Are YOUR Client Companies Profitable?

The business model of many PEO’s includes utilizing the resale of workers’ compensation as a profit margin. For this to be successful, the PEO must understand the liabilities and assets affiliated with each of their workers’ compensation policies and price them appropriately. Both guaranteed cost and loss sensitive platforms have many variables which need to be understood over the course of the policy term to do this successfully. Because of this, understanding profitability at a portfolio or even a policy level can sometimes be a challenge. Understanding the profitability of individual client companies within master policies or with exposures spread over multiple policies adds an additional level of complexity.

At RiskMD we are able to seamlessly solve this problem! By tracking assets (premium) and liabilities (claims) of each client company based on their unique FEIN we are able to understand loss ratios and loss/profit margins on each client company within a given book of business. This holds true regardless of how coverage for the client company is structured, i.e. master policies, MCP’s (multiple coordinated policies), client direct policies or a combination thereof. This also holds true year-over-year regardless of changes in carriers or policy structure for any given client company.

This analysis of each client company can be performed using the carrier’s billed premium or the PEO’s charged premium. This allows us to understand performance of clients and policies as the carrier would view them, giving us greater leverage for negotiating pricing at renewals. Additionally, this allows us to understand client and policy profitability to the PEO itself.

To learn more about RiskMD’s patented process and how to understand YOUR data, contact David Sink at (407)613-5489 or by email: dsink@riskmd.com

The E-merging Risk that Keeps on E-volving: Cyber

As providers of service and insurance to PEO’s, small and medium-sized businesses are the “bread and butter” of clients targeted.

“According to an ISO analysis, 80 percent of cyber breach victims in 2017 were small and medium-sized businesses.” — Neil Spector, president, ISO, a Verisk business

Great article on the current state of cyber from our friends at insurancejournal.com

The E-merging Risk that Keeps on E-volving: Cyber

    6 Reasons Cyber Remains Top Emerging Risk

    Property/casualty insurance experts may not agree on everything but there is a consensus that the most important emerging risk for the industry remains the five-letter word: CYBER. It is not new, of course, but it stays atop emerging risk lists because of its dynamic and pervasive nature.

    Insurance Journal defines emerging risks as those that are new and not yet widely recognized, or perhaps recognized but not well understood. A number of industry leaders explain why cyber remains such an important risk to watch.

    Not Slowing Down

    The number of data breaches and the average costs of cyber-crime are rising every year. These trends show no signs of slowing down. In fact, cyber risk is becoming more concerning as crime-as-a-service gains popularity and artificial intelligence technologies are used more frequently in attacks. Internet of Thing devices are increasing the attack surface and providing more ammo for hackers. One of the more difficult aspects about insuring cyber risk is the dynamic nature of the risk. Just a few years ago, cyber-attacks primarily involved stealing private credit card and health information from large companies. Today, cyber criminals focus on completely different tactics for making money, such as locking out users from computer systems using ransomware, or secretly hijacking computers to mine cryptocurrency. And large corporations aren’t the only targets. According to an ISO analysis, 80 percent of cyber breach victims in 2017 were small and medium-sized businesses. — Neil Spector, president, ISO, a Verisk business

    Keeping Up with IoT

    The biggest risks involve cyber crime. Under “emerging risks,” one of the biggest is the Internet of Things (IoT), and the cybersecurity risks created by billions of interconnected devices. The challenges for agents and brokers multiply in regard to understanding the potential implications, such as IoT devices in homes and businesses — tracking sensors, fire/flooding/intrusion warning devices and more. Agents need to be aware of the questions to ask clients to ensure they are offering complete coverages. They need to be vigilant in keeping up with the IoT devices emerging at an astonishing pace. — Robert Rusbuldt, CEO, Big “I” Independent Insurance Agents & Brokers of America.

