Insurance Underwriting 2018

By Russ Banham

Carrier Management

Underwriting is the nucleus of the insurance business. For centuries, human beings have performed this process, evaluating a risk to determine whether or not it is insurable at a profit for the insurance carrier. To this task they brought significant statistical and analytical skills, attention to detail, and judgment.

Well, move over people; here come the robots. Through the use of cognitive computing tools like machine learning, predictive analytics, robotics processing automation, and both image recognition and natural language processing, underwriting is becoming less manual and more automated. Providers of the tools offer novel ways for underwriters to better gauge risk, set premiums, save time, become more efficient and lower loss ratios.

We’ve profiled four such InsurTech companies here, each with a different set of products and services, but all with a similar value proposition: to make insurance underwriting more accurate and less burdensome, freeing underwriters to take on more strategic, value-added work.

Will the tools eventually replace the people whom they are currently helping? Read on.

Intellect SEEC: Expanding Information Boundaries

The unusually named Intellect SEEC (the two words reflect the consequence of a merger) is the first InsurTech enterprise in our lineup. Intellect SEEC provides cognitive computing solutions covering multiple insurance functions like underwriting and distribution via a cloud-based platform. The company focuses on commercial lines underwriting services for primarily medium-sized and smaller commercial insurers and specialty carriers.

Pranav Pasricha, Intellect SEEC’s CEO, said the company reinvented itself after the 2009 merger to bring the latest innovations in machine learning and big data to underwriting. “We’re confident that we’re the best source of structured, semi-structured and unstructured information in the world,” he asserted.

This information ranges from publicly available legal filings and press articles to customer comments and social media feedback. Intellect SEEC’s tools capture this data and ferret out the most pertinent information from an underwriting standpoint.

“We’re able to distill fine-tuned alerts of information about each class of business—the different things that can go wrong and the insights drawn from this knowledge,” said Pasricha. “Such risk indicators often escape the attention of underwriters, yet are crucial elements of the overall risk picture. We’re expanding information a thousand times.”

He’s not necessarily boasting. A human being could not possibly collect and collate 10,000 pieces of information of import to a particular risk. However, using cognitive computing tools like predictive analytics and machine learning, this huge volume of data is compressed into digestible tidbits of underwriting import.

Intellect SEEC also canvasses historical and real-time data sources to make predictions on future loss likelihood. Examples include an upcoming regulation or possibly adverse legal ruling affecting a potential insured’s business prospects or a competitor’s research into the development of a new product or product enhancement.

“Our Risk Analyst product uses machine learning to look at events occurring around an insurance prospect’s business to assess potential risks down the line,” said Pasricha. “We capture this information and provide it to underwriters in the form of an alert.”

Prior to joining Intellect SEEC, Pasricha was the chief operating officer of QBE Insurance Group in Australia, leading the company’s global underwriting transformation effort. Intellect SEEC’s Chief Technology Officer Lakshan De Silva worked with him at QBE in driving this transformation.

“Next up for us is an extension of our current capabilities, incorporating more video into our telematics to further illuminate the risk profile,” said Pasricha. “We also see the Internet of Things as a huge growth platform, pulling and analyzing data from the embedded sensors to provide added insights to underwriters.”

DataRobot: Powering Predictive Models

DataRobot also digs through mountains of risk-based data to unearth underwriting insights, in its case via an automated machine learning platform. Underwriters interact with the platform to create better risk models.

“We help underwriters get an idea of what an insurance policy will cost over a multiyear period of time, presenting the opportunity for the carrier to improve its risk segmentation,” explained Satadru Sengupta, DataRobot general manager and data scientist.

The business of selling an insurance policy today is based on an assessment of a prospect’s historical risk and loss data to price the coverage terms and conditions on an annual basis. Scant thought is given the trajectory of the risk five years into the future and what the premium for the policy would need to be at that time. Predictive big data analytics offers a way to gauge this future cost of goods sold to create a more balanced underwriting portfolio.

Armed with this knowledge, an insurer may determine a particular risk provides a greater long-term return than another risk. “We’re providing a way for underwriters to make better predictions that improve risk segmentation and charge a more accurate premium,” said Sengupta. “We tap into different sets of data and automatically apply open source algorithms to help underwriters build highly accurate predictive models that tell a truer story of future risk.”

DataRobot’s cognitive computing platform also is marketed to carriers for claims, distribution and other insurance processes (underwriting represents less than one-third of its market). The platform can be used to underwrite personal lines and commercial lines products, as well as health and life insurance. Users interact with the platform to build hundreds of risk models in a single click, helping them make better predictions. “We make the process of building a risk model extremely simple,” Sengupta said.

Large global insurance carriers are DataRobot’s primary customers, although its modeling tools also are sold to other industry sectors like banking and health care. Nevertheless, insurance would appear to be the company’s sweet spot. Two former insurance executives—Jeremy Achin and Tom de Godoy (both from Travelers)—are co-founders of DataRobot. Sengupta also hails from the industry, serving stints at AIG and Liberty Mutual. And its chief data scientist is a former actuary.

“We’re insurance through and through, from product design and development through advisory and client interactions,” said Sengupta. “We speak the language of insurance and understand the challenges of underwriting.”

He added, “Oftentimes people think analytics is all about the application of algorithms. Not necessarily so, although they are important. What is most critical is designing the workflow. When you merge experienced data scientists with people who have deep insurance domain expertise, you get solutions that address real business problems.”

In 2018 DataRobot plans to incorporate so-called time series analytical modeling into its platform. Last year, it acquired data science company Nutonian to bolster its capabilities to create models involving time series data. The key word is “time.” As the name suggests, the analyses involve predictions generated by time-based data—years, days and hours.

DataCubes: Solving Underwriting Problems

Unlike DataRobot, DataCubes focuses exclusively on developing machine learning and data science tools for insurance underwriters. “It’s all we do,” said Harish Neelamana, DataCubes’ co-founder and chief product officer. “We solve two big problems: overcoming inefficiencies in how underwriters do their job and providing access to better facts to make smarter decisions.”

Regarding the first solution, by digitizing and automating the processing of insurance applications in real time, the company reduces the paperwork migraines involved in the quote-to-bind underwriting process. The solution also comprises a data integration engine that captures and organizes data from multiple external and internal sources.

“We start with a few pieces of information, like the name and address of a business, and then sift through the usual mountains of publicly available data and licensed data sources that describe various aspects of this entity,” said Kuldeep Malik, DataCubes’ CEO and co-founder. “This typically includes how long the company has been in business, the nature of the work it does, how many employees it has and all sorts of other information. We then apply machine learning to this data to answer specific underwriting questions, giving users an Amazon-like experience.”

An example is a landscaping enterprise that mows lawns, cuts hedges and removes dead leaves. These activities help describe the company’s risk profile for underwriting purposes, culminating in a premium charged for the related exposures. However, by scraping data off websites and social media, the underwriter may learn that the landscaper did a great job cleaning out the roof gutters of a particular customer. Unfortunately, this high-risk activity was neither realized nor reflected in the underwriter’s risk assessment and premium calculations.

DataCubes helps to solve this conundrum. “The underwriter can ask the question: ‘Does the landscape contractor do roofing work?’” said Malik. “The tool interprets this to go out and search data about the company. Up pops some information that the company did some roofing work a couple times. Well, roofers fall off roofs, changing the risk profile.”

Most of DataCubes’ insurance carrier customers are in the $50 million to $100 million range (gross written premiums), although some are in the $500 million to $2 billion category, and one is a top-tier $10 billion-plus insurer. “We focus on underwriters of workers compensation and BOP [businessowner policy] packages—general liability and property stuff,” Neelamana said.

Prior to launching DataCubes, Neelamana spent 15 years performing operational and strategic roles at Zurich Insurance Group and Allstate; Malik, on the other hand, is an experienced entrepreneur. He said, “Our team is a sort of happy medium of data technologists and insurance underwriting experts coming together to solve underwriting problems.”

RiskPossible: Continuous Underwriting

RiskPossible is the newest kid on the block, a startup still getting its footing. Like the other InsurTech companies, its founder and CEO Michael DeSiato hails from the insurance industry. His mother and two uncles launched the small Granada Insurance Company, a Florida-based property/casualty carrier, in the 1980s. “My mom introduced both insurance and entrepreneurship when I was a little kid,” said DeSiato, who was in Des Moines, Iowa, taking part in a global accelerator program for startups when interviewed for this article.

The company has yet to make its official launch, although it has participated in several pilot projects. RiskPossible also leverages data access and analysis tools, but for a somewhat different purpose. “We help underwriters find out if a policyholder’s risk profile has changed dramatically since binding,” said DeSiato. “We provide this information through our continuous underwriting engine.”

Rather than underwriting being a once-and-done exercise with an annual reappraisal of client risk, DeSiato wanted to make it more of an ongoing process throughout the life of the policy. His thinking was that important risk-based data was escaping the attention of carriers—information that may compel it to cancel the policy.

“We’ve partnered in a pilot program with a nursing home, providing a continuous feed of risk-based data that our tool has scraped off different public and private sources of information, including social media,” he explained. “Once you go down the rabbit hole, the amount of information is incredible. Based on the insights we learn, an alert would be sent to the underwriter to re-evaluate the risk.”

