...continued from part 1.
Troy von Kutzleben: In three to five years, just about every company will be in one way or another an internet company. They will be transacting business on the internet because it makes sense. It is easier to move bits and bites around than it is to move analog pieces of paper around. Our industry is very, very interesting in that what we do today is we take intellectual property up here (indicating the brain), convert it to analog, put it on a piece of paper on a policy and we send it via the mail to somebody and then they get it and they read it. We can transfer our intellectual property right now into bits and bites and then transfer it much cheaper via something like the internet.
Alan Brown: Obviously we have all sorts of business infrastructure issues if we are going to operate on a e-commerce basis. That is one whole category of discussion. The other big category, I guess, is for our customers.
Phil Zinkewicz: I want to ask another question, and maybe Gene and Peter can get involved with this because it is the area of litigation. What about market behavior in terms of conducting business over the internet? What about regulation?
Mark Hutchins: Relative to the insurance industry?
Phil Zinkewicz: Relative to the insurance industry conducting business either with customers, buyers of insurance, consumers or with each other. There was a case recently in which an insurance company's regional office devised a website purposely constructed to lead buyers of insurance to them even though the buyers were searching for another company completely. What about that?
Alan Brown: I don't know. I can see how it can occur.
Eugene Anderson: That was a fascinating story.
Phil Zinkewicz: Do you know what I am talking about?
Eugene Anderson: Yes, I know the story. It was not a little tiny company.
Phil Zinkewicz: No, it was a major direct writer.
Mark Hutchins: Again, that is not necessarily a market conduct issue from an insurance standpoint.
Eugene Anderson: It is an advertising fraud.
Mark Hutchins: It is an intellectual property.
Peter Demmerle: It is a trademark.
Phil Zinkewicz: What the company did was devise an address on its website that was so similar to the website address of its competitor that, when a potential customer who was searching for the competitor's website inadvertently struck a wrong key, that customer was sent into the first company's website instead.
Mark Hutchins: That type of claim has been going on since almost the second day of the public access to the internet. As soon as Dot.Com became publicly available, people started squatting on other people's trademarks. I don't know, you may have an idea or some numbers in terms of how much litigation there has been on those issues, but it is phenomenal, I bet. I mentioned earlier, to date, most of the litigation involving cyberspace has been in the intellectual property area, and that is one of the most key areas to watch to date as well as privacy. There have been efforts to try to regulate it. Again, there are quite a few entities and/or bodies or people that are trying to minimize the government control, to keep it as open as possible. There has been a lot of litigation on that type of conduct, whether it is cyber squatting or framing or linking technologies. That is what is helping define how the industry evolves.
Phil Zinkewicz: The case I am talking about involved an alleged deception that involved both consumers and the insurance company. Because the insurance company was being taken advantage of and the policyholders were being directed to a company.
Mark Hutchins: They thought it was one company and it turned out to be another, that's exactly right.
Eugene Anderson: I would like to say I had electronic funds transferred involving $25 million twenty years ago or more and it was a Lloyd's electronic funds transfer policy. At that time, there was something like two trillion dollars a day went through the networks south of Canal Street in Manhattan. This (electronic transactions) ain't so new. On the valuation of intellectual property, I bet you could go to a law library today and get four dictionary sized volumes in a set on theft of trademarks, theft of trade secrets, all of the rest of that. I have a little bit of a tough time seeing what is new. I have a hunch that a lot of this involves our love of mysticism. Since we can't see any of this, it is really fascinating. The more you talk about it, the more fascinating it gets. We have been doing electronic information transfers since the telegraph. Alexander Graham Bell was sort of a late-comer to wire transfers.
Alan Brown: Victorian internet I think it's called.
Eugene Anderson: I have worked on legal problems involving this. I worked on the valuation of the trademark for Pell-Mell cigarettes. Nobody even knows what that is anymore, but it used to be a brand name. It was as big as Coke. Where is there something new? At my age, it is easy to miss something.
