How the Insurance Industry Can Help If the ATMs Stop Working

The Black SwanBlack Swan

The “unthinkable” happens pretty regularly in the world of finance (roughly every 7-10 years), yet executives always seem to get blindsided when it actually occurs.  These unthinkable events now have a name – the “black swan event”, as named by Nassim Taleb in his book The Black Swan:

However, one may argue that these events are themselves predictable in that they WILL happen – that only the timing thereof is uncertain.  Now it is common for people to acknowledge in hindsight that problems were looming in 2007 & early 2008 regarding the global banking industry – but beforehand, no one seemed too concerned about it (publicly).  The term “Too Big To Fail” (TBTF) was hardly ever used during those days – now it’s a regular part of our lexicon.

Fast-forward to 2016, and there have been a lot of self-congratulatory statements within the financial sector (banking, insurance, investment funds) regarding the issues which caused the last crisis.  It is common to discuss or even brag about how improved ‘risk management’ will ensure that this “never happens again”.

One key difference being heavily promoted has been the introduction of regulations which specify that TBTF banks must now have “living wills” as part of their risk management.  The idea is that these – if implemented in a real-world crisis – will allegedly prevent contagion should a ‘systemically important’ institution go insolvent:

http://www.shearman.com/~/media/Files/NewsInsights/Publications/2012/05/Living-Will-Requirements-for-Financial-Instituti__/Files/View-full-article-Living-Will-Requirements-for-F__/FileAttachment/LivingWillRequirementsforFinancialInstitutionsFI__.pdf

However, as the article link below implies, risk managers are still ‘fighting the last war’ – and may be solving a problem which is not even close to being the biggest systemic threat on the horizon:

http://www.theguardian.com/sustainable-business/2015/oct/24/cyber-attacks-could-be-bigger-threat-to-our-banking-system-than-bad-debts

If you’re a company’s Chief Risk Officer (CRO), it is quite easy to tell your bosses that you’ve dealt with a problem which has already played out in the real world; it’s essentially modeling a scenario which has already happened, stress-testing how your company performs in that scenario (and some slightly more severe stress scenarios), then putting it all together in a self-promoting PowerPoint demonstrating how well your company manages its risk.

It’s another thing entirely to tell them the unvarnished truth:

“I lie awake every night worrying about our company’s IT infrastructure because it may end up ruining not just our company but the entire global economy.  It’s imperative that we invest millions to upgrade our technology and integrate our various systems.”

However, telling the unvarnished truth is an easy way to become unemployed very quickly.

You're Screwed

“Well, under a variety of scenarios, our models converge to the same result…”

The scenario in question is described in The Guardian article link above – a major IT infrastructure failure at a major bank or cyber-attack causing a widespread failure in the electronic financial system.

We witnessed how the failure of just one systemically-important institution can trigger a domino-effect back when Lehman Brothers declared bankruptcy in September 2008.  However, what happens if an IT -infrastructure failure event as described above hits multiple large multinational financial institutions simultaneously?

I’ve worked as an actuary for nearly two decades; managing risk is supposed to be a critical part of my profession.  As the article implies, creaky IT infrastructure can mean that a system can break down completely over an extended period due to under-investment.  Additionally, these weaknesses mean it can be brought down easily in multiple ways by various forms of cyber-attack.  This is a HUGE systemic risk… but where has the funding to fix this been historically?  Where are the brainstorming task forces to identify & resolve problems of outdated IT infrastructure?  Lastly, where has the regulatory enforcement been to hold these institutions accountable in addressing these systemic concerns?

Sadly, the will to truly fix the problem does not exist – only ‘band-aids’ are funded so that the nothing major breaks under the watch of the current leadership regime.  The pressure for short-term financial performance ensures there is little meaningful planning for future ‘history-altering events’. This is especially true regarding the idea of implementing proactive countermeasures to avoid a cascading contagion effect which shuts down the economy of an entire country, continent, or the whole world.

This is why it is necessary to consider what is possible within the constraints of the real world instead of simply relying upon the outputs from the controlled structure of a stress-test model.  In the real world, lives are at stake – not just numerical outputs.  If the problem is widespread (i.e. continent-wide) and lasts a sufficiently long duration, it could result in complete societal breakdown.

As an actuary who views ‘managing risk’ as a professional responsibility to the public at large, seeing such a lackluster response on the part of executives & regulators is mind-boggling.  A major part of my education & training was spent demonstrating the societal necessity of wealth protection– not just for customers of your employer, but also for society as a whole.

