How Small Businesses Can Use Televisions To Enhance The Buying Experience

By Russ Banham

Big-screen televisions are a pittance of what they cost just a few years ago, making them a potentially worthwhile investment for small businesses — not so they can catch customers up on reality television but to help with marketing.

Televisions strategically installed throughout a store can play programs that educate, interest and inform customers, spurring sales and cross-selling — a pair of shoes to go with that dress, perhaps? The challenge is to provide high-quality content that is entertaining, useful and not distracting.

“We’ve all seen great TV commercials and terrible ones,” said Anindya Ghose, Heinz Riehl chair professor at the New York University Stern School of Business, where he oversees the business analytics program. “If the music is too loud, the information doesn’t address my needs, and the program repeats every five seconds, it could be very off-putting.”

When done right, however, an implementation of television screens may allow small businesses to generate additional sales to offset the initial investment.

Inspire, Inform And Engage

While retailers have long used television screens to market in-store products, the investment value was difficult to quantify. Most programming provided basic information or simply repeated commercials seen at home. Now retailers know that content is, indeed, king.

What kind of content?

“It depends on a retailer and its customers, but generally it can be boiled down to programming that either inspires, informs or engages customers,” said Lokesh Ohri, a partner at Deloitte Consulting, where he leads the advertising, marketing and commerce practice.

Ohri provided examples of programming that inspires a consumer to buy something.

“Say you’re planning a vacation and you walk by a clothing store and see a large screen inside with a video of a man strolling on a beach in a Hawaiian shirt with relaxing ukulele music playing in the background. Or, you’re in a supermarket and there’s a video of a great-looking dish being prepared,” he said. “In both cases, the consumer wants to trade places.”

With informational content, the objective is to inform a consumer about the differentiating features of a product in an entertaining fashion. With regard to programming that engages people, the intent is to present content that matches consumers’ interests or needs, Ohri explained.

For instance, a small home renovation company can engage its customers by featuring remodeling shows next to model kitchens. And a deli or small food market can feature any of the dozens of cooking shows populating numerous networks.

A patient in a hospital likely will want more relaxing television content than patrons at a pub, whereas someone in a gym may want programming focused on exercise and nutrition.

Small and midsize businesses can provide video that benefits their customers simply by choosing cable television networks whose programs align with their marketing strategies.

As a first step, businesses should review what’s offered by local cable providers to see which package makes the most sense in terms of available content and cost.

Although the best deals on TVs happen on Black Friday, retailers offer sales throughout the year. With a wave of deals expected in the runup to the World Cup, businesses that are on the verge of investing in video may want to take advantage of May and June discounts.

Russ Banham is a Pulitzer-nominated business journalist and author of 24 books.

Leadership and Legacy: When Enough Is Enough at the Top

By Russ Banham

Carrier Management magazine

When to retire is one of the toughest decisions for any executive to make. For a CEO at the top of the pyramid, the decision is rife with complexities. Not only must the CEO relinquish day-to-day control, he or she must cope with the possibility of not having completed the strategic objectives developed at the outset of their tenure.

Like the song goes, “Should I stay or should I go?”

Hanging in there too long can tarnish the CEO’s legacy, while leaving too early may founder the ship. For a graceful exit, a capable successor needs to be in the wings, but this is not always the case. And captivating post-retirement activities must be considered, as it is psychologically damaging to jump off a fast-speeding train onto, well, the couch.

It’s also not easy to give up power. This may explain why many CEOs are getting older. From 2006 to 2018, the number of Fortune 500 CEOs age 65 to 69 more than doubled from 20 to 44, according to research by Korn Ferry provided to Carrier Management. The average age of a Fortune 500 CEO has gone up from 55.4 in 2007 to 57.4 in 2017, according to Spenser Stuart research. (2017 Spenser Stuart U.S. Board Index)

No CEO wants to be accused of overstaying his or her welcome. Sure, lots of people maintain their vigor and intellectual chops well into their 80s. But very few people are old and au courant at the same time, Berkshire Hathaway’s Warren Buffett excluded.

“Many CEOs have a hard time letting go,” said Cecile Alpers-Leroux, an economic anthropologist focused on workplace transformation as Ultimate Software’s vice president of human capital management innovation. “It requires deep reflection to make the leap—a verification of their values, what’s important to them and their aspirations going forward. But leap they must.”

Carrier Management reached out to four insurance company CEOs who have made their leaps, giving the decision the care and attention it deserves. Although their stories are different, they share similar values about life and work. In their reflections on retirement, they sought the counsel of spouses, friends and business colleagues.

“The most successful CEOs are the ones who put aside time to reflect on what they’ve accomplished and what they want in the future,” said New York-based executive coach Alisa Cohn, who works with C-suite leaders and board directors. “Not all CEOs fit this mold. Leadership can be intoxicating; you’re almost in a trance-like state. Your identity gets wrapped up in being the one in charge. But if you overstay your usefulness, it will come back and bite you.”

Company First

Well before he became the CEO of Penn National Mutual Insurance Company in 2010, Ken Shutts knew from personal experience that he didn’t want to work well into his 60s.

“My father, who had worked for Ohio Casualty Insurance Company for 42 years, retired when he was almost 69 years of age,” Shutts recalled. “He and my mother had great plans to do a lot of traveling. Twenty-nine days after he retired, he suffered a massive heart attack and passed away. He never got the chance to enjoy his retirement. It just stuck with me.”

Shutts did not want to encounter the same fate. A sports enthusiast, he divides life into quarters like a football game. With the average life expectancy for American males at nearly 79 years, each quarter consumes about 20 years.

“I’ve been working since I was 13, when my sister got me a job as a busboy at a restaurant where she was a waitress,” said Shutts. “That was the first quarter. Once you hit 60, whether you want to admit it or not, you are entering the fourth quarter of life. I’d been at the company for 35 years, starting out in the legal department. I’d been president of the company for seven years. The time had come to do something else, and I had made preparations here at the company to do it.”

He had a strong desire and commitment to mentoring the senior executives who would move a rung up the ladder following his retirement, including Penn National’s current CEO Christine Sears, the company’s former president and previously CFO. “You want to hand the baton over to someone who is ready to take it and help grow the company further,” he explained. “I took this responsibility very seriously and feel quite secure the organization is in great hands today.”

During his leadership tenure, Shutts guided an important affiliation with Waukesha, Wis.-based Partners Mutual Insurance Company, which is now a part of Penn National. Partners Mutual had a history, culture and mutual insurance structure that deftly aligned with Penn National’s history, culture and structure. It also relied exclusively on independent agents to sell its policies and served customers in Wisconsin and Iowa, two growth markets for Penn National.

In making the decision of when to retire, Shutts reached out to his wife, children and friends for their input. The determining factor was his response to a question he always asked his senior executives when they approached him with a difficult decision: “What’s in the best interests of the company?”

“That was my guidepost; it takes your emotions out of the equation,” he said.

Shutts is a firm believer that organizations must continually turn to new leadership to remain relevant and healthy. “A company needs new ideas, new energy and new oxygen to thrive,” he explained. “CEOs who stay on too long tend to become regimented in how they view things. We all know stories about sports figures that stay in the game past their prime. I’ve always believed it’s better to quit at the top while you still have the passion, vim and vigor to do other things.”

His “other things” include membership on Penn National’s board of directors. “My love for the company has never diminished,” Shutts said. “What I miss most about being a CEO is working with our employees and agents, interacting and seeing many of them daily. But I truthfully feel no voids in my life. When I get up in the morning, I look forward to the rest of the day.”

Purposeful Preparations

Terry Cavanaugh gave himself a 10-year tenure when he became CEO of Erie Indemnity Company in 2008, following a 33-year career with Chubb Group of Insurance Companies. Cavanaugh was 55 years old at the time and planned to work until he was 65. His projection was off by one year—he retired a few months shy of his 64th birthday. Close enough. “In my mind, there’s a half-life to being in any job, and as you go up the food chain to become the CEO, it becomes more acute,” he said.

In making the decision to retire, Cavanaugh felt good about his tenure. Under his leadership, Erie Insurance had increased its property/casualty direct written premiums by more than 45 percent and grew policyholder surplus by 60 percent. He was the first senior executive to be hired from outside the company. “The board was frustrated by not having a solid internal candidate to assume the post,” he explained.

Not surprisingly, his initial challenge was to build the organization’s operational and financial skillsets. “Human capital drives success,” he said. “I was acutely aware of the need to recruit and develop talent. Most importantly, I wanted to have a good successor in place when it was time for me to go.”

As he got closer in age to 65, the year he had established for his retirement, Cavanaugh reflected on whether or not his timing was right. “Some CEOs don’t have good self-awareness; others get to the point where the job becomes so much a part of their identity they can’t walk away comfortably,” he said. “I took inventory of how I felt intellectually, emotionally and physically about the company’s state and my own future.”

Eight and a half years had passed since he became CEO, and he realized another year and a half wouldn’t make much of a difference to the company and his legacy. “But it might extend the length of my lifespan not having to deal with all the stress and eat restaurant food on the fly anymore,” he added.

In his talks with former CEOs who had confronted the prospect of retirement, they often mentioned the pressure they felt from board directors requesting they stay on longer. “I feel the longer the CEO stays on, even if they’re successful and energetic, it adversely affects the succession management plan,” he said. “It doesn’t send a good message to the executive team and can create organizational apathy.”