Alan Brown: I think you raise a fair point. However, one of the things I think creates more of an issue than it might have ten years ago or more is the value of intellectual property. That was viewed as a much more specialized type of pursuit. I certainly agree with your point on the electronic funds transfer; yes, that certainly has been around for quite some period of time. However, that transfer was really limited to the financial community. It was not, certainly as we are seeing now with the new internet, available, really, to individuals. Where it used to be major banks were transferring things back and forth, certainly that has been going on for some period of time. It is almost a scaling kind of issue. Now it is available to a much broader universe.
Mark Hutchins: And the structure of the network, itself, the electronic funds transfer has certainly been around and aspects of it insured for at least 20 years, but now it is John Doe or Jane Doe or their child sitting in the TV room of their house transacting business with who knows who, and you don't know who is on the other end. You have an electronic address that goes out into a publicly accessible network as opposed to a dedicated electronic signal between two commercial parties. I think that is what is presenting some new challenges we now face today, but those challenges are growing.
Peter Demmerle: I think this industry is at a point of profound change.
Troy von Kutzleben: When you say this industry...
Peter Demmerle: I mean the insurance industry. I don't pretend to have any insight as to how big and how profound, other than to know that big things are happening. I am along with Gene mostly on it. I do not see a lot of things that are new. Stated differently, I think there are a lot of analogs to some of the issues that are put up today. From a legal point of view, there are mechanical things having kept pace with technology, things like electronic signatures. We are almost across the country on that. Statute of frauds that require signatures on state insurance laws, that requires a signature on a policy. These are just mechanical things that, at some point, the legislature will decide what the public policy should be. The profound change I see is in the distribution of products more than anything else, which is really at the core of what we are talking about. How things are distributed in our economy is on the verge of a fantastic change. I think if you combine e-commerce and the insurance industry, given our basic core topic here, the ability to completely change market positions by the use of e-commerce is amazing. The dominant players of the past are struggling because they have a legacy the way they distribute the products, not wanting to alienate one distribution channel, but wanting to embrace the new ones. These are big, big issues that executives struggle with and I am sure lose a lot of sleep over, as exciting as they are. I think the convergence of banks and insurance will be a big change, but I don't think it will bring about as profound a change as the use of the internet.
Troy von Kutzleben: Well, regarding new products, I think Marsh has worked with several carriers in the insurance industry and tried to address some of the new product issues that are out there. They came up with a product that has been introduced to the market called Net Secure, which tries to protect business interruption loss, liability loss and then ultimately crime and theft loss as well. So it tries to bring coverage in from several areas, but taking it from the industrial age economy we were talking about into the informational age economy, coming up with a new policy to specifically address the way people are going to be doing business in the future, that is at the formative stages right now. Marsh is working with the carriers to clarify the coverage so that insureds are not confused about what they are getting, to clarify how things will be valued and then ultimately, working with those carriers, to come up with a price for that particular policy.
Phil Zinkewicz: What about the regulatory environment, how is it going to respond to all this?
Peter Demmerle: Right now we have three states with regulations. We have no statutes really in place. I think the regulators at the moment have chosen to view the electronic screen as though it were a sheet of paper. So all the rules that apply to how the sheet of paper gets into the hand of the consumer will apply with equal measure to the screen. It is rudimentary. I think it would be an unusual regulator who would say the laws have kept pace with all the changes. Regulators, I think, are eager to go at the pace they need to, but it sort of grinds at the legislative level. Regulation is not fast enough given the advances in technology we've had.
Mark Hutchins: Do you feel that direction will come from the federal government?
Peter Demmerle: I think the marketplace will drive it. I think if you get enough big people out there demanding these kinds of products, someone will realize, I am going to make money by supplying product, so how do we supply product?
Phil Zinkewicz: Who will regulate it? The state regulators who deal with insurance, federal and state regulators who deal with banking, federal regulators who deal with the securities industry?
