2222222222

2014 Power Broker

Winning the Benefits Battle

Health care reform led to late nights and intense demands on some Power Broker® winners.
By: | February 18, 2014 • 8 min read

Employees at the national headquarters of the American Legion Auxiliary liked their health insurance plan, but they weren’t able to keep it.

Like five million other plans, their health plan was cancelled last year, leaving the Indianapolis-based veterans services organization scrambling to cover its employees.

“Anthem Blue Cross Blue Shield did away with all of their small group policies and made new ones,” said Donna Parrott, HR director of the nonprofit organization.

Fortunately for the group, they had Kevin Wiskus, an executive vice president at the Hays Cos., to protect their interests.

Wiskus, a 2014 Power Broker® winner in the Employee Benefits category, was able to find a plan that — ever mindful of the nonprofit organization’s fiscal constraints — reduced the organization’s health plan costs by about 10 percent, Parrott said.

PowerBrokerSquare2014o-200

To see all 2014 Power Broker winners, click here.

Wiskus was an area vice president at Gallagher Benefit Services when he put together a benefits solution for the American Legion Auxiliary. And, said Parrott, “it was about 16 percent cheaper than what Anthem recommended.”

“He goes above and beyond,” she said. “We are a small group but he doesn’t treat us as a small group. You would think we were his only client the way we get that personal touch.”

Going above and beyond is emblematic of Power Broker® winners in 2014 — and not just those focused on employee benefits plans.

But while Superstorm Sandy focused attention last year on the Power Brokers specializing in property, this year, it’s the Affordable Care Act that is taking center stage.

Advertisement




Employee benefits consultants and brokers have had to find ways to dig through 11,000 pages of regulations — regulations that have been changed at the last minute — and excavate the necessary information to protect their clients.

As individuals struggled to sign up via poorly functioning online sites and health care carriers fretted about an adverse risk pool, brokers and consultants stepped in to find solutions.

“It’s creating a lot more work for us as consultants to make sure our clients are following all the laws, and making them aware of the taxes and additional costs to them,” said Kim Clark, an account director at Gallagher Benefit Services.

“I am hopeful that 2014 is easier than 2013,” she said. “I can’t imagine it getting harder than it was this past year.

“The carriers had to make changes to every single one of their plans for Jan. 1. Even if employers didn’t want to change their health plans, there were plan changes because of health care reform,” said Clark, a 2014 Power Broker® in the Employee Benefits category.

Transitioning Plans

A survey of health insurance brokers by Morgan Stanley found that quarterly-reported year-over-year rates in December 2013 were rising in excess of 6 percent in the small group market, and 9 percent in the individual market, according to an article in Forbes by Dr. Scott Gottlieb, a resident fellow at the American Enterprise Institute, a Washington think tank.

It is the largest reported increase since the firm started its quarterly surveys of brokers in 2010, he wrote. “Much of the rate increases are attributable to Obamacare.”

Deb Mangels,  Senior Vice President, ABD Insurance and Financial Services

Deb Mangels,
Senior Vice President,
ABD Insurance and Financial Services

Thanks to Deb Mangels, senior vice president at ABD Insurance and Financial Services, the results were much more positive — and affordable — at the Piedmont Unified School District.

“It’s been an amazing year for us. We have transitioned our health care plans and it’s so much more than we have had,” said Michael Brady, assistant superintendent of the district, which employs more than 360 teachers, administrators and support staff in six schools near Oakland, Calif.

Mangels, a 2014 Public Sector Power Broker®, transitioned the district’s employee coverage from a health benefits pool with unsustainable cost increases to its own carrier at the same time the district was instituting its first medical benefits cap and increased premiums, following some “very intense labor negotiations,” Brady said.

“They reworked all of the plans,” negotiated a 15-month plan year so all plans would be on the same cycle, and added an online open enrollment tool. For the same benefits as the pool plan, the district’s employees pay about $100 less each month in premiums, he said.

Plus, employees have the option of choosing among some plan options related to copay and deductibles that were not available in the pool.

