Data Breach Part IV - Coverages

Photograph by Ofer Wolberger, Popular Mechanics July 2010

Most of us know that the lock on the door of our house is sufficient to prevent someone from gaining easy access to our property. It's been said that locks keep honest people out. But we also know that if someone is really determined they can breach the majority of security measures we might have in place. If they're really skilled, they can do so rather quickly. The same is true with our computers and the date stored on them, especially those used in a business operation. 

As business and government operations rely more heavily on computers to perform tasks and store data, more criminals, hackers and terrorists are turning toward computer related crimes to either make money, cause damage or both.  In the past few years there's been a significant spike in cyber crime and there's no reason to believe the rate of incidents will diminish anytime soon. The FBI's Internet Crime Complaint Center (IC3) states they received over 314,000 complaints of online criminal activity in 2011 (2011 Internet Crime Report). That's the third year in a row incidents topped 300,000, and that's just what was reported to them.

Insurance carriers are trying to keep up with the changing landscape by crafting new coverage options and improving existing wordings and features. Here are a few of the current options that may be available to your client (terminology may vary slightly from carrier to carrier, and some coverages provided, especially first party, will usually be subject to a sub-limit):

• Network and Information Security
• claims arising from the unauthorized access to data and that's usually personally identifiable information
• failure to provide notification of a breach (as required by law)
• transmission of a computer virus or similar
• liability associated with the failure to provide authorized users with access to the company's website
• Communications and Media Liability
• coverage for claims arising from copyright infringement, plagiarism, libel, slander in electronic content
• Defense Expense
• coverage for governmental claims as a result of network and information security liability, and/or communications and media liability
• Security Breach Remediation and Notification Expense (first party)
• costs incurred to determine whose identity information was accessed
• cost of notification to customers/others of the security breach
• identity fraud expense reimbursement for those individuals affected by the breach
• credit monitoring services for those notified (usually for 12 months)
• call center services to assist with inquiries
• Computer Program and Electronic Data Restoration Expenses (first party)
• expenses incurred to restore data lost from damage to computer systems due to computer virus and/or unauthorized access.
• Computer Fraud (first party)
• coverage for loss of money, securities or other property due to unauthorized access to computer systems
• Funds Transfer Fraud (first party)
• coverage for loss of money or securities due to fraudulent transfer instructions to a financial institution
• E-Commerce Extortion (first party)
• money paid due to threats made regarding an intent to destroy data, introduce a virus or attack a computer system, disclose customer info or other similar threats
• Business Interruption and Additional Expenses (first party)
• loss of income and extra expense incurred to restore operations, must be a result of a computer system disruption caused by a virus or other unauthorized computer attack

This is a fairly representative list, but each carrier tries to offer something a little different, so exact terms will depend on the unique qualities of the  business, and the carrier offering coverage(s).  Also, it's not necessary to buy all of the coverage options, usually the coverages can be purchased in sections or modules. Contact us today for a quote or help determining how to best address your client's needs.

New Product: GL and E&O For Consultants

We have a NEW product available providing E&O and GL for entrepreneurs and small businesses providing consulting services. Competitive quotes are available quickly.

Coverage includes:

• Defense outside the limit (capped at the aggregate policy limit)
• HIPAA/HITECH sublimit of $250,000
• Automatic additional insured coverage
• Contingent BI/PD sublimit of $250,000
• 50/50 cooperation clause
• Third party discrimination coverage
• Independent contractor coverage

Risks are not eligible for this product if they've generated more than $1 MILL in revenue during the past 12 months and/or if they've had an E&O claim in the past five years.

Also, your client's services must be in an acceptable category. Some of the services not acceptable for this program include: intellectual property, copyright or patent work, employee benefits or pensions, medical related work,  services associated with an architect, engineer, attorney or real estate.

If your client does not qualify for this product due to claims, services offered and/or revenue, we have multiple markets available to allow us to quote them as well.

Call or email today for a quote.

Tuscano’s Hand Improves (New Market Added)

I just received confirmation that our appointment with ACE Commercial Risk Services has been finalized and is effective immediately. I’ve had several conversations with customers over the past few months that convinced me this would be a good and necessary move for us.
Premiums and coverage forms are very competitive, and classes of business include the following:

• D&O (For Profit and Not For Profit)
• Technology E&O, and Data Breach, Privacy and Network Security can be included or written stand alone
• Environmental Contractors
• Stand Alone Contractors Pollution
• Miscellaneous E&O (incl TPA’s, Trustees, Real Estate agents, Temporary Staffing, Construction Managers, Property Managers and more)

ACE is another great card in the deck that we can offer to you, our customer. Combined with an already strong group of markets and the service and professionalism you’ve come to expect from Tuscano, you’ll be playing to win.
If you’ve been stuck gambling on another broker to get this done for you, or if you’ve never worked with ACE, now’s the time to ante up and contact us. We’re betting you’ll be happy you did!

Criminal Justice Service Operations Insurance

Department of Corrections Corporate Offices, Mechanicsburg PA
Here’s a quick reminder that we have the ability to write general liability, professional liability and property coverage for a variety of operations within the criminal justice system.
The professional and GL are on the same policy; the property can be written by the same carrier but the policy would be separate.