Peter Demmerle: That is a whole other kettle of fish. I think we will see phase one. Whatever comes out of the conference committee on HR-10 as to who regulates what will be the first phase. My expectation will be three to five years. The major players will be back in Washington saying, this is a good start, here is where we move to and now we will get into phase two. Who regulates and how it is going to evolve over a five, ten year period into something different than today, what form it will take, I don't know because I cannot begin to speculate on how e-commerce will change everything, other than to say it will.
Phil Zinkewicz: We have, it's fair to say, a regulatory system in this country that insurers find difficult to deal with anyway. In the world of cyberspace, will domestic companies be at a disadvantage in dealing with the whole e-commerce and internet liability situation?
Troy von Kutzleben: I think part of the advantage for North American companies lies in the fact they have gotten such a significant head start in the internet area as opposed to other countries.
Peter Demmerle: You mean in the general usage of it?
Troy von Kutzleben: Yes, in the general usage of it. Recently I read an article that stated that over 80% of commercial enterprises that are based on the internet are based out of North America, primarily the United States. Countries like France and England are very eager to get on the train that the US economy has been on, to have companies created like Yahoo overseas. Because so much of the assets and value of those companies are based in the United States, the United States jurisdiction and laws are likely to control e-commerce law in the end.
Alan Brown: There is e-commerce law and then there is insurance.
Robin Williams: There is a whole issue of securitization.
Alan Brown: That is a whole different discussion. I would certainly yield to the point that the US, fortunately for us, has had a head start in the whole information electronic commerce world. I think that the rest of the world will narrowly catch up. We will have a horserace, I think, eventually. Now we have quite an advantage. Getting back to your question which was more related, if I understood you correctly, to how we deal with the regulatory regime to create new products and get them admitted in all jurisdictions. Well, unless something has changed since I have been out of the country the last couple of days, it is still the same environment we have had as far as facing the 50 jurisdictions and getting admitted coverage in every jurisdiction.
Phil Zinkewicz: You can still take as long as a year or more to get.
Alan Brown: Yes. With the criticisms coming back and answering them and another wave might follow-up and you may go back three, four times, depending on how exotic the product or whose cubicle it winds up in at one of the state authorities. We still have that to deal with. I was just in Canada and, obviously, introducing new coverages there is not the same as it is south of the border. As to whether that is a disadvantage for domestic companies to have admitted coverage here, I mean everybody, at least theoretically, has to play by the same rules. So, a non-domestic company that wants to do business on an admitted basis in the United States has to go state by state, too, much to their chagrin. Nothing has really changed from the standpoint of the regulatory regime to accommodate more rapid introduction of new products. I should also say, there are also some states that are going through some sort of commercial deregulation activities and depending on how they define things, there is standard, nonstandard size and that sort of thing, there is some relief on that front.
Peter Demmerle: You are flip-flopping from the product as opposed to the distribution. I think both your comments are directed toward the product. Deregulation has to do with distribution.
Mark Hutchins: Both.
Peter Demmerle: If I meet a certain threshold, if I am of a size and a sophistication, I can buy. I can buy a property policy, I can buy a GL policy. It isn't the product, it is the distribution. The rules that apply to distribution are reduced if I meet that threshold for deregulation.
Mark Hutchins: I am sorry, Peter, you as the buyer?
Peter Demmerle: Commercial deregulation. I am a US buyer, the notion is, if I am of a size and sophistication, it is no longer necessary for me to seek protection from the Insurance Department. I am free to go out and buy. So I am in excess of a premium threshold, I am in excess of a number of employees and I have a risk manager, what used to be a classic definition of an industrial insurer. I can now sit down and transact with Chubb or with Odyssey or whomever I choose without all of the rules that apply to the distribution of that product. That is distribution, that is not the product itself.
Alan Brown: That is where that is allowed, that is not a universal thing.
Peter Demmerle: Commercial deregulation is a distribution issue.
Mark Hutchins: That is from the perspective of the buyer. From the perspective of the insurer, the distributor, we are regulated by the method and the product of distribution.
