Risks in Three Dimensions

The risks of 3D printing include product liability, intellectual property, and safety and security issues.
By: | October 1, 2015 • 8 min read

Companies are leaving themselves exposed to a host of costly and unexpected risks if they fail to come to grips with the new challenges presented by 3D printing technology.


Industry experts said that businesses need a fundamental review of their risk management processes and controls to deal with the potential problems caused by this new technology or they could find themselves being sued for copyright infringement or, worse still, having to pay out millions in product liability claims.

3D printing or additive printing, as it is commonly known in the industry, is the process of producing solid three-dimensional objects using a digital blueprint. It works by using a computer to send the design to a printer that then builds the product.

10012015_06_3Dprinting_chartTake-up of the new technology has been phenomenal over the last 10 years because of the potential for substantial time and cost savings.

PwC estimates that 67 percent of manufacturers already use 3D printing, while NASA has been testing the technology in its space station for years. It is widely used for creating prototypes in the aviation, automotive and medical industries, and applications range from plane engines and car spare parts to surgical implants and prosthetic limbs.

With the industry expected to grow in value by 25 percent to $17.2 billion by 2020, according to consultancy firm A.T. Kearney, the scope for the technology is almost limitless — as are the potential risks, including counterfeiting and the manufacture of illegal drugs.

“The biggest risk of 3D printing is that you can make anything, anywhere in the world and that presents a host of potential problems,” said Mark Schonfeld, a partner at Burns & Levinson LLP.

“Those problems in the main include product liability, intellectual property, and safety and security issues.”

Supply Chain Risks

Schonfeld said that the biggest difference between 3D printing and traditional manufacturing is the complexity of the supply chain and the number of different parties involved.

Mark Schonfeld, partner, Burns & Levinson LLP

Mark Schonfeld, partner, Burns & Levinson LLP

“With 3D printing, you have more players than you would have in the traditional manufacturing process, where most of the participants work for the same company,” he said.

“So if something goes wrong with the product, who is liable – is it the designer, the supplier, the manufacturer or even the end user?

“Currently there is no legislation governing 3D printing, so it is often very hard to tell who is responsible.”

Rob Gaus, global product risk group leader at Marsh, said there are three key factors affecting any manufacturing process: “It’s about having a clearer focus on the materials that are being used, the financial strength of your supply chain partners, and the quality assurance program and processes that you have in place,” he said.

“Overarching all of those risks is the product risk management process, which revolves around risk assessment and how they apply in foreseeable use and misuse scenarios.”

Robert Weireter, vice president and senior underwriter at Swiss Re, said that increasing the scale of 3D print manufacturing also creates the problem of ensuring the quality and durability of the end product.

“When you print out something in a small-scale environment, you have a lot of control over the process, and therefore over the quality of the finished product,” he said.


“However, with 3D printing, questions arise when you increase the scale to a commercial level. Can you still ensure the quality of the finished product?”

Counterfeiting Problems

Another key issue with 3D printing is counterfeiting or the illegal copying of products.

Provided you have the right design or blueprint and a 3D printer, it’s easy to quickly produce, for example, your own iPhone at home.

“It’s very easy if you have your own 3D printer at home to scan a design into your printer, print it out and sell it,” said Cindy Slubowski, vice president and head of manufacturing at Zurich North America.

 Cindy Slubowski, vice president and head of manufacturing, Zurich North America

Cindy Slubowski, vice president and head of manufacturing, Zurich North America

“We have seen some claims, and the real issue is that the original manufacturer who has the rights to that product now has a counterfeit product out there that it knows nothing about and that can cause serious issues in terms of liability, patent and trademark infringement.”

No one is immune from the intellectual property risks associated with 3D printing, said Tom Srail, technology, media and telecommunications industry group leader at Willis North America.

“Intellectual property is a significant risk not only for the organization making the product but also for the supply chain as a whole and for other companies’ copyrights, trademarks and patents in similar types of products and areas,” he said.

“Even if you’re not producing anything using 3D printing, you can still be exposed to risks in the supply chain with other entities using the technology to counterfeit or copy what you are doing.”

Michael Bruch, head of emerging trends/ESG business services and chief underwriting officer, risk consulting, at Allianz Global Corporate and Specialty SE (AGCS), said that the convergence of manufacturing and digital technology also make unauthorized copying of product designs easier to do in the future.

“Because it will be much harder to track these products, traceability will become an even bigger issue than it was before,” he said.

“It will also bring a whole suite of issues such as piracy and copyright infringement to the fore.”

Therefore, it’s important for companies to do due diligence before manufacturing new products, said Shawn Ram, executive managing director and western regional manager at Crystal & Company.

“When manufacturing or technology companies develop a certain product, they have to do due diligence on patents and discovery on trademarks and copyrights, which is often overlooked because of the time and cost involved,” he said.

Security and Privacy Fears

The shadow of cyber risk also lurks around 3D printing. It’s no stretch to imagine someone hacking into a computer system and fundamentally changing the design of a product.

“You have this whole file sharing component in 3D printing that you don’t have in traditional manufacturing and so that automatically becomes a huge potential security and privacy issue,” said Zurich’s Slubowski.

“We are seeing a lot of 3D printing going into hospitals these days and if someone were to hack into their computer system and modify the design of a key component they produce, such as a heart valve for a patient, then the consequences would be unthinkable.”

Shawn Ram, executive managing director and western regional manager, Crystal & Company

Shawn Ram, executive managing director and western regional manager, Crystal & Company

Ram said that the lack of a strong regulatory environment in 3D printing also makes it much easier to manufacture a product such as a weapon that can cause harm or damage.

“There are still a lot of gray areas because there are so many different parties involved in the process, so it can be hard to create any meaningful regulations,” he said.

AGCS’s Bruch said that like any new technology, 3D printing will have its teething problems at first, but provided it is closely monitored, risks can be eliminated early in the manufacturing process.

“In terms of cyber risks, risk managers will need to review all of their IT risks in both their office computer systems and production lines and throughout the whole digitalized manufacturing chain from the first idea to the final 3D printed end-product,” he said.

3D printing also opens up the possibility of criminals exploiting the technology for their own gain, said Emily Cummins, managing director of tax and risk management at the National Rifle Association.

“Quite simply, any company that uses credit cards to run its business, which is most, carries a potential threat of being exposed to cyber risk,” she said. She cited a recent case where a criminal gang used a 3D printer to produce an ATM skimmer that was used to steal customers’ details.

“The kind of fraud that can be perpetrated from extracting the information on credit cards includes identity theft and financial theft.”

Risk Management Procedures Lag Behind

All of these risks have opened up companies to a host of potential claims running to millions of dollars, particularly on the product liability side.

Slubowski said the biggest danger to companies is failing to understand their exposures.

“If you don’t understand all of the nuances around 3D printing, then you will probably find yourself with claims that you didn’t anticipate you were going to have,” she said.

“We have seen it in the industry before where small companies get hit with large claims and they go out of business because they can’t come back from the reputational and monetary damage they have suffered.”

Despite companies’ best intentions, many are still lagging behind in terms of their risk management procedures for dealing with the risks of 3D printing, experts said.

Tom Srail, technology, media and telecommunications industry group leader, Willis North America

Tom Srail, technology, media and telecommunications industry group leader, Willis North America

Willis’ Srail said that the evolving technology of 3D printing means that companies have to continually adapt their risk management models.

“Some companies are well along the way with that,” he said. “However it’s safe to say that most companies are not ready for everything that is coming.

“It’s something that organizations will need to look at internally, externally and throughout their supply chain, and to undergo an ongoing improvement process by reviewing all of these risks on a continual basis.”

Ram went even further to say that 3D printing is still not even on some risk managers’ radar.


“Our general awareness of the value and opportunity of 3D printing is relatively nascent and so many risk managers aren’t prepared for it,” he said.

However, despite all the risks and possible downsides of 3D printing, Cummins is upbeat about the future.

“As an innovation, 3D printing can be managed either as a sustaining innovation that you can use to improve your business or as a disruptive innovation that overtakes an existing market and puts companies out of business,” she said.