Our carrier is rated A+ (Superior) by A.M. Best Company.

Summary of Coverages:

General Liability, Professional Liability

- Sexual misconduct

- Civil rights coverage

- Hired & non-owned auto coverage 

Optional Professional Liability Coverage

- Employment practices liability

- Stop-gap coverage

- Law enforcement coverage

- Medical malpractice for prison nurses

- Medical malpractice for prison physicians

Property Coverage

- ACV-replacement cost-agreed amount

- Minimum premium: $1,500

- Minimum deductible: $1,000

- Special rating considerations in program

- Building, contents, equipment, business income, extra expense and crime exposures

- Equipment floaters available

Available for: Adult and juvenile boot camps Court-ordered counseling Community correction centers Drug and alcohol treatment centers Electronic monitoring companies Halfway houses Law enforcement trainers Offender rehabilitation classes

Other staff secure juvenile facilities Pre-release centers Prisoner transportation companies Probation services Public and private prisons and jails Restitution centers Work release centers

Call or email us today for more information…

Data Breach Part III - What It Is

Not being able to visually depict a data breach, I found a photo of an earthen dam being breached. Similar to water, when data is not contained where it’s supposed to be, the result can be damaging and costly.
Data Breach coverage is first party coverage, meaning it’s intended to provide coverage to your client if they experience a loss of THEIR customer’s *personal information. There’s no need for the policy to be triggered by a suit or other demand for damages as you would expect in a third party claim. ( *personal information includes credit card numbers, driver’s license numbers and/or social security numbers. Most of the U.S. Government’s info on this subject refers to such customer info as “personally identifiable information”, or PII; some carriers are simply calling it “personal information”, or PI).
In addition, even if they don’t have thousands of customer records containing PI that is lost or stolen, the fact that this info COULD have been compromised is usually all that’s necessary to trigger notification requirements spelled out in state and federal laws. Simply put, your client could very well be on the hook to send out written notification to ALL of it’s clients, even if only one record is lost or stolen.
In addition to existing federal laws, forty six states have enacted laws regarding notification. The notification requirements are not standardized, and if your client has customers in multiple states the likelihood of your client knowing the statutes and being able to quickly and easily comply with them is slim and none, and you guessed it - slim has already left town. The cost of a reputable, qualified third party to perform the notification task for your client varies greatly based on territory and some other factors, but I’ve seen estimates from $50 to $250 per customer record.  (if you need help explaining the reason for the costs being so high, I can help with that)
If you want documentation of those costs, there aren’t a lot of options available just yet, but try the report from Ponemon Institute in association with Symantec. For the events they could verify, they show that the cost of notification for 2011 was $194 per record. http://www.symantec.com/about/news/release/article.jsp?prid=20120320_02
This report also shows the difference in breach event costs between companies that have chief information security officers and those that don’t, as well as several other factors.
Other “hard” costs that your client may have to deal with are regulatory costs and credit monitoring services. Regulatory costs could include fines, penalties and/or the establishment of a compensatory fund – all as determined by the regulator. Your client must also provide credit monitoring services for those customers who may have had their information compromised. It’s usually a requirement for a company that’s had a breach to provide their customers with at least one year of credit monitoring services from a qualified third party vendor.
In addition to hard costs there are “soft” costs that are likely to be associated with a data breach; abnormal turnover of customers, increased customer acquisition (or re-acquisition) activities, reputation losses, as well as diminished goodwill.
Obviously there’s more to consider, but hopefully this gives you an idea of what’s at stake and helps you evaluate which of your customers may need to consider this coverage. In the next post I’ll look at coverage options available.

Remembering, Honoring

An American flag flies at half staff next to a twin towers statue at Tyrrell Park in Beaumont in 2011. Guiseppe Barranco/The Enterprise

I feel compelled to post something today regarding the anniversary of 9-11. I know it’s not going to be profound or life altering, but it’s important to me to do so.

On September 11, 2001 in New York city many innocent lives were taken and many others were injured. And for those of us who were somewhere else at the time, we were impacted in some way. I hope people take a moment today to remember those who died and those who were permanently damaged physically and/or emotionally. And to remember those who tried their best to help their fellow human beings, many of them at the loss of their own lives.

I think that’s what I want to remember as much as anything else, that people still care about other people. That we can actually do something good and positive for others around us, even if we don’t know them at all.

We can’t change what happened, and I for one still can’t really make sense of it. But I know that I can do something to remember and honor those human beings that died that day. I can find someone today that I can help, or encourage or love. Maybe more than one someone, and maybe not just for today.

Data Breach: What It’s Not

To discuss data breach coverage I think it’s important to understand what it is not, as well as what it is. As stated in the previous post, as far as I’m concerned data breach is not cyber liability. Insurance companies may market a product as “cyber”, but “cyber” means anything computer related. Just adding “cyber” to the word “liability” doesn’t really mean anything specific, and it certainly isn’t a clear indication that the coverage is/includes data breach. Instead of me re-stating all of my comments, check out the prior post by clicking on this link:  http://tuscanopro.blogspot.com/2012/08/most-misunderstood-insurance-terms.html

Data breach is not third party coverage; i.e. it’s not intended to defend your client or provide indemnification on their behalf for an error or omission generated by their work product. Third party liability assumes that another entity is asking for or demanding monetary damages because of an act, error or omission by your client. While a data breach will probably result in costs to your client, some if not all of those costs are not going to be covered by an E&O policy form that does not include a data breach coverage part.

