Mining for Gold—and Other Creative Ways Companies Are Combating E-Waste

By Russ Banham

The facts surrounding electronic waste, commonly referred to as e-waste, are staggering. Although nearly all e-waste can be recycled, 60 percent ends up in landfills, where toxic metals leach into the environment and can cause severe damage to human kidneys, blood, and central and peripheral nervous systems.

More than 50 tons of e-waste is produced each year through the discarding of used or unwanted electrical and electronic devices, many nearing the end of their useful purpose. In an effort to show the magnitude of the e-waste problem and promote recycling, artist Benjamin Von Wong worked with Dell to create photograph sculptures using two tones of old laptops, keyboards and circuit boards – all of which can be recycled.

The message? The past can power the future but time is of the essence. A 2010 report issued by the United Nations indicated that the volume of e-waste could increase by as much as 500 percent in developing countries alone by 2020. Newer statistics are hard to come by, but the overwhelming consensus is that much can be done to positively alter the status quo and combat these staggering 2020 figures. Here’s a look at just a few creative solutions for tackling the mounting problem of e-waste.

Revitalize the Manufacturing Sector

Inside of the 44.7 million metric tons of e-waste produced in 2016 lays approximately $55 billion of gold, silver, copper, platinum, palladium, and other high-value recoverable materials, according to a 2017 report by Global e-Waste Monitor. That figure exceeds the gross domestic product of most countries in the world, and presents a compelling financial incentive for municipalities and businesses to consider ways to pursue more robust e-waste management.

E-waste mining is one innovative solution to recover these precious materials. With $35 million in financing, BlueOak Resources has built an urban refinery in Osceola, Arkansas to recover “technology metals” from 15 million pounds of electronic scrap each year. The first of its kind in the U.S., the refinery exemplifies a type of development that can reinvigorate the American manufacturing sector.

If there’s anything BlueOak Resources proves, it’s that finding ways to extract valuable metals from electronic scraps is not only good for the environment; it is also a healthy financial investment.

Look for Gold

In addition to mining, companies are forging creative partnerships and rethinking the treatment of the precious metals hidden in technology e-waste. “When you think about the fact that there is up to 800 times more gold in a ton of motherboards than a ton of ore from the earth,” Jeff Clarke, Dell vice chairman, explained, “you start to realize the enormous opportunity we have to put valuable materials to work.”

Recognizing that approximately $60 million in gold and silver is discarded each year by Americans through unwanted phones alone, Dell has begun to work with actress and jewelry designer Nikki Reed to recycle excess gold from old computers collected through programs like Dell Reconnect and Asset Resale and Recycling Services and turn it into earrings, bracelets, and rings.

The effort is part of Dell’s “Legacy of Good” program, which outlines social and environmental milestones to achieve by 2020 (and beyond). Altogether, Dell has pledged to recover 2 billion pounds of used electronics and reuse 100 million pounds of recycled content back into their products, all by 2020.

With the help of Dell’s environmental partner, Wistron GreenTech, these efforts have resulted in a process for extracting the precious mineral to use in Reed’s sustainable design line of jewelry, The Circular Collection, through her company Bayou with Love.

More Recycling, More Jobs

Job creation through repairing electronics is another booming creative solution that tackles two birds with one stone. In addition to recycling old electronic material, these programs provide employment opportunities for often underserved or vulnerable communities.

Homeboy Recycling (formerly Isidore Electronics Recycling), for instance, employs former gang members and prisoners in Los Angeles to recycle much of the city’s electronics. “I felt like if I asked people in Los Angeles to give me their electronics, they would, and I could hire people with records to do the recycling,” founder Kabira Stokes told Fast Company in 2017.

The company accepts donations, sorts through the equipment, and then dispatches the ones still working into its reuse department. Those products that don’t make the grade are taken apart to recover and recycle the valuable minerals and other materials. As of early last year, Homeboy Recycling had employed 27 re-entry members and recycled upwards of 2.2 million tons of electronics. According to Stokes, the model is “the future of capitalism.” does something similar, repairing and upgrading yesterday’s tech devices for sale at affordable prices to people unable or unwilling to pay for newer, pricier versions. Through its services, the company is making a dent in the e-waste problem, creating jobs, and giving people access to affordable products—what one might call a triple bottom line.

With millions of tons of electronics thrown to the wayside each year, there are endless opportunities to repurpose valuable materials and aid employment. Whether a tossed device becomes someone else’s next device, a pair of earrings, or the inner workings of the next new device — what is yesterday’s trash might just become tomorrow’s future.

Russ Banham is a Pulitzer-nominated business journalist and author who writes frequently about the intersection of business and technology.

Real-Time Payments Have Arrived

By Russ Banham

Treasury & Risk

Prepare for payments transformation. In November 2017, The Clearing House (TCH) and 25 partnering banks launched the first new core payments structure in the United States in more than 40 years. The new system permits real-time payment clearing, marking a major change for treasury operations that have been using the one- to two-day Automated Clearing House (ACH).

Qualifying payments are domestic, interbank electronic transactions. Their payment messages are transferred, and funds are available to the payee, in real time —literally within seconds—on a 24×7 basis. The new system, dubbed RTP for “real time payments,” was designed and built through the collaborative efforts of TCH and its partnering financial institutions. RTP meets the objectives of the Federal Reserve Faster Payments Task Force, which has been tasked by the Fed to identify and assess alternative approaches for implementing safe, ubiquitous, and faster payment capabilities in the United States.

The new system follows late on the heels of the Faster Payments Scheme Limited (FPSL) launched by the United Kingdom in 2008. FPSL moves mobile, Internet, telephone, and standing-order payments quickly and securely, in nearly real time, 24 hours a day. Seventeen banks and building societies are participants in FPSL, with more than 400 financial institutions now offering the service to over 52 million account holders.

Why has the U.S. lagged behind the U.K. by a full decade in developing RTP? “The clearing cycle prior to FPSL in the U.K. was three days, giving them significant impetus to improve the status quo,” says Steve Ledford, senior vice president of product and strategy at TCH. “In the U.S., we already had ACH and next-day payments. There was less of a gap to make up.”

Another factor slowing implementation in the United States was the sheer volume of financial institutions dotting the American landscape—more than 100,000 entities in all. TCH and its partnering banks needed extra time to design a payments model that could scale to address all these institutions’ different capabilities. As Ledford puts it, “We needed to find a model that worked for everyone.”


Worth the Wait

Similar to wire transfers and ACH, RTP is another component of the core industry payments infrastructure, with the potential to support diverse use cases. In a business-to-business context, RTP is a credit “push” system. Payments are pushed from the bank account of the business making the payment to the bank account of the company receiving it. In between, RTP supports the financial institution’s customer-facing systems for services like bill payment, cash management, peer-to-peer (P2P) payments, and emergency disbursements. Messages such as requests for payment, payment confirmations, requests for additional information, and remittance detail are used to create frictionless customer-facing interactions.

TCH is working with a wide array of industry stakeholders, including community banks, credit unions, and financial institution service providers, to drive adoption of the long-sought real -time payments system. “The reality is that we’ve been talking about payments transformation for the past 25 years,” says Alberto Casas, managing director and North American head of payments and receivables at Citi, one of TCH’s partnering institutions and one of six banks currently processing payments through RTP. The others are JPMorgan Chase, BNY Mellon, SunTrust, U.S. Bancorp, and PNC Financial Services Group.

“However, we wanted a model that didn’t just promise immediacy and faster payments,” Casas adds. “We also wanted to create ‘smarter’ payments—a standardized data set that allowed for clean interactions between parties to send and accept inbound or outbound payments. Today, payments and payment information don’t always travel together perfectly, with the receiver often misunderstanding the purpose of the payment, culminating in costly and frustrating interactions.”

An example is a wire transfer that lacks details indicating the purpose of the payment. Without the right payment guidance, the recipient company may not connect the payment to the right receivable. RTP obviates this possibility by supporting the transfer of critical information about a payment along with the transfer of funds, to efficiently deal with back-office reconciliation issues.

This unique capability was designed and developed using technology from Vocalink, the software vender that built the U.K.’s faster payments system and which is now owned by Mastercard. TCH wrote the code for RTP and is the system operator.

Heightened payment security was another factor weighed carefully in the development of RTP. The new payments system is the first to be built and launched in the United States since the advent of the Internet. Over this period, incremental changes have occurred in payments, beginning with the gradual reduction in the use of cash and checks, and continuing forward with the digitization of payments and standardized messaging.

“Previous fast payments systems were based on older-generation technology and payments standards,” Ledford says. “An advantage for us being later to the game is that we could learn from and piggyback off of the previous systems’ upgrades. We’ve developed a system using secure, digitally capable Web-based protocols. So we’re not just fast, we’re also safe.”


Treasury Opportunities

Treasurers who leverage the RTP system may help their companies achieve competitive differentiation in their markets.