Robin Williams: We actually know there have been a few specific situations where it has been unclear whether some transactions are insurance or security transactions. Then we are not sure if we can do it or how we can do it. These were some of the things you were talking about, along with the internet is going to come new forms of transactions. I can't say it is a constraint at this point, but certainly a whole new world in terms of how we will operate.
Mark Hutchins: Again, I can only speak for our organization, but it is a constraint for us in both the product and the distribution - i.e. to meet the requirements put forth for our licensing to distribute the products, and for the form of the product itself, what we can sell - not even sell - but present to a buyer in all 50 states and Canada and in England.
Phil Zinkewicz: If we can switch gears for a moment, one of the areas I would like to get into is fraud. Back in the late 1970s, the early 1980s, there were a series of frauds and scandals that took place here and stretched overseas. POSA was one and Kennilworth was another. These were frauds and scandals that took place primarily in the reinsurance arena and they were conducted by miscreants who were not really insurance people, but who were very intelligent people, very smart, who knew how to manipulate the insurance business. The ones who were bilked were the primary insurance companies and brokers. In a series of entangled reinsurance schemes, money was sent down to offshore countries, disappeared, money they never recovered. Does cyberspace and the internet and e-commerce provide an opportunity for the really intelligent fraudster, the pro, to rip off not just consumers, but the industry, itself?
Peter Demmerle: You put your finger on the number one concern. Nothing on the horizon concerns us as much as the opportunity for fraud.
Alan Brown: It becomes an authentication issue if you want to put a label on it. Are you who you say you are and do I, therefore, know you and trust you. That is a very simplistic way to characterize what is a very broad-based issue. Whenever you take physical security, or the locks, and reinforce concrete walls and safes and all that kind of stuff, the physical analog will have the same challenges there are in a cyberspace context. As you have better security, people will try to come up with ways to beat it.
Mark Hutchins: It is not just the domestic regulators either. Because it is a global commerce now, the level of encryption is regulated as to what can be exported. So the technology may even be there, but we cannot use it.
Robin Williams: I do not disagree with what you said, fraud is an important issue, but right now reinsurance is still very much a smaller world. One tends to know one's clients. A lot of it is through intermediaries. We know them. That is not to say that will not change, particularly if we go to internet level transactions, but it is a little difficult for reinsurers to see how fast that will happen. As the deals are larger and more complex they are scripted, they tend to require meetings, although not always. In terms of having money just kind of flowing into places where you would not really know where it is going, I think there would have to be a lot more transactions and a lot more faceless transactions.
Peter Demmerle: I think that will ultimately happen. I think the technology will allow you to engage in mass representation.
Robin Williams: I am not sure the marketplace really wants that.
Mark Hutchins: But I think they will have to adapt.
Peter Demmerle: The more massive it becomes, I think the more likely it is to invite people to come in and say, let me just tag on to that for a day or two.
Troy von Kutzleben: This is one of the areas where an intermediary can continue to add value to the transaction. You talked a little bit about using trust in parties. There is a lot of value in using a reputable intermediary or broker in that they deal with a typical set of players and partners. They have checked out the background of markets. We don't make recommendations as to who is viable security and who is not. However, we can advise our clients as to what they should be looking at in a particular company in order to be able to do business with them. While the internet, itself, has been, I think, promoted as a means of disintermediation, what it can really do is essentially make the intermediary more valuable in the transaction.
Robin Williams: Not all reinsurance goes through intermediaries. Certainly, I would think this would be a major topic of conversation within the intermediary community.
Troy von Kutzleben: It is certainly a large opportunity for a company such as ourselves to be able to take the current network we have, which has been developed through contacts that started out by boat and by plane and now by telephone, telegraph, and convert that network into purely digital.
Phil Zinkewicz: But, insurance companies, brokers and reinsurers knew the honorable players back in the early eighties. Yet, they allowed unknown elements to enter into the business insurance anyway. Hence the scandals that resulted.
Robin Williams: We still have scandals of that nature, but I don't think they are internet related. The scandals we see right now would have occurred with or without the internet.
Phil Zinkewicz: Don't forget, the victims of the scandals from the 1980s were sophisticated insurance professionals. All I'm asking is, would e-commerce make it easier for the fraudsters or does it matter?
