Tag Archives: risk management

Managing Challenges of Civil Unrest

Over the last year, many communities have faced large riots and protests that destroyed public and private property and resulted in hundreds of injuries. While these events carry a certain amount of unpredictability, an organization’s planning and response to these events can minimize losses and, most importantly, keep people safe. 

The latest Out Front Ideas with Kimberly and Mark webinar included a panel discussing the risk management challenges associated with civil unrest. Our guests were:

  • Anas Al-Hamwi – senior director, occupational health and injury management, Walgreens
  • Renata Elias – senior vice president, consulting solutions, Marsh
  • Barry Scott – deputy director of finance, risk manager, city of Philadelphia
  • Thomas Simoncic – president, Property Americas, Sedgwick

Protect, Prepare and Partner

No response is effective without proper planning and preparedness measures. Employers should consider their situational readiness by identifying tools that exist within their infrastructure, particularly their partnerships. Engaging industry peers, local community leaders and municipalities creates a network of advisers to assist with early communications to all stakeholders. If there are multiple operations locations, empower your leaders at each site to make the right decisions by giving them the tools they need to execute proper procedures. 

In planning, public entities need to adapt to allow and protect First Amendment activities while also ensuring lives are protected. While the balance can be tricky, partnering with federal, state and local governments can forecast any potential issues. First responders and police units need to be in constant communication to respond to any event rapidly. Including everyone from fire units to public transit employees ensures a collaborative effort. Keeping communities informed with timely messages keeps both the public and employees safe.

Having a crisis management capability within your organization helps senior leadership respond both quickly and appropriately. Formalize your crisis management plan with reporting incidents, escalation to senior leadership, defining the criteria for an escalation, incident screening and notification and activation of the senior leadership. Once you have buy-in and collaboration, you can align and integrate with all stakeholders to ensure the process is trained and exercised for capabilities.

Property Loss 

While civil unrest is not a natural disaster, like hurricanes, these events carry similar characteristics in that they are widespread, occur over different dates and cause varying levels of damage and business interruption. Understanding what your policy covers and does not cover is critical to preparation. Reach out to your partners within your carrier and broker relationships to fully assess your needs. Understanding the definition of occurrence in a policy can determine whether multiple days of civil unrest are considered one deductible. Establishing a timeline is necessary so your partners can scale and meet your needs while finding escalation and remediation points.

While protecting property is critical to restoring business activity, protecting people and their livelihood should always be a priority. Does your business continuity plan include details directing employees where to go if a specific location cannot operate? Will your vendors or suppliers know where to make deliveries? Where will your critical processes take place? All of these items should be addressed to ensure all stakeholders are prepared for a crisis. Mobilization with partners and vendors before an occurrence can affect response time, enabling an organization to get back to business faster.

See also: Did You Use the COVID Down Time?

Prioritize Your People

As you strategize for potential events and develop a continuity plan, people should be your priority. In keeping your employees and the community safe, communication and preparedness are key. Internal communications should be aligned with your strategies to ensure a coordinated response, and making appropriate connections with media partners can assist with disseminating external communications to the community. 

Civil unrest training, developed specifically for regions, can help employers establish preparedness measures for their workers. It forms a basic knowledge of staying safe in a crisis while also keeping people informed of the business continuity plan. Communicate with federal agencies and local municipalities to make sure your protocols meet their standards. Make sure your workers have resources like an employee assistance program to address their mental health throughout a crisis. Property can always be replaced, but human lives cannot, so people should always be the starting point when developing your plan.

Lessons Learned

The last year has served as a lesson in crisis for many organizations, especially those experiencing the aftermath of civil unrest for the first time. Responding to the next event requires careful consideration of what was missing in your initial response. Perform internal debriefs and post-incident reviews to highlight any gaps and bridge the silos. And when determining risks, consider all the external factors currently, like labor shortages, logistical supply chain and inventory issues and rising inflation. These can all add to the costs associated with property repairs. Lastly, this past year has taught us that truly anything can happen, so go forward humbly and be prepared for what you do not expect.

Killer Flying Robots Are Here — What Now?

