The Underwriter’s View of Reputation Risk
Thanks to the speed of the Internet and all things “viral,” scores of companies have found themselves at the center of a maelstrom of litigators, regulators and bloggers, often involving the public humiliation of the CEO and board of directors by activist investors.
Such are the hallmarks of a 21st century reputation crisis. The long-term economic consequences and the personal sting are among the compelling reasons for managing reputation risk.
Stakeholders expect companies to behave a certain way. That includes responsible behaviors such as supply chain integrity; manufacturing or production quality; ethical standards; innovation and intellectual property management; environmental sensitivity; and security (both physical and cyber) management.
It specifically includes C-suite and board-level behaviors including governance, risk management and compliance (GRC) policies. From time to time, companies fail to meet stakeholder expectations.
It may be surprising that reputation crises don’t always follow operational failures. But the explanation for this is simple and a key predictor of success. Reputation risk is the threat of a change in stakeholder expectations.
Provided the company was both aware and diligently managing its risks, stakeholders will forgive (read, preserve the reputation value of) a company that has suffered an operational failure.
As Frederick the Great explained nearly 150 years ago before the Internet undermined the effectiveness of corporate marketing and communications, “It is pardonable to be defeated, but never to be surprised.”
Since the goal of reputation risk management is to reduce the risk of a change in stakeholder expectations, risk management starts with understanding the underlying causes.
A comprehensive GRC strategy that centers on reputation risk should enumerate both mitigable causes of risk and mitigable consequences should those risks become reality. Reputation risks can be divided into four risk archetypes:
1. Spatio/temporal (being in the wrong place at the wrong time);
2. Criminal behaviors;
3. Negligent behaviors (including ethics, innovation, quality, safety, sustainability and security); and
4. Black swan events.
Some of the sources of business operating losses arising from these four reputation risk archetypes are business interruption, unauthorized or underreported product sales, excessive GRC and operating costs, redundant production costs, restitution costs, litigation costs, and regulatory fines and penalties.
Video: Bloomberg TV reviews the “red flags” ignored by JPMorgan during London whale trading scandal.
Such results of failure to deal with risks lead to lost revenue and earnings, and reduced enterprise value.
When these consequences spill over and lead to reputational harm, the range of monetary losses rises to a strategic level and can result in potentially unlimited costs from damaged stakeholder relationships going forward.
Losses then also include reduced pricing power, increased human resource costs, increased supplier and vendor costs, increased credit costs, above average fines and penalties, and depressed earnings multiples.
When an adverse operational event blossoms into a full-blown reputation crisis, in addition to the often long-term nature of strategic financial consequences, the personal consequences for the company’s directors and officers can be significant.
So it’s no small wonder that reputation risk has become a top governance risk in board-level surveys in recent years and that reputation risk management has become one of today’s leading strategic corporate imperatives.
Some insurers offer products that effectively warranty the governance of the companies they insure — assuring stakeholders that the insured has the requisite risk controls to protect the company’s reputational value and to better weather any reputational storm.
Such products require companies to have GRC processes and technologies that provide reputation-protecting controls, which an underwriting team must see before it agrees to cover these risks.
Underwriters also seek to understand how controls are monitored, how discrepancies are managed and how the validity of monitoring is affirmed. They look for evidence of negative impacts to effective governance, controls and risk management.
Underwriting Touch Points
Underwriters use qualitative measures that focus on operational awareness at the board and senior executive levels, and use questions designed to understand how a company effects oversight and operational control over the critical business processes that underpin reputation.
The scope of qualitative analysis is generally limited to a defined range of business processes and a listing of critical stakeholders including customers, vendors, employees, creditors, equity investors, and regulators.
Underwriters also seek to understand how controls are monitored, how discrepancies are managed and how the validity of monitoring is affirmed. They look for evidence of negative impacts to effective governance, controls and risk management.
Examples of common issues that are underwriting red flags are information management and human resource management strategies that are likely to lead to unpleasant surprises, or governance policies that create ambiguities about the understanding of corporate values.
