Credit Insurance- Protect Your A/R
These days, many companies are faced with numerous risks such as cyber security threats, government investigations, scandals, onerous litigation, etc. These threats and others of course pose a great risk to the long term viability of a company. Manufacturing companies as well as distributors face the added burden of dealers and retailers declaring insolvency or refusing to pay their debts as they become due for a number of reasons. Fortunately, commercial credit risk insurance, sometimes called “trade” credit risk insurance, can help a company protect its account receivables (A/R) from unexpected losses due to nonpayment or slow payment by the company’s buyers or debtors. It usually covers nonpayment because of a buyer’s insolvency but may also cover nonpayment due to political events that hinder payment or distributors on credit. A/R is the money owed to a company by its customer for products and services sold on credit. Normally, a sale is only treated as an account receivable after the customer has been invoiced for the product or service.
Depending on the industry and size of the company, it may or may not sell many or all of its products via credit. The risk, therefore, of nonpayment or slow payment (90 or 180 days after invoice, etc.) can be quite serious and expose the company to a potential crisis if the A/R is not paid. This is a major concern for any company selling product on credit.
In fact, on a number of occasions, I had to deal with bankruptcy issues because dealers and retailers of the company I worked for declared bankruptcy. Because we had a sound risk management program in place, one that also had credit insurance, we were not exposed to the extent of other creditors that had failed to obtain credit insurance. So even though the company I worked for was one of the major unsecured creditors, it exposure was primarily the deductible it had to pay as part of the insurance coverage.
Credit risk insurance normally covers two kinds of risk: commercial risk and political risk.
Commercial risk
Note: Credit risk insurance will not usually cover nonpayment due to contractual or legal disputes between the company and customer.
Benefits of Credit Insurance
There are numerous benefits for using credit insurance, if applicable. The most obvious benefits are:
Transfer or mitigation of risk. Credit insurance assures a company that its A/R will be paid if one of its customers declares bankruptcy or is unable to pay. This is subject to the terms and conditions of the insurance policy.
When a company initially sets up its risk management processes it should pay attention to credit insurance or trade insurance if that insurance is available in its industry and for the products its sells. It is another way of transferring risk when debtors are unable to pay outstanding A/R. Remember, insurance is a way of transferring risk. Use it.
When managing risk consider insurance
Though most people don’t consider how risky everyday life can be, most companies and organizations understand that risk exists around every corner. The trouble is that some companies still do not take adequate steps to properly manage risk. Consider the recent incident of the executive who died via a treadmill accident when he hit his head. Though the accident was a freak accident- nonetheless it happened. If you drill down a little closer, you will find out that fatalities related to exercise and sports are not that uncommon. Perhaps they are more common than we would like to believe. Everyday life, whether business related or not, carries a certain amount of risk. Though companies may use insurance to manage risk, the problem arises when the insurance program in place doesn’t really address the potential risks the company faces. That is the problem many companies dont realize until it is too late- say after that catastrophe that wiped out the stock or assets of the company.
It should be noted that companies use insurance as a risk mitigation or transfer tool and that they manage insurance programs differently than the average consumer. However, when developing a risk assessment of insurance considerations, data is extremely important when considering a probability or a risk-related event. The collection of relevant data will determine what kind of insurance policies can be obtained, the price, and even the availability of certain insurance programs. How far back a company can go historically to obtain data determines the potential risks a company faces and, therefore, what insurance program and insurance provider is available as well as the costs involved.
When looking at risk insurance programs, the first question that should be asked by the company is whether it has accurate data. Does it have a good risk management information system in place? If not, does its insurance broker or provider have one? Or maybe the insurance broker or provider can help develop one.
Accurate data leads to the right risk management strategy and the right insurance program. Lack of data makes it harder to have an accurate picture as to the risks involved and, therefore, harder to develop the appropriate insurance strategy and program. It is necessary to obtain accurate historical data if at all possible.
The main reason that companies make extensive use of insurance coverage is to diversify and shift risk through use of business-related insurance. Insurance, if properly used and maintained can be a major risk management tool.
A major issue facing companies when trying to insure legal risk is the insurability of the risk. In essence, the cost of insuring the risk may be too great to justify the particular form of risk insurance. So when a risk assessment identifies a business risk, not only does the company need to determine if insurance coverage exists to cover the risk, but whether the cost of such insurance justifies its acquisition. Many manufacturing companies will not purchase product recall insurance or similar insurance because of its expense. Some manufacturing companies or organizations will not even purchase credit insurance because of its expense. Therefore, a company or corporation must pay attention to costs and consider methods to reduce the cost of insurance.
