While many companies have become familiar with fraud attempts aimed at convincing employees to wire funds to criminals’ bank accounts, few are familiar with W-2 phishing scams.
Like fraudulent wire transfers, criminals typically impersonate an employee in the C-suite and ask for copies of all employees’ W-2s. These W-2s are then used to file fraudulent tax returns in hopes of intercepting tax refunds.
According to IRS Commissioner John Koskinen, “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.’’
The W-2 phishing scam is occurring earlier in the tax season and to a broader scope of organizations. As far as action an employer should take, it is recommended to send a W-2 scam email to firstname.lastname@example.org and place “W2 Scam” in the subject line.
To view the official statement from the IRS, you can click here.
These risks are easily insured against with Cyber Liability Insurance policies. For a consultation or assistance with any cyber inquiries, please contact Dave Wasson, VP, Hays Cyber Liability Practice Leader, or Scott Stence, AVP Executive Risk to learn more about our risk management techniques to avoid these scams.
By: Ben Graves, JD., Director of Research and Compliance at Hays Companies.
With Republican control of both houses of Congress and the Presidency now confirmed, we wanted to provide an update of how we think employee welfare benefits will be impacted from a compliance perspective for the near future.
The rules that were already in place before the election are still in place. There are looming deadlines including employer reporting and payment of reinsurance fees that will occur by the end of January. Having said that, there should be some great opportunities to take advantage of new flexibility and options that have been off the table for a few years now. One example would be the possible return of premium reimbursement plans, which were a great tool for employers operating in markets where it was difficult to get a reasonable quote (or any quote at all). Hays Companies Research and Compliance will work diligently to help identify these opportunities as they appear.
Our ACA Compliance newsletter provides an overview of the election’s impact on employee welfare benefit plan compliance issues.
Also, we are providing an educational webinar titled “Compliance After the Election”. During the webinar we will discuss:
What employers should do for the immediate future,
Possible changes to the Affordable Care Act and other employee benefits laws,
Possible new legislation or regulations, and possible future opportunities
Innovation is a hot topic right now, with websites, researchers, authors, and consultants sharing regular insights and revelations about how businesses can be more innovative in an economy that continues to be challenging.
While innovative businesses typically point to famous industry disrupters like Apple, Google, Amazon and Uber for creating new products and services while ramping up the quality of consumer experiences, pioneers do not have to have a household name. Smart, nimble insurance brokerage firms, for example, regularly deliver innovative programs using some of the same principles that made the major disrupters so famous.
According to a study of insurance sector innovation by KPMG International, disrupters and innovators do not necessarily create something brand new, such as a new coverage or new program. Instead, they learn from traditional competitors and other disrupters and they leverage successes and experiences and create new propositions and approaches to “delight customers and create value.” Disrupters, by nature, are always customer-centric.
Here are some examples of what questions to ask to determine innovation.
Innovators do not take the first solution they come up with. Instead, they ask questions: How can I make this better? What can I learn from the past? What approaches can I borrow from other industries/companies to make something old new again? They take an approach that questions all assumptions.
To discover if your broker is being “contrary” enough to benefit your company, ask yourself these questions: Is your broker doing things the way he or she has always done them? Are you being introduced to new ideas such as cross-analyzing benefits and workers’ comp data, trying out data-driven population health management and employee engagement approaches within your company versus the industry static wellness approach? Is your company protected from risks that could have an infrequent but devastating effect on your bottom line, such as social engineering, infectious disease epidemics, and cyberhacking/ransomeware? Is your benefits program “delighting” your company’s employees and improving their health outcomes?
Cross-pollination of ideas
Innovation is built on generating a lot of ideas, learning from successes and failures, and putting together something new through this process. This is the key, according to Wharton professor and author Adam Grant’s book, Originals: How Non-Conformists Move the World.
He notes in his blog that “originals learn to see failure not as a sign that their ideas are doomed, but as a necessary step toward success. “A failure signals a gap in knowledge or a poor strategy, and motivates us to go back to the drawing board and get it right. Without failure, complacency can creep in.”
Innovators regularly identify the gaps in their knowledge that may lead to failure. Such experience creates a strong, cross-pollinated breeding ground for new approaches. Is your broker working hard to invent something new in this way?
A recent Wall Street Journal article on innovation reports that “most companies continue to assume that innovation comes from that individual genius, or, at best, small, sequestered teams that vanish from sight and then return with big ideas. But the truth is most innovations are created through networks — groups of people working in concert.”