DeSiato provided the following scenario: a nursing home whose fire and smoke doors were recently inspected to ensure compliance with a new rule from the U.S. Centers for Medicare & Medicaid Services (CMS) covering the installation, care and maintenance of many types of doors and assemblies in a healthcare setting. If the company fails the test, this information typically would not reach the underwriter until just before the policy renewal.

“Say you have a restaurant regularly failing inspections for pests or with multiple infractions of people not washing their hands. Wouldn’t the carrier want to know this immediately?” asked DeSiato. “This way you could send out your own inspector to do a renewal review much earlier in the process. Depending on the state, you may have the ability to do a midterm policy cancellation.”

RiskPossible currently is engaged in a joint venture with a provider of IoT-enabled sensors measuring temperature and moisture. The plan is to feed this data into its continuous underwriting engine in time for the company’s imminent launch.

“We want to put the sensors inside freezers in restaurants to detect drops in temperature causing potential food spoilage, and in commercial buildings to discern evidence of a leak, with the data going to both the insured and insurers,” said DeSiato. “We’re also working with another partner that has developed a tool that counts the number of people going in and out of a facility. All this risk-based data coming from multiple sources has import for underwriting, well before the renewal.”

Back to Those Robots

As these stories relate, machine learning and data science technology should make the job of underwriting easier and more efficient and productive. But will the tools eliminate the need for underwriters in the future?

All the interviewees demurred on the point. “The day a machine does what human underwriters do is the day there is nothing left for anyone to do,” said DeSiato. “Underwriting requires three things: intellectual curiosity, domain knowledge and creativity. This is what human beings provide. At best, the tools will help underwriters enhance their portfolios and productivity. They won’t replace people—not any time soon.”

Pasricha from Intellect SEEC has a slightly different perspective. “In the future, every job is going to be disrupted by machine learning, including those of underwriters,” he said. “But this doesn’t mean underwriters will be replaced entirely. An important job in the future will be training the machines to underwrite—something that only the best underwriters will inevitably do.”

DataRobot’s Sengupta concurred: “Underwriters will be different in the future, but the jobs are not going away. As machines take over the rote jobs, underwriters will have more time on their hands to focus on emerging risks like cyber, where there isn’t much data yet to draw from. Machines will extract this data as it increasingly becomes available, but human beings will be needed to assess its meaning.”

“As robots allow underwriters to be more efficient and make more intelligent decisions, they will be freed to spend more time on building a better book of business,” said Neelamana from DataCubes. “The position itself will be occupied by highly intelligent people of enormous importance to the profitability of the carrier.”

Instead of robots replacing people, the interviewees contend that humans and machines will fuse together as one—not in a mechanical sense, of course, but in an intellectual one. Underwriters will not disappear. Instead, they will become uber-underwriters.

Russ Banham is a Pulitzer-nominated business journalist and author

Insurance Captives Reach New Hieghts

By Russ Banham

Risk Management

Over the past five years, the popularity of captive insurance companies has skyrocketed. Not only do more than 90% of Fortune 500 businesses own at least one captive, but even small and mid-sized companies have formed them.

The motivations for creating a captive have not changed much in the half-century since the first captive was formed in 1962. A company-owned insurance operation provides direct access to reinsurance markets, customized insurance coverage that fills gaps in the commercial market, access to accrued investment income, and incentive to improve loss control. The thinking of many risk managers is simply, why trade dollars with an insurance company when you don’t have to?

The surge in captive formations has been fueled by a series of favorable tax court rulings, the increasing number of U.S. state captive domiciles, and the emergence of new and challenging exposures, such as cyberrisks, that have caused insurance carriers to raise rates and adopt stricter coverage terms and conditions. As a result, the reasons to form a captive have never been more persuasive.

New Captives Under Scrutiny

Captives have become increasingly common, but experts believe some companies may be throwing caution to the wind with certain arrangements. “I’m not concerned about big corporations forming captives as much as I am about the private sanitation company that forms a captive because it can’t get decent workers compensation insurance, or the nursing home that can’t buy professional liability insurance,” said Andrew Barile, CEO of Andrew Barile Consulting and a strategic advisor on captive formation and implementation since 1967. “It’s these 831(b) captives and the recent flurry in the formation of captive cells that give me pause.”

The 831(b) captives get their name from Section 831(b) of the IRS Code on Micro-Captive Transactions, a 1986 regulation that provides tax advantages to small property and casualty insurance companies. According to the rule, a captive can elect to be taxed on net investment income when gross annual premiums are $1.2 million or less (recently increased to $2.2 million). The owning entity also can deduct premiums paid to the captive as ordinary business expenses.

The tax advantages reduce the cost of financing a risk transaction, making captive formation enticingly affordable for many small companies. The IRS, however, is closely examining 831(b) captives to ensure they do not constitute illegal tax shelters. IRS Notice 2016-66 categorizes Section 831(b) as “transactions of interest,” subject to additional documentation and disclosure requirements for “promoters” and “material advisors.” New legislation in 2018 has also mandated additional tests for these captives to demonstrate appropriate risk diversification.

The added scrutiny does not bode well for some 831(b) owners. “Too many of these structures are set up by CPA firms and not insurance underwriters, which tells me they lean more toward being a tax shelter as opposed to a genuine risk-transfer mechanism,” Barile said.

Captive cells have also come under scrutiny. A captive cell is akin to a rented apartment in a large apartment building: The captive is used by a group of unrelated insureds so each can take advantage of the benefits of a typical captive arrangement without actually owning the insurance company. Each cell is legally separated from other cells, meaning the insured’s assets are walled off and protected from the legal liabilities of other cells. The core owner maintains a capital surplus to absorb working layer losses, above which reinsurance kicks in.

The challenge is when one cell company’s losses exceed the capital set aside by the captive’s sponsor. If the cell company has not posted enough capital to absorb the financial impact, it will need to dig into its wallet to pay off the remaining financial obligation. Since the companies forming cell captives are, for the most part, small businesses, that burden can be significant.

There are tax concerns for cell captives, as well. “I get these calls from nursing homes that say they just formed a cell captive in Bermuda, but there’s no broker or risk manager and they don’t know what they’re doing,” Barile said. “There’s no fronting company involved. Instead, there’s a small CPA firm hoping to get the client a tax deduction. You’ve got the accountants—not actuaries—setting the reserves and writing manuscript insurance policies, using the internet as the only source of intelligence.”

Certainly not all cell and 831(b) captives are suspect, but some of the IRS scrutiny is justified, and necessitates reasonable caution. “To a certain degree, 831(b) captives are being used as a wealth management device,” said Peter Mullen, CEO of Aon Global Captive and Insurance Management. “We do not set up such vehicles. Our distribution system is a risk management distribution system, not wealth management.”

Charting Captive Growth

While there are no reliable figures on the total number of 831(b) and cell captives that have been formed, anecdotal evidence indicates they are on the rise. More dependable statistics are available on the rising volume of traditional captives.

EY estimates there are currently 7,100 captives, up from 4,000 five years ago, while insurance broker Marsh tallies 7,000 captives, up from 5,000 in 2006. The Captive Insurance Companies Association (CICA) cites a current total of 6,618 captives.

Captives have been formed in domiciles all over the world, but the United States has seen the greatest recent growth. “About 78% of captives formed worldwide in 2017 occurred in the United States, accounting for 616 new licensed captives,” said Daniel Towle, CICA president. “Europe licensed 22 new captives, down from 36 the prior year, and only eight captives were licensed across Asia-Pacific. Bermuda and the rest of the Caribbean licensed 108.”

The high volume of recent captive formations in the United States can be attributed to the growing number of states that have passed legislation to become captive domiciles. The Insurance Information Institute reported that 29 states now permit the formation of captive insurance companies. Vermont is the current leader in the United States with 593 state-licensed captives, followed by Utah with 462.

As more states enter the fray, competition for business is fierce. “Economic development is the reason a state wants to become a captive domicile,” said Paul Phillips, a partner and tax markets leader at EY. In Vermont, for example, there are dozens of captive managers and insurance brokerages with brick and mortar buildings in Burlington, as well as a host of small CPA firms and actuaries. “All that property development and employment translates into substantial tax income and economic lift,” he said.

Barile concurred, “Domiciles are tripping over themselves to get business. Governors know this is a lucrative way to build fee income.”

Unwieldy Exposures

Another factor in the recent surge in captive formations is corporate concern over new types of financial exposures, most notably cyberrisks. “Generally speaking, any line of insurance that does not have much in the way of commercial capacity or has lots of coverage exclusions is a good fit for a captive,” Towle said. “Right now, cyber fits this bill. Companies can write coverage in the captive for the exclusions and buy reinsurance for losses above the limit.”

Mullen said many of Aon’s clients are “incubating” cyber and other thorny exposures in their captives. “Although there is quite a bit more capacity for cyber in the commercial market now, if the risk is deemed by insurers to be particularly difficult—with little data on potential losses—the client may choose to put the risk in its captive,” he said.

In such cases, the captive owner will engage an actuary to develop a probabilistic loss model to calculate an adequate premium. As losses occur over the next few years, a body of data develops, and the company may then take its chances again in the commercial market. “They’ll say, ‘We’ve been incubating this risk in our captive for the past five years and here is the policy form we used, how we calculated our premium, our claims adjustment process, and our loss experience,’” Mullen said. “If the market’s reaction is good, they may then opt to buy risk-transfer.”