“So those companies that get on board early on with the new technology can use it in a sustaining way to enhance their product and become industry leaders.”

Alex Wright is a U.K.-based business journalist, who previously was deputy business editor at The Royal Gazette in Bermuda. You can reach him at [email protected]
Share this article:

Supply Chain Risks

Risk Center to Rule the World

A combination of technology and data-centric risk management almost guarantees resilient supply chains.
By: | September 14, 2015 • 6 min read

This is not the story of how an unrelenting flood in faraway Thailand nearly destroyed the business of a Fortune Global 500 company.

Sure, during the Fall 2011 floods in the Southeast Asian country, nearly 50 percent of its landmass was underwater. More than 1,000 factories shut down.

But for the multinational company in question, Flex, formerly known as Flextronics Inc., the Thailand floods were a bit of a success story — albeit a success story with $100 million in resulting lost revenue.


What kind of victory is that? Thailand became proof that lessons had been learned after a previous disaster — the March 11, 2011 Japanese earthquake. It was proof that Flex, one of the world’s largest outsourced electronics manufacturers, was on the right track.

After that earthquake, Flex’s supply chain team in the States scrambled for weeks to understand the disruption’s size. Which of its suppliers were affected and by how much? They shuffled Excel spreadsheets and flipped through outdated Rolodexes.

They found that their path to victory was partly a software solution called Resilinc.

Connecting the Dots

“The database underlying Resilinc maps suppliers’ footprint and part-origin information, and connects this type of supplier information with products and revenue,” wrote MIT Professor Yossi Sheffi, Resilinc founder Bindiya Vakil and Flex supply chain Senior Director Tim Griffin — in a research paper detailing Flex’s experience.

When the Thailand floods came, Resilinc empowered the Flex supply chain team to know when and how suppliers were being hit — and which and how many parts were built at those suppliers — even as those suppliers were keeping quiet publicly.

Flex could prioritize a “high risk” list and plan recovery strategies at a speed that allowed them to minimize revenue and profit loss.

“The main benefits came from the ability to connect all the dots; from supplier name to part numbers, part numbers to inventory and demand positions, from that to specific products and customers,” the MIT report authors wrote.

 Jose Heftye, senior director, global risk management, Flex

Jose Heftye, senior director, global risk management, Flex

Flex’s business recovery success in Thailand was not contingent entirely on a software app. The company with 200,000 employees across 30 countries also avoided serious losses because redundancy built into its supply chain anticipated business interruption for any single-source supplier, said Jose Heftye, senior director, global risk management, at Flex’s San Jose, Calif., office, who was employed elsewhere during the floods.

The nine-figure revenue loss was a victory, thanks to technology and traditional supply chain management, but Flex has since moved to far more dynamic 21st century business recovery processes.

The company now believes it has the ability to accommodate potential physical damage risk to suppliers and essentially become a guarantee to customers — from mobile device makers to automakers.

To do that, the company folds risk management and risk analysis into its day-to-day business. The focus no longer rests solely on mere efficiency.

“Flextronics moved from a traditional supply chain risk management strategy that usually includes building redundancy within the system, procuring insurance and setting up processes to react in the case of a potential disruption, to a real-time risk assessment and risk management strategy,” said Alejandro Marmorek, managing director, Latin America regional sales, and AGCN leader at Aon.


The company, he said, “can follow and analyze specific issues that could potentially disrupt vendors or customers and define mitigation strategies that are executable in real time.”

Or as his colleague Randy Nornes, executive vice president of Aon Risk Solutions, said, “Efficiency and risk are not on the same page.”

Creating a Risk Center

The new business recovery program — which Heftye oversees across business continuity planning and risk treatment strategy, legal, HR, operations, business development and supply chain up through the C-suite — is a so-called “risk center.”

It focuses on three buckets: business continuity, contractual exposure and financial risk.

Here’s how it works: Heftye’s teams conduct internal audits to identify company core processes, their interdependencies across different areas, and their recovery times if they were to go down.

Next, they apply business impact analysis to map the financial and strategic value of each process, calculate how much risk is already in the system and spot where more risks are.