Innovators identify and try out a variety of ideas to find approaches that work best — and customers benefit from having a range of choices. Is your broker giving you options or just offering the “one-and-only proprietary solution that you’ll ever need?”
For example, a proprietary HRIS/employee benefits module means that companies can be trapped by their broker’s limited offerings. Is your broker offering you several options, instead of just delivering a cookie-cutter product, service or technology? Are the systems truly user-friendly? Can features be added? In short, solution neutrality is key to getting the most innovative product and service.
Keeping up with technology
Basing decisions on strong empirical data and experience instead of top-level claims data is a key hallmark of innovation these days. Is your broker delivering on this best practice of mining data for the insights and innovations it hides? Are these approaches used on the employee benefits side as well as the property & casualty insurance side? How long has your broker used data independent of the carrier and what is their expertise? Any broker can lease or rent a “system” to interpret data, but their experience in developing an analytics system as well as the institutional knowledge developed by using these systems can be a significant advantage for their clients. Today, companies have access to the sorts of modeling tools long used by insurers, giving them the ability to better assess and manage a claim before it has the opportunity to spiral out of control. Is your broker providing you with such tools and do they have the experience and institutional knowledge to offer you the best choices?
When it comes to innovation, bigger is not always better. One of the most valuable attributes of innovators is their independence, giving them the ability to find and develop the very best ideas, regardless of their source.
How does independence play out in the insurance sector? It means your broker can provide the widest range of program choices that meet your company’s needs. Privately-held, debt-free, independent brokers can also review the entire marketplace to find solution-neutral options that are not tied to any one carrier or to their own ownership interests. In turn, that means you can choose among a variety of solutions and ensure you get the appropriate attention to implement and work with those solutions instead of being forced to accept a broker-centric program that benefits your broker’s bottom line, but may not work for your company.
Solution-neutral options also mean customers can retain them even if their insurer or broker changes. For example, proprietary internal systems for employee benefits and property and casualty programs promise efficiency and cost savings — but they are tied to a specific insurance program and broker. That limits a client’s ability to retain programs and systems if they want to make a change.
Choices also can be limited by brokers who merge and/or acquire other companies. Financing this growth means either incurring debt or paying higher shareholder returns and that can lead to constricting R&D investment and limiting customer choices and services. Knowing how financially independent your broker is will help you know if your interests are being well served.
What do you believe?
Finally, you will be most satisfied if you choose an innovative company whose values resonate with your own. Leadership consultant and author Simon Sinek is often quoted for his insight into why customers choose innovative companies: “People don’t buy what you do; people buy why you do it. If you talk about what you believe, you will attract those who believe what you believe.”
In the end, customers want their broker to provide innovative solutions that still satisfy the basics of providing the right coverage, controlling expenses, and delivering exceptional, experienced service — all in the name of helping your company thrive in a more competitive economic environment that rewards the innovators of our world.
About the Authors:
Eric Kasen is President of Hays Companies Northeast, Craig Dandrow is the Employee Benefits Practice Leader, and Owen Callaghan is the Property & Casualty Practice Leader. All three are based in the Hays Companies’ Boston office that provides Health and Welfare Brokerage and Consulting, Pension Consulting and Commercial Risk Brokerage and Consulting.
Hays Companies was listed again as one of the top 100 largest insurance brokers in the United States by Business Insurance, a leading commercial publication to the insurance industry. The list was based on 2015 brokerage revenues of U.S based clients. Hays Companies ranked 21st this year and achieved over a nine percent revenue increase from 2015, holding a position in the top 40 brokers for more than a decade.
With over 20 years in the business, Hays Companies is based in Minneapolis, MN, with 30 locations nationwide and over 700 expert professionals. Hays Companies has continued to grow while maintaining independence and an industry leading 94 percent client retention rate.
“Our customers are at the center of everything we do,” explained Jim Hays, CEO of Hays Companies. “Each year, we are growing organically and extending our reach to better meet the needs of our clients. We will continue to be an industry leading company by going above and beyond to ensure we are the broker of choice for our customers.”
The Affordable Care Act (ACA) requires most individual and small group health insurance plans to cover mental health and substance abuse disorder services, including behavioral health treatment, counseling, and psychotherapy.
Additionally, health plans must comply with the requirements set forth in the Mental Health Parity and Addiction Equity Act (MHPAEA), meaning coverage for mental health and substance abuse services generally cannot be more restrictive than coverage for medical and surgical services.