“With RTP, the payments system can actually become a customer engagement tool,” says Casas. “An insurance company, for example, can provide instant claims payments to a company devastated by a natural disaster.”

Now that the United States and several other nations have introduced independent systems for faster payments, other countries around the world are expected to follow suit, resulting in significant changes in how businesses and consumers send and receive payments globally.

“Today’s payments systems are the building blocks upon which future payments innovation will be built,” says Casas. “Nevertheless, we’re not predicting that all payments will move to a real-time payment channel overnight. RTP is an additional option for payers and receivers to support unique use cases.”

He provided the example of a consumer who has not paid his or her electricity bill on time. “RTP will allow for a request for payment to go from the utility to the consumer’s bank,” Casas says. “When the bank receives the request, it can instantly forward a detailed message through RTP to the consumer that the payment is now overdue. There are multiple benefits, including the avoidance of late fees and/or service disruptions while simultaneously helping to build trust and customer loyalty.”

The business owner sees that if the bill isn’t paid immediately, the electricity will be turned off. “If the person chooses the ‘click to pay’ option, the money is moved from the bank to the utility in real time to avert a shutdown in power—and possibly even a late payment fee,” he says.


Treasurers’ Next Steps

Treasurers interested in adopting RTP need to first determine its value in the context of their current business operations. Moving to RTP might require new payment technology, particularly if the company’s current system releases batch payments periodically to address specific deadlines.

“Business customers need to contemplate API [application programming interface] connectivity with their banks to release transactions in real time, as opposed to batch,” Casas advises.

Treasurers may also need to change the way they manage liquidity and working capital, creating models in their accounts that move money from point A to point B, he adds. Furthermore, with an RTP system, security needs to be embedded in the company’s operational processes at the item level as opposed to the batch level.

Citi is working closely with its commercial accounts to prepare them for these changes. Ledford says the other five TCH member banks are also assisting their business customers with the transformations required.

Response to RTP has been highly positive thus far. “We’re already hearing from the treasurers now using RTP that the big difference for them has been immediate confirmation of a payment,” Ledford says. “They’re telling us they cannot overstate how important that has been— the certainty it gives them in simplifying processes like reconciliations.”

Treasurers are also touting the speed of the new payments system in assisting their just-in-time supply and demand obligations. An example is a midsize or smaller company buying from a supplier with which they don’t have a credit relationship. “The company needs the product to ship soon but is concerned over payment,” says Ledford. “What might have taken weeks to resolve in the past takes a couple hours and less, due to the new system’s certainty [of payment] and speed.”

Down the line, more and more financial institutions and their customers will be engaging in real-time payments. “We’ll see material adoption [of RTP] in 2019, when more banks are online with more features and functionalities, such as requests for payments and extended messaging,” says Casas. “By 2020, we’ll see a high number of banks on the system and payment volume ramping up in a significant way. Beyond that, it will eventually become the material payments method and the primary alternative to existing systems.”

These developments will be felt worldwide. In anticipation, Citi has developed a comprehensive toolkit that addresses its connectivity to all payment methods and channels globally. Casas explains, “We’re focused on building globally inter-operable capabilities to provide a common experience through a central real-time payment gateway. We see this as  a significant differentiator.”

Navigating The Dark Side Of The IoT Revolution

By Russ Banham

Chief Executive magazine

Wesley McGrew is a white hat hacker at HORNE Cyber, where he directs cyber operations. His job is to find security flaws in company systems by hacking into them. Lately, McGrew and his team have been exploiting the vulnerabilities of Internet-connected smart devices like, well, pretty much everything.

From thermostats and coffeemakers to security systems and garage door openers, many commonplace things are embedded with electronics connecting them to smartphones via wireless protocols like Bluetooth. These devices can be connected to the Internet to exchange data, making the work of business more efficient—except when they do dumb things like let hackers exploit them to shut down corporate networks or steal sensitive data. “Any business today has some sort of smart device on its network, either for pure business reasons, like a printer, or for ease of use, like my crockpot,” says McGrew.

His crockpot, which he relies on occasionally for in-office meals, is a demon in disguise. Inside it is a miniature, multi-purpose computer like a circuit board with untold powers—of the bad kind. “The manufacturer of the crockpot has no idea about this computer, other than it switches things on and off,” McGrew explains. “But it is really quite remarkable, with the same power and capabilities as a full desktop workstation from 10 years ago.”

Suddenly, a prosaic crockpot is also a computer designed to automatically connect in the cloud to a company’s wireless network. However, this computer is vastly easier to hack because it was not designed with strong, configurable security in mind. “A lot of them have a hard-coded password that can’t be changed without a firmware update by the vendor,” says McGrew. “The problem is vendors rarely, if ever, update the firmware.”

A worse problem is that this password is instantly available to hackers. “Default passwords of all these devices are available on the search engine Shodan, which allows anyone to find specific devices connected to the Internet,” says Harri Hursti, the famed Finnish programmer whose studies of voting systems unearthed serious security flaws. “You simply type in the name of the device, and it’s amazing what you can find.”

Not Exactly Fort Knox

Blame economics for many smart devices’ shoddy security. “The challenge in selling many smart devices is the need to hit a price point low enough to encourage people to buy the device,” says Irfan Saif, a principal in the cyber risk practice at consultancy firm Deloitte. “To help achieve this price point, manufacturers may limit features around security.”

He is not alone in this alarmist view.

“Three seconds of thought are given to security,” says Dottie Schindlinger, vice president and governance technology evangelist at Diligent, a provider of enterprise governance management solutions. “The goal is to make the device super easy to connect to a WiFi network and other devices—to make them ‘idiot-proof’ for anyone to deploy. Yet, the moment the device connects to a network, it becomes a giant wormhole for hackers to penetrate.”

This was the case with McGrew’s crockpot.

“It was incredibly simple to exploit its security flaws,” he says. “Once in the back door, I used it as my base of operations to scan the rest of the network looking for vulnerabilities in our internal systems. Basically, I had a foothold into our network to do whatever I wanted next.”

A hacker with malicious intent can do the same thing, albeit with devastating consequences—compromise the network, steal sensitive data, hold the organization ransom and crimp the flow of business.

Midsize and smaller companies with tight resources to invest in a chief information security officer and trained IT security staff are most at risk, although even the largest enterprises are not immune.

“Our company is dependent on IT systems, data and our employees for our operations and securing these systems and data is a fiduciary responsibility of management and directors,” says Ken Asbury, CEO of CACI, a provider of information solutions and services for defense, intelligence and federal civilian government customers. “Just like we have to be sure our facilities and our people are secure, we now need to ensure our employees are informed about the importance of and necessary steps to secure smart devices like surveillance cameras, door locks and printers that are on the network….The Internet of things (IoT) is a new area for cybersecurity, one that increasingly poses the greatest amount of risk.”

Awakening the Zombies

This threat was made frighteningly clear in August 2016, when hackers created malware called Mirai that scanned the Internet continuously looking for the IP addresses of smart devices vulnerable to the default password security flaw. The hackers then commandeered these smart devices into a botnet (robot network) that unleashed DDoS (distributed denial of service) attacks on hundreds of websites, shutting them down and causing extraordinary business interruption losses. In a DDoS attack, a website is besieged with so much traffic, it can no longer accommodate legitimate users.

The smart devices-turned-zombies were primarily inexpensive, mass-produced CCTV video cameras designed for security purposes. Two months later, the same malware was used against Dyn, a managed domain name system provider of Internet services to Twitter, Reddit, CNN, Spotify and thousands of other websites, shutting many of its clients down. Approximately 500 companies that relied exclusively on Dyn suffered extensive downtimes.

“In the old days, hackers used powerful IT systems to carry out a DDoS attack,” says Vance Brown, CEO of the National Cybersecurity Center, a provider of cybersecurity training. “Today, it’s much easier to marshal thousands of network-connected smart devices to do the same thing.”

Another eye-opening hack of a smart device involved the hospitality industry. In 2017, a hacker infiltrated the wireless key card system at an Austrian hotel, locking all the doors and shutting down the computer system that operated them. “A ransom in bitcoin was demanded to turn the system back on,” says Jody Westby, CEO of Global Cyber Risk, a provider of cyber risk management services. “The hacking was publicly reported, exposing the hotel to potential reputational damage.”

Smart printers have also been hacked. In 2017, a bored teenager in the UK built a program that hacked into 150,000 Internet-connected printers to print out reams of paper. The clever hacker signed his work “Stackoverflowin.”

Schindlinger cited a more devastating hack. “A certain brand of wireless printer has been shown to have a gaping security loophole, allowing hackers to reprint anything that has ever been printed on the device,” she says. “That may include every legal contract the company has signed, new product information, payroll data, employee names and Social Security numbers—you name it.”

