IIAG Annual Convention – What You Missed Too

My last post described what Harrison Brooks of Reagan Consulting had to say to those who attended IIAG’s annual convention earlier this month about major trends affecting the insurance industry.  He also had some advice on how an agency can determine if it is doing what needs to be done to be successful in the long term.  That advice focused on three measurements that will allow an agency to compare itself to the most successful agencies.  These three measurements involved sales, hiring of new producers, and their validation.

Organic growth is the key to the long term success of any agency.  Such growth is the result of increases in the commissions and fees received from an agency’s existing customers due to the sale of additional products and services to them and from new customers.  The best way to measure this growth is comparing the amount of net new business revenue in a year to the prior year’s total net revenue.  That fraction tells an agency its sales velocity.  If the sales velocity is 15% or more, your agency is doing what the most successful agencies are doing.  For an even more secure future, at least 7.5% of the sales velocity should be coming from producers who are under 45 years of age. (For a more information on the concept of sales velocity, click here to register for a free webinar on that subject on June 28, 2017.)

In order to sustain organic growth, it is necessary to hire new producers.  Mr. Brooks showed an amusing video of man on the street type reactions of millennials to the question of what they thought about working in the insurance industry.  The comments made revealed a profound lack of knowledge of what is involved in that industry.  Mr. Brooks’ recommendations for how to interest millennials in becoming a producer was to emphasize four things: (1) it provides an opportunity to build relationships with customers, (2) it involves consulting with customers about solving their problems, (3) it provides the opportunity to build a book of business, and (4) it involves providing quality products they can believe in.  It is not about hard selling people to buy things they don’t need or want.

The way to determine whether an agency is hiring enough producers each year is to compare the number of new producers hired to the number of producers working for the agency during the prior year.  That fraction tells the agency its hiring velocity.  Anything 20% or above is an indicator of a healthy agency.

Once hired, a new producer has to quickly be able to pay for themselves.  Mr. Brooks recommended giving a new producer only six months to show they had the ability to do that.  If they did not show such ability, he advised firing them and hiring someone else. A successful new producer hire will fully validate themselves in three to five years.  Mr. Brooks standard for full validation was bringing in $40,000 to $60,000 a year in new business and building a book of business that at the end of the above time period would be worth (at 1.5 times commissions) what it cost the agency to train and pay them during that time period.

Mr. Brooks advised not to let the failure of a producer to validate himself or herself in three to five years discourage new hires.  The most successful agencies only have new producers meet that standard a little over 50% of the time.  So a roughly 50% failure rate is to be expected.  To give new producers the best chance to validate themselves, Mr. Brooks recommended having a well thought out plan for training and mentoring them and sticking with that plan.

 

IIAG Annual Convention – What You Missed

The 120th annual meeting of the Independent Insurance Agents of Georgia was held earlier this month.  It began earlier than usual with a two hour legislative panel on Thursday afternoon followed by morning meetings on Friday and Saturday, which ended an hour earlier than usual.  However, the information and networking opportunities provided were as valuable as always.

The legislative panel acknowledged that the 2017 session of the General Assembly was not as productive as it could have been, mainly due to political reasons.  2018 is an election year and several members of the House and Senate were positioning themselves for runs for higher office, in particular the governor’s office. This led to the failure to pass some laws what were considered to be non-partisan and broadly supported, including a bill to reform Georgia’s adoption code and to permit the Insurance Commissioner’s Office to enforce the payment to agents by health insurance companies of the commission rates that are specified in their filings with that Office.    Unfortunately, it does not look like things will get any better in 2018.

On Friday morning, Harrison Brooks of Reagan Consulting spoke about trends affecting the insurance industry.  Mergers and other acquisition transactions hit an all time high in 2016, and 2017 is off to an even better start.  This activity is primarily due to the record amount of money being spent by private equity firms to buy insurance agencies.  Such firms purchased over half of all agencies sold in 2016.  The prices being paid for best practices agencies averaged eight times earnings before interest, taxes, depreciation, and amortization (EBITDA), with the potential to earn three times more over an earn out period after the sale closes.  However, almost as many new agencies have been formed in the past five years as have been purchased, so the industry remains in balance.

