© 2017 Sedgwick Claims Management Services, Inc. - Do not disclose or distribute.
Implications for Risk Leaders
THE DIGITIZATION OF
THE RISK PROFILE
Today’s agenda
➢ What is digital risk and the digitization of risk?
➢ Understanding the Digital Footprint
➢ Implications through Insurtech
➢ Moving Forward
➢ Key take-a-ways & questions
What is (being) Digital?
Being Digital is the re-imagining of business processes to be by default a fully online, fully automated process from end user interaction to back office processing, with no need for human intervention. Attributes include:➢ Customer first culture
➢ Real time
➢ Automated processing
➢ Intelligent
➢ Accessible on-line anywhere
➢ Attractive and user-friendly
➢ Drives change
➢ Continuously improving
SOURCE: Infoq.com; Reda Hmeid, HRMC Digital
Digitization Trends
➢Increasing speed of data availability even in real time;
➢Increasing breadth and depth of exposure data quality that when aligned with loss data enable a more complete view into risk profile;
➢Declining cost of more robust tech tools that will make more risk leaders able to be more effective and to contribute at higher more strategic levels, more effectively;
➢Reduced regulatory burden flowing from the above as regulators get more comfortable with the way particularly large risk bearing entities manage risk;
➢Increasing data privacy challenges as more potentially sensitive PI info is available to more stakeholders including more exposure to bad actors
Digitization Trends (cont’d)
➢Insurtech will evolve into “risktech”;
➢Eventual complete digitization of the risk profile;
➢More investment in data collection and analysis tools;
➢Increasing transparency among risk stakeholders;
➢Ultimately, declining cost of traditional risk and increasing cost of risk in emerging exposure areas;
➢Increasing formation of alliances and coalitions
What is Digital Risk Management?
• Focused on risk associated with digital business processes
• A business issue; not just a technology issue
• Owned by management; not just IT
• Should equip decision makers with knowledge and a balanced decision making framework
• Enables leaders to understand their digital risk profile from a business perspective
Digital Risk Management is Where Risk Leaders Would:
• capture and manage information from a broader and richer set of data
• use advanced analytics to further improve the accuracy and consistency of its models
• embed mitigation solutions in the organization’s websites, mobile apps, and its financial, product and process platforms
• enable leaders to consult self-serve dashboards informed by risk analyses
• review and reshape its mandate and role to capitalize on its ability to provide faster, more forward-looking, and deeper insights and advice to the organization
• Acquire sufficient technological skills/understanding to enable building digital risk resiliency
The future of risk management in the digital era- December 2017 | Report McKinsey & Co.
Important Aspects of Digital Risk
Digital Risk
Digital “in” the
Business
Digital “as” a Business
Higher Speed of Impact
Strategic
Impact
Operational Impact
Governance Impact
8
Components of a digital risk profile
➢ Key technology affected risks vs all risks
➢ What matters most to whom driven by technology?
➢ Aligns KRIs with KPIs to organizational scorecards
➢ Who owns and is accountable for the risks?
➢ Connects relevant digital risk strategies with specific risks
➢ The status of the digital control environment
➢ The status of targeted mitigation tactics
➢ Depicts digital trends and significant changes
➢ Informed by risk professionals with an understanding of how technology is impacting exposures and the strategy
Where Do Digital Risks Live?
Strategic
• Acquisitions
• Business Model
• Competition
• Demographic
• Brand
• Disruptive innovation
• Market.
Operations
• Customer service
• Infrastructure
• Processes
• System capabilities
• Talent
• Technology
Financial
• Capital
• Cash flow
• Credit
• Debt obligations
• Foreign exchange
• Liquidity
• Etc.
External
• Economy
• Environment
• Geopolitical
• Regulatory
• Tax policies
• Weather events
• Etc.
AN ENTERPISE RISK MANAGEMENT SPECTRUM
Top Risk for 2019
• Existing operations meeting performance expectations competing against “born digital’ firms
• Succession challenges and ability to attract and retain top talent
• Regulatory changes and scrutiny
• Cyber threats
• Resistance to change operations
Top Risks for 2019
• Rapid speed of disruptive innovations and new technologies
• Privacy, identity management and information security
• Inability to effectively utilize analytics and big data
• Organization culture may not sufficiently encourage timely identification and escalation of risk issues
• Sustaining customer loyalty and retention
Source: Protiviti’s Board Perspectives and Risk Oversight; issue 111
Effects of Digitization on Insurance
What are the potential advantages of increased digitization on the insurance market?
• Increased access to data that can enhance the accuracy of the underwriting process
• Increased reliability of the data through technologies such as blockchain
• Increased speed of decision making, lowering overhead costs, increasing competitiveness
• Potential for new lines of value-creating digital services
Diagram Source: Cloud Service Model – Understand The Types, Characteristics, & Advantages
What are the potential disadvantages of increased digitization on the insurance market?