Data breach is not a package policy that includes GL, Non-Owned and Hired Auto, Crime, etc. I don’t think there’s anything wrong with a “package” that includes E&O, it’s just not necessary to write a package to provide data breach coverage.

I think the most common misunderstanding I’ve encountered so far  is being asked to provide data breach coverage for technology service providers not storing critical customer data, including website designers, consultants, hardware and software resellers and programmers. While each situation is unique, If your client isn’t storing/keeping this information, their data breach exposure is probably minimal. (The next post will better define “critical customer data”, but if you want to do some research on your own and get ahead of the curve, do a search for “personally identifiable information”).

If you’re looking for a couple of diagnostic questions to determine if your client has a data breach exposure, you should probably start with questions regarding how many customer records they store, usually electronically, and what type of information is in those records. If your client/prospect does store credit card numbers, medical records, driver’s licenses numbers and/or other similar information, they have a data breach exposure.

The next post will look at what data breach IS…

The Most Confusing Insurance Term Is…

The concept of Cyber Liability is confusing enough - don’t complicate things by confusing Cyber Liability with Cyborg Liability. At this time, I don’t have any markets available for the latter. But you never know…

(First in a series)

I’m sure there are many insurance terms that aren’t clearly understood, or that don’t really describe what the coverage is, but my vote is for “Cyber Liability”. Let’s face it, we are now reading and hearing about “cyber” everything. Cyber bullying has become a major issue, especially for school age children. I’ve seen a number of commercials for cyber knife medical technology. And of course there are many others, including cyber space, cyber crime and cyber security.

Merriam Webster online dictionary defines cyber as: “of, relating to, or involving computers or computer networks (including the Internet) <the cyber marketplace>”

Based on that definition, then cyber liability could be insurance for your client whenever they’re using the internet. Or perhaps it’s any insurance coverage involving computers or computer networks?   I think I’ve seen requests for cyber liability that involve all of these areas of exposure/operations and more.

Here’s what I think most people mean when the term “cyber liability” surfaces - more than likely they’re referring to an insurance product that’s meant to provide some level of coverage for a data breach, also called an information security breach.

The simplest way I can define or describe a data breach is when  personal information – usually critical financial info – of your insured customer is lost or stolen. In fact, the data really doesn’t even have to be lost or stolen. If your client retains credit card, drivers license and/or other personal financial info, and their network is hacked, they lose a laptop or other electronic device and the info may be at risk, your insured has an obligation to notify their clients. That can be costly, so you need to make sure the policy either covers those costs, or you advise your client that is does not.

In subsequent posts, I’ll get into coverage details, applicability to some of the business operations you may encounter and so forth. In the meantime, if you have questions or need some help sorting out a current quote – call Tuscano. And yes, resistance is futile.

New Professional Liability Opportunities in PA

If you get a chance to watch the Paralympic Games I highly recommend it. I’m guessing you’ll be amazed and inspired  by what competitive desire, hard work and technology can do.

Pennsylvania House Bill 48 of Session 2011, amended June 27, 2012, may provide you with an opportunity to write new business for some of your existing customers. And if you’re not aware of any existing accounts that fit this profile, it may give you reason to knock on some doors of local business owners.

The bill requires, among other things, that orthotists, orthotic fitters, pedorthists and prosthetists purchase and maintain professional liability in the amount of $1 MILL per occurrence or per claim.

All of these professions are related to the evaluation, design, fabrication, assembly, fitting and/or adjusting of artificial limbs, or braces or appliances to support poorly functioning or non-functioning limbs or joints. If you want to see a more detailed definition for these professions as listed in Bill 48, here’s the link:  http://legiscan.com/gaits/text/657475

Bill 48 is directed toward licensed professionals and requires the work being done to be as a result of a written prescription by a physician, physician assistant, nurse practitioner, etc.

If you have questions regarding these professions, if you need an application or want to discuss current policy coverage, let me know.

Mgmt Liability/EPL/D&O Market Update–Part 2

Bars, Restaurants, Hotels and other “Hospitality” industry risks are high on the target list of plaintiff firms re wage and hour lawsuits.

The prior post outlined likely market changes for D&O in the next 12 months or so, this one will focus on Employment Practices Liability.

Rates are up, but only slightly. Many carriers would love to see a 15% to 25% rate increase, but expect rates to increase 5% to 10% for loss free accounts. Rates will definitely increase more on risks with claims, as will retentions, and how much depends on the details of the loss(es), type of entity and the state (possibly even the county)  where the risk is located. The real change is going to be on the underwriting side, as carriers will start - if they haven’t already started - to tighten up the filter on new and renewal business.

