How will the French labour code be affected by the changes made by president Macron?

New scale for payouts by arbitration regarding unfair dismissals, increase in legal redundancy pay, changes to procedure for challenging termination of contract, etc. President Macron’s orders crystallise debate between businesses and workers. They are likely to make significant changes to the practices of business owners, managers and the regulated professions responsible for implementing these procedures.

President Macron’s orders concerning changes to the French labour code came into force on September 23, 2017. The five decrees organise a general overhaul of labour law, the watchwords being simplification and flexibility. Here we review the measures presented in this reform’s key text, Order no. 3 relative to the foreseeability and security of the employment relationship.


Compensation settlements by arbitration in cases of unfair dismissal to be regulated

In cases of wrongful or unfair dismissal, a compensation scale with both a minimum and a maximum has been determined for settlements arrived at by arbitration. The scale is based on how long the employee has worked for the company and, for employees with up to 10 years’ service, the size of the company. The minimum amount to be awarded is between 15 days’ and 3 months’ gross salary and the maximum amount is between 1 and 20 months.

The amount of redundancy pay has been revised

The decree reduces the minimum length of service that an employee on a permanent contract must have spent at the company to 8 months (as against 12 months previously), in order for the employee to receive a redundancy payment.

Relaxation of regulations concerning reasons for dismissal

Employees can be informed of their dismissal via a standard letter and the reasons given can be specified at a later date by the employer or the employee. The dispute will therefore be clarified in this second letter. Lastly, should the procedure not be carried out in due form, the judge may grant the employee compensation (maximum 1 month’s gross salary), but such cases shall no longer result in annulment of the procedure.

Procedure for challenging termination of contract changed

Employees wishing to dispute the termination of their contract will now only have 12 months to do so, compared with the 24 months allowed previously.


How does this affect the regulated professions concerned?

These measures, which change how employers must proceed with regard to terminating an employment contract, also concern the regulated professions responsible for implementing the procedures (accountants, lawyers, legal administrators, etc.). The introduction of these measures may reduce the number of claims filed and therefore the number of appeal procedures:

  • The legal time limit for challenging a termination of contract has fallen from 24 months to 12;
  • Employers now have the option of specifying the reasons for the dismissal in a second letter, following a meeting with the employee concerned.

Moreover, the introduction of a ceiling for payouts in cases of unfair dismissal means that it will now be possible to calculate the amount of the maximum risk, which has been set at between 1 and 20 months’ gross salary, instead of a sum that could previously have been anything up to €310,000.

President Macron’s orders have started a broad reworking of the Labour Code, with changes likely to mean a reduced risk and fewer claims for the regulated professions concerned.


Marie LEYENDECKER, Finance Loss Adjuster

Find more about her specialty line

Magnus: when the art world meets Big Data

Described by the media as a Shazam for Art, the Magnus app lets you find out about a work’s origins and history just from an ordinary photograph. A revolution in the art world and new insurance risks in the offing…Here we check out Magnus, an app with two sides.


A unique database for the art world

From the moment you enter the world of Magnus, the website gets straight to the point: “Our mission is to democratize access to the art world”. Young German entrepreneur Magnus Resch set himself this ambitious target when he created and developed his Magnus app.

Before the app could be launched, he had to undertake the monumental task of collecting data from galleries and auction rooms – as well as through Wikipedia-style collaborative efforts.

The resulting database means that all users have to do is access the app and take a photo of a work they are admiring in a museum or art gallery. That’s when the magic happens: moments later, various items of information are displayed, including:

  • Title of the work
  • Name of the artist
  • Its history

And what’s even better is that it also provides the latest prices achieved by similar works at auction and whether they can be found in nearby galleries, as the way Magnus operates is partly based on geolocation as well as collaboration.


Source of information – or source of risk?

When we conduct investigations, particularly with respect to specie objects, we have to assess, compare and calculate the value of the pieces in question. The database offered by this application could be extremely useful in such cases, helping us to find pieces of the puzzle directly and thus saving us much precious time.

