Immediate Vault Immediate Access

5 Best Practices for Effective Claims Reviews

With the cost of insurance for businesses rising across many types of coverage, staying on top of trends in the claims portfolio is more important than ever. Spotting problem areas and opportunities sooner makes it easier to develop and implement steps to reduce risk pre-loss and better control costs post-loss. For this reason, many insurers and TPAs promise to conduct claims reviews with their business customers on a regular basis, but the rigor can vary greatly. Practices that have been common historically often lack the nuance and precision that can unlock the maximum benefit for each customer’s unique situation.

Here are five best practices for a wide variety of customers across a range of industries:

1. Assemble the right team

Typically, only the person overseeing claims at the business attends the claims review with key claims staff from the carrier. However, this small team limits the potential for brainstorming solutions and getting full buy-in to implement them. In addition to claims experts, it may also be helpful for the carrier’s loss control team to attend, as well as agent/broker staff. From the business customer side, it is helpful to include all key personnel who can facilitate immediate decisions that will impact the ultimate resolution of the claim in an efficient and timely manner or provide other insightful information. This often includes the risk manager, and may also encompass employees from legal, human resources, safety, operations and even the CFO, in some cases.

2. Develop a clear understanding of the customer to set the claims review objective

Broadly speaking, the goal is always to minimize loss costs to help manage the price and coverage of the overall insurance program. However, each business and claims portfolio is unique. One company may be most concerned with how claims reserves are affecting budgets. Another company may have an unusually high experience modification rate that they want to bring down by reducing the frequency of worker injuries. Yet another company may be changing part of their operation and want to monitor claims activity associated with it more closely than business-as-usual activities. The policyholder’s unique objectives should drive decisions about how often to conduct the claims reviews, what types of claims to include and where to dive into the greatest detail.

3. Fully understand and account for the impact of claims on the insurance program

In the initial design of the insurance program, certain coverages may have been limited due to a problematic claims record. For instance, frequent third-party claims for premises liability may have led to restrictions on Med Pay coverage or a higher deductible to give the customer a bigger stake in safety measures. Or perhaps the customer hoped for a loss-sensitive program but could only secure a guaranteed cost program due to lack of an internal pre- and post-loss management platform. The claims review should be designed to account for how frequency and severity may affect underwriting decisions so that the policyholder can move toward its coverage objective

4. Choose claims for review according to objectives, not simply dollar value

The default choice for what claims to review is often based on dollar value—e.g., all open claims with incurred losses of $25,000 or more. This approach may miss underlying trends that could lead to severe loss, however. For instance, perhaps a restaurant chain experiences a high frequency of slip-and-fall claims from workers in its kitchens. While these may all have been minor, but it may only be a matter of time until a severe injury occurs. With the objective to reduce frequency and the risk of serious injury, the claims review should examine all slip-and-fall claims using data and analytics to uncover causal factors such as food and liquid dropped on floors or seasonal workers with little safety training.

5. Track reserving on a micro level relative to all factors that can affect open claims

Typically, reserving is only tracked from a macro perspective, but this can overlook a variety of factors that could help better manage reserves and ultimate outcomes. For example, are the latest technologies being consistently used to manage costs? Advances in artificial intelligence and data and analytics now allow us to identify treatment providers associated with the best outcomes for injured workers, but how well are companies taking advantage of the recommendations? Early resolution techniques for auto and general liability claims may lower the ultimate cost of claims but cause a short-term bump in claims payments that needs to be accounted for in the customer’s budgeting process.

Potential Benefits

Claims reviews based on these best practices can yield significant benefits, especially when used as part of a holistic approach to managing risk and reducing losses. For example, an early claims review for a new manufacturing customer identified sprain and strain injuries as a problem area. The loss control team then surveyed the manufacturer’s operations and uncovered increased risk due to various manual lifting tasks, such as loading 8-foot-tall plastic silos with heavy equipment in a confined space. Based on that finding, the insurer’s team conducted onsite job hazard analysis supervisory training that included a safe lifting program, online courses and ergonomic risk assessments on a variety of tasks. As a result, within about two years, the program cut the manufacturer’s workers compensation loss ratio roughly in half.

High Performance Risk Management

LOS ANGELES—Risk managers, whose job once focused on a basic “bucket of risks,” and making decisions about which risks are transferable and which ones the company should retain, have been “migrating along an evolutionary path which is allowing us to be more strategic,” said Chris Mandel, senior vice president of strategic solutions at Sedgwick, at the RIMS ERM Conference 2017.