The reason for that is claim frequency and severity has increased for just about every company I’ve spoken with, and we’re going to blame the economy again, at least in part. Employers that are struggling financially are trying to get more work out of fewer people, which can translate to longer hours and higher stress levels for employees. It’s also possible many hourly employees are working more and not being properly compensated, and unfortunately sometimes the employer doesn’t realize they’re not in compliance with state or federal law (until their former employee’s attorney contacts them)

Another driver is some employment law has become a little more  employee “friendly”. An example of this is the ADA Amendments Act of 2008. The Act went into effect January 1, 2009, with the EEOC regulations to implement the equal employment provisions of the Act effective as of March 25, 2011. One of the results of the Act is that it expanded the definition of “disability”. How much impact these changes have had is hard to measure at this point in time, but a couple of the underwriters I spoke with indicate they believe there is some impact regarding new claims.

And one other very specific reason frequency and severity is up is that the plaintiff bar is still very active regarding wage and hour claims. In my part of the world if I do a web search for “overtime laws” or “overtime claim” the first two websites that come up are local plaintiff firms. And they are on billboards, tv and radio, as you probably know. If you have customers with a decent number of hourly employees and you have not offered them terms that include wage and hour defense coverage, I would strongly urge you not to offer another renewal without that option included. If for some reason it’s not available to your client, at least you’ve done the work needed to confirm that and advise your customer accordingly.

We are still seeing companies enter the market re EPL, but compared to 3-5 years ago the numbers are down. And carriers are way less inclined to add more coverage - probably the most recent coverage enhancement or option is illegal alien investigation coverage.

The market is still very competitive, no doubt, but it appears we may have reached the “floor” when it comes to rates. And we may actually see more underwriting in the next 12 months or so.

Management Liability/EPL/D&O Market Update

Managing effectively – without having your ducks in a row? 

From China Daily/Reuters via MSN: A farmer snarls traffic in China herding 5000 ducks to a pond 3/4 of a mile away. With one other helper and two long sticks, supposedly not one duck was lost.

We “quietly” write a fair amount of Management Liability coverage, including D&O and EPL, and recently a few of my customers have been asking what’s going on in the market. We represent a number of carriers, including Chartis, Travelers, Carolina Casualty and a couple of Lloyd’s facilities, in addition to USLI and Philadelphia.

I spoke to several companies to get their take, so the following is a composite of discussions with underwriters, claim staff and marketing reps. I’ll break this up into two posts to keep it short.

D&O Claims Are Up. There’s a slight increase, but not at the same level as Employment Practice Liability claims. More and more carriers are trying to sell management liability policies where D&O is included with EPL, Crime and Fiduciary coverage. That helps loss ratios and profitability where there are more premium dollars to pay EPL claims vs less frequent and/or less severe crime or D&O claims.

Community Associations – (Homeowner, Condo and Neighborhood Associations make us most of this class) Claim frequency has increased, but not to the extent where you’ll see any major adjustments from the insurance companies. The increase in frequency is in part driven by the economy. Lower real estate values can result in deficits in association funds, and resulting increases in assessments give way to disputes and legal action. Those same deficits also create opportunities for legal issues as repairs and maintenance and other related work may not be completed and resulting finger pointing invariably goes back to the board.

The Community Association product is still probably underpriced, but don’t expect to see more than a 5% or 10% increase in premiums unless the account has problems. More than likely underwriting eligibility and coverage rules have changed or will change to “make up” for carrier’s inability to get the rates they want.

Not For Profit – The situation here is almost exactly the same as for Community Associations in terms of rates, as there’s still a great deal of competition. Don’t expect much to change anytime soon.

Private Company – Claim frequency is increasing, and the common theme of claims being economically driven holds true here. Companies are in trouble financially and some are bankrupt. Extensive reviews of the books, trustees coming in to make their claims and other similar circumstances all contribute to the problem. There are also some claims resulting from M&A activity.

Rates are going up a little and that’s as much a result of EPL coverage claims as anything, since it's usually combined with the D&O. Also, coverage issues can be more complex these days so the cost to defend in those cases is almost always going to be higher.

Overall on D&O coverage noted above, there are very few new companies entering the market and if they do enter it’s usually in the form of management liability. Also, there’s not much new in the way of coverage expansion – the majority of additional coverage options have already been introduced to the market. And you can expect rates to be fairly similar to expiring unless there are issues with the risk.

EPL update will follow in the next post.

Coverage Update–New Option for Stand Alone Sexual Misconduct Liability

Stadium High School, Tacoma WA, where the high school band director resigned after allegations of inappropriate sexual contact with a student. Photo from WGNTV.COM

The photo above is the one of the first I found simply because it’s a fairly recent event, but unfortunately I could have picked just about any state in the union for headlines about high school or college related sexual misconduct. And a similar sad story can be told concerning healthcare facilities, religious institutions and many, many others. The risk is real and profound, as recent headlines have all too often pointed out.

We’re now offering a new option for stand alone sexual misconduct coverage. This isn’t intended for a small risk, but really fills some possible coverage gaps for mid to large size entities, public and private. And it’s important to note this isn’t an afterthought with sub limits of $50,000 or $100,000. In this day and time a $50,000 limit just isn’t sufficient. Here’s a quick summary:

What Does the Policy Provide? Risk Management Advice and Broad Insurance Coverage for Liability and Costs of Defense Regarding Claims for Sexual Misconduct and Molestation and/or Negligent Hiring and Supervision.

Who’s Covered? Executive Directors, Trustees, Employees, Coaches, Counselors, Clergy and Volunteers.

