About ASEAN Reinsurance Programme (ARP) The ASEAN Reinsurance Programme (ARP) aims to enhance reinsurance education and talent development in the region. It is an initiative under the ASEAN Insurance Education Committee and the ASEAN Reinsurance Working Committee and managed by the Insurance Institute of the Asia-Pacific (IIAP) in collaboration with the Singapore College of Insurance (SCI), the Malaysian Insurance Institute (MII), the Thailand Insurance Institute (TII) and the Dewan Asuransi Indonesia (DAI). The ARP is a first of its kind, multi-pronged holistic talent and professional development initiative that combines technical training programmes with internships in time to come. The Programme is slated for February 2021 kicking off with a 2-hour webinar organized by the IIAP, focusing on reinsurance developments in the ASEAN marketplace. Participants who are interested in the technical training programmes will be encouraged to go through a Reinsurance Primer course and assessment, sponsored by SCI. This Primer covers the basic concepts of reinsurance. Participants can register for the various technical training programmes on a stand-alone basis. For a start, only one intake will be offered in 2021 and we will limit the number of participants to no more than 30 per class. Participants are expected to have a minimum of three years of experience in reinsurance.

About a third of the employees of a regional bank have returned to working onsite, and the president holds a weekly all-staff town hall meeting by videoconference. Employees are encouraged to submit anonymous questions for him or other senior leaders to answer. For the past six weeks, an increasing number of people have asked, “How do we know if the people who are still working from home are actually working?” Some employees have even suggested specific technology-based monitoring approaches to track remote workers’ onscreen time and activities. Each week, the president assures his employees that the business is on track and that measures of productivity (like the number of loans taken out) are above expectations. “But it’s exasperating,” he said. “No matter how much I try to convince them or even use numbers and other kinds of evidence, it’s not sinking in. You’d think that if I can trust people, surely they can trust each other, right? But no.” The crisis of trust this bank is facing is increasingly common as the strains of remote working wear down company culture and people’s goodwill. Early in the pandemic, stories of organizational heroics — like companies repurposing laptops en masse overnight to equip employees’ homes — abounded. And for a while, people gave each other the benefit of the doubt and didn’t mind making compromises like allowing the occasional deadline to slip so that people could take care of homeschooling or other new demands. Over the past eight months, we’ve worked with and researched dozens of companies that are wrestling with this challenge in settings as varied as professional services, oil and gas, finance and insurance, healthcare, telecommunications, automotive, and tech. In each of them, we’ve seen a shift from the positive, “We’ve figured out this virtual work thing!” sentiments to the recognition that trust in their organizations — in individuals, relationships, and the organization — is fundamentally at risk. Increased reports of electronic monitoring also suggest that executives’ confidence in having figured it out is starting to ebb. For example, Hubstaff, a provider of time-tracking tools for remote work, reported a four-fold increase in its UK customers since February of 2020, and Sneek, whose technology takes webcam pictures of employees on a regular interval and shares them with colleagues, reported a five-fold increase. It’s critical that company leaders work to rebuild and maintain trusting relationships — with and among their employees. Those that don’t risk far more than lower morale. The chances of increased attrition, lower productivity, and stalled innovation also loom large when trust plummets. Why the Crisis of Trust Now? Companies have experimented with work-from-home policies for years, so what’s new now? First, remote work is now widespread. Companies previously allowed select employees to work from home, either because those specific employees were highly trusted or because their work allowed managers to measure their output and hold them accountable. Now everyone is at home, regardless of past performance level or job. Second, when stay-at-home mandates hit around the globe, people were involuntarily thrust into remote work — often without the equipment, training, or desire to do it. Whereas before, employees may have opted to work remotely, many are now struggling to focus at home thanks to increased familial responsibilities or because other members of their household are also working from home. Third, uncertainty about the economy and job stability breeds anxiety, which tends to prompt a go-it-alone mode of working among employees and a