With public anxiety about companies running high after crashes, contaminations, cyber attacks and leadership failures, insurance buyers and sellers agree on the need for insurance solutions to protect reputations.
But they are still figuring out what should be covered, when coverage should be triggered, where to set insurance limits and how to pay out benefits.
There’s no denying the cry of need for reputation risk insurance — worries about brand and reputation are the top threats keeping executives up at night, according to the most recent “Aon Risk Solutions Survey.” But the take-up rate on the handful of current stand-alone policies has been “almost immeasurably low,” said Randy Nornes, executive vice president, Aon Risk Solutions and an author of the survey.
The failure so far of stand-alone products to catch on doesn’t mean risk must be left uncovered, said Tracy Knippenburg Gillis, global practice leader, Marsh Risk Consulting’s reputational risk and crisis management practice.
“As carriers figure out the optimal combination, many existing policies — including directors and officers, umbrella, cyber and property — currently have endorsements available for crisis response,” she said.
Examples of companies currently offering stand-alone policies, include:
- Only losses (Munich Re and Steel City Re)
- Only crisis and/or communications management (Zurich and Lloyd’s)
- Both, but with relatively low limits (AIG)
The policies that cover only crisis management and communications are a placeholder while the industry develops a more complete solution, said Ty Sagalow, chief executive officer and founder of Innovation Insurance Group and a 30-year C-suite alumnus of AIG General Insurance and Zurich North America. “Nobody thinks crisis management products that pay a couple hundred thousand are the answer, but where there’s a need, a solution will follow.”
Chief among the challenges for stand-alone policies that cover losses, Nornes said, is quantifying potential and actual losses. Another is that reputation damage itself is the result of other risks, which divert companies’ attention from reputational damage to the issues that drive them.
The issues most driving them are ethics and integrity; security, both physical and cyber breaches; product and service risks (such as those related to safety, health and the environment); and third-party relationships, with companies increasingly held accountable for the actions of their suppliers and vendors, according to Deloitte’s “2014 Global Survey on Reputation Risk.”
Working the Numbers
Quantification of reputational risk is “an inexact science,” reported a 2013 ACE Group reputation study, subject to vagaries stemming from an organization’s pre-crisis reputation, its response to the crisis, and how quickly it reassured stakeholders that the underlying problems had been addressed.
“These subtleties mean that quantification of reputational risk will inevitably rely on a number of assumptions, and that could generate a false sense of precision, leading companies to rely on estimations that may ultimately turn out to be wide of the mark,” it said.
Hart Brown, vice president, organizational resilience, HUB International, agreed that a mature insurance solution is around the corner.
Its development, he said, is inhibited by still-developing data analysis and predictive modeling tools, but the technology is “getting closer” to supplying a solution that will give actuaries more precise projected losses from reputation-damaging events.
Identifying possible risks starts with common sense — Emily Freeman, risk management, cyber and professional liability specialist, Lockton Cos.
Some industry players believe the solution is already at hand. Nir Kossovsky, co-founder and chief executive officer, Steel City Re, built his company, and his company’s reputation, on those very data analysis and predictive modeling tools.
Steel City Re, which provides reputation assurance solutions, measures the implied reputational values of 7,500 companies every week using metrics, many of which predict what will appear on profit and loss statements: revenue, employee expenses, credit costs, supplier costs, and fines and penalties associated with regulatory action.
Value also manifests in shareholder actions, merger and acquisition scenarios and equity investor optimism.
When stakeholders are disappointed in an organization, Kossovsky said, they jump ship. Customers leave, price points fall, suppliers charge more, credit is withdrawn, employees disengage and regulations are imposed. Typically, those consequences can equal two to seven times the cost of the original operations failure.
For example, Penn State University acknowledged a financial impact of $171.5 million two years after the 2011 Jerry Sandusky scandal, in which the former assistant football coach was convicted of assaulting young boys. That may not include such items as lost research grants and decreased out-of-state applications, which could push the bill higher.
The total number, Kossovsky said, could be derived from “very big data” — Penn State’s average resource allocations over the years compared to other institutions.
“Then you ask, ‘After the Sandusky scandal, did Penn State’s behavior relative to the average or control group change substantially?’ If it did, you could reasonably argue that the change reflects the Sandusky event.”
The scandal prompted an FBI investigation, shook up the university’s top leadership and resulted in a post-season ban of the football team. Headlines called out “Penn State” and “child sex abuse” in the same phrase.
