2000 Archives — General / Risk /
Financing
Biometrics — a Brief Look
English
|
|
|
|
Literally, the word “biometrics” means a measurement of life, but the term is
usually defined as a measurable physiological or behavioral characteristic that may be
captured electronically and subsequently used to verify an individual’s identity.
Current Techniques
At this time, the most widely used biometrics are fingerprints, hand geometry (measurement
of hand and finger characteristics), iris and retinal scanning, voice verification, facial
recognition (in some cases, the matching of images), and signature verification. Other
biometrics exist, but the foregoing represent the principal technologies in terms of
available, proven products. Fingerprint verification is the most prevalent biometric; iris
scanning is generally regarded as the most accurate.
Pioneering Ancient Egyptians
Most people believe that biometrics constitute a new idea, synonymous with our high-tech
computer age. In fact, the practice of personal identity verification by means of
biometrics dates back to ancient Egypt (as do so many concepts considered advanced at the
start of the 21st century). Ancient Egyptians routinely recorded biometric parameters
— distinguishing features and bodily measurements — for commercial and official
transactions. Since then, people have been fascinated with the concept of biometric
verification for a variety of reasons. Until relatively recently, however, that interest
has not been translatable into practical, repeatable automated processes delivered by
affordable components and systems.
How Biometrics Work
The principle of operation of all biometric techniques is similar. All electronically
capture and measure the characteristic selected as the identifier (such as fingerprint,
hand geometry, or iris pattern) to create a biometric template, or set of reference data,
which is then used for subsequent verification of an individual’s identity. This
process of template creation, known as enrollment, typically requires that an individual
provide a number of samples of the target characteristic so an average can be obtained and
used.
For easy retrieval, the biometric template may be stored on a portable data carrier, such
as a smart, or chip, card or in a database in a reader or external device. With certain
methodologies, an individual’s template is updated whenever a transaction, or an
identity verification operation, is successfully completed. This allows for a useful
degree of flexibility, since an individual’s biometric characteristic may change
slightly over time as a result of aging or other reasons.
At the point of verification, the individual to be identified, called a user, provides a
new sample of the identifier characteristic, called a live sample. That live sample is
compared with the user’s biometric template according to a predefined accuracy
threshold, which can usually be adjusted on either an individual user or biometric reader
basis. Depending on the result of the comparison, the user is classified as either
accepted or rejected. Errors are similarly classified as “false accepts” or
“false rejects.” Typically, biometric device performance is rated in terms of
expected percentages of false accepts and false rejects. However, these ratings may not be
entirely reliable all the time for an entire population of users. This is because external
factors, such as user psychology, as discussed below, may affect performance in an actual
operational setting.
A World of Applications: Present and Future
Successfully implemented around the world in a wide variety of applications, biometric
technologies can play an important role whenever we need to manage large numbers of people
and people-related transactions.
Notable examples to date of access control to physical spaces include identity
verification of prison visitors (whose physical characteristics are recorded when they
enter so only these visitors can leave; here, access is “out,” not
“in”), international travelers (as implemented by the United States at certain
airports), users of subsidized restaurants, and personnel authorized to enter secure or
hazardous areas.
Examples of access control to non-physical “assets” are identity verification of
welfare and healthcare claimants, users of bank cash machines, and voters (in this case,
the right to vote is the “asset”).
Logical, or electronic, access control for local area networks (LANs), file retrieval, or
online transactions is an area of growing interest to many people. In this regard,
consider the following important developments: An increasing number of computer keyboards
equipped with integrated biometric readers are appearing on the market. Support for
biometrics directly at the operating system level is coming our way, courtesy of
Microsoft, which has announced its plan to provide such functionality in forthcoming
versions of Windows. Biometrics are also finding their way on to the Internet, with
several vendors offering secure personal authentication for online transactions by means
of biometric technology.
Another area of continuing interest is the potential for integrating biometrics into
easily portable, familiar objects, such as smart, or chip, cards, to enhance security when
using those objects across various applications. Credit cards immediately come to mind in
this context, but there are many other potential applications, such as electronic
passports.
As 2000 draws to a close, statistics show that this has been an especially significant
year for biometrics: we are witnessing an exponential increase in both general interest
and device sales, as organizations begin to understand the valuable benefits this
technology can offer.
A Final Word: User Psychology
Designing successful biometric systems requires an in-depth knowledge not only of the
technology involved, but also of how users typically react to and with it. User psychology
is crucial: Will users accept the technology or be intimidated by it? Will they find it
invasive or demeaning? Can they be educated to understand the benefits to their own safety
and security afforded by the technology? Can they be assured that privacy will not be
damaged but enhanced? Can they be educated to use the system properly? Apart from its
impact on user relations — an important concern for any organization — user
psychology can affect system performance. To be sure, inadequate training or instruction
will result in improper system use and failed verification, but resistance and
embarrassment may also cause users to act in an uncharacteristic manner or to use
equipment improperly.
Unfortunately, user psychology is an area that may be overlooked by some vendors and
systems integrators who may lack sufficient experience with these specialized products in
their operating environments. Any organization considering adoption of biometric
technology should carefully consider this factor, together with their organizational or
business objectives and the processes supporting those objectives, before contacting
external consultants or systems vendors.
| Contributor: |
Julian Ashbourn,
author of the reference guide Biometrics — Advanced Identity Verification
(September 2000) and biometric software developer, Hertfordshire, England
|
| Editor’s Notes: |
Readers may find additional information on biometrics at the
following sites:
Association for
Biometrics
Avanti,
The Biometric Reference Site
Connecticut
Department of Social Services — Biometric Identification Project
International Biometric
Industry Association
The Biometric
Consortium
For definitions of biometric terminology, see the Biometrics, Computers, Internet category in our
Glossary Agent™.
|
You have just read an article in Language
Perils™, an e-journal published by MultiTech Communications, Inc. Go to the Language
Perils™ index page for more information on
Language Perils™ and for access to all Language
Perils™ articles.
|
To bookmark
this article, use: |
http://www.insurancetranslation.com/
Language_Perils/00general.htm#10a |
|
| |
Broadening the Definition of “Risk”
English
|
|
|
|
As bankers, financial executives, governmental leaders, military strategists, and public
health officials add their voices to our traditional insurance and accident-centered
discussion of risk management — leading to all-inclusive terms such as “holistic
risk management” and “enterprise risk management” — the long-standing
boundary between risk management and general management is rapidly disappearing. The
separation between “pure risk” (chance of loss or no loss, but never any chance
of gain) and “speculative risk” (chance of loss, of no change, or of gain) no
longer distinguishes risk management from the rest of management. All forms of management
now, or soon will, address all forms of risk.
Because many experts are working on defining and describing a universalized,
“whole-ball-of-wax” approach to managing all forms of risk, it is time to
develop an equally all-inclusive new definition of “risk.” This definition must
be consistent with, but also — and more importantly — go beyond
insurance-oriented definitions, which focus on accident-centered “pure” risks of
loss. For insurance-rooted risk management professionals to earn credibility in the world
of holistic or enterprise risk management, they must build a concept of risk that is
consistent with the thinking of financiers, political and military strategists, and
business leaders everywhere.
In this new context, definitions of “risk” that have only a negative side —
that relate just to loss, peril, danger, threat, or hazard, for example — will not
do. That is because holistic or enterprise risk management embraces not just the negative
but also the positive side of “risk” — the opportunities for gain for those
who formulate efficient strategies to achieve desired outcomes and payoffs under various
probabilistic states of nature. (Some, but surely not all, of these states of nature will
include accidental losses.)
A useful new definition of “risk” is: the probability of a material deviation
from an anticipated outcome. This is not a restatement of the traditional
accident-centered definition, but it is consistent with that narrower definition. This
new, broadened definition has at least three crucial implications for the future of risk
management.
- Risk is a probability, a mathematical quantity that can be measured,
calculated, or estimated.
- Risk refers not just to probabilities of losses, or of gains, but to probabilities of
deviations — either downward losses or upward gains. Furthermore, the upward
or downward deviations that result from risk are not just future gains or losses from the
present situation, but from what the anticipated future is expected to be.
In this broadened context, failure to achieve an anticipated, attainable gain is a loss,
and suffering a smaller-than-anticipated loss is a gain when measured against expected
results. For example, if a firm anticipates a $100,000 profit from a particular
transaction but, for whatever reason, earns a profit of only $25,000, the firm can
properly be said to have suffered a $75,000 loss (even though an indemnity-centered
“pure” risk manager may see only the $25,000 gain). Conversely, a firm that
expects a $40,000 loss on a business transaction but actually loses only $10,000 can
properly be said to have gained $30,000 more than it anticipated.
- Risk exists only if an objective exists, only if there is a goal, a planned
future state of the world (which may also be the present state of the world, but
not typically so — except perhaps in the minds of status quo accident-centered risk
managers). It is in relation to the planned future state of the world that the nature and
materiality of deviations from anticipated outcomes should be gauged.
| Contributor: |
Dr. George L. Head, CPCU, ARM,
CSP, CLU, Director Emeritus, American Institute for CPCU/Insurance Institute of America,
Malvern, Pennsylvania, USA
|
You have just read an article in Language
Perils™, an e-journal published by MultiTech Communications, Inc. Go to the Language
Perils™ index page for more information on
Language Perils™ and for access to all Language
Perils™ articles.
|
To bookmark
this article, use: |
http://www.insurancetranslation.com/
Language_Perils/00general.htm#02a |
|
| |
IBNR Analysis
English
|
|
|
|
The well-known — and virtually international — English-language initialism IBNR
stands for “incurred but not reported,” a situation that most commonly arises
with long-tail losses. An analysis of IBNR, which has come to be understood to include the
word “claims” or “losses,” aims to estimate future payments on known
claims as well as payments for claims that have occurred but have not been reported by a
certain evaluation date.
Why IBNR?
Typically, an IBNR analysis is prepared to meet regulatory or financial reporting criteria
and is often required by external auditors as part of an audit. Outside of reinsurers and
captive and noncaptive insurers, the analysis is most frequently prepared for self-insured
trusts or corporations that use a loss-sensitive cash-flow plan.
The uses of an IBNR analysis include:
- Actuarial reserve certification
- Satisfaction of self-insurance requirements
- Negotiation of security requirements and letters of credit
- Merger, acquisition, or divestiture due diligence
- Evaluation of expected liabilities for financial statements
Basic Calculation of IBNR
Any IBNR calculation involves two components: paid losses and case reserves for a policy
period on the one hand, and estimated ultimate incurred losses for that same period on the
other. Case reserves are defined as reported losses minus paid losses.
Estimated ultimate incurred losses may be calculated by using one or more actuarial
techniques. The estimates from each technique are compared and — based upon the
actuary’s experience — the most appropriate figure is selected.
To calculate IBNR, paid losses and case reserves are subtracted from the selected estimate
of ultimate incurred losses.
Data Source and Calculation
Basic required data consist of reported losses and paid amounts, summarized by policy
period. Because an IBNR calculation focuses on indemnified and indemnifiable claims, not
on total actual loss amounts, all reported loss figures should be capped to reflect per
occurrence and aggregate limitations.
That basic data provide the necessary paid loss and case reserve information.
Typically, the other half of the IBNR calculation — estimated ultimate incurred
losses — is calculated by applying a loss development factor to (capped) reported
losses. Loss development factors provide an actuarial means for estimating future payments
on certain claims and on claims that occur during a period but are not reported until a
later date.
Loss development factors may either be unique to a program — and hence based on that
program’s own historical loss data — or represent industry averages.
Theoretically, the use of unique factors, as opposed to industry averages, produces a more
accurate projection of ultimate incurred losses. Industry-average loss development factor
data may be obtained from actuaries, brokers, insurance companies, and risk management
consultants.
Broadly speaking, the magnitude of the loss development factor will depend on the amount
of time that has elapsed between the beginning of a loss period and the evaluation date of
the losses. In most cases, the closer the evaluation date is to the beginning of a loss
period, the larger the loss development factor needed. Conversely, as the period
lengthens, the loss development factor approaches 1.000.
IBNR, when calculated, may be added to case reserves to arrive at estimated required
reserves, which is the amount that will be necessary for future payments on claims that
have been reported and on claims that have occurred but have not been reported by the
evaluation date.
Achievable Accuracy
The key to a credible analysis of IBNR is to gather the maximum amount of data unique to
the insurance program. Unique data are not difficult to obtain: A current loss run
provides all the basic data needed; a year-by-year evaluation of past losses furnishes the
raw material to calculate program-specific loss development factors.
Further accuracy is added by capping all loss amounts to reflect per occurrence and
aggregate limitations.
A Final Word
In use for decades and considerably refined over the years, IBNR analysis has grown in
importance as risk funding has emerged as a key concern.
|
| |
Insurance Company Statutory Financial Statements
English (United States)
|
|
|
|
Each year, on March 1, insurance companies operating in the United States must submit
financial statements to state regulators. These statements are in a standardized format
prescribed by the National Association of Insurance Commissioners, or NAIC. Although known
formally as “Annual Statement — Life and Accident and Health Companies —
Association Edition” or “Annual Statement — Property and Casualty
Companies — Association Edition,” you won’t hear state regulators using
those names very often. Instead, they customarily refer to the statements — which are
weighty packages of 80 to 135 pages — by a variety of nicknames.
The abbreviated name “Annual Statement,” or simply A/S, may be used for either
life or property-casualty insurance statements. Life insurance statements may be called
“The Blue Book,” after the required color of the cover; similarly, the
property-casualty insurance statement may be called “The Yellow Book.” The
package, whether for life or property-casualty insurance, may also be referred to as the
“Statement Blank,” even when it has been completed! And some regulators,
combining the names “The Blue Book” and “The Yellow Book” with
“Statement Blank,” may use “Blue Blank” for life insurance statements
and “Yellow Blank” for property-casualty insurance statements.