What’s more, once a hacker breaks into the printer, a back door to the rest of the network is opened. As Brown puts it, “As soon as you’re in the house, you have access to all the rooms.”

Even some of the best-selling technology products today may do things users are in the dark about. Brown points to smart speakers like Amazon Echo, noting, “If the device is always listening to you, it also could be spying on you.”

He’s right. A security researcher recently demonstrated how to insert malware into a pre-2017 Echo to stream audio from it to a server, turning the device into a personal eavesdropping microphone.

While there is no software patch available to repair the problem in older units, the vulnerability has been addressed in post-2017 Echo models.

Sending in the Guards

How concerned are corporate risk managers about IoT-related attacks? The answer is extremely. An astonishing 94 percent of cyber risk professionals responding to a study by the Ponemon Institute stated that a security incident related to an unsecured smart device would be “catastrophic,” with 74 percent expressing concern over the loss or theft of valuable data.

What can CEOs to do ensure their companies’ networks and systems are protected? It’s not an easy question to answer.

As McGrew points out, “In many midsize and smaller businesses, the IT security staff is 100 percent focused on keeping the network running. They don’t have time to chase all these smart devices that are connecting to it; they’re at capacity. And most companies don’t have a team of [network] penetration testers—white hat hackers who love to break into devices and pinpoint their vulnerabilities.”

Westby from Global Cyber Risk agrees, noting that it is difficult to sell the firm’s assessments to companies with under $1 billion in revenue.

“Compared with the enormous expense of a business interruption, a forensic investigation is a pittance, yet many CEOs downplay the need,” she says. “This is ridiculous since they have a fiduciary responsibility to investors and shareholders to pay attention to these risks. A big attack can literally do them in.”

The Ponemon Institute study drew a similar conclusion. The respondents cited boards of directors not fulfilling their oversight responsibilities and making management accountable as one of the three major barriers to addressing the risks of smart devices. The other two barriers were insufficient resources and a lack of priority in their approach to cyber risks. “Because it is not a priority and leadership is not engaged, the necessary resources are not being allocated,”

says Larry Ponemon, chairman and founder of the Ponemon Institute. “While smart devices promise good things by sharing information for good purposes, there is a dark side—hackers using the information for nefarious purposes.”

Asbury from CACI says that CEOs must take the risk of connected smart devices seriously and lead the charge in their organizations to do something about it. “Companies must develop a culture of cybersecurity, and that begins with the tone from the top set by the executive team and board,” he says. “A strong culture of cybersecurity makes the security of systems, data and smart devices the responsibility of all employees, not just the IT and security teams.”

He adds, “It takes everyone to keep a company secure, at every level of the workforce, all the way up to the boardroom. But someone has to lead the way.”

Insurance Underwriting 2018

By Russ Banham

Carrier Management

Underwriting is the nucleus of the insurance business. For centuries, human beings have performed this process, evaluating a risk to determine whether or not it is insurable at a profit for the insurance carrier. To this task they brought significant statistical and analytical skills, attention to detail, and judgment.

Well, move over people; here come the robots. Through the use of cognitive computing tools like machine learning, predictive analytics, robotics processing automation, and both image recognition and natural language processing, underwriting is becoming less manual and more automated. Providers of the tools offer novel ways for underwriters to better gauge risk, set premiums, save time, become more efficient and lower loss ratios.

We’ve profiled four such InsurTech companies here, each with a different set of products and services, but all with a similar value proposition: to make insurance underwriting more accurate and less burdensome, freeing underwriters to take on more strategic, value-added work.

Will the tools eventually replace the people whom they are currently helping? Read on.

Intellect SEEC: Expanding Information Boundaries

The unusually named Intellect SEEC (the two words reflect the consequence of a merger) is the first InsurTech enterprise in our lineup. Intellect SEEC provides cognitive computing solutions covering multiple insurance functions like underwriting and distribution via a cloud-based platform. The company focuses on commercial lines underwriting services for primarily medium-sized and smaller commercial insurers and specialty carriers.

Pranav Pasricha, Intellect SEEC’s CEO, said the company reinvented itself after the 2009 merger to bring the latest innovations in machine learning and big data to underwriting. “We’re confident that we’re the best source of structured, semi-structured and unstructured information in the world,” he asserted.

This information ranges from publicly available legal filings and press articles to customer comments and social media feedback. Intellect SEEC’s tools capture this data and ferret out the most pertinent information from an underwriting standpoint.

“We’re able to distill fine-tuned alerts of information about each class of business—the different things that can go wrong and the insights drawn from this knowledge,” said Pasricha. “Such risk indicators often escape the attention of underwriters, yet are crucial elements of the overall risk picture. We’re expanding information a thousand times.”

He’s not necessarily boasting. A human being could not possibly collect and collate 10,000 pieces of information of import to a particular risk. However, using cognitive computing tools like predictive analytics and machine learning, this huge volume of data is compressed into digestible tidbits of underwriting import.

Intellect SEEC also canvasses historical and real-time data sources to make predictions on future loss likelihood. Examples include an upcoming regulation or possibly adverse legal ruling affecting a potential insured’s business prospects or a competitor’s research into the development of a new product or product enhancement.

“Our Risk Analyst product uses machine learning to look at events occurring around an insurance prospect’s business to assess potential risks down the line,” said Pasricha. “We capture this information and provide it to underwriters in the form of an alert.”

Prior to joining Intellect SEEC, Pasricha was the chief operating officer of QBE Insurance Group in Australia, leading the company’s global underwriting transformation effort. Intellect SEEC’s Chief Technology Officer Lakshan De Silva worked with him at QBE in driving this transformation.

“Next up for us is an extension of our current capabilities, incorporating more video into our telematics to further illuminate the risk profile,” said Pasricha. “We also see the Internet of Things as a huge growth platform, pulling and analyzing data from the embedded sensors to provide added insights to underwriters.”

DataRobot: Powering Predictive Models

DataRobot also digs through mountains of risk-based data to unearth underwriting insights, in its case via an automated machine learning platform. Underwriters interact with the platform to create better risk models.

“We help underwriters get an idea of what an insurance policy will cost over a multiyear period of time, presenting the opportunity for the carrier to improve its risk segmentation,” explained Satadru Sengupta, DataRobot general manager and data scientist.

The business of selling an insurance policy today is based on an assessment of a prospect’s historical risk and loss data to price the coverage terms and conditions on an annual basis. Scant thought is given the trajectory of the risk five years into the future and what the premium for the policy would need to be at that time. Predictive big data analytics offers a way to gauge this future cost of goods sold to create a more balanced underwriting portfolio.

Armed with this knowledge, an insurer may determine a particular risk provides a greater long-term return than another risk. “We’re providing a way for underwriters to make better predictions that improve risk segmentation and charge a more accurate premium,” said Sengupta. “We tap into different sets of data and automatically apply open source algorithms to help underwriters build highly accurate predictive models that tell a truer story of future risk.”

DataRobot’s cognitive computing platform also is marketed to carriers for claims, distribution and other insurance processes (underwriting represents less than one-third of its market). The platform can be used to underwrite personal lines and commercial lines products, as well as health and life insurance. Users interact with the platform to build hundreds of risk models in a single click, helping them make better predictions. “We make the process of building a risk model extremely simple,” Sengupta said.

Large global insurance carriers are DataRobot’s primary customers, although its modeling tools also are sold to other industry sectors like banking and health care. Nevertheless, insurance would appear to be the company’s sweet spot. Two former insurance executives—Jeremy Achin and Tom de Godoy (both from Travelers)—are co-founders of DataRobot. Sengupta also hails from the industry, serving stints at AIG and Liberty Mutual. And its chief data scientist is a former actuary.

“We’re insurance through and through, from product design and development through advisory and client interactions,” said Sengupta. “We speak the language of insurance and understand the challenges of underwriting.”

He added, “Oftentimes people think analytics is all about the application of algorithms. Not necessarily so, although they are important. What is most critical is designing the workflow. When you merge experienced data scientists with people who have deep insurance domain expertise, you get solutions that address real business problems.”

In 2018 DataRobot plans to incorporate so-called time series analytical modeling into its platform. Last year, it acquired data science company Nutonian to bolster its capabilities to create models involving time series data. The key word is “time.” As the name suggests, the analyses involve predictions generated by time-based data—years, days and hours.

DataCubes: Solving Underwriting Problems

Unlike DataRobot, DataCubes focuses exclusively on developing machine learning and data science tools for insurance underwriters. “It’s all we do,” said Harish Neelamana, DataCubes’ co-founder and chief product officer. “We solve two big problems: overcoming inefficiencies in how underwriters do their job and providing access to better facts to make smarter decisions.”

Regarding the first solution, by digitizing and automating the processing of insurance applications in real time, the company reduces the paperwork migraines involved in the quote-to-bind underwriting process. The solution also comprises a data integration engine that captures and organizes data from multiple external and internal sources.

“We start with a few pieces of information, like the name and address of a business, and then sift through the usual mountains of publicly available data and licensed data sources that describe various aspects of this entity,” said Kuldeep Malik, DataCubes’ CEO and co-founder. “This typically includes how long the company has been in business, the nature of the work it does, how many employees it has and all sorts of other information. We then apply machine learning to this data to answer specific underwriting questions, giving users an Amazon-like experience.”

An example is a landscaping enterprise that mows lawns, cuts hedges and removes dead leaves. These activities help describe the company’s risk profile for underwriting purposes, culminating in a premium charged for the related exposures. However, by scraping data off websites and social media, the underwriter may learn that the landscaper did a great job cleaning out the roof gutters of a particular customer. Unfortunately, this high-risk activity was neither realized nor reflected in the underwriter’s risk assessment and premium calculations.

DataCubes helps to solve this conundrum. “The underwriter can ask the question: ‘Does the landscape contractor do roofing work?’” said Malik. “The tool interprets this to go out and search data about the company. Up pops some information that the company did some roofing work a couple times. Well, roofers fall off roofs, changing the risk profile.”

Most of DataCubes’ insurance carrier customers are in the $50 million to $100 million range (gross written premiums), although some are in the $500 million to $2 billion category, and one is a top-tier $10 billion-plus insurer. “We focus on underwriters of workers compensation and BOP [businessowner policy] packages—general liability and property stuff,” Neelamana said.

Prior to launching DataCubes, Neelamana spent 15 years performing operational and strategic roles at Zurich Insurance Group and Allstate; Malik, on the other hand, is an experienced entrepreneur. He said, “Our team is a sort of happy medium of data technologists and insurance underwriting experts coming together to solve underwriting problems.”

RiskPossible: Continuous Underwriting

RiskPossible is the newest kid on the block, a startup still getting its footing. Like the other InsurTech companies, its founder and CEO Michael DeSiato hails from the insurance industry. His mother and two uncles launched the small Granada Insurance Company, a Florida-based property/casualty carrier, in the 1980s. “My mom introduced both insurance and entrepreneurship when I was a little kid,” said DeSiato, who was in Des Moines, Iowa, taking part in a global accelerator program for startups when interviewed for this article.

The company has yet to make its official launch, although it has participated in several pilot projects. RiskPossible also leverages data access and analysis tools, but for a somewhat different purpose. “We help underwriters find out if a policyholder’s risk profile has changed dramatically since binding,” said DeSiato. “We provide this information through our continuous underwriting engine.”

Rather than underwriting being a once-and-done exercise with an annual reappraisal of client risk, DeSiato wanted to make it more of an ongoing process throughout the life of the policy. His thinking was that important risk-based data was escaping the attention of carriers—information that may compel it to cancel the policy.

“We’ve partnered in a pilot program with a nursing home, providing a continuous feed of risk-based data that our tool has scraped off different public and private sources of information, including social media,” he explained. “Once you go down the rabbit hole, the amount of information is incredible. Based on the insights we learn, an alert would be sent to the underwriter to re-evaluate the risk.”

DeSiato provided the following scenario: a nursing home whose fire and smoke doors were recently inspected to ensure compliance with a new rule from the U.S. Centers for Medicare & Medicaid Services (CMS) covering the installation, care and maintenance of many types of doors and assemblies in a healthcare setting. If the company fails the test, this information typically would not reach the underwriter until just before the policy renewal.

“Say you have a restaurant regularly failing inspections for pests or with multiple infractions of people not washing their hands. Wouldn’t the carrier want to know this immediately?” asked DeSiato. “This way you could send out your own inspector to do a renewal review much earlier in the process. Depending on the state, you may have the ability to do a midterm policy cancellation.”

RiskPossible currently is engaged in a joint venture with a provider of IoT-enabled sensors measuring temperature and moisture. The plan is to feed this data into its continuous underwriting engine in time for the company’s imminent launch.

“We want to put the sensors inside freezers in restaurants to detect drops in temperature causing potential food spoilage, and in commercial buildings to discern evidence of a leak, with the data going to both the insured and insurers,” said DeSiato. “We’re also working with another partner that has developed a tool that counts the number of people going in and out of a facility. All this risk-based data coming from multiple sources has import for underwriting, well before the renewal.”

Back to Those Robots

As these stories relate, machine learning and data science technology should make the job of underwriting easier and more efficient and productive. But will the tools eliminate the need for underwriters in the future?

All the interviewees demurred on the point. “The day a machine does what human underwriters do is the day there is nothing left for anyone to do,” said DeSiato. “Underwriting requires three things: intellectual curiosity, domain knowledge and creativity. This is what human beings provide. At best, the tools will help underwriters enhance their portfolios and productivity. They won’t replace people—not any time soon.”

Pasricha from Intellect SEEC has a slightly different perspective. “In the future, every job is going to be disrupted by machine learning, including those of underwriters,” he said. “But this doesn’t mean underwriters will be replaced entirely. An important job in the future will be training the machines to underwrite—something that only the best underwriters will inevitably do.”

DataRobot’s Sengupta concurred: “Underwriters will be different in the future, but the jobs are not going away. As machines take over the rote jobs, underwriters will have more time on their hands to focus on emerging risks like cyber, where there isn’t much data yet to draw from. Machines will extract this data as it increasingly becomes available, but human beings will be needed to assess its meaning.”

“As robots allow underwriters to be more efficient and make more intelligent decisions, they will be freed to spend more time on building a better book of business,” said Neelamana from DataCubes. “The position itself will be occupied by highly intelligent people of enormous importance to the profitability of the carrier.”

Instead of robots replacing people, the interviewees contend that humans and machines will fuse together as one—not in a mechanical sense, of course, but in an intellectual one. Underwriters will not disappear. Instead, they will become uber-underwriters.

Russ Banham is a Pulitzer-nominated business journalist and author

Insurance Captives Reach New Hieghts

By Russ Banham

Risk Management

Over the past five years, the popularity of captive insurance companies has skyrocketed. Not only do more than 90% of Fortune 500 businesses own at least one captive, but even small and mid-sized companies have formed them.

The motivations for creating a captive have not changed much in the half-century since the first captive was formed in 1962. A company-owned insurance operation provides direct access to reinsurance markets, customized insurance coverage that fills gaps in the commercial market, access to accrued investment income, and incentive to improve loss control. The thinking of many risk managers is simply, why trade dollars with an insurance company when you don’t have to?

The surge in captive formations has been fueled by a series of favorable tax court rulings, the increasing number of U.S. state captive domiciles, and the emergence of new and challenging exposures, such as cyberrisks, that have caused insurance carriers to raise rates and adopt stricter coverage terms and conditions. As a result, the reasons to form a captive have never been more persuasive.

New Captives Under Scrutiny

Captives have become increasingly common, but experts believe some companies may be throwing caution to the wind with certain arrangements. “I’m not concerned about big corporations forming captives as much as I am about the private sanitation company that forms a captive because it can’t get decent workers compensation insurance, or the nursing home that can’t buy professional liability insurance,” said Andrew Barile, CEO of Andrew Barile Consulting and a strategic advisor on captive formation and implementation since 1967. “It’s these 831(b) captives and the recent flurry in the formation of captive cells that give me pause.”

The 831(b) captives get their name from Section 831(b) of the IRS Code on Micro-Captive Transactions, a 1986 regulation that provides tax advantages to small property and casualty insurance companies. According to the rule, a captive can elect to be taxed on net investment income when gross annual premiums are $1.2 million or less (recently increased to $2.2 million). The owning entity also can deduct premiums paid to the captive as ordinary business expenses.

The tax advantages reduce the cost of financing a risk transaction, making captive formation enticingly affordable for many small companies. The IRS, however, is closely examining 831(b) captives to ensure they do not constitute illegal tax shelters. IRS Notice 2016-66 categorizes Section 831(b) as “transactions of interest,” subject to additional documentation and disclosure requirements for “promoters” and “material advisors.” New legislation in 2018 has also mandated additional tests for these captives to demonstrate appropriate risk diversification.

The added scrutiny does not bode well for some 831(b) owners. “Too many of these structures are set up by CPA firms and not insurance underwriters, which tells me they lean more toward being a tax shelter as opposed to a genuine risk-transfer mechanism,” Barile said.

Captive cells have also come under scrutiny. A captive cell is akin to a rented apartment in a large apartment building: The captive is used by a group of unrelated insureds so each can take advantage of the benefits of a typical captive arrangement without actually owning the insurance company. Each cell is legally separated from other cells, meaning the insured’s assets are walled off and protected from the legal liabilities of other cells. The core owner maintains a capital surplus to absorb working layer losses, above which reinsurance kicks in.

The challenge is when one cell company’s losses exceed the capital set aside by the captive’s sponsor. If the cell company has not posted enough capital to absorb the financial impact, it will need to dig into its wallet to pay off the remaining financial obligation. Since the companies forming cell captives are, for the most part, small businesses, that burden can be significant.

There are tax concerns for cell captives, as well. “I get these calls from nursing homes that say they just formed a cell captive in Bermuda, but there’s no broker or risk manager and they don’t know what they’re doing,” Barile said. “There’s no fronting company involved. Instead, there’s a small CPA firm hoping to get the client a tax deduction. You’ve got the accountants—not actuaries—setting the reserves and writing manuscript insurance policies, using the internet as the only source of intelligence.”

Certainly not all cell and 831(b) captives are suspect, but some of the IRS scrutiny is justified, and necessitates reasonable caution. “To a certain degree, 831(b) captives are being used as a wealth management device,” said Peter Mullen, CEO of Aon Global Captive and Insurance Management. “We do not set up such vehicles. Our distribution system is a risk management distribution system, not wealth management.”

Charting Captive Growth

While there are no reliable figures on the total number of 831(b) and cell captives that have been formed, anecdotal evidence indicates they are on the rise. More dependable statistics are available on the rising volume of traditional captives.

EY estimates there are currently 7,100 captives, up from 4,000 five years ago, while insurance broker Marsh tallies 7,000 captives, up from 5,000 in 2006. The Captive Insurance Companies Association (CICA) cites a current total of 6,618 captives.

Captives have been formed in domiciles all over the world, but the United States has seen the greatest recent growth. “About 78% of captives formed worldwide in 2017 occurred in the United States, accounting for 616 new licensed captives,” said Daniel Towle, CICA president. “Europe licensed 22 new captives, down from 36 the prior year, and only eight captives were licensed across Asia-Pacific. Bermuda and the rest of the Caribbean licensed 108.”

The high volume of recent captive formations in the United States can be attributed to the growing number of states that have passed legislation to become captive domiciles. The Insurance Information Institute reported that 29 states now permit the formation of captive insurance companies. Vermont is the current leader in the United States with 593 state-licensed captives, followed by Utah with 462.

As more states enter the fray, competition for business is fierce. “Economic development is the reason a state wants to become a captive domicile,” said Paul Phillips, a partner and tax markets leader at EY. In Vermont, for example, there are dozens of captive managers and insurance brokerages with brick and mortar buildings in Burlington, as well as a host of small CPA firms and actuaries. “All that property development and employment translates into substantial tax income and economic lift,” he said.

Barile concurred, “Domiciles are tripping over themselves to get business. Governors know this is a lucrative way to build fee income.”

Unwieldy Exposures

Another factor in the recent surge in captive formations is corporate concern over new types of financial exposures, most notably cyberrisks. “Generally speaking, any line of insurance that does not have much in the way of commercial capacity or has lots of coverage exclusions is a good fit for a captive,” Towle said. “Right now, cyber fits this bill. Companies can write coverage in the captive for the exclusions and buy reinsurance for losses above the limit.”

Mullen said many of Aon’s clients are “incubating” cyber and other thorny exposures in their captives. “Although there is quite a bit more capacity for cyber in the commercial market now, if the risk is deemed by insurers to be particularly difficult—with little data on potential losses—the client may choose to put the risk in its captive,” he said.

In such cases, the captive owner will engage an actuary to develop a probabilistic loss model to calculate an adequate premium. As losses occur over the next few years, a body of data develops, and the company may then take its chances again in the commercial market. “They’ll say, ‘We’ve been incubating this risk in our captive for the past five years and here is the policy form we used, how we calculated our premium, our claims adjustment process, and our loss experience,’” Mullen said. “If the market’s reaction is good, they may then opt to buy risk-transfer.”

Other financial exposures similarly incubated in larger captives include product liability, employee wage and hour, and business interruption risks. Large captives are also being formed to insure their owner’s employee benefits obligations, such as life insurance and short- and long-term disability insurance. Corporations funding employee benefit risks through their captive insurance companies include Hyatt Hotels, Coca-Cola, Intel and Microsoft.

Smaller captives are insuring an even wider range of exposures. “I’ve seen small companies wanting policies to absorb business losses caused by changes in legislation, to absorb the risk of a tax audit or bad debts, and to insure all the deductibles the company has with commercial insurers,” Barile said.

Many experts advise small businesses to include captive experts drawn from the insurance industry—like an actuary or underwriter—when mulling the formation of a captive. “Captives aren’t for everybody,” said Prabal Lakhanbal, a captive consultant with Spring Consulting Group. “Proper due diligence should be pursued, followed by a well thought-out feasibility study prepared by an insurance specialist.”

Legal Clarity

Many of the legal and tax issues that historically hovered over the captive industry are less of a concern today, compelling companies that were wary of forming a captive in the past to consider doing so. Recent tax court decisions have been favorable for alternative insurance arrangements, clarifying questions of risk-shifting, risk distribution, premium excessiveness and what constitutes an insurance contract.

For example, in the recent captive case RVI Guaranty Co. Ltd., et al. v. Commissioner, the U.S. Tax Court held that an insurance contract created to insure against the risk of a decrease in the value of property in fact covered an insurance risk rather than an investment risk, as the IRS had alleged, qualifying the contract as insurance for federal income tax purposes.

Today, fewer companies form captives primarily for the tax benefits. A Marsh study, for example, indicated less than 50% of the captives managed by the firm even bother to take a U.S. tax position. Nearly three-quarters of their clients reported  the key driver in forming a captive was to fund retained corporate risk. “As organizations’ understanding of risk matures, their risk management strategies become more sophisticated, increasing the likelihood of forming or expanding the use of a captive,” said Michael Serricchio, managing director of Marsh Captive Solutions.

Mullen has heard similar reasoning at Aon. “When we survey our clients every year about the reasons they have a captive, something like 4% say they do it for tax reasons; the majority cite strategic risk management purposes,” he said.

By establishing their captive for these strategic reasons, current and prospective owners can avoid IRS suspicion. “The simplest way to ensure your captive is within current tax rules is to be able to show that it was formed for a non-tax business reason,” Lakhanbal said.

Overall, captives have proven to be effective for funding and strengthening management of a company’s risks. “Looking at our global captive book of about $30 billion, the combined loss ratio runs around 75%, a clear indication that our clients are doing something right as they run their business through their captives,” Mullen said.

This success has helped make captives into a more mainstream risk management option. “A captive is no longer an alternative risk transfer mechanism,” Serricchio said. “It’s now a key tool for risk managers to address traditional property/casualty and employee and customer risks.”

In the future, Phillips believes more businesses of all types and sizes will consider forming captive insurance companies of their own simply because they are effective. After all, “captives are sector-agnostic,” he said, “and every company has risk.”

DDoS Attacks Evolve To Conscript Devices Onto The IoT

By Russ Banham

The number of cybersecurity attacks skyrocketed in frequency and increased in complexity as the internet of things (IoT) spread its wings in 2017.

But DDoS attacks are really nothing new. They turn 30 this year, making the threat to computer systems and data security one of the oldest around. But the IoT has provided new fuel.

 In these attacks, thousands of computers are turned into an arsenal converging on a single network, overwhelming it with traffic. Today, any electronic device connected to the internet can be used in a DDoS attack — smart refrigerators, thermostats, home security and lighting systems, even baby monitors.It’s a strange picture — commandeering a legion of smart devices to do battle as botnets against a target organization’s network and systems. But this is exactly the scenario that recently took down an internet services company that routes and manages internet traffic.

Army Of Invaders

Like humans turned into zombie-like White Walkers on “Game of Thrones,” 100,000 internet-connected devices were infected with malware and ordered to attack. The result prevented millions of internet users from accessing the websites of more than 70 online companies for about two hours.

Such assaults can be devastating for businesses that generate income through online customer-facing services. The Ponemon Institute pegs the average cost of a DDoS attack for a company at $1.7 million. The bulk of this expense ($517,599) comes from lost services. Other costs include technical support ($414,128), lost productivity ($229,071), disruption to normal operations ($346,062) and damage or theft of IT assets and infrastructure ($199,201).

Hackers’ motives in launching cybersecurity attacks are evolving. They include shutting down networks and reaping illegal financial gains. Hackers are cognizant of the time it takes for IT security to battle the attack, leaving the door temporarily open to corporate data.

Weapons Evolving

Turning smart devices into DDoS botnets is the latest scourge. Unlike corporate computer networks and systems with sophisticated firewalls and flow analytics tools that redirect traffic in response to an attack, connected devices such as baby monitors and washing machines generally have poor security, their endpoints protected by little more than inexpensive, off-the-shelf Wi-Fi routers.

Hackers are well aware of the vulnerabilities, not to mention the opportunity presented. As the number of connected devices rapidly increases from roughly 23 billion to an estimated 50 billion by 2020, the number of potential weapons for a DDoS attack more than doubles.

Limiting Casualties

A multipronged defense strategy is needed to combat DDoS attacks. Vendors of the semiconductors, sensors and other components used in connected devices must upgrade security, according to Broadband Internet Technical Advisory Group. And companies that embed these devices must commit to buying only the most secure ones.

Endpoints on the IoT must be protected by next-generation firewalls with enterprise-level protections as the data flows into the internet. The use of a separate network segmented from the current one will add an extra layer of protection if the device is breached. The U.S. Justice Department also recommends that device users create complex passwords and keep the software current, implementing upgrades and patches the instant they’re issued.

As for limiting network losses from a DDoS attack, security experts recommend geographically dispersing systems so as to reduce the surface attack area. The idea is to put servers in different data centers located on different networks, making it tougher to topple the entire network.

Over time, IoT-related cyber threats will continue to evolve. But the positive results that business and society gain from the use of any new technology can outweigh the bad.

“Growth is being driven by the potential to increase efficiency and improve business outcomes by collecting better data about things in the workplace,” said Larry Ponemon, founder and CEO of the Ponemon Institute. “To ensure that security risks do not outweigh the benefits, new strategies that holistically consider risks in the organization’s entire IoT ecosystem are needed.”

Don’t Let Your IT Security Be The Lowest-Hanging Fruit

By Russ Banham

Yesterday’s hackers may have yearned for the bragging rights that come from having pulled off a major cyberattack, be it against a government network or a large company. But today’s hackers aim for the lowest-hanging fruit: Money, in this case bitcoin, is a bigger lure than boasting.

Today’s hackers strike in a flurry of activity — in many cases, distributed denial of service (DDoS) attacks that divert the attention of a victim’s information security team from malware designed to capture valuable data assets. Distracted in its efforts to get systems back online, the responding cybersecurity team overlooks the malware as it worms its way toward the real bounty.

“DDoS attacks are often designed to cover up the actual intent of hackers, which can be data theft, planting of targeted malware or propagation of ransomware,” said Max Solonski, chief security officer at BlackLine, a financial and accounting automation software provider. “By focusing on containing the disruptive DDoS attack, the InfoSec team might not be able to identify the primary attack vector focused on a specific target or quickly react to the unauthorized transfer of data from a computer.”

This modern-day Trojan horse is becoming increasingly common. According to a 2017 study by Neustar, of all the companies hit with a DDoS attack, 52 percent reported a virus associated with the attack, 35 percent reported malware, 21 percent reported ransomware and 18 percent reported lost customer data. “This is all about the value of information,” said Solonski, “and the easiest way for hackers to obtain information is to target companies lacking adequate InfoSec controls and countermeasures.”

Hackers “aim for companies with the most unsecured cybersecurity and inferior disaster response programs,” said Dottie Schindlinger, vice president and governance technology evangelist at Diligent, a provider of secure board communication and collaboration tools. “Once they sneak through the fence, they go for the gold.”

Security Begins At Top

To protect their companies, senior management and board directors need to ensure that hackers don’t perceive their organizations as low-hanging fruit, Schindlinger said. “The days of the IT team alone thinking about cybersecurity are long over,” she said. “Cyber risk management is everyone’s responsibility today — from the top of the company down. Cybersecurity must be embedded into the organization’s culture.”

While employees are increasingly educated about and vigilant of cyber risks like phishing, many board directors and senior executives fail to heed such threats. Sixty percent of board directors regularly communicate with executive management and fellow directors using personal email, according to a study by Diligent. Nearly half (48 percent) use personal PCs and laptops to download company documents. And 22 percent store these documents long term on their devices.

“The biggest risk are the people with the least amount of cybersecurity training,” said Schindlinger, pointing to board members and senior executives.

It’s not uncommon for what seem like trifling digital and physical documents to contain sensitive corporate information that hackers would find valuable to steal and sell. “Any piece of data is potentially lucrative to a bad actor — the home addresses and phone numbers of board members can be used to exploit the organization and them,” said Schindlinger.

Pushing Back

Both Solonski and Schindlinger offered several recommendations on how a business can reduce its appeal to hackers. “Think like a hacker,” said Solonski. “First and foremost, you want to understand the types of data the organization owns and where the data is located, and then take a critical eye to determine how a skilled attacker can navigate around InfoSec controls to get to it and fulfill his nefarious purpose,” he said.

Board directors and senior executives might ask their security leaders questions like: Would a hacker perceive the company as a relatively easy target? Which types of information does the business have that would be of significant value to an attacker? Where does this data reside? Who has access? And how is it protected? Does the organization maintain layered controls throughout the environment, or does it just have a strong perimeter, leaving its “soft core” to be accessed via a “back door” planted by a malicious insider or through social engineering?

Vulnerabilities revealed by these questions need to be strengthened, Schindlinger said. And it is up to board directors to take action. “They have a fiduciary obligation and duty of care to ensure the organization is not put on a hacker hit list,” she said. “My advice (to the board) is to establish a policy that stipulates the behaviors they must uphold as board members, and have each member sign off on the policy.”

Some stipulations may be simple, like not using unsecured personal email or shredding paper documents that contain sensitive business data. “You wouldn’t believe how many board members write down proprietary information in a notebook that they can’t find afterward,” Schindlinger said.

The company’s chief security officer should be present at board meetings to present a brief overview of the organization’s cyber risk readiness, she said. Another good idea is to simulate once a year how the business continuity plan will be executed in the event of a data breach.

Board members have good reason to take such measures. If the organization’s data is stolen because the company was perceived as an easy target, “they are the ones who will be held responsible,” said Schindlinger.

Russ Banham is a Pulitzer-nominated business journalist and author who writes frequently about cybersecurity.

Biggest Mistake: No Employee Non-Compete Clause, Says BlackLine CEO Therese Tucker

By Russ Banham

Chief Executive

Therese Tucker is the rare woman in technology to have founded a successful technology company and brought it public. The CEO of BlackLine, a provider of automated finance and accounting software now worth in excess of $1.5 billion, is esteemed for her enlightened entrepreneurship, software programming savvy, and nurturing leadership qualities.

Broad-minded and compassionate, Tucker sports pastel-pink hair and a mile-wide smile that makes her Los Angeles-based employees feel their CEO actually cares about them. She does. “Business should not be purely business,” Tucker opines. “Companies have a social obligation to care about the lives of people in the communities we serve with our products and services.”

Not surprisingly, Tucker created Blackline’s account reconciliation software to make the lives of accountants less dreary and burdensome. She also undertook an initiative over the recent holidays to clothe more than 50,000 homeless people in the city. But it’s her business chops that really set her apart: She single-handedly programmed BlackLine’s initial products and guided its revolutionary concept of continuous accounting that nearly does away with the dreaded financial close.

Still, she’s as human as the rest of us. “I learned a really valuable lesson about the critical importance of legally sound contracts with employees, one that I will never forget,” says Tucker, shaking her signature pink hair.

The lesson was this: BlackLine gave birth to a competitor. “In California, you’re not allowed to ask an employee to sign a non-compete contract, which are banned,” Tucker explains. “The mistake we made was not having specific clauses in our employment contracts regarding confidentiality and reusability. Regrettably, an employee in our sales group had access to our source code in her laptop. She outsourced the code to India, created a competing product, and sold it.”

BlackLine had little recourse to do anything about the situation, other than take it in stride and double down on making innovative finance and accounting software products to best the competition. The company also retained sharp legal minds to devise crystal clear and enforceable employment contracts on a state-by-state basis.

The tactics worked, helping BlackLine maintain and even enlarge its market lead. The company is one of four technology companies and the only one in its space to be listed as a leader in Gartner’s Cloud Financial Corporate Performance “Magic Quadrant.” “Having good legal counsel and solid contracts with customers and employees pays dividends down the road,” says Tucker.

Once burned, twice shy.


By Russ Banham

Beginning January 1, 2018, health care facilities will need to comply with new annual testing requirements of their fire and smoke doors. The new rule from the U.S. Centers for Medicare & Medicaid Services (CMS) cover the installation, care and maintenance of many types of doors and assemblies.

Although compliance originally was set for July 5, 2017, CMS extended the deadline to 2018, due to substantial health care industry questions and pushback. Given the broad sweep of the new rule, which harmonizes with NFPA 80 (the National Fire Protection Association’s standard for fire doors), the extension bought much-needed time for hospitals to prepare accordingly.

With the deadline nearing, health care facilities are confronting the harsh realities of complying with “an extremely complex regulation” that requires “substantial hospital actions,” says Kirk Kaiser, owner of Barrier Compliance Services, a nationwide containment contractor and Grainger’s exclusive national partner for fire and smoke barrier solutions. “Compliance is not a walk in the park.”