“You go from the very, very granular points, and you take it to a higher level and start to aggregate data and processes. My primary objective is to not buy insurance.” — Jose Heftye, senior director, global risk management, Flex

They bring the results before a steering committee made up of C-suite level leaders across business development, finance, operations and legal — where Heftye’s team recommends ways to eliminate, mitigate or transfer the risk.

“That is pretty much driving all of our activities,” Heftye said. “You go from the very, very granular points, and you take it to a higher level and start to aggregate data and processes.

“My primary objective is to not buy insurance,” he said.

Let’s imagine a scenario where the IT system that manages Flex’s inventory goes down. Heftye and his team evaluate the impact upon their customers, purchase orders, revenue, profitability, etc., if the system were down for X hours at Y facility.


“We can show in hard numbers [what happens] if we don’t have a backup,” he said.

The team quantifies the investments needed to mitigate or eliminate the risk and sits down with the steering committee, which can then comfortably authorize an investment for a redundant IT system and other measures.

They’ve done a similar investigation into key individuals at the company and the potential impact of their departures, then worked with HR to build a talent pipeline to mitigate that risk.

Better Than ERM

Developed by firms like Genentech and Microsoft in the late ’90s, this risk center concept first appeared at companies in a one-off role, such as for a project team to, say, analyze an event that impacted a competitor to see what the ramifications could be for the company. More and more, however, companies are backing the processes into what they do every day.

090152015_20_flextronics_sidebarThis is much more than enterprise risk management (ERM). In Nornes’ view, ERM has evolved into risk identification and control. But once ERM identifies supply chain as a “red risk on a heat map,” said Nornes, it typically fails to provide a granular view and guidance on what to do next. ERM, in essence, has evolved into a compliance checkbox.

And as Heftye has explained, a risk center approach is not limited to supply chain; it allows companies to apply analytical rigor and insert risk management into ROI decisions for any critical risk, like cyber.

“It’s the skill set they are bringing, not the knowledge of that specific risk,” Nornes said.

“It does require a high degree of risk maturity across the organization to collaborate across the various teams, which includes deep partnerships with clients and suppliers,” added Marmorek.

For Heftye, it has earned him a veritable role as rainmaker. At Flex, the risk management function can now contribute to the company’s strategy by providing insight and by partnering with business operations, said Heftye.

Flex’s risk is their customers’ supply chain risk, so having their risk under control, holding to that guarantee of little or no business interruption as a talisman, has become a selling point for Flex.

“It’s given us more tools to sell quality of services and show that we are a long-term solution and not just something that could go away after another Thailand,” Heftye said.

Matthew Brodsky is editor of Wharton Magazine. He can be reached at [email protected]
Share this article:

Sponsored Content by ACE Group

6 Truths about Predictive Analytics

ACE's predictive analytics tool provides a new way to capture, analyze and leverage structured and unstructured claims data.
By: | October 1, 2015 • 6 min read

Predictive data analytics is coming out of the shadows to change the course of claims management.

But along with the real benefits of this new technology comes a lot of hype and misinformation.

A new approach, ACE 4D, provides the tools and expertise to capture, analyze and leverage both structured and unstructured claims data. The former is what the industry is used to – the traditional line-item views of claims as they progress. The latter, comprises the vital information that does not fit neatly into the rows and columns of a traditional spreadsheet or database, such as claim adjuster notes.

ACE’s recently published whitepaper, “ACE 4D: Power of Predictive Analytics” provides an in-depth perspective on how to leverage predictive analytics to improve claims outcomes.

Below are 6 key insights that are highlighted in the paper:

1) Why is predictive analytics important to claims management?

ACE_SponsoredContentBecause it finds relationships in data that achieve a more complete picture of a claim, guiding better decisions around its management.

The typical workers’ compensation claim involves an enormous volume of disparate data that accumulates as the claim progresses. Making sense of it all for decision-making purposes can be extremely challenging, given the sheer complexity of the data that includes incident descriptions, doctor visits, medications, personal information, medical records, etc.

Predictive analytics alters this paradigm, offering the means to distill and assess all the aforementioned claims information. Such analytical tools can, for instance, identify previously unrecognized potential claims severity and the relevant contributing factors. Having this information in hand early in the claims process, a claims professional can take deliberate actions to more effectively manage the claim and potentially reduce or mitigate the claim exposures.