Other financial exposures similarly incubated in larger captives include product liability, employee wage and hour, and business interruption risks. Large captives are also being formed to insure their owner’s employee benefits obligations, such as life insurance and short- and long-term disability insurance. Corporations funding employee benefit risks through their captive insurance companies include Hyatt Hotels, Coca-Cola, Intel and Microsoft.

Smaller captives are insuring an even wider range of exposures. “I’ve seen small companies wanting policies to absorb business losses caused by changes in legislation, to absorb the risk of a tax audit or bad debts, and to insure all the deductibles the company has with commercial insurers,” Barile said.

Many experts advise small businesses to include captive experts drawn from the insurance industry—like an actuary or underwriter—when mulling the formation of a captive. “Captives aren’t for everybody,” said Prabal Lakhanbal, a captive consultant with Spring Consulting Group. “Proper due diligence should be pursued, followed by a well thought-out feasibility study prepared by an insurance specialist.”

Legal Clarity

Many of the legal and tax issues that historically hovered over the captive industry are less of a concern today, compelling companies that were wary of forming a captive in the past to consider doing so. Recent tax court decisions have been favorable for alternative insurance arrangements, clarifying questions of risk-shifting, risk distribution, premium excessiveness and what constitutes an insurance contract.

For example, in the recent captive case RVI Guaranty Co. Ltd., et al. v. Commissioner, the U.S. Tax Court held that an insurance contract created to insure against the risk of a decrease in the value of property in fact covered an insurance risk rather than an investment risk, as the IRS had alleged, qualifying the contract as insurance for federal income tax purposes.

Today, fewer companies form captives primarily for the tax benefits. A Marsh study, for example, indicated less than 50% of the captives managed by the firm even bother to take a U.S. tax position. Nearly three-quarters of their clients reported  the key driver in forming a captive was to fund retained corporate risk. “As organizations’ understanding of risk matures, their risk management strategies become more sophisticated, increasing the likelihood of forming or expanding the use of a captive,” said Michael Serricchio, managing director of Marsh Captive Solutions.

Mullen has heard similar reasoning at Aon. “When we survey our clients every year about the reasons they have a captive, something like 4% say they do it for tax reasons; the majority cite strategic risk management purposes,” he said.

By establishing their captive for these strategic reasons, current and prospective owners can avoid IRS suspicion. “The simplest way to ensure your captive is within current tax rules is to be able to show that it was formed for a non-tax business reason,” Lakhanbal said.

Overall, captives have proven to be effective for funding and strengthening management of a company’s risks. “Looking at our global captive book of about $30 billion, the combined loss ratio runs around 75%, a clear indication that our clients are doing something right as they run their business through their captives,” Mullen said.

This success has helped make captives into a more mainstream risk management option. “A captive is no longer an alternative risk transfer mechanism,” Serricchio said. “It’s now a key tool for risk managers to address traditional property/casualty and employee and customer risks.”

In the future, Phillips believes more businesses of all types and sizes will consider forming captive insurance companies of their own simply because they are effective. After all, “captives are sector-agnostic,” he said, “and every company has risk.”

DDoS Attacks Evolve To Conscript Devices Onto The IoT

By Russ Banham

The number of cybersecurity attacks skyrocketed in frequency and increased in complexity as the internet of things (IoT) spread its wings in 2017.

But DDoS attacks are really nothing new. They turn 30 this year, making the threat to computer systems and data security one of the oldest around. But the IoT has provided new fuel.

 In these attacks, thousands of computers are turned into an arsenal converging on a single network, overwhelming it with traffic. Today, any electronic device connected to the internet can be used in a DDoS attack — smart refrigerators, thermostats, home security and lighting systems, even baby monitors.It’s a strange picture — commandeering a legion of smart devices to do battle as botnets against a target organization’s network and systems. But this is exactly the scenario that recently took down an internet services company that routes and manages internet traffic.

Army Of Invaders

Like humans turned into zombie-like White Walkers on “Game of Thrones,” 100,000 internet-connected devices were infected with malware and ordered to attack. The result prevented millions of internet users from accessing the websites of more than 70 online companies for about two hours.

Such assaults can be devastating for businesses that generate income through online customer-facing services. The Ponemon Institute pegs the average cost of a DDoS attack for a company at $1.7 million. The bulk of this expense ($517,599) comes from lost services. Other costs include technical support ($414,128), lost productivity ($229,071), disruption to normal operations ($346,062) and damage or theft of IT assets and infrastructure ($199,201).

Hackers’ motives in launching cybersecurity attacks are evolving. They include shutting down networks and reaping illegal financial gains. Hackers are cognizant of the time it takes for IT security to battle the attack, leaving the door temporarily open to corporate data.

Weapons Evolving

Turning smart devices into DDoS botnets is the latest scourge. Unlike corporate computer networks and systems with sophisticated firewalls and flow analytics tools that redirect traffic in response to an attack, connected devices such as baby monitors and washing machines generally have poor security, their endpoints protected by little more than inexpensive, off-the-shelf Wi-Fi routers.

Hackers are well aware of the vulnerabilities, not to mention the opportunity presented. As the number of connected devices rapidly increases from roughly 23 billion to an estimated 50 billion by 2020, the number of potential weapons for a DDoS attack more than doubles.

Limiting Casualties

A multipronged defense strategy is needed to combat DDoS attacks. Vendors of the semiconductors, sensors and other components used in connected devices must upgrade security, according to Broadband Internet Technical Advisory Group. And companies that embed these devices must commit to buying only the most secure ones.

Endpoints on the IoT must be protected by next-generation firewalls with enterprise-level protections as the data flows into the internet. The use of a separate network segmented from the current one will add an extra layer of protection if the device is breached. The U.S. Justice Department also recommends that device users create complex passwords and keep the software current, implementing upgrades and patches the instant they’re issued.

As for limiting network losses from a DDoS attack, security experts recommend geographically dispersing systems so as to reduce the surface attack area. The idea is to put servers in different data centers located on different networks, making it tougher to topple the entire network.

Over time, IoT-related cyber threats will continue to evolve. But the positive results that business and society gain from the use of any new technology can outweigh the bad.

“Growth is being driven by the potential to increase efficiency and improve business outcomes by collecting better data about things in the workplace,” said Larry Ponemon, founder and CEO of the Ponemon Institute. “To ensure that security risks do not outweigh the benefits, new strategies that holistically consider risks in the organization’s entire IoT ecosystem are needed.”

Don’t Let Your IT Security Be The Lowest-Hanging Fruit

By Russ Banham

Yesterday’s hackers may have yearned for the bragging rights that come from having pulled off a major cyberattack, be it against a government network or a large company. But today’s hackers aim for the lowest-hanging fruit: Money, in this case bitcoin, is a bigger lure than boasting.

Today’s hackers strike in a flurry of activity — in many cases, distributed denial of service (DDoS) attacks that divert the attention of a victim’s information security team from malware designed to capture valuable data assets. Distracted in its efforts to get systems back online, the responding cybersecurity team overlooks the malware as it worms its way toward the real bounty.

“DDoS attacks are often designed to cover up the actual intent of hackers, which can be data theft, planting of targeted malware or propagation of ransomware,” said Max Solonski, chief security officer at BlackLine, a financial and accounting automation software provider. “By focusing on containing the disruptive DDoS attack, the InfoSec team might not be able to identify the primary attack vector focused on a specific target or quickly react to the unauthorized transfer of data from a computer.”

This modern-day Trojan horse is becoming increasingly common. According to a 2017 study by Neustar, of all the companies hit with a DDoS attack, 52 percent reported a virus associated with the attack, 35 percent reported malware, 21 percent reported ransomware and 18 percent reported lost customer data. “This is all about the value of information,” said Solonski, “and the easiest way for hackers to obtain information is to target companies lacking adequate InfoSec controls and countermeasures.”

Hackers “aim for companies with the most unsecured cybersecurity and inferior disaster response programs,” said Dottie Schindlinger, vice president and governance technology evangelist at Diligent, a provider of secure board communication and collaboration tools. “Once they sneak through the fence, they go for the gold.”

Security Begins At Top

To protect their companies, senior management and board directors need to ensure that hackers don’t perceive their organizations as low-hanging fruit, Schindlinger said. “The days of the IT team alone thinking about cybersecurity are long over,” she said. “Cyber risk management is everyone’s responsibility today — from the top of the company down. Cybersecurity must be embedded into the organization’s culture.”

While employees are increasingly educated about and vigilant of cyber risks like phishing, many board directors and senior executives fail to heed such threats. Sixty percent of board directors regularly communicate with executive management and fellow directors using personal email, according to a study by Diligent. Nearly half (48 percent) use personal PCs and laptops to download company documents. And 22 percent store these documents long term on their devices.

“The biggest risk are the people with the least amount of cybersecurity training,” said Schindlinger, pointing to board members and senior executives.

It’s not uncommon for what seem like trifling digital and physical documents to contain sensitive corporate information that hackers would find valuable to steal and sell. “Any piece of data is potentially lucrative to a bad actor — the home addresses and phone numbers of board members can be used to exploit the organization and them,” said Schindlinger.

