Category Archives: Business

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

10 Tips to Excel in ERM

Posted on by

05a9ef2CHICAGO—For many risk managers looking to implement enterprise risk management programs, one of the biggest challenges is figuring out how to do it properly. Unfortunately, as Steve Zawoyski, ERM leader at PwC, pointed out in a session at this year’s RIMS ERM Conference, you will never find the perfect ERM program—it’s basically as mythical as a unicorn. But there are certain key steps you can take to increase your chances for a successful ERM program. Zawoyski’s top tips are:

  1. Establish ERM program objectives. One of the common stumbling blocks to a successful program is the lack of agreement as to why you are doing this in the first place. Some may be doing it in order to make better decisions around strategy while others have governance concerns in mind or are simply doing it because the board said so. Establishing proper objectives will allow you create the program that works best for your organization.
  2. Manage stakeholders. There are likely multiple parties that have a vested interest in your ERM efforts from the board to business managers to legal and audit to regulators.
    buy fildena online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/fildena.html no prescription pharmacy

    You will need to consider all of their specific needs and concerns.

  3. Align risk functions. Risk management is part of every division’s responsibility. Getting everyone on the same page will avoid allowing fatigue to set in over yet another risk management effort.
  4. Align risk and management processes.
    buy advair rotahaler online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/advair-rotahaler.html no prescription pharmacy

    It is important to understand how the business is being managed and connect to those processes in order to be in a position share information up and down the organizational hierarchy.

  5. Define risk. The traditional definition of risk denotes a hazard or a failure of some process. Make sure you organization understands that risk is merely uncertainty that can have both a positive or negative impact on objectives. It is ok to take on risk.
  6. Give credit. Different functions already have risk management capabilities and processes. Rather than reinvent the wheel, harvest the data and expertise already out there and build off that. Don’t build unnecessary steps into the process when those areas are already being addressed.
  7. Remember that risk is a four-letter word. Risk is an overused, ambiguous word with an often negative connotation. Risks are nothing more than variables that can present opportunities for greater success.
  8. Beware of risk categories. Labels like operational, financial, strategic or technology are overemphasized and not how business units think of risk.
    buy clomid online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/clomid.html no prescription pharmacy

    It is more effective to talk about risk in terms of management of hazards, compliance obligations or other uncertainties.

  9. Do your research. It is vital to develop a thorough understanding of the business and its drivers, from its capabilities to its competitive advantages to its strategic priorities and objectives.
  10. Simplify risk appetite. Risk appetite should be considered on a risk-by-risk basis and should boil down to a simple question of once risk controls and processes are in place, are you satisfied with the results?

ERM implementation can be challenging. But according to Zawoyski, it is all about keeping it simple for the stakeholders, ensuring that value is created, aligning to the business and evolving over time. By approaching your program in this way, all stakeholders will understand their role and how ERM relates to the overall strategy of the organization.

Corporate Directors and Officers Face Cybersecurity Pressure

Posted on by

Stock market down

One of the primary issues confronting corporate directors, officers and others involved in risk management today is cybersecurity. News cycles have been littered with high-profile data breaches at companies ranging from Sony Pictures Entertainment, Wyndham Hotels, Anthem and Home Depot, since Target Corporation’s massive data breach kicked off this scrutiny in 2013. The massive federal data breach earlier this year demonstrated that the U.S. government is not immune either.

A corporate data breach not only inflicts reputational and financial pain on the targeted company, but, depending on the data disclosed, the impact on consumers can be dramatic. According to Redspin’s Breach Report 2013, since 2009, nearly 30 million Americans have had their personal health information accidentally disclosed—or worse, breached. Further, the Cyber Edge Group recently surveyed 800 security decision makers and practitioners and found that more than 70% indicated that their networks were breached in 2014, an increase of 8% from 2013.

Claims against Directors

Cybersecurity is an issue of risk assessment that should be on the mind of board members. As every director has likely experienced, corporate decision-makers are under more scrutiny today than ever before because of corporate scandals that led to the adoption of the Sarbanes-Oxley Act and the more recent Dodd-Frank Act. One of the main objectives of Dodd-Frank is to increase transparency and improve accountability in the corporate financial world. As a result, board members are now required to spend more time overseeing a company’s operations than perhaps was the case in prior years.

A key determinant of liability is how a director acts once a red flag has been identified. When a warning sign appears, a director is required by law to diligently undertake a reasonable investigation.

online pharmacy apixaban with best prices today in the USA

But an open issue at hand is how much training companies provide to their directors so that they can identify potential issues and respond accordingly, or actively oversee the corporate compliance program. In light of many recent cases, the answer is: not enough. One proactive approach is for a corporate board to annually review all of the material events that impacted their company over the past year (both externally and internally) and assess how prepared the management team was for each event. They should also assess the company’s overall approach to cybersecurity policies and practices annually, including any incident response plans.

All this said, if history is our guide, the likelihood of a corporate board member being held personally liable for poor oversight of a public company is low. This is because directors and officers insurance almost always covers any liability or settlement. According to a 2006 Stanford Law Review study, between 1980 and 2005, there were only 12 cases where directors were forced to make payments that were not covered by insurance, including legal fees.

While data breaches have spawned litigation brought by consumers or employees, widespread litigation has not ensued with shareholders seeking damages as a result of a data breach. This is likely because of the challenges inherent in demonstrating that a company’s share price was materially affected by a breach.

online pharmacy minocin with best prices today in the USA

The data breach at Home Depot provides a good example of potential litigation strategies that may be employed in the future. Following that breach, a lawsuit was filed in Delaware Chancery Court seeking access to Home Depot’s books and records related to the data breach. It appears that the plaintiffs are using this suit to determine whether Home Depot’s directors and officers breached their fiduciary duties by failing to adequately protect the company’s credit card information. Based on what is uncovered, it is likely that future litigation will ensue.

The law regarding director’s liability is fairly well established, and claims typically arise in one of two scenarios: 1) The directors should be liable because they made a decision or took an action that was either negligent or ill-advised (they breached their duty of care); or 2) The directors failed to act in a situation where they could have prevented a loss (they breached their duty of loyalty).

Claims alleging a breach of the duty of care are unlikely to succeed because directors enjoy the protections of the director-friendly business judgment rule. Essentially, the business judgment rule immunizes a director’s conduct from judicial scrutiny as long as the decision is informed, made in good faith, and with the genuine belief that the decision was made in the company’s best interest. Even if a plaintiff can overcome the presumptions in favor of a director by showing gross negligence, many companies have adopted charter or bylaw provisions consistent with Delaware law, thereby insulating directors from liability for a breach of their duty of care. Other states such as Nevada have enacted statutes specifically protecting directors from these types of claims.

In the second scenario, a director is not insulated from liability under Delaware law, and a director’s conduct is evaluated under the standards enunciated in Caremark International Inc. Derivative Litigation and its progeny. This oversight liability attaches when directors consciously disregard their responsibilities either by: 1) failing to implement a sufficient reporting system; or 2) after implementing a reporting system, failing to properly oversee or monitor its operations by serving as passive recipients of information. Simply put, making no decision – or looking the other way – may indeed be worse than making any decision, even a bad one.

Many risks can be mitigated through the use of insurance policies. But with respect to cybersecurity, relying on insurance may prove problematic. With no form of standardized cyber insurance policy language established, different insurers are adopting different approaches. Moreover, an actuarial challenge exists in predicting or gauging the probability and impact of a cyberattack. As a result, it remains difficult to match a cybersecurity policy with the risk profile of a particular company. Also, the damages suffered from a data breach may be multifaceted and unique, with no normal distribution of outcomes. In sum, insurance may be a partial answer, but not necessarily a cost-effective complete solution.

Rise of the Corporate Investigation

Over the past several years, a cottage industry has emerged among lawyers who claim to specialize in corporate investigations. These investigations used to be the purview of a company’s general counsel or legal staff. But courts became less likely to apply the business judgment rule if an investigation was conducted in-house. This reluctance has spawned the exponential growth of corporate investigations, and more or less established that the standard of care is to retain outside counsel. Even though the costs of these investigations can be prohibitive, there appears to be no consensus on a different tactic.

In the face of a government enforcement action, regardless of which regulatory authority is involved, a director’s playbook is pretty straightforward. Directors should establish a committee to exercise day-to-day supervision of an internal investigation and monitor the progress in order to best ensure the company’s protection. One way for directors to limit their exposure—and perhaps cut down on corporate misconduct—is to provide the same oversight on an ongoing, day-to-day basis. This can decrease the number of required corporate investigations and the identification and remediation of issues before they become significant liabilities. Viewed through the eyes of a director, such an approach could lessen the likelihood of future liability.

P&C Insurers’ Profitability Up in First Half of 2015

Posted on by

Low catastrophe losses contributed to a rise in net income for property/casualty insurers in the first half of this year, to $31 billion from $26 billion in the first half of 2014, according to ISO, a Verisk Analytics business, and the Property Casualty Insurers Association of America (PCI). Insurers’ overall profitability, measured by their rate of return on average policyholders’ surplus, grew to 9.2% from 7.8%.

“While Old Man Winter did his best to disrupt things in the Northeast during the first half of 2015, insurers overall incurred lower domestic catastrophe losses than they did during the first half of last year due to a relatively quiet tornado season and the slow start to hurricane season,” Robert Gordon, PCI’s senior vice president for policy development and research, said in a statement. “Insurers’ combined ratio and rate of return all improved in the first half of 2015, while premium growth and investment income remained relatively stable.”

Beth Fitzgerald, president of ISO Solutions noted, “Still, it’s important to note than U.S. catastrophe losses during the first half of 2015 were only slightly lower than the 10-year average. As the devastation caused by meteorological conditions associated with Hurricane Joaquin highlights, it’s crucial for insurers to remain disciplined in their underwriting and look at analytics to be ready not only for weather disasters but also for other major challenges the future may hold.”