Underwriters also use indexed quantitative measures of reputational value and control. But even in cases where objective metrics might indicate that stakeholders are assuming responsible governance, underwriters might conclude that an organization was at risk for a rude surprise if:
• An organizational framework is not in place to manage and maintain a fluid information environment.
• Human resource management systems do not factor enterprise-level reputational consequences into the incentive systems.
• Board-level communications, including regulatory filings, do not present a uniform view of reputation risk and its management.
Video: Observant risk managers are aware of latent problems, such as the geopolitical risk that flared up between the Chinese and Vietnamese.
The element of surprise is a common theme underpinning reputation risk. Because surprised stakeholders tend to punish companies that fail to meet their expectations, information management is a key strategy for providing better awareness for executive decision-makers, and also for better managing stakeholder expectations.
There are three information management systems underwriters like that provide business decision-makers with timely actionable intelligence.
These systems work by identifying risk patterns:
• From the federated information the companies house in their various data repositories;
• From the wealth of information found on the web; and
• From tacit information (read, gut feelings) held by key stakeholders.
All four risk archetypes have signatures that, when recognized, can lead to better risk mitigation or consequence management.
The art is in employing technologies and processes that can find these signatures and present actionable intelligence to executive decision-makers before “surprises” manifest.
Forewarned of latent and emerging risks, decision-makers are better equipped to protect a firm’s reputation by improving operations, mitigating operating risks, and responding more rapidly and effectively should threats materialize.
Spatio-temporal risks have obvious signatures. Flood plains have geographical and historical signatures. Weather patterns have emerging signatures.
Even emerging geopolitical risks have signatures — the burning of Chinese-owned factories in Vietnam, for example, was preceded by a long history of ethnic tension, a recent history of economic exploitation, and very near-term military disputes and government encouragement for the Vietnamese people to “express their feelings.”
Both negligent and criminal behavior (moral hazard) risks also have signatures. Consider the group at JPMorgan Chase taking outsized risks that eventually cost the bank $8 billion. The most prominent culprit in the group — the “London Whale” — was well known among his peers.
Criminal risks have signatures, which is a feature long appreciated by the global intelligence agencies. Black swans have signatures usually obvious only in hindsight.
These bits of information are like needles in a haystack, but can be found using algorithms that spot anomalies, discrepancies, and other departures from expectations.
However, before these technologies can help expose emerging risks in the publicly accessible data space, they need to be looking at the right haystacks. In that regard, big data engines that can merge multiple divergent stores of internal data can be very helpful.
Solutions that merge the two capabilities — targeting and spotting — comprise the family of technologies that can help reduce organizational surprises.
As for tacit information, there are systems that can provide insight into what employees and other internal stakeholders generally know but rarely share.
These systems perform the role for which hotlines were created, but they are far more effective, and in practice, embody “gamification” strategies for risk management.
All three technology capabilities can also help reduce insurance premiums.
Shareholder disappointment when a company fails to properly set expectations or fails to meet them can have significant personal consequences for the company’s directors and officers and can result in potentially unlimited costs of damaged stakeholder relationships going forward.
GRC processes and technologies can help to mitigate risk and to reduce the reputational consequences should the risk materialize.
Capturing the Moment
In Ferguson, Mo., most recently, but in a growing number of situations, citizens are using their cellphones to capture videos of police officers in action.
Often, those videos offer negative portrayals, but more and more, police departments are using similar technology to demonstrate their professionalism and protect their reputations.
“We may have reached the point where video technology is producing a full-fledged revolution in policing,” said Jay Stanley, senior policy analyst with the American Civil Liberty Union’s speech, privacy and technology project.
“That revolution has been crystallized, or at least revealed by, the events in Ferguson. The first element of that revolution is a growing expectation among Americans that any dramatic event that takes place in public will be recorded on video.”