But in fiscal year 2011-2012, the school received donations of $208.7 million — the second-highest annual amount in its history — according to the university.
The reason, Kossovsky said, was the institution’s reputation resilience. While out-of-state stakeholders might send their children to other storied universities until the incident faded from memory, Pennsylvania residents and fervently loyal alumni were willing to approach the indiscretion as an anomaly and move on.
Of course, most organizations lack Penn State’s mythology, which produced its reputation resilience.
“It doesn’t matter if it’s a data breach or product recall. We can come to a good approximation of what it will cost.” — Randy Nornes, executive vice president, Aon Risk Solutions
For others, quantifying losses is a “math problem” requiring a decision tree based on a series of questions about the event, Nornes said.
“It doesn’t matter if it’s a data breach or product recall. We can come to a good approximation of what it will cost.”
First is the magnitude of the event. Was it widely reported? Did litigation or liabilities follow? Was it a data breach that disclosed personal information? How will it affect future sales? Then there are subcategories. Was it a safety event? What kind?
Stop the Bleeding
A company’s response to a crisis — the purview of crisis management and communications insurance coverage — profoundly affects losses.
“A mismanaged crisis response will bring down a company faster than anything else,” said Mike Swenson, president, Crossroads, a public relations and crisis communications management firm that represents numerous food manufacturers.
In the age of Twitter and Facebook, that requires a lightning-fast response, which in turn means having a well-practiced crisis plan and wholehearted buy-in from the C-suite and the board of directors.
“There are no longer any news cycles,” Swenson said. “After an event, you have no planning time with social media. If something goes wrong, you have minutes, not hours, to respond.”
To be effective, he said, the plan must:
- Identify the team that will leap into action in a crisis.
- Identify all the imaginable and unimaginable risks, and all possible variations facing the company.
- Map a response to each crisis.
- Develop key messages consisting of three to five talking points for each crisis.
Some carriers align their policies with a selected panel of agencies, vetted and retained for their experience, reputation, cost, service package, geographical scope and industry expertise, said Emily Freeman, risk management, cyber and professional liability specialist, Lockton Cos. Carriers may consider vetting and pre-approving a client’s own external PR or crisis management firm.
AIG’s ReputationGuard is one of the products that uses a panel of crisis management and communications agencies.
Typical of its peer products, coverage responds to extraordinary events, not day-to-day business operations, such as a crime by an executive or on the company’s premises, said Jeanmarie Giordano, chief underwriting officer, professional liability, AIG.
Atypically, coverage is triggered when the insured contacts the agency either to prepare a response to a still-hypothetical threat or to an actual one that may go public. The firm helps the company respond through social media, publicity, public appearances and image monitoring.
Plan for the Worst
Identifying possible risks starts with common sense, Freeman said. “If the company has exposure to children, it needs to think about personal safety. If it offers public facilities, it needs to think about violence. If it’s involved in transportation, it needs to think about accidents.”
A lot of tangential issues emerge in the process, said Aon’s Nornes, such as climate change. A company might ask, ‘Are we good environmental stewards?’
“You can make a pretty good list of risks,” he said. “The question is, are you running exercises and drills around situations you thought about? Not every company does the second piece.”
Eerily, he said, when Aon mapped out risk scenarios by industry in 1999, its aviation category contemplated two 747s flying into the World Trade Center.
The ACE study advises companies to listen, engaging in “more frequent dialogue with stakeholders to understand their views and monitoring the external environment more systematically to identify the emerging reputational threats that put their relationships at risk.”
Commitment starts at the top. Boards of directors should take time at board meetings to discuss customer satisfaction, brand identity, customer loyalty and elasticity measures.
This organizational soul-searching makes companies “better firms and better prepared” for crises, said Nornes, because it “translates to changes in both process and traditional insurance related to perils that drive reputational risk.”
Publicity about poor customer service or some mishap can be repeated multiple times over social media. “There’s a high value in thinking the response through,” he said.
A crisis response plan can shake a company out of the complacency that can leave exposures hiding in plain sight.
For example, Freeman said, “A company may have excellent cyber security and so neglect to put a crisis plan in place for a data breach even though it collects sensitive customer information and processes their credit cards.”
A thorough examination of risks and responses would catch that kind of exposure.
Scenario planning also picks up the slack left by failing attention spans, which — for people who use multiple digital devices — are now shorter than that of a goldfish, according to a recent Microsoft study.
“Who can actually forget a school shooting or an oil spill that kills 11 people?” said Leslie Gaines-Ross, chief reputation strategist, Weber Shandwick, which is on several carriers’ panels of crisis communications experts.