Pushing Back

Both Solonski and Schindlinger offered several recommendations on how a business can reduce its appeal to hackers. “Think like a hacker,” said Solonski. “First and foremost, you want to understand the types of data the organization owns and where the data is located, and then take a critical eye to determine how a skilled attacker can navigate around InfoSec controls to get to it and fulfill his nefarious purpose,” he said.

Board directors and senior executives might ask their security leaders questions like: Would a hacker perceive the company as a relatively easy target? Which types of information does the business have that would be of significant value to an attacker? Where does this data reside? Who has access? And how is it protected? Does the organization maintain layered controls throughout the environment, or does it just have a strong perimeter, leaving its “soft core” to be accessed via a “back door” planted by a malicious insider or through social engineering?

Vulnerabilities revealed by these questions need to be strengthened, Schindlinger said. And it is up to board directors to take action. “They have a fiduciary obligation and duty of care to ensure the organization is not put on a hacker hit list,” she said. “My advice (to the board) is to establish a policy that stipulates the behaviors they must uphold as board members, and have each member sign off on the policy.”

Some stipulations may be simple, like not using unsecured personal email or shredding paper documents that contain sensitive business data. “You wouldn’t believe how many board members write down proprietary information in a notebook that they can’t find afterward,” Schindlinger said.

The company’s chief security officer should be present at board meetings to present a brief overview of the organization’s cyber risk readiness, she said. Another good idea is to simulate once a year how the business continuity plan will be executed in the event of a data breach.

Board members have good reason to take such measures. If the organization’s data is stolen because the company was perceived as an easy target, “they are the ones who will be held responsible,” said Schindlinger.

Russ Banham is a Pulitzer-nominated business journalist and author who writes frequently about cybersecurity.

Biggest Mistake: No Employee Non-Compete Clause, Says BlackLine CEO Therese Tucker

By Russ Banham

Chief Executive

Therese Tucker is the rare woman in technology to have founded a successful technology company and brought it public. The CEO of BlackLine, a provider of automated finance and accounting software now worth in excess of $1.5 billion, is esteemed for her enlightened entrepreneurship, software programming savvy, and nurturing leadership qualities.

Broad-minded and compassionate, Tucker sports pastel-pink hair and a mile-wide smile that makes her Los Angeles-based employees feel their CEO actually cares about them. She does. “Business should not be purely business,” Tucker opines. “Companies have a social obligation to care about the lives of people in the communities we serve with our products and services.”

Not surprisingly, Tucker created Blackline’s account reconciliation software to make the lives of accountants less dreary and burdensome. She also undertook an initiative over the recent holidays to clothe more than 50,000 homeless people in the city. But it’s her business chops that really set her apart: She single-handedly programmed BlackLine’s initial products and guided its revolutionary concept of continuous accounting that nearly does away with the dreaded financial close.

Still, she’s as human as the rest of us. “I learned a really valuable lesson about the critical importance of legally sound contracts with employees, one that I will never forget,” says Tucker, shaking her signature pink hair.

The lesson was this: BlackLine gave birth to a competitor. “In California, you’re not allowed to ask an employee to sign a non-compete contract, which are banned,” Tucker explains. “The mistake we made was not having specific clauses in our employment contracts regarding confidentiality and reusability. Regrettably, an employee in our sales group had access to our source code in her laptop. She outsourced the code to India, created a competing product, and sold it.”

BlackLine had little recourse to do anything about the situation, other than take it in stride and double down on making innovative finance and accounting software products to best the competition. The company also retained sharp legal minds to devise crystal clear and enforceable employment contracts on a state-by-state basis.

The tactics worked, helping BlackLine maintain and even enlarge its market lead. The company is one of four technology companies and the only one in its space to be listed as a leader in Gartner’s Cloud Financial Corporate Performance “Magic Quadrant.” “Having good legal counsel and solid contracts with customers and employees pays dividends down the road,” says Tucker.

Once burned, twice shy.


By Russ Banham

Beginning January 1, 2018, health care facilities will need to comply with new annual testing requirements of their fire and smoke doors. The new rule from the U.S. Centers for Medicare & Medicaid Services (CMS) cover the installation, care and maintenance of many types of doors and assemblies.

Although compliance originally was set for July 5, 2017, CMS extended the deadline to 2018, due to substantial health care industry questions and pushback. Given the broad sweep of the new rule, which harmonizes with NFPA 80 (the National Fire Protection Association’s standard for fire doors), the extension bought much-needed time for hospitals to prepare accordingly.

With the deadline nearing, health care facilities are confronting the harsh realities of complying with “an extremely complex regulation” that requires “substantial hospital actions,” says Kirk Kaiser, owner of Barrier Compliance Services, a nationwide containment contractor and Grainger’s exclusive national partner for fire and smoke barrier solutions. “Compliance is not a walk in the park.”


The new rules for fire and smoke doors recognize the unique nature of a health care facility. In the event of fire or smoke, expeditiously evacuating patients is a difficult life-and-death challenge, given the medical condition of patients who may be immobile, hooked up to life-sustaining machinery, or require wheelchairs or wheeled gurneys to be relocated. “Fire and life safety in a hospital is the most critical of any type of structure requiring evacuation,” Kaiser says.

Consequently, the emphasis is on protecting patients from fire and smoke while they are in the hospital. To do this, hospitals are physically compartmentalized to ensure a fire does not travel from one area to another. “Each room is blocked off from other rooms, with a different set of safety precautions required for each of these environments,” Kaiser explains.

Each room is composed of different components like a ceiling, floor, walls and door(s). Since fire doors open and close, they are part of a building’s passive fire protection system. Generally they are not constructed with the same degree of physical strength and integrity as the walls and ceiling. And, unlike other components, doors are in constant motion, which can cause problems later.

Although a fire door will securely fit its enclosure at the time it is hung, the constant opening and closing of the door weakens the hinges and door closers, making the fit less secure over time. “Doors are the weak link—they’re one of the biggest dangers when it comes to fire risks in a hospital,” Kaiser says. “Not surprisingly, CMS was concerned that hospitals were not maintaining the doors to the degree they needed to be maintained.”


NFPA 80 may contrast with local municipal fire codes, in some cases sharply. Each municipality’s fire code is unique, given the singular nature of the location, such as a dense urban center. Permits for construction and renovations reflect these nuances in the local codes. Consequently, a single health care facility has two sets of rules with which to comply—federal and local.

“A 10-story hospital that is renovating its second floor would need to go to the local municipality and submit the architect’s plans, which are evaluated according to the city’s fire code,” says Kaiser. “In such cases, the city doesn’t care what the NFPA code might be. But the hospital has to care.”

There are other contrasts. For example, municipal requirements for fire walls in which the fire doors reside typically fall under the International Fire Code 703.1. The code, which addresses the ongoing maintenance of a hospital as opposed to new construction, requires a formal inspection by a fire marshal each year. “When you turn to the new CMS code on this subject, the rules are vague, requiring inspection every one to three years,” Kaiser says.

Another complication confronts health care systems with hospitals located in multiple municipalities and states. In one municipality, the facility may be bound by less stringent municipal fire codes from 2006, whereas in another region it may have to comply with a stricter building code from 2009. “The multiplicity of different municipal codes makes it tougher to achieve a consistent approach toward implementation and (regulatory) compliance,” Kaiser says.

Health care facilities should always defer to the highest fire safety standards, he advises. “Err on the side of the most restrictive,” says Kaiser. “If a city does not require a door to be put in a hallway, for instance, but NFPA does require this, then the best practice is to put the door in. If the municipality wants a fire extinguisher positioned every 100 feet and NFPA wants them every 80 feet, position them every 80 feet.”


The new rule places enormous administrative and other burdens on the shoulders of hospital building and maintenance staff. According to Kaiser, a typical 800,000 square-foot hospital has approximately 1,000 fire doors. Under the new CMS requirements, the facility has to conduct a fairly intensive formal 11-point visual and operational test verifying that each door adheres to the NFPA 80 fire code. Among the 11 items in this list are:

  • No open holes or breaks present on surface.
  • Intact glazing in place.
  • Doors, frame and hardware secured and in working order.
  • Door clearances within required specifications.

If the inspection indicates problems that may create a fire hazard, hospitals are required to resolve the issue. “Under the prior CMS standard, it took eight hours to conduct a visual and physical inspection of the doors and barriers,” says Kaiser. “We’ve calculated that it takes about 15 minutes per door to complete the inspection under the new CMS standard. That adds up to 15,000 minutes, or 250 hours. And that’s just for the inspections.”

Thereafter, the facility must address the rule’s reporting requirement—documenting the inspection and follow-up repairs pertaining to each door. “Previously, you could write up all 1,000 doors in a one-page summary,” says Kaiser. “Now you have to respond to each door across the 11 point verification, specifying in writing the steps the hospital has taken or will take to satisfy each point.”

In many cases, this can add up to hundreds of pages, he says, while the repairs “can take months to get all the doors up to snuff.”

For example, the new rule requires that the gaps around a swinging door in a closed position be a maximum of 3/8ths of an inch at bottom and 1/8th of an inch between the door and frame. “In a hospital environment where people are constantly running equipment and carts into the swinging doors, they’re continually out of whack,” Kaiser says. “Maintaining the doors to such high tolerances is a constant battle.” This high volume of traffic also affects the integrity of the door hardware. “A door closer rated to withstand one million cycles may need to be replaced in a year,” he adds.