A more personal reason to move on with life is the realities of aging. “When you hit 64 and look in the mirror, you realize it’s harder to be courageous—to take innovative risks,” he confided. “Fortunately, I had groomed people to take over. It was their time now.”

Cavanaugh lives half the year today in Naples, Fla., where he often runs across other former CEOs. “I met this one fellow who said, ‘Terry, you and I are PIPs. I asked what he meant and he replied—’Previously Important People.’ Made me laugh.”

Nowadays, he puts his considerable business acumen to work as a member of two boards and is an executive coach to C-suite leaders. “My advice to them is to retire while they’re still champions,” he said.

Knowing the End Game

Jim Kennedy retired as the CEO of Ohio Mutual Insurance Group when he turned 63 years old in 2015, having served in the post since 2003. Like Shutts, Kennedy had made the decision to retire in his 60s for personal reasons. When he was 57, his older brother, an executive at another insurance company, passed away at the age of 64 from a sudden heart attack.

“Coming to grips with the fragility of life made me consciously think about my own retirement,” said Kennedy. “None of us know how long we have left on this planet. And there were other things I wanted to do with my life than just work.”

His family lineage was close in mind throughout his retirement deliberations. “My father was a car salesman working on commission who never earned a dime of salary; he didn’t have the money to retire early and do the things he’d wanted to do,” he said. “Fortunately, I was in a financial position that I could retire. After I hit 60, my wife and I had these long conversations about what we wanted our future together to look like. She was supportive of whatever I wanted, she said.”

He realized that running a large insurance company had consumed much of his time and energy, entailing quite a bit of travel. “I didn’t want to die in the chair,” said Kennedy. “But I also wanted to be sure when I left that the financials and operations were solid to pass on to someone else to take the company further.”

They were. During Kennedy’s tenure, Ohio Mutual’s premium revenue increased by 78 percent, surplus nearly tripled, and assets expanded by 140 percent. The company had grown from one state market to seven. He had done his best and let go of the reins in 2015.

“I’ve got no regrets retiring when I did, although I do miss the interactions with people and the collegial effort of everyone coming together and putting their minds around a problem and solving it,” he said. “But I planned my retirement well before I saw the finish line.”

Today, he sits on the board of Harford Mutual Insurance Company in Bel Air, Md., and the board of a local college. He provides operational consulting services to insurance companies and is actively engaged at the National Association of Mutual Insurance Companies. “I’m teaching people how to become a successful board director,” he said. “There’s a need for it.”

Hanging On Because You Have To

Warren Heck was 64 years old when he became CEO of GNY Insurance Companies and 78 when he retired. In between, he twice tried to retire, but the executives in line to succeed him either didn’t stand up to further scrutiny or decided to leave the company.

“I knew at the age I was when I became CEO that I didn’t have much time to find a successor to carry on, but it was much harder than I had imagined,” said Heck, who prior to becoming GNY’s CEO had been its president and chief operating officer for a lengthy 18 years.

Heck, who retired in 2014, was hale and hearty at the time of his decision and remains physically and intellectually sharp today at 82.

“Looking back, I honestly never cared if I became CEO or not; I was interested in running the company,” he said. “All I wanted was to be in charge of some objective and couldn’t care less about the title. My predecessor was different; he held onto the job like it was his lifeline. But as long as he let me run the company, I didn’t care if he remained CEO.”

With regard to his own long tenure, Heck shares Shutts’ philosophy that the company’s interests always come ahead of the CEO’s needs. “If you’re deeply and emotionally connected to the company, you want it to succeed after you leave,” he said. “To do that, you have to find someone who will put the interests of the business ahead of their own. It took more time than I’d imagined to find that person.”

Lengthy CEO tenures are common at GNY. Heck is only the fifth CEO in the company’s 104-year-old history.

“I love insurance, so it wasn’t a burden to lead the company in my 70s at all,” he said. “People have always told me I don’t look my age. But I knew I was getting older and running out of time. Every now and then a board director would point out that I was getting a little long in the tooth, but nobody was aggressive about it and I appreciate the fact that they did point it out. Still, I had to find a successor.”

He finally did. Heck’s daughter Elizabeth, GNY’s former president and chief operating officer, is the company’s CEO today. “The board asked for the names of three people as my successor, and Elizabeth was one of them,” he said. “I suggested her because she’s a financial person who has a CPA and worked for one of the big accounting firms, as well as at other insurance companies. I told the board to treat her as one of the candidates. Elizabeth impressed them with her knowledge and expertise. They gave her the job and she’s doing great work today.”

Heck, who remains on GNY’s board as its non-executive chairman, left the company in terrific shape. In 2014, it tallied $315 million in direct written premium, a $430 million surplus and close to $1 billion in assets.

Does he miss the thrill of running a big insurance business? “Not at all,” said Heck. “I retired not because I didn’t have the energy to continue or the company was becoming unsuccessful—far from it. I would have retired years before if we’d had the right leadership in place to take over.”

Humility, Not Hubris

Each of the former CEOs feels a tremendous sense of accomplishment at leaving the organization in better shape than when they took the top post. None fell prey to the addictive charms of being in charge, putting the company’s best interests first. They loved the job and the small intimacies that occur in all business dealings, but they had other fish to fry and new lives to create.

Best of all, they did not want to squander the knowledge and expertise they had accumulated through decades of hard work. “The best CEOs take all the business lessons they’ve learned over a lifetime and contribute them to boards, small businesses and students,” said Cohn. “They’re used to making a positive difference.”

As for the “right age” for a CEO to retire, Cohn said it’s irrelevant. “The decision has to do with the individual’s values, not the number of years they’ve lived,” she said.

Still, every CEO has an expiration date. Appreciating this fact is crucial to ensuring the next leader will grow the business further. As the former CEOs’ stories indicate, successful succession management is not a breezy walk in the park.

“It’s vital that a CEO choose someone to succeed them who will honor their legacy and yet also take the organization in the direction it needs to go,” said Alpers-Leroux. “But if you stay on too long and don’t let that person lead, you’re doing a disservice to them and the company.”

As always, timing is everything.

Playing Favorites


By Russ Banham

Chief Executive magazine

The dismantling of so-called Net Neutrality rules regulating service providers that connect consumers to the internet may have unintended consequences for the rapidly growing telehealth industry.

Telehealth, or telemedicine as it is also called, refers to virtual healthcare provided remotely by a doctor, nurse practitioner, registered nurse or other medical specialist. Employers that provide telehealth services to employees are able to reduce absenteeism caused by the need to visit a doctor physically, enhancing employee productivity while reducing overall healthcare expenditures.

In 2017, 71% of employers with 500 or more employees offered telehealth services, up sharply from the 59% that offered it the prior year, according to a study by Mercer. These numbers may go down in the aftermath of the Net Neutrality ruling, which is perceived to have a disproportionate impact on consumers in low-income and rural areas.

Companies in these regions are a key target market of telehealth providers, given the significant distance an injured or ill employee must travel to obtain adequate healthcare. “Reliable broadband connectivity is needed for telehealth services to thrive for all patients and healthcare facilities,” says Mary Kay O’Neill, M.D., senior clinical advisor at Mercer Health and Benefits.

The repeal of the Net Neutrality law effectively allows giant internet service providers (ISPs) to slow down broadband connections for low-income content customers to provide greater bandwidth to more financially valuable forms of content, such as streaming television. “The ISPs can play favorites among different entities that deliver content,” says O’Neill. “Large healthcare systems in primarily urban areas will have an unfair advantage over smaller, rural ones.”

This disparity can have a dire impact on telehealth services like behavioral health. “Employees receiving smoking cessation, weight management, psychological counseling and other forms of behavioral assistance need these telehealth services to be readily available, due to the coaching and frequent back-and-forth texting and FaceTime that occurs to help the person through the day,” says O’Neill. “If this is interrupted, no one benefits.”

The ruling introduces other broadband access concerns. For instance, high-speed internet connections are needed to link personal medical devices and wearable sensor technologies to remote telehealth providers. A case in point is the use of a personal glucometer for diabetes management.

“When the reading exceeds a certain threshold, the information automatically uploads to a database in a cloud, where a nurse can access it remotely,” says O’Neill. “If the data doesn’t upload in time, not only is this dangerous from a patient safety perspective, it is a wasteful use of a healthcare facility’s money.”

She adds, “This is one of the hottest things in healthcare software right now, but it depends on connectivity.”

Forced to negotiate for bandwidth, small rural hospitals may decide to curtail their telehealth programs and invest their financial resources in other areas—to the detriment of companies and people that truly benefit from the service.

What’s the solution? “Really this is a tough one to solve,” O’Neill says. “I would urge rural citizens to urge their legislators to take actions to ensure we don’t have a two-tier system in which lower-income people in rural regions get the short end of the stick.”

Revolutionary thinking: Why CFOs should account for political instability

Corporate executives are increasingly worried about geopolitical instability — and with good reason.

By Russ Banham

FM magazine

Prior to the 2011 uprising in Egypt that led to President Hosni Mubarak’s stepping down from power, multinational building materials company Cemex developed a plan to manage fallout from just such a political crisis.

That plan came in handy: Within a few weeks the Egyptian military dissolved the country’s parliament and suspended its constitution. Like many sophisticated multinational businesses, Mexico-based Cemex, which had significant operations in Egypt, had assembled an enterprise risk management (ERM) programme that included strategies for handling global political risks.

Months before the uprising, Enrique Alanis, Cemex’s global director of ERM, and his team received intelligence from within and outside the company that “something was not right”, he said. “The information was gathered from our own people in the region, as well as external people like market experts, industry trade groups, suppliers, and vendors. We also incorporated public sources of information like the internet, media reports, and public forums.”

Armed with this insight, the company quickly took action. “The advance warning gave us time to prepare for how we would address the situation,” said Alanis. “We had a strategy ready that pointed out [to the new regime] that Cemex was good for the country.”

The company successfully communicated to the new leaders that it provided significant employment, and building products that many diverse businesses relied upon in Egypt. The result: Cemex was able to continue its business operations without missing a beat.

Alanis said: “At all times, our goal is to stay ahead of potential risks [and] to be ready if they occur.”

Not all companies are as fortunate. Disastrous outcomes have included the confiscation, expropriation, and/or nationalisation of a company’s assets in a foreign country. Examples over the years are far too numerous to cite, but they provide a cautionary tale for all multinational companies operating in politically unstable regions of the world.

In recent years, emerging economies such as Thailand, Myanmar, Brazil, Turkey, and the Philippines — countries that had achieved some measure of stability for several years — have experienced their share of political turmoil. They’re not alone: According to the 2017 Government Stability Projection by consulting firm Verisk Maplecroft, more regions of the world are likely to experience a decrease in government stability in the next two years, with developing markets being the most susceptible. Among the factors behind these risks, according to Verisk Maple-croft, is anticipated volatility in US global trade and policymaking, underscored by the country’s withdrawal from the Trans-Pacific Partnership trade deal and US President Donald Trump’s threats to pull the US out of the North American Free Trade Agreement (NAFTA) with Canada and Mexico, in addition to global factors including Brexit.

The study underscores a growing concern of many C-suite executives, including CFOs. Another example: A survey by McKinsey & Co. in 2016 found that the number of corporate executives identifying geopolitical instability as a “very important business trend” had doubled over the past couple of years.

“Among the 13 trends we asked about, respondents most often expect that domestic political instability, as well as slowing growth in developed economies, will pose a threat to profits in the next five years,” the study stated. “… Yet a vast majority say their organisations are not yet taking active steps to address these issues.”


This complacency may have disastrous results for finance departments. Aside from asset expropriation, political instability also can lead to currency inconvertibility, a situation where one currency cannot be exchanged for another currency. Contracts in the foreign country may be repudiated — the duties of one party to another frustrated. Additionally, the sovereign nation may default on payments owed the company and/or wrongfully call on-demand bonds and guarantees. Banks, exporters, and investors owed money from foreign buyers may never see these receivables.

There’s also the possibility of violence and the detention of employees — something that Cemex was watching for. “As part of our ERM process, we had developed early warning systems of potential problems like political insurrection and riots across our global footprint,” said Cemex’s Alanis.

Emerging economies are not the only countries vulnerable to shifting political winds. Powerhouse economies such as the US and Britain also are susceptible. Voters’ dissatisfaction with the status quo in both nations fostered the election of a populist president in the US and approval for Britain to exit the EU. These decisions have generated serious questions about potential de-globalisation, with a corresponding impact on business prospects.


Despite these sobering concerns, many companies move forward with their global strategies, their eyes focused on growth more than on the impediments in the way. “Often the reasons to do business in an emerging economy are so enticing they appear to outweigh the risks,” said Daniel Wagner, CEO of Country Risk Solutions, an operational risk management consultancy. “But it’s folly to think a country that has been politically stable for several years will remain stable tomorrow.”


Political risks are not limited to companies that conduct business on the ground in a country. “Almost every business is global in nature today, simply because their supply chains are global and their customers are often global,” said Bodhi Ganguli, lead economist for Dun & Bradstreet’s country risk team. “Companies no longer produce and sell in one place anymore. If a coup breaks out in a country where a critical component is manufactured, it can put the brakes to the production line.”

Consequently, virtually all companies must heed global geopolitics. How can they manage a complex risk that takes on the guise of a multiheaded Hydra? “You need to weigh the strategic value of doing business in a country against the array of political risks, measuring the pros and cons,” said Charles Stevens, an assistant professor of management at Lehigh University, where his academic focus is on global strategy and political risk.

Several organisations can provide insightful intelligence on political risks, including the World Bank, the Overseas Private Investment Corporation, The Economist Intelligence Unit Viewswire, the US Export-Import Bank, private intelligence organisations like Kroll, and large insurance brokers and insurance companies like Marsh, Aon, and AIG.

“There is no absence of information that can be obtained,” Wagner said. “The problem is that as soon as it is produced, a period of time that can consume several weeks, it can become obsolete and irrelevant. It’s better to have local people on the ground who really know what’s going on to provide ongoing, real-time intelligence.”

One such source may be a local organisation that partners with the company in sharing the risks and rewards of the opportunity. “It makes sense to choose a joint venture partner, particularly one that knows the ins and outs of the region,” Wagner said. “Look for a partner that knows the local political landscape and understands the legal regime, preferably one with government contacts to get in front of a problem before it rears.”

A related tactic is to secure local equity and debt to help finance the business venture. When local firms, trade unions, financial institutions, and government agencies have a stake in the venture, it can reduce adverse consequences. To get this buy-in, some companies pledge to financially assist the host country in improving quality-of-life objectives.

But even the best plans can falter, so companies also need to consider the financial value of political risk insurance. Depending on the coverage particulars, political risk insurance generally absorbs financial losses due to the following conditions:

Political interference. The nationalisation and/or expropriation of assets by the host government.

Political violence. Strikes, riots, civil insurrections, and civil war, in addition to a hostile act like a coup.

Currency inconvertibility. Imposition of local currency controls making it difficult to receive hard currency payments.

Sovereign nonpayment. Nonpayment of financial commitments, obligations, and loans by the host government.

Supply chain disruption. Political, social, economic, or environmental instability that causes a disruption in the flow of goods and/or services into and out of a country.


When political instability threatens, the first priority for companies is the security of their employees. Stevens advocated the use of smartphone apps and hotlines that can alert local employees when trouble is brewing. “Your people can be scattered throughout a country; hence the prudence in giving them the means to instantly know what to do wherever they are,” he said. “They should also contact their local embassy and have their passport on them at all times.”

To reduce risk, many multinational companies employ local citizens. If a company needs to evacuate employees who are not citizens of the country, those remaining can continue some measure of business operations.

Even with the best due diligence, the unexpected can happen. “Sometimes you don’t know you have a problem until you have one,” said Wagner, who also is the author of the books Managing Country Risk and Virtual Terror. “That’s why we advise you proactively have a plan in place for worst-case scenarios.”

What CFOs need to know about political risk insurance

Political risk is increasingly on the radar for multinational companies, given rising concerns over geopolitical instability. One way companies try to mitigate the risks is through political risk insurance.

No two insurance policies are alike; each includes specific terms, conditions, and prices based on the perceived political risks in different nations. However, even in countries deemed to be at high risk of a political event, some measure of insurance is available.

“You can get it pretty much everywhere you need it, even in perceptibly high-risk countries,” said Stephen Kay, practice leader for structured credit and political risk at insurance broker Marsh. “We recently were asked if we could get political risk insurance for a client in West Africa, which has a very uncertain political climate. We could.”

Marsh also recently brokered a political risk insurance policy for a foreign company operating in South Korea that included full-breadth coverage, including the risk of war with North Korea. “The reason insurance markets took up the risk is that the company is located at the southern tip of the Korean peninsula, enough of a distance away from the border with North Korea to provide some semblance of comfort,” Kay explained.

Insurance carriers selling political risk insurance include large international insurers like AIG, Zurich Insurance Group, Chubb, Great American, and Lloyd’s of London, among others. The US federal government’s Overseas Private Investment Corporation also offers the insurance. “Multinational companies generally can buy ample insurance coverage to protect foreign assets in most regions of the world, albeit at a price,” Kay said.

The premium depends on the market’s assessment of a country’s political risk. Current hot spots include Venezuela, Argentina, Bolivia, and Ecuador in Latin America; Cambodia, Myanmar, and Thailand in Asia; Syria, Libya, Yemen, and Afghanistan in the Middle East; and multiple countries in sub-Saharan Africa.

Russ Banham is a freelance writer who is based in the US.

GDPR: Act now Before It’s Too Late

By Russ Banham

Chief Executive magazine

The May 25 deadline for complying with the European Commission’s General Data Protection Regulation (GDPR) is approaching fast—so fast that many small and medium-sized businesses are in a mad rush to get their houses in order.

So are many large companies, but the regulation creates intimidating challenges for SMEs, given their smaller size and resources. In recent weeks, the European Commission (EC) has dispatched a flurry of detailed advisories and even created an exclusive website to help companies prepare for compliance, with special attention accorded the demands placed upon SMEs.

We’ve gone through the advisories to distill critical steps that must be taken now, assuming they have not already been addressed. Most important of all is for CEOs to take GDPR very seriously, as its teeth are razor sharp—irrespective of company size.

Basic Background:

The EC created GDPR to heighten and unify personal data privacy laws across the European Union (EU). All companies doing business in the EU must comply with the regulation. The EC applies a new principle called extraterritoriality to ensure compliance by non-European businesses—even those without a physical presence in the EU. If they “control” or “process” personal data belonging to European consumers, they must comply with the regulation. A data controller comprises both for-profit and nonprofit organizations. A data processor is a firm that performs the actual data processing.

The new regulation broadly extends the EU’s 1995 data protection directive that held businesses accountable for the security of the consumer data they had in their possession. As opposed to the previous passive opt-out acceptance model, companies now must receive written consent from consumers to collect and use their data, and only for a legitimate business purpose. Consumers can withdraw their consent at any time, and once the business purpose for using the consumer’s personal information has been fulfilled, the data must be deleted.

These aspects of GDPR loudly resonate following recent disclosures of the harvesting of 50 million Facebook profiles in the continuing Cambridge Analytica scandal. A major objective in drafting the regulation was to give consumers more control over their personal information, insofar as which organizations can use it, when they can use it, and for what purposes. The other primary goal was to create regulatory uniformity across the EU.

Analysis and Monitoring:

Before processing a consumer’s personal information—both paper-based and digital data—companies must analyze the related data privacy and security risks. This rule also applies to consumer data the business may have provided to its vendors, suppliers and outsourcing partners. Additionally, the measures used to secure data, such as encryption in transit and in temporary storage, must be documented. A record of these various activities must be maintained by the organization for delivery to regulators upon request.

For SMEs whose core activity is the systematic monitoring of data subjects on a large scale, GDPR advises these businesses to appoint a data protection officer dedicated to data privacy. Companies not technically mandated to do this should still consider the value of hiring a privacy overseer and having this person sit on the board.

Since new products, services and technologies under development must take GDPR compliance into account from the origination of these plans, having someone in charge—either internally or on an outsourced basis—may be prudent for all SMEs.

Lastly, it is the responsibility of companies in the event of a data breach to inform EU regulators within 72 hours of the event, even though all the details may be unknown or uncertain. Regulators want to know are the nature of the incident, approximately how many people were affected, the potential consequences for these individuals, and the measures taken to date or in the planning stages to respond to the breach.

GDPR’s consequences for failing to address the regulation are gulping. A penalty of 2 percent of annual worldwide revenue or 10 million euros (roughly $12.37 million), whichever is greater, may be imposed on businesses that fail to report the breach within 72 hours. For companies that fail to comply with other parts of the regulation, the penalties are double these amounts.

Had GDPR been in effect the past five years, FTSE 100 companies that experienced a data breach collectively would have been fined more than 25 billion euros (close to $30 billion), according to an October 2017 study.

What To Do Now:

Most SMEs are hopefully well into their preparations for GDPR compliance. For those still at the beginning of this process, we’ve compiled a checklist of tasks to help ensure readiness by the deadline.

  1. Know Your Data. What types of consumer data does the company collect and where does this information reside? Create an inventory of this information that includes the consumer’s name, email, bank details, etc., since the business will need to demonstrate an understanding of the personal data in its possession.
  2. Consider Consent. How does the organization currently receive consent from consumers to collect and use their data? What needs to change internally from a process and systems standpoint to reach out to consumers for their consent and how will this consent be documented for regulatory purposes. What is the process to delete consumer information after its business use has concluded? Start writing up clear policies regarding all of the above and ensure their appropriateness from legal staff or outside consel.
  3. Data Chief. Does the company employ a chief data protection officer? If not, who in the organization will be in charge of data privacy and data security, and what are their respective responsibilities and capacity to achieve these aims? Is there value in creating a multi-functional team to report to these individuals? How does the company currently secure consumer data; broader use of encryption might be needed. The goal is to ensure regulation-ready data privacy and security policies.
  4. Breach Notification. What are the processes to comply with the 72-hour data breach notification rule? How will each of the required responsibilities, such as demonstrating the nature of the breach and how many people were affected, be determined? Who in the organization is involved in these regards and what are their tasks? Consider testing the process to iron out any kinks.
  5. Third Party Obligations. What are the processes to review how vendors, suppliers and outsourcing partners are using the personal data provided them? How can the organization ensure these organziations are GDPR-ready? For instance, contract terms and conditions may need to change to obligate them to immediately report the incidence of a data breach.

The bottom line for CEOs of midsize and smaller companies that conduct business in the European Union is that GDPR readiness may be difficult, but the likelihood is that similar rules will hit U.S. shores at some point. This gives them a leg up on domestic competitors currently free from compliance. Better now than later.

Mining for Gold—and Other Creative Ways Companies Are Combating E-Waste

By Russ Banham

The facts surrounding electronic waste, commonly referred to as e-waste, are staggering. Although nearly all e-waste can be recycled, 60 percent ends up in landfills, where toxic metals leach into the environment and can cause severe damage to human kidneys, blood, and central and peripheral nervous systems.

More than 50 tons of e-waste is produced each year through the discarding of used or unwanted electrical and electronic devices, many nearing the end of their useful purpose. In an effort to show the magnitude of the e-waste problem and promote recycling, artist Benjamin Von Wong worked with Dell to create photograph sculptures using two tones of old laptops, keyboards and circuit boards – all of which can be recycled.

The message? The past can power the future but time is of the essence. A 2010 report issued by the United Nations indicated that the volume of e-waste could increase by as much as 500 percent in developing countries alone by 2020. Newer statistics are hard to come by, but the overwhelming consensus is that much can be done to positively alter the status quo and combat these staggering 2020 figures. Here’s a look at just a few creative solutions for tackling the mounting problem of e-waste.

Revitalize the Manufacturing Sector

Inside of the 44.7 million metric tons of e-waste produced in 2016 lays approximately $55 billion of gold, silver, copper, platinum, palladium, and other high-value recoverable materials, according to a 2017 report by Global e-Waste Monitor. That figure exceeds the gross domestic product of most countries in the world, and presents a compelling financial incentive for municipalities and businesses to consider ways to pursue more robust e-waste management.

E-waste mining is one innovative solution to recover these precious materials. With $35 million in financing, BlueOak Resources has built an urban refinery in Osceola, Arkansas to recover “technology metals” from 15 million pounds of electronic scrap each year. The first of its kind in the U.S., the refinery exemplifies a type of development that can reinvigorate the American manufacturing sector.

If there’s anything BlueOak Resources proves, it’s that finding ways to extract valuable metals from electronic scraps is not only good for the environment; it is also a healthy financial investment.

Look for Gold

In addition to mining, companies are forging creative partnerships and rethinking the treatment of the precious metals hidden in technology e-waste. “When you think about the fact that there is up to 800 times more gold in a ton of motherboards than a ton of ore from the earth,” Jeff Clarke, Dell vice chairman, explained, “you start to realize the enormous opportunity we have to put valuable materials to work.”

Recognizing that approximately $60 million in gold and silver is discarded each year by Americans through unwanted phones alone, Dell has begun to work with actress and jewelry designer Nikki Reed to recycle excess gold from old computers collected through programs like Dell Reconnect and Asset Resale and Recycling Services and turn it into earrings, bracelets, and rings.

The effort is part of Dell’s “Legacy of Good” program, which outlines social and environmental milestones to achieve by 2020 (and beyond). Altogether, Dell has pledged to recover 2 billion pounds of used electronics and reuse 100 million pounds of recycled content back into their products, all by 2020.

With the help of Dell’s environmental partner, Wistron GreenTech, these efforts have resulted in a process for extracting the precious mineral to use in Reed’s sustainable design line of jewelry, The Circular Collection, through her company Bayou with Love.

More Recycling, More Jobs

Job creation through repairing electronics is another booming creative solution that tackles two birds with one stone. In addition to recycling old electronic material, these programs provide employment opportunities for often underserved or vulnerable communities.

Homeboy Recycling (formerly Isidore Electronics Recycling), for instance, employs former gang members and prisoners in Los Angeles to recycle much of the city’s electronics. “I felt like if I asked people in Los Angeles to give me their electronics, they would, and I could hire people with records to do the recycling,” founder Kabira Stokes told Fast Company in 2017.

The company accepts donations, sorts through the equipment, and then dispatches the ones still working into its reuse department. Those products that don’t make the grade are taken apart to recover and recycle the valuable minerals and other materials. As of early last year, Homeboy Recycling had employed 27 re-entry members and recycled upwards of 2.2 million tons of electronics. According to Stokes, the model is “the future of capitalism.” does something similar, repairing and upgrading yesterday’s tech devices for sale at affordable prices to people unable or unwilling to pay for newer, pricier versions. Through its services, the company is making a dent in the e-waste problem, creating jobs, and giving people access to affordable products—what one might call a triple bottom line.

With millions of tons of electronics thrown to the wayside each year, there are endless opportunities to repurpose valuable materials and aid employment. Whether a tossed device becomes someone else’s next device, a pair of earrings, or the inner workings of the next new device — what is yesterday’s trash might just become tomorrow’s future.

Russ Banham is a Pulitzer-nominated business journalist and author who writes frequently about the intersection of business and technology.

Real-Time Payments Have Arrived

By Russ Banham

Treasury & Risk

Prepare for payments transformation. In November 2017, The Clearing House (TCH) and 25 partnering banks launched the first new core payments structure in the United States in more than 40 years. The new system permits real-time payment clearing, marking a major change for treasury operations that have been using the one- to two-day Automated Clearing House (ACH).

