Around the world, social pressure against public corruption is resulting in huge demonstrations, investigations and legislation. And that is rebounding on multinationals that face their own pressure to keep business above board while trying to expand in countries where bribery is often necessary to get permits and permission.
A survey of CFOs and board members by Ernst & Young found that 95 percent of the respondents were “very” or “fairly” concerned about the potential liability resulting from fraud and corruption in Latin America — the area that offers the most concern.
Not far below were the Middle East and Africa, at 87 percent, and Central and Eastern Europe, at 84 percent.
While laws are almost universally clear — don’t do it — the risks are increasingly complex, as anti-corruption laws and their enforcement evolve both in the United States and overseas.
In the United States, investigators appear to be scouring industries that traditionally have not attracted notice, according to attorneys and experts in the field.
Retailers have been in the spotlight, for instance, ever since news surfaced in April 2012 of a probe into Wal-Mart. The retail giant is alleged to have paid bribes in Mexico to speed growth there.
Enforcement is intensifying in other countries as well, pushed along by public protests as well as by an anti-bribery convention overseen by the Paris-based Organisation for Economic Co-operation and Development. Forty countries, including Argentina, Russia and South Africa, have signed the OECD convention since it was drafted in 1997.
Today, more than 300 investigations are underway in 24 countries, according to Patrick Moulette, head of the OECD’s anti-corruption division. “It has not doubled from last year or the year before, but it’s 10 or 20 more every year, so maybe this is a positive sign,” said Moulette, who hopes greater attention will spur countries to crack down harder.
Other nations, notably China, are dusting off their own anti-bribery laws, exposing U.S. companies to potentially costly legal action on new fronts.
“It’s very hard to find a country anywhere where bribery is legal,” said Brian Loughman, Americas leader for Fraud Investigation and Dispute Services with Ernst & Young. “The challenge is always, what’s the enforcement like.”
To top it off, foreign prosecutors today are more likely to share information with their U.S. counterparts. “The world is smaller for prosecutors, too,” Loughman said.
For decades, U.S. companies only had to worry about the Foreign Corrupt Practices Act of 1977, or FCPA, which bans bribery of public officials in other countries. American executives often complain they are disadvantaged by the statute, as it does not apply to businesses based outside the United States.
Enforcement eventually prompted stronger controls and tougher policies, but investigators remain aggressive, according to Michael Himmel, an attorney and chair of the litigation and white-collar criminal defense departments at the law firm of Lowenstein Sandler.
“More and more cases are being investigated, and prosecutors are tending to take harder lines,” said Himmel. Over the last five years, he said, investigators have asked companies to open up more of their operations to review. “That’s obviously going to be a greater expense,” he said.
Equal Opportunity Scrutiny
Investigators also seem to be eyeing new sectors, expanding beyond defense, energy and mining to include pharmaceuticals and retail.
It’s a costly occurrence for the probed companies. The ongoing probe into Wal-Mart so far has cost the company more than $150 million, according to company filings with the U.S. Securities and Exchange Commission.
The SEC and the Department of Justice, which enforce the FCPA, do not explicitly target industries, said Timothy P. Peterson, a partner in the Washington, D.C., office of Murphy & McGonigle. But as investigators dig into one company’s operations, they may follow a trail to others in the same sector.
“The real danger for retailers is that when there are very large investigations, the government is going to start to get familiar with how that business works,” Peterson said. “They may, as they get more familiar with the business, decide they want to find more companies that operate in a similar way.”
It’s not just government investigators. Corporate rivals are another source of FCPA-related allegations, said Brett W. Johnson, a partner in the Phoenix office of law firm Snell & Wilmer. Companies may arouse suspicion if they are moving goods or opening stores more quickly than competitors, especially in countries where corruption is considered rife.
“The default is, ‘He’s paying somebody off,’ ” Johnson said.
For retailers, corruption risks extend throughout the supply chain, and they are compounded by the pressure to stock shelves in time to meet buyers’ needs. Bathing suits don’t sell well in November, at least in the northern hemisphere.
“Keeping the supply chain flowing is critical to a retailer, especially one that has any kind of seasonality,” said Randy Stephens, vice president of the Ethical Leadership Group of NAVEX Global Inc., a compliance technology firm based in Portland, Ore.
Foreign customs officials often recognize the time pressure — and the power it can give them to demand bribes, Stephens said.
“If you give them the sense that you’re going to participate in that scheme, at any level, you only open yourself up to more trouble, because you look like somebody who’s going to play that game,” Stephens said.
In addition to training employees and establishing clear policies, retailers need to examine internal incentives, Stephens said. If executives overseas are rewarded solely for growing revenue, opening more stores or hitting other bottom-line goals, they may overstep ethical boundaries.
Compensation should be tied, in part, to actions that avoid fines, penalties or stains on a company’s global reputation, Stephens said.