Many hospitals are finding that the tasks required to address the new regulation are too complex, time-consuming and onerous to handle. In such cases, it may be prudent to outsource the work to experts like Barrier Compliance Services and Grainger.

“We can educate the marketplace about their responsibilities through webinars and our publications and account managers,” says Kaiser. “That’s just the first step and it is highly advisable. But we also offer a turnkey solution in which we will take responsibility for the inspection, repairs, training, and reporting, ensuring compliance.”

With the clock ticking toward the deadline, expert advice may be exactly what is needed.


The Price of Protectionism

To defend some domestic industries, President Trump is ready to slap tariffs on foreign producers. But has he weighed the costs to the wider economy?

By Russ Banham

When it comes to trade protectionism, Isaac Newton’s third law of motion is instructive: “For every action, there is an equal and opposite reaction.”

President Donald Trump’s repeated calls for stiff tariffs and quotas against Chinese, South Korean, and other foreign companies that are allegedly dumping their products on U.S. shores sounds all the right patriotic notes. Until, that is, as history shows, foreign countries retaliate in kind.

Powered by the appeal of his “America First” platform, the president has waved the flag to promote the idea of protecting a number of industries against predatory foreign competition. He has also suggested withdrawing the United States from the North American Free Trade Agreement, much like he earlier pulled out of the fledgling Trans-Pacific Partnership.

Trump is far from the first president to vigorously support strong U.S. trade policies. Barack Obama and George W. Bush slapped high tariffs on Chinese tires and foreign steel imports, respectively. The difference is Trump’s jingoistic rhetoric — a “win-at-all-costs” attitude that assumes other countries will cower and capitulate. His stance also seems to ignore the reality of multinationals’ reliance on global markets.

If the president deems it necessary to dissolve free-trade agreements and set tariffs on some large industries, it will mark a significant break with the country’s past. “Since the Great Depression, we’ve had a gradual policy shift from the protectionist trade policies of the Smoot-Hawley tariff toward freer trade that eventually culminated in the World Trade Organization,” says Doug Irwin, a professor of economics at Dartmouth College. “We’d be going backward in time.”

The moves might also cause prices on many goods to jump, forcing consumers to rein in spending. The drop in spending, theoretically, would slow the economy and lower corporate revenues and profits.

Although all that is a ways from happening, the next few months are a critical juncture: The White House will be deciding whether to actually impose penalties recommended by the U.S. International Trade Commission (ITC) on some foreign competitors. Says Scott Linicome, an international trade attorney and adjunct scholar at the Cato Institute: “We’re at the cliff’s edge.”

Turning Up the Heat

With its America First rhetoric, the Trump administration seems to be ignoring history. American trade protectionism has regularly failed to help the industries and workers that the government was trying to protect, says Linicome. “The trade protectionism the president favors increases the prospect of retaliation by foreign countries, harming import-dependent U.S. companies,” he explains.

Domestically, someone must pay the piper when tariffs are imposed on importers. For example, the overall economic cost of U.S. trade protections against steel imports from the 1990s to the early 2000s was close to $2.7 billion, in Linicome’s estimates. Since U.S. steel-consuming industries employed between 40 and 60 workers for every single steelworker, the jobs preserved in the steel industry were vastly outnumbered by job losses in the industries using steel. The harsh protectionist measures were challenged by the World Trade Organization and removed in 2003.

In other words, what’s good for one industry is not always good for the wider economy. A current case in point is the U.S. solar industry.

Two bankrupt solar panel manufacturers, SolarWorld Americas and Suniva, have petitioned the federal government to impose tariffs on Chinese-made solar panels. They allege that Chinese companies are dumping their products on U.S. soil—that is, selling the goods below their actual cost in order to steal market share. The U.S. manufacturers have requested a minimum import tariff of 32 cents per watt for solar modules and 25 cents per watt for solar cells. That’s just a few cents less than the current per-watt costs, so it’s a significant levy. The petitioners are also seeking a minimum price on panels of 74 cents a watt, nearly double their current cost.

The ITC, a quasi-federal agency that determines the impact of imports on domestic industries, weighed in on the subject in September 2017. Its four current members unanimously concurred that Chinese solar panel imports had caused “serious injury” to domestic producers. In mid-November, the ITC presented its tariff recommendations to President Trump, who has until January 12, 2018, to decide whether to impose the levies.

More than two dozen U.S. solar manufacturers have gone belly up since 2012, so there’s a good chance the president will take some action in the name of domestic producers. But most of the solar industry opposes government intervention, which would drive up consumer prices for solar energy, causing the volume of solar installations in the United States to plummet.

“Chinese solar makers are not flooding the U.S. market by dumping products at unfair prices — they’re meeting American demand for solar,” asserts Abby Hopper, president and CEO of the Solar Energy Industries Association. “The petitioners went bankrupt of their own account.”

Hopper maintains “the vast majority” of U.S. solar companies are thriving, growing revenues 98% in 2016. Those companies are projected to triple in size over the next five years. “If the [petitioners] get what they want, it will double the price of solar, which will reduce demand by more than half,” Hooper says, and could result in 88,000 lost jobs. An entire industry, economists claim, would lose traction at a time when the build-out of solar infrastructure is in its nascent stages.

Splish Splash

President Trump also is considering imposing tariffs in a more mature market: washing machines. In a petition filed by appliance maker Whirlpool, the ITC unanimously agreed that two South Korean washing machine manufacturers — Samsung and LG Electronics — were causing “serious injury” to Whirlpool. In early December, the ITC will decide what specific tariffs or quotas it thinks should be implemented.

In both the solar and the washing machine cases, the ITC reviewed the petitioners’ claims through the lens of Section 201 of the Trade Act of 1974. This “safeguard” law offers broader protections to U.S. companies than the 1930s-era antidumping and countervailing duty laws.

Whirlpool declined requests for an interview, but in published reports the company insists Samsung and LG have an unfair advantage. A more level playing field would help the company sell more washing machines, resulting in the hiring of an additional 1,300 employees, Whirlpool says. The South Korean manufacturers have demurred, attributing Whirlpool’s declining sales to its washing machines’ inferior design and a shift in consumer preferences.

There is some truth to this argument. “Whirlpool has lagged behind in terms of meshing the Internet of Things (IoT) with its products, whereas Samsung and LG have excelled in this space,” says Robert Hartwig, an associate professor of finance at the University of South Carolina.

If Whirlpool is not meeting demand for Internet-equipped products, that’s a problem. Many consumers, particularly those in the tech-savvy millennial generation buying their first residence, are “looking for smart kitchen appliances and other products that integrate with the rest of their homes,” Hartwig says.

Whirlpool’s attestation that it won’t be able to hire more employees without trade protection is likely true, but that doesn’t mean overall U.S. employment will suffer. Both Samsung and LG have announced plans to build factories in the United States that would more than make up for Whirlpool’s hiring loss.

“It’s hard to take Whirlpool’s claim [that] it’s a victim,” says Laurence Kotlikoff, professor of economics at Boston University. “Just because it used to dominate the domestic market doesn’t mean it deserves to continue to dominate. With that kind of logic, we should slap stiff tariffs on foreign agricultural products because half the country used to be employed in the agricultural industry and only 2% are employed in it today.”

Hartwig contrasts Whirlpool’s claims with longstanding arguments made by the U.S. steel industry about foreign competitors. “It’s difficult to see how in the kitchen appliance space — where consumers spend quite a bit of time in their purchasing decisions — foreign companies are dumping products,” he says. “These are differentiated products, not cheap undifferentiated steel from China.”

Does the U.S. steel industry need trade protection? “Big steel companies like to complain that cheap foreign steel is the problem, when the real problem is small domestic mini-mills using scrap metal to make steel,” says Dartmouth’s Irwin. The mills mostly produce carbon steel used in automobile manufacturing, construction, and consumer products. “These mills are close to their customers and are more nimble and efficient,” Irwin says.

Steel imports aren’t taking away the industry’s market share, he asserts. “You could stop all the imports you want, and the big steel firms would still face tough competition.”

If the president imposes stiff trade protections on steel imports, economists expect a reprisal by China and any other countries caught in the squeeze. “When you move in the direction of unilateral protectionism via Section 232, the likelihood of countermeasures restricting American companies’ businesses in affected foreign nations increases,” Linicome says.

In addition, the United States already has numerous restrictions placed on foreign steel. Of the 373 trade barriers the country had in place at the end of 2016, Linicome says, more than half (191) involved foreign steel. “We don’t need higher tariffs or quotas on steel imports,” he insists. “Go that route and it will simply result in higher prices for American industries reliant on steel, which is a lot of industries.”

Irwin concurs: “A lot of steel users are saying, ‘Wait a second—if you help these guys [like Nucor], you’re just going to hurt us. Where’s the fairness in that?’”

Open for Business?

Such “wait a second” instances aren’t confined to steel imports. If the Trump administration exits NAFTA, Midwest farmers and U.S. automotive suppliers that export to Mexico will incur tariffs that, for the most part, do not exist today. “There’s always a tradeoff in the politics of trade,” says Darmouth’s Irwin, author of the book, “Clashing Over Commerce: A History of Trade Policy.”

