Tag Archives: retail

E-Commerce Transforms Risks

The April 2017 issue of Business Insurance Magazine features a cover story on the retail industry, and how the move to e-commerce is changing the risks faced by the insurance industry. The articles include “Retail caught flat footed by e-commerce,” and “Web revolution creates new era for retail risk management.” It is remarkable that both the retail industry and the insurance industry seem to be taken by surprise at the advance of online shopping. This is especially puzzling because the handwriting has been on the wall for so long that it is beginning to fade away. What are the lessons for the insurance industry today in a world where digital change is affecting every industry?

Before answering that, it’s a good idea to brush up on the history of e-commerce. The ability to shop and purchase items online began to appear in the mid- to late 1990s with the initial internet boom. In the early days, anyone who could put up a website thought they could reach the whole world and become rich and famous overnight. Thousands of those early web businesses achieved rapid valuations based on inflated expectations and then crashed and burned in spectacular fashion during the Internet bust of the early 2000s. But others were very successful and began to eat away at the business of the traditional “brick and mortar” retailers. Of course, Amazon.com is the most famous, starting in 1994 and selling its first book online in 1995. Although the company did not have a yearly profit until 2004, its growth in those early years was phenomenal, and there was little doubt that it would become a major force in retail.

See also: Why AI Will Transform Insurance  

I could enumerate many examples of e-commerce successes and failures, but the point is that the move to e-commerce has been gaining steam for more than 20 years, putting a number of household names out of business along the way (think Borders, Circuit City). Many others filed for bankruptcy or were acquired at bargain basement prices. Many retailers have been closing stores and trying to revamp their business models for a decade or more (Sears, J.C Penney, Macy’s). And a wave of local retailers have found it difficult to compete with big online retailers.

The Business Insurance articles do a nice job of describing the implications for the insurance industry and retail risk managers of this transition to e-commerce, identifying how the movement changes the risk landscape. The main question is, what took everyone so long to realize that online shopping would have a transformative effect on the retail industry? It did not happen overnight, and the implications could have been foreseen and planned for long ago. To be sure, some retailers and some insurers were forward-thinking and adjusted for the transformation, but far too many were blindsided, as indicated in the articles. What does this mean for insurers today?

Besides the changing nature of retail and the companies populating the space, commercial lines insurers should focus a critical eye on every industry segment they serve. Today, the pace has quickened, and a wide range of emerging technologies, societal trends and demographics are causing upheaval in every industry. For example, the transportation sector faces issues such as autonomous vehicles, ride sharing, vehicle electrification and new transportation technologies – developments that are sure to completely reshape that industry sector. Similar cases can be made for change in manufacturing, energy, entertainment, travel and other industries. This time around, those industries and their insurer partners will not have 20 years to monitor developments. Many of these industries are likely to see substantial changes within the next three to five years. The changes to products, business models, companies and industry structure will, in some cases, dramatically change risks. For some, new technologies and solutions will enable very significant reductions in risk, and for others, new risks will emerge.

See also: A Gap That Could Lead to Irrelevance  

The main messages for insurers are these: Don’t be complacent. Don’t assume this is all hype and will never happen. And don’t assume that you will be retired before any of these transformations take hold. Plan and prepare now, seizing the opportunities to succeed in the digital age.

cyber

Cyber Threats and the Impact to M&A

As investment bankers and their lawyers pore over the details of a potential corporate merger, a new and troubling issue has emerged that could affect the terms of the deal, or even derail it. Cyber risk is now a top agenda item, not only for deal makers but for shareholders, regulators and insurance companies.

While assumption of risk is nothing new when acquiring a company, assuming cyber risk raises a whole new set of concerns that must be addressed early in the M&A process. Specific industries, such as healthcare, financial services and retail might require detailed attention to data risk as it applies to HIPAA (Health Insurance Portability and Accountability Act) standards, financial regulation and PCI (payment card industry) compliance. A thorough analysis of the target company’s network systems needs to be part of the due diligence process and may require the services of a network assessment vendor. Insufficient cyber security and the need for significant remediation of these networks could lead to unforeseen expense and may be a consideration in final negotiations of the target price.

Understanding the evolving face of hackers should also be a consideration. Hackers have traditionally been motivated solely by financial gain. However, as evidenced by recent cyber attacks against Sony, Ashley Madison and the Office of Personnel Management, hackers may be driven by political agendas or moral outrage or may be part of state-sponsored cyber espionage. If the acquired company comes with intellectual property or produces controversial products or services, it could be at higher risk of attack.