Systemic failure of the electronic financial system – even for a relatively short duration of a day or two – would have catastrophic effects on societal wealth.  I’m convinced that there needs to be a viable work-around that can be implemented quickly and on a wide-scale to ensure that commerce can still continue. At a minimum, critically needed supplies and services must be made available for those who need them.

If we can maintain a baseline level of commerce via creative yet legal means using principles of insurance, we can obviously achieve the primary objective of saving lives and minimizing harm across the population.  But for those insistent on prioritizing money over people during such a crisis, you’re in luck because there are substantial financial benefits to maintaining the distribution system.  Simply, if civilization goes to hell in a hand-basket, what will be your return on investment?  You’ll probably lose everything – possibly even your life.  Whereas suffering a moderate financial loss due to sharing the burden of keeping commerce a functional level is a vastly superior outcome regarding ‘return on investment’.

Much of that was written tongue-in-cheek; if this scenario happens, it is absolutely imperative to look beyond the bottom line or balance sheet of your employer given the scope of this crisis.  This article is about using an obscure insurance product and modifying it to serve the public interest during a difficult period.  Finance must serve people – not the other way around.

Inside Box Outside ThinkingThinking outside the Box

In the following article, such a multi-institution attack is discussed at length and proposals by a regulator are laid out.  However, there do not appear to have been major regulatory initiatives put in place since this was published in February 2015:

http://www.usatoday.com/story/money/business/2015/02/25/lawsky-goldman-sachs-banks/23995979/

This concern is not solely isolated to the U.S., as the following article shows.  Once again, no major initiatives have been enacted since publication:

http://pubdocs.worldbank.org/pubdocs/publicdoc/2015/5/285251432913965615/Cyber-Preparedness-Seminar-Working-Paper-May-2015.pdf (original link no longer works)

CyberPreparednessSeminarWorkingPaperMay2015 (PDF download of above link)

At this point, what is simply discussed is more reliance on ‘self-reporting’ and ‘self-managing’ of IT risks.  Nothing truly innovative is considered as an action plan in the event of a full-blown crisis. 

The solution I am proposing is likely easier to implement than martial law, safer for the populace, and may ultimately end up being substantially cheaper if agreement can be achieved from all stakeholders quickly and amicably.  It doesn’t rely on guns, curfews, and military rations.  Rather, it relies on cooperation at all levels of society, and is modeled upon a type of Property & Casualty (P&C) coverage called “Business Interruption Insurance” (BII).  But the scope is much broader than what is typically covered under those policies for reasons which will be obvious as we go along.  For a primer on the mechanics of BII, please read the articles at the following links:

Additionally, the following articles regarding insurance pose interesting concepts regarding potential impacts of actions mandated by civil authority, inter-jurisdictional cooperation, and ultimately the role of the insurance industry within society itself:

There is a lot of information to process in the above links.  To summarize, they are presented primarily as support of the thesis that “the insurance industry is vital to commerce in our modern economic system, and as an industry it has a responsibility to serve the public interest.”

One obvious implication of this is that insurers are often liable when the ‘unthinkable’ happens – via either direct financial loss or indirect damage to reputation should they successfully avoid substantial losses (“Avoid that insurer because THEY don’t pay claims!”).  Moreover, if the electronic financial system goes down globally for even just a few days – what would be the long-term economic impacts?  Once all various systems come back online, a global depression could be the ultimate consequence.  Moreover, the entire financial sector could become embroiled in bankruptcies, forced mergers/acquisitions (such as Geithner’s March 2008 “shotgun marriage” of Bear Stearns & J.P. Morgan), or litigation – tying up resources which could have been deployed to bring back the real-world economy from a crisis.

Given these possible outcomes of a widespread outage of infrastructure relating to the electronic financial system – perhaps solving the problem by thinking ‘outside the box’ is a better alternative to complete societal breakdown?

In the next section, we’ll discuss how bagels & business interruption insurance can save the world from a crisis.

Bagel“A Penny for Your Thoughts, a Bagel for Your Honesty”

In 2005, the book Freakonomics was published, turning a few nuggets of conventional wisdom regarding microeconomics upside-down.  One notable story featuring Paul Feldman a.k.a. “The Bagel Man” gave a particularly insightful window into the mind of consumers.

The links below describe in detail the results of Feldman’s economic experiment.

The experiment showed how ‘honest’ people were regarding payment via an honor-system in percentage of receivables collected.  Restated, each day Paul Feldman delivered bagels and a wooden box for payment collection, and he’d come around again at noon to collect the wooden box of payments.  Naturally, payment rates were not 100%.  However, he did end up collecting at or above a rate of 87%.  The YouTube video above at the 1:37 mark shows that after 9/11, Feldman saw payment rates increase by 2% and they remained elevated for at least 3-4 years until the book’s initial printing.