Ironically, Trump’s proposal to rewrite NAFTA in the country’s favor has little support from domestic business leaders. The U.S. Chamber of Commerce has promised to send an army of lobbyists to Capitol Hill to persuade Congress to preserve the agreement. Another group, the Trade Leadership Coalition, in November began airing pro-NAFTA advertisements in nine states that Trump won in 2016. The U.S. and other NAFTA members recently held the fifth of seven scheduled rounds of talks about the 23-year-old treaty. Unfortunately, Congress does not have the power to save the treaty.

The White House also has a lot of power when it comes to trade fights. The ITC is considered a fair broker when it comes to examining trade issues and executing the law, but the larger geopolitical dimensions of the commission’s recommendations must be weighed by a sitting president. Given Trump’s staunch nationalism, geopolitics is likely to be a secondary concern in his tariff determinations.

If Trump rules in favor of unilateral trade protections and sky-high tariffs, other industries looking for market-share fortifications will come knocking on the ITC’s door. “Many past presidents were unsympathetic to domestic industry and turned down the ITC’s proposals for relief,” says Irwin. “Now we have an administration that is inviting these petitions, sending a message to other industries that ‘We’re open for business.’”

So, what’s the solution? “Instead of taking protectionist measures, government and industry need to develop policies to help workers prepare for disruption and quickly adjust to it afterwards,” says Linicome.

Another suggestion is to let the WTO perform its key functions as a forum for trade negotiations and adjudicating trade disputes. The organization defuses political tensions and comes up with “reasonable ways of deciding if a country’s trade policies are in conformance with agreements or violate them,” says Irwin.

The Trump administration has hinted at ignoring or leaving the WTO, the organization through which 164 countries, including China, have agreed they want to resolve trade disputes. A U.S. departure could cause other countries to follow suit and leave a proven system in tatters.

“If we kick aside the WTO, the future of the United States as a global competitor is in jeopardy,” Hartwig says. “There is no way the country can go it alone in a political, social, or economic context.”

Yet Trump seems determined to move the nation toward bilateral trade deals that favor the United States. Or worse. Many domestic producers would love steep tariffs slapped on goods imported from other countries, Kotlikoff says, but that would be unwise. The U.S. economy is currently 16% of the world economy and, he contends, headed to 5% by the end of the century. “This is not the time to seek unfair advantage over global competitors,” he says.

Russ Banham is a veteran financial journalist and author and a longtime contributor to CFO.

High-Flying Maneuvers

The U.S. Commerce Department takes action over Canada’s subsidies to jet maker Bombardier.

The big question for some is not the likelihood of tariffs, but how high the levies will be. In this regard, the decision by the U.S. International Trade Commission (ITC) to impose preliminary antisubsidy duties on Canadian aircraft manufacturer Bombardier may be illuminating.

Here’s the backstory: Rival American manufacturer Boeing accused the Canadian government of unfairly subsidizing Bombardier’s C Series jets, dumping the aircraft at a price well below production costs. Canada is accused of offering billions of dollars in loans, equity infusions, grants, and tax credits to Bombardier.

The U.S. Commerce Department retaliated with a stiff 219.63% countervailing duty on the jets. The duties are subject to the ITC’s review, hence their “preliminary” status. The ITC is expected to provide its recommendations in early 2018.

The size of the duty took many economists by surprise. In effect, it would triple the cost of C Series aircraft sold in the United States. In a statement, Bombardier called the proposed duty “absurd.”

Meanwhile, Newsweek reported that Boeing has received substantial government subsidies: $457 million in federal grants, $13 billion in state and local subsidies, and nearly $64 billion in federal loans and loan guarantees. That makes Boeing’s complaint that Canada is unfairly subsidizing the C Series jets seem hypocritical.

As Dean Baker, co-director of the Center for Economic and Policy Research, puts it, “You can’t define protectionism as the things you don’t like.” — R.B.

Spooked: How CEOs Are Handling Their Cash Differently

By Russ Banham

Chief Executive

Nearly a decade of bullish business has brought surging employment, resilient stock market indices and swelling consumer confidence. It also has created an unfamiliar issue for many CEOs: What to do with all that cash?

“There’s no shortage of money for CEOs,” says CEO Jeff Pedowitz of consulting firm The Pedowitz Group. “The big question is where to put it.”

Should the bounty be invested in acquisitions? A new headquarters? In product development or geographic expansion? New equipment? Or some other high-priced plan to increase revenue and market share?

The answer for many CEOs these days is none of the above. With nightmares from the Great Recession still fresh in their minds, many are choosing something a bit more hum-drum, like making their organization’s operations more efficient and resilient. Rather than bold bets, they’re carefully weighing their options and making more judicious, conservative wagers. In this period of economic resurgence, business’s Lost Decade still haunts their decision-making.

“As a CEO whose company has taken a while to come out of the recession, I’m frankly still in a state of considering that it might happen again,” says Therese Tucker, CEO of publicly traded BlackLine, a leading financial and accounting automation software firm. “Sure, our financial situation has improved dramatically, and there’s lots of capital to invest. But I’m not going ‘whoo-hoo,’ let’s go spend money!”

Instead, CEOs are looking internally at moves that will make operations leaner and less capital intensive. “I don’t want to spend a lot of our capital on moving into a new region and have to shut it down in a year, or to start a project with a lot of ongoing cost that it turns out we can’t finish because of reasons outside our control,” explains Tucker. “Investments in more efficient operations are sustainable. They’re not going to cause me pain later, when the economy inevitably turns south.”


This is not to say CEOs lack the intestinal fortitude to make big bets on new products, acquisitions and geographic expansion. It’s just that the surprising ferocity of the financial crisis and subsequent recession is tough to shake. Once burnt, twice—okay, maybe more than twice—shy.

“When a downturn happens, it usually happens fast,” says Gaurav Dhillon, CEO of data integration software firm SnapLogic. “Economic upswings don’t last forever, and few people can predict when things will cool down. While CEOs should be aggressive during an upswing and strike while the opportunity is hot, we also need to exercise caution in making expensive decisions that lock us in.”

Such capital resource decisions are the ones that Tucker described, where companies have no way out if a big bet backfires. On the other hand, investments that improve operational efficiency, sales and marketing tactics and customer service are less risky decisions. The capital savings flow immediately to the bottom line to improve net earnings.

The challenge for many CEOs is the pressure placed upon them to increase revenues. “You’ll often hear that this particular CEO has a reputation for being a good capital allocator or not a good capital allocator,” says Tim Koller, a partner in management consultancy McKinsey & Company’s strategy and corporate finance practice. “Activist investors have influenced the language.”

With the economy riding high, investors expect CEOs to make big decisions capable of driving big jumps in shareholder value. Interestingly, many CEOs aren’t caving in to their demands. Stephen Hall, a senior partner and co-leader of McKinsey & Company’s strategy practice, reports that in the last five years, most businesses were no more active in their capital allocations than they were during the recession. “There are a whole set of challenges that [CEOs] face internally in doing what they know they need to do and what they’re being pressured to do,” he reports.


What many CEOs “need to do” and are, in fact, doing is investing internally in transformative digital and data cloud-based technology solutions that offer enhanced operational efficiencies. Purchased on a subscription basis from software vendors, these systems, platforms and applications also are seen as a way to relieve the financial impact of the next downturn.

“You’re insulated if the economy turns,” Dhillon explains. “The CEO isn’t saddled with all that technical debt from over-investing on expensive hardware. This goes instead to the vendor. The company has the option to simply stop paying the monthly fee.”

Many CEOs are dining at the table. “Last year, we eliminated more than 30 different on-premises technology solutions as part of our operational transformation,” says Pedowitz. “We’re using more and more cloud-based tools to do what we do better. It makes it easier and less expensive to run the business, making us more profitable.”

Other CEOs also are eyeing investments in cloud-based solutions. “The capital allocation opportunities on my plate that I find most interesting are all cloud-based,” says Dan McDade, president and CEO of PointClear, a provider of account-based marketing tools. “For instance, we’re experimenting with a cloud tool that gives us insight into the intent of a customer to buy our services. The technology uses algorithms to analyze a customer’s digital footprint to predict their possible interest in buying something.”

Wayne Johnson, CEO of Accuform, a manufacturer of industrial safety signs, tags and labels also reports betting on big data cloud solutions. The company just signed a subscription with Salsify, a provider of a content management platform in the cloud centered on improving online product page sales conversions.

“We’re loading all our data from multiple sources, including our ERP (enterprise resource planning) system, web system and manufacturing system, into the platform, which aggregates this big data to get our products into the market and within each sales channel faster,” says Johnson. “Whenever our customers are looking to shop, our product content is instantly put before them, resulting in a higher rate of sales conversions.”


Not that all traditional investment is being avoided. To be sure, plenty of money, talent and management attention are also going toward traditional capital expenditures. Mike Flaskey, CEO of Diamond Resorts International, a global vacation ownership company that sells timeshares, has digested nine acquisitions in the past six years.

“We’ve grown organically, but the bulk of our growth has been through strategic acquisitions,” says Flaskey. “In some cases, we’ve bought a hotel or an apartment complex in a destination location and turned them into vacation properties. In other cases, we’ve acquired a competitor. I’ve been very focused on opportunistic buys, given the economic rebound.”

Flaskey has also sought ways to make operations more efficient, recently investing in a cloud-based email system, employee recruiting system and team member email system. “As the business continues to grow, we are constantly evaluating cloud-based technologies to make every department run as smoothly as possible,” he says.

