New RIMS Leader: Understanding Risks Around Technology is Imperative

The culture at technology startups like Uber, Airbnb and PayPal is all about risk-taking. They start by offering a unique, untested or reimagined product or service or by disrupting an industry’s established production, distribution or sales methods.

To succeed long-term, they must be smart enough to know what risks they are likely to encounter and which ones to take, which ones to mitigate and which ones to avoid. That’s, of course, where risk managers come in— helping firms, whether in technology or other fields, understand their risks.

“It’s interesting because risk is part of the language in technology firms. It’s positive. You want to take more risks but you want to take the right risks,” Laura Langone told Insurance Journal in a recent interview upon assuming the presidency of the global association for risk managers, the Risk and Insurance Management Society (RIMS).

“I think as risk managers you have an opportunity to have a seat at the table for that conversation, which is always exciting to me.”

Laura Langone

Langone knows her way around technology start-ups. She is currently head of Insurance Operations at the home-sharing and short-term rental giant Airbnb. Prior to Airbnb, Langone was the head of Insurance and Risk Management at PayPal and Juniper Networks. She has also held positions with Genentech, Marsh, Oracle, American International Group and the insurance defense law firm, Gordon & Rees, throughout her more than 20-year career in insurance and risk management.

“It definitely is at Airbnb. It is part of a strategy. Insurance is actually strategic, which is great, so these are important. Cyber issues are critical in terms of reputation. So understanding our data and compliance to data requirements is critical. So definitely I think when you look at tech companies, I think risk is definitely at the forefront,” she added.

Understanding the risks around technology is imperative for more than technology-based startups like Airbnb. Technology risk management needs to be part of the strategy of nearly every company because nearly every company depends on technology, benefits from its advantages and is exposed to its risks, from reputational to cyber to regulatory to privacy and more.

“I think you might in a tech company that’s coming out, you might be a little bit more innovative in what your delivery is. You might be straddling different industry groups to deliver something different and unique. But technology is everywhere and in every industry. It’s one of our top risks for CFOs, top risks for risk managers,” the RIMS president said.

Langone said risk managers must not only understand the technology risks but also be able to communicate with other professionals in their organizations about how to offset, transfer or manage those risks.

“[T]echnology is a positive thing. It really allows companies to become more efficient, improve processes. It allows you to gain more insight, better data, really understand your customer and be able to offer the goods and services that they want in a timely manner. But then your [risk manager’s] job is to help them understand some of those exposures like cyber fraud, misapplication, misappropriation — things like that.”

Incorporating risk management into strategy for any company necessitates the risk manager becoming what Langone calls the “internal consultant” on risk. To get to that position, the risk manager has to demonstrate the knowledge and skillsets to lead those conversations.

“You do not have to be the expert,” she said. “You may not be the CSO [chief strategy officer], you may not be the head of reputation crisis management, you may not be the general counsel. But you need to be able to talk to those people. You need to be able to understand and facilitate and have a good understanding of some of the issues that they’re dealing with. You need to be able to bring those resources.”

As one of her first projects at Airbnb, Langone set up the firm’s first insurance captive, through which all claims against Airbnb and hosts pass.

Another part of her team’s job at Airbnb is to manage all the insurance products for hosting guests and procure those programs in the marketplace. Her team works with private insurers.

“In order to really attract hosts onto our platform, they want to make sure that they’re protected from liability arising or damage to their property. Years ago, before my time of course, our corporate strategy and our legal and business teams put together these programs to make sure that hosts were comfortable. Really, in the personal lines marketplace, homeowner marketplace, there was no coverage at the time for short term rentals. So it was excluded under personal homeowners policies.”

The market has changed, however, with more carriers now willing to offer coverage. “It’s all over the place,” she added “in terms of how much coverage they provide, how broad the coverage is, for how long. But they are definitely moving in the right direction.”

Airbnb has a team of risk and legal professionals. Langone herself is not directly involved in regulatory issues at Airbnb. But she said she has had to learn about them so that she can understand the related risks and communicate them to insurers so that they understand how a company like Airbnb manages some of those global risks.

“It’s just really making sure we can articulate what that exposure is,” she said. “I think definitely we have to have a seat at the table to do that.”

Langone, who has a law degree in addition to an undergraduate degree and a Master’s in Business Administration, started her career in casualty underwriting in Boston. Early in her tenure, she was transferred to the insurer’s office in France. She said overseas, the specialty accounts were not given standard pre-printed forms; rather every contract was manuscripted, unlike in North America.

Langone says her law degree altered her perspective on insurance contracts like the ones she used to underwrite earlier in her career.

“I really started to understand the contract a lot better and really questioned coverage in a different way and to make sure that [there was] a lot more clarity of coverage. I’ve always been a proponent of being able to articulate your risk, being able to communicate that effectively to an underwriter, and tailoring your coverage so that you don’t have ambiguity,” she said.

That legal background has also helped her advance in her risk management career.

“[I]t’s allowed me to have a seat at the table more so with the general counsel, be able to be part of litigation in defense a little bit more. That’s been helpful for my own career to not only get a seat at the table in the finance world, but also on the legal side as well. It’s helped me bridge those two organizations,” she said.

She said she thinks a legal background is a good one for risk managers. “More law school students should look at risk management as well,” she said.

These days she is championing the education and networking that RIMS provides members. “That’s the most important thing for RIMS to be able to help our risk professionals make sure that they do have that seat at that table and that they understand and are equipped with the right information to be able to ask the right questions and have a dialogue,” she said.

The RIMS certification is key to advancement because “it doesn’t just talk about risk transfer, it talks about enterprise risk management, it talks about financial risk management strategy, and it really does ensure that you are getting a global standard. That helps differentiate you when you’re talking to your leadership and your company.”

In addition to technology and cyber risks, RIMS is focused on globalization, which is among the key opportunities and risks facing companies and RIMS today. RIMS has 79 chapters worldwide but wants to further grow in particular in China, India, Singapore and Latin America.

The focus on globalization means addressing issues having to do with entering new markets; dealing with China or India, or those countries dealing with the outside world; and understanding regulatory differences, political uncertainty and volatility around the globe.

“I think one of the big issues for us in terms of globalization is not having this just North American view,” Langone said.

“If you think about some of our Chinese risk managers, they are dealing with significant assets in their balance sheet and they need tools to understand cyber risk. They need tools to understand global supply chain risk. They are getting outside of China and going into other countries in North America, but also Africa and other places in Asia and expanding their infrastructure.

“What does that mean? We want to be able to understand the regulations in those countries and understand the challenges that they’re dealing with, understand their marketplace, how it’s evolving. That’s really critical,” she said.

Not every RIMS member has to be part of a large or global organization with a fully staffed risk management department.

“You might have an organization that may not have a dedicated risk management professional. We want to make sure we’re inclusive of people who are tackling those issues. Whether you’re in internal audit, whether you’re in compliance, whether you’re in treasury or general counsel or even now just starting to get into risk management from a technology base, RIMS has a lot to offer,” she said, pointing to the RIMS annual conference this May in Denver as a prime opportunity for those from organizations of all sizes and industries.

Langone sees RIMS as a place to network with and learn from others in a world where risk is changing fast.

“I think that for most of our risk managers, nothing really stays the same. I think the most important thing is that risk managers today really do need to adapt. They need to be nimble,” much like a startup.