Regulatory Issues Affecting M&A

Increased regulatory risk for the acquiring company should also be of concern. Regulators in the U.S. and around the world have had a laser focus on privacy matters and have made their authority known in two recent court decisions.

  • On Aug. 24, 2015, a decision was made that will have profound impact on how the CIO, compliance officers, cyber security officials and others view what is an acceptable level of cyber security. In Federal Trade Commission v. Wyndham Worldwide Corp. et al. No. 14-3514, slip op. at 47 (3rd Cir. Aug. 24, 2015), the FTC alleged Wyndham failed to secure customers’ sensitive data in three separate incidents. As a result, 619,000 customer records were exposed, leading to $10.6 million in fraudulent charges. The Third Circuit Appeals Court affirmed the FTC’s authority to regulate cyber security standards under the “unfair practices” of the Federal Trade Commission Act. Therefore, key stakeholders in the acquiring and target companies need to come to terms regarding acceptable levels of cyber security before the deal is closed.
  • On Oct. 5, 2015, the European Union’s Court of Justice declared the U.S. and E.U. Safe Harbor framework invalid. The ruling abolishes an agreement that once allowed U.S. companies to move E.U. residents’ digital data from the E.U. to the U.S., and it will affect approximately 4,000 companies. For some companies, the ruling could drastically alter their business models. Therefore, an acquisition of any of these companies will require careful consideration as to how the company collects and uses the online information of the residents in the 28 countries that make up the E.U. An acquiring company could face regulatory scrutiny and costly litigation for noncompliance of their newly acquired entity.

Transferring Your Cyber Risk

One method to provide protection for the acquiring company would be to enter into a cyber security indemnity agreement with the targeted company. The agreement can exist for a period after closing, but there should be an expectation that—after a specified length of time long enough to remediate and integrate the target company’s IT networks—the agreement will expire. The liability protections should be as broad as possible and should include all directors and officers, who are often named in derivative lawsuits in the aftermath of a data breach. The agreement should address the many different actions that might be required after an unauthorized network intrusion of the target company. Costs related to defense attorneys, IT forensics firms, credit monitoring vendors, call centers, public relations companies and settlements should be anticipated. The firms to be hired, the rates they will charge and the terms of reimbursement to the acquiring company should be outlined in the agreement.

Many businesses have also turned to cyber insurance as a means to transfer cyber risk. In fact, the cyber insurance industry has grown to $2 billion in written premiums, with some expecting it to double by 2020. Cyber policies typically cover a named insured and any subsidiaries at the time of policy inception. Parties in a merger should be aware that M&A activity will likely have an impact on existing cyber insurance policies and often require engagement with insurance companies. When an insured makes an acquisition during the policy term, the insurance carrier often requires notification of the transaction pursuant to policy terms specifically outlined in the policy. Because cyber insurance policies are written on manuscript forms, there is no one standard notification requirement, and compliance terms will vary from insurance company to insurance company. If the target company has revenue or assets over a certain threshold, the named insured may be required to:

  • ƒProvide written notice to the insurance carrier before closing;
  • Include detailed information of the newly acquired entity;
  • Obtain the insurer’s written consent for coverage under the policy;
  • Agree to pay additional premium;
  • Be subject to additional policy terms.

Cyber risk can have a huge impact on any M&A activity. Legal liability and the means to transfer it should be a top priority during the transaction. There likely will be a big impact on existing insurance coverage. All parties need to focus on their rights and responsibilities and must engage the right experts to maximize protections in the process.

social

The Keys to Forming Effective Teams

America loves teams and team players, even outside of sports. What’s not to love? Team players are selfless—they set aside their personal goals and focus their talents on coordinating efforts with their fellow team members to achieve a common goal. Teams personify cooperation and collaboration and synergistic effort. And, of course, we’ve all been taught that teams inevitably generate better outcomes than individuals do.

So it’s good to be on a team, and teams do good work, which means teams and teamwork are iconic realities of life in America—socially, educationally and professionally. It really doesn’t matter whether you are a toddler, a college student, a retail clerk or a corporate executive, today you regularly find yourself slotted onto teams (or onto committees or into small groups) where you are expected to behave like a good team player.