• Overloading of models with extraneous data
• Reduced or removed availability of cover due to model limitations – even when it is a “good risk”
• Increased data storage and handling requirements for both insureds and insurers
• Increased commoditization of lines that require a differentiated or more nuanced approach
Growth of tech focused on insurance - Opportunity
7 Fatal “Flaws” in Insurance
1. Too expensive
2. Too confusing
3. Too easy to game the system
4. Cash drain
5. Doesn’t cover all causes of loss
6. Doesn’t cover everything
7. Doesn’t cover everyone
Source: Rob Galbreath, “The End of Insurance As We Know It”
Insurtech movement
focused on:
- new products
- process improvement
- reduced expenses
- loss prevention
- fraud prevention
- alternative revenue streams
- better customer experience,
and
- more
Tech that can improve risk management
Risk identification, monitoring and analysis: big data, structured and unstructured data analytics, deep learning, geospatial, drones, A.I., machine vision, quantum computing, social analysis, telematics
Loss prevention: IoT and sensors, cloud, A.I. at the edge, automation and robotics, augmented reality
Claims adjusting and processing: visual analysis, contextual mobility, conversational A.I., natural language processing, automated FNOL, fraud detection, predictive modeling, augmented loss analysis
Risk financing: Peer to peer insurance, UBI, on-demand insurance, blockchain risk syndication, policy automation
Risk communication: chatbots, sensors, compliance tech, analytics dashboards
Tech that can improve risk management - Examples
Aquaii
Underwater drones (robotic fish), packed with sensors to monitor and inspect marine environment, equipment. Used by Whole Foods to monitor North Sea salmon farms, minimizing safety risks.
RiskGenius
Applying machine learning to policy forms to compare policies, identify gaps or errors, or update language as case law changes. Risk managers could analyze policy wording before binding, or in claims disputes.
aim2
A.I. on the edge and computer vision tech monitor workplace safety in real time and minimize injury via access control, visual inspection of personal protective equipment without wearables that employees perceive as intrusive.
Pillcheck
A genomics-guided medication management service to match a person's prescription and his or her genetic profile. Can avoid harmful side effects, improve the efficacy of treatment and lower costs and speed RTW.
iCede
Cloud-based platform to simplify the coordination and communication of all aspects of a multinational P/C insurance program. A rules engine ensures compliance with local requirements.
Growth of digital creates risk exposures
▪ Overreliance on critical information infrastructure
▪ More digital processes exposed to cyber attacks and data theft
▪ Cyber risk aggregation scenarios
▪ Reliability of data from sensors is unproven
▪ Cascading failure from interconnected technologies
▪ Lack of standards in IoT
▪ Intersection of humans and technology
▪ Legacy systems unable to keep up, integrate with new tech
▪ New sources of fraud from streamlined claims processes
▪ Legacy products not meeting needs created by new tech
▪ Technology that reduces losses, also reduces premiums
Moving Forward
Tackling Digital Risk topics
19
#3 Emerging Risk - Cyber Risk
Board of Directors
#2 Economic Conditions
#4 Governance
#1 Regulatory
Changes
Source: 2015 Survey North Carolina State University ERM Initiative
Cyber, an ongoing emerging risk with many unknowns = Uncertainty, Need for Improved Resiliency
Financial,
Insurance
Personnel,
OHS
Service
Delivery,
Operations
Compliance Reputation,
Political Environment Information
Min
or
Minor impact on
budget/ loss that
can be replaced
from budget
Insurance up to
$1m required.
Injury report
and/or first aid
only
May include
substantial stress
but no lost time.
Work processes
would be
inefficient but
decisions could
still be made and
actions taken.
Unlikely to result
in adverse
regulatory
response or
action.
No media attention
Credibility may be
questioned.
Minor damage to a localised
area or that ceases once the
event is over
Environmental liability or
remediation cost $0-
50,000.
Loss of information or records of short-
term administrative value (e.g. routine
advice)
Unauthorised access to UNCLASSIFIED &
PUBLIC agency information.
Mo
dera
te
Serious impact on
budget/ resource
reallocation
required
Insurance
between $1-5m
required.
Medical treatment
for Injury
Substantial stress
event requiring
professional
clinical support.
Service delivery
interruptions of
more than 24
hours.
Incident
reportable to
regulatory
authorities with
potential for
formal notice or
fine.
Local media coverage
Senior management
damage control
required.
Measurable impairment on
biological or physical
environment
Ecosystem will recover
without intervention.
Environmental liability or
remediation cost $50,000-
500,000
Loss of information or damage to records
of moderate value (e.g. minor contracts or
project records, or required for audit
purposes)
Unauthorised access to IN CONFIDENCE
agency information.