Mark Hutchins: I think it adds another level of who you are doing business with. No question about it. To me, that creates another level of burden on the parties who are doing business to know who they are doing business with, and to know that other party is who they have said they are. No question in my mind that that we have already seen people are out there transacting business, as McDonald's.Com and they are not McDonald's. So whether it is to the consumer or to sophisticated parties, I don't think there is any question that e-commerce does raise another level of susceptibility to fraudulent transactions.
Phil Zinkewicz: Let's move on to the privacy issue. Is there such a thing as privacy anymore, given the breadth of cyberspace?
Alan Brown: Maybe a way that I would put a label on it, in answering your question, at a minimum, the availability of e-commerce would create an additional area for due diligence. That would be kind of the category I would put it in. All the same reasons that have already been cited about making sure you know who the heck you are doing business with, now you have an area to check out, that is an additional potential vulnerability that you ignore at your peril.
Mark Hutchins: The methods for doing that are already in development. Some already exist, trusted sites and trusted intermediaries, etcetera.
Eugene Anderson: I would put a lot of this monkey on the backs of the CPAs if I were in your position. The people who get taken the biggest by fraudsters are smart people, sophisticated people. All a scam artist has to do is get to somebody that thinks he or she is as smart as all of us think we are and, bingo, the scam artist wins. There is a hell of a movement, I assume it is the D&O writers doing it, to lessen the responsibility of CPAs, and I would think that businesses at all levels would be screaming no, no, no, make those certifiers be certified. That is free advice, worth what you pay for. I would also say, you know you have to be vulnerable. What Willy Sutton did was not too smart, but he knew to go where the money was. Financial services, principally insurance, is heavily into that with an enormous number of people. I don't know how many it takes to run away now, but usually two employees working together, is enough to take a company for a long fast ride.
Phil Zinkewicz: Or a lot of companies.
Eugene Anderson: That's right.
Troy von Kutzleben: But that is not a new exposure. Those employees might have greater access now because of network issues, but commercial and financial institutional crime have been an exposure that companies have dealt with for a number of years.
Eugene Anderson: Is your audit committee sitting down with the CPAs and asking those CPAs: have you examined carefully our e-commerce vulnerability? Do you have experts who know exactly what to look out for? Somebody ought to be nailing the CPAs to the wall. They are getting enormous fees for doing audits. If you suddenly wake up and find out you do not have any accounts receivable, I would then look to whoever it is that is writing the liability coverage for the big two or three or whatever it is accountants.
Troy von Kutzleben: One of the things that Marsh is doing in conjunction with its Y2K product, in order for a company to obtain coverage under the Net Secure policy, they must undergo a security assessment. Currently that is being contracted out to IBM. However, some of the carriers that are involved have some side contracts with other companies, other service providers that will provide the security assessment. That is doing some of the work you are talking about, which is trying to figure out how safe a company's network is, or how far they go to protect themselves from virus attacks and so forth. That is becoming an increasingly large part of what companies must do to manage their own risk.
Mark Hutchins: I concur with everything that both those gentlemen said. Just to take that one step further, those principles are excellent. We plan to pursue them. A lot of the universe of people looking for insurance for their cyberspace activities possibly don't fit into the model that can take on that kind of activity. They are not a Fortune 500 company. They are mom and pops shops working out of a garage. You have a great idea and/or a great service and they are offering to Jane and John Doe consumer as opposed to another commercial enterprise. They may be the next Yahoo, who knows. Those people don't have a lot of assets to go out and hire a big five accounting firm or to go through a security audit. But, yet, if they are going to be successful in business and become another Yahoo or somebody of that nature, they need some support from the insurance industry. Hopefully we will provide it.
Phil Zinkewicz: How about looking at cyberspace from the risk management perspective? Is the industry providing clients with the tools they need to control their exposures under cyberspace?
Alan Brown: I can take a stab at it. That is a broad topic as well. In the broadest sense, the risk management concepts - we are talking about companies now that are operating in cyberspace, is that the context?
