Target as Target
After fumbling its initial response to a massive data breach, Target Corp. has rebounded, according to experts in crisis management.
However, they said, the retailer still faces challenges in regaining consumer confidence, especially among people directly harmed by the cyber attack, which struck at the height of the holiday shopping season.
In late November and early December, malware lodged in the retailer’s point-of-sale system siphoned off account and personal information for up to 110 million customers. But Minneapolis-based Target is not the only company that may have been struck. Luxury retailer Neiman Marcus suffered a smaller breach, and news reports suggest at least six other retailers have been hit. These other companies likely are keeping a close eye on Target’s handling of the crisis.
Critics have focused, in part, on the company’s early communications. Target appeared initially to underestimate the gravity of the situation, crisis consultants said. For example, Target’s first message to customers apologized for the inconvenience.
“You don’t call something like this an inconvenience,” said Rich Klein, a crisis management consultant in New York City.
Subsequent messages from Target used stronger language, acknowledging customers’ stress and anxiety, he said. Messages also switched from assuming customer confidence to promising to regain it, Klein added, praising the change.
“I would still say it’s so much better to get it right the first time,” he said.
Still, he added, the company made good use of its Twitter feed and Facebook page. Facebook, for example, was used only to communicate about the breach, not to advertise sales, though it also acted as something of a lightning rod for complaints.
Consultants also panned the company’s decision to extend a 10 percent discount to shoppers during the weekend of Dec. 21, a few days after news of the breach first surfaced. While the discount was a nice gesture, it did not adequately address customer concerns and seemed to suggest the crisis had passed, consultants said.
In addition, the company has occasionally appeared to be behind the news, with information trickling out in the media before being revealed by Target, said Jeff Jubelirer, vice president of Philadelphia-based Bellevue Communications Group. “We should expect more from a retailer of that size and that reputation and that level of success.”
A key turning point came on Jan.13 when the company’s CEO, Gregg Steinhafel, appeared on CNBC, apologizing for the breach, reassuring customers and defending the company’s reaction:
Steinhafel should have been giving interviews in December, said Jonathan Bernstein, an independent crisis management consultant in Los Angeles. “They would have suffered less loss of sales and less impact on their stock value if they had been more assertive from the get-go.”
Other observers gave Target high marks for making a relatively quick disclosure of the breach and offering a free year of credit monitoring to customers. The four-day gap between discovery of the breach on Dec. 15 and public disclosure on Dec. 19 was faster than it’s been in other cases, said Alysa Hutnik, an attorney in the Washington, D.C. office of Kelley Drye.
“I haven’t done the math, but I think that would rate somewhere at the very top,” said Hutnik, who specializes in cyber security issues.
Another high point is the prominent role of Target’s CEO, Hutnik said. “He knows there’s work to be done to earn back customer trust, and it looks like he is taking that obligation seriously,” she said, noting that top executives rarely serve as public faces after a data breach.
Other positive steps include Target’s $5 million investment in cyber security education said Michael Soza, a partner in accounting and consulting firm BDO.
“This latest move … is really going on the offensive to show that they really are trying to get out in front of this thing and really attack what is not just a Target problem,” Soza said.
As long as no other damaging details leak out, most customers will remain loyal to the chain, said Daniel Korschun, an assistant professor of marketing at Drexel University in Philadelphia.
But the company will have to work harder to win back customers who suffered directly. They will be hard to find and hard to soothe, especially if they’ve had to spend hours on the phone undoing damage to their credit or bank accounts.
“Those are the ones where the trust has really been lost,” Korschun said.
Risk Focus on Brazil
In 2015, two high-profile cases in Latin America’s largest economy highlighted some of the biggest risks faced by American companies — as well as the risk management and compliance shortcomings of the business community in Brazil.
The development of risk management in Brazil is below average even by Latin American standards, which are not that high to begin with, according to a study commissioned by RIMS and Marsh.
Aggravating the potential exposures is the inadequacy of insurance coverage, especially for environmental liability.
“In Brazil, for cultural reasons, companies do not have the habit of purchasing environmental insurance.” — Alexandre Jardim, head of P&C, Aon, Brazil
In addition, bribery and corruption are widespread in Brazil, leading to potential prosecution risk in the United States under the Foreign Corrupt Practices Act (FCPA).