general wariness of others. Finally, employees’ WFH challenges (including technology failures, shifting work norms, and conflicts between work and home responsibilities) make it more likely that they’ll fail to deliver on perceived obligations, leading to a further erosion of trust. Critically, though, the factors reducing this ability to trust are not limited only to the effects of Covid-19, but are tied to ongoing trends in the way we design our work and organizations. Leaders need to address the underlying issues in order to build a sustainable model of trust. A Loss of Information Undermines Trust Predictability is the foundation of trust. We’re willing to be vulnerable — to expose ourselves to potential risk — when we have reason to believe that someone will not take advantage of us or disappoint us. This comes only when we think we can anticipate how others will behave. One of us, Heidi K. Gardner, researched more than 3,000 senior knowledge workers and identified two distinct kinds of trust that are essential for people to work together effectively. First, they need to believe that others will deliver and that the work will be high quality (competence trust). Second, they need to believe that others have good intentions and high integrity (interpersonal trust). To trust colleagues in both of these ways, people need clear and easily discernible signals about them — what they’re doing (actions), why they’re doing it (motivations), and whether they’ll continue to do it (reliability). Over the past two decades, the moves toward remote working and dynamically shifting teams has made this information harder to come by. Less face-to-face time means that we have less opportunity to observe, for example, that a teammate consistently brings along prepared notes and diagrams to enhance the conversation. We also have fewer shared sidebar conversations that build rapport and interpersonal trust, and we lack situational cues — like the leftover pizza boxes as evidence colleagues pulled an all-nighter — to understand others’ efforts and outputs. This makes it difficult to establish trust in others because we don’t have the data we need to know what they’ll do. It also eliminates the steady stream of reinforcing information that helps us maintain existing trust. The isolation of remote working may be tied to lower trust for another reason: we unconsciously interpret a lack of physical contact as a signal of untrustworthiness. In virtual work misunderstandings and miscommunications abound. We therefore face a perfect storm of less information on which to establish trust, less reinforcing information to maintain it, and more “trust infractions” to break it. Once trust is lost, it’s very hard to regain. There are a few steps leaders should take — and one they shouldn’t — to bring trust back to theirs and their employees’ relationships. Monitoring Is Not the Answer An increasingly common approach to dealing with decreased trust is to counter it with increased monitoring. Whether done through technology (for example, keystroke capture) or process (for example, daily check-ins), monitoring is usually counterproductive. First, it never works. Any manager who thinks they can know everything their remote employees are doing is fooling themselves; there will always be gaps in any monitoring process. Second, people perform to the measure, not to the objective. It doesn’t take much to figure out how to get around the measures themselves, and employees often put more effort into working around them than into just doing the work. Third, monitoring isn’t just ineffective — it actually makes the problem worse. One survey found that 49% of employees subject to stringent monitoring reported severe anxiety, compared to only 7% of those subject to low levels of monitoring. Monitoring can also increase burnout and employee dissatisfaction and undermine firm morale. There are few stronger signals that you don’t trust someone than putting them under surveillance. Understanding the Science of Trust Monitoring fails because it tries to solve the wrong part of the trust equation — it’s about managers trying to eliminate the space for vulnerability. The better approach is to leave the space alone, but reduce the likelihood that someone will take advantage of it (and you). This doesn’t mean trusting blindly, but rather relying on the science of trust to build it in the least risky way possible. Recognize and leverage reciprocal trust. So often, when we talk about trust, we focus on how we develop it in other people. This misses the fact that trust is bi-directional and reciprocal — research shows that the more you trust someone and act accordingly, the more likely they are to trust you in return. Importantly, these do not operate independently. This means that in order to increase trust within your network, you need to shift your focus to signaling your own trustworthiness. Increasing others’ trust in you reduces uncertainty by creating a more stable and certain environment. Thinking in more