This was accomplished simply using an honor system regarding same-day payments – within 4-6 hours – and not spending any time making multiple attempts to collect the additional 11%-13%.  In order for him to make money at what he considered a fair level, he would simply have to add a surcharge to account for the 13% payment failure rate.

Some interesting factors impacted the rate of payment collections:

  • A (temporary) society-galvanizing event such as 9/11 increased payment rates.
  • Smaller offices (based upon number of employees) had higher rates of payment.
  • Higher-paid employees such as executives had lower rates of payment.
  • Poor weather correlated with lower payment rates, and unseasonably pleasant weather tended to increase payment rates over baseline experience.
  • Using holidays as a gauge, it was observed that relative decreases in terms of individual stress resulted in higher rates of payment.  This was most prominent during ‘long weekends’ such as Memorial Day & Labor Day.  Conversely, holidays such as Thanksgiving & Christmas resulted in lower payment rates.
  • If people perceived that they were being held accountable (non-bagel example in the YouTube link above), they were substantially more likely to pay up.  This is analogous to the use of scarecrows by farmers as deterrents.

This is highly relevant data, because we now have:

  • A potential work-around which could restore confidence in retailers & wholesalers to keep their doors open.  This would be a massive implementation of the principles of BII coverage to establish a third-party ‘payer of last resort’ as a means to restore confidence that commerce can occur in a fair and legal manner.  (Author’s Comment: Numerous possibilities exist regarding the structure of such a ‘third-party payer’.  For this article, the assumption is that funding sources for this backstop mechanism would vary by jurisdiction and would be both implemented and enforced by civil authority without necessitating martial law.)
  • Key information regarding consumer behavior which can be used to make the suggested work-around financially and logistically feasible quickly and on a wide-scale.

In the infrastructure failure scenario which I’ve described, the electronic financial system could be non-functional for a period of days or even weeks.  While this longer duration would likely change the dynamics of consumer behavior, the general principle is that the use of an honor system in lieu of payment at time of purchase would result in the vast majority of people making good on potential purchases.  This longer duration could be favorable in that additional attempts can be made to contact persons who have not followed through with payment – substantially raising the rate of ultimate payment by consumers.

The method of rapid & widespread implementation will be to use the primary documentation of any financial transaction – the receipt – as a form of scrip currency:

https://en.wikipedia.org/wiki/Scrip

[PFC Ed. note: in this link we propose a draft of a scrip you can make and use also http://communityleadersbrief.org/2015/09/06/a-business-continuity-plan-for-producers-distributors-and-retailers-of-essential-goods/. This can be useful in the case of temporary disruptions of the power grid and communications. It can be used for claims upon failed payments]

The next section will describe in detail how this can be implemented widely via a coordinated yet rapid response by civil authority, local business leaders, and local politicians.

EVERYTHING WAS ONCE...How It Will All Work – Receipts As Scrip Currency

This section describes basic principles governing individual transactions for retailers, wholesalers, and all other forms of commerce where goods and services are provided in exchange for payment in an accepted currency within a given jurisdiction.  Note that this is presented as a tataki-dai or “straw-man”.  Improvements or modification to the base concepts presented are encouraged as long as they accomplish the objective of maintaining commerce within a given jurisdiction in a peaceful and equitable manner.

Ideas for Implementation – Retailers

    • Enter “mode of payment” as cash.
    • Create two copies of receipt, which will function as an “IOU” where the consumer pledges to reimburse the retailer once electronic financial transactions are again working.
    • Customer must sign & date both copies of receipt; cashier must initial & date receipt.
    • For purchases above a certain threshold such as $50, customer must provide contact information such as physical address, phone number, or email address.
    • All receipts which represent amounts uncollectable can be submitted as claims under existing BII coverage.  If this coverage is deemed not to be applicable based upon the terms in a given commercial policy, indemnification can be sought via third-party reimbursement (see “Author’s Comment” above).
    • Online transactions for existing customers:  In situations where customer & online retailers have existing relationships, any electronic fund transfers would simply be take place when the financial system comes back online.  In other words, it could be business as usual since bank account and credit/debit card information would already have been exchanged.
    • Online transactions for new customers:  Processing of new online customers would be difficult since verification of account information would be nearly impossible if banks themselves are closed while electronic financial transactions are offline.  If they remain open for accessing ‘frozen’ customer account information, then it would be possible for a retailer to verify account information directly with customer service representatives at banks.

Ideas for Implementation – Wholesalers and other “Business-to-Business” transactions

  • These are actually a bit easier to implement, because all purchases would simply be handled via normal processing of ‘accounts payable’, and all goods sold or services provided would simply be handled via normal processing of ‘accounts receivable’.  Sales would simply be extensions of credit and financial settlement of all transactions would occur once electronic financial transactions are functional again.  Each company would be responsible for developing its own policy framework regarding necessary documentation, ‘approval’ of credit, and other logistical considerations as well as the communication thereof to counter-parties in all transactions.
  • A key concern here would be a temporary moratorium regarding bankruptcies or insolvencies of businesses which could arise from cash-flow problems.  All businesses would be forced to remain open until all transactions from the shutdown period have been processed and payment received from consumers, indemnification via existing commercial insurance (BII), or any third-party reimbursement.  Only after this process has been completed could declarations of bankruptcy or insolvency be resumed under normal legal & financial proceedings.

Considerations Regarding Widespread Coordination & Implementation

Key Stakeholders (despite the presented order, all are vitally important)

  • Governor (Mayor)
  • Legislature (City Council)
  • Chamber of Commerce
  • Insurance Regulatory Bodies (Examples:  U.S.> NAIC & State Insurance Commissioners; Canada> OSFI; Great Britain> FSA; EU> European Commission; Australia> APR
  • Utility Companies
  • Note – while not dedicated specifically to keeping the distribution system running, local law enforcement personnel as well as National Guard units can provide additional assistance such as guiding traffic of critical supply convoys or in distributing food, water, & medicine where circumstances necessitate their involvement.  Maintaining a low profile would ease concerns about martial law which would inevitably arise during such a crisis.

Resources Needed – Immediate

  • Additional on-duty cashiers at retailers
  • Friendly ‘oversight’ at retailers – think “Walmart Greeters” but more of them with greater interaction with customers (Purpose is to ‘personalize’ each transaction and encourage people verbally upon leaving to follow through with payment as a civic duty.)
  • Temporary Accounting Staff
  • Creation of Public Service Announcements to be disseminated via all forms of media
    • Describe the situation in terminology all persons can understand
    • Educate people on what is needed on the part of individuals as well as businesses
    • Encourage businesses to hire additional retail staff to mitigate longer checkout times
    • Request volunteers for additional support mechanisms such as door-to-door checking on the elderly and disabled or participation in neighborhood watch groups as a deterrent to crime.
    • Encourage public monitoring of businesses to ensure no price-gouging or profiteering occurs (One idea – for persons paying via receipt “scrip”, add a surcharge of 5% or 10% per purchase.  Conversely, for persons paying with cash or silver coin, offer a 5% discount per purchase.)
    • Encourage charitable acts, swap meets, street-wide yard sales, and peer-to-peer transactions such as direct trade and barter as additional supplements to ensure necessities can be obtained where critically needed.

Resources Needed – Longer-Term

  • Persons experienced in reviewing and processing insurance claims
  • Forensic Accountants for investigation of claim legitimacy
  • Temporary Accounting Staff
  • Increased auditing oversight to review reported instances of price-gouging and/or profiteering.
  • If specific parties are shown to be financially responsible for causing harm due to the financial system being offline, then subrogation can commence to seek indemnification for any financial losses incurred on the part of individuals, businesses, and local governments.  A compensation fund could also be created such as those which result from class-action lawsuits.  It goes without saying that qualified persons of integrity would be needed to oversee and administer disbursement of monies should this occur.

Final Thoughts

This article describes the scenario of an unprecedented & crippling widespread financial crisis resulting either from IT infrastructure failure or cyber-attack.  The action steps outlined above represent a basic plan.  It is almost certain that significant modifications would be necessary – varying by region, culture, legal system or other unique circumstances not discussed above.

The primary point of the article is to emphasize that such a scenario need not be an insurmountable problem.  Getting in front of the developing story is the key.  A reassuring tone would need to be quickly established by civic & business leaders by forming agreements regarding the development of workable solutions, clearly communicating these via the media, and rapid implementation to maintain the public’s confidence.  If this is accomplished, then social unrest can be minimized so resources are deployed toward the actual distribution of goods and services instead of maintaining law & order.  Keeping the public calm for the first 48-72 hours should ensure that the rest of the shutdown period should proceeds smoothly until all systems are back online.

How-the-Insurance-Industry-Can-Help-If-the-ATMs-Stop-Working.pdf (2201 downloads )

Leave a Comment