However, despite the apparent usefulness of being able to access such information at the press of a button, there are a number of problems. Magnus only provides data on contemporary art – currently art that is in New York, soon to be followed by art in London and Berlin. Over the past decade, the contemporary art market has seen constant growth – but no-one knows when this speculative bubble is going to either reach its limit – or burst. Knowing the excesses of this market, what kind of success can such a significant database about it have?

There are a number of possible answers, but all of them are primarily to do with the app’s two main functions, i.e. collaboration and geolocation.

How can such a huge volume of data be checked when anyone can add to it? There is a far from negligible risk that information about works acquired by private collectors might become public knowledge.

This would have numerous consequences. When combined with geolocation, information such as this, about a work that is in the possession of a private individual, could prove to be tempting and make theft easier to accomplish.

With this in mind, insurers will have to rethink their position and offer new cover to reduce such risks, whilst legislators will have to determine what controls can be introduced and what recourse there may be against the publishers of these new applications and their contributors.

There are two sides to Magnus. One is a tool for loss adjusters, an extra database to consult; the other is a source of risk. Either way, loss adjusters will have to get to know these new tools, both to supplement their expertise and to guard against the risks they engender.


Camille BONNET & Diane MACCURY, Specie Loss Adjusters

Find out more about their specialty line

How Cyber Threat Intelligence can help very small businesses and SMEs

Cybersecurity has become a crucial issue for businesses. Is Cyber Threat Intelligence, which consists of studying and monitoring cyber threats, the solution to help very small businesses and SMEs protect themselves from attack? Here we take a close look at a service with which many very small businesses and SMEs are as yet unfamiliar.


What is Cyber Threat Intelligence?

There are three main types of cyber threat, which are all differently motivated but may all target every type of organisation: hacktivists, acting to further a cause, cybercriminals, acting purely for financial gain, and state sponsored groups, whose purpose is espionage.

Cyber Threat Intelligence (CTI) is an activity with the twin purpose of studying and monitoring cyber threats. It also makes it possible to detect mechanisms that might be open to attack and thus reduce associated cyber risks. The approach used by companies involved in cyber security is based on analysing attacks that have already taken place, with the aim of identifying them by means of technical markers (malware signatures, IP addresses, malicious domain names, etc.). Defenders aim to use such technical markers to guard against and block any new attempts at such campaigns.

Cyber Threat Intelligence is a long-term service – usually rendered via extremely expensive annual or monthly subscriptions – intended for organisations that have very wide exposure and a certain level of maturity in terms of cyber security. Moreover, integrating and processing the flows within information systems requires specific infrastructure and special teams (e.g. Security Operations Centre, or SOC).


INQUEST: a CTI service for businesses 

CTI is a little known range of services on the very small businesses and SMEs market. Yet such organisations are a perfect target for cyber threats because they have a small or even non-existent defence perimeter, making them an easy target for attackers. Increasing numbers of very small businesses and SMEs are being affected by attacks causing visible damage, particularly in terms of files being encrypted by ransomware or fraudulent bank transfers when a CEO’s account has been hacked. Remember, however, that the majority of SPAM campaigns that include a malicious attachment cause damage that is not seen by the victims, but that does just as much harm: theft of personal information or bank details or espionage whereby strategic or confidential documents are accessed.


The life cycle of a cyber attack always begins with a target reconnaissance phase: the attacker seeks to determine the weaknesses and types of trigger that will enable the malicious action to be performed. CTI responsibility could be given to the IT manager of a very small business or SME, but such a role requires very specific resources, particularly in terms of time commitment and skills. However, it is possible for the identification and management of cyber threat risk to be outsourced to specialist service-providers. INQUEST, a subsidiary of GM Consultant specialising in Risk Management, has developed an offer of services for very small businesses and SMEs that includes regular assessments of the amount of exposure created by their various action plans, monitoring of their online reputation on social networks, domain name surveillance, plus support and guidance for staff in the form of workshops to increase their awareness of cyber risks.

Adrien PETIT, Cyber Security Development Manager at INQUEST

Vehicle fires: investigating the causes and circumstances

There are many possible causes of vehicles fires and their investigation requires solid technical expertise. But before addressing the origin of the fire, it is important to understand the architecture of the vehicle and to be able to reflect upon the composition and role of the burnt materials.