Machiavellian terms, it also provides reciprocal leverage — the more trust they place in you, the less likely they will be to betray your trust (think mutually assured destruction as the underpinning of the entire Cold War). This is not setting yourself up to be taken advantage of; this is a strategic move that de-risks trust-building. And remember that which signals you send is one of the few things you do have control over. Build a trust staircase. Across substantial research on change (behavior change, culture change, you name it), one message comes through clearly: The best way to create lasting change is through repeated, small, reinforcing steps. Building trust is no exception — it requires evidence and reinforcement. Another way to increase the trust others place in you is to audition for it by finding opportunities to work together on a low-risk task, which gives you a chance to demonstrate your competence and integrity. For example, offer to jointly organize a lunch-and-learn series, where people (not just you!) can showcase their abilities. Look for situations that require minimal investments and for which the opportunity and failure costs are low. Demonstrate your own trustworthiness within that context and then, over time, build up to larger and more significant demonstrations to reinforce the trust you’re establishing. Engage in status-quo communication. Leaders know how important it is to communicate when things change. However, now, as things are in a constant state of flux, leaders also need to communicate about things that aren’t changing. Given that trust depends so heavily on predictability, leaders must recognize the critical importance of helping employees understand what they can count on. Doing so reduces uncertainty and creates a needed sense of stability. Assume one-size-fits-none trusting. Trust building, maintenance, and recovery work differently for different types of people, who fall into two broad categories: automatic trusters and evidence-based trusters. Automatic trusters approach a new relationship with at least some level of trust as the default, initially trusting the other party unless something happens to break that trust. This isn’t blind trust, but rather an inclination to give the benefit of the doubt. They’re minimally affected by fewer trust-building cues, and trust infractions trigger a challenge to their self-image, provoking a more severe and long-lasting backlash. Evidence-based trusters approach a new relationship with distrust as the default, not exposing themselves to risk until the other party has proven their trustworthiness. The lack of evidence characteristic of remote work makes it significantly more difficult to establish trust in virtual environments. Once trust is established (based on accumulated evidence), only major infractions are likely to significantly counter or undo that evidence. A critical first step is to not assume that others build trust as you do. With that in mind, you must do the homework required to know both your own and your counterpart’s approaches to trusting and put in the effort to adapt accordingly. If you’re an automatic truster and your counterpart is more evidence-based, you need to slow down your expectations and focus on providing that person with ongoing, repeated evidence of your predictability and trustworthiness. If you’re building the evidence for your trust case and your counterpart is trusting you on arrival, it’s critical that you keep an eye out for your own behaviors that may signal an infraction for them. Widespread remote work is likely to stick around for a while yet. Company leaders who want to maintain morale and avoid negative outcomes like increased attrition must take steps to establish (or reestablish) trust among their employees. By Mark Mortensen and Heidi K. Gardner Link to original post: https://hbr.org/2021/02/wfh-is-corroding-our-trust-in-each-other

Insurance companies looking for easy solutions to their cyber security concerns will only be frustrated and end up spending more in the long run. This was the message of an Israeli cyber security expert to the members of the Philippine Insurers and Reinsurers Association (PIRA) in a recent webinar entitled "Closing The Gap -- Cyber Security and the Insurance Industry." Mr. Alex Peleg, an award-winning "ethical hacker" and CEO of Cynergy, a cyber security firm based in Tel Aviv, said every company has unique "crown jewels" and vulnerabilities which must be assessed properly to be able to come up with the right cyber security solution. "There is no plug-and-play security solution that will solve all your problems," he said. "We do an an audit of your company like going into your house, We go from room to room. We look at the identities that you need to manage. Identities are like the keys to your house. You don't want to leave them lying around." Mr. Peleg said identity theft is the most common form of cyber security breaches in companies they have worked with. However, being most common does not mean that