    High Severity

    There are many scenarios where cyber risk comes into play, but one example is related to vehicle systems. Luxury automobiles, for example, have up to 150 or more computer programs that impact vehicle performance. Tractor trailer technology is also advancing rapidly, and just one of those systems being hacked could have catastrophic results. WSIA conducts a biennial survey of members regarding emerging issues. Cyber exposure jumped in priority this year, with members agreeing the issue has high severity in terms of current impact industrywide. — Jacqueline Schaendorf, president and CEO, Wholesale & Specialty Insurance Association

    Cyber Property Damage

    One definite area of emerging peril is the threat of substantial property destruction caused by intrusions into sensitive computer networks and connected hardware devices. Long gone are the days where the worst aspect of cyber vulnerabilities amounted to stolen credit card information or lost privacy. Instead, a new breed of cyber exposure is unfolding whereby energy infrastructure facilities and other industrial works have been targeted with cyber attacks causing explosions, wreckage and business interruption. Most expect these risks will soon expand to domestic infrastructure and transportation operations with the prospect of major instances of property damage and life-threatening injuries.

    — Joshua Gold, shareholder attorney, Anderson Kill

    Immature Market

    Cyber comes with a bit of a double-edge sword. On one hand, it is a new market that is growing faster than any other for the industry. But being an immature market means more time is needed to flesh out the data to improve underwriting. Where cyber may be a more interesting market — perhaps even one that helps us peer into the future value of insurance — is how risk mitigation tools are being incorporated into the mix. We are seeing many carriers partner with technology companies in order to assess the actual vulnerabilities within the customers. This presents more stability for underwriting. Customers’ value may evolve in the future toward risk mitigation and resilience building. This would be a shift for an industry that — at least for the past several decades — has based its value on price. — Sean Kevelighan, president and CEO, Insurance Information Institute

    Accumulation Risks

    In a study titled “Advancing Accumulation Risk Management in Cyber Insurance,” global insurance think tank The Geneva Association focused on the danger of accumulation risks as a threat to cyber insurance. The report highlights several cyber accumulation risk challenges:

    • Insurers and reinsurers could underestimate non-affirmative cyber exposure leading to an unplanned shock from a major event. Non-affirmative cyber exposure occurs when a cyber attack causes major losses by triggering coverages in other classes.
    • Data are of insufficient quality, are incomplete and/or lack the necessary consistency for more advanced modeling techniques.
    • Governments predominantly fail to provide frameworks for the sharing of large- scale cyber-terrorism-losses.

    – Anna Maria D’Hulster, secretary general, The Geneva Association

    RiskMD is Granted a Patent

    A System and Method for Valuation, Acquisition and Management of Insurance Policies

    ORLANDO, September 12, 2018 / — RiskMD is granted a patent for “System and Method for Valuation, Acquisition and Management of Insurance Policies”. The patent focuses on acquiring, valuing and managing workers’ compensation client company exposures regardless of the insurance policy structure. This is the first Professional Employer Organization (“PEO”) specific patent ever issued.Since its inception in 2005, RiskMD has been focused on understanding the diagnostics of the prospective or current coemployed client companies of a Professional Employer Organization (“PEO”) within the overall portfolio of client companies of that PEO.  In order to understand what client companies fit the given portfolio and at what price, we partnered with Appulate to efficiently acquire client data to then apply a proprietary predictive model called “The Barnstable Vintage” to value and thereby price the client company in question.  The vision was “Geico meets workers’ compensation”; acquisition, underwriting, valuation and pricing of a client company based on a pure computer feed with underwriter input only on an exception basis as is shown in exhibit 1 of the patent:

    While there will always be a place for underwriters and underwriting, the consistency of process in acquiring and valuing business is intended to focus the underwriter on the “art” versus “science” of underwriting.  How long in business?  Good neighborhood?  Does the owner throw birthday parties for their staff? This is the art and the mathematical formulas behind the predictive models built provide the science.