“You’ve got to be willing to let people make decisions that could negatively impact your supply chain, yet comply with the law.”
Another risk arises from the use of third-party agents, a requirement for doing business in some nations. When those agents pay bribes to expedite deals, the U.S. business is on the hook for any FCPA violations.
As a result, companies seeking overseas growth must know their foreign business partners and regularly audit their operations, as well as know the country’s laws and norms.
“You’ve got to be willing to let people make decisions that could negatively impact your supply chain, yet comply with the law.” —Randy Stephens, vice president, Ethical Leadership Group of NAVEX Global Inc.
What’s legal in one country may not be legal in another. And companies can no longer focus on the FCPA alone, attorneys said.
A Tangled Web of Compliance
The United Kingdom adopted a tough anti-bribery statute in 2011. And Brazil enacted a stringent new law this year, following public protests that coalesced around government corruption. In addition to increased penalties, the law allows companies to be found guilty of bribing public officials. Previously, only individuals could be found guilty of that crime.
“Very few companies today can comply, or attempt to comply, with just one home jurisdiction,” said Michel Léonard, chief economist and senior vice president of Emerging Markets for Alliant. “It’s a bit like antitrust laws. These days, mergers need to be approved in the U.S. and Europe as well.”
Experts said U.S. companies should partner with local attorneys who can can train employees, navigate the nuances of a country’s laws, and react quickly to problems.
“You’re not going to have the same processes; you’re not going to have the same protections,” said Joe Martini, co-chair of the White-Collar Defense, Investigations and Corporate Compliance Practice Group at the law firm of Wiggin and Dana.
Given the potential costs of an investigation, specialized insurance coverage is the next step in corporate compliance, said Machua Millett, a senior vice president with Marsh USA Inc. The brokerage firm introduced a specialized product in 2011.
In the past, Millett said, companies sought coverage for FCPA-related expenses under D&O policies. But underwriters and carriers hesitated, due to the size of the potential exposure.
Cooperation with the government does not necessarily lessen the expense. Although Ralph Lauren Corp. voluntarily disclosed bribes made by a subsidiary in Argentina, it still faced a penalty of $882,000.
Companies should focus first on compliance, with insurance as a backstop, Millett said. “At the end of the day, you might be able to show that you acted well.”
A Not-So-Microscopic Risk
Why don’t lifeguards wear white stuff on their noses anymore?
We’re more aware of the dangers of sun exposure than ever before. You’d think folks exposed to the sun would want the best protection possible. And you’d be right. The thing is, a thick layer of white zinc oxide is no longer the best thing going … because of nanotechnology.
Nanotechnology is the understanding and control of matter at dimensions between approximately 1 nanometer and 100 nanometers, according to the U.S. National Nanotechnology Initiative. One nanometer is one-billionth of a meter. For comparison purposes, if a marble were a nanometer in diameter, then one meter would be the diameter of the Earth.
At the nanoscale level — down to 1/100,000th the width of a human hair — materials exhibit different properties than what is detectable in the everyday “macroscopic” world.
For example, nanomaterials can have greater strength, lighter weight and greater chemical reactivity than their larger-scale counterparts. Scientists have learned how to rearrange atoms of carbon, silver, titanium, silicon, gold and zinc to leverage these nanoscale superpowers — not just in the laboratory, but efficiently enough, and at low enough cost, to enable commercial manufacturing.
That’s why new fabrics are more stain-resistant, why tennis rackets and bicycle frames are lighter and stronger than ever before, why food containers can help keep food fresher even longer. It’s why lifeguards no longer wear those unfashionable white sunblock smears.
Nanoscale technology is already more than a decade old, and — to put it mildly — its potential is tremendous. But nanotech products are lightly regulated, and their long-term effects are not well understood.
Products using nanotech may one day zap tumors or enable more effective treatments for cardiovascular illness or Parkinson’s disease. They could improve the performance, resiliency and longevity of our transportation infrastructure while reducing cost. They could transform our energy future by making batteries last longer, and enable solar panels to produce many times more energy. Nanotechnology could make it easier for us to bring clean drinking water to millions in need around the world.
No wonder nanotech is growing fast — so quickly, in fact, that reliable data is hard to find and may be out of date by the time it is published.
There are more than 5,400 nanotech firms globally. The consumer products inventory at www.nanotechproject.org lists more than 1,300 products using nanotechnology, produced in 30 different countries, that are commercially available.
Every state in the United States has at least one nanotech manufacturer, with California leading the pack. Nanotechnology is already in our food, medicines, clothes, cosmetics, sunscreens, pesticides, electronics, homes, sports equipment, cars, airplanes, water, air and land. Nanotechnology is everywhere.