companies already know what to do when such breaches happen. On the contrary, companies, time and again, often fail to prevent identity theft and usually discover the problem only when a major damage has already been done. "In order to protect the crown jewels in your company, you must plan ahead and prepare to spend. Most often, companies realize this only when they already suffered an attack. They realize that it happened because they lacked awareness and they failed to have the necessary controls. They under-focused on cyber security risks," he said, adding that, "If you would spend money, spend it wisely." Mr. Peleg noted, though, that companies that experience attacks emerge as much stronger and wiser. He cited major insurance companies in the United States and in Europe that suffered cyber attacks in various forms last year. Chubb Corporation, the 12th largest property and casualty insurer in the US, suffered a cyberattack in March 2020 that resulted in unauthorized access to data held by a third-party service provider. Though no official details were disclosed, security researchers believe Chubb was hit by a ransomware attack, which encrypts files and exfiltrates the data to the attackers’ servers where it is held for ransom. The attackers claimed to have data stolen from Chubb, including the names and email addresses of senior executives. About the same time as the Chubb attack came another on Pacific Specialty Insurance Company, an automotive and home insurance provider. It was a phishing attack that resulted in hackers gaining access to employees' and clients' email accounts, social security numbers, government-issued IDs, financial data, and health insurance information. In the Netherlands, an insurer suffered a breach after falling victim to the “CEO hack,” a phishing attack that impersonates a CEO. Employees of the insurance company received emails from a hacker pretending to be a CEO of a well-known commercial customer, requesting they transfer money into a compromised account. Mr. Peleg said these attacks are fast becoming commonplace in the industry. And he used the analogy of snowboarding in explaining how executives tend to deal with cyber security breaches. "It's like surfing on the Black Slope even though you are not completely aware of it. When an avalanche happens, first you experience a time of uncertainty and denial. You ask yourself, 'Is it really happening to us?' Only when the snow begins to pile up and your systems start collapsing and stop functioning, then it is only then that you realize that you are being attacked," he said. He gave the following advice for companies who might suddenly find themselves confronting a cyber attack: First is to contact your lawyer. This can be internal or a third party lawyer. You have to protect all the information that comes and goes to your cyber security team. Find out your legal exposure. There is a possibility that you will be sued and the regulator will go after you. Better be ready. Second is to deploy your Incident Response Team. Companies must have a cyber security Incident Response Team ready because a cyber attack may happen any day. Third is to review your cyber architecture and repair what needs to be repaired. And fourth is to not take one's head from the problem until the storm is over. "Even if it's over, don't think it's over. Recovery is a long journey up the hill," he said. Mr. Peleg stressed that every company must have an Incidence Response Plan for cyber security breaches. This is totally different from a disaster recovery plan. This must be drawn and put in place in advance and must involve the company's CEO, lawyers, marketing officers, and human resources (HR) heads. "Why do you need HR? You need them because most ransom notes we get come from disgruntled employees," he said. Ultimately, Mr. Peleg said the direct responsibility falls on the CEO and not on the company's cyber security team. "The CEO must know what to do and what to say if and when the breach happens," he said.

Thank you and best regards.

The country's non-life insurers are gearing up to make cyber security a priority in their journey to full digitalization. More than 200 executives from the Philippine Insurers and Reinsurers Association (PIRA) attended a two-day webinar on the topic, "Closing the Gap -- Cybersecurity and the Insurance Industry" organized by PIRA in partnership with the Insurance Institute for Asia and the Pacific (IIAP) and IPV Network, a local cyber security company with ties from global specialists in this field. Mr. Ramon Dimacali, former chairman of PIRA and former president of IIAP, said insurance companies have much catching up to do when it comes to cyber security. "The banking sector embraced cyber security much ahead of us," he said. "I have talked with presidents of insurance companies and their main concern is they do not understand it. Hence this webinar." Mr. Miguel Ramos, president of IPV Network, said he is honored to bring the best cybersecurity companies from other