“I have never felt that we were in a better place than we are right now,” Brady said.

Communication is Key

When one HR director for an oil and gas drilling services company was holding employee meetings to discuss the introduction of a high-deductible plan, she faced resistance.

Advertisement




The materials she used to illustrate the changes were hampering her ability to clearly explain to employees and to foreign corporate parents the company’s new health benefit plans and options.

That’s when she called James Bernstein, a principal at Mercer and a 2014 Employee Benefits Power Broker® — at midnight that night. He’s the consultant she counts on to keep his eye on both the big picture and the gritty details necessary to keep her organization in compliance and on top of everything.

By the time she woke up in the morning, Bernstein had prepared and sent her a new set of PowerPoint slides that offered more clarity on the health benefit plans.

“I really couldn’t do this without him,” said the HR director. “I’ve got 10 balls in the air, and he will make sure I don’t drop one of them.”

R2-14p26-28_01ACA.indd

Effective communication tools and strategies are a crucial part of plan design changes, said Robert Ditty, a partner at Mercer, and a 2014 Employee Benefits Power Broker®.

“You can design a plan until you are blue in the face but if people don’t understand it, you will not get the results you want,” he said.

 Consumerism Takes Hold

Many plan design changes took place this year with his clients, Ditty said, because employers needed to make changes due to the ACA anyway. As a result, they opted to move ahead with some strategic alternatives that had been under consideration for a while.

One popular option among his mid-size and large company clients was the transition to a high-deductible health plan, coupled with health savings accounts and health reimbursement accounts.

The health care reform law “made people re-evaluate … and it really expedited that strategy for a substantial portion of clients.”

Analyzing and strategizing around health benefits isn’t going to end any time soon.

Robert Ditty Partner, Mercer, Atlanta

Robert Ditty
Partner,
Mercer, Atlanta

Ditty’s clients are already trying to prepare for a substantial excise tax that kicks in in 2018. That tax — which requires employers to pay a 40 percent tax on health care costs that exceed federally defined thresholds — is better known as a penalty on so-called Cadillac plans. He said, however, that thresholds imposed for the federal tax will fall on “employers who are not offering very generous or rich plans.”

Instead, as the regulations are now written, they will affect many employers who have older workers and higher health care costs. “A significant portion of my clients are projected to hit this threshold in 2018, and they don’t have rich plans,” Ditty said.

That tax will join the other taxes imposed this year on employers. All of these developments have made life interesting of late for employee benefits consultants — “interesting,” as in the Chinese curse: “May you live in interesting times.”

 Budgetary Concerns

It was those additional fees imposed this year that forced Gallagher’s Clark to seek out different health plan designs for her clients.

The ACA-imposed taxes — either directly borne by employers or probably passed along as increased premiums because they are paid by health insurers — are the Patient-Centered Outcomes Research Institute Fee (PCORI); a Marketplace User Fee that “could be almost 3 percent of their premium,” Clark said; a Transitional Reinsurance Program Assessment Fee; an Annual Health Insurance Industry Fee; and a Risk Adjustment Program and Fee.

Often, she said, employers had to change plan design “to help their budget to account for those additional costs.”

Also adding costs were some other requirements in the ACA, such as requiring pediatric dental benefits on all plans, even if the policyholders did not have children or their children were older than 18.

Advertisement




One other wrinkle in the ACA, which is playing out in the courts, is the need for all plans to include contraception benefits. That offered a unique challenge for Jan Wigen, a principal at Mercer, who was working with a religious institution.

The faith-based organization, a Catholic college, refused to pay for the benefit. Wigen, a 2014 Employee Benefits Power Broker®, helped the college secure separate contraceptive coverage through an insurer without having to pay for it, itself. She then provided separate enrollment cards and communication tools so the college could comply with the law and employees could have the coverage, without administrators breaking the dictates of their faith.

That was a regulation that had a fairly limited employer impact, but there was plenty of fodder in the ACA for angst to be created among employers of all sizes and shapes — and their brokers as well.

“I can’t think of an employer I talked to or worked with,” Ditty said, “where the law is not driving them in many instances to be more proactive about how they manage their benefit programs. … They have really become progressive in what they are doing from a strategic standpoint.”

For those employers lucky enough to have Power Brokers as their consultants, the process will run a bit smoother and the results will likely be a bit better, even as the demands on them increase and the regulations continue to change.

R2-14p26-28_01ACA.indd

Anne Freedman is managing editor of Risk & Insurance. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

Cyber Resilience

No, Seriously. You Need a Comprehensive Cyber Incident Response Plan Before It’s Too Late.

Awareness of cyber risk is increasing, but some companies may be neglecting to prepare adequate response plans that could save them millions. 
By: | June 1, 2018 • 7 min read

To minimize the financial and reputational damage from a cyber attack, it is absolutely critical that businesses have a cyber incident response plan.

“Sadly, not all yet do,” said David Legassick, head of life sciences, tech and cyber, CNA Hardy.

Advertisement




In the event of a breach, a company must be able to quickly identify and contain the problem, assess the level of impact, communicate internally and externally, recover where possible any lost data or functionality needed to resume business operations and act quickly to manage potential reputational risk.

This can only be achieved with help from the right external experts and the design and practice of a well-honed internal response.

The first step a company must take, said Legassick, is to understand its cyber exposures through asset identification, classification, risk assessment and protection measures, both technological and human.

According to Raf Sanchez, international breach response manager, Beazley, cyber-response plans should be flexible and applicable to a wide range of incidents, “not just a list of consecutive steps.”

They also should bring together key stakeholders and specify end goals.

Jason J. Hogg, CEO, Aon Cyber Solutions

With bad actors becoming increasingly sophisticated and often acting in groups, attack vectors can hit companies from multiple angles simultaneously, meaning a holistic approach is essential, agreed Jason J. Hogg, CEO, Aon Cyber Solutions.

“Collaboration is key — you have to take silos down and work in a cross-functional manner.”

This means assembling a response team including individuals from IT, legal, operations, risk management, HR, finance and the board — each of whom must be well drilled in their responsibilities in the event of a breach.

“You can’t pick your players on the day of the game,” said Hogg. “Response times are critical, so speed and timing are of the essence. You should also have a very clear communication plan to keep the CEO and board of directors informed of recommended courses of action and timing expectations.”

People on the incident response team must have sufficient technical skills and access to critical third parties to be able to make decisions and move to contain incidents fast. Knowledge of the company’s data and network topology is also key, said Legassick.

“Perhaps most important of all,” he added, “is to capture in detail how, when, where and why an incident occurred so there is a feedback loop that ensures each threat makes the cyber defense stronger.”

Cyber insurance can play a key role by providing a range of experts such as forensic analysts to help manage a cyber breach quickly and effectively (as well as PR and legal help). However, the learning process should begin before a breach occurs.

Practice Makes Perfect

“Any incident response plan is only as strong as the practice that goes into it,” explained Mike Peters, vice president, IT, RIMS — who also conducts stress testing through his firm Sentinel Cyber Defense Advisors.

Advertisement




Unless companies have an ethical hacker or certified information security officer on board who can conduct sophisticated simulated attacks, Peters recommended they hire third-party experts to test their networks for weaknesses, remediate these issues and retest again for vulnerabilities that haven’t been patched or have newly appeared.

“You need to plan for every type of threat that’s out there,” he added.

Hogg agreed that bringing third parties in to conduct tests brings “fresh thinking, best practice and cross-pollination of learnings from testing plans across a multitude of industries and enterprises.”

“Collaboration is key — you have to take silos down and work in a cross-functional manner.” — Jason J. Hogg, CEO, Aon Cyber Solutions

Legassick added that companies should test their plans at least annually, updating procedures whenever there is a significant change in business activity, technology or location.

“As companies expand, cyber security is not always front of mind, but new operations and territories all expose a company to new risks.”