But, little has been spent studying short- or long-term effects, and early tests indicate potential risks such as cellular or genetic damage. Some nanoproducts pass through the skin and are distributed throughout the body, with unknown effects. Nanomaterials may be able to breach landfill barriers as well.
The U.S. Food and Drug Administration has released draft food and cosmetic guidance, but there are few labeling requirements, and many manufacturers have failed to test the safety of their products.
In April 2013, the National Institute for Occupational Safety and Health (NIOSH) recommended that occupational exposures to carbon nanotubes and carbon nanofibers be controlled to reduce a potential risk of certain work-related lung effects. According to NIOSH, recent results from experimental animal studies with rodents indicate that exposure to carbon nanotubes and carbon nanofibers may pose a respiratory hazard if inhaled.
Several studies have linked carbon nanotubes to mesothelioma. That has echoes of an emerging risk from decades gone by: asbestos.
An Underwriting Challenge
Insurers are already at risk. Standard policies don’t specifically exclude nanotech, and it’s not clear whether courts in all jurisdictions would apply a policy’s pollution exclusion. Few insurance applications ask about nanomaterials. Nanotechnology could well be the underwriting challenge of the next hundred years.
Even though data is in short supply, actuaries have been tackling the challenge presented by nanotechnology.
Drawing on the lessons learned from the notorious exposures of asbestos and pollution, property/casualty actuaries are helping insurers prepare to handle new emerging risks like nanotechnology by assisting with the development of new policy language and encouraging underwriting discipline.
Actuaries can also help integrate pricing, planning and reserve setting to manage the underwriting cycle.
Actuarial work is, fundamentally, the analysis of relevant information to develop estimates of future financial implications. Just because nanotech-related insurance data has yet to emerge, that doesn’t mean there is a complete lack of relevant information.
As with the emerging risk of climate change, analysis begins with scientific findings — and by applying the expertise of the subject matter experts in the insurance world. Actuaries involved with coverage of nanotech processes and products use work such as that presented in Nanotechnology Safety, edited by Ramazan Asmathulu, a Wichita State University associate professor who focuses on nanomaterials.
Then, most importantly, actuaries apply a sound analytical structure to address the problem. Framing the issues in a logical manner involves the use of techniques such as lifecycle analysis and expert elicitation to supplement available data and develop preliminary estimates.
Also important is the regulatory environment. As asbestos litigation evolved, it was perhaps unexpected developments such as the 1965 Restatement of Torts that proved the most troublesome.
An analysis of current regulations, in the United States and abroad, can provide context for initial product design and rate estimates. But it will be important, in this quickly changing landscape, to remain alert for changes in the legislatures and the courts.
Insurers are wise to be alert to new sources of risk — but not all apparently emerging issues do, in fact, emerge. Our reaction time as an industry, however, has improved. New opportunities are quickly tackled while at the same time managing, and pricing for, the inherent risks.
The insurance industry can be an important enabler of new industries and technologies such as the ones nanoprocesses have already brought to market, and the many more applications yet to be discovered. Like the lifeguard watching over the pool, insurers seek to make money without getting burned. That’s why it’s important to think ahead, assess the risks and put the right protections in place.
Cyber: The Overlooked Environmental Threat
“Cyber breach” conjures fears of lost or ransomed data, denial of service, leaked corporate secrets and phishing scams.
But in a world where so many physical operations are automated and controlled by digital technologies, the consequences of cyber attacks extend far beyond the digital realm to include property damage, bodily injury, and even environmental pollution.
Industrial companies that deal with hazardous materials — like power plants, refineries, factories, water treatment facilities or pipelines — are heavily dependent on automated technology to maximize their efficiency. Other sectors use technology to control HVAC systems, power and utilities, placing their properties at risk as well.
Cyber risks like theft of personally identifiable data have been highly publicized in recent years, but physical risks like pollution sparked by a cyber breach may not be as obvious.
“It’s significant to lose 100,000 customers’ Social Security numbers,” said William Bell, Senior Vice President, Environmental, Liberty International Underwriters, “but can you imagine if a waste treatment facility’s operations get hacked, gates open, and thousands of tons of raw sewage go flowing down a local river?”
In many industrial complexes, a network of sensors gathers and monitors data around machinery efficiency and the flow of the materials being processed. They send that information to computer terminals that interpret the data into commands for the hardware elements like motors, pumps and valves.
This automation technology can control, for example, the flow of pipelines, the level of water or waste held in a reservoir, or the gates that hold in and control the release of vast quantities of sewage and other process materials. Hackers who want to cause catastrophe could hijack that system and unleash damaging pollutants.
And it’s already happened.
In 2000, a hacker caused 800,000 liters of untreated sewage to flood the waterways of Maroochy Shire, Australia. In 2009, an IT contractor, disgruntled because he was not hired full-time, disabled leak detection alarm systems on three off-shore oil rigs near Long Beach, Calif.