For those agencies looking to grow by acquisition, Mr. Brooks recommended looking locally, within a 30 minute radius of your current location.  He advised looking for other agencies that have good leadership, younger producers and/or other staff, serve a different geographic area, and have developed a specialization that gives them a competitive advantage.  If can’t afford to buy another agency, Mr. Brooks suggested looking for good producers at other agencies, the younger the better.

Another big trend affecting the insurance industry is the rise of what is referred to as “InsureTech.”  In recent years, over $6 billion has been invested in technology companies like Lemonade that purport to offer a new or more efficient way to buy insurance.  This investment has been made in four main areas:  health insurance, auto insurance (pay by the mile), on demand insurance (individual items insured for specified periods of time), and peer to peer insurance (Lemonade).

In Mr. Brooks’ opinion, InsureTech was the greatest threat to independent insurance agencies that rely heavily on personal lines business, but small commercial lines competition would soon be coming.  His advice for agencies was to upgrade their ability to conduct business electronically, especially on mobile devices.  There are many resources available for agencies who want to do so; IIABA’s Agents Council For Technology, Insurance Digital Revolution, and CB Insights being some.

Mr. Brooks also had some things to say about how independent insurance agencies can determine if they are on the right track in terms of growth and the hiring of new producers.  His comments on those topics will be the subject of my next post.

Do You Know What a QSEHRA Is?

If you don’t know the answer to the above question, you should for it can be a benefit to both your agency and your small commercial lines customers.  QSEHRA stands for “Qualified Small Employer Health Reimbursement Arrangements”, which were created by the 21st Century Cures Act that was signed by President Obama just over three weeks ago.  Many of you may be familiar with Health Reimbursement Accounts (“HRA”), which permitted employers to give money tax-free to their employees for use in paying health care related expenses, including, but not limited to, premiums for health insurance.  Unlike Section 125 flexible spending accounts, any money left over in a HRA at the end of the year could be rolled over for use in later years.

Before the Affordable Care Act (“ACA”) was passed, HRAs were popular with employers who could not afford to provide group health insurance coverage to their employees, but wanted to offer some help with the payment of medical expenses.  With the passage of the ACA, contributions to a HRA could no longer be used to pay for health insurance premiums and the rules regarding for what such contributions could be used became so complex that HRAs fell out of favor.

Under the new law, HRAs that allow for the use of funds contributed to them to pay for health insurance premiums and other health care related expenses of employees are now permitted for some employers with added restrictions.  The first part of QSEHRA tells you who those employers are, Qualified Small Employers.  These are employers who are not subject to the mandates of the ACA (i.e., those with less than 50 full-time equivalent employees) and who do not offer group health insurance coverage to their employees.  As with HRAs, the employer must fund an account on the same terms and conditions for each eligible employee (anyone who has been employed for at least 90 days).  Also. like HRAs if the funds are used for covered health care related expenses, they are tax free to the employee, but now only if the employee has minimum essential health insurance coverage as defined by the ACA.  If not, any amounts paid out of the QSEHRA are taxable income to the employee.

Each employee must be given an annual notice informing them of the above fact and that if the employee applies for health insurance coverage on a federal or state exchange, they must disclose the amount of the benefit available to them under the QSEHRA, which amount will reduce the amount of any premium tax credit for which the employee may be eligible.  The annual notice must also state the amount of money the employer will make available for the employee’s use.  That amount is capped at $4,950 a year for the employee, but can go up to $10,000 if the employee can use the funds to pay for health care related expenses for family members.  These caps are subject to annual increases if the cost of living index used increases. (Click here for the presentation slides of a webinar that contain more detailed information on QSEHRAs.)

Many of you may be thinking why should I explore setting up a QSEHRA program if the ACA is going to be repealed by the incoming Congress.  That will most likely happen, but no one knows when that repeal will actually be effective and what parts of the ACA will be affected by it.  In the meantime, the existence of such a benefit would be helpful in keeping current employees and attracting qualified new ones.  Whenever ACA repeal actually occurs, an employer who has set up a QSEHRA program should be able to easily convert it to a pre-ACA HRA, as the requirements for the former are more restrictive than for the latter.