    In an effort to properly manage client companies of a PEO regardless of policy structure, the last piece was to understand and then to build a process revolving around a key identifier; the client company Federal Employer Identification Number (“FEIN”).  Cathy Doss, the first Chief Data Officer for Capital One and current Data Officer for Fannie Mae, architected a similar process at Capital One with the Social Security Number as the key identifier and created a similar process for RiskMD.  The combination of these processes are what provides the foundation for this patent and the vision of RiskMD.  The end result is the ability to spin data amongst the three main data pools of a PEO; policy/application data, claims data and payroll/premium data.  Using Tableau as a visualization tool behind the SQL built mathematical formulas, the end presentations look like the below.

    Unlocking PEO client data to make more informed decisions is foremost in understanding how to acquire, value and properly manage insurance policies and the client companies that they insure.  We are passionate about proving out the value and performance of the PEO industry and know that this now patented process will help immensely to that end.  We appreciate all of our clients and carriers support on this effort over the last five years and look forward to further deployment of this tool to the betterment of each party and the industry as a whole.

    “The vision of RiskMD was to make data-driven decisions in pricing and managing PEO client companies regardless of policy structure”, said Mr. Hughes.  “Too much time was being spent diagnosing issues and not enough in treating them.  While our now patented process has been in place for years, it is very satisfying to be recognized by the United States Patent Office for the invention”.

    Young Consumers Willing to Let Insurers Spy on Digital Data – If It Cuts Premiums

    As a sociology major and Orwellian it is hard for me to not think about “Big Brother” when reading these types of reports.  My gut would tell me that the younger generation of people that understand data management the most would be most conference about data collection – seemingly not the case –

    The majority of people between 18 and 34 would be willing to let insurance companies dig through their digital data from social media to health devices if it meant lowering their premiums, a survey shows.

    In the younger group, 62 percent said they’d be happy for insurers to use third-party data from the likes of Facebook, fitness apps and smart-home devices to lower prices, according to a survey of more than 8,000 consumers globally by Salesforce.com Inc.’s MuleSoft Inc. That drops to 44 percent when the older generations are included.

    As consumers share more of their personal data online, governments increased their scrutiny of how it’s collected and used following the harvest of 61 millions Facebook users’ accounts by U.K. firm Cambridge Analytica. The European Union’s new privacy law, known as the General Data Protection Rules, took effect on May 25.
    Of the older generations, 45 percent of 35- to 54-year-olds are happy to allow insurers broad access to their digital identity, while 27 percent of those 55 and older would do so.

    Insurers are investing millions improving their digital offerings amid growing competition from fintech startups. But that’s a work in progress: 58 percent of the survey’s respondents said that systems don’t work seamlessly for them, with many citing difficulty filling out a form online. And 56 percent said they would switch their insurance provider if digital service is poor.

    “Insurers are already struggling to deliver a connected experience,” said Jerome Bugnet, EMEA client architect at MuleSoft. That is happening “before even considering how they bring all these new data sources into the equation.”

    Where Will the Wind Blow this Year? …Ask Europe

    As the owner of a coastal home, the start of hurricane season always gets my attention along with the predictive models that come with it.  As an early storm spins in the gulf, the threat of windstorms once against is on the forefront.

    As a data geek, of huge interest is the data pools collected, weights they are given, intervals of understanding them and algorithms produced and interpretations made as a result.