Just last year, cyber attackers infiltrated the network of a German steel mill through a phishing scam, eventually hacking into the production control system and manipulating a blast furnace so it could not be shut down. The incident led to significant property damage.
According to a leading industrial security expert and executive director of the International Society of Automation, “Today’s operational technologies—such as sensors, SCADA systems, software and other controls that drive modern industrial processes—are vulnerable to cyber attack. The risk of serious damage or compromise to power and chemical plants, oil and gas facilities, chemical and water installations and other vital critical infrastructure assets is real.”
“The hacks could come from anywhere: a teenager looking for entertainment, a disgruntled worker, or more sophisticated criminals or terrorists,” Bell said. “There are certainly groups out there with political and ideological motivations to wreak that kind of havoc.”
“We are working to bring the cyber component of environmental risk to the forefront. Cyber security is not just an IT issue. Industry executives need to be aware of the real-world risks and danger associated with an industrial cyber attack as well as the critical differences between cyber security and operational technology security.”
— William Bell, Senior Vice President, Environmental, Liberty International Underwriters
The cleanup cost of an environmental disaster can climb into the hundreds of millions, and even if a cyber breach triggered the event, a cyber policy alone will not cover the physical and environmental damage it caused.
The risk is even more pointed now, as resource conservation becomes increasingly important. Weather related catastrophe modeling is changing as both flooding and drought become more severe and frequent in different regions of the U.S. Pollution of major waterways and watersheds could have severe consequences if it affects drinking water sources, agriculture and other industrial applications that depend on this resource.
Managing the Risk
Unfortunately, major industrial corporations sometimes address their environmental exposure with some hubris. They trust in their engineers to remove the risk by designing airtight systems, to make a disaster next to impossible. The prospect of buying environmental insurance, then, would be superfluous, an expression of doubt in their science-backed systems.
Despite the strongest risk management efforts, though, no disaster is 100 percent avoidable.
“We are working to bring the cyber component of environmental risk to the forefront,” Bell said. “Cyber security is not just an IT issue. Industry executives need to be aware of the real-world risks and danger associated with an industrial cyber attack as well as the critical differences between cyber security and operational technology security.”
The focus on network security and data protection has distracted industry leaders from strengthening operational technology security. Energy, manufacturing and other industrial sectors lack best practice standards when it comes to securing their automated processes.
After the Homeland Security Act of 2002, the Department of Homeland Security began comprehensive assessments of critical infrastructure’s cyber vulnerability, working with owners and operators to develop solutions. It also offers informational guides for private companies to do the same. The National Institute of Standards and Technology also continues work on its cyber security framework for critical infrastructure. Although this helps to establish some best practices, it does not completely mitigate the risk.
Many businesses don’t see themselves as a target, but they need to look beyond their own operations and property lines. They could be an attractive target due to their proximity to densely populated areas or resources such as waterways and highways, or nationally or historically significant areas. The goal of a cyber terrorist is not always to harm the target itself, but the collateral damage.
The Role of Insurance
“Environmental liability is still by and large viewed as a discretionary purchase,” Bell said, “but the threat of a cyber attack that can manipulate those systems and ultimately lead to a pollution incident is added incentive to buy environmental coverage.”
Liberty International Underwriters’ environmental coverage could respond to many pollution conditions set off by a cyber breach event.
“Property damage, bodily injury and cleanup of any pollution at or emanating from a covered property would likely be taken care of,” Bell said. “The risk is not so much the cyber exposure but the consequence of the attack. The resulting claims and degradation to the environment could be severe, especially if the insured was a target chosen because of their unique position to have a large effect on the local population and environment.”
LIU also offers dedicated Cyber Liability insurance solutions designed to manage and mitigate the cost of responding to a cyber attack and any resultant loss of data and associated liability. Coverage includes proactive data breach response services designed to help organizations comply with regulatory requirements and prevent data breaches.
LIU’s loss control managers are also on hand to conduct assessments of insureds’ properties and facilities to examine potential environmental impacts. They can educate brokers on the importance of enhancing cyber security to prevent an environmental accident in the first place.
“People are relying more and more on their systems, automaton is increasing, and the risk is growing,” Bell said. “We’re all focused on protecting data, but the consequences of a cyber breach can be much farther reaching than data alone.”
To learn more about Liberty International Underwriters’ environmental coverages and services, visit www.LIU-USA.com.
Liberty International Underwriters is the marketing name for the broker-distributed specialty lines business operations of Liberty Mutual Insurance. Certain coverage may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds. This literature is a summary only and does not include all terms, conditions, or exclusions of the coverage described. Please refer to the actual policy issued for complete details of coverage and exclusions.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty International Underwriters. The editorial staff of Risk & Insurance had no role in its preparation.