“We may have reached the point where video technology is producing a full-fledged revolution in policing.” — Jay Stanley, senior policy analyst, American Civil Liberty Union
In reality, dramatic events may be dwarfed by the mundane day-to-day routine, but body-worn cameras (BWCs) are being used by a rapidly growing number of police departments around the country. Such use has, among other things, proven a boon to reducing liability suits brought against police departments.
Use of BWCs reduced the use of force incidents by 59 percent at the Rialto, Calif., police department in the year after it introduced its program in 2012, while reducing citizens’ complaints by 87.5 per cent, said Police Chief Tony Farrar, who added that he was convinced there was a direct connection between these dramatic declines and the introduction of BWCs.
Proponents of body-worn cameras by police officers say they protect officers from false accusations, reduce agency liability and citizen complaints, and provide evidence for use in court.
A study sponsored by the International Association of Chiefs of Police noted that 93 percent of police misconduct cases where video was available resulted in the officer’s exoneration; 50 percent of the complaints were immediately withdrawn when video evidence was used, and 94 percent of citizens supported the use of video.
Steve Tuttle, a founding team member of TASER International, observed in PoliceOne.com: “The biggest issues that body-worn cameras can solve are reducing litigation and complaints while increasing officer efficiency. Ultimately it reduces the he said/she said, which saves communities money in meritless complaints.”
Video saves time, money and sometimes officers’ jobs, added Michael Millhollen, marketing specialist at Digital Ally, Inc., whose products include the FirstVu officer-worn or mountable video systems.
“Faced with the knowledge that an incident is on video, most complaints against the agency are dropped and many prosecution cases are uncontested or expedited,” Millhollen said. “That equates to less investigating allegations as well as reduced expenses from lawsuits and insurance.”
While early statistics indicate that BWCs are a promising effective risk management tool, like a lot of technological innovations, they can create unanticipated problems, said Joshua Gold, head of the cyber insurance recovery group at Anderson Kill P.C., a NYC-based national law firm specializing in insurance recovery.
“For example, if these cameras capture images of people who are innocent and uninterested in any type of publicity but nonetheless get caught up in unflattering video footage, you could see legal defense coverage costs coverage, at a minimum, being implicated and important to cash-strapped municipalities,” said Gold.
Even something as heroic as officers helping to deliver a baby could arguably constitute an invasion of privacy if the video footage ended up posted to the Internet or lampooned on late-night cable programming, he noted.
“As such, while the BWCs may reduce liability exposure for certain types of risks like bodily injury claims and false arrest claims, they could arguably lead to other exposures dealing with privacy, false light and emotional distress from alleged public humiliation,” Gold added.
“Personal injury and media liability-type insurance coverage would become more valuable if these risks were to pan out.”
Another challenge is how best to store the video footage, whether it is done by the police department or an outside provider.
“Agencies often overlook the need to securely store, manage and retrieve their digital evidence after it has been captured,” said Tuttle.
“To provide the most value, agencies ensure they have a robust plan and service to facilitate data storage, management and retrieval,” he said. “The focus on cameras often makes the back-end solution an afterthought when it is just as crucial, if not more, than the cameras.”
Marilyn L. Rivers, director risk and safety, and compliance officer for the City of Saratoga Springs, N.Y., added: “A high degree of responsibility exists to ensure these videos recorded by police shoulder-cameras and police dash-cams are appropriately kept safe with stringent administrative policies for privacy and management.
“We always want to make sure we don’t have a group of people standing around a computer laughing at a silly puppy video for lack of a better [example],” Rivers said.
Rivers underscored the vital role of privacy in the use of body-worn cameras. “Risk management folks across the country are constantly trying to equalize the safekeeping of our communities while we maintain the balance of an individual’s right to privacy,” she said.
Police officers are always trying to manage that invasion of privacy while still providing protection, she said.
While it’s still too soon for the City of Saratoga Springs to statistically measure results of its camera program, the videos have been helpful in recording the behavior of the folks the police engage with, Rivers said.
“It supplements our law enforcement program and is particularly helpful where we have cameras in downtown areas that are trouble prone,” she noted.