And how does a good team player behave? According to leadership coach Joel Garfinkle, “You just need to be an active participant and do more than your job title states. Put the team’s objectives above yours and take the initiative to get things done without waiting to be asked.” He identifies five characteristics that make a team player great:

  1. Always reliable
  2. Communicates with confidence
  3. Does more than asked
  4. Adapts quickly and easily
  5. Displays genuine commitment

Seems obvious, but think of your most recent team experiences. Were your team members behaving that way? Were you? Not likely, and J. Richard Hackman, a former professor of social and organizational psychology at Harvard University and a leading expert on teams, knows why. When interviewed by Diane Coutou for a 2009 Harvard Business Review article (Why Teams Don’t Work), he said:

Research consistently shows that teams underperform, despite all the extra resources they have. That’s because problems with coordination and motivation typically chip away at the benefits of collaboration.

Problems with coordination and motivation interfering with team collaboration and performance—doesn’t that sound like a rather modest challenge that could be resolved with more effective team management? Sure, to a certain extent. Teams are often too large; they are thoughtlessly staffed (proximity and position rather than proven talents and ability to produce results); and they are routinely launched with murky objectives, vague group member accountabilities and no formal support network for team process management. In other words, most teams don’t meet the five basic conditions Hackman, in his book Leading Teams, said teams require to perform effectively:

  1. Teams must be real. People have to know who is on the team and who is not. It’s the leader’s job to make that clear.
  2. Teams need a compelling direction. Members need to know, and agree on, what they’re supposed to be doing together. Unless a leader articulates a clear direction, there is a real risk that different members will pursue different agendas.
  3. Teams need enabling structures. Teams that have poorly designed tasks, the wrong number or mix of members or fuzzy and unenforced norms of conduct invariably get into trouble.
  4. Teams need a supportive organization. The organizational context—including the reward system, the human resource system and the information system—must facilitate teamwork.
  5. Teams need expert coaching. Most executive coaches focus on individual performance, which does not significantly improve teamwork. Teams need coaching as a group in team processes, especially at the beginning, midpoint and end of a team project.

But there’s another challenge, and it is presented by the people who don’t want to be team players. People who, when added to a team, immediately focus their attention and effort not on being a good team player but instead on dodging work, avoiding exposure and manipulating the conscientious team players into doing more than their share of the work. This is known as social loafing (or slacking), and it describes the tendency of some members of a work group to exert less effort than they would when working alone. Kent Faught, associate professor of management at the Frank D. Hickingbotham School of Business, argues in his paper about student work groups in the Journal of Business Administration Online that social loafers can’t be successful, however, unless the other team members permit the loafing and complete the project successfully: 

…the social loafer must find at least one group member that CAN and WILL achieve the group’s goals and ALLOW themselves to be social loafed on. “Social Loafer Bait” is the term used here to describe the profile of the ideal target for social loafers.

This problem isn’t new. Max Ringelmann, a French agricultural engineer, conducted one of the earliest social loafing experiments in 1913, asking participants to pull on a “tug of war” rope both individually and in groups. When people were part of a group, they exerted much less effort pulling the rope than they did when pulling alone. According to Joshua Kennon, Ringelmann’s social loafing results were replicated over the years in many other experiments (involving typing, shouting, clapping, pumping water, etc.), leading psychologists to believe that humans tend toward social loafing in virtually all group activities. Kennon shared two other conclusions:

  • The more people you put into a group, the less individual effort each person will contribute;
  • When confronted with proof they are contributing less, the individuals in the group deny it because they believe they are contributing just as much as they would have if they were working alone.

I recently asked a group of friends and colleagues who have been involved in group work at school or in their jobs to respond to a brief, unscientific survey on how they deal with social loafing. Their response pattern is shown in parentheses, and, although respondents varied in age from 20 to 50-plus, answer patterns didn’t seem to vary by age group:

You are working on an important, time-sensitive project with a group of people. One of the group members is slacking off, not contributing to project work. What do you do about it? (choose one)

  • Ask/Tell the slacker to commit to the project and start contributing (40%)
  • Report the slacker to the project sponsor (3%)
  • Complain about the slacker to other team members (10%)
  • Work harder to pick up the slack and ensure the project is successful (30%)
  • Follow the slacker’s lead and reduce your commitment and effort (0%)
  • Other (17%—Most respondents who chose this reported they would employ more than one of the listed strategies)

How effective is the response you identified above?

  • Solves the problem (27%)
  • Partially solves the problem (53%)
  • Fails to solve the problem (17%)
  • Causes other problems (3%)

Respondents who took some action (talking to the slacker, or reporting the slacker to the project sponsor) were much more likely to report that their actions solved all or part of the problem. Complaining to other team members failed to solve the problem—no surprise there. And even though 30% of respondents elected to address the slacking problem by working harder to pick up the slack (earning themselves a “social loafer bait” ID badge), the effect of doing so was mixed, spread fairly evenly among solving, partially solving, failing to solve and causing other problems.