Qualifying payments are domestic, interbank electronic transactions. Their payment messages are transferred, and funds are available to the payee, in real time —literally within seconds—on a 24×7 basis. The new system, dubbed RTP for “real time payments,” was designed and built through the collaborative efforts of TCH and its partnering financial institutions. RTP meets the objectives of the Federal Reserve Faster Payments Task Force, which has been tasked by the Fed to identify and assess alternative approaches for implementing safe, ubiquitous, and faster payment capabilities in the United States.

The new system follows late on the heels of the Faster Payments Scheme Limited (FPSL) launched by the United Kingdom in 2008. FPSL moves mobile, Internet, telephone, and standing-order payments quickly and securely, in nearly real time, 24 hours a day. Seventeen banks and building societies are participants in FPSL, with more than 400 financial institutions now offering the service to over 52 million account holders.

Why has the U.S. lagged behind the U.K. by a full decade in developing RTP? “The clearing cycle prior to FPSL in the U.K. was three days, giving them significant impetus to improve the status quo,” says Steve Ledford, senior vice president of product and strategy at TCH. “In the U.S., we already had ACH and next-day payments. There was less of a gap to make up.”

Another factor slowing implementation in the United States was the sheer volume of financial institutions dotting the American landscape—more than 100,000 entities in all. TCH and its partnering banks needed extra time to design a payments model that could scale to address all these institutions’ different capabilities. As Ledford puts it, “We needed to find a model that worked for everyone.”


Worth the Wait

Similar to wire transfers and ACH, RTP is another component of the core industry payments infrastructure, with the potential to support diverse use cases. In a business-to-business context, RTP is a credit “push” system. Payments are pushed from the bank account of the business making the payment to the bank account of the company receiving it. In between, RTP supports the financial institution’s customer-facing systems for services like bill payment, cash management, peer-to-peer (P2P) payments, and emergency disbursements. Messages such as requests for payment, payment confirmations, requests for additional information, and remittance detail are used to create frictionless customer-facing interactions.

TCH is working with a wide array of industry stakeholders, including community banks, credit unions, and financial institution service providers, to drive adoption of the long-sought real -time payments system. “The reality is that we’ve been talking about payments transformation for the past 25 years,” says Alberto Casas, managing director and North American head of payments and receivables at Citi, one of TCH’s partnering institutions and one of six banks currently processing payments through RTP. The others are JPMorgan Chase, BNY Mellon, SunTrust, U.S. Bancorp, and PNC Financial Services Group.

“However, we wanted a model that didn’t just promise immediacy and faster payments,” Casas adds. “We also wanted to create ‘smarter’ payments—a standardized data set that allowed for clean interactions between parties to send and accept inbound or outbound payments. Today, payments and payment information don’t always travel together perfectly, with the receiver often misunderstanding the purpose of the payment, culminating in costly and frustrating interactions.”

An example is a wire transfer that lacks details indicating the purpose of the payment. Without the right payment guidance, the recipient company may not connect the payment to the right receivable. RTP obviates this possibility by supporting the transfer of critical information about a payment along with the transfer of funds, to efficiently deal with back-office reconciliation issues.

This unique capability was designed and developed using technology from Vocalink, the software vender that built the U.K.’s faster payments system and which is now owned by Mastercard. TCH wrote the code for RTP and is the system operator.

Heightened payment security was another factor weighed carefully in the development of RTP. The new payments system is the first to be built and launched in the United States since the advent of the Internet. Over this period, incremental changes have occurred in payments, beginning with the gradual reduction in the use of cash and checks, and continuing forward with the digitization of payments and standardized messaging.

“Previous fast payments systems were based on older-generation technology and payments standards,” Ledford says. “An advantage for us being later to the game is that we could learn from and piggyback off of the previous systems’ upgrades. We’ve developed a system using secure, digitally capable Web-based protocols. So we’re not just fast, we’re also safe.”


Treasury Opportunities

Treasurers who leverage the RTP system may help their companies achieve competitive differentiation in their markets.

“With RTP, the payments system can actually become a customer engagement tool,” says Casas. “An insurance company, for example, can provide instant claims payments to a company devastated by a natural disaster.”

Now that the United States and several other nations have introduced independent systems for faster payments, other countries around the world are expected to follow suit, resulting in significant changes in how businesses and consumers send and receive payments globally.

“Today’s payments systems are the building blocks upon which future payments innovation will be built,” says Casas. “Nevertheless, we’re not predicting that all payments will move to a real-time payment channel overnight. RTP is an additional option for payers and receivers to support unique use cases.”

He provided the example of a consumer who has not paid his or her electricity bill on time. “RTP will allow for a request for payment to go from the utility to the consumer’s bank,” Casas says. “When the bank receives the request, it can instantly forward a detailed message through RTP to the consumer that the payment is now overdue. There are multiple benefits, including the avoidance of late fees and/or service disruptions while simultaneously helping to build trust and customer loyalty.”

The business owner sees that if the bill isn’t paid immediately, the electricity will be turned off. “If the person chooses the ‘click to pay’ option, the money is moved from the bank to the utility in real time to avert a shutdown in power—and possibly even a late payment fee,” he says.


Treasurers’ Next Steps

Treasurers interested in adopting RTP need to first determine its value in the context of their current business operations. Moving to RTP might require new payment technology, particularly if the company’s current system releases batch payments periodically to address specific deadlines.

“Business customers need to contemplate API [application programming interface] connectivity with their banks to release transactions in real time, as opposed to batch,” Casas advises.

Treasurers may also need to change the way they manage liquidity and working capital, creating models in their accounts that move money from point A to point B, he adds. Furthermore, with an RTP system, security needs to be embedded in the company’s operational processes at the item level as opposed to the batch level.

Citi is working closely with its commercial accounts to prepare them for these changes. Ledford says the other five TCH member banks are also assisting their business customers with the transformations required.

Response to RTP has been highly positive thus far. “We’re already hearing from the treasurers now using RTP that the big difference for them has been immediate confirmation of a payment,” Ledford says. “They’re telling us they cannot overstate how important that has been— the certainty it gives them in simplifying processes like reconciliations.”

Treasurers are also touting the speed of the new payments system in assisting their just-in-time supply and demand obligations. An example is a midsize or smaller company buying from a supplier with which they don’t have a credit relationship. “The company needs the product to ship soon but is concerned over payment,” says Ledford. “What might have taken weeks to resolve in the past takes a couple hours and less, due to the new system’s certainty [of payment] and speed.”

Down the line, more and more financial institutions and their customers will be engaging in real-time payments. “We’ll see material adoption [of RTP] in 2019, when more banks are online with more features and functionalities, such as requests for payments and extended messaging,” says Casas. “By 2020, we’ll see a high number of banks on the system and payment volume ramping up in a significant way. Beyond that, it will eventually become the material payments method and the primary alternative to existing systems.”

These developments will be felt worldwide. In anticipation, Citi has developed a comprehensive toolkit that addresses its connectivity to all payment methods and channels globally. Casas explains, “We’re focused on building globally inter-operable capabilities to provide a common experience through a central real-time payment gateway. We see this as  a significant differentiator.”

Navigating The Dark Side Of The IoT Revolution

By Russ Banham

Chief Executive magazine

Wesley McGrew is a white hat hacker at HORNE Cyber, where he directs cyber operations. His job is to find security flaws in company systems by hacking into them. Lately, McGrew and his team have been exploiting the vulnerabilities of Internet-connected smart devices like, well, pretty much everything.

From thermostats and coffeemakers to security systems and garage door openers, many commonplace things are embedded with electronics connecting them to smartphones via wireless protocols like Bluetooth. These devices can be connected to the Internet to exchange data, making the work of business more efficient—except when they do dumb things like let hackers exploit them to shut down corporate networks or steal sensitive data. “Any business today has some sort of smart device on its network, either for pure business reasons, like a printer, or for ease of use, like my crockpot,” says McGrew.

His crockpot, which he relies on occasionally for in-office meals, is a demon in disguise. Inside it is a miniature, multi-purpose computer like a circuit board with untold powers—of the bad kind. “The manufacturer of the crockpot has no idea about this computer, other than it switches things on and off,” McGrew explains. “But it is really quite remarkable, with the same power and capabilities as a full desktop workstation from 10 years ago.”

Suddenly, a prosaic crockpot is also a computer designed to automatically connect in the cloud to a company’s wireless network. However, this computer is vastly easier to hack because it was not designed with strong, configurable security in mind. “A lot of them have a hard-coded password that can’t be changed without a firmware update by the vendor,” says McGrew. “The problem is vendors rarely, if ever, update the firmware.”

A worse problem is that this password is instantly available to hackers. “Default passwords of all these devices are available on the search engine Shodan, which allows anyone to find specific devices connected to the Internet,” says Harri Hursti, the famed Finnish programmer whose studies of voting systems unearthed serious security flaws. “You simply type in the name of the device, and it’s amazing what you can find.”

Not Exactly Fort Knox

Blame economics for many smart devices’ shoddy security. “The challenge in selling many smart devices is the need to hit a price point low enough to encourage people to buy the device,” says Irfan Saif, a principal in the cyber risk practice at consultancy firm Deloitte. “To help achieve this price point, manufacturers may limit features around security.”

He is not alone in this alarmist view.

“Three seconds of thought are given to security,” says Dottie Schindlinger, vice president and governance technology evangelist at Diligent, a provider of enterprise governance management solutions. “The goal is to make the device super easy to connect to a WiFi network and other devices—to make them ‘idiot-proof’ for anyone to deploy. Yet, the moment the device connects to a network, it becomes a giant wormhole for hackers to penetrate.”

This was the case with McGrew’s crockpot.

“It was incredibly simple to exploit its security flaws,” he says. “Once in the back door, I used it as my base of operations to scan the rest of the network looking for vulnerabilities in our internal systems. Basically, I had a foothold into our network to do whatever I wanted next.”

A hacker with malicious intent can do the same thing, albeit with devastating consequences—compromise the network, steal sensitive data, hold the organization ransom and crimp the flow of business.

Midsize and smaller companies with tight resources to invest in a chief information security officer and trained IT security staff are most at risk, although even the largest enterprises are not immune.

“Our company is dependent on IT systems, data and our employees for our operations and securing these systems and data is a fiduciary responsibility of management and directors,” says Ken Asbury, CEO of CACI, a provider of information solutions and services for defense, intelligence and federal civilian government customers. “Just like we have to be sure our facilities and our people are secure, we now need to ensure our employees are informed about the importance of and necessary steps to secure smart devices like surveillance cameras, door locks and printers that are on the network….The Internet of things (IoT) is a new area for cybersecurity, one that increasingly poses the greatest amount of risk.”

Awakening the Zombies

This threat was made frighteningly clear in August 2016, when hackers created malware called Mirai that scanned the Internet continuously looking for the IP addresses of smart devices vulnerable to the default password security flaw. The hackers then commandeered these smart devices into a botnet (robot network) that unleashed DDoS (distributed denial of service) attacks on hundreds of websites, shutting them down and causing extraordinary business interruption losses. In a DDoS attack, a website is besieged with so much traffic, it can no longer accommodate legitimate users.

The smart devices-turned-zombies were primarily inexpensive, mass-produced CCTV video cameras designed for security purposes. Two months later, the same malware was used against Dyn, a managed domain name system provider of Internet services to Twitter, Reddit, CNN, Spotify and thousands of other websites, shutting many of its clients down. Approximately 500 companies that relied exclusively on Dyn suffered extensive downtimes.

“In the old days, hackers used powerful IT systems to carry out a DDoS attack,” says Vance Brown, CEO of the National Cybersecurity Center, a provider of cybersecurity training. “Today, it’s much easier to marshal thousands of network-connected smart devices to do the same thing.”

Another eye-opening hack of a smart device involved the hospitality industry. In 2017, a hacker infiltrated the wireless key card system at an Austrian hotel, locking all the doors and shutting down the computer system that operated them. “A ransom in bitcoin was demanded to turn the system back on,” says Jody Westby, CEO of Global Cyber Risk, a provider of cyber risk management services. “The hacking was publicly reported, exposing the hotel to potential reputational damage.”

Smart printers have also been hacked. In 2017, a bored teenager in the UK built a program that hacked into 150,000 Internet-connected printers to print out reams of paper. The clever hacker signed his work “Stackoverflowin.”

Schindlinger cited a more devastating hack. “A certain brand of wireless printer has been shown to have a gaping security loophole, allowing hackers to reprint anything that has ever been printed on the device,” she says. “That may include every legal contract the company has signed, new product information, payroll data, employee names and Social Security numbers—you name it.”

What’s more, once a hacker breaks into the printer, a back door to the rest of the network is opened. As Brown puts it, “As soon as you’re in the house, you have access to all the rooms.”

Even some of the best-selling technology products today may do things users are in the dark about. Brown points to smart speakers like Amazon Echo, noting, “If the device is always listening to you, it also could be spying on you.”

He’s right. A security researcher recently demonstrated how to insert malware into a pre-2017 Echo to stream audio from it to a server, turning the device into a personal eavesdropping microphone.

While there is no software patch available to repair the problem in older units, the vulnerability has been addressed in post-2017 Echo models.

Sending in the Guards

How concerned are corporate risk managers about IoT-related attacks? The answer is extremely. An astonishing 94 percent of cyber risk professionals responding to a study by the Ponemon Institute stated that a security incident related to an unsecured smart device would be “catastrophic,” with 74 percent expressing concern over the loss or theft of valuable data.

What can CEOs to do ensure their companies’ networks and systems are protected? It’s not an easy question to answer.

As McGrew points out, “In many midsize and smaller businesses, the IT security staff is 100 percent focused on keeping the network running. They don’t have time to chase all these smart devices that are connecting to it; they’re at capacity. And most companies don’t have a team of [network] penetration testers—white hat hackers who love to break into devices and pinpoint their vulnerabilities.”

Westby from Global Cyber Risk agrees, noting that it is difficult to sell the firm’s assessments to companies with under $1 billion in revenue.

“Compared with the enormous expense of a business interruption, a forensic investigation is a pittance, yet many CEOs downplay the need,” she says. “This is ridiculous since they have a fiduciary responsibility to investors and shareholders to pay attention to these risks. A big attack can literally do them in.”

The Ponemon Institute study drew a similar conclusion. The respondents cited boards of directors not fulfilling their oversight responsibilities and making management accountable as one of the three major barriers to addressing the risks of smart devices. The other two barriers were insufficient resources and a lack of priority in their approach to cyber risks. “Because it is not a priority and leadership is not engaged, the necessary resources are not being allocated,”

says Larry Ponemon, chairman and founder of the Ponemon Institute. “While smart devices promise good things by sharing information for good purposes, there is a dark side—hackers using the information for nefarious purposes.”

Asbury from CACI says that CEOs must take the risk of connected smart devices seriously and lead the charge in their organizations to do something about it. “Companies must develop a culture of cybersecurity, and that begins with the tone from the top set by the executive team and board,” he says. “A strong culture of cybersecurity makes the security of systems, data and smart devices the responsibility of all employees, not just the IT and security teams.”

He adds, “It takes everyone to keep a company secure, at every level of the workforce, all the way up to the boardroom. But someone has to lead the way.”

Insurance Underwriting 2018

By Russ Banham

Carrier Management

Underwriting is the nucleus of the insurance business. For centuries, human beings have performed this process, evaluating a risk to determine whether or not it is insurable at a profit for the insurance carrier. To this task they brought significant statistical and analytical skills, attention to detail, and judgment.

Well, move over people; here come the robots. Through the use of cognitive computing tools like machine learning, predictive analytics, robotics processing automation, and both image recognition and natural language processing, underwriting is becoming less manual and more automated. Providers of the tools offer novel ways for underwriters to better gauge risk, set premiums, save time, become more efficient and lower loss ratios.

We’ve profiled four such InsurTech companies here, each with a different set of products and services, but all with a similar value proposition: to make insurance underwriting more accurate and less burdensome, freeing underwriters to take on more strategic, value-added work.

Will the tools eventually replace the people whom they are currently helping? Read on.

Intellect SEEC: Expanding Information Boundaries

The unusually named Intellect SEEC (the two words reflect the consequence of a merger) is the first InsurTech enterprise in our lineup. Intellect SEEC provides cognitive computing solutions covering multiple insurance functions like underwriting and distribution via a cloud-based platform. The company focuses on commercial lines underwriting services for primarily medium-sized and smaller commercial insurers and specialty carriers.

Pranav Pasricha, Intellect SEEC’s CEO, said the company reinvented itself after the 2009 merger to bring the latest innovations in machine learning and big data to underwriting. “We’re confident that we’re the best source of structured, semi-structured and unstructured information in the world,” he asserted.

This information ranges from publicly available legal filings and press articles to customer comments and social media feedback. Intellect SEEC’s tools capture this data and ferret out the most pertinent information from an underwriting standpoint.

“We’re able to distill fine-tuned alerts of information about each class of business—the different things that can go wrong and the insights drawn from this knowledge,” said Pasricha. “Such risk indicators often escape the attention of underwriters, yet are crucial elements of the overall risk picture. We’re expanding information a thousand times.”

He’s not necessarily boasting. A human being could not possibly collect and collate 10,000 pieces of information of import to a particular risk. However, using cognitive computing tools like predictive analytics and machine learning, this huge volume of data is compressed into digestible tidbits of underwriting import.

Intellect SEEC also canvasses historical and real-time data sources to make predictions on future loss likelihood. Examples include an upcoming regulation or possibly adverse legal ruling affecting a potential insured’s business prospects or a competitor’s research into the development of a new product or product enhancement.

“Our Risk Analyst product uses machine learning to look at events occurring around an insurance prospect’s business to assess potential risks down the line,” said Pasricha. “We capture this information and provide it to underwriters in the form of an alert.”

Prior to joining Intellect SEEC, Pasricha was the chief operating officer of QBE Insurance Group in Australia, leading the company’s global underwriting transformation effort. Intellect SEEC’s Chief Technology Officer Lakshan De Silva worked with him at QBE in driving this transformation.

“Next up for us is an extension of our current capabilities, incorporating more video into our telematics to further illuminate the risk profile,” said Pasricha. “We also see the Internet of Things as a huge growth platform, pulling and analyzing data from the embedded sensors to provide added insights to underwriters.”

