Building Value With Trust
As they homed in on reasons they were spending enormous sums on workers’ compensation claims, managers at Honda of South Carolina (HSC) knew they needed to make some changes. The challenge was figuring out exactly where those changes needed to be made.
A 2007 audit of their workers’ compensation costs conducted by the company’s corporate parent, Honda of North America, helped move the ball down the field, according to managers Wendell Hughes and Lucinda Fountain.
One glaring red flag identified was the tendency of injured employees to contact attorneys right away, a move that is almost always certain to increase a claim’s cost and complexity.
“We were trying to understand what made them take that step,” said Fountain, staff administrator for associates risk management at HSC. “We felt from all the information we had gathered that we had a breakdown in our system.”
That breakdown turned out to be a fairly serious communications failure — a breakdown that started to occur immediately after an employee injury.
Company procedure up to that point had been that those who needed medical attention off-site were given rides by Honda security officers, according to Fountain and Hughes. After delivering the employee safely into the care of a medical provider, the security officer would return to the plant.
As for the claim itself, the company would let the employee know to expect a call from its third-party administrator, which would handle the follow-up from there.
Company representatives weren’t always available to attend workers’ compensation hearings, added Hughes, HSC’s environmental, health and safety manager. Those sessions were often handled by the third-party administrator as well.
Giving these practices a long, hard look made company officials realize that their level of involvement might unintentionally be sending the wrong message to employees, said Hughes. In considering potential changes, managers asked what they would expect if they were injured.
“To associates, it may have seemed as if we were putting up a defensive barrier, although that was never our intent,” Hughes said. Instead, HSC wanted procedures that reflected the company’s principles, which are rooted in a concern for employees’ well-being.
“The first 24 hours of that associate injury is going to make a big difference in how you manage that claim throughout the duration. So we try to do everything we can in that first 24 hours.” — Lucinda Fountain, staff administrator for associates risk management, Honda of South Carolina
“They’re truly an associate-centric company,” said Lynn Williams, managing director at Tennessee-based Sedgwick Claims Management Services Inc., which counts Honda as a client.
Today, Honda of South Carolina takes a personal approach from the moment an injury occurs. If employees need to leave the plant for treatment, a manager or other employee accompanies them — and stays with them until family members arrive and other needs are met, which could include bringing meals.
The company also begins educating employees about the workers’ compensation system immediately, letting them know the company will be a resource for helping them get care and navigating their return to work.
“The first 24 hours of that associate injury is going to make a big difference in how you manage that claim throughout the duration,” said Fountain. “So we try to do everything we can in that first 24 hours.”
The workers’ comp process can certainly be confusing, said Beth Osterholt, a client performance manager at Sedgwick. She serves as a liaison to Honda. Adding to the confusion sometimes is the uncertainty about the workers’ compensation system.
“If you have somebody there to support you,” she said, “it’s more comforting.”
Honda’s attention has focused not just on the first 24 hours, but also on the return-to-work process. HSC has identified numerous tasks that people can perform even if they are not ready to go back to their original positions at the plant, Hughes said.
Employees have handled administrative tasks, such as data entry for the training department, or sorting vehicle identification cards as they come off the production floor, Hughes said. “We don’t create jobs,” he said. “There’s always something somebody can do.”
Honda also began inviting doctors and other health professionals on regular tours of its facility, Hughes and Fountain said. The visits have made physicians more comfortable about allowing employees to engage in light or limited duty.
The difference is more than remarkable. The company recorded no costs for workers’ comp in the first nine months of 2014. But it’s showing up in less direct ways, too.
“We haven’t had an associate get an attorney in years,” said Hughes, noting that employees are readily cooperating with the company and returning to work more quickly.
The relatively hands-off approach that HSC used to follow is not uncommon, said Octavia Williams-Blake, associate vice president of occupational health at McLeod Health. Based in Florence, S.C., the health system works with many local employers, including Honda of South Carolina.
“We serve over 1,000 companies, and less than 10 percent actually send somebody here with the employee,” Williams-Blake said. “Very few of them stay.”
The corporate presence alongside injured employees provides several benefits, Williams-Blake said. It usually leaves employees with a better sense of what to expect from the workers’ compensation process, and they are less likely to call lawyers.
“That then helps reduce your overall costs as it relates to workers’ comp, but it also makes employees feel like you care,” she said.
There are other advantages.Company representatives hear firsthand from doctors about an employee’s injury and the expected treatment, Williams-Blake said. So employers spend less time tracking down physicians to confirm what they are hearing from employees, and less information gets lost in translation.
