the safety act and the mgm lawsuit: an overview › mys_shared › gsx19... · •tort damages are...

The SAFETY Act and the MGM Lawsuit: An Overview

Brian E. Finch, Partner

The SAFETY Act …

CAPS LIABILITY

1 | The SAFETY Act: An Overview

The SAFETY Act Is Not …

• An Insurance Policy • Indemnification


SAFETY Act Benefits

Direct Benefits

• Elimination (Certification) or minimization (Designation) of lawsuits stemming from an “Act of Terrorism.”

• Removal of suit to Federal Court; cap on damages; bar on punitive damages and prejudgment interest;

• Immediate dismissal of suits against customers.

Ancillary Benefits

• Strong evidence of the use of “reasonable” security measures.

• DHS “seal of approval” is a powerful talking point in public relations discussions following an incident.

• Applicants regularly say that the process strengthens their security program AND justifies security budget increases.


What Can Earn SAFETY Act Protections?

SO LONG AS THE ITEMS ARE …

✓Appropriately designed

✓Effective

✓Quality controlled


What Types Of Liability Claims Is The SAFETY Act Intended To Limit?

• Negligent failure to take “reasonable” security measures for threats the company knew or “should have known” about.

• Negligent selection or contracting of security vendors, whether for security products or services.

• Negligent design or implementation of security programs.

• Negligent or insufficient training of security personnel or maintenance of technologies.

• Negligent implementation of security plans or programs.


Levels of Protection: Designation vs. Certification

Designation

• Tort damages are “capped” at a level set by DHS.

• The cap is equal to a negotiated level of insurance the applicant will maintain as part of the award.

Certification

• “Sellers” of Qualified Anti-Terrorism Technologies receive a presumption of immediate dismissal for claims alleging their product/service didn’t work as intended.

All Awards

• Claims may only be filed in Federal Court.

• Punitive damages and prejudgment interest are barred.

• Claims against customers are to be immediately dismissed.


Do Your Customers Benefit From The SAFETY Act?

• SAFETY Act protections “flow down” to customers of SAFETY Act awardees.o Eliminates questions regarding whether the “right” product was purchased or the “right”

vendor was engaged.

• Consider incorporating the SAFETY Act into contracting and procurement for security-related equipment and services, including:

o Metal Detectorso CCTV and surveillance systemso Package and bag scanners o Armed and unarmed security personnelo Emergency operations center support serviceso Cyber products

• Only claims related to the “performance or non-performance” of the approved technology may be litigated once the SAFETY Act is triggered.


How Are SAFETY Act Protections Triggered?

Under the SAFETY Act:

• An “act of terrorism” is an incident that:i. is unlawful; ii. causes harm, including financial harm, to a person, property, or entity,

in the United States; and iii. uses or attempts to use instrumentalities, weapons or other methods designed or intended to

cause mass destruction, injury or other loss to citizens or institutions of the United States.

• “Terrorist” acts that occur overseas but impact Americans or American financial interests are eligible for SAFETY Act protections.

• Cyber-attacks are considered “terrorist” attacks.

• Remember – the DHS Secretary has to declare an event to be an “act of terrorism” before the SAFETY Act can be used in court.

• Query – can anyone else declare than an “act of terrorism” has occurred?


Where Do Companies Trip Up In The SAFETY Act Application Process?

9 | The SAFETY Act

Not Asking The Right Questions Before Starting An Application

• Do you know what you are seeking coverage for?

• Proof of effectiveness is slim.

• Minimal data showing effective quality control.

• Can you show your product/service are repeatable (e.g. documented policies and procedures)?

• Written policies and procedures, including quality control, quality assurance, are insufficiently detailed.


The Actual Application Review Period

• Remember: SAFETY Act protections only obtained either by: o Filing an application DHSo Being the customer of a SAFETY Act technology/service provider.

• DHS only requires an onsite walkthrough prior to submission of certain applications, for instance stadiums/commercial real estate applications, BUT:

o When visiting commercial facilities, we have seen DHS interacting with and taking notes about the performance of contract security guards.

• Typical DHS review time:o 30 days for “completeness” checko 90 days reviewo 120 day typical review timeo Science & Technology Under Secretary may issue a 45 day review extension,

and they can occur


The DHS Decision

• If DHS provides SAFETY Act coverage to an Applicant, the written decision will address:

o the definition of the covered technology

o the duration of the coverage

o whether prior deployments are covered

o whether additional insurance must be obtained and if so, how much

• Remember: SAFETY Act protections are effectively offered in perpetuity for technologies, but services likely require the constant holding of a SAFETY Act award.


SAFETY Act: Key Questions and How To Use

Any costs for filing a SAFETY Act application?

• No.