 

FLSA Issues That All Agencies Should Be Aware Of

It has been over a week since a federal District Court Judge issued an injunction staying the implementation of the new overtime rule (click here for more information on the injunction), and it does not appear that the U.S. Department of Labor is going to try to have the injunction overturned on appeal, at least anytime soon.  So employers will not have to comply with the new overtime rule that was set to go into effect tomorrow, December 1.  However, that only relieves employers from having to pay their employees who they want to treat as exempt from the overtime pay requirements of the Fair Labor Standards Act (“FLSA”) under the administrative, executive, or professional exemptions a minimum salary of $913 a week, or $47,476 a year.  Employers will still have to pay their employees overtime for any hours they work in excess of 40 in any one work week, unless they qualify for one of the exemptions referred to above or another exemption. (Click here for a post that discusses those exemptions and others as they may apply to employees of insurance agencies.)

In determining whether the 40 hour threshold has been exceeded in any one work week, agency owners need to be aware of what is work time that must be included in making that determination.  The FLSA does not require an employer to give an employee any time off during the workday for any reason, even to eat.  It only requires that an employee be paid at least the minimum wage for all the time they are working and overtime pay if they work more than 40 hours in any one work week.  If an employer decides to give its employees a break from work, that break must be at least 30 minutes long and the employee must not be required to do any work during the break period before that time can be excluded from work time for which the employee must be paid.  With respect to breaks given so an employee may eat a meal, what this means is that an employee must not be on call or perform any other work related duties during the break.  If they do, they must be paid for that time, too.

For agency employees who are licensed or have another certification that they must have to perform their duties, any time taken by such an employee for the purpose of attending a class, a webinar, or any other event to obtain or keep their license or other certification is considered work time for which they must be paid.  The same thing is true for any class or other event an employee attends at the request of the agency.  If the agency owner does not want to have to pay overtime to a nonexempt employee in this situation, any such class or other event should be attended during the employee’s normal working hours.

If an employee attends such a class or other event outside of their normal working hours, the agency owner must also be aware of the FLSA’s rules regarding payment for time spent traveling by employees.  These rules are complex, but a good explanation of the basics, as well as other situations that may require payment, can be found here.

While the pressure is off for now on compliance with the new overtime rule, the existing rules still apply and can create problems for an agency that is not aware of what those rules require.

Court Stays Implementation of New Overtime Rule

Yesterday, a judge on the U.S. District Court for the Eastern District of Texas entered a preliminary injunction staying the enforcement of the new overtime rule that was to take effect on December 1, 2016. (Click here for an explanation of the rule.)  The judge found that rule to be unlawful because it imposed a minimum salary requirement for employees who would otherwise qualify as exempt under the administrative, executive, and professional duties exemptions from the overtime pay requirements of the Fair Labor Standards Act (“FLSA”).  Apparently, in the judge’s opinion only Congress can impose such a salary requirement.  However, a minimum salary requirement has been a part of the requirements for employees to qualify for those exemptions for many years, so it’s anybody’s guess what the final outcome will be.  

For now, employers do not have to worry about satisfying the new minimum salary requirement for an employee to be exempt from the overtime pay requirements of the FLSA under the above three exemptions.  However, that could change upon an appeal to the U.S. 5th Circuit Court of Appeals, which could be made before December 1.  So stay tuned for further developments.

In the meantime, remember that an agency’s producers and other employees will have to be paid overtime for any hours they work in excess of 40 in any one workweek, unless they qualify for one of the exemptions referred to above or another exemption. That fact is not affected by this court ruling, (Click here for a post that discusses those exemptions and others as they may apply to employees of insurance agencies.)

BEST WISHES FOR A SAFE AND ENJOYABLE THANKSGIVING HOLIDAY.

IIAG Fall Conference – What You Missed

IIAG had its annual Fall Conference a couple of weeks ago.  This year it was held at a conference center in Augusta that was adjacent to Riverwalk Augusta, which is a beautiful park that runs next to, and in some places along the top of, the levee that separates downtown Augusta from the Savannah River.  If you have not already done it, I highly recommend a walk through the park and along the river.