Majo
r
Critical impact on
budget/ external
recovery required
Insurance
between $5-20m
required.
Hospital
treatment for
injury
Serious
temporary
disability/ minor
permanent
disability.
Service delivery
interruptions
longer than 3
days but less than
a month.
Recovery would
be expensive and
time consuming.
Investigation,
prosecution and
major fine
possible
Actions or
decisions cannot
be explained to
courts or
regulatory bodies.
Significant media
coverage
Political
embarrassment
would occur. May
jeopardise future
funding.
Serious environmental
effects
Ecosystem will recover over
time once clean-up has been
completed. Environmental
liability or remediation cost
$0.5m - $5m
Loss of information or damage to records
of high value records that relate to long
term or ongoing rights, obligations and
entitlements (e.g. employee health
monitoring and incident management
records)
Unauthorised access to PROTECTED
agency information.
Cata
stro
ph
ic
The agency would
incur huge
financial losses
Insurance of more
than $20m
required.
Single death
Permanent
disabilities for
multiple persons.
Agency
operations would
be rendered
dysfunctional and
not be able to
recover from
consequences.
May result in
serious litigation
including class
actions.
National and
international media
coverage
Total loss of
confidence in agency.
Very serious environmental
effects
Remediation required.
Environmental liability or
remediation cost >$5m
Loss or irreparable damage to vital
records essential for the ongoing business
of an agency, and without which the
agency could not operate effectively.
Loss of information or irreparable damage
to records of enduring value recognised
by a broader audience than the original
creating agency, including future
generations (e.g. PERMANENT records)
Unauthorised access to HIGHLY
PROTECTED agency information
Data Risk Consequence Scale
20
Applying Management Principles: Case Study
MUST DOs:
• Risk management processes MUST cover digital records in
all formats, including digital records outside formal
recordkeeping systems, such as email, websites & business
systems.
• Risk assessments MUST be carried out for all permanent
records, including permanent records held in business
systems.
21
Applying Management Principles: Case Study
22
A digital transformation for risk would
mean a number of changes.
Risk would capture and
manage information
from a broader and richer set of data, looking
into nontraditional
sources like business-
review ratings online.
Risk would automate
processes it controls, and
work with others to do the same for
decision-heavy processes.
Risk would use advanced
analytics to further
improve the accuracy and
consistency of its models, in
part by greatly reducing the
biases
Risk would embed its
solutions into an
organization’s website, its mobile app,
and its corporate platform,
while deploying a flexible risk
data architecture.
Inside the organization, leaders would consult self-
serve dashboards informed by
risk analyses—
and act on risk-driven strategic advice.
Risk would review and reshape its
mandate and role to
capitalize on its ability to
provide faster, more forward-
looking, and deeper
insights and advice.
Risk would alter its organizational setup, as well as
its
culture,
talent, and
ways of working.
Roadmap
Roadmap
• A digital transformation for risk would mean a number of changes.
• Risk would capture and manage information from a broader and richer set of data, looking into nontraditional sources like business-review ratings online.
• Risk would automate processes it controls, and work with others to do the same for decision-heavy processes.
• Risk would use advanced analytics to further improve the accuracy and consistency of its models, in part by greatly reducing the biases
• Risk would embed its solutions into an organization’s website, its mobile app, and its corporate platform, while deploying a flexible risk data architecture.
• Inside the organization, leaders would consult self-serve dashboards informed by risk analyses—and act on risk-driven strategic advice.
• Risk would review and reshape its mandate and role to capitalize on its ability to provide faster, more forward-looking, and deeper insights and advice.
• Risk would alter its organizational setup, as well as its culture, talent, and ways of working.
Take-a-ways
• Digital and digital risk are both the “now’ and the future as it subsumes business models and the risk profile or most organizations now and all in the future
• Digital Risk Governance is a matter of future survival in an increasingly complex and interconnected world
• Implementation will vary company by company depending on culture, leadership support, internal and external risk profiles and risk tolerances
• Getting started and making headway is more important than getting it perfect but tone from the top is a critical early component
• Insurtech is driving innovation and will be a key source of solutions for both buyers and sellers going forward
• A strong enterprise wide cyber risk framework will help you prepare and respond more effectively, and it will help every company take more intelligent risks.
