“If By Compensation…”
In 1952, Noah Sweat, Jr. a lawmaker from the then-dry state of Mississippi found himself explaining his position on whiskey to an audience of pro- and anti-prohibitionists. His speech, known today as “if by whiskey,” cheered both sides.
“If when you say whiskey you mean the devil’s brew, the poison scourge, the bloody monster, that defiles innocence… I am against it.”
“But, if when you say whiskey you mean the oil of conversation, the philosophic wine, the ale that is consumed when good fellows get together … I am for it.”
General Motors CEO Mary Barra faced a similar challenge developing the company’s compensation strategy for victims of its faulty ignition switches.
Customers expected GM to fully compensate victims, and capital providers expected GM to protect assets from litigation and compensation funds: One of GM’s major stakeholders was bound to be disappointed.
Barra’s move was to leverage the reputation of Kenneth Feinberg to help restore GM’s reputation with both sides. Kenneth Feinberg’s reputation makes the “if by whiskey” approach to GM’s compensation strategy possible.
Feinberg has been pivotal in resolving many of our nation’s most challenging and widely known compensation matters.
GM customers and victims are warmed by Feinberg’s experience directing the September 11th Victim Compensation Fund. Working pro bono, he spent three years meeting with families and calculating claim awards. Feinberg also handled compensation issues for the Virginia Tech shooting and the Boston Marathon bombing.
Barra’s move was to leverage the reputation of Kenneth Feinberg to help restore GM’s reputation with both sides.
GM’s stakeholders breathe easier knowing that Feinberg, as administrator of BP’s $20 billion fund to compensate victims of the Deepwater Horizon disaster, carefully manned the funding spigot.
Almost one year after the spill began, he had paid only 168,000 claimants out of more than 490,000 people who had filed. Feinberg explained then that 80 percent didn’t have proper documentation; the terms of the GM compensation plan similarly have strict documentation requirements.
Nor is he anti-corporatist. His firm accepted $850,000 a month from BP to administer the compensation fund, which led a New Orleans federal judge to order Feinberg to quit claiming independence from BP.
The “if by compensation” strategy is working, according to analysis published by Consensiv, the reputation controls company, based on reputation value metrics we use at Steel City Re.
The bump on the graph starts June 15th, the week Google Trends shows a steady uptake in searches for Kenneth Feinberg that accompanied an uptick in GM’s reputation metrics.
GM’s reputation premium, a measure of additional value arising from favorable stakeholder expectations, rose to the 46th percentile within its peer group, while the consensus trend, a measure of stakeholder surprise, showed an increase to 1.2 percent.
Reputation is about setting, meeting or beating expectations. Reputation restoration is about acknowledging fault, repairing the damage, and raising future standards.
Barra has been candid in exposing the faults.
Her challenge in repairing the damage was assuring customers and victims without frightening creditors and investors. By hiring Feinberg, Barra appears to have pleased both key stakeholder groups, boosting GM’s reputation.
Read all of Nir Kossovsky’s Risk Insider contributions.
Configuring Disaster Planning
When Hurricane Sandy struck in October 2012, some folks living in Red Hook in Brooklyn, N.Y., benefited from a little-used technology called mesh to keep the lines of communication open. When the storm caused regular Internet and cell phone networks to go down, a mesh network remained up and running.
Mesh networks were also used by two Australians in the wake of the devastating earthquake that shook Haiti in 2010, when they launched the Serval Project as a way to keep the lines of emergency communications open when cellular and Wi-Fi networks are knocked out.
In that case, Android phones running a special app connected directly with each other to create a “peer-to-peer” network that allowed communication.
“A communications disaster can be completely avoided by having a mesh network ready as a backup that can be executed in a matter of minutes,” said Bob Schena, CEO and co-founder of Rajant Corp., a provider of mesh networking solutions in Malvern, Pa.
In layman’s terms, a mesh is a stand-alone communications network that relies on smart phones or other devices — often, basic routers — to “talk” directly to each other. These small networks may be linked to the Internet via satellite, but that’s not necessary to provide local communications during natural or man-made disasters.
Such a tool should have a role in a company’s disaster plan or claims operations, said Robert Morris, a risk control technology specialist at OneBeacon Technology Insurance, a member of OneBeacon Insurance Group. Morris said today’s mesh networks could include in a disaster recovery plan.
He said communities, first responders or companies could use the Internet to set up a satellite link with a single link on the ground and then configure a mesh Wi-Fi network that allows for local Internet access.
On a larger scale, Morris said, one can set up a long-distance point-to-point link using licensed bands to a remote bandwidth location. As this is usually designed for the signal to travel a long distance, the access points must be mounted at a decent height (15 feet to 20 feet). If the Internet backbone or access is down, then the mesh won’t provide Internet access, but still can be used to set up a Wi-Fi-based network allowing for local communication.
By establishing a mesh network with satellite connectivity as part of its disaster plan, Morris said, a company could enable its workers to access the Internet for information, email and social media.
“Mesh provides a local distribution layer and can support links of a few blocks up to a few miles,” he said, noting that mesh technology is mature and can leverage whatever bandwidth sources are available, and distribute them quickly and simply with minimal training.
“If you add the capability to a disaster plan, of course, it also is important to maintain and test the mesh network equipment, to ensure it can provide the necessary level of connectivity if needed,” he said.
Morris said the main challenges with mesh technology are finding power sources and available mounting locations. He noted that generators and batteries as well as solar and microwind solutions, can be used to provide power.