Questions you should ask yourself when considering insurance:
As with anything, asking the right questions is half of the battle.
A number of countries have enacted strict policies when it comes to the protection of personal data as well as private data. Such policies, though onerous, are supposed to provide a level of protection to society in general as well as instill confidence in a country’s marketplace and commercial sector. South Korea enacted what was supposed to be far reaching data privacy ( more stringent than the US) similar to the EU which should have , if properly followed, prevented the data leakage of 15 million credit card users’ personal data last year. The fact it did not, emphasizes the risks an organization faces in collecting, managing or using personal data.
Recently, in response to the credit card scandal of 2014 in which 3 major credit card companies faced a massive data breach, Korean data privacy laws as well as its regulations and guidelines have all been tightened in an attempt to prevent a reoccurrence of such a scandal. There will always be a risk of unauthorized access to data unless companies and governmental agencies implement and continuously update risk management processes in dealing with the protection of personal data. Whether Korea's new laws and regulations will be sucessful in stemming the tide of cyber security issues and data privacy breaches remains to be seen.
There is no doubt about it-cyber security is a major issue around the world. Cyber security concerns have insurance companies scrambling to create and offer cyber security products for multinationals and companies doing business internationally. In the public space, some countries are taking action through a comprehensive set of laws designed to protect data privacy and some are not.
Besides amending the Act on Promotion of Information and Communication Network Utilization And Information Protection ( “ICNA”) , the Korean Government has amended a number of laws and regulations including the standards governing the regulatory standards that control service providers that process personal information as well as creating guidelines for processing big data that contains personal information. A few of the more important changes are listed and/or summarized below.
STANDARDS OF PERSONAL INFORMATION SECURITY MEASURES
To prevent data breach incidents such as the massive data breach of the three major credit card companies that occurred in January 2014 , the Korean Ministry of Government Administration and Home Affairs (the “MGAHA”) announced the amended version of the “Standards of Personal Information Security Measures” (the “Standards”), which took effect on December 30, 2014. The Standards apply to all data handlers such as public institutions, companies, and organizations who process personal information and cover the management of personal information as well as the establishment of personal information protection policies.. The recent amendments by the MGAHA were implemented to address certain loopholes in and inadequacies of the previous Standards in light of the developments in the IT industry. The key points of the amended Standards include:
Due to the Credit Card Company Data Breach, the MGAHA added a number of safeguards to the Standards and also stipulated new security measures for mobile devices.
More specifically, the Standards contain a new provision that requires data handlers to specify information on the management/supervision of Outsourced Providers in their internal administrative plans if the processing of personal information is outsourced to the Outsourced Provider. Although this principle was emphasized in the Personal Information Protection Act, it was not explicitly stated in the previous version of the Standards. However, due to the significance of the matter, the MGAHA is presumed to have included it in the Standards amended this time around.
This section on access control has seen the most change, with some of the major provisions summarized below:
As evidenced by the Credit Card Company Data Breach and other recent data breaches, the risk of misuse/abuse and leakage of personal information has increased greatly as more and more data handlers outsource the processing of personal information but fail to oversee the Outsourced Providers’ compliance with data protection laws and regulations. There is now a stricter obligation for data handlers to manage Outsourced Providers.
In light of the fact that it is now becoming more and more common for people to conduct business on their mobile devices, the Standards were amended to include “mobile devices” and therefore data handlers who intend to process personal information with a mobile device will need to confirm that the mobile devices of their employees and officers satisfy the security requirements for mobile devices set forth in the Standards.
There are other major changes in Korean data privacy laws, regulations and financial control laws as well that help tighten up the use and protection of data. Those will be a topic for another day.
South Korea and Corruption- A Renewed Focus On Corporate Compliance
Currently, Park Guen Hye’s administration is caught up in a potential bribery scandal involving alleged pay outs to several of President Park’s top aides as well as other politicians connected with the ruling party. (more…)
Recently, Korea’s government has been racked by a corruption scandal that has resulted in the resignation of Prime Minister Lee Wan-Koo. The scandal threatens to engulf Park Geun Hye’s administration and may result in an early application of Korea’s new anti-graft law resulting in prison sentences for some government officials. No one wants to be implicated in scandals involving graft or corruption of government officials including corporations. (more…)
One mistake many companies make with regards to crisis management is the failure of adequately implementing existing risk management protocols and processes. Many crisis are in fact preventable or foreseeable and could be avoided had adequate risk management procedures been implemented and followed. (more…)