DataRobot: Powering Predictive Models

DataRobot also digs through mountains of risk-based data to unearth underwriting insights, in its case via an automated machine learning platform. Underwriters interact with the platform to create better risk models.

“We help underwriters get an idea of what an insurance policy will cost over a multiyear period of time, presenting the opportunity for the carrier to improve its risk segmentation,” explained Satadru Sengupta, DataRobot general manager and data scientist.

The business of selling an insurance policy today is based on an assessment of a prospect’s historical risk and loss data to price the coverage terms and conditions on an annual basis. Scant thought is given the trajectory of the risk five years into the future and what the premium for the policy would need to be at that time. Predictive big data analytics offers a way to gauge this future cost of goods sold to create a more balanced underwriting portfolio.

Armed with this knowledge, an insurer may determine a particular risk provides a greater long-term return than another risk. “We’re providing a way for underwriters to make better predictions that improve risk segmentation and charge a more accurate premium,” said Sengupta. “We tap into different sets of data and automatically apply open source algorithms to help underwriters build highly accurate predictive models that tell a truer story of future risk.”

DataRobot’s cognitive computing platform also is marketed to carriers for claims, distribution and other insurance processes (underwriting represents less than one-third of its market). The platform can be used to underwrite personal lines and commercial lines products, as well as health and life insurance. Users interact with the platform to build hundreds of risk models in a single click, helping them make better predictions. “We make the process of building a risk model extremely simple,” Sengupta said.

Large global insurance carriers are DataRobot’s primary customers, although its modeling tools also are sold to other industry sectors like banking and health care. Nevertheless, insurance would appear to be the company’s sweet spot. Two former insurance executives—Jeremy Achin and Tom de Godoy (both from Travelers)—are co-founders of DataRobot. Sengupta also hails from the industry, serving stints at AIG and Liberty Mutual. And its chief data scientist is a former actuary.

“We’re insurance through and through, from product design and development through advisory and client interactions,” said Sengupta. “We speak the language of insurance and understand the challenges of underwriting.”

He added, “Oftentimes people think analytics is all about the application of algorithms. Not necessarily so, although they are important. What is most critical is designing the workflow. When you merge experienced data scientists with people who have deep insurance domain expertise, you get solutions that address real business problems.”

In 2018 DataRobot plans to incorporate so-called time series analytical modeling into its platform. Last year, it acquired data science company Nutonian to bolster its capabilities to create models involving time series data. The key word is “time.” As the name suggests, the analyses involve predictions generated by time-based data—years, days and hours.

DataCubes: Solving Underwriting Problems

Unlike DataRobot, DataCubes focuses exclusively on developing machine learning and data science tools for insurance underwriters. “It’s all we do,” said Harish Neelamana, DataCubes’ co-founder and chief product officer. “We solve two big problems: overcoming inefficiencies in how underwriters do their job and providing access to better facts to make smarter decisions.”

Regarding the first solution, by digitizing and automating the processing of insurance applications in real time, the company reduces the paperwork migraines involved in the quote-to-bind underwriting process. The solution also comprises a data integration engine that captures and organizes data from multiple external and internal sources.

“We start with a few pieces of information, like the name and address of a business, and then sift through the usual mountains of publicly available data and licensed data sources that describe various aspects of this entity,” said Kuldeep Malik, DataCubes’ CEO and co-founder. “This typically includes how long the company has been in business, the nature of the work it does, how many employees it has and all sorts of other information. We then apply machine learning to this data to answer specific underwriting questions, giving users an Amazon-like experience.”

An example is a landscaping enterprise that mows lawns, cuts hedges and removes dead leaves. These activities help describe the company’s risk profile for underwriting purposes, culminating in a premium charged for the related exposures. However, by scraping data off websites and social media, the underwriter may learn that the landscaper did a great job cleaning out the roof gutters of a particular customer. Unfortunately, this high-risk activity was neither realized nor reflected in the underwriter’s risk assessment and premium calculations.

DataCubes helps to solve this conundrum. “The underwriter can ask the question: ‘Does the landscape contractor do roofing work?’” said Malik. “The tool interprets this to go out and search data about the company. Up pops some information that the company did some roofing work a couple times. Well, roofers fall off roofs, changing the risk profile.”

Most of DataCubes’ insurance carrier customers are in the $50 million to $100 million range (gross written premiums), although some are in the $500 million to $2 billion category, and one is a top-tier $10 billion-plus insurer. “We focus on underwriters of workers compensation and BOP [businessowner policy] packages—general liability and property stuff,” Neelamana said.

Prior to launching DataCubes, Neelamana spent 15 years performing operational and strategic roles at Zurich Insurance Group and Allstate; Malik, on the other hand, is an experienced entrepreneur. He said, “Our team is a sort of happy medium of data technologists and insurance underwriting experts coming together to solve underwriting problems.”

RiskPossible: Continuous Underwriting

RiskPossible is the newest kid on the block, a startup still getting its footing. Like the other InsurTech companies, its founder and CEO Michael DeSiato hails from the insurance industry. His mother and two uncles launched the small Granada Insurance Company, a Florida-based property/casualty carrier, in the 1980s. “My mom introduced both insurance and entrepreneurship when I was a little kid,” said DeSiato, who was in Des Moines, Iowa, taking part in a global accelerator program for startups when interviewed for this article.

The company has yet to make its official launch, although it has participated in several pilot projects. RiskPossible also leverages data access and analysis tools, but for a somewhat different purpose. “We help underwriters find out if a policyholder’s risk profile has changed dramatically since binding,” said DeSiato. “We provide this information through our continuous underwriting engine.”

Rather than underwriting being a once-and-done exercise with an annual reappraisal of client risk, DeSiato wanted to make it more of an ongoing process throughout the life of the policy. His thinking was that important risk-based data was escaping the attention of carriers—information that may compel it to cancel the policy.

“We’ve partnered in a pilot program with a nursing home, providing a continuous feed of risk-based data that our tool has scraped off different public and private sources of information, including social media,” he explained. “Once you go down the rabbit hole, the amount of information is incredible. Based on the insights we learn, an alert would be sent to the underwriter to re-evaluate the risk.”

DeSiato provided the following scenario: a nursing home whose fire and smoke doors were recently inspected to ensure compliance with a new rule from the U.S. Centers for Medicare & Medicaid Services (CMS) covering the installation, care and maintenance of many types of doors and assemblies in a healthcare setting. If the company fails the test, this information typically would not reach the underwriter until just before the policy renewal.

“Say you have a restaurant regularly failing inspections for pests or with multiple infractions of people not washing their hands. Wouldn’t the carrier want to know this immediately?” asked DeSiato. “This way you could send out your own inspector to do a renewal review much earlier in the process. Depending on the state, you may have the ability to do a midterm policy cancellation.”

RiskPossible currently is engaged in a joint venture with a provider of IoT-enabled sensors measuring temperature and moisture. The plan is to feed this data into its continuous underwriting engine in time for the company’s imminent launch.

“We want to put the sensors inside freezers in restaurants to detect drops in temperature causing potential food spoilage, and in commercial buildings to discern evidence of a leak, with the data going to both the insured and insurers,” said DeSiato. “We’re also working with another partner that has developed a tool that counts the number of people going in and out of a facility. All this risk-based data coming from multiple sources has import for underwriting, well before the renewal.”

Back to Those Robots

As these stories relate, machine learning and data science technology should make the job of underwriting easier and more efficient and productive. But will the tools eliminate the need for underwriters in the future?

All the interviewees demurred on the point. “The day a machine does what human underwriters do is the day there is nothing left for anyone to do,” said DeSiato. “Underwriting requires three things: intellectual curiosity, domain knowledge and creativity. This is what human beings provide. At best, the tools will help underwriters enhance their portfolios and productivity. They won’t replace people—not any time soon.”

Pasricha from Intellect SEEC has a slightly different perspective. “In the future, every job is going to be disrupted by machine learning, including those of underwriters,” he said. “But this doesn’t mean underwriters will be replaced entirely. An important job in the future will be training the machines to underwrite—something that only the best underwriters will inevitably do.”

DataRobot’s Sengupta concurred: “Underwriters will be different in the future, but the jobs are not going away. As machines take over the rote jobs, underwriters will have more time on their hands to focus on emerging risks like cyber, where there isn’t much data yet to draw from. Machines will extract this data as it increasingly becomes available, but human beings will be needed to assess its meaning.”

“As robots allow underwriters to be more efficient and make more intelligent decisions, they will be freed to spend more time on building a better book of business,” said Neelamana from DataCubes. “The position itself will be occupied by highly intelligent people of enormous importance to the profitability of the carrier.”

Instead of robots replacing people, the interviewees contend that humans and machines will fuse together as one—not in a mechanical sense, of course, but in an intellectual one. Underwriters will not disappear. Instead, they will become uber-underwriters.

Russ Banham is a Pulitzer-nominated business journalist and author

Insurance Captives Reach New Hieghts

By Russ Banham

Risk Management

Over the past five years, the popularity of captive insurance companies has skyrocketed. Not only do more than 90% of Fortune 500 businesses own at least one captive, but even small and mid-sized companies have formed them.