But people move on to the next threat. For example, Gaines-Ross said, privacy was the top threat on executives’ minds last year; this year it’s reputation risk, but privacy threats haven’t gone away, especially in the minds of miscreants.
A well-thought-out response can turn a bad story into a good one, said Swenson of Crossroads.
For example, he recalled, when the story of horse DNA in some of Taco Bell’s European locations hit the Internet, the result of a supply chain failure, the restaurant chain used the bad publicity to drive people to its website, which staunchly defended the purity of its American product.
“They created viral marketing to turn a bad thing into a good thing. It works both ways. You have to be prepared for an adverse event.”
In Danger’s Path
Defense contractors in the Middle East work in some of the most dangerous and inhospitable conditions on the planet. Workers are drawn there by high pay rates, but face a long list of exposures.
Defense Base Act (DBA) insurance provides the sole workers’ compensation remedy for these employees, although some employers supplement that cover with employer liability coverage, in case of legal action from injured workers or third parties.
Provided through the Department of Labor, DBA coverage is congressionally mandated for civilian employees working outside the United States on military bases or under a contract with the government for public works or for national defense unless their employer obtains a waiver.
DBA carriers qualify for full reimbursement from the government for injuries caused by a “war-risk hazard” under The War Hazards Compensation Act.
Video: The DOL in 2009 reported that at least 1,688 civilian contractors in Iraq and Afghanistan died and more than 37,000 were injured, according to this Global Report TV broadcast.
Although conflict is spreading in the Middle East, many areas are not considered “conflict zones” where qualified injuries would be reimbursable by the federal government.
Still, DBA benefits are broad, said Karen Dobson, national client director, Aon Risk Solutions. They don’t officially provide 24-hour coverage, but they apply to many activities, sometimes even those as questionable as bar fights and softball injuries.
AIG has the lion’s share of the statutory DBA business, followed by CNA and ACE.
Neither the Department of Defense nor the Department of Labor releases statistics on the number of workers covered by the DBA, but the Business Benefits Group, a benefits consultant, reports that it covers almost 200,000 prime and subcontractor employees overseas and that it generates annual government-wide premiums of more than $400 million. DBA coverage extends to foreign nationals as well as U.S. citizens.
Contractors accounted for at least 50 percent of U.S. forces in Iraq and Afghanistan over the last decade, and before that, in the Balkans, said Moshe Schwartz, specialist in defense acquisition, before the House of Representatives’ Committee on Armed Services in October 2013.
High Risk and High Rewards
Despite its dangers and discomforts, the Middle East is an attractive place to work for many, said Aon’s Dobson, in large part because the work pays so well. For example, a truck driver who makes $40,000 per year in the United States may make $100,000 per year in the Middle East.
“An attorney will ask, ‘Is the worker’s heart condition or inflamed liver related to drinking bad water in Afghanistan?’ ” — Scott Bloch, a Washington, D.C. attorney who represents injured employees in many DBA cases.
But fundamental safety considerations sometimes get pushed to the back burner by extreme conditions. In challenging environments, such as 120-degree heat, “people just want to get the job done, and they’re not always focusing on safety procedures or taking the time to avoid risk,” said Alan Leibowitz, corporate director, environment, safety, health and security for Exelis Inc., a contractor with a large Middle East footprint.
Those shortcuts can lead to high injury rates. Workers in the Middle East are injured at least 10 times more frequently than their stateside equivalents, said Haleh Khodayari, chief executive officer, Advanced Consulting Inc., a global risk management firm based in California.
The costs in those cases can escalate rapidly due to exorbitant medical, medevac and repatriation expenses, in addition to lost time from work. The list of regional and war zone exposures is long and can be grisly, Khodayari said, ranging from slip-and-fall injuries to environmental exposures to death and injury from detonated roadside bombs and other extreme hazards from strife in the Middle East.
Post-traumatic stress and fatigue disorders occur frequently in Iraq and Afghanistan, sources said. The list of regional exposures includes allergies to foreign plants, such as palm pollen, and traffic accidents as workers try to negotiate unfamiliar or haphazard traffic patterns.
Adding to underwriters’ headaches is that the high compensation rates overseas sometimes motivate applicants to hide disqualifying ailments such as asthma or heart conditions during pre-employment screenings, which could put them at risk. It could also put their colleagues at risk if the safety of one depends on the unimpaired function of the other.
When DBA Applies
The Department of Labor is vigilant in its oversight of the DBA program, said Dobson, to the extent that it is “paternalistic” about looking after workers. In several cases, she said, the insurance company and claimant agreed on a settlement, but the DOL didn’t agree with the terms. It compelled the insurer to pay more, even though the claimants had competent legal representation.
Some disputes arise over whether or not idiopathic ailments, such as cancers and heart conditions, are related to employment, said Scott Bloch, a Washington, D.C. attorney who represents injured employees in many DBA cases.
“A DBA remedy could kick in if any aspect of the employment hastens or aggravates the conditions,” he said, which pulls the employer into complex legal and medical situations to prove or disprove a claim.
“An attorney will ask, ‘Is the worker’s heart condition or inflamed liver related to drinking bad water in Afghanistan?’ ”
To stave off financial crises in case DBA does not apply or while a case is in review, Bloch said, many employers offer their workers disability insurance over and above the workers’ compensation insurance to cover gaps that DBA may not cover.
Although DBA prevents employers from being hauled into civil lawsuits for its direct employees, employers may still be liable for third-party suits independent of DBA, Bloch said.
For example, if an employee leaves a live electrical cord that electrocutes a subcontractor in the shower, the employer may be subject to liability in civil court for action or inaction taken vis-à-vis the electrocuted subcontractor, who is a third party despite being part of “the team.”
The same pertains to any third party who wanders onto a work site or is struck by a contractor’s car.
Claims Management in Farsi
Language and distance often hobble claims management for injuries in the Middle East, said Terri Rhodes, CEO of the Disability Management Employer Coalition. U.S. doctors and carriers have to read medical reports from non-English-speaking countries to determine the nature and cause of injuries and whether they’re job-related.
They have to be able to read a treatment plan to arrange return-to-work. Even when she hires interpreters, Rhodes said, she never has full confidence that the interpretation is accurate.
“There’s always some variance in language,” Rhodes said.
Extracting, transporting and repatriating injured workers from conflict zones and remote regions to a location with adequate medical facilities can be complicated and expensive, said Eric Dean, senior vice president, ACE Risk Management Global Casualty.
DBA insurance provides coverage for repatriation. But problems multiply when a worker is medically incapacitated and can’t speak, Rhodes said, and it becomes necessary to obtain medical records.
“We have to communicate with hospitals,” she said, “and we run into time zone problems. In an emergency, we have to find out immediately when the injured worker was admitted and what the injury is.”
As elsewhere, incident prevention in the Middle East is the best claims management strategy, to whatever extent that’s possible in an environment where explosives and extreme heat are a fact of life.
Michael Baker International, a global engineering, planning and integrated consulting firm, strives for a “zero-incident, zero-accident” workplace at every site around the world, said Nicholas Gross, chief operating officer, international operations. That pays off both in protection of its employees and in its claims experience: Last year, Michael Baker International got “the best DBA rates in history,” Gross said.
“Our safety record has a direct benefit on our bottom line.”
Industry best practices include thorough pre-and post-employment screens, which include medical, dental and psychological exams, followed up with checkups during deployment, even in war zones, Aon’s Dobson said.
Michael Baker keeps a solid, detailed documentation trail about every incident, illness and injury, which ensures that injured employees get swift treatment and also protects the company against future claims.
Like Michael Baker, Exelis spends a lot of resources training its workers, both U.S. and foreign nationals, in safety protocols. It holds workers in the field to the same standard as its U.S. offices and factories.
Safety protocols could include redundant testing for electrical current on a rewiring site — an important precaution where infrastructure is cobbled together and wiring is “not always the safest,” Exelis’ Leibowitz said. It also includes forced hydration breaks, because people don’t notice heat exposure until it’s too late.
Compliance is high, Leibowitz said, because workers appreciate that the protocols are in their best interest. Exelis offers incentives for following safety rules and applies penalties, such as being sent home, for breaking them.
Return-to-work programs for Middle East contract workers can be hard to implement, Advance Consulting’s Khodayari said. A fairly simple injury such as a broken leg can be treated in most regions of the Middle East, but the worker can’t get back to work as quickly as in the U.S. because light duty assignments are not usually available.
The cost of lost wages can be high because the DBA entitles some injured workers to full wage loss for the rest of their lives.
“If a worker can’t return to the original contract, we may conduct a formal Labor Market Survey and help the injured worker look into other jobs with the same employer in a different capacity,” Khodayari said.
Gross attributes much of Michael Baker International’s safety success to its proactive approach — and to its partnership with its broker and DBA insurance provider.
“Our broker took an active role in identifying and managing risk, reducing claims and getting personnel back to work,” he said. “Our partnership with our carrier helped us reduce claims and experience.”
And key to the successful relationship, said ACE Group’s Dean, is working directly with the client, face to face when possible.
“Insurance is a contract of trust. Putting a face to the name helps build that trust,” he said, even with statutory coverage, such as DBA insurance.
“The relationship doesn’t change the coverage, but it facilitates the placement of coverage.”
Specialty Drugs Show No Signs of Slowing Down
A decade ago, high-cost specialty drugs were commonly referred to as “injectable drugs” and were used to treat conditions not typically covered in workers’ compensation, such as cancer, rheumatoid arthritis and multiple sclerosis.
“Today, however, new specialty drugs are emerging that will be used to treat other chronic and inflammatory conditions,” said Joe Boures, president and CEO of Healthcare Solutions, an Optum company providing specialized pharmacy benefit management services to the workers’ compensation market.
“Payers in the workers’ comp market are just beginning to feel the cost impact of greater utilization of these drugs, which come with expensive price tags.”
Specialty drugs are often manufactured using biologic rather than chemical methods, and they are no longer just administered by injections. New specialty drugs can also be inhaled or taken orally, likely contributing to the rise in their utilization.
“There isn’t a standard definition of specialty drugs, but they are generally defined as being complex to manufacture, costly, require specialty handling and distribution, and they difficult for patients to take without ongoing clinical support or may require administration by a health care provider,” said Boures.
In 2014, more than a quarter of all new therapies that the FDA approved were through its biologics division. Biologics, and similar therapies, are representative of a future trend in prescription drug spend.
“As the fastest growing costs in health care today, specialty drugs have the potential to change the way prescription benefits are provided in the future,” said Jim Andrews, executive vice president of pharmacy for Healthcare Solutions.
Workers’ Compensation payers may not recognize how specialty drugs are affecting their drug spend.
Specialty drugs like Enbrel®, Humira® and Synvisc® can be processed in conjunction with other medical procedures and, therefore, not recognized by payers as a pharmacy expense.
This leaves payers with little visibility into the costs of these medications within their book of business and a lack of tools to control these costs.
Due to the high costs of specialty medications, special due diligence should be utilized when claimants receive these medications, up to and including utilization review, said Andrews.
“Healthcare Solutions recommends that claimants using specialty drugs are monitored for proper medication handling and that the medication is administered appropriately, as well as monitoring the claimant to determine whether the medication is having its desired results and if there are any side effects,” he said.
“At $1,000 per pill for some of these specialty medications, making sure a claimant can tolerate the side effects becomes vital to making sure the claimant achieves the desired outcomes.”
Hepatitis C drugs have made their way to the workers’ compensation market, largely through coverage of healthcare workers, who have exposure to the disease.
“Traditional drug treatments that began in the 1990’s had a success rate of 6% and costs ranging from $1,800 to over $88,000,” said Andrews.
“The new Hepatitis C specialty medications have a treatment success rate of 94-100%, but cost between $90,000 and $226,000.”
Although the new treatments include higher drug costs, the payer’s overall medical costs may actually decrease if the Hep C patient would have required a liver transplant as part of the course of treatment without the drugs.
While the release of new Hepatitis C medications in 2014 demonstrated the potential impact specialty medications can have on workers’ compensation payers, there are some specialty medications under development that target more common conditions in workers’ compensation.
Pfizer Inc. and Eli Lilly and Company are currently developing tanezumab, a new, non-narcotic medication to treat chronic pain, which is common in workers’ compensation claims.
Tanezumab has demonstrated benefits of reducing pain in clinical trials and may provide non-addictive pain relief to claimants in the future. This may change how pain management is treated in the future.
Healthcare Solutions has a specialty medication program that provides payers discounted rates and management oversight of claimants receiving specialty medications.
Through the paper bill process, Healthcare Solutions aids payers in identifying specialty drugs and works with adjusters and physicians to move claimants into the specialty network.
A central feature of the program is that claimants are assigned to a clinical pharmacist or a registered nurse with specialty pharmacy training for consistent care with one-on-one consultations and ongoing case management.
The program provides patients with education and counseling, guidance on symptoms related to their medical conditions and drug side effects, proactive intervention for medication non-adherence, and prospective refill reminder and follow-up calls.
“The goal is to improve patient outcomes and reduce total costs of care,” said Boures.