The Nov. 5 bursting of a waste dam owned by Samarco, a mining ore producer, spilled millions of tons of industrial mud in a river, killing at least 17 people and causing what is believed to be Brazil’s largest environmental disaster ever.
The environmental and human tragedy associated with the Samarco dam revealed a lack of efficient crisis and risk management plans by a company that had been seen as a standard-setter in mining practices.
It also illustrated the extent to which shareholders are exposed to environmental and civil liability in the country.
The causes of the accident are still under investigation, but experts have pointed to a number of apparent flaws that could have increased the possibility of accidents at the Fundão dam, which burst in early November.
“All the information that has been in the news indicate that risk management systems failed to prevent a large scale disaster,” said Robert Kochen, CEO of GeoCompany, an engineering consultancy.
If his view is confirmed by the investigation, the case throws into question the risk management practices of the entire mining sector in Brazil, as Fundão was seen as one of the safest among several hundred dams currently in the country.
“There is no doubt that Samarco was negligent and skipped its responsibilities,” said Sandra Cureau, a deputy federal attorney, who is heading the official investigation into the disaster.
The company was particularly criticized for not having an emergency plan in place to warn neighboring communities about accidents.
One area of the nearby town of Mariana was completely devastated by the mud spill, and in addition to the 17 dead, two people are still missing, and hundreds of families lost their homes.
The mud spillage polluted more than 400 miles of the Rio Doce riverbed, reaching a natural reserve in the Atlantic Ocean, according to IBAMA, Brazil’s environmental agency.
Samarco’s executives said that its emergency plans and risk management processes met regulatory demands, but prosecutors and the media have expressed doubt.
Samarco is co-owned by Australia’s BHP Billiton and Brazil’s Vale, and both mining giants risk having to pay billions of dollars in fines to the government and compensation to the victims of the accident.
In addition, their shares were heavily hit after the tragedy.
Vale has been criticized by the local media about its handling of the accident, especially after it emerged that the company used the Fundão dam to deposit some of its own industrial waste.
Vale and BHP Billiton have denied any liability for the disaster, but they may face up to $5.3 billion in fines and indemnifications for both environmental and civil liabilities, if Samarco goes bankrupt.
The incident also revealed the inadequacy of insurance programs purchased by many Brazilian companies.
Vale executives have stressed that Samarco’s liability program will cover only a small fraction of the expected economic losses. The company reportedly had no environmental insurance in place, a common situation among Brazilian companies, despite the high levels of exposure to the risk.
Even before the accident, risk professionals had warned that the Brazilian authorities were becoming more rigorous when it comes to environmental liability by companies.
“In Brazil, for cultural reasons, companies do not have the habit of purchasing environmental insurance,” said Alexandre Jardim, the head of P&C at Aon in Brazil.
As a result of the accident, he said, insurers will become more selective with clients – which has the potential to affect U.S. companies seeking coverage — although it will not necessarily affect environmental liability rates in Brazil.
The accident and its aftermath should act as a cautionary tale for U.S. companies seeking business partners or to establish operations in the region.
For her part, Karla Costa, a risk management expert at Deloitte in Rio de Janeiro, said that the mining sector will become the target of new, tighter licensing rules. Brazil’s Lower House is already discussing the imposition of mandatory insurance coverages for dams.
The accident and its aftermath should act as a cautionary tale for U.S. companies seeking business partners or to establish operations in the region.
The second scandal that has potential to affect U.S. multinationals is the long-running bribery investigation involving state-owned oil giant Petrobras, public officials, political parties and some of Brazil’s largest business groups.
If the Fundão tragedy put the failures of risk management in Brazil under the limelight, the Petrobras scandal has revealed the extent to which corporate compliance programs lack credibility in the country.
The long-running bribery investigation known as Operation Car Wash has resulted in the imprisonment of dozens of politicians, officials and business leaders, who were accused of paying bribes for the awarding of contracts linked to Brazil’s large offshore oil reserves and other activities by Petrobras.
Losses suffered by the oil giant due to the criminal activities have been estimated at several billions of dollars.
Many of the companies linked to the scandal claimed to have developed thorough compliance programs in recent years.
Although bribery and corruption are widespread in Brazil’s business community, especially in dealings with omnipresent government entities, the extent of involvement by some of the country’s most respected companies has shocked many.
Executives from Brazilian-based multinational construction firms such as Andrade Gutierrez, OAS, Queiroz Galvão and Mendes Júnior have already been sentenced to jail. The CEO and heir of Oderbrecht, one of the country’s most recognizable international brands, is under arrest.
The scandal has also claimed the scalp of Andres Estevez, the CEO of BTG Pactual, a fast growing investment bank with activities in Latin America and Europe. The bank is now facing a flight of customers.
Many of the companies linked to the scandal claimed to have developed thorough compliance programs in recent years, but the widespread involvement of top corporate executives indicates that the efficiency of such programs in Brazil is questionable.
More worryingly for American companies, though, is that several foreign firms have found their brands dragged into the scandal, including Houston-based Vantage Drilling Co., Italy’s Saipem, the Netherlands’ SBM Offshore and others, which have denied involvement or are cooperating with the investigations.
Brazilian prosecutors, a number of whom are U.S.-trained, are reportedly collaborating with their American peers, which could give rise to further prosecution in America under the FCPA. They argue that many of the bribes were paid via the American banking system.
The purchase of an oil refinery in Pasadena, Texas, by Petrobras is one of the main targets of the investigation.
Brazil boasts a large economy and, once it leaves its current economic malaise behind, it should offer growth opportunities for American groups.
The devaluation of the local currency, the real, coupled with the economic woes faced by many companies, mean that attractive M&A targets should be found in the country in the near future.
But collaboration with Brazilian companies demands caution, especially now that the courts and the media appear to be fully engaged in punishing bad business practices in the country.
U.S.-based companies may find out that compliance and risk management practices at Brazilian companies, when they do exist, are not robust enough to keep threats at bay.
“There are failures in enterprise risk management programs in the region,” said Rodrigo Fajardo, the managing director of Marsh Latin America.
The good news is that companies appear to waking up to risk management and compliance, according to experts.
“The crisis, in this sense, has been a positive,” said Cristiane Alves França, the president of ABGR, Brazil’s risk management association, at the association’s bi-annual conference in late October in São Paulo.
“Today, there is a higher perception of risks among companies.”
The Doctor as Partner
Professionals helping employees return to work after being on disability or a leave of absence face many challenges. After all, there is a personal story behind each case and each case is unique.
In the end, the best outcome is an employee who returns to the job healthy and feeling well taken care of, while at the same time managing the associated claim costs.
Learn what most employers want from their group disability and life benefits program.
While many carriers and claims managers work toward these goals, in the end they often tend to focus on minimizing costs by aggressively managing claims to get the worker back on the job, or they “fast track” claims, approving everything and paying little attention to case management.
Aggressively managed claims can leave many employees and their doctors feeling defensive and ill-at-ease, creating an adversarial relationship that ultimately hinders return to work and results in higher direct and indirect employee benefit costs for the employer. Fast track or non-managed claims can lead to increased durations, costs and workforce productivity issues for employers.
Is it possible to provide a positive employee benefit experience while at the same time effectively managing disability and lowering an employer’s overall benefit costs?
A Unique Approach
Liberty Mutual Insurance’s approach to managing disability and absence management focuses on building consensus among all stakeholders – the disabled employee, treating physician, employer and insurer. And a key component of this process is a large team of consulting physician specialists, leading practitioners from a variety of specialties, highly regarded experts affiliated with leading medical universities across the country.
“About 16 years ago, our national medical director, Dr. Ed Crouch, proposed that if we worked with a core group of external consulting medical specialists – rather than sending most claims for Independent Medical Evaluations – we could do a better job making disabled employees and their attending physicians comfortable, and therefore true partners in producing better disability management outcomes and employee benefit experiences,” said Tim Kastrinelis, senior vice president, Distribution Partnerships at Liberty Mutual Benefits.
“In this way, our consulting physician and the attending physician are able to work with the disability case manager, the employee and the employer to deliver a coordinated, collaborative approach that facilitates a productive lifestyle and return to work.”
The result of Dr. Crouch’s initiative has produced positive results for the clients of Liberty Mutual Insurance. This consensus building approach to managing disability with consulting physician expertise has helped achieve industry leading client retention results over the past decade. In fact, 96 percent of Liberty Mutual’s group disability and group life clients renew their programs.
“By getting all stakeholders on the same page and investing heavily in consulting physician specialists, we have been able to lower claim costs and shortened claim duration for our group disability policyholders. …In the end, it’s a win-win for all.”
–Tim Kastrinelis, Senior Vice President, Distribution Partnerships, Liberty Mutual Benefits
A Collaborative Approach
In the case of complex disability medical health situations, Liberty Mutual’s disability case managers play a vital role in seeking additional expertise—an area where the industry’s standard has been to outsource the claimant for independent medical examinations.
However, Liberty Mutual empowers its disability case managers with the ultimate responsibility for the outcome of each claim. The claimant and the case manager stay together throughout the life of the claim. This relationship is the foundation for a collaborative approach that delivers a better employee benefit experience and enables the claimant to return to work sooner; which more effectively controls total disability claim and absence costs.
Sending a disabled employee with complex medical needs to an external specialist may sound like a cost-effective path, but it often comes at the cost of sacrificing the relationship and trust built between the employee and case manager. The disabled employee must explain their medical history to a new clinician, which he or she is often reluctant to do. The attending physician may be uncooperative as this move can appear to question his or her treatment plan for the employee.
As a result, the entire claims process takes on an adversarial atmosphere, building major roadblocks to the ultimate goal of helping the claimant return to a productive lifestyle.
Liberty Mutual takes a different approach. Nearly 100 physicians representing more than 30 medical specialties are available to consult with its medical and claims professionals, working side-by-side with case managers.
More than 95 percent of these consulting physicians are in active practice, and therefore up-to-date on the latest clinical best practices, treatment guidelines, therapies, medications, and programs. Most of these physicians are affiliated with leading medical universities across the country. “We recruit specialists from around the country, getting the best from such prestigious institutions as Harvard, Yale, and Duke,” said Kastrinelis.
These highly-credentialed physicians help case managers focus on providing the support needed for the disabled employee to successfully return to work as quickly as appropriate. Their collaborative work with the attending physicians provides the behind-the-scenes foundation that leads to a positive claimant experience, results in a better outcome for the claimant, and more effectively reduces total claim costs.
Coordinated Care Plan
When one of these consulting physicians reaches out to an attending physician, there’s an immediate degree of respect and high regard for his or her opinion. This helps pave the way to working together in the best interest of the employee, improving treatment plans and return to work results.
In this process, the claimant is not sent to yet another doctor; instead, the consulting specialist works with the attending physician to help fill in the gaps of knowledge or provide information that only a specialist would have. Although not an opportunity to direct care, these peer-to-peer discussions can help optimize care with the goal of helping the employee return to work.
The attending physician may have no knowledge of the challenges the employee faces in order to return to work. A return to work plan created in concert with the specialist, disability case manager, employer, and attending physician can set expectations and provide the framework for a proactive and effective return to a productive lifestyle.
“Our consulting physicians bring sophisticated medical expertise to the discussion, and help build consensus around a return-to-work plan, helping us more effectively impact a claim’s outcome and costs, and at the same time provide a better claimant experience,” said Kastrinelis.
“We can work more collaboratively with the attending physician, manage expectations, and shepherd the employee through the process much more effectively and in a much more high-touch, caring, and compassionate manner. Overall, we’re able to produce better outcomes as a result of this consensus building approach.”
“Our approach – including the use of consulting medical experts – helped us significantly reduce disability costs over two years for one large health service company,” notes Kastrinelis. “We cut average short-term disability claim durations by 4.2 days in that time, while increasing employee satisfaction with our unique disability management model and collaborative, partnership approach.
How did Liberty Mutual’s unique approach lower claim costs, reduce disability duration and improve the benefit experience for one customer?
“By getting all stakeholders on the same page and investing heavily in consulting physician specialists, we have been able to lower claim costs and shortened claim duration for our group disability policyholders,” said Kastrinelis.
“Plus, we, the employee, and the employer also get the bonus of creating a better employee benefit experience. This model has shaped our disability and absence management program to more aptly reflect our core mission of helping people live safer, more secure lives. In the end, it’s a win-win for all.”
How does Liberty Mutual provide a superior employee benefit experience?
Tim Kastrinelis can be reached at firstname.lastname@example.org. More information on Liberty Mutual’s group disability and absence management offerings can be seen at https://www.libertymutualgroup.com/business-insurance/business-insurance-coverages/employee-benefits.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty Mutual Insurance. The editorial staff of Risk & Insurance had no role in its preparation.