What kind of security products are eligible for SAFETY Act protections?

• All products, services, and/or policies, including internal policies, whether physical or cyber.

What is the practical effect of obtaining SAFETY Act protections?

• A cap on damages or immunity from damages arising out of or related to cyber attacks or “acts of terrorism.”

Can I realize SAFETY Act benefits just by purchasing and using SAFETY Act approved cyber security solutions?

• Yes.

Does a technology have to completely eliminate/defeat a threat to merit SAFETY Act protections?

• No! If it did, there would be no need for the SAFETY Act.

How do I justify the time and effort spent on preparing an application?

• Going through the SAFETY Act is like any other audit, except you get liability protections AND can reduce your insurance costs.


The SAFETY Act In Practice: Las Vegas

14 | The SAFETY Act

What Types of Claims Are Involved In the Vegas Suits?

• Allegations that the property owner breached its duty of care by:o Failing to surveil people coming and going, including through CCTV system

o Failing to note dangerous/suspicious deliveries

o Failing to notice aberrant behavior

o Failing to respond quickly to shooting notice

o Failing to adequately train security personnel

• Allegations that the security services provider breached its duty of care by:o Failing to design and mark adequate emergency exits

o Failing to properly train and supervise employees with emergency plan of action


MGM’s Assertion Of The SAFETY Act

• MGM has asked federal courts to find that:

1. The shooters actions constituted an “act of terrorism”, thus triggering the protections of the SAFETY Act, and

2. Because there are allegations that a SAFETY Act Certified security guard company failed to perform adequately – thus triggering its SAFETY Act protections – the language of the SAFETY Act statute bars claims against MGM.

• MGM’s challenges:1. SAFETY Act statute commonly read to only give the Homeland Security Secretary

the power to determine that an “act of terrorism” has happened, and

2. MGM’s argument about the types of claims the security guard company’s allows to be dismissed seems overly broad.


The “Typical” Assertion Of The SAFETY Act

1. A physical or cyber attack occurs that causes harm to American persons, property, or economic interests.

2. The Homeland Security Secretary declares that incident an “act of terrorism”.

3. All claims arising out of the declared “act” are moved to federal court.

4. Claims relating to the “performance or non-performance” of SAFETY Act approved items are dismissed or limited.

Note what is happening : plaintiffs are zeroing in the entities that

do NOT have SAFETY Act protections


The Practical Effect Of The SAFETY Act

• “MGM Resorts said on Thursday it may pay as much as $800 million in liabilities tied to the 2017 mass shooting in Las Vegas … and that it had $751 million in insurance to assist in paying settlements.”

o Claims against security guard vendor and operator of concert site had claims against them dismissed.

o Settlement talks still ongoing.

18 | MGM, ASIS, and the SAFETY Act: An Overview

How Do I Avoid MGM’s Situation?

• APPLY FOR YOUR OWN SAFETY ACT AWARD!o Trying to take advantage of an unrelated party’s SAFETY Act award will be

difficult at best.

• Seek out vendors that are SAFETY Act approved (including subcontractors).

o Having contracts with SAFETY Act approved vendors makes it much easier to claim liability protections via their awards.

• Carefully prepare your SAFETY Act applicationo Remember it’s a legal document, not just another government submission. It

needs to be written in a way that covers as many of your services as possible.


New SAFETY Act Application Areas

• Automated security systems

• Very heavy focus on active shooter policieso Make sure to review and consider DHS “BPATS” documents

• Continued hesitation to approve awards at venues/buildings with limited or no access control

• Cybersecurity in all forms (including for communication software hardware and software)

• Occasional disconnect between SAFETY Act program office and leadership


How Does ASIS Fit In With The SAFETY Act?

21 | The SAFETY Act

ASIS Has Received Two SAFETY Act Awards

• Professional Certification Program: Applies to three types of ASIS certifications:

o Certified Protection Professional (CPP);

o Professional Certified Investigator (PCI); and,

o Physical Security Professional (PSP).

• Standards and Guidelines. Applies to voluntary standards and guidelines that are developed using American National Standards Institute (“ANSI”)-accredited processes.


How Do ASIS SAFETY Act Awards Apply To Its Members?

• ASIS Certified professionals receive flow down benefits from the award:

o Limits or eliminates claims related to the professional credentials of Certified professionals.

o Does NOT provide blanket protections for their actions

• Use of ASIS Guidelines and Stanards:o Limits or eliminates claims related to the quality or effectiveness of ASIS

Standards or Guidelineso Open question as to how it would apply to how those Standards or

Guidelines were actually used.


Questions/Comments/Thoughts?

Brian E. [email protected]

the safety act and the mgm lawsuit: an overview › mys_shared › gsx19... · •tort damages are...

Documents