Schena, of Rajant Corp., said that, while his company has not worked within the insurance industry (it primarily serves mining, telecom, the military and other heavy industrial clients), it has set up many post-disaster mesh networks.
For example, after Hurricane Katrina, Rajant participated in the relief networks by sending several hundred thousand dollars in equipment and personnel to set up multiple networks. This enabled EMS, state highway patrols and fire departments to send and receive emails, and share vital information long before communications and power were restored to the area.
Founded in 2001, following the World Trade Center attacks, Rajant also responded when a tsunami hit Southeast Asia in 2004, quickly setting up a mesh network in a refugee center.
Schena said mesh networks could transition very easily to any company’s disaster planning strategy
“Risk management and insurance are verticals we have thought about but have not pursued yet,” he said. “But it’s very easy kit for most any company to put in place. They could probably plug it into an emergency lighting system, fire it up and get a network going.
“With what we know about our technology, there is no reason a company could not have a low-cost backup data system ready to go,” he said. “They could design it so when power went out, it could still be used within an office or building in any location.”
5 & 5: Rewards and Risks of Cloud Computing
Cloud computing lowers costs, increases capacity and provides security that companies would be hard-pressed to deliver on their own. Utilizing the cloud allows companies to “rent” hardware and software as a service and store data on a series of servers with unlimited availability and space. But the risks loom large, such as unforgiving contracts, hidden fees and sophisticated criminal attacks.
ACE’s recently published whitepaper, “Cloud Computing: Is Your Company Weighing Both Benefits and Risks?”, focuses on educating risk managers about the risks and rewards of this ever-evolving technology. Key issues raised in the paper include:
5 benefits of cloud computing
1. Lower infrastructure costs
The days of investing in standalone servers are over. For far less investment, a company can store data in the cloud with much greater capacity. Cloud technology reduces or eliminates management costs associated with IT personnel, data storage and real estate. Cloud providers can also absorb the expenses of software upgrades, hardware upgrades and the replacement of obsolete network and security devices.
2. Capacity when you need it … not when you don’t
Cloud computing enables businesses to ramp up their capacity during peak times, then ramp back down during the year, rather than wastefully buying capacity they don’t need. Take the retail sector, for example. During the holiday season, online traffic increases substantially as consumers shop for gifts. Now, companies in the retail sector can pay for the capacity they need only when they need it.
3. Security and speed increase
Cloud providers invest big dollars in securing data with the latest technology — striving for cutting-edge speed and security. In fact, they provide redundancy data that’s replicated and encrypted so it can be delivered quickly and securely. Companies that utilize the cloud would find it difficult to get such results on their own.
4. Anything, anytime, anywhere
With cloud technology, companies can access data from anywhere, at any time. Take Dropbox for example. Its popularity has grown because people want to share large files that exceed the capacity of their email inboxes. Now it’s expanded the way we share data. As time goes on, other cloud companies will surely be looking to improve upon that technology.
5. Regulatory compliance comes more easily
The data security and technology that regulators require typically come standard from cloud providers. They routinely test their networks and systems. They provide data backups and power redundancy. Some even overtly assist customers with regulatory compliance such as the Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry Data Security Standard (PCI DSS).
1. Cloud contracts are unforgiving
Typically, risk managers and legal departments create contracts that mitigate losses caused by service providers. But cloud providers decline such stringent contracts, saying they hinder their ability to keep prices down. Instead, cloud contracts don’t include traditional indemnification or limitations of liability, particularly pertaining to privacy and data security. If a cloud provider suffers a data breach of customer information or sustains a network outage, risk managers are less likely to have the same contractual protection they are accustomed to seeing from traditional service providers.
2. Control is lost
In the cloud, companies are often forced to give up control of data and network availability. This can make staying compliant with regulations a challenge. For example cloud providers use data warehouses located in multiple jurisdictions, often transferring data across servers globally. While a company would be compliant in one location, it could be non-compliant when that data is transferred to a different location — and worst of all, the company may have no idea that it even happened.
3. High-level security threats loom
Higher levels of security attract sophisticated hackers. While a data thief may not be interested in your company’s information by itself, a large collection of data is a prime target. Advanced Persistent Threat (APT) attacks by highly skilled criminals continue to increase — putting your data at increased risk.
4. Hidden costs can hurt
Nobody can dispute the up-front cost savings provided by the cloud. But moving from one cloud to another can be expensive. Plus, one cloud is often not enough because of congestion and outages. More cloud providers equals more cost. Also, regulatory compliance again becomes a challenge since you can never outsource the risk to a third party. That leaves the burden of conducting vendor due diligence in a company’s hands.
5. Data security is actually your responsibility
Yes, security in the cloud is often more sophisticated than what a company can provide on its own. However, many organizations fail to realize that it’s their responsibility to secure their data before sending it to the cloud. In fact, cloud providers often won’t ensure the security of the data in their clouds and, legally, most jurisdictions hold the data owner accountable for security.
Risk managers can’t just take cloud computing at face value. Yes, it’s a great alternative for cost, speed and security, but hidden fees and unexpected threats can make utilization much riskier than anticipated.
Managing the risks requires a deeper understanding of the technology, careful due diligence and constant vigilance — and ACE can help guide an organization through the process.
To learn more about how to manage cloud risks, read the ACE whitepaper: Cloud Computing: Is Your Company Weighing Both Benefits and Risks?