Around the world, social pressure against public corruption is resulting in huge demonstrations, investigations and legislation. And that is rebounding on multinationals that face their own pressure to keep business above board while trying to expand in countries where bribery is often necessary to get permits and permission.
A survey of CFOs and board members by Ernst & Young found that 95 percent of the respondents were “very” or “fairly” concerned about the potential liability resulting from fraud and corruption in Latin America — the area that offers the most concern.
Not far below were the Middle East and Africa, at 87 percent, and Central and Eastern Europe, at 84 percent.
While laws are almost universally clear — don’t do it — the risks are increasingly complex, as anti-corruption laws and their enforcement evolve both in the United States and overseas.
In the United States, investigators appear to be scouring industries that traditionally have not attracted notice, according to attorneys and experts in the field.
Retailers have been in the spotlight, for instance, ever since news surfaced in April 2012 of a probe into Wal-Mart. The retail giant is alleged to have paid bribes in Mexico to speed growth there.
Enforcement is intensifying in other countries as well, pushed along by public protests as well as by an anti-bribery convention overseen by the Paris-based Organisation for Economic Co-operation and Development. Forty countries, including Argentina, Russia and South Africa, have signed the OECD convention since it was drafted in 1997.
Today, more than 300 investigations are underway in 24 countries, according to Patrick Moulette, head of the OECD’s anti-corruption division. “It has not doubled from last year or the year before, but it’s 10 or 20 more every year, so maybe this is a positive sign,” said Moulette, who hopes greater attention will spur countries to crack down harder.
Other nations, notably China, are dusting off their own anti-bribery laws, exposing U.S. companies to potentially costly legal action on new fronts.
“It’s very hard to find a country anywhere where bribery is legal,” said Brian Loughman, Americas leader for Fraud Investigation and Dispute Services with Ernst & Young. “The challenge is always, what’s the enforcement like.”
To top it off, foreign prosecutors today are more likely to share information with their U.S. counterparts. “The world is smaller for prosecutors, too,” Loughman said.
For decades, U.S. companies only had to worry about the Foreign Corrupt Practices Act of 1977, or FCPA, which bans bribery of public officials in other countries. American executives often complain they are disadvantaged by the statute, as it does not apply to businesses based outside the United States.
Enforcement eventually prompted stronger controls and tougher policies, but investigators remain aggressive, according to Michael Himmel, an attorney and chair of the litigation and white-collar criminal defense departments at the law firm of Lowenstein Sandler.
“More and more cases are being investigated, and prosecutors are tending to take harder lines,” said Himmel. Over the last five years, he said, investigators have asked companies to open up more of their operations to review. “That’s obviously going to be a greater expense,” he said.
Equal Opportunity Scrutiny
Investigators also seem to be eyeing new sectors, expanding beyond defense, energy and mining to include pharmaceuticals and retail.
It’s a costly occurrence for the probed companies. The ongoing probe into Wal-Mart so far has cost the company more than $150 million, according to company filings with the U.S. Securities and Exchange Commission.
The SEC and the Department of Justice, which enforce the FCPA, do not explicitly target industries, said Timothy P. Peterson, a partner in the Washington, D.C., office of Murphy & McGonigle. But as investigators dig into one company’s operations, they may follow a trail to others in the same sector.
“The real danger for retailers is that when there are very large investigations, the government is going to start to get familiar with how that business works,” Peterson said. “They may, as they get more familiar with the business, decide they want to find more companies that operate in a similar way.”
It’s not just government investigators. Corporate rivals are another source of FCPA-related allegations, said Brett W. Johnson, a partner in the Phoenix office of law firm Snell & Wilmer. Companies may arouse suspicion if they are moving goods or opening stores more quickly than competitors, especially in countries where corruption is considered rife.
“The default is, ‘He’s paying somebody off,’ ” Johnson said.
For retailers, corruption risks extend throughout the supply chain, and they are compounded by the pressure to stock shelves in time to meet buyers’ needs. Bathing suits don’t sell well in November, at least in the northern hemisphere.
“Keeping the supply chain flowing is critical to a retailer, especially one that has any kind of seasonality,” said Randy Stephens, vice president of the Ethical Leadership Group of NAVEX Global Inc., a compliance technology firm based in Portland, Ore.
Foreign customs officials often recognize the time pressure — and the power it can give them to demand bribes, Stephens said.
“If you give them the sense that you’re going to participate in that scheme, at any level, you only open yourself up to more trouble, because you look like somebody who’s going to play that game,” Stephens said.
In addition to training employees and establishing clear policies, retailers need to examine internal incentives, Stephens said. If executives overseas are rewarded solely for growing revenue, opening more stores or hitting other bottom-line goals, they may overstep ethical boundaries.