Accuform announced three strategic acquisitions in the past year, giving the company new markets, customer bases and manufacturing capabilities. “We’d wanted to make these deals for some time now, but didn’t have the cash,” says Johnson. “The last couple years have been very good to us, making the timing right.”

The company is also evaluating a proposal to build a new, all-concrete manufacturing facility. At present, it operates a campus of four separate buildings. “We’d like to consolidate into a single structure,” says Johnson. “We’re also in the Tampa area and got lucky with Hurricane Irma, hence our interest in a more reliable concrete structure.”

BlackLine will also shell out money when it makes sense. Last year, Tucker inked the largest acquisition in the firm’s history, acquiring Runbook, an EU-based provider of financial close and automation solutions to the SAP market, for approximately $34 million. “It was an important investment that made us both stronger on behalf of our respective customers,” she says.


The bottom line when it comes to allocating funds appears to be, well, the bottom line—higher net profits. Big bets with the potential to send revenues soaring and build a CEO’s legacy will continue to make news. Still, one can argue that OPEX has become more attractive than CAPEX.

“This was the first year we didn’t have ‘sales growth’ as part of the strategic plan,” says Johnson, whose company chose to invest in a cloud-based sales order automation tool. “Even though we already run a lean company, we wanted to challenge people here to control their budgets even better. And it has resulted in nearly doubling our profits from the same period last year.”

While their coffers are full, many CEOs are willing to risk only so much of their hard-earned capital—and planning to do so conservatively. “That recession we came through was stark,” says Tucker. “Those of us that made it through don’t have short memories. Things look great right now, but we live in uncertain times. And when times are uncertain, you keep a close eye on your bank account.


*Still skittish from the Great Recession, CEOs remain cautious about spending.

*There’s a growing appetite for less capital-intensive investments in boosting operating efficiency.

*Cloud-based solutions are increasingly attracting interest—and cash.

*CEOs are still pursuing strategic acquisitions—when the timing and terms are right.

Smoothing the Claims Process

Centuries-old claims management processes are undergoing rapid transformation, as dozens of startup insurance technology firms drum up a resounding variety of process enhancements to reduce carrier costs, improve insurer-client relations, and generate higher customer satisfaction and retention.

“People expect instant service,” said Robert Hartwig, an associate professor of finance at the University of South Carolina’s Darla Moore School of Business. “Carriers that fail to heed or fall behind their competitors in improving claims management are at risk of losing their customers to those insurers that do.”

Fortunately, U.S. carriers have an expanding array of digital technologies to choose from in transforming claims management, giving them the opportunity to reduce overall loss adjusting costs, which reached $61 billion in 2016, according to a recent report by Willis Towers Watson (WTW) and CB Insights on the InsurTech claims market (“Quarterly InsurTech Briefing Q2 2017,” July 2017, using SNL data). Globally, the figure is about $177 billion, WTW and CB Insights estimate, applying the U.S. LAE ratio of 12 percent to global premiums ($1.5 trillion, according to research from Munich Re).

Novel solutions are being developed at a breakneck pace, given the financial value of first-mover status—a good-sized share of the global property and casualty claims management market. Crawford estimates the outsourced P/C claims market to be roughly $16 billion globally, or only 9 percent of global LAE, the report notes.

“The claims experience represents a customer’s most meaningful interaction with their insurer and demonstrates the true value of the underlying insurance product,” the report says. “Historically, this hasn’t always been a positive experience.”

The startups are aimed at altering the status quo. We interviewed a half-dozen of the firms, each with an innovative (yet different) product designed to improve claims management. Here are their stories:

360Globalnet: Focusing on Policyholder Self-Service

360Globalnet began with a goal of overcoming the frustrations inherent in filing a claim. As many consumers and owners of small businesses will attest, the process is time-consuming and complicated, with far too many back-and-forth interactions.

In examining these issues, 360Globalnet decided to build its product with the customer in mind. “We enable self-service claims management capabilities for policyholders,” said Andrew Peet, the firm’s head of operations for the Americas.

Instead of a claimant picking up the phone and going through the traditional first notice of loss to the carrier, the firm emails or texts a link to the policyholder’s device of choice, which opens up a browser. “Using our app, they fill in a series of simple boxes instead of scrolling through endless screens,” Peet said.

As the claimant ticks off the boxes, this data is sent live over the Internet in a single stream to the claims adjuster, insurance carrier and agent. The app also guides the policyholder to photograph the damage and upload these images to the same parties. “On average, we’re able to reduce the time it takes to report the first notice of loss by two-thirds,” Peet said.

Once the loss is reported, the app routes the information to third-party contractors in specific ZIP codes, who compete in a reverse auction to take on the work of repairing the damaged house, car or business premises. “Once the claimant picks the contractor, the claim is filed, settled and paid within an average of 87 minutes,” Peet said.

360Globalnet’s solution is sold on an SaaS (Software as a Service) cloud subscription basis. The volume of processed claims determines the overall cost. The firm processes traditional personal lines and small commercial claims, as well as travel insurance and pet insurance claims. Its market runs the gamut from carriers and brokers to independent claims adjusters and reinsurers.

Schedule It: Making Work Easier for Adjusters

The inspiration for Schedule It struck in the aftermath of Superstorm Sandy. Rebecca Wheeling, an independent claims adjuster, was working at the time in Staten Island, which was hit hard by the disaster. She had been in the New York City borough for four months determining how much insurers should compensate claimants for their damaged homes.

“I was the fourth adjuster at this particular house,” she recalled. “The owner, a woman, was in a hotel room with her husband, two kids under the age of three and three dogs. They were physically, financially and emotionally drained.”

The previous claims adjusters had left the family in the lurch. “The first took photos but didn’t do the paperwork, the second said an engineer needed to inspect the house, and the third said the loss needed to go through the carrier’s staff adjuster,” said Wheeling. “I was there working cleanup.”

Wheeling wrapped up the claim in 30 minutes. The house had shifted off its foundation and was a total loss. “I told my husband, who is also an adjuster, we had to do something to make the process better,” she said.

That something was Schedule It. The couple developed a web-based tool that integrates the caseload sent to an independent adjuster by insurance carriers and then schedules each of the appointments on a Google or Outlook calendar. “In a catastrophe, the logistics and sheer volume of cases are overwhelming for adjusters,” said Wheeling, CEO and co-founder of Schedule It.

The solution schedules the adjuster’s appointments based on claim type and location, average inspection time, overall case volume, when the person starts the day, and when they need to be back in the office to do the paperwork. Among its other benefits, the tool is making a big dent in the time it takes for an adjuster assigned a claim to contact the policyholder.

“The average time right now is 56 hours; imagine the stress of someone enduring the worst day of their lives having to wait that long for the adjuster’s call,” Wheeling said. “Our ‘receive to contact’ time is 11 hours, on average.”

More than 180 carriers and 117 independent adjusting firms are customers of Schedule It, which launched in 2014. “We’re making the difference we had hoped to make,” Wheeling said.

Betterview: Seeing Is Believing

Dave Tobias grew up in the insurance business, working for his dad’s commercial loss inspection company since he was a teenager. Today, 45-year-old Research Specialists Inc. (RSI) employs more than 600 claim inspectors to assess the physical condition of commercial buildings. Three years ago, Tobias, who runs the business today, had an epiphany.

“The carriers kept coming to us wanting better information on commercial rooftops for underwriting and claims assessment,” he said. “We’d tried everything, including deploying painting poles with camera attachments, but we’d get maybe one or two blurry shots. We tried to get the inspectors to use ladders, but that’s dangerous, and in cities like Phoenix where it can be 120 degrees, it’s just not worth their time to climb up.”

Since insurers purchase the inspection reports, overlooking a pre-existing condition was not in the best interests of customers. That’s when the light bulb went off. “I’d heard about carriers testing drones for underwriting,” said Tobias. “I thought, ‘Why don’t we do the flying?’”

In 2014, he launched Betterview to do just that. The firm has assembled more than 4,000 drone pilots in its network to survey the rooftops of commercial buildings. “The carrier provides the address; we send the pilot, the drone and the software to do their thing; and then we provide the report for a fee,” Tobias said.

Alternatively, the carrier can license Betterview’s drones and software on a subscription basis. The software is integrated into drones from DJI Drones, which manufactures a wide variety of unmanned aerial vehicles, from mini-drones to much larger and more sophisticated drones that can travel to roofs in sub-zero temperatures. “The more they innovate, the better for us,” Tobias said.

Each drone takes two sets of images—at 150 feet to create an orthomosaic map (a grouping of overlapping images of a defined area that come together as a true-scale map) and at 5-8 feet to zero in on potential damage. The different heights also allow for enhanced 3-D visualization. “We’re able to capture on a very granular level every square inch of a roof,” Tobias said.

Betterview’s website states that its drones have inspected nearly 300 million square feet of rooftops. “We’ve got hundreds of drones right now surveying the damage caused by Hurricanes Harvey and Irma,” said Tobias. “We’re giving carriers better data to make better decisions, speeding up the claims process and reducing claims fraud.”

ViewSpection: App Snap Inspections

ViewSpection is another InsurTech startup with a unique value proposition, in its case putting the policyholder in the shoes of the home inspector. Such carrier-employed and third-party inspectors are tasked with assessing the integrity of a property prior to binding the insurance.