What’s Included? Negligent Hiring, Employment, Investigation, Supervision, Training or Retention Of, Failure to Report Employees Who Commit Sexual Misconduct/Molestation.

Additional Benefits? Tailored Risk Management, Including Access to a Web Based Risk Management Tool. Employee and Volunteer Training Information. Early Loss Mitigation and Access to a Network of Expert Counsel.

Which Entities Are Targets? Religious Institutions, Educational Institutions, Leisure Services, Social Services and Healthcare Organizations.

Minimum Premium? $10,000 for $1 MILL Limit

Limits Available? Up to $5 MILL, Primary or Excess.

Call or email and ask for more information or an application.

Agency E&O–Steps Toward Prevention

This is an artist’s creative rendering of a ram, with a landscape mural painted on its body, located outside at the Palm Springs (CA) International Airport. I can’t recall when this was taken – several years ago – so it’s possible “Mr. Ram” is gone now. I was actually looking for a photo with “steps” in it, and while the plants are in a “stepped” wall in the background, I just had to use the photo. I like it, and at the same time I can’t help but think “E&O”. You?

 

I just read an Insurance Journal blog post by a consultant (Chris Burand, Burand & Associates) and thought his comments/ideas are worth repeating. The basis of his post is that agents may be opening themselves up to E&O by not getting current underwriting information on renewals. The reasons for that are many, but could include:

• No one asks the insured for updated info! This is perhaps even more likely when the policy is an “automatic” renewal, i.e. the carrier is really not asking for much in the way of info to be able to issue a renewal policy. That’s convenient but may not be the best way to protect your agency or your client.
• The Insured isn’t all that interested in responding to another insurance information request (“…again? we just talked about this a few months ago…”), and the agency personnel that have the relationship to get the info aren’t involved, don’t want to take the time and effort, no one lets them know, etc.
• The renewal info comes back and while it contains information that is in fact new or different, the renewal info is not compared to what’s in file from prior years.

The point is also made that if the agency is asking for updated information and discovers new or uncovered exposures, it may mean additional opportunities to provide coverage. That’s good for possible additional revenue production, as well as E&O prevention.

It would be nice if there was one simple form to use for every renewal, and of course there isn’t, but that isn’t a good reason not to make an attempt to develop renewal checklists that are meaningful. Your agency may already have done this, which is great, but it may have been several years ago. It could be time to take a hard look at those older forms.

Current Events: Sexual Abuse/Molestation

The Children’s Bureau, a division of the US Department of Health and Human Services, reports that for the period from October 1, 2009 through September 30, 2010, there were 436,321 substantiated cases of child abuse and/or neglect. Of that number approximately 25% were categorized as physical or sexual abuse. That’s based on reported cases and does not contemplate incidents that were unreported. While any system attempting to codify child abuse is flawed for a variety of reasons, the number of abuse cases is staggering and has not gone unnoticed by law firms and others.

Recently one of the National Underwriter sites posted a column regarding the Penn State sexual abuse scandal and which insurance coverage(s) may or may not apply.  It appears the author is starting with the GL policy and will at some point address D&O and possibly EPL issues. http://www.propertycasualty360.com/2012/04/26/penn-state-vs-insurer-who-will-cover-sex-abuse-co

I have no idea what the insurance package for PSU includes, but I would certainly hope they have separate coverage or at least an additional coverage part that specifically addresses sexual abuse/molestation. I would expect to find that in an EPL policy written for the school. I’m guessing if they didn’t have that coverage in place previously they have it now, albeit at a greatly increased premium.

This particular scenario and the fact that it’s gained national attention is probably not something your client’s think can or will happen to them, but it doesn’t have to be a national scandal to ruin your customer’s business. All you need is a little local press concerning the alleged improper/illegal conduct of a private school, daycare center, assisted living facility or any of a hundred other possible entities who have responsibility for the safe keeping of others. Add to that the cost of defending the allegations and even if they’re exonerated they may not be able to recover their lost revenue.

In this day and age, it would seem that offering your client coverage for sexual abuse and molestation would automatically be on the checklist of things “to do”, even if it’s only a sub limit if that’s all you can find. For some classes and types of risks, I’ll admit it’s not an easy write and can be expensive, but if you don’t pursue it your client may end up paying costs out of pocket, and you may be filing an E&O claim. Neither situation is desirable.

Penn State will obviously live on, and it should, as the actions or lack thereof from a few people should not destroy an institution for all time. Your customers probably don’t have the staying power and resources of a major university, so at the very least they need a fighting chance to survive what could be a very damaging series of events.

EPLI: Illegal Alien Investigative Proceedings…

If this photo conjures up a smile or a memory or two, you're welcome. If it means nothing at all, ask an “experienced” member of your agency. Or your parents...

This is a short post to make you aware of a unique coverage that may be available to your client as part of an EPL policy...

Illegal Alien Investigative Proceeding Coverage. OK, I'm having a little fun with the photo, but I'm not kidding about the coverage, it really does exist. I know of only a few carriers that offer this right now, and for those carriers this coverage is added by endorsement. The policy wording is amended to show that a "claim" includes a criminal investigation by a governmental agency based on the allegation that the insured hired illegal aliens.