For smaller companies that might not have the resources or the expertise to develop an internal cyber response plan from whole cloth, some carriers offer their own cyber risk resources online.

Evan Fenaroli, an underwriting product manager with the Philadelphia Insurance Companies (PHLY), said his company hosts an eRiskHub, which gives PHLY clients a place to start looking for cyber event response answers.

That includes access to a pool of attorneys who can guide company executives in creating a plan.

“It’s something at the highest level that needs to be a priority,” Fenaroli said. For those just getting started, Fenaroli provided a checklist for consideration:

  • Purchase cyber insurance, read the policy and understand its notice requirements.
  • Work with an attorney to develop a cyber event response plan that you can customize to your business.
  • Identify stakeholders within the company who will own the plan and its execution.
  • Find outside forensics experts that the company can call in an emergency.
  • Identify a public relations expert who can be called in the case of an event that could be leaked to the press or otherwise become newsworthy.

“When all of these things fall into place, the outcome is far better in that there isn’t a panic,” said Fenaroli, who, like others, recommends the plan be tested at least annually.

Cyber’s Physical Threat

With the digital and physical worlds converging due to the rise of the Internet of Things, Hogg reminded companies: “You can’t just test in the virtual world — testing physical end-point security is critical too.”

Advertisement




How that testing is communicated to underwriters should also be a key focus, said Rich DePiero, head of cyber, North America, Swiss Re Corporate Solutions.

Don’t just report on what went well; it’s far more believable for an underwriter to hear what didn’t go well, he said.

“If I hear a client say it is perfect and then I look at some of the results of the responses to breaches last year, there is a disconnect. Help us understand what you learned and what you worked out. You want things to fail during these incident response tests, because that is how we learn,” he explained.

“Bringing in these outside firms, detailing what they learned and defining roles and responsibilities in the event of an incident is really the best practice, and we are seeing more and more companies do that.”

Support from the Board

Good cyber protection is built around a combination of process, technology, learning and people. While not every cyber incident needs to be reported to the boardroom, senior management has a key role in creating a culture of planning and risk awareness.

David Legassick, head of life sciences, tech and cyber, CNA Hardy

“Cyber is a boardroom risk. If it is not taken seriously at boardroom level, you are more than likely to suffer a network breach,” Legassick said.

However, getting board buy-in or buy-in from the C-suite is not always easy.

“C-suite executives often put off testing crisis plans as they get in the way of the day job. The irony here is obvious given how disruptive an incident can be,” said Sanchez.

“The C-suite must demonstrate its support for incident response planning and that it expects staff at all levels of the organization to play their part in recovering from serious incidents.”

“What these people need from the board is support,” said Jill Salmon, New York-based vice president, head of cyber/tech/MPL, Berkshire Hathaway Specialty Insurance.

“I don’t know that the information security folks are looking for direction from the board as much as they are looking for support from a resources standpoint and a visibility standpoint.

“They’ve got to be aware of what they need and they need to have the money to be able to build it up to that level,” she said.

Without that support, according to Legassick, failure to empower and encourage the IT team to manage cyber threats holistically through integration with the rest of the organization, particularly risk managers, becomes a common mistake.

He also warned that “blame culture” can prevent staff from escalating problems to management in a timely manner.

Collaboration and Communication

Given that cyber incident response truly is a team effort, it is therefore essential that a culture of collaboration, preparation and practice is embedded from the top down.

Advertisement




One of the biggest tripping points for companies — and an area that has done the most damage from a reputational perspective — is in how quickly and effectively the company communicates to the public in the aftermath of a cyber event.

Salmon said of all the cyber incident response plans she has seen, the companies that have impressed her most are those that have written mock press releases and rehearsed how they are going to respond to the media in the aftermath of an event.

“We have seen so many companies trip up in that regard,” she said. “There have been examples of companies taking too long and then not explaining why it took them so long. It’s like any other crisis — the way that you are communicating it to the public is really important.” &

Antony Ireland is a London-based financial journalist. He can be reached at [email protected] Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]