Medical Risk Managers
About Us
History of Medical Risk Managers
Longevity…. Since 1984, MRM has profitably underwritten over $ 4 Billion of Stop Loss premium. MRM’s proven stability, track record and commitment to staying ahead of the curve is the reason BUCAs trust MRM to underwrite and place business on their paper. Our clients benefit from some of the most dynamic stop loss talent in the industry. Our underwriting, clinical and actuarial teams are made up of seasoned professionals and talented new graduates that work together to underwrite stop loss risk better than any firm in the country.
- MRM founded as part of DW VanDyke and Company
- Mike McLean and Bette Sisti join MRM
- $1M in annualized premium
- Surpassed $1B in historical premium underwritten
- Increase in BUCA private label clients
- Bette Sisti named president of SIIA
- Mike McLean named chairman of MRM
- Rapid growth (from $23M to over $100M by 2007)
- Expansion into regional and provider owned health plans
- Continued growth in private label stop loss business
- Mike McLean still chairman, 30 years of service to MRM
- Chris Rice named president in 2023
Our Leadership Team
Chris Rice is the President of Medical Risk Managers, Inc. Chris took over as President effective January 1, 2023. He has over 28 years’ experience in the Medical Insurance field with primary focus on Underwriting and Underwriting Management. Chris started his career at Cigna, completing an Underwriting Training program for Fully Insured Medical Products. He spent his first few years of underwriting split between Cigna and Kaiser Permanente.
In the late 90’s, Chris had an opportunity to move from Fully Insured Underwriting to Stop Loss Underwriting at The Hartford. He spent 9 years at The Hartford, starting as an underwriter, then moving into Underwriting Management. Chris was part of the transition of the Hartford block of Stop Loss business over to NBR, which became Optum Stop Loss in the early 2000’s. He was Director of Underwriting at Optum for five (5) years, before accepting a position with to a reinsurance carrier (RGA), where he felt the experience would enhance his career and provide him a learning opportunity on the reinsurance side of the business. Chris spent seven (7) years at RGA as Director of Underwriting, managing blocks of Stop Loss Quota Share business, including Excess of Loss (XOL) through various MGU partners.
Chris accepted a leadership role at Medical Risk Managers, Inc. in 2019. He has been part of the MRM Leadership Team as Vice President of Underwriting since January 2019 until accepting the role of President at MRM effective January 1, 2023. During his time as Vice President of Underwriting, Chris was instrumental in helping MRM grow its existing programs, as well as adding new ones. While leading the Underwriting Department, MRM’s total block of business has more than doubled.
Chris Rice, President
Mike McLean, Chairman
Mike McLean is the Chairman of Medical Risk Managers. Mike is a Fellow of the Society of Actuaries and has been with Medical Risk Managers for over 30 years. He joined the firm in 1988 as Executive Vice President and Chief Operating Officer. He was promoted to President in 1991 and has 36 years of group health insurance experience.
Prior to joining MRM, Mike was an Assistant Vice President and Actuary at The Hartford Life Insurance Company, where he was responsible for pricing their group health insurance products (including stop loss). Prior to joining The Hartford in 1981, Mike was a Senior Actuarial Associate at The Travelers. Mike has consulted to several stop loss carriers over his 36 years of experience including several BUCA carriers (in fact, Mike coined the term BUCA).
Mike has published stop loss articles in and served on the Editorial Advisory Board of the Self-Insurer Magazine and on the publications committee of the Self-Insured Institute of America. He has conducted numerous seminars, workshops and full day teaching sessions on stop loss for the Society of Actuaries and the Self Insurance Institute of America. Mike is still active with MRM’s largest clients.
Taking Cybersecurity Seriously
MRM has woven its data security program into the fabric of the company. Protecting our clients sensitive data is of the utmost importance. We combine employee training, effective policies and procedures and a steadfast commitment to remaining vigilant against new cyber threats to form a comprehensive security program.
In April of 2017, the AICPA announced changes to the Trust Services Criteria of a SOC 2 report. On December 15th 2018, those changes became required. The Trust Service Criteria was restructured to align with the COSO 2013 framework. COSO is a joint initiative of the American Accounting Association, the American Institute of Certified Public Accountants, the Financial Executives International, The Association of Accountants and Financial Professionals in Business and the Institute of Internal Auditors. The 17 COSO principles are included in the SOC 2 common criteria and supplemented with additional criteria to better address cybersecurity risks.
These changes and additional criteria have resulted in an increase in the number of controls a CPA firm will test for as part of the SOC 2 reporting process. Below are two areas and a few of the actual controls new to a SOC 2 that need to be addressed to maintain compliance.
1) File Integrity Monitoring (FIM) – malware, viruses, and hackers are all threats to sensitive files that live on the network. Knowing when these files change and by whom is critical to security posture. Here are just a few of the new SOC 2 controls related to FIM in 2019:
*CC7.1-3 - Implements Change-Detection Mechanisms
The I.T. system includes a change-detection mechanism (for example, File Integrity Monitoring tools) to alert personnel to unauthorized modifications of critical system files, configuration files, or content files.
*CC7.1-4 - Detects Unknown or Unauthorized Components
Procedures are in place to detect the introduction of unknown or unauthorized components.
*CC6.8-2 - Detects Unauthorized Changes to Software and Configuration Parameters
Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software.
2) Vulnerability Scanning – this is a crucial method used to find network security weaknesses. It must be performed regularly and any found vulnerabilities must be remediated. Here are three new controls related to vulnerability scanning in 2019:
*CC3.1-3 - Vulnerability Scanning – Vulnerability scans – both internal and external – are conducted on a regular basis with follow up procedures enacted for remediating any issues as needed.
*CC7.1-5- Conducts Vulnerability Scans
The entity conducts vulnerability scans designed to identify potential vulnerabilities or misconfigurations on a periodic basis and after any significant change in the environment and takes action to remediate identified deficiencies on a timely basis..
*CC7.4-8 - Remediates Identified Vulnerabilities
Identified vulnerabilities are remediated through the development and execution of remediation activities.
Each year, MRM obtains a SOC 2 Type 2 audit report from a certified public accounting firm. Over a 6 month testing period, we must provide evidence about the controls in place on a wide range of security topics. A few of the audited topics are encryption, IT system hardening, business continuity, incidence response and cybersecurity awareness training. The results of this audit are compiled in a detailed report and made available to our partner clients as an assurance of our dedication to safeguarding their data.
These changes and additional criteria have resulted in an increase in the number of controls a CPA firm will test for as part of the SOC 2 reporting process. Below are two areas and a few of the actual controls new to a SOC 2 that need to be addressed to maintain compliance.
1) File Integrity Monitoring (FIM) – malware, viruses, and hackers are all threats to sensitive files that live on the network. Knowing when these files change and by whom is critical to security posture. Here are just a few of the new SOC 2 controls related to FIM in 2019:
*CC7.1-3 - Implements Change-Detection Mechanisms
The I.T. system includes a change-detection mechanism (for example, File Integrity Monitoring tools) to alert personnel to unauthorized modifications of critical system files, configuration files, or content files.
*CC7.1-4 - Detects Unknown or Unauthorized Components
Procedures are in place to detect the introduction of unknown or unauthorized components.
*CC6.8-2 - Detects Unauthorized Changes to Software and Configuration Parameters
Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software.
2) Vulnerability Scanning – this is a crucial method used to find network security weaknesses. It must be performed regularly and any found vulnerabilities must be remediated. Here are three new controls related to vulnerability scanning in 2019:
*CC3.1-3 - Vulnerability Scanning – Vulnerability scans – both internal and external – are conducted on a regular basis with follow up procedures enacted for remediating any issues as needed.
*CC7.1-5- Conducts Vulnerability Scans
The entity conducts vulnerability scans designed to identify potential vulnerabilities or misconfigurations on a periodic basis and after any significant change in the environment and takes action to remediate identified deficiencies on a timely basis..
*CC7.4-8 - Remediates Identified Vulnerabilities
Identified vulnerabilities are remediated through the development and execution of remediation activities.