Still, she acknowledged, not every company has the resources to send someone along with an injured worker.
“They may see it as not productive. They’re losing somebody from the line, or they’re having to cover for somebody while they’re with the employee,” she said.
HSC has committed to the practice because they understand the value it brings for both the associate and the company. The proof is in the numbers: HSC’s claims costs have plunged by 93 percent since 2009. Medical costs are down by 87 percent.
In addition to increasing personal attention, Honda’s decision to bring doctors into its plant has made a positive impact, Williams-Blake said. Physicians tend to be conservative in their recommendations for return to work, and they often know little about working conditions beyond what employees tell them.
Knowledge of Honda’s operations allows physicians to make a more informed judgment about what a given employee will come back to in the workplace, Williams-Blake said. It’s also easier than reaching out after a doctor has made a decision a company doesn’t like.
“Have you ever tried to call an orthopedic surgeon and try to talk to them about a job? It’s tough,” Williams-Blake said.
Safety’s in the Details
Of course, the surest way to avoid those calls — and to avoid workers’ compensation claims in general — is to create a safe work environment. And that has long been a top priority for Honda of South Carolina.
Injuries are down, thanks to an aggressive approach to finding and fixing the causes of workplace accidents, Hughes said. The company recently notched 4 million hours without a lost-time injury, and six months without a recordable injury at its plant in Timmonsville, S.C., where more than 900 associates manufacture all-terrain vehicles and multi-use vehicles.
Nothing is too minor to escape attention.
About 10 years ago, for example, Hughes noticed a relatively large number of arm scrapes. He realized the preventive measure was close at hand: rolling down the long sleeves on Honda’s white uniforms.
He succeeded in implementing a policy requiring sleeves to be worn down. “You hardly ever see a first aid on arms anymore,” Hughes said.
Today, team leaders must accompany employees when they require first aid even for injuries that merit little more than a Band-Aid, Hughes said. The idea is to address the cause of the injury immediately.
“If you wait, a day later or two days later, everything changes,” Hughes said. But the conditions that triggered an accident may eventually return.
Another program, launched this year, underscores management’s commitment to a safe workplace. Every two months, managers closely examine a production process to look for anything that might cause a problem, Hughes said. The company president, meanwhile, undertakes semi-annual safety tours.
Employees also are committed to safety, a mind-set Hughes has observed from his office right off the production floor.
“I get constant foot traffic from associates coming in and wanting to understand a process or raise a concern. They’re very open about sharing their ideas,” he said, noting that he is especially happy to see employees fixing problems before he even learns of them.
“That’s when you know the safety culture is really taking root,” he said.
Read more about all of the 2014 Teddy Award winners:
Building Value with Trust: Honda of South Carolina boosted its involvement with injured worker cases, making a positive first impression on employees and health care providers.
The TLC Behind the Roar: A proactive and holistic approach to employees’ well-being has resulted in huge reductions in work-related injury claims for Harley-Davidson.
Quick to Act: Compass Group is lauded for its safety initiatives and for a return-to-work program that incorporates all of its business lines.
Healing the Healers: Teddy Award winner Cold Spring Hills Center for Nursing and Rehabilitation proved that even small organizations can make a huge difference in their employees’ lives.
Seeking Clarity for Cyber Cover
It was a black-or-white question: Do you have procedures for responding to allegations of a privacy breach?
But the answer was a shade of gray for the University of Wyoming, which was applying this year for its first cyber insurance policy.
“The answer might be yes, we have procedures, but they might be different for our two medical clinics than they would be for the accounts receivable department,” said Laura Peterson, chief risk officer for the university, in Laramie, Wyo.
Similar conundrums are confronting risk managers around the country as they apply for cyber coverage. Risk managers are finding that the cyber application process is more taxing than it is for traditional insurance — especially for organizations analyzing coverage for the first time.
It’s the difference between buying a couch for the living room, and trying to install a home wireless network that syncs with computers, televisions and stereos, said John Mullen, chair of the U.S. data privacy and network security group at the law firm Lewis Brisbois. “It’s just a whole different level of complexity.”
“From our experience, many cyber applications are not designed with the typical small to middle-market firm in mind.” — Reza Khan, executive vice president of ThinkRisk Underwriting Agency
Interest in policies has spiked over the last year, prompted by high-profile data breaches, including one that has cost retailer Target Corp. nearly $150 million to date. Insurance covered about $38 million of the total, according to the company.
When cyber insurance first emerged in the late 1990s, insurers sometimes hired third-party vendors to test the network security of organizations as part of the underwriting process. They also would schedule meetings with clients to review their cyber defenses.
Today, most insurers rely on applications boiled down as much as possible to yes-or-no questions. The forms serve as a handy checklist for cyber security efforts, according to brokers and insurers, but the answers don’t come easily.
“Many customers are very uncomfortable with that binary sort of yes-no response because it’s not 100 percent ‘yes,’ and it’s not 100 percent ‘no,’ ” said Greg Gamble, a director at Crystal & Company, a brokerage in New York City. “A lot of the time that we spend with clients is helping them pick yes or no, and then how to explain the answer.”
Companies, for example, worry about how an answer looks to the insurer, Gamble said. An application might ask whether a company outsources its information security management to a qualified firm. “What if you say, ‘no’? Is that bad?” Gamble said. “Maybe you have an employee who handles it.”
Risk managers also often have to hunt for the answers, whether from internal staff or external vendors. And colleagues in IT may perceive the application for insurance as second-guessing their efforts to protect data.
“I can understand why that would be a difficult pill to swallow,” said Anne Corona, managing director and U.S. practice leader for cyber insurance at Aon Risk Solutions. “But I think everyone understands that this isn’t a criticism, but an added level of protection, really, from a financial perspective.”
At the University of Wyoming, Peterson contacted the IT staff to lay the groundwork before she started lobbing questions. She explained that cyber coverage was not a reflection of the department’s work, but a necessary safeguard. And despite good intentions, accidents can happen, she added, just as they do in other university departments. An employee could click on the wrong link in an email, or lose a flash drive.
“We didn’t have any trouble getting them to help us complete the parts of the application that we needed their help with,” Peterson said, noting that she also needed assistance from administrators in other areas, such as finance.
One question asked for the percentage of revenue from credit card transactions, Peterson said. But revenue for a university is different than revenue for a business. Peterson put down 9 percent, and explained the sources of revenue, including state and federal funding.
Risk managers also must be alert to the ways a cyber policy could interact with their other policies and exclusions, brokers and insurers said.
“We want to give them as much information as possible,” she said.
Since their answers could come back to haunt them in a coverage dispute, risk managers and other insurance buyers need to take extra care.
“If they make a representation in an application that they have certain security measures in place and those security measures aren’t followed … or aren’t actually in place, then the insurance company could conceivably use that as a basis to avoid coverage if there is a claim,” said Brooke Yates, a partner in the litigation department at the law firm of Sherman & Howard in Denver.
Past breaches, if they’re not reported on the insurance application, also could become an issue, said Tracy Tenorio, a senior vice president and account executive at ABD, a commercial brokerage in San Mateo, Calif. Insurers bind coverage on the understanding that the client is not aware of anything that could lead to a claim, Tenorio said. Questions about that awareness are often the first place an insurer will look after a claim.
“The good thing is that the carrier will often ask the client, ‘OK, we need to talk about this because this is what I believed the risk to be; this is how you answered the question. What am I missing?’ ” she said.
Smaller companies, already worried about the perceived cost of cyber insurance, may be turned off by the application process before they even begin, said Reza Khan, executive vice president of ThinkRisk Underwriting Agency in New York City.
“From our experience, many cyber applications are not designed with the typical small to middle-market firm in mind,” Khan said.
ThinkRisk recently introduced a 21-question application for a new admitted cyber/privacy product. The questions reflect the company’s concern that many firms won’t understand typical cyber jargon.
“Quite frankly, when you’re entertaining a $10 million dental practice, how much technical underwriting information do you really need to properly assess and price their exposures?” Khan asked.
Others are seeking to streamline applications as well. Allied World North America, for example, offers an application that asks for only a few questions if companies have less than 50,000 records, according to Josh Ladeau, cyber practice leader for the insurance carrier. Policies are capped at a limit of $1 million.
Companies may not fully understand how many records they actually have, Ladeau added. But Allied World is confident it has the underwriting experience to tell if a business is undercounting. “Even smaller retailers will have more than 50,000 transactions,” he said.
Once they get through the application process, risk managers still have to sort through products that can be difficult to compare.
Approaches to notification costs are among the variables. Some insurers offer an overall sublimit, while others provide limits based on the number of people being notified, said Sheri Pastor, partner and practice leader for the insurance coverage group at the law firm McCarter & English in Newark, N.J. Some carriers require the use of prescreened vendors to deal with a breach, while others allow policyholders to choose their own.