countries to the Philippines and offer their services to industries such as insurance. IPV Network particularly mentioned CyberInt, a world-cybersecurity company that offers cutting-edge cyber security solutions. As the head cyber consultant to the Bank of Israel, CyberInt is the only company of its kind that offers a holistic approach to protection beyond the perimeter. A senior cyber threat analyst of CyberInt based in the United Kingdom presented an intelligence report on the state of cyber threats in the Philippines. The analyst, who requested anonymity for security reasons, said insurance companies are the next best target of cyberattacks after healthcare and finance. "You are a slow-moving target," the cyber threat analyst said. "In recent months, insurance companies in the US have experienced major breaches in cyber security and we expect such incidents to become more frequent as more and more people transition their business online." Meanwhile, Mr. Ivan Ivan Jude Busgano, Product Marketing Manager of IPV Network, noted that most companies in the Philippines seldom take cybersecurity seriously. "They leave it completely to their IT department and they think it is just for compliance. Oftentimes, the Cyber Security Team is a one-man team. This has to change. You cannot protect what you don't know. You cannot manage what you don't understand," he said. Mr. Nir Greenberg, Senior Engineer of Illusive Networks, another Israeli company, talked about "Evaluating Risks and Implementing Controls," noted that companies are now more vulnerable because their employees are working from home. "Servers are now being accessed via computers from employees' homes. Your vulnerability increases as you consider that even your supply chain is being accessed by people outside of your company. You can't know for sure where the attack will come from," he said. Mr. Greenberg pointed out that 60 percent of attacks in companies that he has seen so far are internal. "This kind of attack is actually the most devastating because they involve people you know and trust," he said. He went on to explain that the usual insider attacks are perpetrated by disgruntled employees, or those who do not fit the organization's culture and refuse to be managed. And the work-from-home setup has made it easier for such employees to mount an attack on their company's systems. "When people are at home with their computer, no one is watching their back. Now they can do whatever they want," Greenberg said. How to Avoid Insider Attacks CyberInt offered the following tips to insurance companies to prevent insider attacks: 1. Assume that there can be serious insider threats inside your organization, not just elsewhere. 2. Do not assume that background checks will catch all insider threats. 3. Accept that we will not catch all red flags. 4. Consider that insider conspiracies are possible, i.e. multiple insiders conniving to achieve a joint goal. 5. Establish multi-layered protection measures. 6. Recognize the role of organizational culture and employee disgruntlement. 7. Assume that insiders know about your security policies and how to work around them. 8. Know that your established security protocols are sometimes bent. 9. Focus on non-malicious sources of insecurity as well as malicious. 10. Don't just focus on prevention, and strengthen mitigation steps as well IIAP President Ms. Herminia Jacinto stressed that the insurance industry does not have a choice but to confront the cyber security challenge in front of them. "We have to face up to the challenge. The problems are already here," she said. For more information, visit www.ipvnetwork.com.

About ASEAN Reinsurance Programme (ARP) The ASEAN Reinsurance Programme (ARP) aims to enhance reinsurance education and talent development in the region. It is an initiative under the ASEAN Insurance Education Committee and the ASEAN Reinsurance Working Committee and managed by the Insurance Institute of the Asia-Pacific (IIAP) in collaboration with the Singapore College of Insurance (SCI), the Malaysian Insurance Institute (MII), the Thailand Insurance Institute (TII) and the Dewan Asuransi Indonesia (DAI). The ARP is a first of its kind, multi-pronged holistic talent and professional development initiative that combines technical training programmes with internships in time to come. The Programme is slated for February 2021 kicking off with a 2-hour webinar organized by the IIAP, focusing on reinsurance developments in the ASEAN marketplace. Participants who are interested in the technical training programmes will be encouraged to go through a Reinsurance Primer course and assessment, sponsored by SCI. This Primer covers the basic concepts of reinsurance. Participants can register for the various technical training programmes on a stand-alone basis. For a start, only one intake will be offered in 2021 and we will limit the number of participants to no more than 30 per class. Participants are expected to have a minimum of three years of experience in reinsurance.