    Out of the shoot some fun facts from our friends at the National Oceanic and Atmospheric Administration (full article at end of blog):

    • “A total of 10 to 16 named storms, tropical-strength or stronger, will likely cross the basin…one to four may become major hurricanes with winds of 111 miles (179 kilometers) per hour or more”
    • “Along the Atlantic and Gulf coasts there are more than 6.6 million homes with an estimated reconstruction cost of $1.5 trillion”

    Unfortunately the past has not fared well for NOAA’s US predictive model (GFS) versus that executed by the European Center for Medium-range Weather Forecasting (ECMWF)  An article from last year that highlights the weaknesses of the US  v European model…  is accessible from the below link with highlights below.

    https://mashable.com/2017/09/14/hurricane-irma-weather-forecast-models-gfs-vs-european/#03UD9HVxAOqI

    •  “The issue gained prominence after Hurricane Sandy struck New Jersey in October 2012, which the European model hinted at at least a week in advance. The GFS model, however, didn’t catch on to the storm’s unusual track until about 5 days in advance”
    • Critics of the GFS say it needs to be improved with greater computer processing power. In addition, they say, the model needs to process weather information in more advanced ways, with greater resolution in both the horizontal and vertical scale, since the weather on the surface depends heavily on what is going on in the mid-to-upper atmosphere.
    • “Michael Farrar, who heads the Environmental Modeling Center (EMC), which is the lead office within the National Oceanic and Atmospheric Administration (NOAA) that develops and operates computer models, said “it’s no secret” that the GFS has been behind the competition. “While it’s continued to improve remarkably over time… it’s consistently behind the European model,” Farrar said in an interview. “

    Because you have a predictive model means you have some basis to understand the future, but not necessarily the best.  The breadth of data ingested along with the timeliness in which it is done along with the proper weightings within are paramount to properly forecasting outcomes.

    “Forecast skill score comparisons, maintained by Brian Tang at the University of Albany, show that the European model was far superior to the GFS model during the long trek that Hurricane Irma took from off the coast of Africa, through the northern Leeward Islands, the Caribbean, Bahamas, Cuba, and then into the mainland U.S.”

    “Here’s how to read this chart: The GFS model is represented by the acronym, AVNO, while the ECMWF is the European model. All the others are models from other countries and groups, such as the CMC, or Canadian model, and the UKM, from the UK Met Office. Also, the acronym, “OFCL,” represents the official Hurricane Center human forecast.”
    To be succinct, this shows we were half as predictive with GFS versus ECMWF.

    Annotated version of model verification scores for weather models' forecasts for Hurricane Irma.

    “For now, forecasters are stuck with a temperamental model that can fail to catch on to upcoming threats until days after the European model has sounded the alarm.”

    As the most innovative country on the technology front, ever… we need to step up our game in predictive analytics on the weather front – volume, velocity and variety – in order to be the world’s front line in understanding the course of “Acts of God”.  For now, the better answers appear to be across the Atlantic.

    What NOAA Forecasts for 2018 Atlantic Hurricane Season

    By | May 25, 2018

    On the heels of the costliest hurricane year on record, the Atlantic is expected to produce five to nine of the mighty storms during the six-month season that starts June 1, the National Oceanic and Atmospheric Administration said.

    A total of 10 to 16 named storms, tropical-strength or stronger, will likely cross the basin, threatening people, real estate, crops and energy resources in the U.S., Mexico and the Caribbean, according to the agency’s annual forecast Thursday. Of those, one to four may become major hurricanes with winds of 111 miles (179 kilometers) per hour or more

    “Regardless of the seasonal prediction, Atlantic and Gulf coast residents need to prepare every year,” Gerry Bell, a forecaster with the Climate Prediction Center, said during a conference call. “There are over 80 million people between Atlantic coast and Gulf coast that can be affected by a hurricane.”

    Hurricane season is closely watched by markets because about 5 percent of U.S. natural gas and 17 percent of crude comes out of the Gulf of Mexico, according to the Energy Information Administration. In addition, the hurricane-vulnerable coastline also accounts for 45 percent of U.S. refining capacity and 51 percent of gas processing.

    Florida is the world’s second-largest producer of orange juice. Along the Atlantic and Gulf coasts there are more than 6.6 million homes with an estimated reconstruction cost of $1.5 trillion, according to the Insurance Information Institute in New York.