2) Unstructured data is vital

The industry has long relied on structured data to make business decisions. But, unstructured data like claim adjuster notes can be an equally important source of claims intelligence. The difficulty in the past has been the preparation and analysis of this fast-growing source of information.

Often buried within a claim adjuster’s notes are nuggets of information that can guide better treatment of the claimant or suggest actions that might lower associated claim costs. Adjusters routinely compile these notes from the initial investigation of the claim through subsequent medical reports, legal notifications, and conversations with the employer and claimant. This unstructured data, for example, may indicate that a claimant continually comments about a high level of pain.

With ACE 4D, the model determines the relationship between the number of times the word appears and the likely severity of the claim. Similarly, the notes may disclose a claimant’s diabetic condition (or other health-related issue), unknown at the time of the claim filing but voluntarily disclosed by the claimant in conversation with the adjuster. These insights are vital to evolving management strategies and improving a claim’s outcome.

3) Insights come from careful analysis

ACE_SponsoredContentPredictive analytics will help identify claim characteristics that drive exposure. These characteristics coupled with claims handling experience create the opportunity to change the course of a claim.

To test the efficacy of the actions implemented, a before-after impact assessment serves as a measurement tool. Otherwise, how else can program stakeholders be sure that the actions that were taken actually achieved the desired effects?

Say certain claim management interventions are proposed to reduce the duration of a particular claim. One way to test this hypothesis is to go back in time and evaluate the interventions against previous claim experience. In other words, how does the intervention group of claims compare to the claims that would have been intervened on in the past had the model been in place?

An analogy to this past-present analysis is the insight that a pharmaceutical trial captures through the use of a placebo and an actual drug, but instead of the two approaches running at the same time, the placebo group is based on historical experience.

4) Making data actionable

Information is everything in business. But, unless it is given to applicable decision-makers on a timely basis for purposeful actions, information becomes stale and of little utility. Even worse, it may direct bad decisions.

For claims data to have value as actionable information, it must be accessible to prompt dialogue among those involved in the claims process. Although a model may capture reams of structured and unstructured data, these intricate data sets must be distilled into a comprehensible collection of usable information.

To simplify client understanding, ACE 4D produces a model score illustrating the relative severity of a claim, a percentage chance of a claim breaching a certain financial threshold or retention level depending on the model and program. The tool then documents the top factors feeding into these scores.

5) Balancing action with metrics

ACE_SponsoredContentThe capacity to mine, process, and analyze both structured and unstructured data together enhances the predictability of a model. But, there is risk in not carefully weighing the value and import of each type of data. Overdependence on text, for instance, or undervaluing such structured information as the type of injury or the claimant’s age, can result in inferior deductions.

A major modeling pitfall is measurement as an afterthought. Frequently this is caused by a rush to implement the model, which results in a failure to record relevant data concerning the actions that were taken over time to affect outcomes.

For modeling to be effective, actions must be translated into metrics and then monitored to ensure their consistent application. Prior to implementing the model, insurers need to establish clear processes and metrics as part of planning. Otherwise, they are flying blind, hoping their deliberate actions achieve the desired outcomes.

6) The bottom line

While the science of data analytics continues to improve, predictive modeling is not a replacement for experience. Seasoned claims professionals and risk managers will always be relied upon to evaluate the mathematical conclusions produced by the models, and base their actions on this guidance and their seasoned knowledge.

The reason is – like people – predictive models cannot know everything. There will always be nuances, subtle shifts in direction, or data that has not been captured in the model requiring careful consideration and judgment. People must take the science of predictive data analytics and apply their intellect and imagination to make more informed decisions.

Please download the whitepaper, “ACE 4D: Power of Predictive Analytics” to learn more about how predictive analytics can help you reduce costs and increase efficiencies.


BrandStudioLogoThis article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with ACE Group. The editorial staff of Risk & Insurance had no role in its preparation.

With operations in 54 countries, ACE Group is one of the largest multiline property and casualty insurance companies in the world.
Share this article: