Roger's Soapbox

A Blockchain Revolution?

By: | November 2, 2016 • 2 min read
Roger Crombie is a United Kingdom-based columnist for Risk & Insurance®. He can be reached at [email protected]

Blockchain. You’ve heard the word, think it has something to do with bitcoin, have no idea what it does, vaguely fear it and hope it goes away.

Such was my attitude until I sucked it up and learned everything there is to know. I still don’t get it, but let’s pretend I do. The word is that blockchain will hit the insurance industry with the approximate force as did the internet.

Insurance took forever to adopt the internet, yet now it charges toward blockchain at full tilt. Perhaps I should say no more until I explain what blockchain is. I’ll do my best, but with this build-up, it’s going to sound silly.

Blockchain is an open public ledger in which transactions are permanently logged chronologically. Yeah, that’s it alright. It’s like the system banks use to track the millions of transactions that take place every minute — but that system is only available to banks.

Blockchain, with all its transactions linked to each other, will be available to all interested parties.

Advertisement




How will this help insurers? Take an automobile policy. It will be written on the blockchain, thus set in electronic stone. If the covered vehicle crashes, it will automatically alert the blockchain, which will then automatically pay a suitable claim to the injured party.

PwC says the new technology can save reinsurers $10 billion annually. Customers will be more satisfied, business made more efficient. Ta da: blockchain (plus or minus 5 percent).

Once blockchain accumulates real value, hackers will stop bothering decent people’s credit cards and start stealing from the kids on the blockchain.

There must be more to it. Doctors terminating patients will trigger automatic life and medical pay-outs. If your house disappears in an earthquake, its dying words would be delivered to your building insurance blockchain. If you’re not home, you’ll have the money before you even know you have no home.

I would agree with you that this doesn’t sound like an internet-sized change in our lives, but insurance people are holding conferences and getting all worked up about the blockchain. That kind of behavior, in my experience, signals the imminent doing of something that cannot be gainsaid. We’ll all be blockheads soon.

If I were a worrier, the security of the whole thing would give me pause. On the contrary, part of the reputed allure of the idea is the fact that it cannot be attacked by any traditional hacking method. The blockchain lives on everyone’s computer, not one central place, making hacking too arduous to pursue, we are told.

Poppycock and balderdash, say I. Hackers are too smart to invent ways of breaking systems that haven’t been invented yet. Once blockchain accumulates real value, hackers will stop bothering decent people’s credit cards and start stealing from the kids on the blockchain. That’s a given. Will they succeed? Place your bets.

Progress for its own sake bores me. Public ledgers, permanent records, automatic claims payments: These are all good ideas. Bravo. It’s about time. But blockchain as revolutionary change that will tear asunder the very fabric of society? Eyewash. &

Share this article:

Risk Insider: Nir Kossovsky

Wells Fargo, Reputation and the Wisdom of Crowds

By: | October 24, 2016 • 3 min read
Nir Kossovsky is the Chief Executive Officer of Steel City Re. He has been developing solutions for measuring, managing, monetizing, and transferring risks to intangible assets since 1997. He is also a published author, and can be reached at [email protected]

My firm relies on prediction markets to inform indices of reputation that provide a quantitative measure of governance, risk and compliance as perceived by stakeholders. We call them reputational value metrics.

In mid-2014, Wells Fargo’s metrics were getting notably more volatile, indicating that members of the crowds of Wells Fargo stakeholders, in their wisdom, were worried.

Advertisement




Between June and December 2014, Wells was losing in the courts in a number of mortgage-related matters, including additional lawsuits from home lending practices thought to have been settled in 2012; new suits for “equity stripping;” discrimination against pregnant applicants; federal insurance fraud and newly discovered compliance failures.

While publicly there was no mention of the underlying issue of the current reputation crisis, which stems from Wells Fargo’s aggressive cross-selling program, it is fair to speculate that many stakeholders were both experiencing and signaling discomfort with it.

Now, with the benefit of hindsight, there are three pieces of evidence pointing to the inevitability of this crisis.

Wells Fargo lost track of the financial importance (and therefore risk) of cross-selling, misunderstood reputation risk, and mismanaged risk management at the board level.

Disclosed in unusual detail in Wells Fargo’s 10Ks of 2013 and 2014–but not 2015-was the operational risk of…

…’cross-selling’ efforts to increase the number of products our customers buy from us …[which] is a key part of our growth strategy… [with the risk being that] we might not attain our goal of selling an average of eight products to each customer.

Wells Fargo thought reputation risk and adverse publicity could impair cross-selling. It did not appreciate that cross-selling could give rise to reputation risk, notwithstanding a scathing LA Times expose in December 2013.

The company’s blindness to the risk resulted from the distribution of risk oversight among board committees.

Wells Fargo lost track of the financial importance (and therefore risk) of cross-selling, misunderstood reputation risk, and mismanaged risk management at the board level.

At Wells Fargo, Reputation Risk is under the purview of the Corporate Responsibility Committee; Enterprise Risk is under a separate Risk Committee to whom the Chief Risk Officer is also attached; Ethics/Business Conduct Risk is under the Audit Committee, and Compensation Risk is under the purview of Human Resources Committee.

This means that the reputational crisis that emerged from Wells Fargo’s cross-selling strategy with inherent compensation risk, ethical risks and operational risks sprouted and blossomed under the watchful eyes of at least four separate board committees.

The tipping point came in early September 2016 in a public disclosure that the Consumer Financial Protection Bureau (CFPB), the Los Angeles City Attorney and the Office of the Comptroller of the Currency (OCC) fined the bank $185 million.

The regulators alleged that as the result of perverse incentives, unethical behaviors and ineffective operational oversight, more than 2 million bank accounts or credit cards were opened or applied for without customers’ knowledge or permission between May 2011 and July 2015.

The classical manifestations of a reputational crisis then materialized, as customers broke off relations, employees sued, customers sued, investors sued, the stock price fell at least 7 percent, executives lost their heads and the regulators piled on.

One wonders how many Wells Fargo board members are concerned about finding themselves testifying before one of the legislative body’s many oversight committees.

One way to communicate authentic rehabilitation is to share with its competitors its strategy for mitigating this “industry-wide” risk.

While damage to the personal reputations of John Stumpf and others may be permanent, companies have a way of recovering. Wells Fargo has acknowledged the error and within a week of the September reveal, terminated the cross-selling program.

The last and most critical steps are still to come. First, the company must streamline its risk oversight process to account for the interplay between operational risks, liquidity risks, and reputational risks.

Advertisement




To capture the benefits of improved governance, Wells Fargo then needs to communicate its changes to the many stakeholders that now view the bank with a jaundiced eye. One way to communicate authentic rehabilitation is to share with its competitors its strategy for mitigating this “industry-wide” risk.

Another way is to communicate to those who look for vulnerabilities in governance (read, activists) that third parties are attesting — dare I say warrantying — the new improved governance processes at Wells Fargo.

Unfortunately, odds are that Wells Fargo will follow a time-honored tradition of putting the cart before the horse by first engaging in an expensive communications campaign while hiring an expensive law firm to discover what went wrong.

Time will tell.

Share this article:

Sponsored Content by Nationwide

Hot Hacks That Leave You Cold

Cyber risk managers look at the latest in breaches and the future of cyber liability.
By: | December 1, 2016 • 5 min read

Nationwide_SponsoredContent_1016Thousands of dollars lost at the blink of an eye, and systems shut down for weeks. It might sound like something out of a movie, but it’s becoming more and more of a reality thanks to modern hackers. As technology evolves and becomes more sophisticated, so do the occurrence of cyber breaches.

“The more we rely on technology, the more everything becomes interconnected,” said Jackie Lee, associate vice president, Cyber Liability at Nationwide. “We are in an age where our car is a giant computer, and we can turn on our air conditioners with our phones. Everyone holds data. It’s everywhere.”

Phishing Out Fraud

According to Lee, phishing is on the rise as one of the most common forms of cyber attacks. What used to be easy to identify as fraudulent has become harder to distinguish. Gone are the days of the emails from the Nigerian prince, which have been replaced with much more sophisticated—and tricky—techniques that could extort millions.

“A typical phishing email is much more legitimate and plausible,” Lee said. “It could be an email appearing to be from human resources at annual benefits enrollment or it could be a seemingly authentic message from the CFO asking to release an invoice.”

According to Lee, the root of phishing is behavior and analytics. “Hackers can pick out so much from a person’s behavior, whether it’s a key word in an engagement survey or certain times when they are logging onto VPN.”

On the flip side, behavior also helps determine the best course of action to prevent phishing.

“When we send an exercise email to test how associates respond to phishing, we monitor who has clicked the first round, then a second round,” she said. “We look at repeat offenders and also determine if there is one exercise that is more susceptible. Once we understand that, we can take the right steps to make sure employees are trained to be more aware and recognize a potentially fraudulent email.”

Lee stressed that phishing can affect employees at all levels.

“When the exercise is sent out, we find that 20 percent of the opens are from employees at the executive level,” she said. “It’s just as important they are taking the right steps to ensure they are practicing what they are preaching.”

Locking Down Ransomware

Nationwide_SponsoredContent_1016Another hot hacking ploy is ransomware, a type of property-related cyber attack that prevents or limits users from accessing their system unless a ransom is paid. The average ransom request for a business is around $10,000. According to the FBI, there were 2,400 ransomware complaints in 2015, resulting in total estimated losses of more than $24 million. These threats are expected to increase by 300% this year alone.

“These events are happening, and businesses aren’t reporting them,” Lee said.

In the last five years, government entities saw the largest amount of ransomware attacks. Lee added that another popular target is hospitals.

After a recent cyber attack, a hospital in Los Angeles was without its crucial computer programs until it paid the hackers $17,000 to restore its systems.

Lee said there is beginning to be more industry-wide awareness around ransomware, and many healthcare organizations are starting to buy cyber insurance and are taking steps to safeguard their electronic files.

“A hospital holds an enormous amount of data, but there is so much more at stake than just the computer systems,” Lee said. “All their medical systems are technology-based. To lose those would be catastrophic.”

And though not all situations are life-or-death, Lee does emphasize that any kind of property loss could be crippling. “On a granular scale, you look at everything from your car to your security system. All data storage points could be controlled and compromised at some point.”

The Future of Cyber Liability

According to Lee, the Cyber product, which is still in its infancy, is poised to affect every line of business. She foresees underwriting offering more expertise in crime and becoming more segmented into areas of engineering, property, and automotive to address ongoing growing concerns.”

“Cyber coverage will become more than a one-dimensional product,” she said. “I see a large gap in coverage. Consistency is evolving, and as technology evolves, we are beginning to touch other lines. It’s no longer about if a breach will happen. It’s when.”

About Nationwide’s Cyber Solutions

Nationwide’s cyber liability coverage includes a service-based solution that helps mitigate losses. Whether it’s loss prevention resources, breach response and remediation expertise, or an experienced claim team, Nationwide’s comprehensive package of services will complement and enhance an organization’s cyber risk profile.

Nationwide currently offers up to $15 million in limits for Network Security, Data Privacy, Technology E&O, and First Party Business Interruption.

Nationwide_SponsoredContent_1016
Products underwritten by Nationwide Mutual Insurance Company and Affiliated Companies. Not all Nationwide affiliated companies are mutual companies, and not all Nationwide members are insured by a mutual company. Subject to underwriting guidelines, review, and approval. Products and discounts not available to all persons in all states. Home Office: One Nationwide Plaza, Columbus, OH. Nationwide, the Nationwide N and Eagle, and other marks displayed on this page are service marks of Nationwide Mutual Insurance Company, unless otherwise disclosed. © 2016 Nationwide Mutual Insurance Company.

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Nationwide. The editorial staff of Risk & Insurance had no role in its preparation.




Nationwide, a Fortune 100 company, is one of the largest and strongest diversified insurance and financial services organizations in the U.S. and is rated A+ by both A.M. Best and Standard & Poor’s.
Share this article: