CFOs whose finance and accounting functions are built on legacy computer systems got a stark reminder last week from the Colonial pipeline hacking of what’s at stake if their system is breached.
The hack to Colonial’s system led to widespread gas shortages throughout the East and reportedly forced the company to pay $5 million in ransomware to get the instructions for reclaiming its data.
“For finance departments, the cybersecurity risk is huge,” Samir Jaipati, a finance solutions leader with EY Americas, told CFO Dive in an email. “Something built on outdated technology won’t be able to keep hackers out.”
Security specialists generally agree legacy, on-premises systems starting from about 10 years ago typically have solid cybersecurity features built in, but those that are older might require significant upgrades if they’re going to stand a chance against today’s sophisticated hackers.
The risk for CFOs who must manage their processes on an outdated system is they’ll try to get by with short-term fixes that won’t solve the systemic problems they face.
“These temporary fixes aren’t as dependable and in the long-term may cost more,” said Kaipati.
For CFOs who don’t have the time or budget to implement the system overhaul they need or to transfer their processes to a more secure on-premises system or to a cloud-based system, the best step is to do a comprehensive review of their end-to-end finance processes to audit for consistency and reliability, said Steve Adams, Gartner finance director.
He suggested reviewing the organization’s record-to-report process from start to finish to understand where non-secure platforms are used, whether there are audit trails that don’t exist, and if exogenous data is incorporated. By eliminating these and other red flags, CFOs can go a significant way to clean up their processes and reduce risk without making system changes, Adams said.
CFOs taking this approach should first engage their IT business partner and ask for a full audit of the cybersecurity capabilities of the suite of financial applications and to use that review as a starting point to making improvements, he said.
Legacy systems pose a broader problem than just security risk; they can impede company growth because CFOs aren’t generating the data or producing the analytics that can help them identify ways to make more money or reduce costs in the same way they can get from sophisticated cloud-based solutions.
Nor can legacy systems be expected to be as good at integrating data throughout the organization in the same way as cloud systems.
For CFOs who can do it, switching from an old on-premises system to the cloud can be a game-changer, said Manish Sharma, an Accenture operations group executive.
“CFOs that are agile and able to overcome these restrictions by scaling digital and cloud-powered technologies have been able to break down data silos and siloed ways of working to support the ever-evolving business strategy with speed and flexibility,” he said.
The importance of using up-to-date IT was emphasized in a recent Accenture report that found “future-ready” leaders are emerging ahead of the pack with higher efficiency and profitability by scaling digital capabilities in ways to improve operational maturity.
“These leaders use better, more diverse data to inform decision-making as part of a cloud-powered continuous feedback loop,” said Sharma.
Another benefit of moving to the cloud or a hybrid cloud-on-premises arrangement is cost flexibility.
On average, the cost of managing an outdated IT system can cost a business around $3.61 per line of code or over $1 million for an application with 300,000 lines of code, said Kevin Shuler, owner and CEO of the Quandary Consulting Group, a Denver-based IT firm.
“It accounts for customizations, maintenance, reporting, server and hardware, etc.,” he said.
While replacing the old with the new might appear to be prohibitively expensive at first glance, Shuler noted what can put a CFO more at ease is the costs are more transparent than maintaining a legacy system.
“Better, they can be categorized as either an operating expense or a capital expense since a lot of software is classified as a service rather than software,” he said.
This gives flexibility to the CFO’s finances and forecasting. It also means more resources can be available for modernized systems.
“That means you can get superior resources at a lower cost than trying to pull from a pool of highly specialized and competitive contractors who work mainly with legacy systems,” he said.
RWJBarnabas Health sued an insurance carrier for allegedly refusing to cover the West Orange, N.J.-based system’s pandemic-related losses, according to NJ.com.
The health system is suing Zurich American Insurance Co. for breach of contract, alleging the company refused to honor its obligations under a $2.5 billion “Zurich Edge Healthcare Policy.”
The health system, which treats 3 million patients annually, claims Zurich’s policy should cover losses caused by illnesses like COVID-19. The lawsuit, filed March 19, alleges Zurich failed to acknowledge COVID-19 caused property damage after employees and patients died from the virus in its facilities, according to Law360.
“Zurich has known, or should have known, for decades that its policy could be called upon to pay up to its full limits — here $2.5 billion dollars — to RWJBarnabas for losses associated with viruses and pandemics,” the lawsuit states.
Ridgewood, N.J.-based Valley Health System is also suing Zurich, alleging the insurance company wrongfully denied covering its losses tied to the pandemic under a $550 million policy, according to Law360.
A Zurich spokesperson declined to comment on RWJBarnabas’ lawsuit, telling NJ.com that it is not the company’s practice to comment on pending litigation.
In Virginia, Carilion Clinic filed a similar lawsuit against its insurance provider, American Guarantee and Liability Insurance Co., on March 18. The Roanoke, Va.-based system says it lost more than $150 million because of the pandemic, and the insurance company allegedly refused to provide coverage or properly investigate its losses.
“To cushion the impact of the coronavirus and COVID-19, Carilion Clinic turned to its property insurer, AGLIC, to whom Carilion Clinic had paid nearly $1 million in premiums in exchange for $1.3 billion in property damage and time element (also known as business interruption) coverage effective June 1, 2019 to June 1, 2020,” the lawsuit states. “AGLIC, however, declined to fulfill its obligations to Carilion Clinic under the policy.”
Carilion is seeking damages for breach of contract and a judgment declaring the scope of American Guarantee’s obligation to cover the losses under the policy.
Read the full NJ.com article here.
Read the full Law360 article here.
Change in new COVID-19 cases in the past week
Percent change of the 7-day average of new cases
on Feb. 23 and March 2, 2021
The U.S. may be on the verge of another surge in coronavirus cases, despite weeks of good news.
The big picture: Nationwide, progress against the virus has stalled. And some states are ditching their most important public safety measures even as their outbreaks are getting worse.
Where it stands: The U.S. averaged just under 65,000 new cases per day over the past week. That’s essentially unchanged from the week before, ending a six-week streak of double-digit improvements.
- Although the U.S. has been moving in the right direction, 65,000 cases per day is not a number that indicates the virus is under control. It’s the same caseload the U.S. was seeing last July, at the height of the summer surge in cases and deaths.
What we’re watching: Texas Gov. Greg Abbott on Tuesday rescinded the state’s mask mandate and declared that businesses will be able to operate at full capacity, saying risk-mitigation measures are no longer necessary because of the progress on vaccines.
- But the risk in Texas is far from over. In fact, its outbreak is growing: New cases in the state rose by 27% over the past week.
- Mississippi Gov. Tate Reeves also scrapped all business restrictions, along with the state’s mask mandate, on Tuesday. New cases in Mississippi were up 62% over the past week, the biggest jump of any state.
- The daily average of new daily cases also increased in eight more states, in addition to Mississippi and Texas.
How it works: If Americans let their guard down too soon, we could experience yet another surge — a fourth wave — before the vaccination campaign has had a chance to do its work.
- The vaccine rollout is moving at breakneck speed. The U.S. should have enough doses for every adult who wants one by May, President Biden said this week.
- At the same time, however, more contagious variants of the coronavirus are continuing to gain ground, meaning that people who haven’t gotten their vaccines yet may be spreading and contracting the virus even more easily than before.
What’s next: The bigger a foothold those variants can get, the harder it will be to escape COVID-19 — now or in the future.
- The existing vaccines appear to be less effective against two variants, discovered in South Africa and Brazil, which means the virus could keep circulating even in a world where the vast majority of people are vaccinated.
- And that means it’s increasingly likely that COVID-19 will never fully go away — that outbreaks may flare up here and there for years, requiring vaccine booster shots as well as renewed protective measures.
The bottom line: Variants emerge when viruses spread widely, which is also how people die.
- Whatever “the end of the pandemic” looks like — however good it’s possible for things to get — the way to get there is through ramping up vaccinations and continuing to control the virus through masks and social distancing. Not doing those things will only make the future worse.
- “Getting as many people vaccinated as possible is still the same answer and the same path forward as it was on December 1 or January 1 … but the expected outcome isn’t the same,” Shane Crotty, a virologist at the La Jolla Institute for Immunology in San Diego, told Reuters.
A New York physician has been charged with manslaughter in the second degree and is facing other felonies related to the overdose death of a patient, New York Attorney General Letitia James announced Feb. 19.
Sudipt Deshmukh, MD, allegedly prescribed a lethal mix of opioids and other controlled substances that resulted in the overdose death of a patient. The physician allegedly knew the patient struggled with addiction.
An indictment, unsealed Feb. 18, alleges that between 2006 and 2016, Dr. Deshmukh ignored his professional responsibilities by prescribing combinations of opioid painkillers and other controlled substances, including hydrocodone, methadone and morphine, without regard to the risk of death associated with the combinations of those drugs.
Dr. Deshmukh is facing several felony charges, including healthcare fraud, for allegedly causing Medicare to pay for medically unnecessary prescriptions.
The indictment comes after the attorney general’s office filed a felony complaint against Dr. Deshmukh in August. In 2019, the New York State Office of Professional Medical Conduct found that he committed several counts of misconduct.
A patient accused of fatally beating his roomate at Antelope Valley Hospital in Lancaster, Calif., has been arrested and charged with murder, elder abuse and a hate crime enhancement, according to the Los Angeles County Sherrif’s Department.
The victim, an 82-year-old man, was being treated for COVID-19 and sharing a room with the suspect, identified as 37-year-old Jesse Martinez. The victim, whose name has not been released, began to pray in his hospital room on Dec 17. That act upset Mr. Martinez, who allegedly struck the victim with an oxygen tank. The man died of his injuries Dec. 18, police said.
Mr. Martinez is being held at the Twin Tower Correctional Facility in Los Angeles, and his bond is set at $1 million. He’s scheduled to appear in court Dec. 28.
Police said the investigation into the incident is ongoing, and the motive is not immediately clear.
Blue Cross Blue Shield’s national employee benefits committee filed a lawsuit against Allianz Global Investors and its investment consultant Aon Investments USA, charging both with breaches of fiduciary responsibilities and breach of contract regarding more than $2 billion in losses in the insurer’s defined benefit plan trust.
The lawsuit, filed Wednesday in U.S. District Court in New York, alleges that AllianzGI took “reckless actions” in the management of three funds the manager had said offered downside protection against market declines and volatility, according to the court filing.
As of Jan. 31, the National Retirement Trust of the Blue Cross and Blue Shield Association had a total of $2.9 billion invested in the AllianzGI Structured Alpha Multi-Beta Series LLC I, AllianzGI Structured Alpha Emerging Markets Equity 350 LLC, and the AllianzGI Structured Alpha 1000 LLC, according to the filing.
After the funds experienced heavy losses in February and March, the investments were liquidated and redeemed, and the committee received about $540 million, according to the filing.
As of Dec. 31, 2018, the Blue Cross and Blue Shield Association National Retirement Trust had $4.6 billion in assets, according to its most recent Form 5500 filing.
The lawsuit, which includes claims breach of fiduciary duty and breach of contract against both AllianzGI and Aon, alleges that AllianzGI “caused the (benefits) committee to believe that structured alpha’s risk profile was consistent with Allianz’s stated investment strategy rather than the actual risk profile, either by making false or misleading representations about structured alpha or failing to disclose information necessary to correct prior representations that were inconsistent with how Allianz was actually managing the strategy.”
The suit alleges Aon breached its obligations by “failing to monitor and inform the committee of breakdowns in Allianz’s risk management protocols, learning only after the catastrophic events of March 2020 that Allianz had inadequate risk management in place.”
AllianzGI’s structured alpha strategies have historically been designed to be both long and short volatility, according to a September 2016 presentation: Taking range-bound spread positions, to sell options that were most likely to expire worthless (short volatility); hedged positions designed to protect against market crashes (long volatility); and directional spread positions designed to generate returns when equity indexes rise or fall more than usual during multiweek periods (long/short volatility).
The lawsuit alleges that “when equity markets declined, volatility spiked and the funds’ option positions were exposed to a heightened risk of loss in February and March 2020, those promised protections were absent.”
The lawsuit seeks relief including restoration of all losses, actual damages and accounting and disgorgement of fees and profits.
John Wallace, AllianzGI spokesman, said in an email: “While the losses sustained by the Structured Alpha portfolio during the market downturn in late February and March were disappointing, AllianzGI believes the allegations made by Blue Cross Blue Shield are legally and factually flawed. We will defend ourselves vigorously against these claims. Blue Cross Blue Shield was advised by a sophisticated investment consultant to evaluate the Structured Alpha strategy. These funds sought to deliver substantial returns of as much as 10% above, net of fees, the returns of the fund’s benchmark, an index like the S&P 500. As was fully disclosed to Blue Cross Blue Shield, the Structured Alpha strategy involved risks commensurate with those higher returns. Blue Cross Blue Shield and their consultant determined that the Structured Alpha Portfolio fit with their overall investment goals and risk tolerances.”
The $15.3 billion Arkansas Teacher Retirement System, Little Rock, filed its own lawsuit against Allianz Global Investors and subsidiaries in July, regarding its own losses in structured alpha strategies.
Robert Elfinger, Aon spokesman, said the company does not comment on pending litigation.
Sean W. Gallagher, Adam L. Hoeflich, Nicolas L. Martinez, Abby M. Mollen and Mark S. Ouweleen, partners at Bartlit Beck, attorney for the plaintiffs, could also not be immediately reached for comment.