Flammable materials and fluids are naturally present in vehicles and other motorised machines. These elements coexist in a confined space alongside many different forms of energy: heat, mechanical, electrical, hydraulic and pneumatic. It’s unsurprising therefore that vehicles are highly susceptible to catching fire. By investigating the origin of a fire, those involved in the management of a claim can ascertain their position with regards to liabilities and warranties. So how can we determine the source of a fire?


Useful and scientific investigative methods

While investigative methods are numerous and sometimes controversial, investigations into the causes and circumstances of an outbreak of fire do not result from a fascination with American TV shows or an occult science to which only the brotherhood of fire loss adjusters holds the secret. They require an initial analysis of the conditions and environment in which the fire began (reported circumstances, location, weather conditions, etc.), the areas and extent of the damage, the melting temperatures, as well as the self-ignition and even pyrolysis of materials in order to then identify the oxidising and combustible energies that are naturally and abnormally present in the areas concerned.

Once this work is complete, the investigation will either determine the origin of the fire or give rise to a limited number of hypotheses. Sometimes, however, despite a thorough investigation, the cause of the fire can remain undetermined for various reasons: limited investigative resources, disappearance of evidence during the handling or storage phases, destruction of clues by the flames, etc. However, even in a case such as this, an investigation can be useful in ensuring that certain theories do not become wild allegations.


Understanding the composition of the vehicle, its service and maintenance history and the methods for investigating the causes and circumstances of the fire

As you can see, carrying out these kinds of investigations requires sound knowledge of the composition of the vehicle to be able to correctly interpret the damage caused and fully understand the kinematics of the fire. It is also essential to have expert knowledge of the methods and practices of the aftermarket industry in order to study a possible causal link between the incident and previous service and maintenance interventions on the vehicle.


Mobilising loss adjusters with different expertise

For several years, loss adjusters from the GM Consultant Group have provided clients with the expertise of a countrywide and cross-border team specialised in investigating the causes and circumstances of vehicle fires (in their various forms). Experience has taught us that the study of each fire is unique and sometimes requires the mobilisation of several loss adjusters from different specialist departments to facilitate the management of cases.

In general, you can rest assured that the chances of seeing your favourite car go up in smoke are pretty slim, as vehicle fires are still relatively rare. However, they can sometimes have serious consequences, particularly if they spread to storage or business premises.

A little advice in passing to avoid causing a fire: even if the summer, which was particularly catastrophic in terms of forest fires, is a distant memory, next time you take a drive into the countryside avoid parking on top of tall, dry grass if your car is fitted with a diesel particulate filter.


Bertrand BOIRON, Fire risk loss adjuster

Find more about his specialty line.

Cyber vulnerability of drones: a windfall or a threat?

Since the advent of civil drones, the question about risks related to their use is regularly debated in the public space: collision risk with aircrafts, aerial flyover of forbidden sites, potential terrorist acts and, without forgetting, the hacking risk… In this context, the current lack of security of drones is it a source of danger or, on the contrary, the last defense against malicious use?

Mastering a flying drone, as well as the safeguarding of data collected, thus represent essential major issues for the development of this technology. It is on the basis of this observation that, very early, the actors of the market started thinking about the drones hacking issue.

Better understanding drones hacking

An operating drone receives and emits different signals needed for its flight. These wireless communication channels are not protected, so drones are as vulnerable to hacking risks as any connected electronic device.

The reason of this security defect is quite simple: implementing protection systems would increase manufacturing costs, while reducing the autonomy in flight of the device. One of main concerns in terms of drones engineering is the optimisation of the flight-time autonomy ratio (power/weight/consumption). So, we better understand why the current-generation drones remain sensitive to the following hackings:

  • Rising signals (received by a drone: radio command signal, GPS signal, etc.) can be affected by lure signals. These signals, of identical characteristics but of higher power, have the effect of “recovering” the weakest signal. This method is the most worrying on a public security level, because it would potentially allow an ill-intentioned person to displace the signal of a radio command and to take control of the flying drone. In the same way, it is possible to distort GPS information received by the drone, that will then modify its path.
  • Downlink signals (emitted by the drone: video retransmission, flight information, etc.) involve a risk of interception or alteration of transmitted data. Actually,  video feedback is generally transmitted on non-secured radio waves. So, each receiver correctly configured and close enough to the emission point can receive data, without being perceptible to, or localisable by, the user.