The new rules for fire and smoke doors recognize the unique nature of a health care facility. In the event of fire or smoke, expeditiously evacuating patients is a difficult life-and-death challenge, given the medical condition of patients who may be immobile, hooked up to life-sustaining machinery, or require wheelchairs or wheeled gurneys to be relocated. “Fire and life safety in a hospital is the most critical of any type of structure requiring evacuation,” Kaiser says.

Consequently, the emphasis is on protecting patients from fire and smoke while they are in the hospital. To do this, hospitals are physically compartmentalized to ensure a fire does not travel from one area to another. “Each room is blocked off from other rooms, with a different set of safety precautions required for each of these environments,” Kaiser explains.

Each room is composed of different components like a ceiling, floor, walls and door(s). Since fire doors open and close, they are part of a building’s passive fire protection system. Generally they are not constructed with the same degree of physical strength and integrity as the walls and ceiling. And, unlike other components, doors are in constant motion, which can cause problems later.

Although a fire door will securely fit its enclosure at the time it is hung, the constant opening and closing of the door weakens the hinges and door closers, making the fit less secure over time. “Doors are the weak link—they’re one of the biggest dangers when it comes to fire risks in a hospital,” Kaiser says. “Not surprisingly, CMS was concerned that hospitals were not maintaining the doors to the degree they needed to be maintained.”


NFPA 80 may contrast with local municipal fire codes, in some cases sharply. Each municipality’s fire code is unique, given the singular nature of the location, such as a dense urban center. Permits for construction and renovations reflect these nuances in the local codes. Consequently, a single health care facility has two sets of rules with which to comply—federal and local.

“A 10-story hospital that is renovating its second floor would need to go to the local municipality and submit the architect’s plans, which are evaluated according to the city’s fire code,” says Kaiser. “In such cases, the city doesn’t care what the NFPA code might be. But the hospital has to care.”

There are other contrasts. For example, municipal requirements for fire walls in which the fire doors reside typically fall under the International Fire Code 703.1. The code, which addresses the ongoing maintenance of a hospital as opposed to new construction, requires a formal inspection by a fire marshal each year. “When you turn to the new CMS code on this subject, the rules are vague, requiring inspection every one to three years,” Kaiser says.

Another complication confronts health care systems with hospitals located in multiple municipalities and states. In one municipality, the facility may be bound by less stringent municipal fire codes from 2006, whereas in another region it may have to comply with a stricter building code from 2009. “The multiplicity of different municipal codes makes it tougher to achieve a consistent approach toward implementation and (regulatory) compliance,” Kaiser says.

Health care facilities should always defer to the highest fire safety standards, he advises. “Err on the side of the most restrictive,” says Kaiser. “If a city does not require a door to be put in a hallway, for instance, but NFPA does require this, then the best practice is to put the door in. If the municipality wants a fire extinguisher positioned every 100 feet and NFPA wants them every 80 feet, position them every 80 feet.”


The new rule places enormous administrative and other burdens on the shoulders of hospital building and maintenance staff. According to Kaiser, a typical 800,000 square-foot hospital has approximately 1,000 fire doors. Under the new CMS requirements, the facility has to conduct a fairly intensive formal 11-point visual and operational test verifying that each door adheres to the NFPA 80 fire code. Among the 11 items in this list are:

  • No open holes or breaks present on surface.
  • Intact glazing in place.
  • Doors, frame and hardware secured and in working order.
  • Door clearances within required specifications.

If the inspection indicates problems that may create a fire hazard, hospitals are required to resolve the issue. “Under the prior CMS standard, it took eight hours to conduct a visual and physical inspection of the doors and barriers,” says Kaiser. “We’ve calculated that it takes about 15 minutes per door to complete the inspection under the new CMS standard. That adds up to 15,000 minutes, or 250 hours. And that’s just for the inspections.”

Thereafter, the facility must address the rule’s reporting requirement—documenting the inspection and follow-up repairs pertaining to each door. “Previously, you could write up all 1,000 doors in a one-page summary,” says Kaiser. “Now you have to respond to each door across the 11 point verification, specifying in writing the steps the hospital has taken or will take to satisfy each point.”

In many cases, this can add up to hundreds of pages, he says, while the repairs “can take months to get all the doors up to snuff.”

For example, the new rule requires that the gaps around a swinging door in a closed position be a maximum of 3/8ths of an inch at bottom and 1/8th of an inch between the door and frame. “In a hospital environment where people are constantly running equipment and carts into the swinging doors, they’re continually out of whack,” Kaiser says. “Maintaining the doors to such high tolerances is a constant battle.” This high volume of traffic also affects the integrity of the door hardware. “A door closer rated to withstand one million cycles may need to be replaced in a year,” he adds.

Many hospitals are finding that the tasks required to address the new regulation are too complex, time-consuming and onerous to handle. In such cases, it may be prudent to outsource the work to experts like Barrier Compliance Services and Grainger.

“We can educate the marketplace about their responsibilities through webinars and our publications and account managers,” says Kaiser. “That’s just the first step and it is highly advisable. But we also offer a turnkey solution in which we will take responsibility for the inspection, repairs, training, and reporting, ensuring compliance.”

With the clock ticking toward the deadline, expert advice may be exactly what is needed.


The Price of Protectionism

To defend some domestic industries, President Trump is ready to slap tariffs on foreign producers. But has he weighed the costs to the wider economy?

By Russ Banham

When it comes to trade protectionism, Isaac Newton’s third law of motion is instructive: “For every action, there is an equal and opposite reaction.”

President Donald Trump’s repeated calls for stiff tariffs and quotas against Chinese, South Korean, and other foreign companies that are allegedly dumping their products on U.S. shores sounds all the right patriotic notes. Until, that is, as history shows, foreign countries retaliate in kind.

Powered by the appeal of his “America First” platform, the president has waved the flag to promote the idea of protecting a number of industries against predatory foreign competition. He has also suggested withdrawing the United States from the North American Free Trade Agreement, much like he earlier pulled out of the fledgling Trans-Pacific Partnership.

Trump is far from the first president to vigorously support strong U.S. trade policies. Barack Obama and George W. Bush slapped high tariffs on Chinese tires and foreign steel imports, respectively. The difference is Trump’s jingoistic rhetoric — a “win-at-all-costs” attitude that assumes other countries will cower and capitulate. His stance also seems to ignore the reality of multinationals’ reliance on global markets.

If the president deems it necessary to dissolve free-trade agreements and set tariffs on some large industries, it will mark a significant break with the country’s past. “Since the Great Depression, we’ve had a gradual policy shift from the protectionist trade policies of the Smoot-Hawley tariff toward freer trade that eventually culminated in the World Trade Organization,” says Doug Irwin, a professor of economics at Dartmouth College. “We’d be going backward in time.”

The moves might also cause prices on many goods to jump, forcing consumers to rein in spending. The drop in spending, theoretically, would slow the economy and lower corporate revenues and profits.

Although all that is a ways from happening, the next few months are a critical juncture: The White House will be deciding whether to actually impose penalties recommended by the U.S. International Trade Commission (ITC) on some foreign competitors. Says Scott Linicome, an international trade attorney and adjunct scholar at the Cato Institute: “We’re at the cliff’s edge.”

Turning Up the Heat

With its America First rhetoric, the Trump administration seems to be ignoring history. American trade protectionism has regularly failed to help the industries and workers that the government was trying to protect, says Linicome. “The trade protectionism the president favors increases the prospect of retaliation by foreign countries, harming import-dependent U.S. companies,” he explains.

Domestically, someone must pay the piper when tariffs are imposed on importers. For example, the overall economic cost of U.S. trade protections against steel imports from the 1990s to the early 2000s was close to $2.7 billion, in Linicome’s estimates. Since U.S. steel-consuming industries employed between 40 and 60 workers for every single steelworker, the jobs preserved in the steel industry were vastly outnumbered by job losses in the industries using steel. The harsh protectionist measures were challenged by the World Trade Organization and removed in 2003.

In other words, what’s good for one industry is not always good for the wider economy. A current case in point is the U.S. solar industry.

Two bankrupt solar panel manufacturers, SolarWorld Americas and Suniva, have petitioned the federal government to impose tariffs on Chinese-made solar panels. They allege that Chinese companies are dumping their products on U.S. soil—that is, selling the goods below their actual cost in order to steal market share. The U.S. manufacturers have requested a minimum import tariff of 32 cents per watt for solar modules and 25 cents per watt for solar cells. That’s just a few cents less than the current per-watt costs, so it’s a significant levy. The petitioners are also seeking a minimum price on panels of 74 cents a watt, nearly double their current cost.

The ITC, a quasi-federal agency that determines the impact of imports on domestic industries, weighed in on the subject in September 2017. Its four current members unanimously concurred that Chinese solar panel imports had caused “serious injury” to domestic producers. In mid-November, the ITC presented its tariff recommendations to President Trump, who has until January 12, 2018, to decide whether to impose the levies.