During the session “The Trouble with ERM,” he noted that risk managers now need to alter their focus. “The question for risk managers now is, how do we get our organizations to focus on long-term success and recognize the link between strategy and risk?” he said.

Erin Sedor, president at Black Fox Strategy, said that personal experience taught her the importance of connecting with the CEO and aligning with the company’s strategy when setting up a program. “You need to know what they are talking about and understand strategy,” she said.

Unable to find a satisfactory definition of strategy for ERM, Sedor came up with her own: A set of decisions made at a given point in time, based on business intelligence, that when successfully executed, support the purpose, growth & survival of the organization.

She added that, unfortunately, enterprise risk is not a term that resonates with the C-suite, but strategy is.

She identified three major problems with ERM that can dampen its prospects:

  1. A limited view of the organization’s mission, growth and survival.
  2. Silos. Breaking through them is a nonstop process, no matter how a company tries to improve the situation—especially in the areas of risk management, continuity planning and strategy, which typically happen in very different parts of the company. “It is important to link risk management and continuity planning in the strategic planning process, because that will get some attention and get the program where it needs to be,” she said.
  3. Size. Because ERM programs are notoriously huge, she said, “the thought is that ERM will cost too much money, take too many resources and take too long to implement. And that by the time it’s finished, everything will have changed anyway.”

Starting the process by “saying you’re going to focus on mission-critical,” however, can help get the conversation moving. “Because as you focus on that, the lines between risk management, continuity planning and strategic planning begin to blur,” she said.

Sedor described mission-critical as any activity, asset, resource, service or system that materially impacts (positively or negatively) the organization’s ability to successfully achieve its strategic goals and objectives.

She said to find out what mission-critical means to the organization, what is the company’s appetite and tolerance for mission-critical, and the impacts of mission-critical exposures on the organization. “Risk managers will often ask this question first, but you have to come to grips with the fact that not every risk is a mission-critical risk,” she said. “And not everything in a risk management program is mission-critical.” Using that context helps in gaining perspective, she added.

When viewing risk management, continuity planning and strategic planning from a traditional perspective, strategic planning is about capturing opportunity and mitigating threats; risk management is the identification, assessment and mitigation of risk; and business continuity planning is about planning for and mitigating catastrophic threats.

Looking at them from a different vantage, however, strategic planning is planning for growth; risk management allows you to eliminate weaknesses that will impede growth, which is why it’s important; and continuity planning will identify and mitigate the threats that impact sustainability. “That is how they work together,” she said, adding, “you are also looking at weaknesses that, when coupled with a threat, will take you out. Those are your high-priority weaknesses. Using a mission-critical context makes it all manageable.”

At this point, if a risk manager can gain enough leverage to talk to executives throughout the organization about what mission-critical means to the company, its impact, and then about tolerances and creating a more integrated program, “all of a sudden, you’ve talked about ERM and they didn’t even know it,” she said. “They thought you were talking about strategy.”

In a Changing World, Questions For the CRO

Before the financial crisis in 2008-2009, many businesses didn’t think of risk as something to be proactively managed. After the crisis, however, that paradigm shifted. Companies began perceiving risk management as a way to protect both their reputations and their stakeholders.

Today, risk management is not just recommended, it is considered crucial to successful operations and is required by federal and state law. The SEC’s Proxy Disclosure Enhancements, enacted in 2010, mandate that organizations provide information regarding board leadership structure and the company’s risk management practices. Company leadership is required to have a direct role in risk oversight, and any risk management ineffectiveness must be disclosed.

The CRO’s role

Volatility in the current business environment—a confluence of factors including transfers of power, the world economy and individual markets—is nothing new. Political transitions have always been accompanied by new agendas and shifting regulations, economies have always experienced bull and bear markets, and the evolution of technology constantly changes our processes.

Even so, recent events like Brexit, the uncertainty of a new administration’s regulatory initiatives, and thousands of annual data breaches have contributed to an unprecedented atmosphere of fear and doubt. To navigate this environment, the chief risk officer needs to adopt a proactive risk management approach. Enterprise-wide risk assessments grant the visibility and insight needed to present an accurate picture of the company’s greatest risks. This visibility is what the board needs to safely recognize opportunity for innovation and expansion into new markets.

To grow a business safely—by innovating and adding to products/services and expanding into new markets—risk professionals should not focus on identifying risk by individual country. This approach naturally leads to a prioritization of “large-dollar” countries, which aren’t necessarily correlated with greater risk. Countries that contribute a small percentage of overall revenue can still cause major, systemic risk management failures and scandals.

A better approach is to look at risk across certain regions; how might expanding the business into Europe, for example, create new challenges for senior management? Are there sufficient controls in place to mitigate the risks that have been identified?