A real danger or a security guarantee?

In the framework of the technical and legal evolution of the drone industry, it could seem appropriate to incite manufacturers to find a solution to these vulnerabilities in order to reinforce security. However, does the civil society really want completely secure drones to fly everywhere?

Of course, the hacking risk is real. Still, it remains anecdotal to this day.

Conversely, flyover of forbidden sites or grouping of people, industrial or sensitive site espionage, banned cargo transportation (borders, prisons, etc.), terrorist risks (to date, at least two terrorist attacks that planned to use drones have been thwarted: in 2011 in Boston and in 2013 in Germany), are real risks and experiencing a sharp increase.

So, the race to  develop interception equipment is in full swing. Securing airspaces has become a national security issue and interception technologies by interference are among the most valued themes.

As each country has its own regulations on this matter, what will be the position of French institutions? Protecting hundreds of thousands of drones against a possible hacking risk, even if limited, or keeping some vulnerabilities allowing control to be retaken in case of fraudulent access to certain flying zones? Some answers will have to be given quickly in order to determine a precise legal framework.


Guilhem MARTIN-RAGET, Information Technology Loss Adjuster

Hackers assault film industry

The film industry has just seen a turning point in the history of film hacking with the theft of 1.5 tons of data from  HBO channel-the producer and broadcaster of the cult series “Game of Thrones”. Until  this day, we only knew of stolen copies that were released on the Internet. The time has come when hackers directly attack studio servers. How to prevent cyber risk in the film industry?

The film industry, object of desire, has known about the problem of hacking for a long time. Very often, it was enough to look for a human mistake in the post-production chain to trace back to the source. In 2007, our firm was entrusted with a case involving an American blockbuster pirated three weeks before its release. One of its copies, for festivals and for the classification commission, had been borrowed by an employee of the studio, who, in turn, had lent it to his son. A family history that resulted in a loss of 80 million dollars for the studio.

There are efficient ways to go back to the source of these leaks. The invisible “tattoo” system called digital watermark, identifies each single copy. In case of theft, a database allows the file at the origin of the pirated disclosure to be found. Even if it does not prevent theft, this system allows for the identification of the possessors of the copy at the origin of the hacking. One of the advantages, and not the very least, of this system is the empowerment of all actors of  production chain, from one end to the other.


Several million dollars for “Game of Thrones” series

The case about the hacking of HBO is a symbol of new risks in the audiovisual production and the management of this type of loss needs new skills in audiovisual and management of cyber risk. Hackers that hacked the servers of the chain are supposed to have stolen not yet released episodes of  Season 7 of “Game of Thrones” as well as episodes of the series “Ballers”, “ Insecure”, “Room 104” and “Barry”. Scripts, and  a great amount of the company’s confidential data,  were also stolen. After the release of  episode 4 of  season 7, hackers asked for a ransom of several million dollars in bitcoins.

Back to 2014, Sony Picture Entertainment was the victim of  massive data hacking threatening to release several films on the internet. This phenomenon could spread if the sector does not realise the importance of preventing and reacting efficiently to attacks. To react to the threat, the loss adjuster has to evaluate damages, estimate the loss while investigating the hacking. Our Art and Media and NITC loss adjusters work together to carry out the most precise and operational analysis in case of theft of audiovisual files. They are able to estimate the amount of the losses thanks to measuring tools. The future of the art and film industry and the whole economic development of our companies are at stake…


Fabien CHERMETTE, Senior Art & Media Loss Adjuster

Guillaume PARENT, Art & Media Loss Adjuster

The countdown is launched: GDPR

Co-signed by Maître BREBAN – Lawyer Associate of NEXO AVOCATS

On 25th May 2018, the General Data Protection Regulation (GDPR) will enter into force in the European Union. The date is close and companies have little time to get ready. Here is a synopsis of the wide and constraining field of application for actors in the processing* of personal data**.