In the popular Terminator movies, a relentless super-robot played by Arnold Schwarzenegger tracks and attempts to kill human targets. It was pure science fiction in the 1980s. Today, killer robots hunting down targets have not only become reality, but are sold and deployed on the field of battle. These robots aren’t cyborgs, like in the movies, but autonomously operating killer drones. The new Turkish-made Kargu-2 quadcopter drone can allegedly autonomously track and kill human targets on the basis of facial recognition and artificial intelligence—a big technological leap from the drone fleets requiring remote control by human operators. A United Nations Security Council report claims the Kargu-2 was used in Libya to mount autonomous attacks on human targets. According to the report, the Kargu-2 hunted down retreating logistics and military convoys, “attack[ing] targets without requiring data connectivity between the operator and the munition.”

The burgeoning availability and rapidly expanding capabilities of drones pose urgent challenges to all of humanity. First, unless we agree to halt their development and distribution, autonomous killer drones like the Kargu-2 will soon be affordable and operable by anyone—from rogue states all the way down to minor criminal gangs and individual psychopaths. Second, swarms of killer drones may, through sheer numbers, render irrelevant the defenses against terrorist threats deployed by technologically advanced nations. Third, in creating a challenging new asymmetry in warfare, autonomous killer drones threaten to upset the balance of power that otherwise keeps the peace in various regions. The increasing ubiquity of affordable drones is an open invitation to one power and another to turn stable regions into battle zones.

The arrival and rapid proliferation of robot-like killer drones comes as no surprise. For decades, consumer technology has been outpacing military adoption of advanced technologies. Because a drone is essentially a smartphone with rotors, today’s affordable consumer drones are largely a byproduct of the rapid development of smartphone technology. They are making access to the third dimension essentially free and creating new commercial opportunities: Drones can already deliver groceries and medical supplies directly to your doorstep. But in endowing drones with human-like cognitive abilities—for instance, by combining rapidly improving facial recognition with artificial intelligence—will make powerful targeted weapons available to tin-pot despots, terrorists, and rampaging teenagers at a fraction of the cost of the fancy drones flown by the U.S. military. And unless we take concrete steps now to oppose such developments, instructions to turn cheap off-the-shelf drones into automated killers will be posted on the Internet in the very near future.

To date, artificial intelligence has struggled to provide accurate identification of objects and faces in the field. Its algorithms are easily confused when an image is slightly modified by adding text. An image-recognition system trained to identify an apple as a fruit was tricked into identifying an apple as an iPod, simply by taping to the apple a little strip of paper with the word “iPod” printed on it. Protesters in Hong Kong have used sparkly paint on their faces to confound government facial-recognition efforts.

See also: Wake-Up Call on Ransomware

Environmental factors, such as fog, rain, snow, and bright light, can dramatically reduce the accuracy of recognition systems employing artificial intelligence. This may allow a defense against drones using relatively simple countermeasures to confound recognition systems at their present level of development. But to actors who already place a low value on collateral damage and innocent victims, accuracy is not much of a concern. Their drones might be programmed to kill anyway.

What’s more, any defense against the drones zeroing in on individual targets does not prevent their deployment as new weapons of mass destruction. A swarm of drones bearing explosives and dive-bombing a sports event or populated urban area could kill numerous people and would be hard to stop. Various companies are now selling drone countermeasure systems with different strategies to stop rogue flying objects, and advanced militaries have already deployed electronic countermeasures to interrupt the drones’ control systems. But so far, shooting down even one drone remains a challenge. Although Israel recently demonstrated an impressive flying laser that can vaporize drones, shooting down an entire swarm of them is still well beyond our capabilities. And with the new generation of autonomous drones, simply blocking communication to the drones is not enough. It may be critical to develop ways to safely bring them back to Earth in order to avert random chaos and harm.

To a group intent on causing significant damage, autonomous drones open an entire new field of possibilities. Imagine attacks on 100 different locations in a single day—the effects of the 9-11 terrorist attacks on the United States could pale in comparison.

Though all countries are at risk of killer-drone attacks, the most likely victims of the first wave of these weapons are poorer countries with porous borders and weak law enforcement. The same gap between rich and poor states in the effects of COVID-19 is likely apply to the vulnerability to autonomous drones. The first such battles are more likely to play out in Africa rather than America—and with heavier tolls.