More than two dozen U.S. solar manufacturers have gone belly up since 2012, so there’s a good chance the president will take some action in the name of domestic producers. But most of the solar industry opposes government intervention, which would drive up consumer prices for solar energy, causing the volume of solar installations in the United States to plummet.

“Chinese solar makers are not flooding the U.S. market by dumping products at unfair prices — they’re meeting American demand for solar,” asserts Abby Hopper, president and CEO of the Solar Energy Industries Association. “The petitioners went bankrupt of their own account.”

Hopper maintains “the vast majority” of U.S. solar companies are thriving, growing revenues 98% in 2016. Those companies are projected to triple in size over the next five years. “If the [petitioners] get what they want, it will double the price of solar, which will reduce demand by more than half,” Hooper says, and could result in 88,000 lost jobs. An entire industry, economists claim, would lose traction at a time when the build-out of solar infrastructure is in its nascent stages.

Splish Splash

President Trump also is considering imposing tariffs in a more mature market: washing machines. In a petition filed by appliance maker Whirlpool, the ITC unanimously agreed that two South Korean washing machine manufacturers — Samsung and LG Electronics — were causing “serious injury” to Whirlpool. In early December, the ITC will decide what specific tariffs or quotas it thinks should be implemented.

In both the solar and the washing machine cases, the ITC reviewed the petitioners’ claims through the lens of Section 201 of the Trade Act of 1974. This “safeguard” law offers broader protections to U.S. companies than the 1930s-era antidumping and countervailing duty laws.

Whirlpool declined requests for an interview, but in published reports the company insists Samsung and LG have an unfair advantage. A more level playing field would help the company sell more washing machines, resulting in the hiring of an additional 1,300 employees, Whirlpool says. The South Korean manufacturers have demurred, attributing Whirlpool’s declining sales to its washing machines’ inferior design and a shift in consumer preferences.

There is some truth to this argument. “Whirlpool has lagged behind in terms of meshing the Internet of Things (IoT) with its products, whereas Samsung and LG have excelled in this space,” says Robert Hartwig, an associate professor of finance at the University of South Carolina.

If Whirlpool is not meeting demand for Internet-equipped products, that’s a problem. Many consumers, particularly those in the tech-savvy millennial generation buying their first residence, are “looking for smart kitchen appliances and other products that integrate with the rest of their homes,” Hartwig says.

Whirlpool’s attestation that it won’t be able to hire more employees without trade protection is likely true, but that doesn’t mean overall U.S. employment will suffer. Both Samsung and LG have announced plans to build factories in the United States that would more than make up for Whirlpool’s hiring loss.

“It’s hard to take Whirlpool’s claim [that] it’s a victim,” says Laurence Kotlikoff, professor of economics at Boston University. “Just because it used to dominate the domestic market doesn’t mean it deserves to continue to dominate. With that kind of logic, we should slap stiff tariffs on foreign agricultural products because half the country used to be employed in the agricultural industry and only 2% are employed in it today.”

Hartwig contrasts Whirlpool’s claims with longstanding arguments made by the U.S. steel industry about foreign competitors. “It’s difficult to see how in the kitchen appliance space — where consumers spend quite a bit of time in their purchasing decisions — foreign companies are dumping products,” he says. “These are differentiated products, not cheap undifferentiated steel from China.”

Does the U.S. steel industry need trade protection? “Big steel companies like to complain that cheap foreign steel is the problem, when the real problem is small domestic mini-mills using scrap metal to make steel,” says Dartmouth’s Irwin. The mills mostly produce carbon steel used in automobile manufacturing, construction, and consumer products. “These mills are close to their customers and are more nimble and efficient,” Irwin says.

Steel imports aren’t taking away the industry’s market share, he asserts. “You could stop all the imports you want, and the big steel firms would still face tough competition.”

If the president imposes stiff trade protections on steel imports, economists expect a reprisal by China and any other countries caught in the squeeze. “When you move in the direction of unilateral protectionism via Section 232, the likelihood of countermeasures restricting American companies’ businesses in affected foreign nations increases,” Linicome says.

In addition, the United States already has numerous restrictions placed on foreign steel. Of the 373 trade barriers the country had in place at the end of 2016, Linicome says, more than half (191) involved foreign steel. “We don’t need higher tariffs or quotas on steel imports,” he insists. “Go that route and it will simply result in higher prices for American industries reliant on steel, which is a lot of industries.”

Irwin concurs: “A lot of steel users are saying, ‘Wait a second—if you help these guys [like Nucor], you’re just going to hurt us. Where’s the fairness in that?’”

Open for Business?

Such “wait a second” instances aren’t confined to steel imports. If the Trump administration exits NAFTA, Midwest farmers and U.S. automotive suppliers that export to Mexico will incur tariffs that, for the most part, do not exist today. “There’s always a tradeoff in the politics of trade,” says Darmouth’s Irwin, author of the book, “Clashing Over Commerce: A History of Trade Policy.”

Ironically, Trump’s proposal to rewrite NAFTA in the country’s favor has little support from domestic business leaders. The U.S. Chamber of Commerce has promised to send an army of lobbyists to Capitol Hill to persuade Congress to preserve the agreement. Another group, the Trade Leadership Coalition, in November began airing pro-NAFTA advertisements in nine states that Trump won in 2016. The U.S. and other NAFTA members recently held the fifth of seven scheduled rounds of talks about the 23-year-old treaty. Unfortunately, Congress does not have the power to save the treaty.

The White House also has a lot of power when it comes to trade fights. The ITC is considered a fair broker when it comes to examining trade issues and executing the law, but the larger geopolitical dimensions of the commission’s recommendations must be weighed by a sitting president. Given Trump’s staunch nationalism, geopolitics is likely to be a secondary concern in his tariff determinations.

If Trump rules in favor of unilateral trade protections and sky-high tariffs, other industries looking for market-share fortifications will come knocking on the ITC’s door. “Many past presidents were unsympathetic to domestic industry and turned down the ITC’s proposals for relief,” says Irwin. “Now we have an administration that is inviting these petitions, sending a message to other industries that ‘We’re open for business.’”

So, what’s the solution? “Instead of taking protectionist measures, government and industry need to develop policies to help workers prepare for disruption and quickly adjust to it afterwards,” says Linicome.

Another suggestion is to let the WTO perform its key functions as a forum for trade negotiations and adjudicating trade disputes. The organization defuses political tensions and comes up with “reasonable ways of deciding if a country’s trade policies are in conformance with agreements or violate them,” says Irwin.

The Trump administration has hinted at ignoring or leaving the WTO, the organization through which 164 countries, including China, have agreed they want to resolve trade disputes. A U.S. departure could cause other countries to follow suit and leave a proven system in tatters.

“If we kick aside the WTO, the future of the United States as a global competitor is in jeopardy,” Hartwig says. “There is no way the country can go it alone in a political, social, or economic context.”

Yet Trump seems determined to move the nation toward bilateral trade deals that favor the United States. Or worse. Many domestic producers would love steep tariffs slapped on goods imported from other countries, Kotlikoff says, but that would be unwise. The U.S. economy is currently 16% of the world economy and, he contends, headed to 5% by the end of the century. “This is not the time to seek unfair advantage over global competitors,” he says.

Russ Banham is a veteran financial journalist and author and a longtime contributor to CFO.

High-Flying Maneuvers

The U.S. Commerce Department takes action over Canada’s subsidies to jet maker Bombardier.

The big question for some is not the likelihood of tariffs, but how high the levies will be. In this regard, the decision by the U.S. International Trade Commission (ITC) to impose preliminary antisubsidy duties on Canadian aircraft manufacturer Bombardier may be illuminating.

Here’s the backstory: Rival American manufacturer Boeing accused the Canadian government of unfairly subsidizing Bombardier’s C Series jets, dumping the aircraft at a price well below production costs. Canada is accused of offering billions of dollars in loans, equity infusions, grants, and tax credits to Bombardier.

The U.S. Commerce Department retaliated with a stiff 219.63% countervailing duty on the jets. The duties are subject to the ITC’s review, hence their “preliminary” status. The ITC is expected to provide its recommendations in early 2018.

The size of the duty took many economists by surprise. In effect, it would triple the cost of C Series aircraft sold in the United States. In a statement, Bombardier called the proposed duty “absurd.”

Meanwhile, Newsweek reported that Boeing has received substantial government subsidies: $457 million in federal grants, $13 billion in state and local subsidies, and nearly $64 billion in federal loans and loan guarantees. That makes Boeing’s complaint that Canada is unfairly subsidizing the C Series jets seem hypocritical.

As Dean Baker, co-director of the Center for Economic and Policy Research, puts it, “You can’t define protectionism as the things you don’t like.” — R.B.