Adopted by the European Parliament on 16th April, the definitions of the legal text (see the box below) give us a glimpse of the wide range of the actors concerned by its entry into force. And the measures to be taken are quite relevant. Because, if the GDPR is going to develop the rights given to people whose data was collected, this reinforcement also represents many constraints for companies and administrations, be they technical, contractual or organisational.

*Processing: any operation or any set of operations done or not with automated processes and applied to personal data or set of data, as collection, recording, organisation, structuring, conservation, adaptation or modification, extraction, consulting, use, communication by transmission, diffusion or any other form of provision, rapprochement or interconnection, limitation, deletion or destruction.

**Personal data: any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

On the technical aspect, the main constraint set by the GDPR is the incitement to “pseudonymize” the personal data collected. It is an operation of reversible anonymization, through the use of a pseudonym (or the conservation of data in a format that does not allow its direct identification) instead of the real identity, allowing data confidentiality to be kept in case of intrusion and/or data theft.

A constraining framework for  data processing

On an organisational level, the roll-out of the GDPR has wider consequences. The organisation that collects personal data has to obtain, from the person involved, a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her. This consent should be given through a clear affirmative act. In case of dispute, the burden of proof lies with the company. Therefore, no more pre-ticked boxes. In case the process of data processing is changed, the operator must evaluate the risk and analyse the impact of this action on the rights and freedoms of the natural persons involved. A log of all data processing must be kept by the company. The organisation is liable of ensuring that its subcontractors (emailing companies, payroll management, etc.) are also compliant with the GDPR.

This obligation binds the organisation who collects data to:

  • List the kind of processing operations (we remind you that  simple data consulting is  data processing regarding the GDPR);
  • Specify the categories of personal data processed;
  • Describe the scope and the purposes of processing operations;
  • List the internal and external players in charge of data processing;
  • Detail the data flow (origin and destination) in order to identify potential data transfers outside the European Union.


A new role: Data Protection Officer 

Some organisations in charge of processing operations have the obligation to appoint a Data Protection Officer (DPO). They are:

  • Authorities and public organisations;
  • Organisations in charge of processing operations where core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale;
  • Organisations in charge of “particular” processing operations (racial origin, race, political opinion, religious belief, biometric data, etc.)

The DPO will then be entrusted with counsel and control missions with the head processor and his/her subcontractor, as well as with cooperation with the control authority. He/she will enjoy a status of protected personnel.


New playing rules and sanctions

The obligation of notification, stated in  Article 34, is in case of a personal data breach, obliged to inform the natural person, provided this breach can “potentially generate a serious risk to rights and freedoms”.

There are exclusion conditions to this information obligation, and of course, the concept of serious risk remains submitted to evaluation.  But in case this information obligation must be carried out, a technical challenge has to be tackled by the person in charge of processing: the capacity to identify the list of natural people concerned in his/her own database. Otherwise, he/she will have to make a public announcement, that will then increasingly encumber his/her image.

According to violations observed at the GDPR, the sanctions will naturally be different. In order to draw  minimum attention to its good application, it will be enough to recall the terms of Article 84, that provides for a fine amounting up to €20 000 000  or 4 % of the total global annual turnover of the prior year, with the highest amount being considered. This fine relates to the non-observance of the basic principles of a processing operation (Articles 5, 6, 7 and 9 of the GDPR).


Anticipating, by following some recommendations

From  May 25, 2018, a major project will result from the mandatory application of the GDPR. Contrary to the obtainment of the old “stamp” released by the CNIL, companies will have to provide the proof that they are compliant with regulations.

Companies, must therefore:

  • Increase awareness among their GDPR staff about data protection;
  • Review their agreement with third-party service providers (sub-contractors inside the GDPR, data hosting providers, cloud computing solutions providers…);
  • Identify their processing operations and databases and ensure their protection,
  • Keep a processing record;
  • Designate, if appropriate, a DPO;
  • Design IT systems ensuring data safety and allowing, in time, the certification of compliance with the GDPR.

And if new financial consequences encumber  the company and administration because of the non-compliance with regulations, other risks may rise.  Individuals will have the possibility to engage collective proceedings. The person in charge of treatment has the obligation to check his/her own and his/her subcontractors’ conformity. Henceforth, there is the question of the review of contractual relationships and professional liability.


