Crisis Management

Target as Target

Risk experts grade Target's efforts to manage the reputation damage caused by the data breach.
By: | February 3, 2014 • 4 min read
TargetV1

After fumbling its initial response to a massive data breach, Target Corp. has rebounded, according to experts in crisis management.

However, they said, the retailer still faces challenges in regaining consumer confidence, especially among people directly harmed by the cyber attack, which struck at the height of the holiday shopping season.

Advertisement




In late November and early December, malware lodged in the retailer’s point-of-sale system siphoned off account and personal information for up to 110 million customers. But Minneapolis-based Target is not the only company that may have been struck. Luxury retailer Neiman Marcus suffered a smaller breach, and news reports suggest at least six other retailers have been hit. These other companies likely are keeping a close eye on Target’s handling of the crisis.

Critics have focused, in part, on the company’s early communications. Target appeared initially to underestimate the gravity of the situation, crisis consultants said. For example, Target’s first message to customers apologized for the inconvenience.

“You don’t call something like this an inconvenience,” said Rich Klein, a crisis management consultant in New York City.

Initial email (truncated) sent by Target on 12/19/2013. The original email included an additional 4 pages of information.

Initial email (truncated) sent by Target on 12/19/2013. The original email included an additional 4 pages of information.

Subsequent messages from Target used stronger language, acknowledging customers’ stress and anxiety, he said. Messages also switched from assuming customer confidence to promising to regain it, Klein added, praising the change.

“I would still say it’s so much better to get it right the first time,” he said.

2nd email to guests, 12/20/2013.

2nd email to guests, 12/20/2013.

Still, he added, the company made good use of its Twitter feed and Facebook page. Facebook, for example, was used only to communicate about the breach, not to advertise sales, though it also acted as something of a lightning rod for complaints.

Consultants also panned the company’s decision to extend a 10 percent discount to shoppers during the weekend of Dec. 21, a few days after news of the breach first surfaced. While the discount was a nice gesture, it did not adequately address customer concerns and seemed to suggest the crisis had passed, consultants said.

In addition, the company has occasionally appeared to be behind the news, with information trickling out in the media before being revealed by Target, said Jeff Jubelirer, vice president of Philadelphia-based Bellevue Communications Group. “We should expect more from a retailer of that size and that reputation and that level of success.”

A key turning point came on Jan.13 when the company’s CEO, Gregg Steinhafel, appeared on CNBC, apologizing for the breach, reassuring customers and defending the company’s reaction:

Steinhafel should have been giving interviews in December, said Jonathan Bernstein, an independent crisis management consultant in Los Angeles. “They would have suffered less loss of sales and less impact on their stock value if they had been more assertive from the get-go.”

Other observers gave Target high marks for making a relatively quick disclosure of the breach and offering a free year of credit monitoring to customers. The four-day gap between discovery of the breach on Dec. 15 and public disclosure on Dec. 19 was faster than it’s been in other cases, said Alysa Hutnik, an attorney in the Washington, D.C. office of Kelley Drye.

“I haven’t done the math, but I think that would rate somewhere at the very top,” said Hutnik, who specializes in cyber security issues.

Another high point is the prominent role of Target’s CEO, Hutnik said. “He knows there’s work to be done to earn back customer trust, and it looks like he is taking that obligation seriously,” she said, noting that top executives rarely serve as public faces after a data breach.

Other positive steps include Target’s $5 million investment in cyber security education said Michael Soza, a partner in accounting and consulting firm BDO.

“This latest move … is really going on the offensive to show that they really are trying to get out in front of this thing and really attack what is not just a Target problem,” Soza said.

Advertisement




As long as no other damaging details leak out, most customers will remain loyal to the chain, said Daniel Korschun, an assistant professor of marketing at Drexel University in Philadelphia.

But the company will have to work harder to win back customers who suffered directly. They will be hard to find and hard to soothe, especially if they’ve had to spend hours on the phone undoing damage to their credit or bank accounts.

“Those are the ones where the trust has really been lost,” Korschun said.

Joel Berg is a freelance writer and adjunct writing teacher based in York, Pa. He has covered business and regulatory issues. He can be reached at [email protected]
Share this article:

FCPA Compliance

Feds Encouraging FCPA Self-Reporting

The government is offering companies lower fines if they disclose Foreign Corrupt Practices Act violations.
By: | June 14, 2016 • 5 min read
Scale with gavel and money

Companies can take a more proactive role in managing their Foreign Corrupt Practices Act (FCPA) exposures since the federal government launched a new program in April to encourage self-disclosure of misconduct.

Advertisement




The government’s focus on this area is much more robust now than it has been for many years. The good news is if companies voluntarily disclose a violation, they face much more lenient penalties.

The U.S. Department of Justice increased its FCPA unit this year by more than 50 percent by adding 10 new prosecutors, according to the Washington-based law firm Wiley Rein LLP.

In the spring of 2015, the FBI also began an effort to increase its presence in this area. That agency invested an additional $15 million for FCPA investigations and set up three new fraud squads, increasing the number of agents working on FCPA matters to 23 agents from five.

The FCPA bans U.S. companies and individuals from offering bribes or anything of value to a foreign official in an attempt to get or keep business.

Ralph J. Caccia, attorney, Wiley Rein LLP

Ralph J. Caccia, attorney, Wiley Rein LLP

“The government is putting their money where their mouth is in terms of their intention to aggressively investigate and prosecute these cases,” said Ralph J. Caccia, an attorney with Wiley Rein.

Caccia is a former federal prosecutor, who now defends companies and their executives in cases involving the FCPA.

The law firm hosted a conference call on June 9 to share trends and information on FCPA enforcement with other attorneys and corporate executives.

On the call, speakers said there are about 79 FCPA investigations underway, and about 80 percent of thoses cases have roots in China.

The industries that seem to “catch the eye” of investigators include pharmaceutical, health care, telecommunications and increasingly, financial services companies, Caccia said.

$133 Million in Fines

Government investigators are not looking at small cases where, for example, there’s a one-time bribe to get a shipment in early.  They are focusing on the large cases that may result in big settlements, he said.

Larger targets result in increased settlements. In 2015, there were 11 corporate enforcement actions, with $133 million collected in fines.

So far this year, the SEC reached 11 corporate resolutions for settlements amounting to more than $506 million, according to Wiley Rein.

“They handled it the right way and got expeditious resolutions as a result.” — Kara Brockmeyer, chief, FCPA unit, Securities and Exchange Commission

This year’s settlement includes two non-prosecution agreements. In each case the companies self-reported the misconduct promptly, and they cooperated extensively with investigators, the SEC announced on June 7.

As a result, the companies were not charged with violations of FCPA and did not face extra penalties.

One company, Akamai Technologies, agreed to pay $671,885 after it found employees at a foreign subsidiary violated company policies by giving gift cards, meals and entertainment to foreign officials to build business relationships.

Advertisement




Nortek Inc. agreed to pay $322,058 after disclosing that a subsidiary made improper payments and gifts to Chinese officials to gain preferential treatment, relaxed regulatory oversight or reduced customs duties, taxes and fees.

“When companies self-report and lay all their cards on the table, non-prosecution agreements are an effective way to get the money back and save the government substantial time and resources while crediting extensive cooperation,” said Andrew Ceresney, director of the SEC enforcement division.

Kara Brockmeyer, chief of the SEC enforcement division’s FCPA unit, said in a statement that “Akamai and Nortek each promptly tightened their internal controls after discovering the bribes and took swift remedial measures to eliminate the problems. They handled it the right way and got expeditious resolutions as a result.”

Increase in Global Cooperation

To snare larger violators, federal agents are increasingly working alongside law enforcement and regulatory authorities in all corners of the globe to share leads, documents and even, witnesses.

The pilot program is designed to investigate and prosecute FCPA violations, while offering companies that voluntarily disclose violations up to 50 percent below the low end of the fine range, based on U.S. sentencing guidelines.

At the end of the one-year pilot period on April 5, 2017, the DOJ will determine whether to extend or modify the program.

In addition to voluntarily disclosing misconduct and fully cooperating with the DOJ investigation, companies also must take all appropriate actions to remediate the offense and surrender all profits from the violation.

Additionally, voluntarily disclosed cases may be acted upon and closed within one year from start of the investigation and the DOJ may not appoint a monitor afterward.

Advertisement




“If a company opts not to self-disclose, it should do so understanding that in any eventual investigation that decision will result in a significantly different outcome than if the company had voluntarily disclosed the conduct to us and cooperated in our investigation” said Assistant Attorney General Leslie R. Caldwell of the Justice Department’s criminal division, when the pilot program was announced.

At the end of the one-year pilot period on April 5, 2017, the DOJ will determine whether to extend or modify the program.

“The government is upping the ante in terms of what they expect to see in the way of cooperation in these cases,” Wiley Rein’s Caccia said. “They want companies to realize these violations can’t be viewed as simply the cost of doing business anymore, but that individuals could possibly go to jail.”

Appropriate Compliance Programs

Increased FCPA activity should compel changes in the way corporations conduct and document internal investigations.

Corporation should increase internal documentation to include not just what they are doing right, but also what has gone wrong and how it’s been addressed, said Daniel B. Pickard, an attorney with Wiley Rein.

Daniel B. Pickard, attorney, Wiley Rein LLP

Daniel B. Pickard, attorney, Wiley Rein LLP


“The Department of Justice continues to deputize private industry to investigate itself,” Caccia said.

Companies can stay FCPA compliant by conducting more sophisticated risk analysis and increasing periodic outside audits.

“It is undeniable we will see compliance changes matching enforcement trends,” said Pickard.

His firm sees corporations spending more money on compliance infrastructure, especially on the chief compliance officer, he said.

CCO salaries jumped in the past 12 months and those executives are getting more authority; frequently reporting to the CEO.

Juliann Walsh is a staff writer at Risk & Insurance. She can be reached at [email protected]
Share this article:

Sponsored: Liberty Mutual Insurance

Commercial Auto Warning: Emerging Frequency and Severity Trends Threaten Policyholders

Commercial auto policyholders should consider utilizing a consultative approach and tools to better manage their transportation exposures.
By: | June 1, 2016 • 6 min read

The slow but steady climb out of the Great Recession means businesses can finally transition out of survival mode and set their sights on growth and expansion.

The construction, retail and energy sectors in particular are enjoying an influx of business — but getting back on their feet doesn’t come free of challenges.

Increasingly, expensive commercial auto losses hamper the upward trend. From 2012 to 2015, auto loss costs increased a cumulative 20 percent, according to the Insurance Services Office.

“Since the recession ended, commercial auto losses have challenged businesses trying to grow,” said David Blessing, SVP and Chief Underwriting Officer for National Insurance Casualty at Liberty Mutual Insurance. “As the economy improves and businesses expand, it means there are more vehicles on the road covering more miles. That is pushing up the frequency of auto accidents.”

For companies with transportation exposure, costly auto losses can hinder continued growth. Buyers who partner closely with their insurance brokers and carriers to understand these risks – and the consultative support and tools available to manage them – are better positioned to protect their employees, fleets, and businesses.

Liberty Mutual’s David Blessing discusses key challenges in the commercial auto market.

LM_SponsoredContent“Since the recession ended, commercial auto losses have challenged businesses trying to grow. As the economy improves and businesses expand, it means there are more vehicles on the road covering more miles. That is pushing up the frequency of auto accidents.”
–David Blessing, SVP and Chief Underwriting Officer for National Insurance Casualty, Liberty Mutual Insurance

More Accidents, More Dollars

Rising claims costs typically stem from either increased frequency or severity — but in the case of commercial auto, it’s both. This presents risk managers with the unique challenge of blunting a double-edged sword.

Cumulative miles driven in February, 2016, were up 5.6 percent compared to February, 2015, Blessing said. Unfortunately, inexperienced drivers are at the helm for a good portion of those miles.

A severe shortage of experienced commercial drivers — nearing 50,000 by the end of 2015, according to the American Trucking Association — means a limited pool to choose from. Drivers completing unfamiliar routes or lacking practice behind the wheel translate into more accidents, but companies facing intense competition for experienced drivers with good driving records may be tempted to let risk management best practices slip, like proper driver screening and training.

Distracted driving, whether it’s as a result of using a phone, eating, or reading directions, is another factor contributing to the number of accidents on the road. Recent findings from the National Safety Council indicate that as much as 27% of crashes involved drivers talking or texting on cell phones.

The factors driving increased frequency in the commercial auto market.

In addition to increased frequency, a variety of other factors are driving up claim severity, resulting in higher payments for both bodily injury and property damage.

Treating those injured in a commercial auto accident is more expensive than ever as medical costs rise at a faster rate than the overall Consumer Price Index.

“Medical inflation continues to go up by about three percent, whereas the core CPI is closer to two percent,” Blessing said.

Changing physical medicine fee schedules in some states also drive up commercial auto claim costs. California, for example, increased the cost of physical medicine by 38 percent over the past two years and will increase it by a total of 64 percent by the end of 2017.

And then there is the cost of repairing and replacing damaged vehicles.

“There are a lot of new vehicles on the road, and those cost more to repair and replace,” Blessing said. “In the last few years, heavy truck sales have increased at double digit rates — 15 percent in 2014, followed by an additional 11 percent in 2015.”

The impact is seen in the industry-wide combined ratio for commercial auto coverage, which per Conning, increased from 103 in 2014 to 105 for 2015, and is forecast to grow to nearly 110 by 2018.

None of these trends show signs of slowing or reversing, especially as the advent of driverless technology introduces its own risks and makes new vehicles all the more valuable. Now is the time to reign in auto exposure, before the cost of claims balloons even further.

The factors driving up commercial auto claims severity.

Data Opens Window to Driver Behavior

To better manage the total cost of commercial auto insurance, Blessing believes risk management should focus on the driver, not just the vehicle. In this journey, fleet telematics data plays a key role, unlocking insight on the driver behavior that contributes to accidents.

“Roughly half of large fleets have telematics built into their trucks,” Blessing said. “Traditionally, they are used to improve business performance by managing maintenance and routing to better control fuel costs. But we see opportunity there to improve driver performance, and so do risk managers.”

Liberty Mutual’s Managing Vital Driver Performance tool helps clients parse through data provided by telematics vendors and apply it toward cultivating safer driving habits.

“Risk managers can get overwhelmed with all of the data coming out of telematics. They may not know how to set the right parameters, or they get too many alerts from the provider,” Blessing said.

“We can help take that data and turn it into a concrete plan of action the customer can use to build a better risk management program by monitoring driver behavior, identifying the root causes of poor driving performance and developing training and other approaches to improve performance.”

Actions risk managers can take to better manage commercial auto frequency and severity trends.

Rather than focusing on the vehicle, the Managing Vital Driver Performance tool focuses on the driver, looking for indicators of aggressive driving that may lead to accidents, such as speeding, sharp turns and hard or sudden braking.

The tool helps a risk manager see if drivers consistently exhibit any of these behaviors, and take actions to improve driving performance before an accident happens. Liberty’s risk control consultants can also interview drivers to drill deeper into the data and find out what causes those behaviors in the first place.

Sometimes patterns of unsafe driving reveal issues at the management level.

“Our behavior-based program is also for supervisors and managers, not just drivers,” Blessing said. “This is where we help them set the tone and expectations with their drivers.”

For example, if data analysis and interviews reveal that fatigue factors into poor driving performance, management can identify ways to address that fatigue, including changing assigned work levels and requirements.  Are drivers expected to make too many deliveries in a single shift, or are they required to interact with dispatch while driving?

“Management support of safety is so important, and work levels and expectations should be realistic,” Blessing said.

A Consultative Approach

In addition to its Managing Vital Driver Performance tool, Liberty’s team of risk control consultants helps commercial auto policyholders establish screening criteria for new drivers, creating a “driver scorecard” to reflect a potential new hire’s driving record, any Motor Vehicle Reports, years of experience, and familiarity with the type of vehicle that a company uses.

“Our whole approach is consultative,” Blessing said. “We probe and listen and try to understand a client’s strengths and challenges, and then make recommendations to help them establish the best practices they need.”

“With our approach and tools, we do something no one else in the industry does, which is perform the root cause analysis to help prevent accidents, better protecting a commercial auto policyholder’s employees and bottom line.”

To learn more, visit https://business.libertymutualgroup.com/business-insurance/coverages/commercial-auto-insurance-policy.

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty Mutual Insurance. The editorial staff of Risk & Insurance had no role in its preparation.


Advertisement





Liberty Mutual Insurance offers a wide range of insurance products and services, including general liability, property, commercial automobile, excess casualty, workers compensation and group benefits.
Share this article: