Brokerslink, a global network of independent brokers and risk consulting firms, has transformed itself from a nonprofit association to a for-profit corporation.
The group was founded in 2004 by José Manuel Dias da Fonseca, group chief executive of MDS, a Portuguese brokerage that also has a big presence in Brazil and Angola. He currently serves as CEO of Brokerslink, which has its headquarters in Zurich.
The original business model was created so all of the broker members were able to protect already existing clients, Fonseca said. “We decided we should be more than that. We should be creating business, not just managing business.”
To further that aim, he said, required better financial alignment among Brokerslink members. Incorporating allows the group to have resources to finance a strong business development team, invest in reputation and branding awareness, and build the necessary infrastructure.
Brokerslink is in the process of offering shares to firms within the association, which are in more than 90 countries around the world and have written more than $20 billion in premiums and consulting services.
The full transformation into a corporation will be finalized when the organization completes its private stock offering, said Paul Bitner, the organization’s managing director, who is based in Houston.
Initial stockholders are MDS of Portugal, Crystal & Company of the U.S., Nova Risk Services Holdings of Hong Kong, Filhet-Allard of France, and CGNMB of London.
Previously, the organization was funded by member fees and sponsorship from insurers, but fees and sponsorships are limited, Fonseca said. Raising money through the stock offer will allow Brokerslink to finance its business expansion.
Bitner said that mergers and acquisitions within the industry create opportunity for brokers within Brokerslink “because there is less choice.”
“We feel that there is a niche in the market for clients that don’t want to work with the big brokers,” Bitner said.
The organization offers other advantages as well, he said. In addition to size, Brokerslink has in-country expertise because its brokers are native to that country. The group also does not need to worry about the short-term investor demands that sometimes plague publicly held brokerages.
“Another component is our different structure. We are structured in a way that is not U.S.-centric or London-centric,” Bitner said. “Our ideas are not coming from the traditional centers of insurance. They are coming from around the world.”
The organizational structure limits participation to one broker per country. In the U.S., that broker is Crystal & Company, whose executive vice president, Jamie Crystal, serves as chairman and an executive director of Brokerslink.
Bitner said the brokers associated with Brokerslink are selected carefully, using qualitative and quantitative measures, including references from insurance companies and client retention data.
“They need to be strong and well-respected in the local market,” he said.
Cyberrisk: ‘Healthy Dose of Paranoia’ Needed
The workers’ comp system has been generally spared from data hackers. But with the multitude of people and companies transmitting and sharing files daily, it is incumbent upon companies to take protective actions, advises a managed care services provider.
Data breaches at some of the country’s largest health plans as well as among retailers has prompted Genex Services, LLC to offer suggestions to protect the industry. In addition to recommended steps to take, a new white paper also includes basic regulatory issues and terminology to help industry stakeholders better understand data concerns and the need to collaborate with partners and vendors.
“Our industry certainly could be, and perhaps already is, at risk,” notes the paper. “Lack of strong data security could expose an organization to millions of dollars in litigation, damage control and repair costs.”
The document, Enemy at the Gate: Data Security Risks in Workers’ Comp, outlines the potential risks and offers advice.
“A healthy dose of paranoia is a necessity for today,” the paper states. “It is clearly in the best interest of our industry, and of workers, to err on the side of caution.”
“The ability to show strong data security controls is critical for employers and carriers,” the paper advises. “Companies want assurance that their data will be stored and backed up securely and in a physically safe location, that there are controls for who can access data, who can share information and the manner in which data is shared, e.g. secure email server.”
A number of “key domain risks” face the industry such as unauthorized access to personal health information. Such information “could be used for identity theft or even blackmail,” the paper says. “Unfortunately, there are many ways for such data to be accessed. Data is always in motion in comp claims as there are various vendors, case managers, bill review specialists, and independent medical examiners, all transmitting and sharing files and forms every day.”
“A healthy dose of paranoia is a necessity for today. It is clearly in the best interest of our industry, and of workers, to err on the side of caution.”
Carefully vetting vendors and properly managing passwords are among the methods to ensure security controls are effective. Passwords, the paper advises, should be “easy to remember, but not overly simplistic and be changed more than twice a year to reduce potential risks.” Password parameters should be developed for “all applications and networks.”
Sending claim information over the Internet is risky. The emphasis on mobile workplaces “exacerbates risk from the Internet.”
The authors advise companies to remind employees to “remain vigilant” when adjusters, providers, and injured workers are sending emails that include addresses, dates of birth, and Social Security numbers through non-secure servers. “These senders need to be informed and educated of the dangers associated with nonsecure platforms,” the document states.
Administrative, technical, and physical controls should be implemented. Administrative controls, for example, include conducting background checks and using confidentiality agreements, as well as security awareness training. Anti-virus, network segmentation and web and email filtering are among the technical controls that should be put into place.
Physical controls relate to limiting access to buildings and data access. Key fobs or card entry building access systems are recommended. A “security triangle” should be created to ensure all controls are highly secured and monitored.
Steps to Take
Organizations can take a variety of measures to ensure the security of sensitive data. Continually reviewing and improving technical controls and providing clear guidance and instruction to employees transmitting data are among them. Antivirus programs should be installed on all systems and virus definitions should be updated frequently, such as every three hours.
The paper offers a variety of additional tips, including:
Encrypt data on the C drive, data-in transit, and databases on servers to protect data, in case a laptop is lost or stolen.
Implement a system to determine which department or individual can access data and limit the number of people with full access to everything.
Guard against email phishing to avoid scams. “Be aware of anything involving shipping or delivery of product, and warn employees to be especially wary of unsolicited emails purporting to be from government agencies and popular internet commerce sites, such as the IRS or PayPal, especially during tax season, and high volume online shopping periods,” the document recommends.
Instruct vendors to tell their own employees of the importance of security to ensure all links in the data security chain are strong.
The paper is the latest to address concerns of potential data breaches in workers’ comp. Cyber security is among the targets for Sedgwick this year.
In a recent blog post, Sedgwick’s senior vice president and information security officer Robert Jackson suggested the health care industry has set the bar on data security too low. “You may think you have taken the steps needed to protect your company’s data,” Jackson wrote. “How does your data security currently stack up?”
Jackson poses a series of questions on tools to protect data and points out that many “standards” are insufficient. For example, antivirus software is not the best protection against malware, he says. “Traditional antivirus software can only protect against things it has previously seen; new malware is specifically designed to constantly change itself to bypass traditional antivirus software.” He points to application whitelisting software as the best replacement for antivirus software on workstations and servers.
Penetration testing is not the best way to double-check Internet facing software so it cannot be hacked. Instead, he says tools such as binary code testers analyze logic and software vulnerabilities for all programming in an organization’s code, not just the code operating when regular testing occurs.
Pathogens, Allergens and Globalization – Oh My!
In 2014, a particular brand of cumin was used by dozens of food manufacturers to produce everything from spice mixes, hummus and bread crumbs to seasoned beef, poultry and pork products.
Yet, unbeknownst to these manufacturers, a potentially deadly contaminant was lurking…
What followed was the largest allergy-related recall since the U.S. Food Allergen Labeling and Consumer Protection Act became law in 2006. Retailers pulled 600,000 pounds of meat off the market, as well as hundreds of other products. As of May 2015, reports of peanut contaminated cumin were still being posted by FDA.
Food manufacturing executives have long known that a product contamination event is a looming risk to their business. While pathogens remain a threat, the dramatic increase in food allergen recalls coupled with distant, global supply chains creates an even more unpredictable and perilous exposure.
Recently peanut, an allergen in cumin, has joined the increasing list of unlikely contaminants, taking its place among a growing list that includes melamine, mineral oil, Sudan red and others.
“I have seen bacterial contaminations that are more damaging to a company’s finances than if a fire burnt down the entire plant.”
— Nicky Alexandru, global head of Crisis Management at AIG
“An event such as the cumin contamination has a domino effect in the supply chain,” said Nicky Alexandru, global head of Crisis Management at AIG, which was the first company to provide contaminated product coverage almost 30 years ago. “With an ingredient like the cumin being used in hundreds of products, the third party damages add up quickly and may bankrupt the supplier. This leaves manufacturers with no ability to recoup their losses.”
“The result is that a single contaminated ingredient may cause damage on a global scale,” added Robert Nevin, vice president at Lexington Insurance Company, an AIG company.
Quality and food safety professionals are able to drive product safety in their own manufacturing operations utilizing processes like kill steps and foreign material detection. But such measures are ineffective against an unexpected contaminant. “Food and beverage manufacturers are constantly challenged to anticipate and foresee unlikely sources of potential contamination leading to product recall,” said Alexandru. “They understandably have more control over their own manufacturing environment but can’t always predict a distant supply chain failure.”
And while companies of various sizes are impacted by a contamination, small to medium size manufacturers are at particular risk. With less of a capital cushion, many of these companies could be forced out of business.
Historically, manufacturing executives were hindered in their risk mitigation efforts by a perceived inability to quantify the exposure. After all, one can’t manage what one can’t measure. But AIG has developed a new approach to calculate the monetary exposure for the individual analysis of the three major elements of a product contamination event: product recall and replacement, restoring a safe manufacturing environment and loss of market. With this more precise cost calculation in hand, risk managers and brokers can pursue more successful risk mitigation and management strategies.
Product Recall and Replacement
Whether the contamination is a microorganism or an allergen, the immediate steps are always the same. The affected products are identified, recalled and destroyed. New product has to be manufactured and shipped to fill the void created by the recall.
The recall and replacement element can be estimated using company data or models, such as NOVI. Most companies can estimate the maximum amount of product available in the stream of commerce at any point in time. NOVI, a free online tool provided by AIG, estimates the recall exposures associated with a contamination event.
Restore a Safe Manufacturing Environment
Once the recall is underway, concurrent resources are focused on removing the contamination from the manufacturing process, and restarting production.
“Unfortunately, this phase often results in shell-shocked managers,” said Nevin. “Most contingency planning focuses on the costs associated with the recall but fail to adequately plan for cleanup and downtime.”
“The losses associated with this phase can be similar to a fire or other property loss that causes the operation to shut down. The consequential financial loss is the same whether the plant is shut down due to a fire or a pathogen contamination.” added Alexandru. “And then you have to factor in the clean-up costs.”
Locating the source of pathogen contamination can make disinfecting a plant after a contamination event more difficult. A single microorganism living in a pipe or in a crevice can create an ongoing contamination.
“I have seen microbial contaminations that are more damaging to a company’s finances than if a fire burnt down the entire plant,” observed Alexandru.
Handling an allergen contamination can be more straightforward because it may be restricted to a single batch. That is, unless there is ingredient used across multiple batches and products that contains an unknown allergen, like peanut residual in cumin.
Supply chain investigation and testing associated with identifying a cross-contaminated ingredient is complicated, costly and time consuming. Again, the supplier can be rendered bankrupt leaving them unable to provide financial reimbursement to client manufacturers.
“Until companies recognize the true magnitude of the financial risk and account for each of three components of a contamination, they can’t effectively protect their balance sheet. Businesses can end up buying too little or no coverage at all, and before they know it, their business is gone.”
— Robert Nevin, vice president at Lexington Insurance, an AIG company
Loss of Market
While the manufacturer is focused on recall and cleanup, the world of commerce continues without them. Customers shift to new suppliers or brands, often resulting in permanent damage to the manufacturer’s market share.
For manufacturers providing private label products to large retailers or grocers, the loss of a single client can be catastrophic.
“Often the customer will deem continuing the relationship as too risky and will switch to another supplier, or redistribute the business to existing suppliers” said Alexandru. “The manufacturer simply cannot find a replacement client; after all, there are a limited number of national retailers.”
On the consumer front, buyers may decide to switch brands based on the negative publicity or simply shift allegiance to another product. Given the competitiveness of the food business, it’s very difficult and costly to get consumers to come back.
“It’s a sad fact that by the time a manufacturer completes a recall, cleans up the plant and gets the product back on the shelf, some people may be hesitant to buy it.” said Nevin.
A complicating factor not always planned for by small and mid-sized companies, is publicity.
The recent incident surrounding a serious ice cream contamination forced both regulatory agencies and the manufacturer to be aggressive in remedial actions. The details of this incident and other contamination events were swiftly and highly publicized. This can be as damaging as the contamination itself and may exacerbate any or all of the three elements discussed above.
Estimating the Financial Risk May Save Your Company
“In our experience, most companies retain product contamination losses within their own balance sheet.” Nevin said. “But in reality, they rarely do a thorough evaluation of the financial risk and sometimes the company simply cannot absorb the financial consequences of a contamination. Potential for loss is much greater when factoring in all three components of a contamination event.”
This brief video provides a concise overview of the three elements of the product contamination event and the NOVI tool and benefits:
“Until companies recognize the true magnitude of the financial risk and account for each of three components of a contamination, they can’t effectively protect their balance sheet,” he said. “Businesses can end up buying too little or no coverage at all, and before they know it, their business is gone.”
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Lexington Insurance. The editorial staff of Risk & Insurance had no role in its preparation.