While at the conference, I was able to attend three informative presentations on E&O loss control, processes and technologies that can help an agency or agent grow their business, and how to transform an agency into an exceptional customer service provider.  The part of the E&O presentation I attended focused on how to properly document interactions with customers.  The three C’s of all documentation are that it be clear, concise, and consistent.  It is also important that it contain only the facts of what happened and when and who was involved.  It should not contain any opinions, especially on the validity of a customer’s claim or whether the proper coverage was in place.  If there is a possibility that an E&O claim may be made, set up a separate file for all information related to the defense of such a claim.  The speaker favored electronic documentation over paper, but recommended against communicating with the customer using social media or texts due to the difficulty in capturing and storing such communications in the agency’s management system.  Such documentation should include reminders upon the first issuance and every renewal that the customer read their policy to make sure it provides the coverage they want and include disclaimers about possible coverage limitations, e.g., policy does not cover flood damage.  Should use proposals to highlight all such limitations.

The part of the agency growth presentation I attended focused on how to select a target market and common mistakes in doing so.  The first thing an agency or agent should do is review the products available from the companies by which they are appointed.  This will give them a good idea of what their target market should be, as it would be a waste of time to go after a particular type of customer if they could not satisfy all the coverage needs of such a customer.  Once a target market is chosen, be careful not to waste time on potential customers who do not fit the profile in all important respects or the time to cultivate whom will not be worth the amount of commission that can realistically expect to receive.  Be persistent with the target market; one touch with a potential customer is not enough, but need to be creative in how they are touched.  Social media can be monitored for life or other important events involving customers or potential customers, which are then followed up with an appropriate card containing a handwritten note.  Can also use social media to highlight customers by reporting on any newsworthy events involving them or for commercial customers describe and recommend the services they offer.  The mantra for an agency or agent should be “And Then Some.”  Always strive to do what’s expected “And Then Some.”

The most interesting piece of information I learned at the exceptional customer service   presentation was that underwriters grade the agencies and agents with whom they work.  This is usually done on a quarterly basis and will govern the level of service and cooperation with handling unusual risks provided to an agency or agent in the future.  The speaker recommended asking the underwriters about the grade given and how it can be improved.  One sure way to do so is to treat underwriters and other company representatives as if they were customers.

 

Cyber Security Coverage Gaps

My last post pointed out the need to carefully review a potential insured’s exposures to data breaches and then make sure that the policy chosen adequately covers those exposures.  The latter task is made more difficult by the lack of standardized cyber liability policies.  Each company has their own form for such policies and as the agent in the P.F. Chang case discussed in my last post found out, the wording of an exclusion clause can be critical.

Carefully reviewing the language of every company’s cyber insurance policies can be very time-consuming and sleep inducing.  Fortunately, someone has already done this.  Betterley Risk Consultants has recently published a reportthat explores in detail the  coverages available for 10 different types of exposures associated with data breaches.  Who provides coverage for regulatory and statutory claims, remediation costs, security assessment requirements, theft, third party liability, terrorism, and even bodily injury and property damage, along with other types of exposures, is discussed.  The executive summary for the report is available online.  If you are interested in getting detailed information about coverages, that can be obtained for a reasonable price from the International Risk Management Institute’s website.

One important trap for the unwary that was not discussed in my last post, but should be mentioned, is the exclusion found in many policies for the failure to maintain security standards.  As the Betterley report points out, this exclusion is very harsh on an insured who may be doing their best to meet the standards established when the policy was written, but for whatever reason are unable to do so.  Such a failure, event though having met the standards would not have prevented the data breach in question, can result in the denial of any coverage.  Policies with this exclusion should be avoided, if possible.

Another coverage trap for the unwary involves what has come to be known as “whaling”, or social engineering (the Betterley Report prefers to call this type of illegal activity deceptive funds transfer, which is not as colorful but more descriptive of what happens).  It involves the use of e-mails that appear to be from officers or employees of a company, but are really from hackers.  The hackers use the names and e-mail addresses of these officers or employees to request the transfer of funds by the company to an account set up by the hackers.  Millions of dollars have been lost by companies who have been the subject of these attacks.  Many of those companies have discovered to their dismay that they have no insurance coverage for such fraudulently induced transfers because the standard theft coverage in their insurance policies does not cover funds that are voluntarily transferred by the company, as opposed to being taken from the company by third parties.

In keeping with my theme of cyber liability being a two-edged sword for insurance agencies and agents, they and other small businesses should not assume that “whaling” only occurs at big companies and for large amounts of money.  As noted by Steve Anderson in post he did on this subject, “whaling” has happened to insurance agencies for relatively small amounts of money.  Mr. Anderson’s post also has some advice on what agencies can do to protect themselves from this type of attack.

Cyber Security Insurance – Traps for the Unwary

It has been awhile since I last posted anything about cyber security, but it continues to be a very hot topic in the various insurance related newsletters that I receive.  As I noted in my first two posts of this year, cyber security is a two-edged sword for insurance agencies.  While they need to protect themselves from data breaches and their consequences, that same need of other businesses presents a selling opportunity for agencies.  With that selling opportunity come risks that are not present in more established lines of business due to the lack of standardized language for cyber security insurance policies.

A recent federal court case in Arizona involving the restaurant chain P.F. Chang is a good example of those risks.  P.F. Chang suffered a data breach involving its customers’ credit card information.  Like most businesses, P.F. Chang used a third-party payment service to process its credit card transactions.  Its agreement with that service required it to indemnify the service for any claims that may be made against it by the issuers of the credit cards for which payment services were provided.  Those issuers did make claims against the payment service as a result of P.F. Chang’s data breach in the amount of $1.9 million and when the payment service looked to P.F. Chang to pay those claims, P.F. Chang found out it did not have insurance coverage for them under its cyber insurance policy with Federated Insurance.

Even though Federated had marketed its cyber insurance policy as “a flexible insurance solution designed by cyber risk experts to address the full breadth of risks associated with doing business in today’s technology-dependent world” that “[c]overs direct loss, legal liability, and consequential loss resulting from cyber security breaches”, its coverage only applied to claims made by persons whose information had been taken and it excluded liability for any claims made as a result of P.F. Chang’s contractual assumption of liability. It did not include payment card industry coverage, which would have protected P.F. Chang in this situation.  It’s not hard to imagine the conversation that took place between P.F. Chang and its insurance agent when P.F. Chang lost its court case against Federated. Hopefully, that agent properly documented his or her discussions with P.F. Chang about the types of cyber coverage it wanted.  Even so, that agent will likely never sell another insurance policy to P.F. Chang.

To avoid being put in the situation of P.F. Chang’s insurance agent, it is essential that an agent find out all the possible exposures of their customers to a data breach.  A recent post on Property Casualty 360 discusses the five essential coverages that every cyber insurance policy should have.  Depending on the size and business activities of a particular customer, coverage for public relations expenses may not be necessary in every case, but the other four coverages should be a part of every cyber insurance policy sold.  Forensics and legal expenses are necessary to determine the scope of any breach and what legal responsibilities are created by it.  Those responsibilities will typically include notification of the affected customers and possibly, the provision of credit monitoring services.  Business interruption coverage will help the customer overcome the inevitable loss of income that will occur as the customer focuses on dealing with the consequences of the data breach and with the rise of ransom ware attacks this year, every business should have protection against having to pay a hacker to unlock their data that has been encrypted by malware.

Of course, every business that accepts credit cards as payment for their goods or services will need the payment card industry coverage that P.F. Chang lacked.  That includes insurance agencies, all of whom should be checking their cyber insurance policies to be sure they have such protection.

IIAG Annual Convention – What You Missed

The Independent Insurance Agents of Georgia held its 119th Annual Meeting a couple of weeks ago at the beautiful Amelia Island Resort.  I had the most fun at the annual corn hole tournament held by the Young Agents Committee on the beach, and I learned the most at the presentation by John Immordino on Cyber Liability.  His presentation focused on both the challenge to agents and agencies of protecting their customer and business information and the opportunity presented by the need of every other business, small and large, in the U.S. and the world to do the same.

With respect to the challenge, Mr. Immordino made the point that, contrary to common belief, hacking is not the greatest risk a business faces when trying to protect its confidential customer and business information.  More such information is taken or lost due to the negligent or intentional acts of employees and other insiders than from attacks by hackers on a business’ computer system.  Mr. Immordino said his personal information had been improperly used four times and in only one instance was it due to the actions of a hacker.  The other three times involved current and former employees of his business who had obtained his personal information, along with other confidential business information, from the business’ computer system.

While it is important to protect your agency’s computer system from outside attack, it is just as, if not more, important to train your employees on the proper procedures to follow when dealing with confidential customer or business information and to keep reminding them of those procedures at regular intervals.  It is also a good idea to encrypt the data on any smartphones, laptop computers, or tablets that are supplied to an agency’s employees for their business use and to include remote data wiping software on any such devices if they are lost or stolen.  It is possible to install such software on any such devices that belong to the agency’s employees and limit the data wiped by it to just business related information.

Employee training should include how to recognize phishing, spear phishing (bogus e-mail comes from what appears to be a familiar source), and social engineering (hacker has taken over a valid e-mail address of company employee or customer and uses it to request the transfer of money to bogus account) and what to do if they suspect an email or other communication they have received is not genuine.  It is especially important to be vigilant for social engineering attempts because the voluntary payment of money in response to such a scheme is not a covered event under standard crime or cyber liability policies.  A fact that an agent can use when discussing the need for the various types of insurance coverage required to protect a business from loss due to data breaches.

Another fact mentioned by Mr. Immordino that can be used to convince a reluctant business owner that cyber and other related insurance coverage is needed is that 60% of small businesses that have a data breach go out of business within six months.  This is mostly due to the costs of dealing with such a breach, which average $217 a record according to a recent study by the Ponemon Institute.  Over one-third of this amount, $74 a record, is for hard costs incurred in detecting the breach, determining the number of the records affected, complying with the applicable notification requirements (which vary by state), and dealing with any claims made by the persons affected.  Insurance policies are available that will cover all these hard costs and will provide the help needed to deal with the various aspects of a data breach.  In many instances, the existence of such coverage is the difference between life and death for the small business affected.

There was a lot of other valuable information in Mr. Immordino’s presentation.  If any of my readers would like a copy of it, please contact me at mburnette@decatur-law.com and I will send it to you.

Avoid, Deny, Defend – What is it?

Avoid, Deny, Defend is a program developed by the ALERRT Center at Texas State University for training people about what to do if they are involved in an active shooter incident (an individual is actively engaged in trying to kill other people).  According to an FBI study of such incidents, there were 160 from 2000 through 2013 and the rate at which they occurred steadily increased during that time period.  Recent events indicate that rise in the rate is still occurring.  The fact that slightly less than half of all such incidents took place in a commercial setting should be of concern to all business owners, including agency owners.  The “it can’t happen here” belief is refuted by the fact that such incidents occurred in 40 states and the District of Columbia during the study period.

That belief leaves most people unprepared when an active shooting occurs and leads to an increase in the death toll.  The Avoid, Deny, Defend program seeks to inform people what they should do in such situations to protect themselves.  As with many such programs, it seems to be mostly common sense when you think about it.  First, you should AVOID the shooter by seeking to get away from his or her location.  This requires a person to be aware of their surroundings and in particular, where the exits are.  If you can’t get away from the shooter’s location, DENY him or her an opportunity to shoot you by putting as many barriers (e.g., closed and preferably locked and barricaded doors) between you and the shooter as possible, turning off the lights, hiding from sight behind whatever large object (e.g., desk) you can find, and turning off your smart phone.  Only if you can’t avoid the shooter or deny him or her an opportunity to shoot you should you DEFEND.  In doing so, be aggressive and don’t fight fair.  This is about survival, so there are no rules.

The ALERRT Center website has a video that demonstrates the principles of the Avoid, Deny, Defend program.  The FBI website also has a video on this subject that can be downloaded.  It’s title is more direct, “Run, Hide, Fight.”  The Department of Homeland Security has an extensive resource page on this subject, that includes links to an online course for managers and employees and a 90 minute webinar on how to prepare for and respond to an active shooter situation.

Like life insurance or in my profession, Wills, this is a subject most people don’t want to think about, much less discuss.  While those two things are important, the failure to take action with respect to them is not life threatening.  Not knowing what to do if confronted with an active shooter situation can be fatal.  Offering information on this subject to your commercial lines customers can be another way to distinguish yourself from other agents and agencies.  It can be part of your discussion with such customers about their business risks and how best to insure and otherwise protect against them.  If done in partnership with your local police department or even on your own, a presentation on this subject can put you in front of potential new customers, for both commercial and personal lines policies.