According to the report, insurers’ combined ratio improved to 97.6% for first-half 2015 from 98.9% for first-half 2014, and net underwriting gains went to $3.39 billion from $237 million. Net written premium growth remained unchanged at 4.1 percent for the first half of 2014 and 2015.

Also in first-half 2015, earned premiums grew 4.0% to $247.5 billion, while losses and loss adjustment expenses (LLAE) rose just 1.8% to $171.3 billion. Other underwriting expenses rose 4.7% to $71.8 billion, and policyholders’ dividends were mostly unchanged at $1.0 billion. Net underwriting gains increased to $3.4 billion from $0.2 billion.

In second quarter, consolidated net income after taxes for the P&C industry rose to $12.8 billion from $12.1 billion in second-quarter 2014.

P-C_1Q results

P&C insurers’ annualized rate of return on average surplus increased to 7.6% in second-quarter 2015 from 7.3% a year earlier.

Net written premiums rose $5.5 billion, or 4.4%, to $130.6 billion in second-quarter 2015 from $125.1 billion in second-quarter 2014.

Cyber Insurance Purchasing Up, But Breaches Felt in Prices and Limits

Posted on by

NEW YORK—At yesterday’s Advisen Cyber Insights Conference, Zurich and Advisen released the fifth annual Advisen Cyber Survey of U.S. risk managers, finding a 9% acceleration in cyber liability insurance purchasing from 2014 to 2015. The firm has seen a 26% increase in the number of respondents who have coverage since the first survey in 2011.

Companies are taking cyberliability more seriously, Zurich reports, with the number of organizations developing data breach response plans up 10% from last year. What’s more, companies appear to be better recognizing the sheer amount of value at risk, with two-thirds of respondents saying they have either increased their policy limits or are considering doing so. While Zurich found that more organizations view information security as an organizational challenge rather than the purview of the IT department alone, and respondents said that boards and executive management are taking cyberrisk more seriously, those who have not yet obtained cyber coverage say it is because their superiors still do not see the need. There is also still a considerable difference in take-up rates among large corporations and small and mid-sized businesses, with Catherine Mulligan, senior vice president and national underwriting manager of specialty E&O, telling the audience there is an approximate 20-point spread between the groups.

“This year’s cyber survey shows that demand for coverage and higher limits has increased tremendously and we at Zurich have seen double digit growth year over year,” said Bryan Salvatore, president of specialty products for Zurich North America. “That is why we are heavily invested in identifying risks and delivering solutions and why we are committed to staying at the forefront of this issue.”

Marsh has also seen considerable growth in cyber liability insurance purchasing among its clients. According to the insurer’s new midyear cyber benchmarking report, the number of U.S.-based Marsh clients purchasing standalone cyber insurance increased 32% in the first half of 2015, up from 26% growth during this period in 2014. By sector, members of the education industry made up the biggest growth, with 155% more clients purchasing the coverage, followed by power and utilities with a 100% increase and manufacturing with a 76% increase. The healthcare sector remains Marsh’s largest buyer of cyber coverage, with 41% of all clients in this industry purchasing it by the end of the first half of 2015.

Cyber liability insurance growth rates

Sessions throughout the conference made clear that insurers—and the industry at large—are still struggling with what is also risk managers’ biggest challenge: data. Completely evaluating the true value at risk with cyber liability continues to elude both sides, although many new approaches and consultancy services are emerging. Further, the dearth of actuarial data not only compounds the challenges of the cyberrisk assessment process, but make it hard for the industry to set pricing and limits with confidence.

“It is hard for insurers to be prudent with cyber as risk managers often do not fully understand how to measure their exposure,” Mulligan said.

“Actuarial data is the Holy Grail of the cyberinsurance market: we’re all searching for it and it’s just not there,” said Bob Parisi, cyber product leader at Marsh, who moderated a session on the struggle to quantify and model cyberrisk.

In addition to the actuarial uncertainty, the considerable number of large losses over the past few years is continuing to push up the cost of cyber, forming what Willis executive vice president Peter Foster described as a “hot” market that will have to cool and solidify with time. Parisi chose to describe the market as “brittle” after absorbing several hundred million dollars in losses, and a range of insurers and brokers reported that premiums have increased dramatically as a result. The Marsh study found that price increases across industries averaged 19%, with 32% increases among retailers, the most frequently breached sector over the past few years.

cyber insurance limits purchased

While these breaches and better estimates of the real cost of cyber incidents have helped many companies realize they may be underinsuring for cyber liability, the move to correct this is getting more difficult. Insurers have said repeatedly that there is plenty of capacity in the cyberinsurance market and many buyers have increased the limits purchased, but higher limits of liability are increasingly hard to come by, and none really exist in excess of $100 million. Particularly for businesses that have yet to implement serious efforts to address information security, rate increases appear sure to continue, and simply buying more coverage will not only be unsustainable, but may not even be possible as insurers give more thought to the capacity they are willing to commit to these risks.

“There is just not enough capacity to extend $50 to $100 million limits to every account,” said Greg Vernaci, AIG’s head of cyber in the United States and Canada. “We are looking to reward those companies with a robust information security posture who go beyond and take a multifaceted approach to managing cyberrisk.”