What’s not clear is why we are so willing to tolerate social loafing in group projects and why we are so reluctant to call slackers out and hold them accountable. According to Kerry Patterson, co-author of the book Crucial Conversations: Tools for Talking When Stakes Are High:

93% of employees report they have co-workers who don’t pull their weight, but only one in 10 confronts lackluster colleagues.

I suppose the reality is that unless work groups are tightly managed, they offer excellent cover for slackers—relative anonymity, little or no pressure from team members, great individual performance camouflage—with only a slight threat of exposure or penalty for not being a good team player. So the solution to the social loafer problem probably involves not only changes in how groups are formed, resourced and supported but also changes in the group work dynamic to eliminate the cover and camouflage and to illuminate how each individual contributes to the group work effort. (This is sometimes accomplished in university student work groups by using a formal peer review process to help group members hold each other accountable.)

As you might expect, Google is serious about teamwork (all Google employees work on at least one team), and Google wants teams to be successful. A recent study of team effectiveness at Google determined that five team dynamics (psychological safety; dependability; structure and clarity; meaning of work; and impact of work) are more important to successful teams than the talents of the individuals on the teams. To help teams manage these dynamics, Google developed a tool called the gTeams exercise, described by Julia Rozovsky of Google People Operations as:

…a 10-minute pulse-check on the five dynamics, a report that summarizes how the team is doing, a live in-person conversation to discuss the results and tailored developmental resources to help teams improve.

According to Rozovsky, Google teams reported that having a framework around team effectiveness and a forcing function (the gTeams exercise) to talk about these dynamics was the part of the experience that had the most impact. That’s not surprising, because any “forcing function” that puts a public spotlight on ineffective or unacceptable behavior makes it easier to identify and eliminate that behavior.

Given the concentration of talent at Google, I imagine the social loafers there probably boast a more refined slacker “craftiness” pedigree than most of us normally encounter. Still, I am betting the Google slackers aren’t very pleased with the light and heat generated by the gTeams exercise spotlight.

Cyber: Best Defense Is a Good Offense

According to the Identity Theft Resource Center (ITRC), as of Aug. 11, there have been 472 data breaches, exposing 139,278,685 records in 2015 alone. It’s a safe bet that much of the personal identification information (PII) exposed in those breaches will be – at some point – used to perpetrate fraud. With all that PII out there, you might wonder what industry will likely fall victim to the fraud. The answer, according to the recently released results of the 2015 Fraud Mitigation Study, is simple: Cyber criminals do not choose one industry over another when it comes to committing fraud. In fact, all industries are targets.

The study, commissioned by the LexisNexis Fraud Defense Network, examines cross-industry fraud trends of all types – including identity-based fraud – and surveyed 400 fraud mitigation professionals from the insurance, financial services, retail, government, healthcare and communications industries. Overwhelmingly respondents (84%) indicated that the cyber fraud cases they investigated within their industry were also connected to another industry. And the impact of cross-industry fraud is significant: 77% of respondents said cross-industry fraud cases had a moderate to extreme financial impact on their organization.

So, what can industries do to mitigate cyber fraud? It’s often been said the best defense is a good offense – and that’s what’s required. That begins with changing how they are fighting fraud. The siloed approach to each sector dealing with the problem on its own – and relying only on data within its industry – isn’t adequate. Criminals count on the fact that industries aren’t talking to each other. Once the fraudsters have pilfered one industry sector, they move on to the next unsuspecting industry. But what if one industry sent up a flare to the others?

Imagine if data about fraud cases was shared across industries. The dynamic would shift. Through cross-sector collaboration, industry would have the upper hand. In this scenario, the fraudsters would be at a disadvantage. This is not just a pipe dream. Study respondents recognized they need more information to fight fraud; in fact, 74% acknowledged it would be valuable to have information on fraud cases from outside their industry.

75% of study respondents stated that they do rely on external data analytics to detect and prevent fraud; the other 25% do not primarily because of a lack of budget, awareness, knowledge, comfort level or relevant training. The primary question is, what’s the most effective way to share information?