What’s wrong with this traditional procedure? “You’ve got some stranger walking around your home asking all sorts of questions, requiring that you take time off from work to give them a tour,” replied Jim Gardner, co-founder and CEO of ViewSpection. “Why do that when you don’t have to?”

Using the company’s app, a homeowner or businessowner snaps interior and exterior pictures while responding to a series of simple multiple-choice questions that “capture 80 percent of the 20 percent of issues that result in 80 percent of insured losses,” Gardner said. “The images and answers are then uploaded into a report that looks like something a professional inspector put together.”

“When a business or residential property is damaged, the adjuster now has a deeper set of data to analyze,” he said.

Insurance companies are the primary market. “Typically, a carrier would offer the tool to their agents, who would offer it to policyholders, who would upload the data to the claims adjuster,” said Gardner, a second-generation loss control specialist who designed the app, retaining a software development firm to build it.

ViewSpection was launched in early 2017 and funded by the Global Insurance Accelerator, an organization composed of insurance carriers that provide seed money, mentorship and other support to innovative InsurTech startups. “We’re in the contract phase right now with several carriers of all sizes across the country,” Gardner said.

In the meantime, the firm is developing a second-generation app embedded with artificial intelligence and image recognition. The app will instantly identify pre-existing defects in the images sent by policyholders for underwriting purposes and actual damage for claims purposes, removing the need for people to assess these issues.

Snapsheet: Making Car Repair Estimates a Snap

Brad Weisberg was in a pretty bad auto accident in Los Angeles in 2010. Fortunately, no one was injured. He took the damaged vehicle from one body shop to another, collecting various estimates to get the best price. Unfortunately, the estimates differed widely on what needed to be fixed and what it would cost. “There’s got to be a better way to do this,” Weisberg thought.

The contemplation led to the development of Bodyshop Bids, a consumer-focused app that collects estimates from repair shops based on photographic evidence of the damage. Business did not take off as Weisberg had hoped. “Brad realized pretty quickly that consumers weren’t a great market, since insurance carriers managed the repair process for 90 percent of damaged autos,” said Andy Cohen, chief operating officer of Snapsheet.

Weisberg rebranded the Bodyshop Bids business as Snapsheet, which markets the app to auto insurers, which in turn provide the app to policyholders. The app guides the claimant to take specific pictures of the damaged vehicle that are uploaded to Snapsheet’s platform, which appraises the damages. If the policyholder elects to have the car repaired, the data is sent to an assortment of local repair facilities that are members of Snapsheet’s network of 35,000 licensed shops.

What’s unique is that the shops don’t estimate the damage. Snapsheet’s more than 200 licensed appraisers do it, instead. “Policyholders simply pick the one they prefer to work with,” Cohen said.

More than 400,000 appraisals for more than 50 different insurance carriers have been conducted in the past year, resulting in more efficient customer service, he said. “Adjusters that used to drive around appraising more than 30 cars a day can stay at their homes and review the case files online,” he added. “We’re taking the friction out of what used to be a pretty miserable experience.”

Tractable: Sifting Through Outrageous Estimates

Like Snapsheet, Tractable is focused on car repairs, albeit with a different value proposition. Launched by a team of machine learning researchers in 2015, Tractable applies artificial intelligence and image recognition to photos of damaged vehicles to check the accuracy of repair estimates. “With the right algorithms and data, computers can perform these tasks better than a human,” commented Alex Dalyac, co-founder and CEO of Tractable.

Up until recent times, people visually determined the damage to a physical asset—the case with a mechanic surveying a smashed car. Using image recognition software and sophisticated algorithms, the damage can be assessed without human involvement. “Based on the pictorial data, the algorithms can estimate the cost of parts and labor, resulting in more accurate and faster repair estimates,” Dalyac said.

Tractable owns the world’s largest dataset of images of damaged cars along with their repair estimates, he maintained. Each year, this data increases by billions of images, which are uploaded by appraisers, adjusters and body shops to an insurer’s claims management system. “Our carrier customers send the repair estimates to us in the cloud,” said Dalyac. “It takes just a second for an insurer to have a pair of ‘expert eyes’ on every single claim.”

Up next is consumer self-service, whereby the owner of a damaged vehicle takes photos based on a web link sent by Tractable, thus eliminating the repair shop from the estimating process. Said Dalyac, “We’re in a proof-of-concept stage right now.”

Tip of the Iceberg

As these various technology solutions illustrate, much excitement surrounds the opportunity to improve the life cycle of claims management functions. Dozens of other InsurTech startups are similarly targeting process enhancements that reduce carrier costs and increase administrative efficiency. Best of all, policyholders can expect a future in which the claims check arrives on time.

Why Treating Your Contractors Like Permanent Hires Will Help Your Business

By Russ Banham


Rapid growth in the contingent workforce — a category comprising a wide range of nonsalaried, freelance specialists and independent contractors — is compelling many businesses to rethink how to integrate these individuals into company culture.

Motivating them may be enlightened self-interest.

“Oftentimes, nonsalaried employees — like contract workers — are treated as second-class citizens, which is certainly no way to ensure workforce cohesiveness, engagement and productivity,” said economic anthropologist Cecile Alper-Leroux, vice president of human capital management innovation at Ultimate Software. “Employers must treat all workers with inclusiveness, making them feel they’re as much a part of the organization’s success as their full-time equivalents.”

Today’s Gig Economy

Much has been written about the importance of a company’s culture, mission and value proposition to engaging employees in their tasks. Yet many businesses fail to carry these same messages forward to contingent workers, despite the tremendous growth in the number of these nonsalaried employees.

According to the most recent estimates by the U.S. Government Accountability Office, contingent workers make up 40.4 percent of the domestic workforce . GAO defines this group as independent contractors who provide a service or product; part-time, self-employed or contract company workers; agency temps; and on-demand laborers who rotate in and out of companies as needed.

Companies may hire contingent workers for diverse reasons, such as to staff a short-term project. Or they may want to avoid contributing to Social Security, unemployment insurance and workers’ compensation. They also may want to save money on healthcare, sick leave, overtime and paid vacation time. These expenses can add up to as much as 1.4 times the salary of a full-time employee, according to the MIT Sloan School of Management.

A Unified Workforce

“We used to call this the extended workforce, but that no longer describes the breadth of the phenomenon,” said Josh Bersin, founder and principal of HR consulting firm Bersin by Deloitte.

Over time, contingent workers have come to represent more than 4 in 10 employees. Freelance specialists and contract workers now perform creative tasks, IT jobs, and even sales and marketing responsibilities.

They have been called part of the “total workforce.” But even this moniker falls short.

“A much better description is the unified workforce, as companies today have such an extraordinary diversity of people in their employ, in terms of their racial makeup, sexual preference, gender definition, age and type of employment,” said Alper-Leroux. “They also have younger full-time employees who tend not to stay with the organization for the entirety of their careers.”

Indeed, the median job tenure for workers ages 20 to 24 is shorter than 16 months, according to the Bureau of Labor Statistics. People between the ages of 25 and 34 stick around for nearly three years. And all other full-time employees work around five years or longer.

“With so many people cycling in and out of the organization — both salaried and nonsalaried workers — the line between all types of employees is blurring,” Alper-Leroux said.

Know Thy Neighbor

The lines may be blurring between different types of workers, but not their treatment.

“Many independent contractors get a cursory view of the hiring entity, as opposed to a full-time employee who is brought in for training to learn the company’s history, meet the senior executives, hear about its mission and understand the culture,” Alper-Leroux said.

This differential treatment comes at a cost.

“Each contingent worker touches your product, customers and business processes in some way, with positive or negative effects,” Bersin said. “It is crucial to the organization’s success that business leaders understand how all their workers are treated.”

He described as “positive” the example of a client in the pharmaceutical industry that contracts out 40 percent of its research and development.

“They have days where they bring in [contractors] to share what they’re working on with the full-time employees,” Bersin said. “Everyone gets to know each other better and feel more connected to the company.”

Bridging The Divide

Such efforts are in the minority. Deloitte’s 2016 Global Human Capital Trends report indicates that, in a survey of 7,000 companies, more than 70 percent reported difficulty with integrating various types of workers into a unified workforce.

One reason is murky employment law. The Fair Labor Standards Act doesn’t specify the differences between full-time and part-time employment. Neither do the National Labor Relations Board, the Civil Rights Act, and the Employee Retirement Income Security Act, according to the U.S. Department of Labor. Each of these statutes draws the lines differently between full-time employees and independent contractors. The language is often “vague or circular … leaving them open to a broad range of interpretations,” the department stated.

Much clearer is the liability for employers that misclassify worker types in regard to employee benefits and salaried compensation. A wide range of penalties may be imposed, and the benefit plan may be disqualified.

“It’s great to have an integrated approach to the workforce, but management must also address the employment liability risks,” said Beth Roekle, president of North American operations for the staffing firm Advantage xPO.

“My advice is, if you’re going to invite nonsalaried workers to the company picnic, then pay them to come to the event,” Roekle said. “This way the distinctions are clearer from an employment law standpoint.”

Despite these challenges, Alper-Leroux said an inclusive strategy for all types of workers is simply the right thing to do.

 All people need to be treated with dignity and respect for their contributions ,” she said. “This is what real leadership is about.”

Russ Banham is a veteran business journalist and author who writes frequently about human capital issues.