The need for mental health programs has increased, says Pari Luna, Director of Health Strategies at Hays Companies, with some 3.7 million Americans with significant mental illnesses accessing care through the insurance exchanges and extended Medicaid coverage as of January 2016.
“There is more to the wellbeing of an organization’s workforce than just physical health,” she adds. “Mental health is a highly prevalent condition in most organizations and serves as a barrier to managing other aspects of one’s health. When companies take a holistic approach to the health of their population and appropriately accommodate for those benefits, we see much greater impact on both individual and organizational health goals.”
Trends in Mental Health Services Cases of employee depression increased by 58 percent between 2012 and 2014 and anxiety cases increased by 74 percent, along with cases of employee stress growing by 28 percent, according to a Workplace Options study.
Surveyed employers saw a 3.4 percent increase in mental health and substance abuse claims.
The total number of out-of-network claims for mental health services has grown, perhaps due to adult dependents in college who do not have access to in-network care. Luna adds that this trend is also due to the shortage of providers, resulting in people choosing not to join networks because they don’t necessarily have to.
The Effect of Mental Health Coverage on Employers
Each year, 18 percent of the U.S. population experiences some type of mental illness, according to data released by the U.S. Substance Abuse and Mental Health Services Administration.
Mental illness also causes individuals to miss more workdays than any other chronic condition, resulting in an estimated $100 billion per year in indirect costs to U.S. employers.
Research shows that a mentally healthy workforce is linked to lower medical costs, as well as less absenteeism, notes Luna. Therefore, employers should ensure that they have the resources to support their employees to become as mentally healthy and productive as possible.
Creating a Stigma-Free Workforce and Evaluating Current Mental Health Benefits
In order to encourage a mentally healthy workforce, employers should build a culture that is as stigma-free as possible, encouraging people to seek help rather than hiding their stress and pain. Some efforts could include educating employees about the signs and symptoms of mental health disorders and regularly hosting seminars about stress, workload, and work-life balance, and other issues.
Employers should also evaluate their current mental health benefits to ensure they are sufficient for employee care by asking insurers these questions:
Do they offer readily accessible mental health information through employee educational programs, their website or self-screening tools?
Do they have a toll-free number for your employees to call for help with personal, family or work issues?
Are there available, in-network providers who are trained in screening for and treating depression, anxiety and substance abuse disorders?
Can they integrate their services with your EAP, disease management and disability benefits? Integration results in better coordination of care for employees and can save employers time, effort and money.
Are pharmaceutical benefits sufficient enough for employees to be able to afford needed medication?
“Although the ACA has made an impact on mental health care, further implementation and education regarding appropriate coverage is still needed to realize the full impact,” Luna concludes.
For more information on mental health benefits, contact Pari Luna, the Director of Health Strategies at Hays Companies, at email@example.com.
Congratulations to Bruce Hollcroft and Bruce Lyon, two of Hays Companies’ Risk Control Directors, on their recent textbook publication titled Risk Assessment, A Practical Guide to Assessing Operational Risks. The book was written by Hollcroft, Lyon and Georgi Popov, Associate Professor on risk assessment at the University of Central Missouri.
Risk Assessment, A Practical Guide to Assessing Operational Risks, teaches the fundamentals of risk assessment to students and those in the safety, health and environmental professions, who recognize the need to refine their personal risk assessment capabilities.
Risk assessments have begun to receive more prominence in operational risk management systems. This book fills a content gap in educational material about the growing field of risk assessment.
“Working alongside industry experts at Hays Companies has pushed me to continue developing my risk management skill set and knowledge base. This book is an accumulation of my expertise and similar outside education,” Hollcroft remarked. “I hope it will be a guide to others interested in the topic and help cultivate our future risk assessment leaders.”
The authors intend for this text to assist professors at a university level who sense the need for their students to gain knowledge and aptitude with respect to risk assessment. It will also serve as a primer for employed safety professionals, needing a practical guide on risk assessment techniques.
“I hope this book educates and motivates prospective risk management experts,” Lyon said. “More important than any publications or expertise on my end is the ability to pass this information on to young professionals. Hays Companies has helped me realize the incredible value in educating young learners to ensure the success of not just a company, but an industry and the clients it serves.”
Congratulations to Bruce Hollcroft and Bruce Lyon on the publication. They are proving once again that Hays employees truly are experts in their fields, devoted to educating others.
