7 Questions with Bob Marshburn: The Role of Tech in Risk Management

June 1, 2023

When it comes to managing risks, having the right technology in place can make or break a risk management strategy. Bob Marshburn – an experienced risk management professional with decades of experience has seen firsthand how technology has transformed the insurance industry and how crucial advanced solutions are for successful organizations. 

In this blog post, we’ll explore Marshburn’s insights on the important role of technology in growing businesses and mitigating threats. He’ll also provide advice for other risk managers looking to implement advanced technologies into their operations. 

How did you get started in insurance? What kept you motivated over the years and excited about this space? 

Mashburn: I got started in this industry by accident. I was developing a business that I had begun in high school and got to the point where I was looking for some insurance.

By 1978 I started my own brokerage for commercial insurance, and I saw the need for risk management to be coupled with insurance. Now back in 1978, that was a fairly revolutionary idea. Today everyone’s doing it, but in ‘78 I thought if we just prevented or avoided or controlled or reduced so many of these claims, the loss ratios would be so much better.

And so I started working really actively with risk management, with the underwriters of the companies I represented. I specialized in kind of the higher-risk industries, like construction and auto dealers, which were a terrible class of business back then. 

You’ve obviously seen the evolution of the industry play out over the years, do you see anywhere where technology shouldn’t play a role in risk management? Are there some areas where human touch and that personal feel are going to always produce the best result? Or do you think eventually technology will take over, you know, every aspect of the industry?


I wish I had a crystal ball and could effectively answer that, but my current opinion Is that there will always be a need for that human touch. Now I know what’s happening with AI. I’m very interested and excited about it with artificial intelligence. I think we’ve got a whole lot we can incorporate.

My experience with that so far has been that although it’s been amazing, sometimes it’s inaccurate. Sometimes there are facets and aspects and considerations that are not taken into the AI right aspect. 

Plus the fact that we’re dealing with humans and they want that element of trust. They want someone who, when they don’t know will say, ‘I don’t know but I’m sure going to find out’, or ‘I don’t know but here’s what the case law indicates on that, and this particular thing has not been tested.’ 

Where we are now, there’s absolutely no question about needing that human touch and that interface. And in fact, we are the ones that have to be sure to guide that. So that it’s done not just efficiently, but so it’s done accurately and correctly, with the human touch involved.

Looking back over the years, what would you say about the job the insurance industry has done in general in adopting technology? Are we adopting it at a rapid enough pace?


Historically, I believe the insurance industry has been very slow to adopt the technology but they’re doing a lot of very frenetic, catching up right now. 

When I teach, my classes are comprised of mostly underwriters and carriers. Imagine driving a vehicle without a windshield, they’re looking strictly in the rearview mirror. So imagine going down the road. Looking in the rearview mirror because they only wanna see what happened yesterday and last year and last month, right?

They’re not saying, oh, now if we change this proactively, here’s what will happen in
the future. And that I see starting to change, so I’m much more encouraged now with that. 

The industry is catching up with this explosion in technology that we’ve seen to where it’s now gotten to be a question of not, does it exist or can we use it, but it’s which specific one is the best one to use.

How are insurers changing the way that they handle third-party relationships? What are the risks that are presented by third-party relationships? 


I have not seen much emphasis from the carriers in that area, and they are overlooking a huge opportunity. Because every dollar that’s paid by those third parties is a dollar they don’t have to pay. 

There has not been nearly the emphasis in that area that there needs to be. If I were the head of an insurance carrier,  one of my first questions with every client would be ‘How do you verify third-party coverages, both for indemnity as well as insurance coverages?’

I think the industry is just beginning to really wake up to that once again with services such as Evident provides, and they’re finally saying, ‘Hey, this really is not just a dollar saved, but is an inordinately effective time saver.’ 

The efficiency of COI Management solutions is beyond compare because the things that we’ve done and developed manually that we can now do automatically, there’s no comparison between the two.

If insurers were going to react differently to third-party risk, or they were going to try to make sure third-party risk was mitigated. What would be the prime industries that they would target? Where is that risk, the greatest in your experience? 


In my experience, I cannot talk about this subject without talking about construction. Every business contracts for something. But when we say a contractor, what do we mean? We mean construction because they are just rife with contracts. And those contracts spell out very clearly the responsibilities of those parties. 