24
Chris Mandel, RIMS-CRMP, CPCU, ARM-E, RF
SVP Strategic Solutions, Sedgwick
& Director, the Sedgwick Institute
Contact information
www.sedgwickcms.com www.sedgwickinstitute.com
Christopher E. Mandel, RF, RIMS-CRMP, CPCU, ARM-ESVP, Strategic Solutions, Sedgwick, Inc. &
Director, Sedgwick Institute
Christopher E. Mandel is the SVP for Strategic Solutions at Sedgwick and the Director of the Sedgwick Institute. In both roles he is engaged in helping Sedgwick chart its future through the long term planning for products, services and strategic solutions for this claims and productivity management firm. He is also co-founder and EVP, Professional Services for rPM3 Solutions, LLC as well as founder and president of Excellence in Risk Management, LLC. both independent consulting firms specializing in governance, risk and compliance, with a special emphasis on enterprise risk management. rPM3 Solutions holds a patent for a unique risk measurement process known as ARQ™. Prior to electing early retirement and for ten years from 2001-2010, Mr. Mandel was head of enterprise risk management for USAA Group, a $165 billion diversified financial services organization. At USAA, he designed, developed and led the enterprise-wide risk management and corporate insurance centers of excellence. He also served as President and Vice Chairman, Enterprise Indemnity CIC, Inc., an Arizona based alternative risk financing facility.
Mr. Mandel has more than 25 years of experience in risk management and insurance in large, global corporates. He has pioneered the development of cross-enterprise risk management capabilities resulting in S&P rating USAA as “excellent and a leader in ERM” from 2006 through 2010. In 2007, Treasury and Risk Magazine bestowed the Alexander Hamilton Award for “Excellence in ERM” on USAA. Mr. Mandel has been a long term senior leader in the Risk and Insurance Management Society including being elected President and Chief Risk Officer and was named Risk Manager of the Year in 2004. He also received RIMS’ Goodell Award (2016) for lifetime achievement.
Mr. Mandel’s deep, wide and diverse experience in all facets of risk management and insurance allows him to offer those interested in managing risk with excellence to engage him to provide everything from a comprehensive strategy and complete ERM framework to targeted guidance, tools, techniques and/or training. Mr. Mandel’s innovative approach to making risk a key strategically placed and results oriented function results from solidly connecting risk management outputs to a company’s key performance metrics and ultimately, mission accomplishment.
Mr. Mandel received his B.S. in Business Management from Virginia Polytechnic Institute and State University and an MBA in finance from George Mason University. He holds the CCSA, CPCU, ARM and AIC designations and is a frequent industry speaker, teacher and writer. He writes the “Risk Innovation” column for Risk and Insurance magazine and in 2008 was elected a member of Risk Who’s Who (RWW). He also wrote the Ask a Risk Manager column for Business Insurance from 1996 through 2008.
CONTACT: [email protected] 210-698-8056 o 210-845-5804 m https://www.sedgwick.com
26
Sedgwick © 2013 Confidential – Do not disclose or distribute. 27
Sedgwick CMS
The leader in innovative claims and productivity management solutions
Sedgwick Claims Management Services, Inc. is the leading North American provider of innovative claims and productivity management solutions. Sedgwick and its affiliated companies deliver cost-effective claims, productivity, managed care, risk consulting, and other services to clients through the expertise of more than 21,000 colleagues in 900 offices located in 65 countries. The company specializes in workers’ compensation; disability, FMLA and other employee absence; managed care; general, automobile and professional liability; warranty and credit card claims services; fraud and investigation; structured settlements; and Medicare compliance solutions. Sedgwick and its affiliates design and implement customized programs based on proven practices and advanced technology that exceed client expectations. For eight years in a row, Sedgwick has been awarded the distinguished Employer of Choice® certification, the only third-party administrator (TPA) to receive this designation. In 2011 and 2012, the company was named the Best Overall TPA by buyers of risk services through an independent survey conducted by Business Insurance. For more see www.sedgwick.com.
© 2018, Sedgwick Claims Management Services, Inc. applies to all content except where otherwise noted
Sedgwick © 2013 Confidential – Do not disclose or distribute. 28
The Sedgwick Institute
Vision
Launched I 2016, the Sedgwick Institute serves as an incubator for some of the best and brightest minds to advance the conversations that affect all the players in our industry, including injured and ill members of the workforce, insurance carriers, employers, property owners, third party claims administrators, brokers, lawmakers and medical providers. The institute’s thought leaders work individually and collaboratively to examine selected complex challenges facing the various stakeholders in our space and propose innovative options and solutions to improve public and private decision making on these issues.
Purpose
The Sedgwick Institute is an interdisciplinary community of thought leaders dedicated to helping drive dialogue and action around issues affecting the risk and benefits industry.
Who
To fulfill its evolving agenda, the Sedgwick Institute leverages both full- and part-time expertise from business, government, academia and other industry sources, through visiting or full-time fellow positions. While no specific minimum criteria are anticipated, decisions about institute appointments will be primarily a function of the issues selected to populate the agenda as it develops and evolves.
Visit us at: www.sedgwickinstitute.com & at LinkedIn
© 2016 Sedgwick Claims Management Services, Inc. - Do not disclose or distribute.