The companies producing the new wave of autonomous flying weapons are heavily marketing their wares. Meanwhile, the United States and China have thus far refused to back calls for a ban on the development and production of fully autonomous weapons. Washington and Beijing are thereby providing a cover of tacit legitimacy for weapons makers and governments deploying the new killer drones in the field.

Admittedly, the drone threat cuts both ways. Autonomous or semi-autonomous drones have been used to tip the battlefield balance against rogue states; in Syria, rebel groups have used drones as an asymmetrical weapon against Russian-made armor, destroying multimillion-dollar tanks with cheap drones.

But the risk of drones ending up in the hands of malevolent actors and being deployed as weapons of highly inaccurate mass destruction far outweighs their possible military benefits in guerilla warfare. Asymmetrical warfare disproportionately benefits forces of chaos rather than forces of liberty. It is not too late to place a global moratorium on killer robots of all kinds, including unmanned aerial vehicles. This would require a change of strategy on the part of the great powers. But any such moratorium should confine itself to offensive systems only, while all manner of anti-drone defense should be allowed. As part of a ban, the wealthy governments should consider subsidizing the purchase of drone-defense systems by poorer countries and teaching them how to defeat drone swarms. Drone technology is a global problem that humanity should address together.

See also: 6 Cybersecurity Threats for Insurers

In the Terminator series, the killer robot is eventually destroyed. In reality, the battle to confine artificial intelligence to constructive uses will be constant and never-ending. Its application to killer drones is merely the first, short chapter in a long book of artificial intelligence as an agent of chaos. Whether we choose to act to close that book will determine the type of future we want to hand to our children. It will be either a world of Terminator chaos with the specter of death in every corner—or a world like Star Trek, where humanity’s cohesive efforts channel technology to prioritize social good and prosperity over conflict and violence.

Better Models for Next Pandemic

Natural catastrophe risk models have revolutionized the property/casualty re/insurance business over the past 30 years. They have allowed more efficient deployment of capital by providing a rigorous way of estimating potential losses, better quantifying the tail and increasing trust in the probabilities assigned to natural disasters and the damage and losses they produce.

All of these models have been developed from common assumptions: An event happens and produces impacts on a known (although somewhat uncertain) exposure (property or other fixed asset), which has a known (although, again, somewhat uncertain) vulnerability to the consequences (hazard) of the originating event. Using an intricate mix of physics (through natural science and engineering lenses) and statistics, such models produce insurance loss estimates that are, generally, robust and defensible.

As new systemic and non-natural risks have emerged, establishing the potential future loss range of perils, such as terrorism and cyber, has required the introduction of social science disciplines (and greater levels of uncertainty) but did not greatly disrupt the established logic of the cat model; the components and controls remained familiar.

Not so infectious disease models. First introduced to the insurance sector to capture excess mortality from global pandemics in the life insurance business, they began as a combination of stochastic elements of natural catastrophe models with a well-established form of epidemiological model, the Susceptible – Infectious – Recovered compartmental model (and its many and varied siblings).


From a traditional cat modeling perspective, there remained a lot of unknowns. For example, the two components of “hazard” – location and intensity – were both poorly understood, thanks to a very sparse and poorly documented experiential history and only a rudimentary understanding of the zoonotic viruses that are the dominant cause of epidemics and pandemics.

And the model architecture required was more Gaudí than Brutalism. There is no fixed exposure or vulnerability; both are dynamic and feed directly back into the model in its next time step. And exposure and vulnerability are not controlled by engineering equations, they are assumed impacts of political decisions and human behavior, of travel webs and social networks.

The Sars-CoV-2 virus has brought epidemiological modeling to our living rooms (many doubling as home offices). Previously obscure epidemiological modelers have become household names, and the concepts of reproduction numbers, non-pharmaceutical control measures and even herd immunity have become all too familiar. Covid-19 is by far the best-documented pandemic ever, but even after many months of live information being available (although to widely varying degrees and with a broad quality range) to calibrate forward-looking models of case counts and mortality, inconsistencies and uncertainties abound.

See also: Transformation of the Risk Landscape

Epidemic forecasting, by nature, is a tall order. In some cases, these model inconsistencies are due to different assumptions that necessarily change as new information becomes available. Another reason model outputs may not reflect future outcomes is because there is a feedback loop dynamic – models affect reality. If a model predicts a dire outcome, it may in fact prompt decision makers and even the general public to change their behaviors, thereby changing the final outcome.

Further challenges are found in the conversion of pandemic model outputs to the short-term economic impacts of interest to P&C re/insurers. The literature on the economic impacts of pandemics is extremely sparse (although this will change) and dominated by economic simulations that sit on top of epidemic simulations, rather than empirical data. The consequences of government policy responses (like lockdowns) and sociological dynamics (fear, social distancing) are generally not economic outputs from models but input assumptions driving the direction of the reproduction number and, ultimately, the outcome of the epidemiological event.

As one moves from modeling a single event to the full probabilistic modeling familiar to the re/insurance industry, additional challenges must be addressed.

We think near misses are frequent in real life and must be captured via counterfactuals in the modeling domain; two coronaviruses with very similar characteristics emerging in very similar locations can lead to very different global outcomes, at the whim of individual actions – by patient zero, a head of state or many people in between – impossible to fully capture stochastically. Big challenges remain in quantifying public policy and behavioral elements that shape the nature of risk; these, too, need to be mapped out as they evolve over time and then linked to biological and epidemiological modeling frameworks.

Lessons to learn

Progress is being made, however, and Covid-19 learnings will help, although the temptation to model to the last big event has to be closely managed. The next pandemic will most certainly be different in character.

There have been significant advances in our understanding of the nature and spatial distribution of zoonotic viruses that pose the greatest risk of spilling into human populations and igniting pandemics. Improvements in biosurveillance have also shed new light on the rate of spillover, which is critical to characterizing high-frequency events, as well as the tail.

There are also continuing advances in modeling methodology, ranging from the incorporation of socio-political factors to capturing population movements. And there is still work to be done. The assumptions required to construct a probabilistic pandemic model are hugely influential on outcomes but are now based on expert judgments that are art as much as science and vary (often in ways that are not readily quantifiable) from modeler to modeler. The use of structured expert judgment to quantify and constrain uncertainties in such assumptions – and thus in model outcomes – is an area of development that carries promise from successful deployment in other contexts and, alongside other innovations, will help to build a level of trust in pandemic models that approaches that found in nat cat models.

See also: Benchmarks, Analytics Post-COVID

Despite present and future scientific and modeling advances, the full benefits will not be realized if there is a failure among decision makers to effectively use data and analytical tools as part of their decision-making process, whether it be to inform preparedness or guide response activities.

In the context of the global re/insurance market, it must be recognized that while modeling infectious disease risk is challenging and will take time and resources to build the level of trust found in nat cat models, there are already pathways to gain an understanding of the risk. This present understanding is sufficient to support tangible innovation – policy experiments, insurance structures, refinements to preparedness and mitigation strategies – within both public and private sectors. Ultimately, further innovation will be necessary (and is entirely within our grasp) if we hope to better manage the financial and social consequences of future epidemics and pandemics.

The Human Risks in Insurer/Broker M&A

Insurers, brokers and all businesses, for that matter, already know there will be people issues to deal with during and post any merger or acquisition. These issues pose real risks for companies, yet they are not always identified or addressed. With an uptick in M&A in the industry, it is timely to consider some of the most common of these risks.

Who Leaves; Who Stays – Turnover Risk  

Even before a deal is completed, some staff members may decide that they do not want to live through the turmoil and change involved in combining companies or they may fear they will not fare well in the combined company. Such staff members begin looking for opportunities elsewhere. Among the staff who decide not to be part of the new entity, there may be some whose leaving would be detrimental for the entity, for example:

  • High performers,
  • Staff with specialized expertise,
  • Staff who have ties that will enable them to bring customers with them to the new employer,
  • Staff who have a strong internal following that will enable them to bring other staff with them to the new employer.

In some cases, these individuals may have non-compete agreements with the one or the other company in the deal, which could lessen the potential impact of their leaving. However, these agreements are not always enforceable. This may be especially true in cases involving a change in corporate ownership or structure.

One way to minimize undesirable turnover in M&A situations is to talk directly with the individuals who will be vital to the new entity. However, seek advice from legal counsel about how any discussions should be handled. There are multiple potential pitfalls in discussing the future with staff, such as: 1) saying something that can be construed as a promise when it might not be possible to keep such a promise, 2) saying something that might be construed as a threat, 3) saying something that is contractually prohibited by terms in the deal. These are just a few examples among many.

 Reductions in Force – HR Administration Risk

Most M&As come with expectation that they will create economies of scale and that overall headcount will be reduced in the new entity. For that to happen, whatever reduction in force voluntary turnover does not produce will have to be made up for by management deciding who to retain and who to let go.  

The first risk in this regard is legal. Decisions about terminations need to be made in keeping with all laws and regulations involved. From starting with adherence to the Warn Act (notification requirements applicable for a certain number of terminations in a given location) through to adherence with the numerous laws and regulations regarding individual termination decisions and their combined impact on various protected classes, there are many things to keep track of. Risk certainly exists in terms of inadvertently (or intentionally) failing to comply with any one or a number of such laws and regulations.

See also: Bringing Transparency to Brokerage Selection

The second set of risks are not legal but rather assessment risks in doing staff reductions. For example, there is always the risk of mistakenly selecting better performers for termination while retaining the less good performers. There is also the risk of terminating too many staff, only to have to incur the cost of recruiting for positions that were recently vacated. Conversely, there is the risk of not reducing enough staff at the beginning, only to have to keep up a steady stream of terminations, which hurts momentum and morale in the new entity.

The ways to avoid some of these risks is to identify them early, address them with ample mitigations and monitor the status of planned mitigations. To do this well requires knowledgeable and skilled HR and other professionals to be involved.   

Culture Wars – Culture Risk

In combining companies, the question of which company and its staff is the “winner” becomes divisive, despite efforts made to avoid the appearance of “winners” and “losers” from the deal. After years of building team spirit and using motivational language about beating the competition, among other actions, companies think they can flip a switch and have staff from two different companies embrace each other. It is not so easy.

Generally, an all-out culture war ensues after a merger or acquisition. The risks that emanate from a culture war include:

  • lack of co-operation among staff, which leads to errors, lost opportunities and extra expense,
  • delays in getting things accomplished as “sides” bicker and negotiate,
  • reputational damage as internal strife leaks into external interactions.

Among the mitigations for this are:

  • the senior team models cooperation and camaraderie for the rest of the organization,
  • expectations about culture are clearly communicated,
  • mixed teams are formed to tackle projects with an objective third party, an HR staffer or consultant included to intervene or point out unproductive behavior,  
  • cooperation is positively reinforced. 

Employment-Related Litigation – Litigation Risk 

As part of due diligence, any existing employment-related lawsuits or regulatory complaints should be disclosed. What these open cases will ultimately result in is an uncertainty. Risk is definitionally uncertainty. There is always the risk that one or more of these, if they exist, will create a loss for the new entity, whether reserved for or not, unless they are contractually transferred elsewhere. 

Perhaps more importantly, new lawsuits or regulatory complaints could arise from the nature of actions taken as part of the merger or acquisition. They could emanate from the way staff terminations are handled or from the way benefits, such as pensions, are treated.  

See also: Why Open Insurance Is the Future

Both old and new litigation or complaints to governmental agencies need to be identified as risks and accounted for within the totality of the deal construction and implementation.

EPLI and transaction insurance are available to help manage this risk.


M&A can add value yet carries a good deal of risk. Shareholders have begun to better understand those risks and to look at how well boards and management teams handle them. Companies must recognize all the manifestations of people risks and be proactive in addressing them.

The Perils of the Purchasing Process

Most public entities and many private companies have switched to a procurement model for all contracts and purchasing. This model means a centralized department is responsible for all these decisions, ranging from office furniture and supplies to purchasing insurance and risk management services. Risk managers and service providers are often challenged to demonstrate the value of such services beyond simply price, and pricing alone is not the best comparative measure of such services.