Note that the amendment is for the investigation, not for fines, penalties or anything else, so the carrier is going to pay for legal expense in connection to an investigation involving the insured entity. Be careful here - know whether or not the wording covers the insured, the insured entity or both. The form I've reviewed specifically says insured entity. Also be aware of the limits - usually this is going to be fairly low limits ($25K or $50K) and those limits are part of and not in addition to the policy limits.

Obviously if your client knowingly hires or "harbors" illegal aliens, it's, well, illegal. That could have an impact on how the carrier looks at other coverage provided, and probably will have an impact on whether they renew the policy or not. Interestingly enough though, based on the policy I looked at, an EPL claim would not be rejected if a covered act is committed by an employee who is here illegally. The policy wording I looked at doesn't specifically exclude acts by "illegals", only illegal acts.

Food for thought. Mass quantities of food…

Lawyers Professional Liability: Five Things That Could Make A Risk Hard To Place

Most of us believe we can easily identify a real estate property that’s “distressed”. It’s pretty obvious when looking at a photo or visiting the property in question. It may not be quite so easy to identify a distressed law firm as respects their professional liability insurance.

Insurance companies that underwrite professional liability for attorneys will consider some of not all of the following risk characteristics when classifying an account as distressed, or hard to place:

• CLAIMS – Just because a law firm has had a claim does not necessarily make it hard to place. There may well be standard, admitted markets willing to quote that account. Key elements to consider are the details of the claim, when the claim occurred and the outcome.
• DISCIPLINARY PROCEEEDINGS – An attorney could be subject to fines, license suspension or revocation (disbarment) as a result of a variety of action/lack of action. As with a claim, a disciplinary complaint against an attorney does not automatically disqualify them from the standard insurance market. Repeated offenses probably will cause your prospect or client to seek coverage in the non-standard market.
• SUITS FOR FEES – It’s certainly not illegal or unethical for a firm to bring a legal action against a client that has failed to pay for legal services. The problem is that frequently that results in a counter suit from the client, alleging that the law firm committed malpractice, among other things. While a single suit for fees on an application for insurance may not disqualify an account, expect few if any standard markets to quote a law firm that makes a habit of suing their clients for fees.
• AREAS OF PRACTICE- These are the disciplines or categories in which an attorney or firm works, or practices. Domestic law is an area of practice, as is Taxation, Insurance Defense and Criminal law. Areas of practice considered “distressed” will vary by insurance company, but a few that are consistently going to create problems for standard companies include: Intellectual Property, Securities and Class Action (Mass Torts). You may also find that many carriers are now limiting what they can write for firms that are heavily involved in Real Estate, as well as Copyright, Patent and/or Trademark. Much of this will vary by state, or areas within a state.
• NEW IN PRACTICE WITH ANY OF THE ITEMS MENTIONED ABOVE - An attorney just starting out in their own practice, especially if they’ve just graduated from law school, will have a smaller pool of companies willing to offer professional liability insurance. If the attorney or firm is new and is also dealing with a disciplinary action, claim or other item listed above, it's almost certainly going to be considered a distressed account.

Many of the issues listed here can be risk managed to prevent them from happening to begin with, or minimize the chances of a recurrence. We're happy to give you some ideas along those lines as well.

Questions? Comments? Call, email or try our live chat feature…

EPLI: Wage and Hour

In a prior blog post I mentioned a few items that could be helpful for you to consider when placing employment practices liability insurance. Here's the next entry, this one on the topic of wage and hour defense coverage. You should be reviewing this for every client you work with...

Wage and Hour violations has been one of the hot buttons for many plaintiff law firms over the past few years. The concept usually goes something like this; attorneys advertise seeking individuals who were employed and feel like they may not have been paid adequately (translation - someone who is disgruntled because they were fired, passed over for a promotion, etc). The most valuable "target" for a law firm is a group of employees that were paid on an hourly basis and that worked a considerable amount of overtime over a long period. Frequently the employer does not keep detailed records of hours worked, or if they do keep those records, they discard them too soon, they can't locate them, they're damaged in some way, etc.

If the plaintiff firm feels moved to bring an action against the employer, they assert that the employee(s) were not paid a sufficient wage for the time worked. Damages could include back pay, plus interest, plus fines, and penalties. The burden is on the employer, not the employee, to prove the pay provided to the employee was accurate. This can be extremely stressful to a business owner, as it will consume considerable time and energy to produce the necessary records - if they exist at all - to prove their position. The stress is compounded if they have an EPL policy that doesn't include defense coverage for this situation or they have some coverage but not the maximum they could have purchased. If the latter case arises (not every policy provides the coverage) the agent of record can count on some stress of their own, and likely a claim against their own E&O policy.

Even if the employer has all of the records to confirm how they paid the employee(s), they may still be liable if they don't have their staff properly classified. Many employers believe that just because a person is called a "manager" or has “additional” responsibilities, that makes it OK to pay that person on a salaried vs hourly basis. This is not correct and could end up costing the employer (your client) in a big way. (Here's another plug for using the risk management tools available on many EPL policies, or at the very least making sure the employer has their staff properly classified and keeps detailed records of hours worked).

Ok, so you're convinced that this is a valuable additional coverage - how does it work?

1. The "Coverage" under most policies is added by endorsement. If a policy has a very recent revision date, it could be included in the wording. When in doubt, ask the underwriter.

2. The "Coverage" is usually defense only - and if so, it will not pay on behalf of the insured for damages, including back pay, fines and penalties.

3. The "Coverage" is most commonly provided as a sub-limit, not the full policy limit. An example would be a policy limit of $1 MILL may only provide $100,000 of wage and hour defense coverage. Whether it's a part of the limit of liability, or in addition to the limit differs by carrier.

4. Defense applies to wage and hour laws that could be local, state or federal, and could apply to foreign laws, depending on the carrier. If you have a client that has operations outside the US, you need to check that provision carefully.

One of the most common areas of law that is involved is the Fair Labor Standards Act. If you are not familiar with this at all, a good place to start is the website for the US Department of Labor; Wage and Hour Division http://www.dol.gov/whd/flsa/

This is by no means the only resource to use, so google the terms and make some phone calls before you speak with your client.

There's much more to this issue, but I hope this gives you a basic awareness and gets you thinking about existing clients or prospects you may be working with now, and how to approach them about this very important issue.

Architects & Engineers Insurance: Submissions

Here's a re-post from last spring. If you want to see other A&E related posts just select from the labels on the right side of the blog page...

When I was eight years old I thought I wanted to be an architect. I had a set of plastic girders and panels made by Kenner Toy Co, ingeniously called the "Girder and Panel Building Set". I made Cape Canaveral, or what I thought was the Cape. I tore that down and made a store, and then an office building, and who knows what else. As I got older I realized that I probably couldn't keep up with the math; Trig was about as much as I wanted to deal with. And by then I had discovered girls, sports and all manner of other distractions. While I didn't become an architect, I've never lost my fascination with buildings and their design, and I'm happy I can still be involved with this class of business as a broker.

Now that you know what I was thinking when I was 8, here are a few things you may want to think about when you are presented with an opportunity to write a business providing architectural or engineering services:

• Revenue is certainly an underwriting consideration, but you will also need to obtain construction values. Annual revenue numbers are pretty obvious, but for construction values occasionally I'll see a submission that either shows "average" values or a "max" value. Unless stated otherwise, what the underwriters are looking for is the annual total value of all of your prospect's construction projects for at least three years, i.e. the "next" 12 months, the recently ended 12 mos and the 12 mos prior to that.


• "Design-Build" firms. If your client is also involved in the building process, the carriers will need a breakdown of revenue between "design only" and "design-build" operations. Even if there's a very small percentage of "build", get the info anyway.

• New in Business. Just like with any other class, if they're just starting an A&E operation, in addition to the app you'll need resumes for the principals. If they want to include names and descriptions of projects they worked on at a previous firm, that's fine, but don't have them send an electronic portfolio of everything they've done since college. If an underwriter really needs more info to qualify the risk they'll ask for it.

• Change in ownership and/or operations. If a new owner takes over you may have a chance to get your foot in the door, especially if something about risk characteristics change. If they're now doing structural engineering and they've never done that before, the current carrier may be forced to non-renew or drastically alter pricing and terms. If they've just been given a contract for a job out of the country, the current carrier may not be willing or able to extend coverage. Find out if anything has changed or is about to change.

• Specific Projects. Sometimes an architect or engineer will not have any professional liability (PL) insurance coverage and will be asked to bid on one project that requires evidence of PL coverage. As you would expect you'll need a full app and full details of the work they are going to do regarding this project to be able to arrange coverage.

• Specific Client Excess. Similar to "specific project" coverage, but in this case one client of the A&E firm is requiring higher liability limits than the firm currently carries. Details of the project will be needed to underwrite this exposure, including name of client, services being rendered, the primary limit of liability and what carrier is writing that layer. A premium indication will be provided subject to review of the primary policy wording.

• Competition/Other Carriers. Find out what carrier is writing the coverage currently. If it's an exclusive program for an association it will be tough to beat their pricing and it may save you some time and energy. If it's a surplus lines carrier you'll obviously want to figure out why (claims, areas of practice, location, etc) and make every effort to obtain terms from an admitted company. I've recently seen a couple of situations where the client of the A&E firm is requiring a minimum AM Best rating, and that may require the client to change carriers.

There are quite a few other considerations, but these are some of the more common ones. Let us know if you need more information or need to discuss a specific situation.

EPLI

Hopefully the proprietor of this fine establishment in Greensburg, PA has an agent who has educated their client on possible coverage options, in addition to doing whatever quality control work they feel compelled to do...

I've not spent much time writing about Employment Practices Liability, as it really belongs in the "management liability" category, but as I see more and more submissions I think it's time to offer some thoughts. As you probably know, many, many standard carriers provide this coverage, so most agents have access to markets. However, there are some other considerations and here are just two things to be aware of; (1) tougher risks, like restaurants, real estate and law firms for example, don't have as many market options available and (2) even though this is a highly competitive class, coverage options are still all over the place.

Here are some policy benefits or coverage options you should be aware of...