MINNEAPOLIS, Minn. (June 27th, 2016) – Hays Companies announced Joe Williams has joined its San Francisco operations as Senior Vice President. He will be responsible for spearheading new business development, leading and managing the team and continuing to build Hays’ renowned workforce.
“We are delighted to have Joe on board at Hays,” said Michael Egan, President and Chief Operating Officer of Hays Companies. “His knowledge and experience will add considerable acumen to our employee benefits capacities.”
Williams’s has over eleven years of experience in the employee benefits industry and has held previous high-level leadership positions; he will play a key role in spurring growth and development for Hays at the San Francisco office.
Williams formerly served as the Senior Vice President of Employee Benefits of HUB International, as well as Vice President of BB&T Insurance Services. Williams’s experience includes extensive work with medical/dental/life/disability insurance, underwriting, consulting, as well as ACA compliance.
“I am excited for the opportunity to join such an illustrious company like Hays Companies. They have built a strong reputation in the past 20 years and I look forward to being a part of this fast growing, innovative organization,” said Williams.
ABOUT HAYS COMPANIES
Hays Companies is one of the fastest growing, privately-held risk management, insurance and employee benefits advisors in the country. Our philosophy of delivering the highest-quality, customer-focused service has led to significant growth for 20 years. Today, the company includes 700+ experienced professionals in more than 30 locations throughout the United States. For more information, contact Andrea Field (firstname.lastname@example.org) or visit our website at hayscompanies.com.
WARNING: This is a whimsical look at the difficulty of combining several agency rules with compliance under the ACA. If you have any questions regarding the compliance issues raised in this piece, contact your Hays Team representative and we can provide more detailed guidance.
If you have ever been to a state fair or an arcade, you’ve probably seen the “Whack-A-Mole” game If you haven’t, the goal is for the player to hit the heads of as many pesky moles as possible before they pop down into their hole in the box. But, each time you whack one mole with the foam mallet, another pops up somewhere else. Other than the obvious thrill of playing and winning, why is a Compliance Director writing about this game? And what does this have to do with the Affordable Care Act (ACA)?
It seems we have all been playing “Whack-An-ACA-Rule.” For example, let’s consider the rules related to nondiscriminatory wellness plans. Maybe you decide to reward employees who meet certain biometric standards, such as lowering blood pressure, by giving them a 30 percent discount on their full healthcare premium. If a single-only premium is $600, the employee contribution is set at $200, and the employee satisfies the entire wellness program criteria, he or she gets a premium contribution discount of $180 (30 percent of $600). That employee’s actual monthly contribution is now only $20 and they are healthier. Wow! But wait…the ACA steps in and says, not so fast — is this “affordable?” Of course, you say — it’s $20! But the ACA says affordability must be calculated based on the full non-discounted premium. So, you hit one mole on the head by encouraging potentially healthier outcomes but the next mole — affordability criteria — pops up right behind you.
So, how do we “hit” the next mole? Maybe we reduce the starting single contribution amount to ensure that it is “affordable” under the ACA. But then, for financial reasons, you have to reduce the size of the wellness reward. Doing so may impact the employee’s motivation to work at lowering his or her blood pressure, which contradicts the point of the wellness program and runs counter to the ACA’s goals.
Head spinning? Let’s keep playing.
Next, you implement a High Deductible Health Plan (HDHP) so that employees can establish health savings accounts (HSAs). You are careful to make sure the maximum out-of-pocket (OOP) limits do not exceed limits established by the HSA rules. The HSA maximum annual OOP limit for family coverage is $13,100, but you set the family deductible at $10,000. This means the plan will not pay for covered services until the family, either collectively or even just one member, has incurred $10,000 in deductible expense. So far, so good. But wait, the ACA steps in and says, not so fast — the single allowable OOP max for an individual in 2016 is $6,850. OOP includes deductibles, copayments, coinsurance, and any other OOP expense. Therefore, you need to “embed” a single deductible of no more than $6,850 for any single family member. That’s yet another mole popping up through the hole.
You thought you complied with the rules and you did — just not all of them, unfortunately.
Ultimately, you have designed your wellness plan to be a little less well but a little more affordable, and your HDHP now has an embedded deductible for family coverage. Next, add one more plan design roadblock: although the HSA rules only consider in-network cost for OOP maximums, the current guidance suggests the ACA will take into account all costs next year, including out-of-network, so you need to be ready for that mole.