The first page of the statement, whether life or property-casualty, is an identification
page, which includes the signatures of the insurance company officers submitting the
statement. This page is usually referred to as the “Jurat Page,” after the
“jurat” — or certification of the notary public — which appears under
the affidavit of the officers.
Page 15 of the statement is known commonly as the “State Page” because each
insurer must submit as many such pages as states in which it does business. Each Page 15
contains the premium and loss information referring solely to the business written in the
state in question. The Summary Page 15, totaling the figures given for each state, is
often referred to as “Page 14” simply because, for several decades, those totals
appeared on page 14 of the package. Old habits die hard.
Although you won’t find the term “Balance Sheet” anywhere in the statement
index, that’s what regulators call pages 2 and 3, the official names of which are
“Assets” and “Liabilities, Surplus, and Other Funds,” respectively.
And, the statutory accounting procedures used in preparing these statements are known as
SAP, pronounced “sap.”
The preference for brevity is a constant in communications. Clearly, the U.S. insurance
industry is no exception.
|
| |
Plain English, Policy Wording, and Tricky Terminology
English (Australia)
|
|
|
|
As a result of both business and regulatory pressures, Australian insurers are
increasingly re-wording their policies in clearer, so-called plain English. The process is
not as easy as some people might think.
A not-so-simple task
For those who believe the process is simple, re-wording an insurance policy in plain
English is basically a matter of replacing the original language with simpler, more
straightforward words. That is a dangerous way of viewing the task. Legal language has its
own subtleties. A plain-English drafter must understand and respect those subtleties.
Otherwise, the new version will not be faithful to the original.
This doesn’t mean that legal documents, including insurance policies, have to remain
obscure, convoluted, and utterly unintelligible. But it does mean that a plain-English
drafter must be careful not to alter their intended legal effect in the course of altering
their language.
As an example, take the following exclusion in an Australian insurance policy:
“The insurer will not be liable to indemnify the insured against any loss or damage
that is directly or indirectly caused by, results from, arises from, or is incurred in any
way in connection with, a failure of any electronic equipment or function.”
All manner of causes
This wording cries out for simplification. First, why “directly or indirectly”?
Why raise the distinction? If something is caused indirectly by something, it must
be true to say that it is caused by that something. But that simple logic
won’t do. Some Australian judges, in some contexts, have interpreted
“cause” as meaning only “cause directly.” Whether they were right or
wrong is beside the point. The words have to remain.
Even so, why the repetition of phrases indicating causal connection? Why not simply choose
just one of “caused by,” “results from,” “arises from,” and
“is incurred in any way in connection with”? Why all four? Again, the answer
lies not in the language, but in the law. Many Australian judges have drawn
a distinction between proximate or effective causes and other causes. Wordings like
“caused by” or “results from” are generally interpreted as referring
to a proximate cause. Wordings like “arising from” or “incurred in
connection with” are generally interpreted as referring not just to a
proximate cause, but also to something much less obviously the cause of a loss.
Aware of all this, insurers and their attorneys have generally used the latter, broader
wordings — “arising from” and “incurred in connection with”
— in excluding liability for loss; and the former, narrower wordings —
“caused by” and “results from” — in setting out the losses
covered by the policy.
It follows that, in re-wording the exclusion in plain English, it is not just a matter of
identifying four synonyms and replacing them with one. That form of simplification would
defeat the insurer’s commercial aims. The exclusion’s wording can still be
simplified. In the context of an exclusion from an insurance policy, “arising
from” is more appropriate, from the insurer’s point of view, than “caused
by” or “resulting from.” Those last two can therefore be deleted. But not,
I think, “incurred in any way in connection with.” Why not? Because it
might (just might) cover more than “arising from”; and the insurer
did not want to take any risk associated with electronic malfunction: everything
had to be excluded.
Too easy for words?
At this stage, some clever person might suggest that, in light of the (retained) use of
“directly or indirectly,” there is simply no need to use any causal
connection phrase except the simple “caused by” or “resulting from.”
After all, the distinction between proximate causes and non-proximate causes that is
reflected in the various causal phrases is exactly the same as the distinction between
direct and indirect causes.
But is it as simple as that? Attractive as the suggestion is, I, for one, would not be
willing to adopt it. I could not predict with sufficient confidence what an Australian
court might do if I omitted the distinction. So the nuances of legal language impose
limits on plain-English versions. Identifying what those limits are is a professional
responsibility. And discharging it isn’t always easy!
Portions of this contribution are based on the author’s article “Plain English:
An Underestimated Task?,” Clarity, No. 43, May 1999.
|
Go to Language Perils™ index.
|