Maître Yann BREBAN, Partner Lawyer, NEXO AVOCATS

Olivier GEVAUDAN, Information Technology Loss Adjuster

The concern about mobile payments security

We use mobile payments more and more every day. The key of success of this new payment method lies in the ease of use of this new technology but it leaves some doubt about new threats, at the border between fraud and cyber risk.

Credit cards are undeniably the preferred payment method of French people. The latest study released in November 2016 about this subject by Harris Interactive confirms it: 98 % of people interviewed use their credit card daily, while only 6 % use smartphone payment.

However, the advent of means related to high-potential new technologies and, in particular, the development of  NFC technology (Near Field Communication), based on the RFID (radio frequency identification) can make a difference. The success of contactless payment by credit card does not contradict this and may even accelerate the end of an era atmosphere that reigns in the payment methods field.


Easy to use and relative safety…

Contactless payment by smartphone actually has many advantages for shopkeepers and customers: payment guarantee, free bank transfers and cost reduction for shopkeepers who do not need a credit card terminal.

Contactless payment through smartphones can be safer because the mobile application used for payment (for example, Apple Pay, Lyf Pay or even Easy Transac) offers the opportunity to master the activation of the NFC function on demand, which limits fraudulent uses.


What prevents fraud?

Contactless mobile payment, even if it has a brilliant future ahead, has a serious weakness. Like any connected equipment, smartphones are sensitive targets to attacks, viruses, trojan horses, malwares. Besides, NFC technology is not yet mature.

“Sniffers” are a new generation of pickpockets via contactless technology. Due to simple physical proximity (ideally in a crowded metro train) and an appropriate terminal, they “sniff” your credit card data and, without your knowing, withdraw around 20 euros. It is the same for mobiles, except that fraud mainly concerns data theft. NFC technology can allow fraudsters to obtain any type of information contained in a smartphone: contacts, SMS, emails, login information and passwords, and localisation information, among others.

Market players are already anticipating a progression in bank frauds through the generalisation of mobile payment.


What about liabilities?

In terms of bank fraud, consumers are protected. They have 13 months to contest any unauthorised transactions and to be refunded by their bank. The question still remains as to liabilities at the end when fraudsters cannot be identified. The bank will take its part of the risk – in collaboration with the insurer – but what about the liability of the application developer, of the smartphone manufacturer and of their insurers?

For massive frauds, the question about software and hardware weaknesses will have to be thoroughly analysed in order to determine liabilities as accurately as possible.

Mobile payment has become a subject at the crossroads of fraud and cyber risk, demanding knowledge on both subjects, both at the insurance and loss adjustment level.

Laurent MICHEL, Finance & Services Loss Adjuster

Photovoltaic installations: the risk of lightning striking is not inevitable

Multiplication of photovoltaic installations in stormy weather regions, will provoke more and more damages from lightning. Damages can be estimated at several hundred euros; it is therefore crucial to apply security rules and study the risks before the development of a project.


The development of photovoltaic energy

For a few years, given the strong decrease of regulated pricing of photovoltaic energy, stakeholders of the branch oriented themselves towards projects of big dimensions installations in order to save considerable money and to meet the criteria of public procurements. Great ground Photovoltaic Installations, whose nominal power reaches several hundreds of MWc (Méga Watts peak), were created and continue to be produced and installed, in particular in the sunny southern areas.

In the South, storms are frequent and often violent. Average lightning strike density in South of France, in Corsica and in Italy, for example, exceeds 4 lightning strikes per km² per year. This phenomenon was stronger during the summer.

By the way, photovoltaic installations are often built in peaks, to take advantage of better sunning and everybody knows that lightning strikes culminating points in priority! Finally, in uneven and rocky terrain of most of these regions, the ground is particularly resistive, so the risk of overvoltage rises and potential differences increase between two close points.


What are the effects of lightning?

A lightning strike, or cloud-to-ground lightning, is the electrical shock that happens between the cumulonimbus and the ground. This shock generates a very strong electric power, of several tens of thousands ampere. When a lightning reaches the ground, it can not only directly provoke damages by heating effect but can be at the origin of phenomena that may be devastating. Around the impact point, an electrical field develops in the ground. A few tens of meters from the point of impact, this field can create a potential difference of several thousand volts between two points at one meter distance. The lightning is also accompanied by an electromagnetic radiation, that can provoke strong power in the conductors.