Phil Zinkewicz: Yes.
Alan Brown: On the broadest basis, the concepts that we would normally apply, shall we say, to analyzing somebody's risk situation, I think, would still be satisfactory, albeit maybe we have to think about them a little differently, but the categories should be similar. Even cyber companies are going to have some elements of traditional exposures. They are going to have some first-party exposures. They are going to have some assets, albeit maybe small relative to their overall operations in a more traditional sense. They are going to have a series of potential liabilities, some of which we touched on today. They are going to be entering, affirmatively entering a number of different contracts. Again, from that standpoint, they should have a competent review of those contracts both from the context of their ability to fulfill them and then the legal requirements and jurisdictions in which they are going to operate, you know, making sure the hold harmless clauses and all those things you would normally worry about in a contractual sense are properly handled. They have a protocol for who reviews them, who is allowed to sign off on them. Again, in offering capabilities taken in a software company context, what kind of capabilities do they market themselves as possessing so you do not over promise?
Mark Hutchins: I am doing a lot of head nodding. What Alan has said is exactly what we, on the underwriting side, are typically looking at. Again, it is not new stuff. It is the same process that we have traditionally used. Yes, there are new aspects of that process. The industry, the cyberspace evolution, particularly commercialization, is proceeding at such a rapid pace. A tremendous number of new types of relationships that, at least from our perspective, traditionally did not exist, are being formed. People doing partnerships or joint ventures formally, informally, which is a little scary, to obtain content, to meld the content with the service, the method of distribution or the method of transaction, seeking outside advice, whether legal or financial. We are looking to see the same thing we have always seen: are these people or a person utilizing what we would consider good standard business practices in developing, in implementing and managing this function? Alan has basically gone through those. What qualifies them to do what they say they are going to do? Do the practices that they have presented to us appear that they are going to live up to those standards?
Phil Zinkewicz: Do you make recommendations to bring those standards up?
Mark Hutchins: Certainly, certainly. In our capacity, you can't make necessarily specific recommendations. We would refer them to a legal counsel or a financial consultant or something of that sort, but in terms of the types of provisions that we would recommend them having in their agreements with their content providers or technology providers or their users, certainly we make recommendations. Again, our objective is to insure them on a third-party basis for breach of the standard of care that they owe and the level of expectation that their customer or user or the general public may have, may want to derive from that service or information. If they indicate to us that they have adequate knowledge and skill and structure to perform that function and have taken reasonably good business practices in managing their risk, then that is certainly the type of risk that we are willing to insure. That is the same type of risk we have always been willing to insure. It is not really creating a new process, just another little step in our evolution of process.
Robin Williams: To the extent the first-party coverage includes business interruption, you might have mentioned this already, a contingency plan for minimizing that, we would be looking for that from a reinsurance standpoint, that you would require that.
Alan Brown: What happens if things off premises are a problem? Traditionally, certainly property insurers were much more comfortable in evaluating things and recommending things because you had physical facilities to go out and examine. One of the things that puts a little different slant on the cyber world is it is much more difficult to sort of get your arms around what really the business enterprise is about when it is virtually all in cyperspace. Phil Zinkewicz: Will they let you look, that is the other question?
Robins Williams: That is a requirement for coverage.
Alan Brown: They would let us look, certainly to the degree that we need to be satisfied that they are running their enterprise in a good fashion. If you sort of strip all the bologna away in all this, what you are really evaluating is the business management team's ability to run that operation properly, because that is really what we are, in a way, investing in. You do not normally think of insurance investing, but I dare say if we are wrong, we will become investors down the line, whether we like it or not. So it is important to understand what that operation is all about and whether they seem to be conducting themselves in what is considered good business fashion. So, again, some of those general concepts do not change just because you change into a cyber world. Some of the issues there may become a little different because you are in cyberspace and I dare say the intellectual property and that relationship bouncing in and out becomes a more significant element than it would have been in a more industrial sense, if that helps.
Continued in part 3…