“It is not unusual for a risk management department to take a long period of time to analyze these products, and then decide which to place,” Pastor said. “Many companies can explore them for months, if not a year or more, with their renewal cycles coming and going.”
Risk managers also must be alert to the ways a cyber policy could interact with their other policies and exclusions, brokers and insurers said.
Emerging risks are another factor to consider. Content liability is overlooked in many cyber policies, for example, but could pose a threat, said Ken Goldstein, worldwide cyber security manager for Chubb Group of Insurance Cos. Businesses could face claims if a competitor believes it is being disparaged in an online ad, or a person’s image is being misappropriated.
“There’s real claims activity in this area,” Goldstein added.
At the University of Wyoming, Peterson grappled with decisions about breach-response and credit-monitoring services. Depending on the scope of a potential breach, the university might have to notify people in every state. It has 13,000 undergraduate and graduate students, as well as thousands of alumni around the country. In addition, thousands attend concerts, football games and other events at the university.
“You can listen to other people who have had breaches, but they’re all very, very different, depending on whose information was breached and what information was breached and what state is affected,” she said. “So it’s really just hard to know.”
Brokers have helped Peterson sort through the details. But, she added,
“Ultimately, it still comes down to me trying to assess what’s most likely to happen here or, even if it’s not what’s most likely, it’s where are the places where we’re going to want the most assistance, and that’s an institution-by-institution analysis.”
Redefining In-House Counsel
Twenty years ago, the in-house lawyer might have drafted a detailed memo warning fellow executives to steer clear of some legal pitfall — and then moved on.
But for general counsel today, a strictly advisory role no longer suffices. Once stereotyped as risk-averse deal-killers, attorneys are more engaged than ever in business decisions. As a result, they are just as likely to be managing risks as urging colleagues to avoid them.
It’s a trend with implications for risk managers, who are seeing general counsel take a more active role in matters ranging from buying insurance to developing crisis management plans.
“It’s been a sea change over the past couple decades,” said Veta T. Richardson, CEO of the Association of Corporate Counsel, an international membership group based in Washington, D.C. “General counsel have evolved beyond just being looked at as someone you go to to ask for legal advice.”
The evolution is driven by several factors, boiling down to the growing complexity of law, business and technology, according to Richardson and other observers. Regulations are proliferating both in the United States and in other countries. And regulators seem to be taking a more aggressive approach in areas such as privacy, anti-corruption, antitrust and tax avoidance.
Insurance policies are another area of growing complication, according to Finley Harckham, a shareholder with the law firm Anderson Kill in
Counselors De-Code Policy Language
While insurers and policyholders often battle over claims, the disputes drew more attention after Superstorm Sandy in 2012, said Harckham, who represents policyholders. Companies learned that buying insurance did not mean they’d be covered.
Harckham advises in-house attorneys to scrutinize insurance contracts and bring their legal knowledge to bear. “Lots of policies have clauses which stack the deck in favor of the insurance companies and against the policyholder, and it’s important for in-house counsel to evaluate those clauses before they end up in the insurance policies,” Harckham said.
While the review might cause friction with risk managers, who might feel they are being second-guessed, he said, it can help both parties by avoiding contested claims and unforeseen exposures.
“I have seen it work well and it ought to work well, because the lawyers can add value to what the risk manager’s doing,” he said.
Even as they share the load, risk managers will still be needed. But like in-house attorneys, they also may have to take a broader view of their companies, especially as risk management matures, said Donna Epps, a Dallas-based partner with Deloitte Financial Advisory Services.
“Those people who don’t move with it run the risk of losing the value that they’re bringing to the organization,” she said.
Teamwork Boosts Value
Successful risk managers already seek input from across their companies as they develop risk-transfer strategies, said John Peterson, Chicago-based co-leader of U.S. retail sales for Aon Risk Solutions.
From attorneys, risk managers can learn about a company’s most pressing legal risks. Attorneys can learn from risk managers about insurance policies or other solutions that might help address those risks, Peterson said.
“That teamwork certainly has proven to be quite effective.”
“General counsel that we interviewed recognize that there has to be some risk-taking to run a business. Their contribution can be to help evaluate and manage that risk.” — Bryan Jones, global and Americas head of dispute advisory services, KPMG, Dallas
Attorneys also may help in probing the root causes of recurring claims, added Bryan Jones, global and Americas head of dispute advisory services for KPMG in Dallas. To understand the changing role of general counsel, the consulting firm surveyed in-house lawyers worldwide in 2012 and 2014.
“General counsel want to contribute value by not only reacting to claims but also by preventing them,” Jones said, adding that attorneys are less risk-averse than the images of old. “General counsel that we interviewed recognize that there has to be some risk-taking to run a business. Their contribution can be to help evaluate and manage that risk.”
But while in-house lawyers may be pitching in more often, risk managers still report primarily to CFOs, controllers and other finance executives. According to Aon’s 2013 Risk Management Survey, 51 percent of risk management departments reported to finance, down from 62 percent in 2009. Nine percent reported to the general counsel, compared to 8 percent in 2009. Highlighting greater executive attention to risk management, 12 percent of departments reported to CEOs, up from 6 percent in 2009.
Diversify Knowledge and Services
At PubMatic, an advertising technology company based in Redwood City, Calif., risk management has been shared by the legal and finance departments, according to Nadine Stocklin, the company’s general counsel.
Besides contributing her legal knowledge, she also learns as much as she can about the company’s operations and tries to become involved early on in new initiatives, such as partnerships and acquisitions. The efforts paid off after the vice president of finance left, and she took over insurance buying.
“If I didn’t understand the business, I wouldn’t know what to say to our insurance broker about what we need to be covered,” she said. “Now, I’m the primary liaison with our broker.”
Stocklin follows what she calls a balanced approach to risk management that accounts for both the risks and rewards of business. “Legal is often viewed as a roadblock,” she said. “So I think it’s important for people to see that I’m doing this risk-reward analysis on a day-to-day basis to understand what’s best for the company.”
At Safway, risk management gradually migrated from finance to legal over the last decade, said Curt Paulsen, who joined the company in 2003 as its first general counsel. Based in Waukesha, Wis., Safway is a scaffolding and worker access company with branches around the United States and Canada. The company also provides industrial painting and insulation.
When Paulsen began, he worked closely with the company’s CFO on risk management, which still came under finance. But after a few years, risk shifted to the legal department. A lawyer working under Paulsen now heads the company’s risk management department, Paulsen said.
The change stemmed, in part, from the legal aspects of handling claims, Paulsen said. But it also seemed to make sense, given the growing complexity and importance of risk management. “That doesn’t mean that, gee, you need a lawyer to do it,” he said. “But given its importance for some entities, I think it can quite easily, for some companies, just morph into the legal department.”
Where they don’t have direct oversight, lawyers often join risk management teams, and take part in risk management discussions, said Dan Cahoy, a business law professor in the Smeal College of Business at The Pennsylvania State University in State College, Pa.
“You could argue that we have some very special additional legal complexity that hasn’t existed in the past, and you’re not going to be able to quantify it unless you get some specialized legal knowledge at the table,” Cahoy said.
But lawyers are not always trained to make business decisions, Cahoy added.
“So, to the extent that you bring in a counsel whose answer is ‘no’ 99 percent of the time, that may not help your business.”
Much depends on the personalities of the people involved, Cahoy and others said, but risk managers and in-house attorneys can learn to work together, given that their expertise and their concerns often overlap. Both departments are charged with identifying what can go wrong and mitigating the damage.
“The friction is between people who want to or feel that it’s important to do risk analysis, and the business-development types that don’t want to hear it because they don’t want to hear any naysayers.” — Eric Esperne, legal counsel, Dell Inc.
“They’re both a slightly different approach to similar problems operationally,” said Laura Peterson, chief risk officer — and a trained attorney — at the University of Wyoming in Laramie, Wyo.
Conflict could arise, however, over issues such as when to press an insurer for coverage, Peterson said. A lawyer might want to fight, while a risk manager may have an eye on the costs of outside counsel. On the other hand, she said, a risk manager may want to contest a claim, to avoid setting a precedent and inviting even more claims. An attorney, with an eye on the strength of the legal case, might choose to settle.
Friction also can arise if in-house lawyers focus solely on legal issues, said Scott Goodreau, chief sales officer for brokerage HUB International in Chicago. “What’s important is for general counsel to ensure that they understand the fact that it’s not just about the legal risk,” he said. “It’s also about the total impact to the company.”
The greater tension, however, is not between attorneys and risk managers, said Eric Esperne, counsel in the legal department at Dell Inc., based in Canton, Mass. He has written and spoken about risk management for legal audiences.
“The friction is between people who want to or feel that it’s important to do risk analysis, and the business-development types that don’t want to hear it because they don’t want to hear any naysayers,” Esperne said. “All they care about is creating opportunities to generate revenue.”