    Costliest Year

    Last year the U.S. was hit by three major hurricanes — Harvey, Irma and Maria — that helped drive total losses to more than $215 billion, according to Munich Re. It was the most costly season on record, surpassing 2005 which produced Katrina. Overall 17 named storms formed in 2017, which fell in line with NOAA’s prediction of 11 to 17.

    The forecast is influenced by conditions across the equatorial Pacific. Earlier this year La Nina collapsed and the ocean returned to its neutral state with the possibility of an El Nino forming later this year. El Nino, when the Pacific warms and the atmosphere reacts, ,,increases wind shear across the Atlantic that can tear apart hurricanes and tropical storms, reducing the overall numbers.

    Conditions in the Atlantic will also play a role. Hurricanes need warm water to fuel growth and the basin is currently running colder than normal. Forecasters are currently watching a system in the Gulf of Mexico that may become a tropical depression by Saturday.

    An average to above-average season means there is a greater chance the U.S. coastline and Caribbean islands are at risk, said Bell.

    “When you have a more active season you have more storms forming in the tropical Atlantic and those storms track further westward,” Bell said. “Certain areas have been compromised from last year’s storms that makes hurricane preparedness ever more important this year.”

    Buffett Not Eager for Berkshire to Be Cyber Insurance Leader

    https://www.insurancejournal.com/news/national/2018/05/07/488425.htm

    Some intriguing comments from Warren Buffet on the State of cyber insurance.  My favorite (which I agree with), “I don’t think we or anybody else really knows what they’re doing when writing cyber” insurance, Buffett said Saturday at his firm’s annual meeting in Omaha, Nebraska. “We don’t want to be a pioneer on this.”

    From both sides off the table (agent and underwriter) there is still much more to learn in this burgeoning insurance product line which has increased premiums written 35% in the last two years.

    Buffett Not Eager for Berkshire to Be Cyber Insurance Leader

    By and | May 7, 2018

     

    Warren Buffett said he doesn’t want Berkshire Hathaway Inc. being a leader on cyber insurance because neither he nor others in the industry really know the risk.

    “I don’t think we or anybody else really knows what they’re doing when writing cyber” insurance, Buffett said Saturday at his firm’s annual meeting in Omaha, Nebraska. “We don’t want to be a pioneer on this.”

    Buffett said that cyber risk is part of his estimate that every year carries about a 2 percent chance of a super catastrophe that would cause $400 billion or more of insured losses. While that kind of disaster will wipe out many companies, Berkshire will aim to keep its exposure low enough to remain profitable in such a year, the 87-year-old chairman said.

    Buffett said he’s fine with writing some cyber policies to remain competitive, but doesn’t want to be among the top three in the industry. Anyone who claims to know the base case or worst case for losses is “kidding themselves,” he said.

    [Property/casualty insurers wrote $1.35 billion in direct written premium for cyber insurance in 2016, a 35 percent jump from 2015, according to reports by Fitch Ratings and A.M. Best.

    According to the reports, the largest cyber insurance writers are American International Group, XL Group and Chubb. These companies had a combined market share of approximately 40 percent at year-end 2016. The top 15 writers of cyber held approximately 83 percent of the market in 2016.

    Completing the top 10 writers of cyber ranked by direct premium written are: Travelers, Beazley, CNA, Liberty Mutual, BCS Insurance (owned by Blue Cross licensees), AXIS Insurance Group and Allied World.]

    NAPEO Forms Cybersecurity Task Force

    As an fyi, NAPEO has formed  a Cybersecurity Task Force to better understand the exposures of PEO and how to mitigate them.  A very timely and critical task force that I am very proud to be a part of – This is by far the most misunderstood exposure to PEO today.

    “NAPEO recognizes the critical business and compliance risks faced by our members concerning cybersecurity. Although many member resources such as PEO Insider and various conferences have featured helpful information and programs for members on this topic, NAPEO recognized more is needed and formed the NAPEO Cybersecurity Task Force to help fill that gap. The Cybersecurity Task Force is comprised of a cross section of professionals with expertise in insurance, law, technology and the business environment of PEOs. Its primary mission is develop a set of best practices which NAPEO members could use to strengthen their compliance efforts and minimize their legal and business risks. The Task Force’s first step will be to survey members to gain a deeper insight into the cybersecurity concerns and exposures of members, which will be used to help shape the best practices the task force will produce. For more information, please contact Farrah Fielder.”

    ‘Petya’ Ransomware Outbreak Goes Global

    Does your company have a process in place to combat and/or react to a ransomware attack? If not, you should.  The below article published on krebsonsecurity.com outlines one of the newest ransomware threats.

    ———–

    A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain.

    The ransom note that gets displayed on screens of Microsoft Windows computers infected with Petya.

    The ransom note that gets displayed on screens of Microsoft Windows computers infected with Petya.

    According to multiple news reports, Ukraine appears to be among the hardest hit by Petya. The country’s government, some domestic banks and largest power companies all warned today that they were dealing with fallout from Petya infections.

    Danish transport and energy firm Maersk said in a statement on its Web site that “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack.” In addition, Russian energy giant Rosneft said on Twitter that it was facing a “powerful hacker attack.” However, neither company referenced ransomware or Petya.

    Security firm Symantec confirmed that Petya uses the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker group calling itself the Shadow Brokers.

    Microsoft released a patch for the Eternal Blue exploit in March (MS17-010), but many businesses put off installing the fix. Many of those that procrastinated were hit with the WannaCry ransomware attacks in May. U.S. intelligence agencies assess with medium confidence that WannaCry was the work of North Korean hackers.

    Organizations and individuals who have not yet applied the Windows update for the Eternal Blue exploit should patch now. However, there are indications that Petya may have other tricks up its sleeve to spread inside of large networks.

    Russian security firm Group-IB reports that Petya bundles a tool called “LSADump,” which can gather passwords and credential data from Windows computers and domain controllers on the network.

    Petya seems to be primarily impacting organizations in Europe, however the malware is starting to show up in the United States. Legal Week reports that global law firm DLA Piper has experienced issues with its systems in the U.S. as a result of the outbreak.

    Through its twitter account, the Ukrainian Cyber Police said the attack appears to have been seeded through a software update mechanism built into M.E.Doc, an accounting program that companies working with the Ukranian government need to use.

    Nicholas Weaver, a security researcher at the International Computer Science Institute and a lecturer at UC Berkeley, said Petya appears to have been well engineered to be destructive while masquerading as a ransomware strain.

    Weaver noted that Petya’s ransom note includes the same Bitcoin address for every victim, whereas most ransomware strains create a custom Bitcoin payment address for each victim.

    Also, he said, Petya urges victims to communicate with the extortionists via an email address, while the majority of ransomware strains require victims who wish to pay or communicate with the attackers to use Tor, a global anonymity network that can be used to host Web sites which can be very difficult to take down.

    “I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,” Weaver said. “The best way to put it is that Petya’s payment infrastructure is a fecal theater.”

    Ransomware encrypts important documents and files on infected computers and then demands a ransom (usually in Bitcoin) for a digital key needed to unlock the files. With most ransomware strains, victims who do not have recent backups of their files are faced with a decision to either pay the ransom or kiss their files goodbye.

    Ransomware attacks like Petya have become such a common pestilence that many companies are now reportedly stockpiling Bitcoin in case they need to quickly unlock files that are being held hostage by ransomware.

    Security experts warn that Petya and other ransomware strains will continue to proliferate as long as companies delay patching and fail to develop a robust response plan for dealing with ransomware infestations.

    According to ISACA, a nonprofit that advocates for professionals involved in information security, assurance, risk management and governance, 62 percent of organizations surveyed recently reported experiencing ransomware in 2016, but only 53 percent said they had a formal process in place to address it.