With the wealth of individual camera phones within the community, the shoulder cameras record what the officer experiences from his viewpoint as he deals with various situations, Rivers said.
“It allows a comparison of multiple viewpoints for the same occurrence,” she said. “It also serves as an official recording of what may or may not have happened in any given situation. As a police officer in the face of a potential of multiple cameras recording his or her every move, it is a use of technology that is helpful to his or her workday.
“I would say that it has added to our defense mechanisms as we give those videos to the district attorney’s office when they prosecute cases.”
“Historically, liabilities for allegations of assault, false arrest, wrongful imprisonment, trespass and the like are all covered under standard form insurance liability policies purchased by such entities.” — William G. Passannante, co-chair, insurance recovery group, Anderson Kill
Anderson Kill’s William G. Passannante, New York-based co-chair of the firm’s insurance recovery group, said that state and municipal government entities regularly purchase liability insurance that covers the liability asserted on account of the actions of their police officers.
“Historically, liabilities for allegations of assault, false arrest, wrongful imprisonment, trespass and the like are all covered under standard form insurance liability policies purchased by such entities,” said Passannante.
The apparent reduction in claims in Rialto, Calif., suggests that BWCs could be part of a loss control program supported by insurance underwriters, he added.
“Liability for ‘misuse’ of BWC, such as in a claim for violation of privacy, is at least possible and would very likely be covered by existing insurance policies,” said Passannante.
“Of course, the regulatory scheme under which BWCs are introduced would be expected to address such issues, and I would expect police departments to request certain ‘safe harbor’ provisions regarding the use of camera footage they are required to record,” he noted.
“The most obvious benefit from wearing BWCs,” said Eugene P. Ramirez, Senior Partner at Los Angeles-based Manning & Kass, Ellrod, Ramirez, Trester LLP, “is that law enforcement will be seen as being more transparent and holding itself out as more accountable.
“The use of BWCs will also assist exonerating officers who are targets of citizens’ complaints, and, hopefully, will reduce the number of lawsuits against a department,” he said.
Six Best Practices For Effective WC Management
It’s no secret that the professionals responsible for managing workers compensation programs need to be constantly vigilant.
Rising health care costs, complex state regulation, opioid-based prescription drug use and other scary trends tend to keep workers comp managers awake at night.
“Risk managers can never be comfortable because it’s the nature of the beast,” said Debbie Michel, president of Helmsman Management Services LLC, a third-party claims administrator (and a subsidiary of Liberty Mutual Insurance). “To manage comp requires a laser-like, constant focus on following best practices across the continuum.”
Michel pointed to two notable industry trends — rises in loss severity and overall medical spending — that will combine to drive comp costs higher. For example, loss severity is predicted to increase in 2014-2015, mainly due to those rising medical costs.
Debbie discusses the top workers’ comp challenge facing buyers and brokers.
The nation’s annual medical spending, for its part, is expected to grow 6.1 percent in 2014 and 6.2 percent on average from 2015 through 2022, according to the Federal Government’s Centers for Medicare and Medicaid Services. This increase is expected to be driven partially by increased medical services demand among the nation’s aging population – many of whom are baby boomers who have remained in the workplace longer.
Other emerging trends also can have a potential negative impact on comp costs. For example, the recent classification of obesity as a disease (and the corresponding rise of obesity in the U.S.) may increase both workers comp claim frequency and severity.
“The true goal here is to think about injured employees. Everyone needs to focus on helping them get well, back to work and functioning at their best. At the same time, following a best practices approach can reduce overall comp costs, and help risk managers get a much better night’s sleep.”
– Debbie Michel, President, Helmsman Management Services LLC (a subsidiary of Liberty Mutual)
“These are just some factors affecting the workers compensation loss dollar,” she added. “Risk managers, working with their TPAs and carriers, must focus on constant improvement. The good news is there are proven best practices to make it happen.”
Michel outlined some of those best practices risk managers can take to ensure they get the most value from their workers comp spending and help their employees receive the best possible medical outcomes:
1. Workplace Partnering
Risk managers should look to partner with workplace wellness/health programs. While typically managed by different departments, there is an obvious need for risk management and health and wellness programs to be aligned in understanding workforce demographics, health patterns and other claim red flags. These are the factors that often drive claims or impede recovery.
“A workforce might have a higher percentage of smokers or diabetics than the norm, something you can learn from health and wellness programs. Comp managers can collaborate with health and wellness programs to help mitigate the potential impact,” Michel said, adding that there needs to be a direct line between the workers compensation goals and overall employee health and wellness goals.
Debbie discusses the second biggest challenge facing buyers and brokers.
2. Financing Alternatives
Risk managers must constantly re-evaluate how they finance workers compensation insurance programs. For example, there could be an opportunity to reduce costs by moving to higher retention or deductible levels, or creating a captive. Taking on a larger financial, more direct stake in a workers comp program can drive positive changes in safety and related areas.
“We saw this trend grow in 2012-2013 during comp rate increases,” Michel said. “When you have something to lose, you naturally are more focused on safety and other pre-loss issues.”
3. TPA Training, Tenure and Resources
Businesses need to look for a tailored relationship with their TPA or carrier, where they work together to identify and build positive, strategic workers compensation programs. Also, they must exercise due diligence when choosing a TPA by taking a hard look at its training, experience and tools, which ultimately drive program performance.
For instance, Michel said, does the TPA hold regular monthly or quarterly meetings with clients and brokers to gauge progress or address issues? Or, does the TPA help create specific initiatives in a quest to take the workers compensation program to a higher level?
4. Analytics to Drive Positive Outcomes, Lower Loss Costs
Michel explained that best practices for an effective comp claims management process involve taking advantage of today’s powerful analytics tools, especially sophisticated predictive modeling. When woven into an overall claims management strategy, analytics can pinpoint where to focus resources on a high-cost claim, or they can capture the best data to be used for future safety and accident prevention efforts.
“Big data and advanced analytics drive a better understanding of the claims process to bring down the total cost of risk,” Michel added.
5. Provider Network Reach, Collaboration
Risk managers must pay close attention to provider networks and specifically work with outcome-based networks – in those states that allow employers to direct the care of injured workers. Such providers understand workers compensation and how to achieve optimal outcomes.
Risk managers should also understand if and how the TPA interacts with treating physicians. For example, Helmsman offers a peer-to-peer process with its 10 regional medical directors (one in each claims office). While the medical directors work closely with claims case professionals, they also interact directly, “peer-to-peer,” with treatment providers to create effective care paths or considerations.
“We have seen a lot of value here for our clients,” Michel said. “It’s a true differentiator.”
6. Strategic Outlook
Most of all, Michel said, it’s important for risk managers, brokers and TPAs to think strategically – from pre-loss and prevention to a claims process that delivers the best possible outcome for injured workers.
Debbie explains the value of working with Helmsman Management Services.
Helmsman, which provides claims management, managed care and risk control solutions for businesses with 50 employees or more, offers clients what it calls the Account Management Stewardship Program. The program coordinates the “right” resources within an organization and brings together all critical players – risk manager, safety and claims professionals, broker, account manager, etc. The program also frequently utilizes subject matter experts (pharma, networks, nurses, etc.) to help increase knowledge levels for risk and safety managers.
“The true goal here is to think about injured employees,” Michel said. “Everyone needs to focus on helping them get well, back to work and functioning at their best.
“At the same time, following a best practices approach can reduce overall comp costs, and help risk managers get a much better night’s sleep,” she said.
To learn more about how a third-party administrator like Helmsman Management Services LLC (a subsidiary of Liberty Mutual) can help manage your workers compensation costs, contact your broker.
Debbie discusses how Helmsman drives outcomes for risk managers.
Debbie explains how to manage medical outcomes.
Debbie discusses considerations when selecting a TPA.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Helmsman Management Services. The editorial staff of Risk & Insurance had no role in its preparation.