Compensation should be tied, in part, to actions that avoid fines, penalties or stains on a company’s global reputation, Stephens said.
“You’ve got to be willing to let people make decisions that could negatively impact your supply chain, yet comply with the law.”
Another risk arises from the use of third-party agents, a requirement for doing business in some nations. When those agents pay bribes to expedite deals, the U.S. business is on the hook for any FCPA violations.
As a result, companies seeking overseas growth must know their foreign business partners and regularly audit their operations, as well as know the country’s laws and norms.
“You’ve got to be willing to let people make decisions that could negatively impact your supply chain, yet comply with the law.” —Randy Stephens, vice president, Ethical Leadership Group of NAVEX Global Inc.
What’s legal in one country may not be legal in another. And companies can no longer focus on the FCPA alone, attorneys said.
A Tangled Web of Compliance
The United Kingdom adopted a tough anti-bribery statute in 2011. And Brazil enacted a stringent new law this year, following public protests that coalesced around government corruption. In addition to increased penalties, the law allows companies to be found guilty of bribing public officials. Previously, only individuals could be found guilty of that crime.
“Very few companies today can comply, or attempt to comply, with just one home jurisdiction,” said Michel Léonard, chief economist and senior vice president of Emerging Markets for Alliant. “It’s a bit like antitrust laws. These days, mergers need to be approved in the U.S. and Europe as well.”
Experts said U.S. companies should partner with local attorneys who can can train employees, navigate the nuances of a country’s laws, and react quickly to problems.
“You’re not going to have the same processes; you’re not going to have the same protections,” said Joe Martini, co-chair of the White-Collar Defense, Investigations and Corporate Compliance Practice Group at the law firm of Wiggin and Dana.
Given the potential costs of an investigation, specialized insurance coverage is the next step in corporate compliance, said Machua Millett, a senior vice president with Marsh USA Inc. The brokerage firm introduced a specialized product in 2011.
In the past, Millett said, companies sought coverage for FCPA-related expenses under D&O policies. But underwriters and carriers hesitated, due to the size of the potential exposure.
Cooperation with the government does not necessarily lessen the expense. Although Ralph Lauren Corp. voluntarily disclosed bribes made by a subsidiary in Argentina, it still faced a penalty of $882,000.
Companies should focus first on compliance, with insurance as a backstop, Millett said. “At the end of the day, you might be able to show that you acted well.”
A Not-So-Microscopic Risk
Why don’t lifeguards wear white stuff on their noses anymore?
We’re more aware of the dangers of sun exposure than ever before. You’d think folks exposed to the sun would want the best protection possible. And you’d be right. The thing is, a thick layer of white zinc oxide is no longer the best thing going … because of nanotechnology.
Nanotechnology is the understanding and control of matter at dimensions between approximately 1 nanometer and 100 nanometers, according to the U.S. National Nanotechnology Initiative. One nanometer is one-billionth of a meter. For comparison purposes, if a marble were a nanometer in diameter, then one meter would be the diameter of the Earth.
At the nanoscale level — down to 1/100,000th the width of a human hair — materials exhibit different properties than what is detectable in the everyday “macroscopic” world.
For example, nanomaterials can have greater strength, lighter weight and greater chemical reactivity than their larger-scale counterparts. Scientists have learned how to rearrange atoms of carbon, silver, titanium, silicon, gold and zinc to leverage these nanoscale superpowers — not just in the laboratory, but efficiently enough, and at low enough cost, to enable commercial manufacturing.
That’s why new fabrics are more stain-resistant, why tennis rackets and bicycle frames are lighter and stronger than ever before, why food containers can help keep food fresher even longer. It’s why lifeguards no longer wear those unfashionable white sunblock smears.
Nanoscale technology is already more than a decade old, and — to put it mildly — its potential is tremendous. But nanotech products are lightly regulated, and their long-term effects are not well understood.
Products using nanotech may one day zap tumors or enable more effective treatments for cardiovascular illness or Parkinson’s disease. They could improve the performance, resiliency and longevity of our transportation infrastructure while reducing cost. They could transform our energy future by making batteries last longer, and enable solar panels to produce many times more energy. Nanotechnology could make it easier for us to bring clean drinking water to millions in need around the world.
No wonder nanotech is growing fast — so quickly, in fact, that reliable data is hard to find and may be out of date by the time it is published.
There are more than 5,400 nanotech firms globally. The consumer products inventory at www.nanotechproject.org lists more than 1,300 products using nanotechnology, produced in 30 different countries, that are commercially available.
Every state in the United States has at least one nanotech manufacturer, with California leading the pack. Nanotechnology is already in our food, medicines, clothes, cosmetics, sunscreens, pesticides, electronics, homes, sports equipment, cars, airplanes, water, air and land. Nanotechnology is everywhere.
But, little has been spent studying short- or long-term effects, and early tests indicate potential risks such as cellular or genetic damage. Some nanoproducts pass through the skin and are distributed throughout the body, with unknown effects. Nanomaterials may be able to breach landfill barriers as well.
The U.S. Food and Drug Administration has released draft food and cosmetic guidance, but there are few labeling requirements, and many manufacturers have failed to test the safety of their products.
In April 2013, the National Institute for Occupational Safety and Health (NIOSH) recommended that occupational exposures to carbon nanotubes and carbon nanofibers be controlled to reduce a potential risk of certain work-related lung effects. According to NIOSH, recent results from experimental animal studies with rodents indicate that exposure to carbon nanotubes and carbon nanofibers may pose a respiratory hazard if inhaled.
Several studies have linked carbon nanotubes to mesothelioma. That has echoes of an emerging risk from decades gone by: asbestos.
An Underwriting Challenge
Insurers are already at risk. Standard policies don’t specifically exclude nanotech, and it’s not clear whether courts in all jurisdictions would apply a policy’s pollution exclusion. Few insurance applications ask about nanomaterials. Nanotechnology could well be the underwriting challenge of the next hundred years.
Even though data is in short supply, actuaries have been tackling the challenge presented by nanotechnology.
Drawing on the lessons learned from the notorious exposures of asbestos and pollution, property/casualty actuaries are helping insurers prepare to handle new emerging risks like nanotechnology by assisting with the development of new policy language and encouraging underwriting discipline.
Actuaries can also help integrate pricing, planning and reserve setting to manage the underwriting cycle.
Actuarial work is, fundamentally, the analysis of relevant information to develop estimates of future financial implications. Just because nanotech-related insurance data has yet to emerge, that doesn’t mean there is a complete lack of relevant information.
As with the emerging risk of climate change, analysis begins with scientific findings — and by applying the expertise of the subject matter experts in the insurance world. Actuaries involved with coverage of nanotech processes and products use work such as that presented in Nanotechnology Safety, edited by Ramazan Asmathulu, a Wichita State University associate professor who focuses on nanomaterials.
Then, most importantly, actuaries apply a sound analytical structure to address the problem. Framing the issues in a logical manner involves the use of techniques such as lifecycle analysis and expert elicitation to supplement available data and develop preliminary estimates.
Also important is the regulatory environment. As asbestos litigation evolved, it was perhaps unexpected developments such as the 1965 Restatement of Torts that proved the most troublesome.
An analysis of current regulations, in the United States and abroad, can provide context for initial product design and rate estimates. But it will be important, in this quickly changing landscape, to remain alert for changes in the legislatures and the courts.
Insurers are wise to be alert to new sources of risk — but not all apparently emerging issues do, in fact, emerge. Our reaction time as an industry, however, has improved. New opportunities are quickly tackled while at the same time managing, and pricing for, the inherent risks.
The insurance industry can be an important enabler of new industries and technologies such as the ones nanoprocesses have already brought to market, and the many more applications yet to be discovered. Like the lifeguard watching over the pool, insurers seek to make money without getting burned. That’s why it’s important to think ahead, assess the risks and put the right protections in place.
Searching for Stability in Cyber Space
As headline-grabbing breaches crack systems and tarnish reputations of major retail, healthcare and financial companies, the need for cyber insurance has become increasingly apparent.
Given the constantly changing nature of cyber risk and the market landscape, creating a stable, sustainable cyber insurance business demands a prudent approach, with an eye on the long road.
“We’ve seen carriers jump in and out, wanting to take advantage of a new opportunity, but perhaps underestimating the risk,” said Danielle Librizzi, Senior Vice President, Head of Professional Liability, Berkshire Hathaway Specialty Insurance (BHSI).
“As cyber exposure became more tangible to carriers, in-force coverage was tested and many made radical changes to pricing and availability of coverage. BHSI is committed to entering the cyber market in a thoughtful and sustainable way. We want to be there for our customers as the risks continue to evolve.”
Diverse, Evolving Risks
Cyber exposure – and coverage — have been evolving, posing different risks and underwriting challenges for different industries. The technology, financial services and healthcare industries illustrate the diverse issues that must be considered in order to provide effective, financially sustainable cyber solutions.
The technology sector was the first cyber battleground, and technology E&O forms included some cyber coverage by virtue of the nature of the risk. “There’s inherent cyber coverage for third party liabilities in E&O,” Librizzi said.
While coverage is widely available, tech companies pose challenges to underwriters because of their unique position in the cyber “supply chain.” These companies provide software, hardware and cloud services; virtually every organization in the world is dependent on a tech provider of some stripe. If an insurer is covering both the provider and its clients, the aggregate risk should be monitored closely.
Think of a DOS attack on a cloud provider that prevents all of its clients – which could include anyone from a bank to a retailer or transportation company — from accessing stored customer or corporate data or running cloud-based service apps. That single attack could bring business in multiple industries to a grinding halt, potentially causing business interruption and E&O losses.
The tech industry hasn’t seen a large scale event like this yet, but it isn’t waiting around for one to strike before addressing the underlying risk. Controlling and accounting for the aggregate exposure will mold the direction that coverage development takes.
“Our combined form, introduced in October, 2015, is a comprehensive solution that includes first and third party cyber coverage as well as traditional E&O coverage,” Librizzi said.
However, that approach may not be appropriate for other industries. Financial Institutions, for example, may seek a dedicated cyber only policy which does not include traditional E&O coverage.
While banks typically have strong protocols for network security and privacy, they also have a much greater exposure in massive stores of customer data. Financial Institutions are looking to address liability in the form of class action lawsuits or heavy regulatory investigations and fines emanating from cyber, and may not want to compromise their traditional E&O limits.
“Additionally, given the increased reliance on outsourced providers for technology solutions, we have started to see the introduction of sub-limited coverage for dependent business interruption and payment card industry (PCI) fines and assessments as enhancements to coverage,” Librizzi said. “We might see those sub-limits go to full coverage as competition gets heavier.”
Other industries, which may not be as advanced as financial institutions in addressing cyber threats, have suffered more from a lack of robust cyber coverage that can keep up with increasing exposure.
Healthcare, for example, has seen a surge of cyber attacks since hospitals and other health systems went electronic. To a hacker, healthcare providers represent a warehouse of valuable personal identifiable and protected health information.
Email addresses from healthcare systems typically are white-listed and less likely to get caught in a spam filter, giving hackers incentive to obtain access and gain control of a healthcare provider’s network in order to launch phishing attacks.
After some high-profile breaches in 2015, Human Health Services and the Office for Civil Rights came under scrutiny for not doing enough enforcement of HIPPA. Fines imposed by regulators increased dramatically over the past decade, and seem poised to only get higher.
“They’ll be ramping up enforcement of regulations in 2016, and that’s only a peek of what’s on the horizon,” Librizzi said.
The burgeoning of healthcare’s cyber exposure has challenged the insurance industry to better understand the nature of the risk and how best to secure hospital systems. Coverage for this sector remains the most difficult to write effectively.
BHSI understands the need for different customers to have different solutions. Some customers desire a dedicated cyber policy that does not include traditional E&O coverage. BHSI’s Network Security and Privacy stand-alone policy is designed to address the needs to those customers.
“The cyber exposures and coverages needs of healthcare, financial services and technology are on different timelines and will look very different in the future,” Librizzi said.
Even in more mature markets, the conflation of commercial and personal cyber risk will challenge insurers going forward. Most existing cyber products don’t cover property damage and personal injury; as the risks emerge and the Internet of Things becomes more pervasive, the coverage will have to evolve as well.
“We must always be thinking about what is on the horizon from a risk and coverage perspective – our technology driven society demands it,” Librizzi said.
Anticipating challenges and adapting to each industry’s needs has been a cornerstone of BHSI’s approach to cyber. It’s careful and measured approach has also helped the specialty insurer build an arsenal of experts and ancillary services to help clients better grasp and mitigate their exposure.
“We know the importance of really understanding the risk and communicating it clearly to our customers,” Librizzi said. “We don’t bury our coverage in a pile of definitions, and we provide the expertise to help insureds stay ahead of the next big breach.”
To learn more about BHSI’s professional liability products, visit http://www.bhspecialty.com/.
Berkshire Hathaway Specialty Insurance (www.bhspecialty.com) provides commercial property, casualty, healthcare professional liability, executive and professional lines, surety, travel, programs, medical stop loss and homeowners insurance. The actual and final terms of coverage for all product lines may vary. It underwrites on the paper of Berkshire Hathaway’s National Indemnity group of insurance companies, which hold financial strength ratings of A++ from AM Best and AA+ from Standard & Poor’s. Based in Boston, Berkshire Hathaway Specialty Insurance has offices in Atlanta, Boston, Chicago, Fort Lauderdale, Houston, Los Angeles, New York, San Francisco, San Ramon, Stevens Point, Auckland, Brisbane, Hong Kong, Melbourne, Singapore, Sydney and Toronto. For more information, contact [email protected].
The information contained herein is for general informational purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any product or service. Any description set forth herein does not include all policy terms, conditions and exclusions. Please refer to the actual policy for complete details of coverage and exclusions.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Berkshire Hathaway Specialty Insurance. The editorial staff of Risk & Insurance had no role in its preparation.