growing. Kidnapping is estimated to be a $500 million a year criminal activity (as of 2010), a large portion of which comes from K&R payments, most of which is funded by insurance companies. At the same time, it is nearly impossible to know how many policies are in force worldwide. This is primarily because of the secrecy of the coverage. The presence of the coverage will never be mentioned in stories about a kidnap victim’s release. The policies are not paying the ransom; they are almost always reimbursing the company that does. Because of the secret nature of the policy, information about specific cases is hard to come by. Beyond that, according to Red24, a non-broker specialist in crisis management circles, it is estimated that 30,000 “traditional” kidnappings (i.e., those with ransom demands), occur every year worldwide, though the New York Times reports that only 10% of kidnappings are reported to the authorities.

While it is difficult to gauge potential future markets for this coverage, it is also difficult to determine who already has the coverage in place. What is not difficult to see is the financial impact the kidnappings themselves are having on companies. The non-profit group Oceans Beyond Piracy reports that maritime attacks by Somali pirates alone cost the shipping industry more than $5 billion in 2011, and the Economist estimated that Somali pirates alone generated more than $200 million in annual premium at the peak of their attacks in 2010. Most common targets of kidnappers are the oil and gas industry, because of the perception that energy companies are exploiting Middle Eastern nations’ wealth for their own benefit. Media outlets are also prime targets, primarily because of the exposure a kidnapping would generate.

A new breed of kidnapping risk

It is not just kidnappings for ransom and pirate attacks that companies need to be cognizant of. A relatively newer phenomenon is that of the “express kidnap,” of which there are on average 6,000 a year in Mexico alone. In these instances, there is no demand for a ransom made by a third party. Instead, the kidnappers take their victim to an ATM or a hotel room and make the victim access cash or personal valuables. The vast majority of these instances go unreported, mainly because of the corruption of the local law enforcement. In fact, studies say that half of the express kidnappings in Mexico are perpetrated by law enforcement agents themselves.

So, not only do kidnapping and ransom policies have to cover the low-frequency, high-severity, kidnap-for-ransom losses, they also must cover (relatively) high-frequency, low-severity, express kidnappings.

An evolving risk

It appears that kidnappings are increasingly being thought of as a business opportunity. Groups that have previously kidnapped purely for political purposes are now realizing the economic value. Most kidnappings are now orchestrated by professional gangs and groups, and dealing with them is more similar to a business negotiation than with a criminal organization. Kidnappers are getting smarter and are, on an increasing basis, being aided by crooked politicians and law enforcement agents. Kidnapping victims are seen as inventory and, as with any other business, the goal is to sell the inventory, not destroy it.

As kidnappers get smarter, companies that deal in areas that present a high risk for kidnapping must also learn to prevent losses. Having a kidnapping and ransom policy protecting key employees is common sense and should be regarded as an industry best practice for risk management. As globalization continues to expand, companies should see the need to take precautions to protect their “human capital.” Clearly, avoiding zones with a high level of kidnappings is ideal, but in the event that your company must do business in these areas K&R coverage can provide an important backstop. Kidnap insurance will always be veiled in secrecy out of necessity, but that does not mean there is not a place in the industry for growth and innovation.

As the demand for the coverage increases and the market continues to grow, it is natural to expect innovation in pricing. Clearly, there is very little historical loss data from which to develop reliable models, and most pricing is done on the basis of expected loss ratio. However, there is likely value to be gleaned from analyzing travel patterns, regional economic/political unrest and companies’ international strategies. K&R coverage is currently buried in the “other liability” line of the NAIC annual statement. At present, it is an extremely profitable coverage. But, like other lucrative practices, as more and more insurance companies see the potential for profits, loss ratios will go up as premium rates are minimized. A company that can most accurately forecast aggregate kidnapping activity and price policies accordingly stands to gain significant profits.

The goal, of course, is to reduce the opportunities for kidnapping. K&R policies encourage those who have personnel at risk to manage that risk more effectively, by providing rate relief for firms that engage in less risky activity. Insurers want to do all they can to minimize their policyholders’ risks, to reduce the likelihood they will have to pay out at all. The insurance companies do not profit from the loss occurrences; they prevent their insureds from having to liquidate assets because of acts of terrorism. The policies align with the government goals of reducing terrorist activities. They do not exacerbate the problem; they play a necessary role in reducing the impact of traumatic events. This coverage will grow significantly as the number of companies operating internationally increases and as international markets in which companies operate continue to expand. It is vital that these companies obtain this coverage for their key employees. It could save their business…or an executive’s life.