“If By Compensation…”
In 1952, Noah Sweat, Jr. a lawmaker from the then-dry state of Mississippi found himself explaining his position on whiskey to an audience of pro- and anti-prohibitionists. His speech, known today as “if by whiskey,” cheered both sides.
“If when you say whiskey you mean the devil’s brew, the poison scourge, the bloody monster, that defiles innocence… I am against it.”
“But, if when you say whiskey you mean the oil of conversation, the philosophic wine, the ale that is consumed when good fellows get together … I am for it.”
General Motors CEO Mary Barra faced a similar challenge developing the company’s compensation strategy for victims of its faulty ignition switches.
Customers expected GM to fully compensate victims, and capital providers expected GM to protect assets from litigation and compensation funds: One of GM’s major stakeholders was bound to be disappointed.
Barra’s move was to leverage the reputation of Kenneth Feinberg to help restore GM’s reputation with both sides. Kenneth Feinberg’s reputation makes the “if by whiskey” approach to GM’s compensation strategy possible.
Feinberg has been pivotal in resolving many of our nation’s most challenging and widely known compensation matters.
GM customers and victims are warmed by Feinberg’s experience directing the September 11th Victim Compensation Fund. Working pro bono, he spent three years meeting with families and calculating claim awards. Feinberg also handled compensation issues for the Virginia Tech shooting and the Boston Marathon bombing.
Barra’s move was to leverage the reputation of Kenneth Feinberg to help restore GM’s reputation with both sides.
GM’s stakeholders breathe easier knowing that Feinberg, as administrator of BP’s $20 billion fund to compensate victims of the Deepwater Horizon disaster, carefully manned the funding spigot.
Almost one year after the spill began, he had paid only 168,000 claimants out of more than 490,000 people who had filed. Feinberg explained then that 80 percent didn’t have proper documentation; the terms of the GM compensation plan similarly have strict documentation requirements.
Nor is he anti-corporatist. His firm accepted $850,000 a month from BP to administer the compensation fund, which led a New Orleans federal judge to order Feinberg to quit claiming independence from BP.
The “if by compensation” strategy is working, according to analysis published by Consensiv, the reputation controls company, based on reputation value metrics we use at Steel City Re.
The bump on the graph starts June 15th, the week Google Trends shows a steady uptake in searches for Kenneth Feinberg that accompanied an uptick in GM’s reputation metrics.
GM’s reputation premium, a measure of additional value arising from favorable stakeholder expectations, rose to the 46th percentile within its peer group, while the consensus trend, a measure of stakeholder surprise, showed an increase to 1.2 percent.
Reputation is about setting, meeting or beating expectations. Reputation restoration is about acknowledging fault, repairing the damage, and raising future standards.
Barra has been candid in exposing the faults.
Her challenge in repairing the damage was assuring customers and victims without frightening creditors and investors. By hiring Feinberg, Barra appears to have pleased both key stakeholder groups, boosting GM’s reputation.
Read all of Nir Kossovsky’s Risk Insider contributions.
The Thrill of the Risk
In the ever-constant battle for the scariest rides, amusement park risk managers have their work cut out for them.
Owners constantly push the envelope in ride design to create an atmosphere of heightened risk to attract thrill-seeking patrons. That risk is only supposed to be an illusion, but it can become all-too-real thanks to the subjective decisions of park owners, ride operators and patrons themselves.
Case in point: In 2013, Rosa Esparza, a heavyset woman was allowed to ride a roller coaster at Six Flags Over Texas, but then fell out of the car and to her death when the ride turned upside down. Esparza’s family is now suing Six Flags and its parent companies, as well as the ride’s manufacturer, Gerstlauer Amusement Rides in Münsterhausen, Germany.
Video: ABC News reports on the deadly accident on the ‘Texas Giant’ roller coaster ride at Six Flags amusement park in July 2013.
Roughly 297 million people visit the 400 U.S. amusement parks annually and take 1.7 billion safe rides, according to the 2011 Fixed-Site Amusement Ride Injury Survey of the Association of Amusement Parks and Attractions. The chance of being seriously injured on a ride at a fixed-site park in the U.S is 1 in 24 million, and 61 of the 1,415 ride-related injuries, or less than 5 percent, required some form of overnight treatment at a hospital.
Most parks design and operate rides with the utmost safety in mind, but the tricky part is making sure the rides seem like they’re very risky, said Robert Murphy, global entertainment and events practice leader at Marsh in Philadelphia.
“If a park is marketing itself for thrill-seekers, they are typically pushing the big coaster speed rides,” Murphy said. “Then it becomes the battle for the most advanced ride – the fastest, tallest, most loops. There’s this constant competition to upgrade.”
Loss of public trust may be a park’s greatest exposure. “That’s what will kill your company.” — Jim Petersen, attorney specializing in risk management litigation
Likewise, risk managers of water parks have to contend with their own set of challenging risks, particularly patron drowning, or water-borne illnesses that may affect not just one or two patrons, but hundreds, he said.