There is one way to beat the game: enlist your friends to help! In the case of the ACA, your friends are your Hays Team and our Research and Compliance department. We can help you hit all the current moles and anticipate the ones that may be just about to pop up.
Although it is only spring, we now have official guidance on health savings account (HSA) and Affordable Care Act (ACA) limits for 2017 plan years. As before, these two requirements have different limits that will need to be addressed to ensure that a high deductible health plan complies with ACA requirements.
On April 27, 2016, the Internal Revenue Service (IRS) released Revenue Procedure 2016-28 showing updated annual limits for HSA contributions and high deductible health plan (HDHP) design requirements for 2017 as follows:
HDHP minimum annual deductibles:
1,300 for self-only coverage (unchanged from 2016)
2,600 for family coverage (unchanged from 2016)
Out of pocket maximums:
6,550 for self-only coverage (unchanged from 2016)
13,100 for family coverage (unchanged from 2016)
Maximum annual HSA contributions:
3,400 for self-only coverage ($50 increase from 2016)
6,750 for family coverage (no change from 2016)
On Feb. 29, 2016, the U.S. Health and Human Services (HHS), Treasury, and Labor Departments finalized rules addressing 2017 Benefit and Payment Parameters for essential health benefits impacting out-of-pocket maximums for non-grandfathered group health plans:
Annual out-of-pocket maximums for health plans (other than HDHPs with HSAs):
7,150 for individual coverage
14,300 for family coverage
In summary, a high deductible health plan with family deductibles that are higher than the ACA’s cost-sharing limit for self-only coverage must be designed to limit the maximum out-of-pocket limit to no more than $6,550 for any one individual. For example, an issuer can offer a family HDHP with a $10,000 family deductible, as long as it applies a maximum annual limitation on cost sharing of $6,850 to each individual in the plan, even if the family $10,000 deductible has not yet been satisfied. This standard does not conflict with IRS rules on HDHPs.
If you have any questions on how Hays Companies can help your business stay compliant with employee benefit laws and regulations please contact us.
Earlier this year, cyber terrorists launched a well-organized and highly effective attack that cut power to millions serviced by Ukrainian electricity distribution companies, the first verified and successful intrusion into a utility information technology (IT) network.
The sophisticated attack was launched through a well-planned campaign that sent fake emails containing a BlackEnergy-type computer virus to the Ukrainian utilities’ employees. Social engineering techniques such as “spoofing” real email addresses convinced the recipients that the email was legitimate and opened the malware file. The deployed virus and external programming let the hackers collect information on the structure of the utilities’ IT systems and identify programming resources and their methods for external access to utility IT infrastructure.
The cyber-attack consisted of five elements:
1) Infecting the networks via emails;
2) Assuming control of the administration of the automated system for dispatch/control that shuts off sub-stations;
3) Disabling IT infrastructure, including modems, switchboards, and uninterrupted power supply devices;
4) Destroying information on servers and at work stations; and
5) Attacking telephone numbers of utility call centers to deny service to customers experiencing an outage.
Utility companies around the world are now on higher alert that relatively low-tech but increasingly sophisticated email “spoofing” scams could take down a power grid.
There are other threats as well. Several Hays clients have documented receipt of fraudulent emails purporting to be from senior officers. The emails told recipients to transfer money to a bank account (controlled by perpetrators) and advised that the necessary documentation supporting the payment would be made later. So far, quick-thinking employees who questioned the request or deviation from proper procedure have thwarted these attempts.
In another case, which unfortunately may have been successful, a fake email supposedly from a company officer directed an employee in the utility’s HR department to send an electronic file with sensitive employee information. In this type of social engineering scam, emails with spoofed addresses said things such as:
“Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
“Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary)?”
“I want you to send me the list of W-2 copy of employees wage and tax statement for 2015. I need them in PDF file type, and you can send it as an attachment. Kindly prepare the lists and email them to me asap.”
It is clear by the manner in which these fake internal emails were written — they often imitated the writing style of individual officers — that the perpetrators had gained access to the utilities’ systems for quite some time prior to the events.
The key point for risk managers is to not only ensure these attacks can’t happen because incoming emails are scanned for the latest malware and viruses, but also to identify and educate employees whose responsibilities and IT access make them prime potential targets. By properly informing workers about the various methods used, how to spot a potential fake email, how to effectively confirm legitimate requests, and when to be suspicious about attachments that could contain IT-compromising viruses, utilities companies have a chance to stay a step ahead of clever cyber criminals.