The Insurance Institute for Asia and the Pacific (IIAP) is officially launching this month (February) its ASEAN Reinsurance Programme (ARP) which aims to enhance the reinsurance education and talent development in the Southeast Asian Region. IIAP Executive Director Francis Papa announced that an Intermediate Level Webinar on ASEAN Reinsurance Market Developments will be held on February 19 starting 1:00 pm. This webinar will serve as the kickoff for the ARP which was jointly developed by the IIAP with the guidance of the ASEAN Insurance Education Committee and the ASEAN Reinsurance Working Committee and the help of the Singapore College of Insurance, the Malaysian Insurance Institute, the Thai Insurance Institute, and DAI Indonesia. "We are inviting insurance executives from all ASEAN countries to attend this webinar to get an overview of the reinsurance market, with special focus on our region. We will look at key parties in the market -- the broker, the reinsurer, the buyer, and even the regulator, and examine their respective roles and how they interact," he said. The resource speaker for the webinar is Mr. Gabriel Manoughian, founder and director of inuRE Reinsurance Training and Solutions, with 25 years of experience in client management, collaborative working, risk analysis, negotiation, product design, business production, and learning support. Among the things he will discuss are: · Examination of market dynamics to show how the reinsurance market works and its day-to-day operations. · Historical developments and how they have shaped the reinsurance industry. · Insights on market trends and what they mean to the ASEAN region. · Review and discussion of key challenges facing the market and how the region can better face these challenges. "We want to provide attendees with a rounded view of the reinsurance market and how it is evolving so they can understand how the market is relevant to their business," said Mr. Papa. Admission to the webinar will be limited to allow maximum interaction among participants. To reserve a slot, please contact the IIAP and look for Ms. Pao Laviña or Ms. AC Rodriguez at telephone numbers 8887-7444 to 46 or via email at education@iiap.com.ph. Registration fee is US$80.

Two insurance industry leaders were recently elected as new members of the Board of Trustees of the Philippine Insurers and Reinsurers Association (PIRA). ​ Ms. Generosa "Gigi" Pio de Roda and Mr. Daniel "Danny" C. Go are the two additions to the PIRA Board replacing Shankar Sinha and Andrew Dee Co who have served their terms of office. ​ Ms. Pio de Roda is the President and CEO of FPG Insurance and the former Chief Operating Officer of Philamlife. She is expected to contribute important insights in business operations transformation with focus on customer experience. She will serve as Trustee and Corporate Secretary of PIRA for this year. ​ Meanwhile, Mr. Go is the President and CEO of MAA General Assurance and former Vice President for Marketing of Prudential Guarantee. He is an authority in motor car insurance and once headed the Association of Insurance Claimsmen. He will serve PIRA both as Trustee and Deputy Chairman for 2021. ​ Mr. Allan R. Santos, President and CEO of National Reinsurance Corporation of the Philippines has been reelected Chairman for the third year and he expressed his gratitude to the PIRA members for their trust in his leadership. He exhorted the 58 member companies of the country's non-life insurance industry group to continue working together to weather the Covid-19 pandemic and the economic recession that the world is experiencing. ​ "We have proven time and again that we are indeed stronger and better when we work together," he said. ​ Other elected Trustees of PIRA for 2021 are Ms. Joli Co Wu, President, CEO and Chief Underwriting Officer of Paramount Life and General Insurance Corp. as Trustee and Treasurer; Mr. Alberto C. Santos, Jr., Business Director of BPI/MS Insurance Corporation; Ms. Eden R. Tesoro, Chief Underwriting Officer of Malayan Insurance Company; Mr. Edgardo D. Rosario, Senior Vice President of UCPB General Insurance Company; Mr. Armand M. Pesigan, Senior Vice President of Pioneer Insurance and Surety Corporation; Mr. Arturo B. Reyes, President and CEO of Sterling Insurance Company, Inc. as Trustees. ​ Retired banker Carmela Leticia "Carlet" A. Pama and former Ateneo Dean and now Ateneo Vice President Rodolfo "Rudy" P. Ang will again be serving PIRA as Independent Directors, while Mr. Michael "Mitch" F. Rellosa and Mr. Rogelio "Roger" J. Concepcion will again serve as Executive Director and General Manager of the Association, respectively. Ms. Generosa "Gigi" Pio de Roda Mr. Daniel "Danny" Go