The motivations for creating a captive have not changed much in the half-century since the first captive was formed in 1962. A company-owned insurance operation provides direct access to reinsurance markets, customized insurance coverage that fills gaps in the commercial market, access to accrued investment income, and incentive to improve loss control. The thinking of many risk managers is simply, why trade dollars with an insurance company when you don’t have to?

The surge in captive formations has been fueled by a series of favorable tax court rulings, the increasing number of U.S. state captive domiciles, and the emergence of new and challenging exposures, such as cyberrisks, that have caused insurance carriers to raise rates and adopt stricter coverage terms and conditions. As a result, the reasons to form a captive have never been more persuasive.

New Captives Under Scrutiny

Captives have become increasingly common, but experts believe some companies may be throwing caution to the wind with certain arrangements. “I’m not concerned about big corporations forming captives as much as I am about the private sanitation company that forms a captive because it can’t get decent workers compensation insurance, or the nursing home that can’t buy professional liability insurance,” said Andrew Barile, CEO of Andrew Barile Consulting and a strategic advisor on captive formation and implementation since 1967. “It’s these 831(b) captives and the recent flurry in the formation of captive cells that give me pause.”

The 831(b) captives get their name from Section 831(b) of the IRS Code on Micro-Captive Transactions, a 1986 regulation that provides tax advantages to small property and casualty insurance companies. According to the rule, a captive can elect to be taxed on net investment income when gross annual premiums are $1.2 million or less (recently increased to $2.2 million). The owning entity also can deduct premiums paid to the captive as ordinary business expenses.

The tax advantages reduce the cost of financing a risk transaction, making captive formation enticingly affordable for many small companies. The IRS, however, is closely examining 831(b) captives to ensure they do not constitute illegal tax shelters. IRS Notice 2016-66 categorizes Section 831(b) as “transactions of interest,” subject to additional documentation and disclosure requirements for “promoters” and “material advisors.” New legislation in 2018 has also mandated additional tests for these captives to demonstrate appropriate risk diversification.

The added scrutiny does not bode well for some 831(b) owners. “Too many of these structures are set up by CPA firms and not insurance underwriters, which tells me they lean more toward being a tax shelter as opposed to a genuine risk-transfer mechanism,” Barile said.

Captive cells have also come under scrutiny. A captive cell is akin to a rented apartment in a large apartment building: The captive is used by a group of unrelated insureds so each can take advantage of the benefits of a typical captive arrangement without actually owning the insurance company. Each cell is legally separated from other cells, meaning the insured’s assets are walled off and protected from the legal liabilities of other cells. The core owner maintains a capital surplus to absorb working layer losses, above which reinsurance kicks in.

The challenge is when one cell company’s losses exceed the capital set aside by the captive’s sponsor. If the cell company has not posted enough capital to absorb the financial impact, it will need to dig into its wallet to pay off the remaining financial obligation. Since the companies forming cell captives are, for the most part, small businesses, that burden can be significant.

There are tax concerns for cell captives, as well. “I get these calls from nursing homes that say they just formed a cell captive in Bermuda, but there’s no broker or risk manager and they don’t know what they’re doing,” Barile said. “There’s no fronting company involved. Instead, there’s a small CPA firm hoping to get the client a tax deduction. You’ve got the accountants—not actuaries—setting the reserves and writing manuscript insurance policies, using the internet as the only source of intelligence.”

Certainly not all cell and 831(b) captives are suspect, but some of the IRS scrutiny is justified, and necessitates reasonable caution. “To a certain degree, 831(b) captives are being used as a wealth management device,” said Peter Mullen, CEO of Aon Global Captive and Insurance Management. “We do not set up such vehicles. Our distribution system is a risk management distribution system, not wealth management.”

Charting Captive Growth

While there are no reliable figures on the total number of 831(b) and cell captives that have been formed, anecdotal evidence indicates they are on the rise. More dependable statistics are available on the rising volume of traditional captives.

EY estimates there are currently 7,100 captives, up from 4,000 five years ago, while insurance broker Marsh tallies 7,000 captives, up from 5,000 in 2006. The Captive Insurance Companies Association (CICA) cites a current total of 6,618 captives.

Captives have been formed in domiciles all over the world, but the United States has seen the greatest recent growth. “About 78% of captives formed worldwide in 2017 occurred in the United States, accounting for 616 new licensed captives,” said Daniel Towle, CICA president. “Europe licensed 22 new captives, down from 36 the prior year, and only eight captives were licensed across Asia-Pacific. Bermuda and the rest of the Caribbean licensed 108.”

The high volume of recent captive formations in the United States can be attributed to the growing number of states that have passed legislation to become captive domiciles. The Insurance Information Institute reported that 29 states now permit the formation of captive insurance companies. Vermont is the current leader in the United States with 593 state-licensed captives, followed by Utah with 462.

As more states enter the fray, competition for business is fierce. “Economic development is the reason a state wants to become a captive domicile,” said Paul Phillips, a partner and tax markets leader at EY. In Vermont, for example, there are dozens of captive managers and insurance brokerages with brick and mortar buildings in Burlington, as well as a host of small CPA firms and actuaries. “All that property development and employment translates into substantial tax income and economic lift,” he said.

Barile concurred, “Domiciles are tripping over themselves to get business. Governors know this is a lucrative way to build fee income.”

Unwieldy Exposures

Another factor in the recent surge in captive formations is corporate concern over new types of financial exposures, most notably cyberrisks. “Generally speaking, any line of insurance that does not have much in the way of commercial capacity or has lots of coverage exclusions is a good fit for a captive,” Towle said. “Right now, cyber fits this bill. Companies can write coverage in the captive for the exclusions and buy reinsurance for losses above the limit.”

Mullen said many of Aon’s clients are “incubating” cyber and other thorny exposures in their captives. “Although there is quite a bit more capacity for cyber in the commercial market now, if the risk is deemed by insurers to be particularly difficult—with little data on potential losses—the client may choose to put the risk in its captive,” he said.

In such cases, the captive owner will engage an actuary to develop a probabilistic loss model to calculate an adequate premium. As losses occur over the next few years, a body of data develops, and the company may then take its chances again in the commercial market. “They’ll say, ‘We’ve been incubating this risk in our captive for the past five years and here is the policy form we used, how we calculated our premium, our claims adjustment process, and our loss experience,’” Mullen said. “If the market’s reaction is good, they may then opt to buy risk-transfer.”

Other financial exposures similarly incubated in larger captives include product liability, employee wage and hour, and business interruption risks. Large captives are also being formed to insure their owner’s employee benefits obligations, such as life insurance and short- and long-term disability insurance. Corporations funding employee benefit risks through their captive insurance companies include Hyatt Hotels, Coca-Cola, Intel and Microsoft.

Smaller captives are insuring an even wider range of exposures. “I’ve seen small companies wanting policies to absorb business losses caused by changes in legislation, to absorb the risk of a tax audit or bad debts, and to insure all the deductibles the company has with commercial insurers,” Barile said.

Many experts advise small businesses to include captive experts drawn from the insurance industry—like an actuary or underwriter—when mulling the formation of a captive. “Captives aren’t for everybody,” said Prabal Lakhanbal, a captive consultant with Spring Consulting Group. “Proper due diligence should be pursued, followed by a well thought-out feasibility study prepared by an insurance specialist.”

Legal Clarity

Many of the legal and tax issues that historically hovered over the captive industry are less of a concern today, compelling companies that were wary of forming a captive in the past to consider doing so. Recent tax court decisions have been favorable for alternative insurance arrangements, clarifying questions of risk-shifting, risk distribution, premium excessiveness and what constitutes an insurance contract.

For example, in the recent captive case RVI Guaranty Co. Ltd., et al. v. Commissioner, the U.S. Tax Court held that an insurance contract created to insure against the risk of a decrease in the value of property in fact covered an insurance risk rather than an investment risk, as the IRS had alleged, qualifying the contract as insurance for federal income tax purposes.

Today, fewer companies form captives primarily for the tax benefits. A Marsh study, for example, indicated less than 50% of the captives managed by the firm even bother to take a U.S. tax position. Nearly three-quarters of their clients reported  the key driver in forming a captive was to fund retained corporate risk. “As organizations’ understanding of risk matures, their risk management strategies become more sophisticated, increasing the likelihood of forming or expanding the use of a captive,” said Michael Serricchio, managing director of Marsh Captive Solutions.

Mullen has heard similar reasoning at Aon. “When we survey our clients every year about the reasons they have a captive, something like 4% say they do it for tax reasons; the majority cite strategic risk management purposes,” he said.

By establishing their captive for these strategic reasons, current and prospective owners can avoid IRS suspicion. “The simplest way to ensure your captive is within current tax rules is to be able to show that it was formed for a non-tax business reason,” Lakhanbal said.

Overall, captives have proven to be effective for funding and strengthening management of a company’s risks. “Looking at our global captive book of about $30 billion, the combined loss ratio runs around 75%, a clear indication that our clients are doing something right as they run their business through their captives,” Mullen said.

This success has helped make captives into a more mainstream risk management option. “A captive is no longer an alternative risk transfer mechanism,” Serricchio said. “It’s now a key tool for risk managers to address traditional property/casualty and employee and customer risks.”

In the future, Phillips believes more businesses of all types and sizes will consider forming captive insurance companies of their own simply because they are effective. After all, “captives are sector-agnostic,” he said, “and every company has risk.”