The risks assumed by a park can rarely be transferred, but they can be shared by patrons and “designer engineers,” said Boyd F. Jensen II, owner of Garrett & Jensen law firm in Riverside, Calif., who sits on the safety and ASTM executive committee of the International Association of Amusement Parks and Attractions.
Personal injury lawsuits against park owners can be more easily defended if the owners provide documentation that their rides have been operated in a safe manner by trained employees, maintained routinely, complied with accepted safety standards and passed periodic inspections, Jensen said.
Park owners should document incidents as specifically and thoroughly as possible, ideally accompanied with photos and statements, he said. Owners should also demonstrate that they have posted signs and audible warning of known risks, and have ensured that patrons can witness a ride’s characteristics prior to boarding.
Impact on Reputation
But lawsuits can still be challenging because of the resulting perception that the park is not safe, Jensen said. Parks often settle to avoid additional public scrutiny, even though sometimes they could have shown that the patrons did not heed warnings, such as if they had existing heart or back trouble.
“Substantial sums of money can be wasted in settlements and jury verdicts due almost entirely because of inexperienced advisers,” he said.
Indeed, loss of public trust can often be the greatest exposure for a park, said Jim Petersen, a Chicago attorney specializing in risk management litigation. “That’s what will kill your company.”
When theme parks are under pressure to build the next biggest, fastest, tallest rides, certain biases can enter into the risk assessment process, Petersen said.
There is the bias of confidence based on the fact that ride designers have been good at what they’ve done up until this point, so park owners and managers assume they’re going to be good at whatever they do in the future.
Moreover, park managers tend to assume that that the scale of risk rises in a linear way – for example, if they build a ride that’s 10 percent bigger, that means a 10 percent increase in risk, Petersen said. However, increases in risk are typically exponential, so park managers need to prepare instead for greatly elevated risk levels.
“If theme parks are under pressure to get it done … to start the revenue stream, they may be hurt by these biases and build something far more risky — or move too quickly in disregard of the need for a higher degree of prudence,” Petersen said. “They need to slow down and be careful enough to not only think of the risks they do know, but conceive of things they might not know.”
“A theme park can only transfer the monetary loss to insurers, but not the legal liability and loss of reputation if they are sued.” — Frankie Hau, risk and environmental manager, Ocean Park, Hong Kong
Frankie Hau, risk and environmental manager at Ocean Park in Hong Kong, said that too few parks focus on enterprise risk management, and many risk managers tend to focus more on the insurance program for high-risk rides than managing risks across the entire enterprise.
“A theme park can only transfer the monetary loss to insurers, but not the legal liability and loss of reputation if they are sued,” Hau said. “If there is gross negligence that results in worst-case scenarios such as a fatality, then directors can go to jail.”
Ride manufacturers are generally responsible for the mechanics for the life of the ride, but parks must strictly follow procedures outlined in the manufacturers’ operations and maintenance manuals, or they will be found liable in court, he said.
In the current Six Flags case, Gerstlauer has filed a cross-complaint against the Texas park for not using a “test seat” that the manufacturer provided to test weight loads on the restraint system. Attorneys for Six Flags, Gerstlauer and the Esparza family did not return phone calls seeking comment.
Typically local authorities require that parks load test each of their rides with dummies, sand bags or concrete buckets per the manufacturer’s test weight recommendations, said Michael Greear, director of risk control services with Aon Risk Solutions’ entertainment practice in Denver.
Many manufacturers have training sessions on their rides for park mechanics, and completion of courses should be documented and presented in court cases.
But the weight of patrons can be a very challenging issue for parks, Murphy said.
“You can’t put a scale at the ride entrance and require people to stand on it — it has to be by sight, and so basically the park has to say to the operator to use their best judgment,” he said.
Patrons should be able to fit into the seat and have the safety bar closed, locked and fully supporting them, Murphy said. Moreover, if the ride malfunctions, operators have to be able to help the heavy person out of the car and down steps.
It helps to have another employee there to maintain “zero tolerance,” and if there is a disagreement, the other operator can call the supervisor, he said. Many parks try to screen for height and weight at the beginning of the ride’s line, so the person doesn’t have to wait in line or face even greater embarrassment.
For water parks, lifeguards must routinely patrol pools not only to watch for drownings, but also floating debris that could contaminate the pool, Hau said. Then, they must clear the pool, retrieve the substance, sanitize the water with a suitable dose of chlorine and then test the condition of the pool.
In the event of a claim for sickness, parks need to provide documentation to the court that they constantly tested the water’s quality, making sure chlorine, acidity and turbidity levels conform to international standards.
Risks increase on busy days when operators take shortcuts about cleaning testing, treating and then reopening pools, Greear said. “Many times, a business decision is a risk acceptance decision.”