Risk Management: I know, I know, most insured's could care less. Hopefully as an agent you're at least talking with your client about the benefits of using the services many carriers provide at no cost to your customer. Those services vary with the carrier but can include:

• online access to forms and procedures
• worksheets/checklists your client can use to see where they stand in comparison to other business operations
• some sort of telephone or internet based help line or similar service
• online or in office training for managers and/or employees

While I understand it's not going to be all that interesting to many insured's, those with claim history or larger or more sophisticated clients should be willing to factor these features into the mix.

ID Fraud Expense: This is definitely not an option that is universal, but some of the carriers are now including a small limit for ID Fraud Expense Reimbursement per employee as a value added item. Usually the "coverage" is for the cost of clearing up credit, not coverage for any lawsuits, and includes some help in navigating through the process. Limits are in the $1000 to $2500 range per employee, but the insured may have the option to purchase a higher limit.

Information Security: This may also be referred to as Network Security, Data Breach or Cyber Liability. There may well be other terms used by other carriers. The coverage could be for the full policy limits, or could be provided as a sub-limit. If this coverage is added by endorsement or included in the policy wording, make sure you understand how it applies. In general, data breach is for loss that arises out of unauthorized access to private data. If it's added to an EPL policy, you should expect it to apply to employment information for past, present or future (applicants) employees.

That's a critical point, because if that's how coverage applies (employees or applicants for employment) it will not substitute for data breach/information security coverage your client may need if they acquire and maintain private data for customers. Don't make the mistake of assuming that "data breach" is "data breach", i.e. it's all the same coverage, and make sure your client is aware of what is intended and what is not.

More to follow...

Get Into the Habit of asking Questions on E&O Prospects

While I have had a variety of habits, one that I've never claimed is running, especially any great distance. There's a great deal of discipline involved with any training but I think even more so running, especially for long distance events.
Photo of the 2011 Boston Marathon
(John Tlumaki - Boston Globe)

We may not all be runners but we all have behaviors we repeat, and when we do things a certain way it's pretty difficult to change, whether it's adding or deleting behavior or trying to develop completely different behavior. For me it's maintaining an exercise regimen - and I have a "habit" of not being consistent!

Habits impact us in our work as well. If you're not used to writing professional liability coverage you may not be used to obtaining certain information that will speed up the underwriting processs. While it may not become "habit" if you don't see alot of this business, if you keep the following in mind it should help save you some time:

1. Current Carrier Info: If there is current coverage in place, find out what carrier is writing it now, limit, deductible, expiration date and the retroactive date of the current policy. If you can determine the existing premium it will allow us to determine right away if we can be competitive, assuming that's important to you, and it usually is. If we're not sure about exact pricing we can at least give you an idea of minimum or likely premiums.

2. Retroactive Date: I know it's listed in item 1, but I see plenty of submissions without the retroactive (prior acts) date provided. It's almost impossible to provide an accurate quote on most risks without the retro date. Most applications have a place to list the current retro date, but it's frequently missed for some reason. Worse are apps that don't ask, so make sure you ask this question of your client. (If your client/prospect gives you a copy of the dec page the retro date may be listed, but check to be sure)

3. Loss Info: If there's been a claim, most carriers have a claims supplement they'd like completed. This is to provide some detail about what happened, which is usually missing from the loss runs and/or claim question contained on the app itself. It doesn't have to be on a formal supplement, if your client will provide a narrative that's fine also. What's also really helpful is if you can include any steps the insured has taken to eliminate or minimize the likelihood of future, similar claims.

4. Business description: This seems contrary to most people's thought process, but the more info you can provide the better chances of attracting more carriers and better rates. This is especially true with professional liability exposures. A simple example is a risk labeled "business consultant". The pricing and terms will depend on the details. If your client's operations include business "takeovers" and/or turn-around management, rates and marekes would be different than for a business consultant that's training office staff on matters involving customer service. Make sure we have the details.

Contact us today - we're happy to help with whatever issues, questions or accounts you may have.

Winning - Adding and Amending Coverage

The anniversary of the 1980 USA v Russia Olympic Hockey win is February 25th. This photo is from the post game celebration when the USA defeated Russia to advance to the gold medal game. Russia's team was expected to win, and the USA victory was punctuated by Al Michael's television call "Do You Believe In Miracles?!"

There's no doubt that it's a still a tough market, and "winning" is not easy, but it's still a great time to write E&O and Professional liability insurance.

Rates are still very competitive, and while it's possible that rates will increase at some point, right now there are numerous markets that are still aggressively seeking business.

Keep in mind it's not just rates that will help you write new business and retain renewals. Carriers are still revising their policy forms, usually to broaden coverage. If a carrier has not recently revised their wording, there's a good chance that they have one or more endorsements that will amend/improve coverage in certain key areas.

The most recent example I can offer is a submission for an engineering firm. This particular client was aware of a situation one of his competitor's experienced, where there was a need for defense for an issue that was brought by a regulatory authority. That engineer had to hire an attorney and the process cost the engineering firm nearly six figures.

Several of our carriers offered this coverage at varying sub-limits, but our best pricing originally didn't include the coverage. We were able to negotiate that coverage into the policy at a sub-limit of $25,000 per incident, $50,000 per policy period, and the deductible does not apply. The policy and the negotiated coverage helped our client win the account.

I'll give some other examples of coverage options in future posts, but if you have questions about what might be available for your client please call or email. We'll do all we can to help you win on your next opportunity.