When regional risks are aggregated to create a holistic picture, it becomes possible for the board to make sure expansion efforts are aligned with strategic goals.

Three processes that require ERM

Risk management is an objective process, and best practices, such as pushing risk assessments down to front-line process owners who are closest to operational risk, should be adhered to regardless of the current state of the international business arena.

While today’s political climate has generated a significant amount of media strife, it’s important not to let emotion influence decision-making. By providing the host organization with a standardized framework and centralized data location, enterprise risk management enables managers to apply the same basic approach across departments and levels.

This is particularly important when an organization expands internationally, which involves compliance with new sets of regulations and staying competitive. Performing due diligence on an ad hoc basis is neither effective nor sustainable. Instead, the process should follow the same best-practice process as domestic risk management efforts:

  1. Identify and assess. Make risk assessments a standard part of every budget, project or initiative. This involves front-line risk assessments from subject matter experts, revealing key risks and processes/departments likely to be affected by those risks. For example, financial scrutiny is no longer a concern just for banks. Increased attempts to fight terrorism mean transactions of all kinds are becoming subject to more review. Anti-bribery and anti-corruption processes estimate and quantify both vulnerability and liability.
  2. Mitigate key risks. Connect mitigation activities to the resources they depend on and the processes they’re associated with. ERM creates transparency into this information, eliminating inefficiency associated with updating/tracking risks managed by another department. Control evaluation is the most expensive part of operations. Use risk management to prioritize this work and reduce expenses and liability.
  3. Monitor the effectiveness of controls with tests, metrics, and incident collection for risks and controls alike. This ensures performance standards are maintained as operations and the business environment evolve. Evidence of an effective control environment prevents penalties and lawsuits for negligence. The bar for negligence is getting lower; technology is pulling the curtain back not only internally but (through social media and news) to the public as well.

Lastly, the CRO role is increasingly accountable for failures in managing risk along with other senior leaders and boards—look no further than Wells Fargo.

Laremy Tunsil’s Social Media Controversy Highlights NFL Draft Risks

shutterstock_212182807Last night was the first round of the 2016 NFL Draft and the lead story was that of Laremy Tunsil.

By many scouts’ accounts he was one of the most talented prospects in the draft and was expected to be chosen in the top five or six. Instead, Tunsil tumbled all the way to number 13 after an untimely video was posted to his Twitter account depicting him smoking marijuana through a gas mask. The tweet was quickly deleted but not before creating a snowball effect that will likely cost Tunsil approximately $8 million in lost contract value, as estimated by Forbes based on the NFL’s Salary Cap and Rookie Compensation Pool (a player chosen at #6 would be expected to receive a contract of $20.4 million, while the 13th pick would receive an estimated $12.4 million).

If you watched the first round coverage last night, the term “risk management” was thrown around generously by commentators. In many cases, NFL draft prospects are investments worth many millions of dollars. But with each investment comes questions of risk versus return. The Miami Dolphins, who selected Tunsil, made a decision last night that the investment of approximately $12 million dollars mitigated the risks posed by a player who could have drug related issues that could violate NFL player conduct rules. Moving forward, the Dolphins will have to consider the following risks:

  • Organizational Risk: In addition to the marijuana video, Tunsil admitted to what amounts to violating NCAA rules while in college, which will certainly result in disciplinary actions against his alma mater. The Dolphins still have to sign Laremy Tunsil and now have to determine if they can expect a positive return from a player who demonstrates the potential to weaken an entire institution.
  • Reputational risk: Will there be a backlash from the fan base for drafting someone who clearly demonstrates serious lapses in judgement? Remember, these players are not just investments in terms of their performance, but in the revenue and public relations image they create for their respective team. As has been demonstrated in the past with other NFL teams, reputational risk is not just an external factor but an internal one at that that can affect team’s performance on the field.
  • Social media risk: Laremy Tunsil’s agent claims that his client’s social media accounts were hacked. Regardless of whether or not that is true, the damage has been done. But what prevents any of his accounts from being hacked in the future? Will this inspire other potential black hats to hack athlete’s social media accounts? Can the Dolphins impose a social media blackout on its entire franchise? The Dolphins will need to consider what social media risks Laremy Tunsil may pose to the franchise’s image moving forward.

Overall, if Tunsil is as talented as he is expected to be, then the risk of selecting him will likely be worth the reward. Right now, the Miami Dolphins have made a decision that their potential investment of $12 million dollars will benefit the team in the future. Let’s hope for their sake that they have a risk management program in place that will give as much consideration to the risks listed above as they presumably give to winning a Super Bowl title.