From an insurance perspective, park risk managers can avoid some headaches if they understand what their policy covers and doesn’t cover — understanding the exclusions, coverage limits and requirements for reporting a claim if an event occurs, he said.
Risk managers should also work with their carriers and brokers as partners, because they have a great deal of expertise in loss control within their health and safety groups.
“By doing so, an operator could either avoid an incident or claim altogether or be in a position, through training and documentation, to show that they took the reasonable steps to reduce or eliminate a risk,” Greear said.
5 & 5: Rewards and Risks of Cloud Computing
Cloud computing lowers costs, increases capacity and provides security that companies would be hard-pressed to deliver on their own. Utilizing the cloud allows companies to “rent” hardware and software as a service and store data on a series of servers with unlimited availability and space. But the risks loom large, such as unforgiving contracts, hidden fees and sophisticated criminal attacks.
ACE’s recently published whitepaper, “Cloud Computing: Is Your Company Weighing Both Benefits and Risks?”, focuses on educating risk managers about the risks and rewards of this ever-evolving technology. Key issues raised in the paper include:
5 benefits of cloud computing
1. Lower infrastructure costs
The days of investing in standalone servers are over. For far less investment, a company can store data in the cloud with much greater capacity. Cloud technology reduces or eliminates management costs associated with IT personnel, data storage and real estate. Cloud providers can also absorb the expenses of software upgrades, hardware upgrades and the replacement of obsolete network and security devices.
2. Capacity when you need it … not when you don’t
Cloud computing enables businesses to ramp up their capacity during peak times, then ramp back down during the year, rather than wastefully buying capacity they don’t need. Take the retail sector, for example. During the holiday season, online traffic increases substantially as consumers shop for gifts. Now, companies in the retail sector can pay for the capacity they need only when they need it.
3. Security and speed increase
Cloud providers invest big dollars in securing data with the latest technology — striving for cutting-edge speed and security. In fact, they provide redundancy data that’s replicated and encrypted so it can be delivered quickly and securely. Companies that utilize the cloud would find it difficult to get such results on their own.
4. Anything, anytime, anywhere
With cloud technology, companies can access data from anywhere, at any time. Take Dropbox for example. Its popularity has grown because people want to share large files that exceed the capacity of their email inboxes. Now it’s expanded the way we share data. As time goes on, other cloud companies will surely be looking to improve upon that technology.
5. Regulatory compliance comes more easily
The data security and technology that regulators require typically come standard from cloud providers. They routinely test their networks and systems. They provide data backups and power redundancy. Some even overtly assist customers with regulatory compliance such as the Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry Data Security Standard (PCI DSS).
1. Cloud contracts are unforgiving
Typically, risk managers and legal departments create contracts that mitigate losses caused by service providers. But cloud providers decline such stringent contracts, saying they hinder their ability to keep prices down. Instead, cloud contracts don’t include traditional indemnification or limitations of liability, particularly pertaining to privacy and data security. If a cloud provider suffers a data breach of customer information or sustains a network outage, risk managers are less likely to have the same contractual protection they are accustomed to seeing from traditional service providers.
2. Control is lost
In the cloud, companies are often forced to give up control of data and network availability. This can make staying compliant with regulations a challenge. For example cloud providers use data warehouses located in multiple jurisdictions, often transferring data across servers globally. While a company would be compliant in one location, it could be non-compliant when that data is transferred to a different location — and worst of all, the company may have no idea that it even happened.
3. High-level security threats loom
Higher levels of security attract sophisticated hackers. While a data thief may not be interested in your company’s information by itself, a large collection of data is a prime target. Advanced Persistent Threat (APT) attacks by highly skilled criminals continue to increase — putting your data at increased risk.
4. Hidden costs can hurt
Nobody can dispute the up-front cost savings provided by the cloud. But moving from one cloud to another can be expensive. Plus, one cloud is often not enough because of congestion and outages. More cloud providers equals more cost. Also, regulatory compliance again becomes a challenge since you can never outsource the risk to a third party. That leaves the burden of conducting vendor due diligence in a company’s hands.
5. Data security is actually your responsibility
Yes, security in the cloud is often more sophisticated than what a company can provide on its own. However, many organizations fail to realize that it’s their responsibility to secure their data before sending it to the cloud. In fact, cloud providers often won’t ensure the security of the data in their clouds and, legally, most jurisdictions hold the data owner accountable for security.
Risk managers can’t just take cloud computing at face value. Yes, it’s a great alternative for cost, speed and security, but hidden fees and unexpected threats can make utilization much riskier than anticipated.
Managing the risks requires a deeper understanding of the technology, careful due diligence and constant vigilance — and ACE can help guide an organization through the process.
To learn more about how to manage cloud risks, read the ACE whitepaper: Cloud Computing: Is Your Company Weighing Both Benefits and Risks?