This is the mission of the Fraud Defense Network: to facilitate sharing of information, best practices and data around fraud mitigation across industry and government sectors. We have created the LexisNexis Contributory Risk Repository, a cross-industry database that houses information about fraudulent and suspicious events from organizations in finance, retail, insurance, healthcare, law enforcement and government. After the data is collected through the Risk Repository, LexisNexis applies advanced analytics to identify meaningful connections that not only illuminate past fraudulent behavior but also help to flag suspicious patterns on future transactions.

4 Ways Superstores Can Teach Insurers

A smoke alarm isn’t the only kind of protection on sale at your local superstore these days. Need some life or health insurance with those printer cartridges? You’re in luck. Insurers like Metlife and Aetna now sell insurance policies through superstores. Walmart launched a pilot program with Metlife to sell life insurance policies at 200 Walmart stores, and Costco members can select Aetna health plans offered through Costco’s Personal Health Insurance program — Costco has offered its members discounts on auto, homeowner, renters, umbrella and specialty insurance through Ameriprise Insurance for several years.

Although not every effort has gotten off to a flying start, these are good examples of insurers experimenting with approaches to tap into large, underserved markets and new sales channels and to create brand awareness in a shopping environment where there’s a natural connection with the products they sell.

What I’m most curious about is the impact the superstore channel will have on how these insurers sell. What can insurers learn from two of the world’s most valuable retail brands about creating the kind of convenient, affordable one-stop-shopping experiences that Walmart and Costco offer and consumers so desperately want?

Plenty of things. Here are four:

1) FOCUS ON SELLING YOUR BRAND RATHER THAN YOUR PRODUCT

Walmart and Costco both offer lower-priced house brand products, but neither focuses its attention on selling its own product even though that would obviously benefit the bottom-line. The goal is to own the customer by meeting the brand promise of offering low prices and good value on any and all products that a customer wants to buy. Walmart doesn’t worry about selling a competitor’s product – even with a small profit margin, Walmart still generates revenue and profit, through multiple product sales, and keeps the customer coming back rather than sending him to shop with the competition. It’s good business sense to focus on what the customer wants to buy rather than what a retailer wants to sell.

Similarly, it’s good business sense for an insurer to consider selling products that are a good fit with the brand and that complement other product offerings – even if that means offering a competitor’s product.

Selling a competitor’s products can help insurers facilitate that convenient, one-stop-shopping experience that consumers want. It allows the insurer to keep the customer relationship while generating revenue from underwriting the risk, or from brokerage fees. And in cases where an insurer doesn’t have the experience, appetite or capacity to underwrite the product, it’s better to make fee income than the underwriting income.

An insurer’s No. 1 goal is to own the customer. The insurer that underwrites the product makes one sale; the insurer that owns the customer can sell to her for her entire lifetime. That can mean decades of selling renewals, cross-selling related products and generating referral business.

2) OFFER CUSTOMERS CHOICE

Mac or PC? Chocolate or vanilla? We’re a culture of consumers who covet choice. Even a limited selection is enough to provide customers with this valuable component of the shopping experience. While Costco is cautious about the number of brands it offers (limiting the number of brands allows Costco to get the kind of volume discounts it needs to offer the lowest prices), like Walmart it offers at least two choices of brands for any given product.

Providing a competitor’s products can help insurers, too. The objective is to give customers a selection ample enough that they can compare insurance products and choose the product that works best for them. As with Costco, this may mean offering the customer a choice between two brands that offer different price points and levels of coverage.

3) SELL CUSTOMERS EVERYTHING THEY WANT

There’s nothing haphazard about the layout of a Walmart or Costco. Superstores invest a great deal of time and money walking the walk of their customers. They think through how customers search and shop for products and how those products should be grouped for optimal cross-selling opportunities.

While insurers understand the profitable art of cross-selling, in theory, I’ve witnessed more than a few property and casualty insurers who’ve missed big opportunities to cross-sell products. What happens when that flower shop you just insured needs auto insurance on its three delivery vehicles and you don’t have it? If the insurer isn’t prepared to sell the customer what she wants, the customer will go to the competition to satisfy her multiple coverage requirements.

4) NEVER LET THE CUSTOMER LEAVE EMPTY-HANDED

The path from creating awareness to having a customer walk through the door ready to purchase is long and expensive. A superstore does everything in its power to make sure you have no excuse to walk out the door without buying something.

Factoring in advertising and promotional campaigns, the cost of bringing a paying customer through the door could be as high as $400 to $500 for some insurers. Every insurer’s goal should be to make effective use of a lead by finding some way to fulfill the customer’s product needs.

I’ve only scratched the surface. Now it’s your turn: What superstore selling practices do you think insurers should consider to win market share?