The latest Out Front Ideas with Kimberly and Mark webinar brought together two risk management and procurement teams to discuss how they work together to achieve the overall goals of their entities and how vendors seeking contracts can best differentiate themselves from their competition. Our guests were:

  • Amber Feldman – purchasing agent and contracts administrator, state of Colorado
  • Chelsea Gilbertson – contracts and procurement director, state of Colorado
  • Rick Graham – chief risk officer, Southeastern Pennsylvania Transportation Authority
  • Julie Mileham – director, State Office of Risk Management, state of Colorado
  • Cristal Swift – risk management administrator, Southeastern Pennsylvania Transportation Authority

Framing the Issues

Public entities are often scrutinized over vendor choices because of procurement guidelines they need to adhere to and federal and state oversight. If government partners believe funds are being used inappropriately, consequences can result in reduced funding. Additional funding sources, like pass-throughs and grants, can be added to one project, making adherence to statutory requirements even more complicated, with multiple sources to track. These inherent challenges are precisely why the vendor selection process is extensive and thorough. 

Transparency throughout the process is also vital to maintaining public trust, especially when taxpayer dollars are involved. When the solicitation process begins, the process must remain competitive and fair, as to even the playing field for all vendors, including those currently contracted with the entity. 

Evaluating Third-Party Vendors

From the beginning, program needs should be extremely comprehensible to vendors, making the language in the request for proposal (RFP) critical. Transparent language also clarifies what is being asked of vendors and will ultimately help develop the final contract. RFPs should also include all mandatory minimum requirements and the scope of work, so expectations are unambiguous. Including the evaluation criteria and the entire selection process in the RFPs will further clarify the entity’s needs and allow vendors to know what they’re getting into. Additionally, consider a debriefing process after contracts are awarded so that vendors are aware of what they can improve on the next time, regardless of whether they were chosen or not. 

See also: State of Mental Health in the Workplace

Risk Management Purchasing

When seeking risk contracts, procurement teams should consult with their risk managers to appropriately develop the RFP. This allows risk managers to manage vendor risks and identify what can be transferred appropriately between parties within a project. Risk managers should also independently evaluate all bids, which is critical to identifying exposures and understanding coverage. One project may require pollution liability coverage while others may not, so it’s essential not to use a one-size-fits-all approach. With projects differing in size and scope, using scalable solutions can help ease the process.

Communicating early and often with the procurement team will also ensure that they consult with their risk management team for all future projects. Inviting all parties to a roundtable discussion can assist in keeping the lines of communication open and concrete relationships while verbalizing any concerns. Timeliness is critical in contract decisions to properly coordinate with vendors and keep the project goals on track. Remember that, throughout the vendor selection process, it is crucial to choose what’s best for the entity and not just easiest for the transition.

Advancing Your Purchasing Processes

Many entities expect vendors to be intuitive about their needs, but expectations should be made clear to make program goals a reality. And while there are a multitude of ways to make the procurement and purchasing process less painful, our guests offered a few critical elements to pay attention to. 

Start the RFP Process Early. The earlier this process begins, the better. Applications should be submitted early, and the underwriting data should be flawless. Take the time to understand the process and ask concise questions when writing a submission. Establishing the program needs early will help vendors better understand the scope of work and requirements. 

Look Beyond Cost. Often the price is viewed as the most crucial factor when choosing a vendor, when the actual value can be found elsewhere. This methodology can also prevent growth within a program. Consider the other values that a vendor may bring to elevating a program, looking at cost last. Additionally, examine preemptive challenges, like if a vendor comes back with several changes to a contract, this could be an early indicator of how they’ll work within the project.

Avoid Silos. Collaboration and communication in the planning stages can be crucial to your program goals, and bringing in additional departments to review RFPs can bring a fresh perspective to your evaluation process. Considering department input, like budgeting and accounting, can clarify implications around the solicitation process. Also, speaking with risk managers early can help identify associated risks that can be communicated to vendors.

Know Your Risks. Risk implications are involved with everything regardless of if it’s directly related to risk management. Discuss your concerns regarding coverage with brokers and ensure that complex issues are addressed. Use them to review coverage language and ensure that coverage in contracts and bids is appropriate for the risks your organization is willing to accept. If you’re unsure of risks, ask yourself what taxpayers should really be liable for. 

See also: Why Open Insurance Is the Future

To listen to the archive of our complete Perils of Purchasing for Public & Private Entities webinar, please visit https://www.outfrontideas.com/. Follow @outfrontideas on Twitter and Out Front Ideas with Kimberly and Mark on LinkedIn for more information about upcoming events and webinars.