The lightning is therefore at the origin of several electrical and electromagnetic phenomena, that can create different kinds of damages.

How to hedge against a risk?

First of all, we need to remind that there is no system allowing to totally master the risk related to lightning. However, there are solutions to considerably reduce this risk. The best action consists in conducting a specific study in each installation, based on the CEI EN 62305 standard.


  • Grant a good equipotential bonding

The terrestrial network must be designed to ensure a perfect equipotential between metallic masses (supporting structures, photovoltaic modules framework, …), in order to avoid the presence of potential difference between several pieces of equipment of the installation.

If it is discontinued, it will have a reverse effect than the expected: it will allow a potential rise since the ground until the equipment, that will discharge in the networks of the plant.

It is therefore crucial to endure a good equipotential bonding, through suitable connecting and wiring systems, in accordance to the standard C15-100 and the specific application guide to photovoltaic UTE C15-712-1.


  • Avoid communication networks of type bus (ethernet, profibus, …) in the field.

Most plants are equipped with a security system (alarm, peripheral protection, surveillance cameras). Some have secondary boxes (direct current junction boxes) equipped with a monitoring system allowing to check the production of each string (series) of photovoltaic modules. Tracker plants (optimization systems of the production through follow up of the course of the sun) are equipped with an additional network for the command and the fueling of electrical engines.

Bus type networks (low tension communication) are very frequently stricken by lightning, generating damages on an equipment that has the feature of being sensitive to overloads and expensive (electronic cards, measurement systems, cameras, automatons…).

We need then to avoid to use this protocol of communication and prefer the optical fiber or Wi-Fi networks.


  • Install lightning arresters DC, AC, com

Lightning arresters, or overvoltage arresters, is an equipment allowing to deviate energy of an overload to the ground. They allow to efficiently protect most equipment, be they connected to the power network, on the command network or on the communication networks.

The choice of lightning arresters and their installation must however strictly observe the rules, clarified by the guide UTE C15-443.


  • Avoid induction loops

The tension originated by the electromagnetic field of the lightning depends mostly from three parameters: surface comprised between conductors, variation and intensity of the magnetic field.

For example, at 10 meters from the point of impact of a lightning, the tension can rise to several tens of thousands of volts in the cables creating a loop of 20 to 30 m².

Modules, terrestrial and communication networks wiring must therefore be designed to reduce at most the presence of loops: cables must advance together (see the guide UTE C15-712-1).

This prevention measure can have a high cost (considerable length of cables), and that can push entrepreneurs to turn a blind eye on this precaution, that is vital to ensure a good protection of photovoltaic modules.

However, some constructors were able to prove their inventiveness and find satisfactory technic-economic agreements, by just placing modules in a way to respect this rule while reducing the length of cables.


To sum up…

In the summer, photovoltaic plants on the ground are frequently striken by lightning, and most of all their effects. Damages provoked by a single lightning can amount to hundreds of thousands of euros when overloads propagate in the modules, UPS and security equipment.

Basic rules must be observed from the design of the plant in order to reduce the risks at most. We can only advise developers to realize a specific survey that will allow to adapt the means of prevention while reducing their implementation costs.


Emmanuel PINOT, Renewable Energy Loss Adjuster

Jewellers’ Block Pre-risk assessment

Nowadays, the pre-risk surveyor’s expertise has to overstep frontiers to be able to operate in different countries. A proper risk assessment of the location insured is the key to prevent, limit or even avoid the outcome of thefts and robberies.

In the recent past, very large heists in the jewellery arena have been carried out, especially in Europe. A few samples are reported at the bottom of this article, but others were in any case significant, like the theft occurred in London, at Hatton Garden, on April 2015 or like the one occurred on the 23rd of May 2017 to Buccellati in Paris, while writing this article.

Either we talk of thefts or robberies, we may divide these crimes in two categories: the ones, which could be avoided with a proper risk assessment/management, and the ones for which a proper risk assessment/management could not be sufficient to prevent the crime, but could have potentially limited the amount stolen.

It may seem a pretentious statement to say, especially after the occurrence of a crime, that it could be avoided with a proper risk assessment and management. But the evaluation of the level of risk of a specific location, that could be either a jewellery shop, a manufacturing site, a jewellery exhibition or else, is what specifically distinguish our Specie work. It is done thanks to the expertise gained in over two decades of pre-risk assessment and loss handling of thousands of cases in this specific arena, in Europe, Asia and USA.

We do think surely possible to prevent a single robber from stealing more than a hundred million worth of jewellery from an exhibition site. But the location has to be adequately secured. As a result of what appears to be a poor risk assessment/management of the event, the crime described above is what happened to the Lev Avnerovich Leviev jewellery collection, displayed in a Hotel in Cannes in 2013. And amazingly, the lone robber could take possession of the values and flee away in only 58 seconds!

A more careful statement should be made concerning crimes organised with the involvement of people working inside the insured’s location (infidelity). The case of the Henry Winston heist in Paris in December 2008 is emblematic. Mr Mouloud Djennad, who provided insider information, was a security guard working at the store. He also let the criminals entering the shop to carry out the robbery. Difficult to challenge this crime, but probably possible to structure panic passive devices to send an alarm during the robbery, if this kind of devices would have been managed in a very reserved manner and not disclosed to all the people working in the shop.

As a matter of fact, a proper risk management involving an in-depth analysis of the local crimes history, the evaluation of the premises and of the passive and active security in place, compared to the sums at risk, must originate a clear picture of the risk and of any potential exposure to thefts or robberies. When this is ascertained, effective security measures have to be recommended to protect the people working in the location, as well as the values themselves. Alternative possible solutions can be found, explained and discussed with the insured, in order to properly secure the risk. We learned that a full explanation of the risk exposure make it easier to obtain the insured’s agreement to implement the existing security, when not adequate. And more than one solution to secure the risk (when possible) can provide the insured with the opportunity to choose the one that suits him, without being obliged to simply follow the surveyor’s way.

The pre-risk assessment of the risk cannot exclude the knowledge of the local resources made available to secure the risk. In fact, depending on the country in which the risk is based and on the rules and regulations in force, it would be possible to implement specific alarm transmission devices (more or less technologically effective), or use security companies with armed or unarmed guards, or simply rely on the police intervention where armed guards are not available/allowed.

Europe is substantially different from the Far East or the USA. But even remaining within Europe, we can find substantial differences on the instruments and structures available to manage the security of a risk.

It is therefore part of the pre-risk surveyor’s expertise, the knowledge of the peculiar aspects of any country in which he operates.

The opportunity to be part of GM Consultant with offices in Europe, Far East, North, Central and South America, make it possible to collect expertise on each of the countries involved, to improve the level of service offered and to structure a high level security based on the effective resources of each country.


Riccardo GRELLA, Italy Director, Head of Specie

Diane MACCURY, Specie Loss Adjuster


Henry Winston – Paris, December 2008

Armed men in wigs pull off £70m robbery at top Paris jewellery store – Harry Winston

Graff jewellers, London – £40m, August 2009

Wearing make-up and suits to pose as legitimate customers, the gang carries out Britain’s biggest jewellery raid in just two minutes

Diarsa, Madrid – £19.5m, December 2012

The gang – whose ringleader was known as The Troll – use laser equipment to break into a distribution centre where they crack open safes and scoop up more than 1,700 luxury watches.

Cannes Film Festival – £2m, May 2013

Thieves make off with a £1.7m necklace during a celebrity party attended by the likes of Sharon Stone and Paris Hilton.

A week earlier, £660,000 of Chopard jewels had also been stolen when a hotel room safe was ripped from the room.

Carlton Hotel, Cannes – £88m, July 2013

A lone gunman enters the hotel in the luxury French resort in broad daylight and less than a minute later escapes on foot with a suitcase full of jewels that were on show in a private hotel salon,  which was poorly guarded, the two guards having no weapons.

Henry Winston, Cannes – £ 13 million, January 2017

Thief nabs €15 million of jewellery in Cannes robbery – A robber who posed as a customer stole €15 million ($16 million) worth of jewellery from a shop in the French riviera of Cannes