If someone is not using, an effective, automated verification system, they are missing the boat because there’s so much that can be done in order to be sure that the dollars are paid by the responsible party which is the contractor you’re hiring.

Because when a city hires a contractor and the contractor has an accident and creates liability, people don’t sue the contractor. They sue the city. And the city had better have in place not just requirements, but requirements that will trigger the coverage of that contractor. So that the coverage is there and it does not come out of their own pocket.

And if just take a step back and broaden the discussion from a technology point of view, where do you see the industry headed, and are there any trends that you think we’re all sleeping on? 


The trend of many insurance companies is to offer nowadays what are called restricted coverage policies. In other words, they’re finding ways, more ways to not pay claims if they can do so on the basis of an endorsement or the wording within the policy.

In fact, even with ISO, the standard in the industry for general liability, we’ve seen a diminution. In the coverage of the additional insured endorsements. And most people have no idea about some of the recent changes and the dangers they present of not having coverage. 

I think that more and more people are going to have to use automation services such as we were doing to combat these restricted coverage policies that are being used more and more by many of the carriers.

I have found that the overwhelming majority of what I do is where there’s expected coverage but they either didn’t or they didn’t do it right. 

That’s why it is important to make it absolutely clear in the contractual requirements what those things are so that then the insurance can handle it rather than it getting tied up in litigation. 

How would you approach contractual risk management in 2023? What is the gold standard approach? 


Number one is to utilize these tech tools like coverage verification. 

Utilize the automated systems that we’ve been describing. Now, you need to understand and verify the coverages available. But in addition to that, you also need to understand and optimize the contract requirements. 

The certificates of insurance really provide a lot of necessary information but because of these restricted coverage policies that I’ve referenced, they’re being used by more and more carriers. Especially you need to be very sure that they are accurate.

Because so many of these policies now in order to trigger or to activate coverage, they require that the contract require it. 

And if you don’t specifically require the coverage they have that you may need, guess what? If it was not required in the contract, even though the contractor has the coverage, yes, it will not trigger the coverage so that it actually ends up paying a claim. Now, a lot of people don’t know that, right?

Many of the blanket additional insureds will not pay a dime because they don’t have what’s called contract privity. What it means is most of the additional insured forms on these automatic forms, even with ISO, say that their contract for these requirements has to be with you.

For example, an owner who hires a general contractor who then hires subcontractors. All the subcontractors say you’re an additional insured. Guess what? They’re not because all these subs don’t have a contract with the owner. 

Zooming out nationally with regard to the coverage with ISO on a lot of the standardization and so forth, but the complexity of the indemnification is much more difficult.

For instance, in each state, certain types of indemnification are allowed. Anywhere, from relatively modest indemnification to very broad. And what you do is you match that in your contract to whatever your specific state requirements allow, and then you make sure that the insurance carrier has effective contractual liability coverage.

Because there are so many things they can do to diminish or even exclude or dramatically reduce that contractual liability coverage. 

For example, the contractor says, I’ll indemnify you.

His insurance company says, “Oh, we’ll insure you for the indemnification.” And then they take away parts of the indemnification that are common to contracts. So you’ve got to work your way through all of those kinds of specific complex details in order to be sure that you’re up to snuff.  

You can read more examples of this here at Automated Insurance Verification.

At a very practical level, for somebody who’s reviewing COIs on a daily basis, what advice would you give them? 


Understand all of the coverages involved. In other words, don’t rely just on automation but understand the coverage.

When you say which additional insured endorsement you want. You’ve got to click the correct one, you have to know what that is and you have got to understand contractual liability and contractual liability coverage.

Although the COIs provide a lot of the necessary information, you’ve still got to do your own due diligence. The verification you’re doing using automation tools we have, that it’s based upon a solid, explicit, unequivocal contract basis that is, in fact, going to trigger and activate the coverages that are actually there.

Bob Marshburn’s advice is invaluable when it comes to using technology to make risk management programs as effective as possible. Instead of merely talking about the importance of tech, he dug into best practices for leveraging it and shared his insights on implementation. 

There’s no question that good quality tools are needed to optimize risk – something
businesses simply can’t ignore.  

Moreover, intelligent use of data may help predict future potential problems and create strategies for tackling them in a timely manner. Therefore, investments in technology-based risk management solutions will pay off in the end by providing organizations with greater security and greater efficiency.


News and Resources

Ready to reduce your third-party risk with automated Insurance Verification and Fulfillment?